1 /*
2  * Marvell Wireless LAN device driver: AP TX and RX data handling
3  *
4  * Copyright (C) 2012-2014, Marvell International Ltd.
5  *
6  * This software file (the "File") is distributed by Marvell International
7  * Ltd. under the terms of the GNU General Public License Version 2, June 1991
8  * (the "License").  You may use, redistribute and/or modify this File in
9  * accordance with the terms and conditions of the License, a copy of which
10  * is available by writing to the Free Software Foundation, Inc.,
11  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
12  * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
13  *
14  * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
16  * ARE EXPRESSLY DISCLAIMED.  The License provides additional details about
17  * this warranty disclaimer.
18  */
19 
20 #include "decl.h"
21 #include "ioctl.h"
22 #include "main.h"
23 #include "wmm.h"
24 #include "11n_aggr.h"
25 #include "11n_rxreorder.h"
26 
27 /* This function checks if particular RA list has packets more than low bridge
28  * packet threshold and then deletes packet from this RA list.
29  * Function deletes packets from such RA list and returns true. If no such list
30  * is found, false is returned.
31  */
32 static bool
33 mwifiex_uap_del_tx_pkts_in_ralist(struct mwifiex_private *priv,
34 				  struct list_head *ra_list_head,
35 				  int tid)
36 {
37 	struct mwifiex_ra_list_tbl *ra_list;
38 	struct sk_buff *skb, *tmp;
39 	bool pkt_deleted = false;
40 	struct mwifiex_txinfo *tx_info;
41 	struct mwifiex_adapter *adapter = priv->adapter;
42 
43 	list_for_each_entry(ra_list, ra_list_head, list) {
44 		if (skb_queue_empty(&ra_list->skb_head))
45 			continue;
46 
47 		skb_queue_walk_safe(&ra_list->skb_head, skb, tmp) {
48 			tx_info = MWIFIEX_SKB_TXCB(skb);
49 			if (tx_info->flags & MWIFIEX_BUF_FLAG_BRIDGED_PKT) {
50 				__skb_unlink(skb, &ra_list->skb_head);
51 				mwifiex_write_data_complete(adapter, skb, 0,
52 							    -1);
53 				if (ra_list->tx_paused)
54 					priv->wmm.pkts_paused[tid]--;
55 				else
56 					atomic_dec(&priv->wmm.tx_pkts_queued);
57 				pkt_deleted = true;
58 			}
59 			if ((atomic_read(&adapter->pending_bridged_pkts) <=
60 					     MWIFIEX_BRIDGED_PKTS_THR_LOW))
61 				break;
62 		}
63 	}
64 
65 	return pkt_deleted;
66 }
67 
68 /* This function deletes packets from particular RA List. RA list index
69  * from which packets are deleted is preserved so that packets from next RA
70  * list are deleted upon subsequent call thus maintaining fairness.
71  */
72 static void mwifiex_uap_cleanup_tx_queues(struct mwifiex_private *priv)
73 {
74 	unsigned long flags;
75 	struct list_head *ra_list;
76 	int i;
77 
78 	spin_lock_irqsave(&priv->wmm.ra_list_spinlock, flags);
79 
80 	for (i = 0; i < MAX_NUM_TID; i++, priv->del_list_idx++) {
81 		if (priv->del_list_idx == MAX_NUM_TID)
