1/* 2 * Intel Wireless WiMAX Connection 2400m 3 * Handle incoming traffic and deliver it to the control or data planes 4 * 5 * 6 * Copyright (C) 2007-2008 Intel Corporation. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * * Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * * Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the 17 * distribution. 18 * * Neither the name of Intel Corporation nor the names of its 19 * contributors may be used to endorse or promote products derived 20 * from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 26 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 27 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 28 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 32 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 * 34 * 35 * Intel Corporation <linux-wimax@intel.com> 36 * Yanir Lubetkin <yanirx.lubetkin@intel.com> 37 * - Initial implementation 38 * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com> 39 * - Use skb_clone(), break up processing in chunks 40 * - Split transport/device specific 41 * - Make buffer size dynamic to exert less memory pressure 42 * - RX reorder support 43 * 44 * This handles the RX path. 45 * 46 * We receive an RX message from the bus-specific driver, which 47 * contains one or more payloads that have potentially different 48 * destinataries (data or control paths). 49 * 50 * So we just take that payload from the transport specific code in 51 * the form of an skb, break it up in chunks (a cloned skb each in the 52 * case of network packets) and pass it to netdev or to the 53 * command/ack handler (and from there to the WiMAX stack). 54 * 55 * PROTOCOL FORMAT 56 * 57 * The format of the buffer is: 58 * 59 * HEADER (struct i2400m_msg_hdr) 60 * PAYLOAD DESCRIPTOR 0 (struct i2400m_pld) 61 * PAYLOAD DESCRIPTOR 1 62 * ... 63 * PAYLOAD DESCRIPTOR N 64 * PAYLOAD 0 (raw bytes) 65 * PAYLOAD 1 66 * ... 67 * PAYLOAD N 68 * 69 * See tx.c for a deeper description on alignment requirements and 70 * other fun facts of it. 71 * 72 * DATA PACKETS 73 * 74 * In firmwares <= v1.3, data packets have no header for RX, but they 75 * do for TX (currently unused). 76 * 77 * In firmware >= 1.4, RX packets have an extended header (16 78 * bytes). This header conveys information for management of host 79 * reordering of packets (the device offloads storage of the packets 80 * for reordering to the host). Read below for more information. 81 * 82 * The header is used as dummy space to emulate an ethernet header and 83 * thus be able to act as an ethernet device without having to reallocate. 84 * 85 * DATA RX REORDERING 86 * 87 * Starting in firmware v1.4, the device can deliver packets for 88 * delivery with special reordering information; this allows it to 89 * more effectively do packet management when some frames were lost in 90 * the radio traffic. 91 * 92 * Thus, for RX packets that come out of order, the device gives the 93 * driver enough information to queue them properly and then at some 94 * point, the signal to deliver the whole (or part) of the queued 95 * packets to the networking stack. There are 16 such queues. 96 * 97 * This only happens when a packet comes in with the "need reorder" 98 * flag set in the RX header. When such bit is set, the following 99 * operations might be indicated: 100 * 101 * - reset queue: send all queued packets to the OS 102 * 103 * - queue: queue a packet 104 * 105 * - update ws: update the queue's window start and deliver queued 106 * packets that meet the criteria 107 * 108 * - queue & update ws: queue a packet, update the window start and 109 * deliver queued packets that meet the criteria 110 * 111 * (delivery criteria: the packet's [normalized] sequence number is 112 * lower than the new [normalized] window start). 113 * 114 * See the i2400m_roq_*() functions for details. 115 * 116 * ROADMAP 117 * 118 * i2400m_rx 119 * i2400m_rx_msg_hdr_check 120 * i2400m_rx_pl_descr_check 121 * i2400m_rx_payload 122 * i2400m_net_rx 123 * i2400m_rx_edata 124 * i2400m_net_erx 125 * i2400m_roq_reset 126 * i2400m_net_erx 127 * i2400m_roq_queue 128 * __i2400m_roq_queue 129 * i2400m_roq_update_ws 130 * __i2400m_roq_update_ws 131 * i2400m_net_erx 132 * i2400m_roq_queue_update_ws 133 * __i2400m_roq_queue 134 * __i2400m_roq_update_ws 135 * i2400m_net_erx 136 * i2400m_rx_ctl 137 * i2400m_msg_size_check 138 * i2400m_report_hook_work [in a workqueue] 139 * i2400m_report_hook 140 * wimax_msg_to_user 141 * i2400m_rx_ctl_ack 142 * wimax_msg_to_user_alloc 143 * i2400m_rx_trace 144 * i2400m_msg_size_check 145 * wimax_msg 146 */ 147#include <linux/slab.h> 148#include <linux/kernel.h> 149#include <linux/if_arp.h> 150#include <linux/netdevice.h> 151#include <linux/workqueue.h> 152#include <linux/export.h> 153#include <linux/moduleparam.h> 154#include "i2400m.h" 155 156 157#define D_SUBMODULE rx 158#include "debug-levels.h" 159 160static int i2400m_rx_reorder_disabled; /* 0 (rx reorder enabled) by default */ 161module_param_named(rx_reorder_disabled, i2400m_rx_reorder_disabled, int, 0644); 162MODULE_PARM_DESC(rx_reorder_disabled, 163 "If true, RX reordering will be disabled."); 164 165struct i2400m_report_hook_args { 166 struct sk_buff *skb_rx; 167 const struct i2400m_l3l4_hdr *l3l4_hdr; 168 size_t size; 169 struct list_head list_node; 170}; 171 172 173/* 174 * Execute i2400m_report_hook in a workqueue 175 * 176 * Goes over the list of queued reports in i2400m->rx_reports and 177 * processes them. 178 * 179 * NOTE: refcounts on i2400m are not needed because we flush the 180 * workqueue this runs on (i2400m->work_queue) before destroying 181 * i2400m. 182 */ 183void i2400m_report_hook_work(struct work_struct *ws) 184{ 185 struct i2400m *i2400m = container_of(ws, struct i2400m, rx_report_ws); 186 struct device *dev = i2400m_dev(i2400m); 187 struct i2400m_report_hook_args *args, *args_next; 188 LIST_HEAD(list); 189 unsigned long flags; 190 191 while (1) { 192 spin_lock_irqsave(&i2400m->rx_lock, flags); 193 list_splice_init(&i2400m->rx_reports, &list); 194 spin_unlock_irqrestore(&i2400m->rx_lock, flags); 195 if (list_empty(&list)) 196 break; 197 else 198 d_printf(1, dev, "processing queued reports\n"); 199 list_for_each_entry_safe(args, args_next, &list, list_node) { 200 d_printf(2, dev, "processing queued report %p\n", args); 201 i2400m_report_hook(i2400m, args->l3l4_hdr, args->size); 202 kfree_skb(args->skb_rx); 203 list_del(&args->list_node); 204 kfree(args); 205 } 206 } 207} 208 209 210/* 211 * Flush the list of queued reports 212 */ 213static 214void i2400m_report_hook_flush(struct i2400m *i2400m) 215{ 216 struct device *dev = i2400m_dev(i2400m); 217 struct i2400m_report_hook_args *args, *args_next; 218 LIST_HEAD(list); 219 unsigned long flags; 220 221 d_printf(1, dev, "flushing queued reports\n"); 222 spin_lock_irqsave(&i2400m->rx_lock, flags); 223 list_splice_init(&i2400m->rx_reports, &list); 224 spin_unlock_irqrestore(&i2400m->rx_lock, flags); 225 list_for_each_entry_safe(args, args_next, &list, list_node) { 226 d_printf(2, dev, "flushing queued report %p\n", args); 227 kfree_skb(args->skb_rx); 228 list_del(&args->list_node); 229 kfree(args); 230 } 231} 232 233 234/* 235 * Queue a report for later processing 236 * 237 * @i2400m: device descriptor 238 * @skb_rx: skb that contains the payload (for reference counting) 239 * @l3l4_hdr: pointer to the control 240 * @size: size of the message 241 */ 242static 243void i2400m_report_hook_queue(struct i2400m *i2400m, struct sk_buff *skb_rx, 244 const void *l3l4_hdr, size_t size) 245{ 246 struct device *dev = i2400m_dev(i2400m); 247 unsigned long flags; 248 struct i2400m_report_hook_args *args; 249 250 args = kzalloc(sizeof(*args), GFP_NOIO); 251 if (args) { 252 args->skb_rx = skb_get(skb_rx); 253 args->l3l4_hdr = l3l4_hdr; 254 args->size = size; 255 spin_lock_irqsave(&i2400m->rx_lock, flags); 256 list_add_tail(&args->list_node, &i2400m->rx_reports); 257 spin_unlock_irqrestore(&i2400m->rx_lock, flags); 258 d_printf(2, dev, "queued report %p\n", args); 259 rmb(); /* see i2400m->ready's documentation */ 260 if (likely(i2400m->ready)) /* only send if up */ 261 queue_work(i2400m->work_queue, &i2400m->rx_report_ws); 262 } else { 263 if (printk_ratelimit()) 264 dev_err(dev, "%s:%u: Can't allocate %zu B\n", 265 __func__, __LINE__, sizeof(*args)); 266 } 267} 268 269 270/* 271 * Process an ack to a command 272 * 273 * @i2400m: device descriptor 274 * @payload: pointer to message 275 * @size: size of the message 276 * 277 * Pass the acknodledgment (in an skb) to the thread that is waiting 278 * for it in i2400m->msg_completion. 279 * 280 * We need to coordinate properly with the thread waiting for the 281 * ack. Check if it is waiting or if it is gone. We loose the spinlock 282 * to avoid allocating on atomic contexts (yeah, could use GFP_ATOMIC, 283 * but this is not so speed critical). 284 */ 285static 286void i2400m_rx_ctl_ack(struct i2400m *i2400m, 287 const void *payload, size_t size) 288{ 289 struct device *dev = i2400m_dev(i2400m); 290 struct wimax_dev *wimax_dev = &i2400m->wimax_dev; 291 unsigned long flags; 292 struct sk_buff *ack_skb; 293 294 /* Anyone waiting for an answer? */ 295 spin_lock_irqsave(&i2400m->rx_lock, flags); 296 if (i2400m->ack_skb != ERR_PTR(-EINPROGRESS)) { 297 dev_err(dev, "Huh? reply to command with no waiters\n"); 298 goto error_no_waiter; 299 } 300 spin_unlock_irqrestore(&i2400m->rx_lock, flags); 301 302 ack_skb = wimax_msg_alloc(wimax_dev, NULL, payload, size, GFP_KERNEL); 303 304 /* Check waiter didn't time out waiting for the answer... */ 305 spin_lock_irqsave(&i2400m->rx_lock, flags); 306 if (i2400m->ack_skb != ERR_PTR(-EINPROGRESS)) { 307 d_printf(1, dev, "Huh? waiter for command reply cancelled\n"); 308 goto error_waiter_cancelled; 309 } 310 if (IS_ERR(ack_skb)) 311 dev_err(dev, "CMD/GET/SET ack: cannot allocate SKB\n"); 312 i2400m->ack_skb = ack_skb; 313 spin_unlock_irqrestore(&i2400m->rx_lock, flags); 314 complete(&i2400m->msg_completion); 315 return; 316 317error_waiter_cancelled: 318 if (!IS_ERR(ack_skb)) 319 kfree_skb(ack_skb); 320error_no_waiter: 321 spin_unlock_irqrestore(&i2400m->rx_lock, flags); 322} 323 324 325/* 326 * Receive and process a control payload 327 * 328 * @i2400m: device descriptor 329 * @skb_rx: skb that contains the payload (for reference counting) 330 * @payload: pointer to message 331 * @size: size of the message 332 * 333 * There are two types of control RX messages: reports (asynchronous, 334 * like your every day interrupts) and 'acks' (reponses to a command, 335 * get or set request). 