82 			priv->del_list_idx = 0;
83 		ra_list = &priv->wmm.tid_tbl_ptr[priv->del_list_idx].ra_list;
84 		if (mwifiex_uap_del_tx_pkts_in_ralist(priv, ra_list, i)) {
85 			priv->del_list_idx++;
86 			break;
87 		}
88 	}
89 
90 	spin_unlock_irqrestore(&priv->wmm.ra_list_spinlock, flags);
91 }
92 
93 
94 static void mwifiex_uap_queue_bridged_pkt(struct mwifiex_private *priv,
95 					 struct sk_buff *skb)
96 {
97 	struct mwifiex_adapter *adapter = priv->adapter;
98 	struct uap_rxpd *uap_rx_pd;
99 	struct rx_packet_hdr *rx_pkt_hdr;
100 	struct sk_buff *new_skb;
101 	struct mwifiex_txinfo *tx_info;
102 	int hdr_chop;
103 	struct ethhdr *p_ethhdr;
104 	struct mwifiex_sta_node *src_node;
105 	int index;
106 
107 	uap_rx_pd = (struct uap_rxpd *)(skb->data);
108 	rx_pkt_hdr = (void *)uap_rx_pd + le16_to_cpu(uap_rx_pd->rx_pkt_offset);
109 
110 	if ((atomic_read(&adapter->pending_bridged_pkts) >=
111 					     MWIFIEX_BRIDGED_PKTS_THR_HIGH)) {
112 		mwifiex_dbg(priv->adapter, ERROR,
113 			    "Tx: Bridge packet limit reached. Drop packet!\n");
114 		kfree_skb(skb);
115 		mwifiex_uap_cleanup_tx_queues(priv);
116 		return;
117 	}
118 
119 	if ((!memcmp(&rx_pkt_hdr->rfc1042_hdr, bridge_tunnel_header,
120 		     sizeof(bridge_tunnel_header))) ||
121 	    (!memcmp(&rx_pkt_hdr->rfc1042_hdr, rfc1042_header,
122 		     sizeof(rfc1042_header)) &&
123 	     ntohs(rx_pkt_hdr->rfc1042_hdr.snap_type) != ETH_P_AARP &&
124 	     ntohs(rx_pkt_hdr->rfc1042_hdr.snap_type) != ETH_P_IPX)) {
125 		/* Replace the 803 header and rfc1042 header (llc/snap) with
126 		 * an Ethernet II header, keep the src/dst and snap_type
127 		 * (ethertype).
128 		 *
129 		 * The firmware only passes up SNAP frames converting all RX
130 		 * data from 802.11 to 802.2/LLC/SNAP frames.
131 		 *
132 		 * To create the Ethernet II, just move the src, dst address
133 		 * right before the snap_type.
134 		 */
135 		p_ethhdr = (struct ethhdr *)
136 			((u8 *)(&rx_pkt_hdr->eth803_hdr)
137 			 + sizeof(rx_pkt_hdr->eth803_hdr)
138 			 + sizeof(rx_pkt_hdr->rfc1042_hdr)
139 			 - sizeof(rx_pkt_hdr->eth803_hdr.h_dest)
140 			 - sizeof(rx_pkt_hdr->eth803_hdr.h_source)
141 			 - sizeof(rx_pkt_hdr->rfc1042_hdr.snap_type));
142 		memcpy(p_ethhdr->h_source, rx_pkt_hdr->eth803_hdr.h_source,
143 		       sizeof(p_ethhdr->h_source));
144 		memcpy(p_ethhdr->h_dest, rx_pkt_hdr->eth803_hdr.h_dest,
145 		       sizeof(p_ethhdr->h_dest));
146 		/* Chop off the rxpd + the excess memory from
147 		 * 802.2/llc/snap header that was removed.
148 		 */
149 		hdr_chop = (u8 *)p_ethhdr - (u8 *)uap_rx_pd;
150 	} else {
151 		/* Chop off the rxpd */
152 		hdr_chop = (u8 *)&rx_pkt_hdr->eth803_hdr - (u8 *)uap_rx_pd;
153 	}
154 
155 	/* Chop off the leading header bytes so that it points
156 	 * to the start of either the reconstructed EthII frame
157 	 * or the 802.2/llc/snap frame.