336 * 337 * If it is a report, we run hooks on it (to extract information for 338 * things we need to do in the driver) and then pass it over to the 339 * WiMAX stack to send it to user space. 340 * 341 * NOTE: report processing is done in a workqueue specific to the 342 * generic driver, to avoid deadlocks in the system. 343 * 344 * If it is not a report, it is an ack to a previously executed 345 * command, set or get, so wake up whoever is waiting for it from 346 * i2400m_msg_to_dev(). i2400m_rx_ctl_ack() takes care of that. 347 * 348 * Note that the sizes we pass to other functions from here are the 349 * sizes of the _l3l4_hdr + payload, not full buffer sizes, as we have 350 * verified in _msg_size_check() that they are congruent. 351 * 352 * For reports: We can't clone the original skb where the data is 353 * because we need to send this up via netlink; netlink has to add 354 * headers and we can't overwrite what's preceding the payload...as 355 * it is another message. So we just dup them. 356 */ 357static 358void i2400m_rx_ctl(struct i2400m *i2400m, struct sk_buff *skb_rx, 359 const void *payload, size_t size) 360{ 361 int result; 362 struct device *dev = i2400m_dev(i2400m); 363 const struct i2400m_l3l4_hdr *l3l4_hdr = payload; 364 unsigned msg_type; 365 366 result = i2400m_msg_size_check(i2400m, l3l4_hdr, size); 367 if (result < 0) { 368 dev_err(dev, "HW BUG? device sent a bad message: %d\n", 369 result); 370 goto error_check; 371 } 372 msg_type = le16_to_cpu(l3l4_hdr->type); 373 d_printf(1, dev, "%s 0x%04x: %zu bytes\n", 374 msg_type & I2400M_MT_REPORT_MASK ? "REPORT" : "CMD/SET/GET", 375 msg_type, size); 376 d_dump(2, dev, l3l4_hdr, size); 377 if (msg_type & I2400M_MT_REPORT_MASK) { 378 /* 379 * Process each report 380 * 381 * - has to be ran serialized as well 382 * 383 * - the handling might force the execution of 384 * commands. That might cause reentrancy issues with 385 * bus-specific subdrivers and workqueues, so the we 386 * run it in a separate workqueue. 387 * 388 * - when the driver is not yet ready to handle them, 389 * they are queued and at some point the queue is 390 * restarted [NOTE: we can't queue SKBs directly, as 391 * this might be a piece of a SKB, not the whole 392 * thing, and this is cheaper than cloning the 393 * SKB]. 394 * 395 * Note we don't do refcounting for the device 396 * structure; this is because before destroying 397 * 'i2400m', we make sure to flush the 398 * i2400m->work_queue, so there are no issues. 399 */ 400 i2400m_report_hook_queue(i2400m, skb_rx, l3l4_hdr, size); 401 if (unlikely(i2400m->trace_msg_from_user)) 402 wimax_msg(&i2400m->wimax_dev, "echo", 403 l3l4_hdr, size, GFP_KERNEL); 404 result = wimax_msg(&i2400m->wimax_dev, NULL, l3l4_hdr, size, 405 GFP_KERNEL); 406 if (result < 0) 407 dev_err(dev, "error sending report to userspace: %d\n", 408 result); 409 } else /* an ack to a CMD, GET or SET */ 410 i2400m_rx_ctl_ack(i2400m, payload, size); 411error_check: 412 return; 413} 414 415 416/* 417 * Receive and send up a trace 418 * 419 * @i2400m: device descriptor 420 * @skb_rx: skb that contains the trace (for reference counting) 421 * @payload: pointer to trace message inside the skb 422 * @size: size of the message 423 * 424 * THe i2400m might produce trace information (diagnostics) and we 425 * send them through a different kernel-to-user pipe (to avoid 426 * clogging it). 427 * 428 * As in i2400m_rx_ctl(), we can't clone the original skb where the 429 * data is because we need to send this up via netlink; netlink has to 430 * add headers and we can't overwrite what's preceding the 431 * payload...as it is another message. So we just dup them. 432 */ 433static 434void i2400m_rx_trace(struct i2400m *i2400m, 435 const void *payload, size_t size) 436{ 437 int result; 438 struct device *dev = i2400m_dev(i2400m); 439 struct wimax_dev *wimax_dev = &i2400m->wimax_dev; 440 const struct i2400m_l3l4_hdr *l3l4_hdr = payload; 441 unsigned msg_type; 442 443 result = i2400m_msg_size_check(i2400m, l3l4_hdr, size); 444 if (result < 0) { 445 dev_err(dev, "HW BUG? device sent a bad trace message: %d\n", 446 result); 447 goto error_check; 448 } 449 msg_type = le16_to_cpu(l3l4_hdr->type); 450 d_printf(1, dev, "Trace %s 0x%04x: %zu bytes\n", 451 msg_type & I2400M_MT_REPORT_MASK ? "REPORT" : "CMD/SET/GET", 452 msg_type, size); 453 d_dump(2, dev, l3l4_hdr, size); 454 result = wimax_msg(wimax_dev, "trace", l3l4_hdr, size, GFP_KERNEL); 455 if (result < 0) 456 dev_err(dev, "error sending trace to userspace: %d\n", 457 result); 458error_check: 459 return; 460} 461 462 463/* 464 * Reorder queue data stored on skb->cb while the skb is queued in the 465 * reorder queues. 