158 	 */
159 	skb_pull(skb, hdr_chop);
160 
161 	if (skb_headroom(skb) < MWIFIEX_MIN_DATA_HEADER_LEN) {
162 		mwifiex_dbg(priv->adapter, ERROR,
163 			    "data: Tx: insufficient skb headroom %d\n",
164 			    skb_headroom(skb));
165 		/* Insufficient skb headroom - allocate a new skb */
166 		new_skb =
167 			skb_realloc_headroom(skb, MWIFIEX_MIN_DATA_HEADER_LEN);
168 		if (unlikely(!new_skb)) {
169 			mwifiex_dbg(priv->adapter, ERROR,
170 				    "Tx: cannot allocate new_skb\n");
171 			kfree_skb(skb);
172 			priv->stats.tx_dropped++;
173 			return;
174 		}
175 
176 		kfree_skb(skb);
177 		skb = new_skb;
178 		mwifiex_dbg(priv->adapter, INFO,
179 			    "info: new skb headroom %d\n",
180 			    skb_headroom(skb));
181 	}
182 
183 	tx_info = MWIFIEX_SKB_TXCB(skb);
184 	memset(tx_info, 0, sizeof(*tx_info));
185 	tx_info->bss_num = priv->bss_num;
186 	tx_info->bss_type = priv->bss_type;
187 	tx_info->flags |= MWIFIEX_BUF_FLAG_BRIDGED_PKT;
188 
189 	src_node = mwifiex_get_sta_entry(priv, rx_pkt_hdr->eth803_hdr.h_source);
190 	if (src_node) {
191 		src_node->stats.last_rx = jiffies;
192 		src_node->stats.rx_bytes += skb->len;
193 		src_node->stats.rx_packets++;
194 		src_node->stats.last_tx_rate = uap_rx_pd->rx_rate;
195 		src_node->stats.last_tx_htinfo = uap_rx_pd->ht_info;
196 	}
197 
198 	if (is_unicast_ether_addr(rx_pkt_hdr->eth803_hdr.h_dest)) {
199 		/* Update bridge packet statistics as the
200 		 * packet is not going to kernel/upper layer.
201 		 */
202 		priv->stats.rx_bytes += skb->len;
203 		priv->stats.rx_packets++;
204 
205 		/* Sending bridge packet to TX queue, so save the packet
206 		 * length in TXCB to update statistics in TX complete.
207 		 */
208 		tx_info->pkt_len = skb->len;
209 	}
210 
211 	__net_timestamp(skb);
212 
213 	index = mwifiex_1d_to_wmm_queue[skb->priority];
214 	atomic_inc(&priv->wmm_tx_pending[index]);
215 	mwifiex_wmm_add_buf_txqueue(priv, skb);
216 	atomic_inc(&adapter->tx_pending);
217 	atomic_inc(&adapter->pending_bridged_pkts);
218 
219 	mwifiex_queue_main_work(priv->adapter);
220 
221 	return;
222 }
223 
224 /*
225  * This function contains logic for AP packet forwarding.
226  *
227  * If a packet is multicast/broadcast, it is sent to kernel/upper layer
228  * as well as queued back to AP TX queue so that it can be sent to other
229  * associated stations.
230  * If a packet is unicast and RA is present in associated station list,
231  * it is again requeued into AP TX queue.
232  * If a packet is unicast and RA is not in associated station list,
233  * packet is forwarded to kernel to handle routing logic.
234  */
235 int mwifiex_handle_uap_rx_forward(struct mwifiex_private *priv,
236 				  struct sk_buff *skb)
237 {
238 	struct mwifiex_adapter *adapter = priv->adapter;
239 	struct uap_rxpd *uap_rx_pd;
240 	struct rx_packet_hdr *rx_pkt_hdr;
241 	u8 ra[ETH_ALEN];
242 	struct sk_buff *skb_uap;
243 
244 	uap_rx_pd = (struct uap_rxpd *)(skb->data);
245 	rx_pkt_hdr = (void *)uap_rx_pd + le16_to_cpu(uap_rx_pd->rx_pkt_offset);
246 
247 	/* don't do packet forwarding in disconnected state */
248 	if (!priv->media_connected) {
249 		mwifiex_dbg(adapter, ERROR,
250 			    "drop packet in disconnected state.\n");
251 		dev_kfree_skb_any(skb);
252 		return 0;
253 	}
254 
255 	memcpy(ra, rx_pkt_hdr->eth803_hdr.h_dest, ETH_ALEN);
256 
257 	if (is_multicast_ether_addr(ra)) {
258 		skb_uap = skb_copy(skb, GFP_ATOMIC);
259 		mwifiex_uap_queue_bridged_pkt(priv, skb_uap);
260 	} else {
261 		if (mwifiex_get_sta_entry(priv, ra)) {
262 			/* Requeue Intra-BSS packet */