466 */ 467struct i2400m_roq_data { 468 unsigned sn; /* Serial number for the skb */ 469 enum i2400m_cs cs; /* packet type for the skb */ 470}; 471 472 473/* 474 * ReOrder Queue 475 * 476 * @ws: Window Start; sequence number where the current window start 477 * is for this queue 478 * @queue: the skb queue itself 479 * @log: circular ring buffer used to log information about the 480 * reorder process in this queue that can be displayed in case of 481 * error to help diagnose it. 482 * 483 * This is the head for a list of skbs. In the skb->cb member of the 484 * skb when queued here contains a 'struct i2400m_roq_data' were we 485 * store the sequence number (sn) and the cs (packet type) coming from 486 * the RX payload header from the device. 487 */ 488struct i2400m_roq 489{ 490 unsigned ws; 491 struct sk_buff_head queue; 492 struct i2400m_roq_log *log; 493}; 494 495 496static 497void __i2400m_roq_init(struct i2400m_roq *roq) 498{ 499 roq->ws = 0; 500 skb_queue_head_init(&roq->queue); 501} 502 503 504static 505unsigned __i2400m_roq_index(struct i2400m *i2400m, struct i2400m_roq *roq) 506{ 507 return ((unsigned long) roq - (unsigned long) i2400m->rx_roq) 508 / sizeof(*roq); 509} 510 511 512/* 513 * Normalize a sequence number based on the queue's window start 514 * 515 * nsn = (sn - ws) % 2048 516 * 517 * Note that if @sn < @roq->ws, we still need a positive number; %'s 518 * sign is implementation specific, so we normalize it by adding 2048 519 * to bring it to be positive. 520 */ 521static 522unsigned __i2400m_roq_nsn(struct i2400m_roq *roq, unsigned sn) 523{ 524 int r; 525 r = ((int) sn - (int) roq->ws) % 2048; 526 if (r < 0) 527 r += 2048; 528 return r; 529} 530 531 532/* 533 * Circular buffer to keep the last N reorder operations 534 * 535 * In case something fails, dumb then to try to come up with what 536 * happened. 537 */ 538enum { 539 I2400M_ROQ_LOG_LENGTH = 32, 540}; 541 542struct i2400m_roq_log { 543 struct i2400m_roq_log_entry { 544 enum i2400m_ro_type type; 545 unsigned ws, count, sn, nsn, new_ws; 546 } entry[I2400M_ROQ_LOG_LENGTH]; 547 unsigned in, out; 548}; 549 550 551/* Print a log entry */ 552static 553void i2400m_roq_log_entry_print(struct i2400m *i2400m, unsigned index, 554 unsigned e_index, 555 struct i2400m_roq_log_entry *e) 556{ 557 struct device *dev = i2400m_dev(i2400m); 558 559 switch(e->type) { 560 case I2400M_RO_TYPE_RESET: 561 dev_err(dev, "q#%d reset ws %u cnt %u sn %u/%u" 562 " - new nws %u\n", 563 index, e->ws, e->count, e->sn, e->nsn, e->new_ws); 564 break; 565 case I2400M_RO_TYPE_PACKET: 566 dev_err(dev, "q#%d queue ws %u cnt %u sn %u/%u\n", 567 index, e->ws, e->count, e->sn, e->nsn); 568 break; 569 case I2400M_RO_TYPE_WS: 570 dev_err(dev, "q#%d update_ws ws %u cnt %u sn %u/%u" 571 " - new nws %u\n", 572 index, e->ws, e->count, e->sn, e->nsn, e->new_ws); 573 break; 574 case I2400M_RO_TYPE_PACKET_WS: 575 dev_err(dev, "q#%d queue_update_ws ws %u cnt %u sn %u/%u" 576 " - new nws %u\n", 577 index, e->ws, e->count, e->sn, e->nsn, e->new_ws); 578 break; 579 default: 580 dev_err(dev, "q#%d BUG? entry %u - unknown type %u\n", 581 index, e_index, e->type); 582 break; 583 } 584} 585 586 587static 588void i2400m_roq_log_add(struct i2400m *i2400m, 589 struct i2400m_roq *roq, enum i2400m_ro_type type, 590 unsigned ws, unsigned count, unsigned sn, 591 unsigned nsn, unsigned new_ws) 592{ 593 struct i2400m_roq_log_entry *e; 594 unsigned cnt_idx; 595 int index = __i2400m_roq_index(i2400m, roq); 596 597 /* if we run out of space, we eat from the end */ 598 if (roq->log->in - roq->log->out == I2400M_ROQ_LOG_LENGTH) 599 roq->log->out++; 600 cnt_idx = roq->log->in++ % I2400M_ROQ_LOG_LENGTH; 601 e = &roq->log->entry[cnt_idx]; 602 603 e->type = type; 604 e->ws = ws; 605 e->count = count; 606 e->sn = sn; 607 e->nsn = nsn; 608 e->new_ws = new_ws; 609 610 if (d_test(1)) 611 i2400m_roq_log_entry_print(i2400m, index, cnt_idx, e); 612} 613 614 615/* Dump all the entries in the FIFO and reinitialize it */ 616static 617void i2400m_roq_log_dump(struct i2400m *i2400m, struct i2400m_roq *roq) 618{ 619 unsigned cnt, cnt_idx; 620 struct i2400m_roq_log_entry *e; 621 int index = __i2400m_roq_index(i2400m, roq); 622 623 BUG_ON(roq->log->out > roq->log->in); 624 for (cnt = roq->log->out; cnt < roq->log->in; cnt++) { 625 cnt_idx = cnt % I2400M_ROQ_LOG_LENGTH; 626 e = &roq->log->entry[cnt_idx]; 627 i2400m_roq_log_entry_print(i2400m, index, cnt_idx, e); 628 memset(e, 0, sizeof(*e)); 629 } 630 roq->log->in = roq->log->out = 0; 631} 632 633 634/* 635 * Backbone for the queuing of an skb (by normalized sequence number) 636 * 637 * @i2400m: device descriptor 638 * @roq: reorder queue where to add 639 * @skb: the skb to add 640 * @sn: the sequence number of the skb 641 * @nsn: the normalized sequence number of the skb (pre-computed by the 642 * caller from the @sn and @roq->ws). 643 * 644 * We try first a couple of quick cases: 645 * 646 * - the queue is empty 647 * - the skb would be appended to the queue 648 * 649 * These will be the most common operations. 