263 			mwifiex_uap_queue_bridged_pkt(priv, skb);
264 			return 0;
265 		}
266 	}
267 
268 	/* Forward unicat/Inter-BSS packets to kernel. */
269 	return mwifiex_process_rx_packet(priv, skb);
270 }
271 
272 int mwifiex_uap_recv_packet(struct mwifiex_private *priv,
273 			    struct sk_buff *skb)
274 {
275 	struct mwifiex_adapter *adapter = priv->adapter;
276 	struct mwifiex_sta_node *src_node;
277 	struct ethhdr *p_ethhdr;
278 	struct sk_buff *skb_uap;
279 	struct mwifiex_txinfo *tx_info;
280 
281 	if (!skb)
282 		return -1;
283 
284 	p_ethhdr = (void *)skb->data;
285 	src_node = mwifiex_get_sta_entry(priv, p_ethhdr->h_source);
286 	if (src_node) {
287 		src_node->stats.last_rx = jiffies;
288 		src_node->stats.rx_bytes += skb->len;
289 		src_node->stats.rx_packets++;
290 	}
291 
292 	if (is_multicast_ether_addr(p_ethhdr->h_dest) ||
293 	    mwifiex_get_sta_entry(priv, p_ethhdr->h_dest)) {
294 		if (skb_headroom(skb) < MWIFIEX_MIN_DATA_HEADER_LEN)
295 			skb_uap =
296 			skb_realloc_headroom(skb, MWIFIEX_MIN_DATA_HEADER_LEN);
297 		else
298 			skb_uap = skb_copy(skb, GFP_ATOMIC);
299 
300 		if (likely(skb_uap)) {
301 			tx_info = MWIFIEX_SKB_TXCB(skb_uap);
302 			memset(tx_info, 0, sizeof(*tx_info));
303 			tx_info->bss_num = priv->bss_num;
304 			tx_info->bss_type = priv->bss_type;
305 			tx_info->flags |= MWIFIEX_BUF_FLAG_BRIDGED_PKT;
306 			__net_timestamp(skb_uap);
307 			mwifiex_wmm_add_buf_txqueue(priv, skb_uap);
308 			atomic_inc(&adapter->tx_pending);
309 			atomic_inc(&adapter->pending_bridged_pkts);
310 			if ((atomic_read(&adapter->pending_bridged_pkts) >=
311 					MWIFIEX_BRIDGED_PKTS_THR_HIGH)) {
312 				mwifiex_dbg(adapter, ERROR,
313 					    "Tx: Bridge packet limit reached. Drop packet!\n");
314 				mwifiex_uap_cleanup_tx_queues(priv);
315 			}
316 
317 		} else {
318 			mwifiex_dbg(adapter, ERROR, "failed to allocate skb_uap");
319 		}
320 
321 		mwifiex_queue_main_work(adapter);
322 		/* Don't forward Intra-BSS unicast packet to upper layer*/
323 		if (mwifiex_get_sta_entry(priv, p_ethhdr->h_dest))
324 			return 0;
325 	}
326 
327 	skb->dev = priv->netdev;
328 	skb->protocol = eth_type_trans(skb, priv->netdev);
329 	skb->ip_summed = CHECKSUM_NONE;
330 
331 	/* This is required only in case of 11n and USB/PCIE as we alloc
332 	 * a buffer of 4K only if its 11N (to be able to receive 4K
333 	 * AMSDU packets). In case of SD we allocate buffers based
334 	 * on the size of packet and hence this is not needed.
335 	 *
336 	 * Modifying the truesize here as our allocation for each
337 	 * skb is 4K but we only receive 2K packets and this cause
338 	 * the kernel to start dropping packets in case where
339 	 * application has allocated buffer based on 2K size i.e.
340 	 * if there a 64K packet received (in IP fragments and
341 	 * application allocates 64K to receive this packet but
342 	 * this packet would almost double up because we allocate
343 	 * each 1.5K fragment in 4K and pass it up. As soon as the
344 	 * 64K limit hits kernel will start to drop rest of the
345 	 * fragments. Currently we fail the Filesndl-ht.scr script
346 	 * for UDP, hence this fix
347 	 */
348 	if ((adapter->iface_type == MWIFIEX_USB ||
349 	     adapter->iface_type == MWIFIEX_PCIE) &&
350 	    skb->truesize > MWIFIEX_RX_DATA_BUF_SIZE)
351 		skb->truesize += (skb->len - MWIFIEX_RX_DATA_BUF_SIZE);
352 
353 	/* Forward multicast/broadcast packet to upper layer*/
354 	if (in_interrupt())
355 		netif_rx(skb);
356 	else
357 		netif_rx_ni(skb);
358 
359 	return 0;
360 }
361 
362 /*
363  * This function processes the packet received on AP interface.
364  *
365  * The function looks into the RxPD and performs sanity tests on the
366  * received buffer to ensure its a valid packet before processing it
367  * further. If the packet is determined to be aggregated, it is
368  * de-aggregated accordingly. Then skb is passed to AP packet forwarding logic.
369  *
370  * The completion callback is called after processing is complete.
371  */
372 int mwifiex_process_uap_rx_packet(struct mwifiex_private *priv,
373 				  struct sk_buff *skb)
374 {
375 	struct mwifiex_adapter *adapter = priv->adapter;
376 	int ret;
377 	struct uap_rxpd *uap_rx_pd;
378 	struct rx_packet_hdr *rx_pkt_hdr;
379 	u16 rx_pkt_type;
380 	u8 ta[ETH_ALEN], pkt_type;
381 	unsigned long flags;
382 	struct mwifiex_sta_node *node;
383 
384 	uap_rx_pd = (struct uap_rxpd *)(skb->data);
385 	rx_pkt_type = le16_to_cpu(uap_rx_pd->rx_pkt_type);
386 	rx_pkt_hdr = (void *)uap_rx_pd + le16_to_cpu(uap_rx_pd->rx_pkt_offset);
387 
388 	ether_addr_copy(ta, rx_pkt_hdr->eth803_hdr.h_source);
389 
390 	if ((le16_to_cpu(uap_rx_pd->rx_pkt_offset) +
391 	     le16_to_cpu(uap_rx_pd->rx_pkt_length)) > (u16) skb->len) {
392 		mwifiex_dbg(adapter, ERROR,
393 			    "wrong rx packet: len=%d, offset=%d, length=%d\n",
394 			    skb->len, le16_to_cpu(uap_rx_pd->rx_pkt_offset),
395 			    le16_to_cpu(uap_rx_pd->rx_pkt_length));
396 		priv->stats.rx_dropped++;
397 
398 		node = mwifiex_get_sta_entry(priv, ta);
399 		if (node)
400 			node->stats.tx_failed++;
401 
402 		dev_kfree_skb_any(skb);
403 		return 0;
404 	}
405 
406 	if (rx_pkt_type == PKT_TYPE_MGMT) {
407 		ret = mwifiex_process_mgmt_packet(priv, skb);
408 		if (ret)
409 			mwifiex_dbg(adapter, DATA, "Rx of mgmt packet failed");
410 		dev_kfree_skb_any(skb);
411 		return ret;
412 	}
413 
414 
415 	if (rx_pkt_type != PKT_TYPE_BAR && uap_rx_pd->priority < MAX_NUM_TID) {
416 		spin_lock_irqsave(&priv->sta_list_spinlock, flags);
417 		node = mwifiex_get_sta_entry(priv, ta);
418 		if (node)
419 			node->rx_seq[uap_rx_pd->priority] =
420 						le16_to_cpu(uap_rx_pd->seq_num);
421 		spin_unlock_irqrestore(&priv->sta_list_spinlock, flags);
422 	}
423 
424 	if (!priv->ap_11n_enabled ||
425 	    (!mwifiex_11n_get_rx_reorder_tbl(priv, uap_rx_pd->priority, ta) &&
426 	    (le16_to_cpu(uap_rx_pd->rx_pkt_type) != PKT_TYPE_AMSDU))) {
427 		ret = mwifiex_handle_uap_rx_forward(priv, skb);
428 		return ret;
429 	}
430 
431 	/* Reorder and send to kernel */
432 	pkt_type = (u8)le16_to_cpu(uap_rx_pd->rx_pkt_type);
433 	ret = mwifiex_11n_rx_reorder_pkt(priv, le16_to_cpu(uap_rx_pd->seq_num),
434 					 uap_rx_pd->priority, ta, pkt_type,
435 					 skb);
436 
437 	if (ret || (rx_pkt_type == PKT_TYPE_BAR))
438 		dev_kfree_skb_any(skb);
439 
440 	if (ret)
441 		priv->stats.rx_dropped++;
442 
443 	return ret;
444 }
445 
446 /*
447  * This function fills the TxPD for AP tx packets.