650 * 651 * If these fail, then we have to do a sorted insertion in the queue, 652 * which is the slowest path. 653 * 654 * We don't have to acquire a reference count as we are going to own it. 655 */ 656static 657void __i2400m_roq_queue(struct i2400m *i2400m, struct i2400m_roq *roq, 658 struct sk_buff *skb, unsigned sn, unsigned nsn) 659{ 660 struct device *dev = i2400m_dev(i2400m); 661 struct sk_buff *skb_itr; 662 struct i2400m_roq_data *roq_data_itr, *roq_data; 663 unsigned nsn_itr; 664 665 d_fnstart(4, dev, "(i2400m %p roq %p skb %p sn %u nsn %u)\n", 666 i2400m, roq, skb, sn, nsn); 667 668 roq_data = (struct i2400m_roq_data *) &skb->cb; 669 BUILD_BUG_ON(sizeof(*roq_data) > sizeof(skb->cb)); 670 roq_data->sn = sn; 671 d_printf(3, dev, "ERX: roq %p [ws %u] nsn %d sn %u\n", 672 roq, roq->ws, nsn, roq_data->sn); 673 674 /* Queues will be empty on not-so-bad environments, so try 675 * that first */ 676 if (skb_queue_empty(&roq->queue)) { 677 d_printf(2, dev, "ERX: roq %p - first one\n", roq); 678 __skb_queue_head(&roq->queue, skb); 679 goto out; 680 } 681 /* Now try append, as most of the operations will be that */ 682 skb_itr = skb_peek_tail(&roq->queue); 683 roq_data_itr = (struct i2400m_roq_data *) &skb_itr->cb; 684 nsn_itr = __i2400m_roq_nsn(roq, roq_data_itr->sn); 685 /* NSN bounds assumed correct (checked when it was queued) */ 686 if (nsn >= nsn_itr) { 687 d_printf(2, dev, "ERX: roq %p - appended after %p (nsn %d sn %u)\n", 688 roq, skb_itr, nsn_itr, roq_data_itr->sn); 689 __skb_queue_tail(&roq->queue, skb); 690 goto out; 691 } 692 /* None of the fast paths option worked. Iterate to find the 693 * right spot where to insert the packet; we know the queue is 694 * not empty, so we are not the first ones; we also know we 695 * are not going to be the last ones. The list is sorted, so 696 * we have to insert before the the first guy with an nsn_itr 697 * greater that our nsn. */ 698 skb_queue_walk(&roq->queue, skb_itr) { 699 roq_data_itr = (struct i2400m_roq_data *) &skb_itr->cb; 700 nsn_itr = __i2400m_roq_nsn(roq, roq_data_itr->sn); 701 /* NSN bounds assumed correct (checked when it was queued) */ 702 if (nsn_itr > nsn) { 703 d_printf(2, dev, "ERX: roq %p - queued before %p " 704 "(nsn %d sn %u)\n", roq, skb_itr, nsn_itr, 705 roq_data_itr->sn); 706 __skb_queue_before(&roq->queue, skb_itr, skb); 707 goto out; 708 } 709 } 710 /* If we get here, that is VERY bad -- print info to help 711 * diagnose and crash it */ 712 dev_err(dev, "SW BUG? failed to insert packet\n"); 713 dev_err(dev, "ERX: roq %p [ws %u] skb %p nsn %d sn %u\n", 714 roq, roq->ws, skb, nsn, roq_data->sn); 715 skb_queue_walk(&roq->queue, skb_itr) { 716 roq_data_itr = (struct i2400m_roq_data *) &skb_itr->cb; 717 nsn_itr = __i2400m_roq_nsn(roq, roq_data_itr->sn); 718 /* NSN bounds assumed correct (checked when it was queued) */ 719 dev_err(dev, "ERX: roq %p skb_itr %p nsn %d sn %u\n", 720 roq, skb_itr, nsn_itr, roq_data_itr->sn); 721 } 722 BUG(); 723out: 724 d_fnend(4, dev, "(i2400m %p roq %p skb %p sn %u nsn %d) = void\n", 725 i2400m, roq, skb, sn, nsn); 726} 727 728 729/* 730 * Backbone for the update window start operation 731 * 732 * @i2400m: device descriptor 733 * @roq: Reorder queue 734 * @sn: New sequence number 735 * 736 * Updates the window start of a queue; when doing so, it must deliver 737 * to the networking stack all the queued skb's whose normalized 738 * sequence number is lower than the new normalized window start. 739 */ 740static 741unsigned __i2400m_roq_update_ws(struct i2400m *i2400m, struct i2400m_roq *roq, 742 unsigned sn) 743{ 744 struct device *dev = i2400m_dev(i2400m); 745 struct sk_buff *skb_itr, *tmp_itr; 746 struct i2400m_roq_data *roq_data_itr; 747 unsigned new_nws, nsn_itr; 748 749 new_nws = __i2400m_roq_nsn(roq, sn); 750 /* 751 * For type 2(update_window_start) rx messages, there is no 752 * need to check if the normalized sequence number is greater 1023. 753 * Simply insert and deliver all packets to the host up to the 754 * window start. 755 */ 756 skb_queue_walk_safe(&roq->queue, skb_itr, tmp_itr) { 757 roq_data_itr = (struct i2400m_roq_data *) &skb_itr->cb; 758 nsn_itr = __i2400m_roq_nsn(roq, roq_data_itr->sn); 759 /* NSN bounds assumed correct (checked when it was queued) */ 760 if (nsn_itr < new_nws) { 761 d_printf(2, dev, "ERX: roq %p - release skb %p " 762 "(nsn %u/%u new nws %u)\n", 763 roq, skb_itr, nsn_itr, roq_data_itr->sn, 764 new_nws); 765 __skb_unlink(skb_itr, &roq->queue); 766 i2400m_net_erx(i2400m, skb_itr, roq_data_itr->cs); 767 } 768 else 769 break; /* rest of packets all nsn_itr > nws */ 770 } 771 roq->ws = sn; 772 return new_nws; 773} 774 775 776/* 777 * Reset a queue 778 * 779 * @i2400m: device descriptor 780 * @cin: Queue Index 781 * 782 * Deliver all the packets and reset the window-start to zero. Name is 783 * kind of misleading. 784 */ 785static 786void i2400m_roq_reset(struct i2400m *i2400m, struct i2400m_roq *roq) 787{ 788 struct device *dev = i2400m_dev(i2400m); 789 struct sk_buff *skb_itr, *tmp_itr; 790 struct i2400m_roq_data *roq_data_itr; 791 792 d_fnstart(2, dev, "(i2400m %p roq %p)\n", i2400m, roq); 793 i2400m_roq_log_add(i2400m, roq, I2400M_RO_TYPE_RESET, 794 roq->ws, skb_queue_len(&roq->queue), 795 ~0, ~0, 0); 796 skb_queue_walk_safe(&roq->queue, skb_itr, tmp_itr) { 797 roq_data_itr = (struct i2400m_roq_data *) &skb_itr->cb; 798 d_printf(2, dev, "ERX: roq %p - release skb %p (sn %u)\n", 799 roq, skb_itr, roq_data_itr->sn); 800 __skb_unlink(skb_itr, &roq->queue); 801 i2400m_net_erx(i2400m, skb_itr, roq_data_itr->cs); 802 } 803 roq->ws = 0; 804 d_fnend(2, dev, "(i2400m %p roq %p) = void\n", i2400m, roq); 805} 806 807 808/* 809 * Queue a packet 810 * 811 * @i2400m: device descriptor 812 * @cin: Queue Index 813 * @skb: containing the packet data 814 * @fbn: First block number of the packet in @skb 815 * @lbn: Last block number of the packet in @skb 816 * 817 * The hardware is asking the driver to queue a packet for later 818 * delivery to the networking stack. 819 */ 820static 821void i2400m_roq_queue(struct i2400m *i2400m, struct i2400m_roq *roq, 822 struct sk_buff * skb, unsigned lbn) 823{ 824 struct device *dev = i2400m_dev(i2400m); 825 unsigned nsn, len; 826 827 d_fnstart(2, dev, "(i2400m %p roq %p skb %p lbn %u) = void\n", 828 i2400m, roq, skb, lbn); 829 len = skb_queue_len(&roq->queue); 830 nsn = __i2400m_roq_nsn(roq, lbn); 831 if (unlikely(nsn >= 1024)) { 832 dev_err(dev, "SW BUG? queue nsn %d (lbn %u ws %u)\n", 833 nsn, lbn, roq->ws); 834 i2400m_roq_log_dump(i2400m, roq); 835 i2400m_reset(i2400m, I2400M_RT_WARM); 836 } else { 837 __i2400m_roq_queue(i2400m, roq, skb, lbn, nsn); 838 i2400m_roq_log_add(i2400m, roq, I2400M_RO_TYPE_PACKET, 839 roq->ws, len, lbn, nsn, ~0); 840 } 841 d_fnend(2, dev, "(i2400m %p roq %p skb %p lbn %u) = void\n", 842 i2400m, roq, skb, lbn); 843} 844 845 846/* 847 * Update the window start in a reorder queue and deliver all skbs 848 * with a lower window start 849 * 850 * @i2400m: device descriptor 851 * @roq: Reorder queue 852 * @sn: New sequence number 853 */ 854static 855void i2400m_roq_update_ws(struct i2400m *i2400m, struct i2400m_roq *roq, 856 unsigned sn) 857{ 858 struct device *dev = i2400m_dev(i2400m); 859 unsigned old_ws, nsn, len; 860 861 d_fnstart(2, dev, "(i2400m %p roq %p sn %u)\n", i2400m, roq, sn); 862 old_ws = roq->ws; 863 len = skb_queue_len(&roq->queue); 864 nsn = __i2400m_roq_update_ws(i2400m, roq, sn); 865 i2400m_roq_log_add(i2400m, roq, I2400M_RO_TYPE_WS, 866 old_ws, len, sn, nsn, roq->ws); 867 d_fnstart(2, dev, "(i2400m %p roq %p sn %u) = void\n", i2400m, roq, sn); 868} 869 870 871/* 872 * Queue a packet and update the window start 873 * 874 * @i2400m: device descriptor 875 * @cin: Queue Index 876 * @skb: containing the packet data 877 * @fbn: First block number of the packet in @skb 878 * @sn: Last block number of the packet in @skb 879 * 880 * Note that unlike i2400m_roq_update_ws(), which sets the new window 881 * start to @sn, in here we'll set it to @sn + 1. 882 */ 883static 884void i2400m_roq_queue_update_ws(struct i2400m *i2400m, struct i2400m_roq *roq, 885 struct sk_buff * skb, unsigned sn) 886{ 887 struct device *dev = i2400m_dev(i2400m); 888 unsigned nsn, old_ws, len; 889 890 d_fnstart(2, dev, "(i2400m %p roq %p skb %p sn %u)\n", 891 i2400m, roq, skb, sn); 892 len = skb_queue_len(&roq->queue); 893 nsn = __i2400m_roq_nsn(roq, sn); 894 /* 895 * For type 3(queue_update_window_start) rx messages, there is no 896 * need to check if the normalized sequence number is greater 1023. 897 * Simply insert and deliver all packets to the host up to the 898 * window start. 899 */ 900 old_ws = roq->ws; 901 /* If the queue is empty, don't bother as we'd queue 902 * it and immediately unqueue it -- just deliver it. 903 */ 904 if (len == 0) { 905 struct i2400m_roq_data *roq_data; 906 roq_data = (struct i2400m_roq_data *) &skb->cb; 907 i2400m_net_erx(i2400m, skb, roq_data->cs); 908 } else 909 __i2400m_roq_queue(i2400m, roq, skb, sn, nsn); 910 911 __i2400m_roq_update_ws(i2400m, roq, sn + 1); 912 i2400m_roq_log_add(i2400m, roq, I2400M_RO_TYPE_PACKET_WS, 913 old_ws, len, sn, nsn, roq->ws); 914 915 d_fnend(2, dev, "(i2400m %p roq %p skb %p sn %u) = void\n", 916 i2400m, roq, skb, sn); 917} 918 919 920/* 921 * This routine destroys the memory allocated for rx_roq, when no 922 * other thread is accessing it. Access to rx_roq is refcounted by 923 * rx_roq_refcount, hence memory allocated must be destroyed when 924 * rx_roq_refcount becomes zero. This routine gets executed when 925 * rx_roq_refcount becomes zero. 926 */ 927static void i2400m_rx_roq_destroy(struct kref *ref) 928{ 929 unsigned itr; 930 struct i2400m *i2400m 931 = container_of(ref, struct i2400m, rx_roq_refcount); 932 for (itr = 0; itr < I2400M_RO_CIN + 1; itr++) 933 __skb_queue_purge(&i2400m->rx_roq[itr].queue); 934 kfree(i2400m->rx_roq[0].log); 935 kfree(i2400m->rx_roq); 936 i2400m->rx_roq = NULL; 937} 938 939/* 940 * Receive and send up an extended data packet 941 * 942 * @i2400m: device descriptor 943 * @skb_rx: skb that contains the extended data packet 944 * @single_last: 1 if the payload is the only one or the last one of 945 * the skb. 946 * @payload: pointer to the packet's data inside the skb 947 * @size: size of the payload 948 * 949 * Starting in v1.4 of the i2400m's firmware, the device can send data 950 * packets to the host in an extended format that; this incudes a 16 951 * byte header (struct i2400m_pl_edata_hdr). Using this header's space 952 * we can fake ethernet headers for ethernet device emulation without 953 * having to copy packets around. 