448  *
449  * The Tx buffer received by this function should already have the
450  * header space allocated for TxPD.
451  *
452  * This function inserts the TxPD in between interface header and actual
453  * data and adjusts the buffer pointers accordingly.
454  *
455  * The following TxPD fields are set by this function, as required -
456  *      - BSS number
457  *      - Tx packet length and offset
458  *      - Priority
459  *      - Packet delay
460  *      - Priority specific Tx control
461  *      - Flags
462  */
463 void *mwifiex_process_uap_txpd(struct mwifiex_private *priv,
464 			       struct sk_buff *skb)
465 {
466 	struct mwifiex_adapter *adapter = priv->adapter;
467 	struct uap_txpd *txpd;
468 	struct mwifiex_txinfo *tx_info = MWIFIEX_SKB_TXCB(skb);
469 	int pad;
470 	u16 pkt_type, pkt_offset;
471 	int hroom = adapter->intf_hdr_len;
472 
473 	if (!skb->len) {
474 		mwifiex_dbg(adapter, ERROR,
475 			    "Tx: bad packet length: %d\n", skb->len);
476 		tx_info->status_code = -1;
477 		return skb->data;
478 	}
479 
480 	BUG_ON(skb_headroom(skb) < MWIFIEX_MIN_DATA_HEADER_LEN);
481 
482 	pkt_type = mwifiex_is_skb_mgmt_frame(skb) ? PKT_TYPE_MGMT : 0;
483 
484 	pad = ((void *)skb->data - (sizeof(*txpd) + hroom) - NULL) &
485 			(MWIFIEX_DMA_ALIGN_SZ - 1);
486 
487 	skb_push(skb, sizeof(*txpd) + pad);
488 
489 	txpd = (struct uap_txpd *)skb->data;
490 	memset(txpd, 0, sizeof(*txpd));
491 	txpd->bss_num = priv->bss_num;
492 	txpd->bss_type = priv->bss_type;
493 	txpd->tx_pkt_length = cpu_to_le16((u16)(skb->len - (sizeof(*txpd) +
494 						pad)));
495 	txpd->priority = (u8)skb->priority;
496 
497 	txpd->pkt_delay_2ms = mwifiex_wmm_compute_drv_pkt_delay(priv, skb);
498 
499 	if (tx_info->flags & MWIFIEX_BUF_FLAG_EAPOL_TX_STATUS ||
500 	    tx_info->flags & MWIFIEX_BUF_FLAG_ACTION_TX_STATUS) {
501 		txpd->tx_token_id = tx_info->ack_frame_id;
502 		txpd->flags |= MWIFIEX_TXPD_FLAGS_REQ_TX_STATUS;
503 	}
504 
505 	if (txpd->priority < ARRAY_SIZE(priv->wmm.user_pri_pkt_tx_ctrl))
506 		/*
507 		 * Set the priority specific tx_control field, setting of 0 will
508 		 * cause the default value to be used later in this function.
509 		 */
510 		txpd->tx_control =
511 		    cpu_to_le32(priv->wmm.user_pri_pkt_tx_ctrl[txpd->priority]);
512 
513 	/* Offset of actual data */
514 	pkt_offset = sizeof(*txpd) + pad;
515 	if (pkt_type == PKT_TYPE_MGMT) {
516 		/* Set the packet type and add header for management frame */
517 		txpd->tx_pkt_type = cpu_to_le16(pkt_type);
518 		pkt_offset += MWIFIEX_MGMT_FRAME_HEADER_SIZE;
519 	}
520 
521 	txpd->tx_pkt_offset = cpu_to_le16(pkt_offset);
522 
523 	/* make space for adapter->intf_hdr_len */
524 	skb_push(skb, hroom);
525 
526 	if (!txpd->tx_control)
527 		/* TxCtrl set by user or default */
528 		txpd->tx_control = cpu_to_le32(priv->pkt_tx_ctrl);
529 
530 	return skb->data;
531 }
532