954 * 955 * This function handles said path. 956 * 957 * 958 * Receive and send up an extended data packet that requires no reordering 959 * 960 * @i2400m: device descriptor 961 * @skb_rx: skb that contains the extended data packet 962 * @single_last: 1 if the payload is the only one or the last one of 963 * the skb. 964 * @payload: pointer to the packet's data (past the actual extended 965 * data payload header). 966 * @size: size of the payload 967 * 968 * Pass over to the networking stack a data packet that might have 969 * reordering requirements. 970 * 971 * This needs to the decide if the skb in which the packet is 972 * contained can be reused or if it needs to be cloned. Then it has to 973 * be trimmed in the edges so that the beginning is the space for eth 974 * header and then pass it to i2400m_net_erx() for the stack 975 * 976 * Assumes the caller has verified the sanity of the payload (size, 977 * etc) already. 978 */ 979static 980void i2400m_rx_edata(struct i2400m *i2400m, struct sk_buff *skb_rx, 981 unsigned single_last, const void *payload, size_t size) 982{ 983 struct device *dev = i2400m_dev(i2400m); 984 const struct i2400m_pl_edata_hdr *hdr = payload; 985 struct net_device *net_dev = i2400m->wimax_dev.net_dev; 986 struct sk_buff *skb; 987 enum i2400m_cs cs; 988 u32 reorder; 989 unsigned ro_needed, ro_type, ro_cin, ro_sn; 990 struct i2400m_roq *roq; 991 struct i2400m_roq_data *roq_data; 992 unsigned long flags; 993 994 BUILD_BUG_ON(ETH_HLEN > sizeof(*hdr)); 995 996 d_fnstart(2, dev, "(i2400m %p skb_rx %p single %u payload %p " 997 "size %zu)\n", i2400m, skb_rx, single_last, payload, size); 998 if (size < sizeof(*hdr)) { 999 dev_err(dev, "ERX: HW BUG? message with short header (%zu " 1000 "vs %zu bytes expected)\n", size, sizeof(*hdr)); 1001 goto error; 1002 } 1003 1004 if (single_last) { 1005 skb = skb_get(skb_rx); 1006 d_printf(3, dev, "ERX: skb %p reusing\n", skb); 1007 } else { 1008 skb = skb_clone(skb_rx, GFP_KERNEL); 1009 if (skb == NULL) { 1010 dev_err(dev, "ERX: no memory to clone skb\n"); 1011 net_dev->stats.rx_dropped++; 1012 goto error_skb_clone; 1013 } 1014 d_printf(3, dev, "ERX: skb %p cloned from %p\n", skb, skb_rx); 1015 } 1016 /* now we have to pull and trim so that the skb points to the 1017 * beginning of the IP packet; the netdev part will add the 1018 * ethernet header as needed - we know there is enough space 1019 * because we checked in i2400m_rx_edata(). */ 1020 skb_pull(skb, payload + sizeof(*hdr) - (void *) skb->data); 1021 skb_trim(skb, (void *) skb_end_pointer(skb) - payload - sizeof(*hdr)); 1022 1023 reorder = le32_to_cpu(hdr->reorder); 1024 ro_needed = reorder & I2400M_RO_NEEDED; 1025 cs = hdr->cs; 1026 if (ro_needed) { 1027 ro_type = (reorder >> I2400M_RO_TYPE_SHIFT) & I2400M_RO_TYPE; 1028 ro_cin = (reorder >> I2400M_RO_CIN_SHIFT) & I2400M_RO_CIN; 1029 ro_sn = (reorder >> I2400M_RO_SN_SHIFT) & I2400M_RO_SN; 1030 1031 spin_lock_irqsave(&i2400m->rx_lock, flags); 1032 if (i2400m->rx_roq == NULL) { 1033 kfree_skb(skb); /* rx_roq is already destroyed */ 1034 spin_unlock_irqrestore(&i2400m->rx_lock, flags); 1035 goto error; 1036 } 1037 roq = &i2400m->rx_roq[ro_cin]; 1038 kref_get(&i2400m->rx_roq_refcount); 1039 spin_unlock_irqrestore(&i2400m->rx_lock, flags); 1040 1041 roq_data = (struct i2400m_roq_data *) &skb->cb; 1042 roq_data->sn = ro_sn; 1043 roq_data->cs = cs; 1044 d_printf(2, dev, "ERX: reorder needed: " 1045 "type %u cin %u [ws %u] sn %u/%u len %zuB\n", 1046 ro_type, ro_cin, roq->ws, ro_sn, 1047 __i2400m_roq_nsn(roq, ro_sn), size); 1048 d_dump(2, dev, payload, size); 1049 switch(ro_type) { 1050 case I2400M_RO_TYPE_RESET: 1051 i2400m_roq_reset(i2400m, roq); 1052 kfree_skb(skb); /* no data here */ 1053 break; 1054 case I2400M_RO_TYPE_PACKET: 1055 i2400m_roq_queue(i2400m, roq, skb, ro_sn); 1056 break; 1057 case I2400M_RO_TYPE_WS: 1058 i2400m_roq_update_ws(i2400m, roq, ro_sn); 1059 kfree_skb(skb); /* no data here */ 1060 break; 1061 case I2400M_RO_TYPE_PACKET_WS: 1062 i2400m_roq_queue_update_ws(i2400m, roq, skb, ro_sn); 1063 break; 1064 default: 1065 dev_err(dev, "HW BUG? unknown reorder type %u\n", ro_type); 1066 } 1067 1068 spin_lock_irqsave(&i2400m->rx_lock, flags); 1069 kref_put(&i2400m->rx_roq_refcount, i2400m_rx_roq_destroy); 1070 spin_unlock_irqrestore(&i2400m->rx_lock, flags); 1071 } 1072 else 1073 i2400m_net_erx(i2400m, skb, cs); 1074error_skb_clone: 1075error: 1076 d_fnend(2, dev, "(i2400m %p skb_rx %p single %u payload %p " 1077 "size %zu) = void\n", i2400m, skb_rx, single_last, payload, size); 1078} 1079 1080 1081/* 1082 * Act on a received payload 1083 * 1084 * @i2400m: device instance 1085 * @skb_rx: skb where the transaction was received 1086 * @single_last: 1 this is the only payload or the last one (so the 1087 * skb can be reused instead of cloned). 1088 * @pld: payload descriptor 1089 * @payload: payload data 1090 * 1091 * Upon reception of a payload, look at its guts in the payload 1092 * descriptor and decide what to do with it. If it is a single payload 1093 * skb or if the last skb is a data packet, the skb will be referenced 1094 * and modified (so it doesn't have to be cloned). 1095 */ 1096static 1097void i2400m_rx_payload(struct i2400m *i2400m, struct sk_buff *skb_rx, 1098 unsigned single_last, const struct i2400m_pld *pld, 1099 const void *payload) 1100{ 1101 struct device *dev = i2400m_dev(i2400m); 1102 size_t pl_size = i2400m_pld_size(pld); 1103 enum i2400m_pt pl_type = i2400m_pld_type(pld); 1104 1105 d_printf(7, dev, "RX: received payload type %u, %zu bytes\n", 1106 pl_type, pl_size); 1107 d_dump(8, dev, payload, pl_size); 1108 1109 switch (pl_type) { 1110 case I2400M_PT_DATA: 1111 d_printf(3, dev, "RX: data payload %zu bytes\n", pl_size); 1112 i2400m_net_rx(i2400m, skb_rx, single_last, payload, pl_size); 1113 break; 1114 case I2400M_PT_CTRL: 1115 i2400m_rx_ctl(i2400m, skb_rx, payload, pl_size); 1116 break; 1117 case I2400M_PT_TRACE: 1118 i2400m_rx_trace(i2400m, payload, pl_size); 1119 break; 1120 case I2400M_PT_EDATA: 1121 d_printf(3, dev, "ERX: data payload %zu bytes\n", pl_size); 1122 i2400m_rx_edata(i2400m, skb_rx, single_last, payload, pl_size); 1123 break; 1124 default: /* Anything else shouldn't come to the host */ 1125 if (printk_ratelimit()) 1126 dev_err(dev, "RX: HW BUG? unexpected payload type %u\n", 1127 pl_type); 1128 } 1129} 1130 1131 1132/* 1133 * Check a received transaction's message header 1134 * 1135 * @i2400m: device descriptor 1136 * @msg_hdr: message header 1137 * @buf_size: size of the received buffer 1138 * 1139 * Check that the declarations done by a RX buffer message header are 1140 * sane and consistent with the amount of data that was received. 1141 */ 1142static 1143int i2400m_rx_msg_hdr_check(struct i2400m *i2400m, 1144 const struct i2400m_msg_hdr *msg_hdr, 1145 size_t buf_size) 1146{ 1147 int result = -EIO; 1148 struct device *dev = i2400m_dev(i2400m); 1149 if (buf_size < sizeof(*msg_hdr)) { 1150 dev_err(dev, "RX: HW BUG? message with short header (%zu " 1151 "vs %zu bytes expected)\n", buf_size, sizeof(*msg_hdr)); 1152 goto error; 1153 } 1154 if (msg_hdr->barker != cpu_to_le32(I2400M_D2H_MSG_BARKER)) { 1155 dev_err(dev, "RX: HW BUG? message received with unknown " 1156 "barker 0x%08x (buf_size %zu bytes)\n", 1157 le32_to_cpu(msg_hdr->barker), buf_size); 1158 goto error; 1159 } 1160 if (msg_hdr->num_pls == 0) { 1161 dev_err(dev, "RX: HW BUG? zero payload packets in message\n"); 1162 goto error; 1163 } 1164 if (le16_to_cpu(msg_hdr->num_pls) > I2400M_MAX_PLS_IN_MSG) { 1165 dev_err(dev, "RX: HW BUG? message contains more payload " 1166 "than maximum; ignoring.\n"); 1167 goto error; 1168 } 1169 result = 0; 1170error: 1171 return result; 1172} 1173 1174 1175/* 1176 * Check a payload descriptor against the received data 1177 * 1178 * @i2400m: device descriptor 1179 * @pld: payload descriptor 1180 * @pl_itr: offset (in bytes) in the received buffer the payload is 1181 * located 1182 * @buf_size: size of the received buffer 1183 * 1184 * Given a payload descriptor (part of a RX buffer), check it is sane 1185 * and that the data it declares fits in the buffer. 1186 */ 1187static 1188int i2400m_rx_pl_descr_check(struct i2400m *i2400m, 1189 const struct i2400m_pld *pld, 1190 size_t pl_itr, size_t buf_size) 1191{ 1192 int result = -EIO; 1193 struct device *dev = i2400m_dev(i2400m); 1194 size_t pl_size = i2400m_pld_size(pld); 1195 enum i2400m_pt pl_type = i2400m_pld_type(pld); 1196 1197 if (pl_size > i2400m->bus_pl_size_max) { 1198 dev_err(dev, "RX: HW BUG? payload @%zu: size %zu is " 1199 "bigger than maximum %zu; ignoring message\n", 1200 pl_itr, pl_size, i2400m->bus_pl_size_max); 1201 goto error; 1202 } 1203 if (pl_itr + pl_size > buf_size) { /* enough? */ 1204 dev_err(dev, "RX: HW BUG? payload @%zu: size %zu " 1205 "goes beyond the received buffer " 1206 "size (%zu bytes); ignoring message\n", 1207 pl_itr, pl_size, buf_size); 1208 goto error; 1209 } 1210 if (pl_type >= I2400M_PT_ILLEGAL) { 1211 dev_err(dev, "RX: HW BUG? illegal payload type %u; " 1212 "ignoring message\n", pl_type); 1213 goto error; 1214 } 1215 result = 0; 1216error: 1217 return result; 1218} 1219 1220 1221/** 1222 * i2400m_rx - Receive a buffer of data from the device 1223 * 1224 * @i2400m: device descriptor 1225 * @skb: skbuff where the data has been received 1226 * 1227 * Parse in a buffer of data that contains an RX message sent from the 1228 * device. See the file header for the format. Run all checks on the 1229 * buffer header, then run over each payload's descriptors, verify 1230 * their consistency and act on each payload's contents. If 1231 * everything is successful, update the device's statistics. 1232 * 1233 * Note: You need to set the skb to contain only the length of the 1234 * received buffer; for that, use skb_trim(skb, RECEIVED_SIZE). 1235 * 1236 * Returns: 1237 * 1238 * 0 if ok, < 0 errno on error 1239 * 1240 * If ok, this function owns now the skb and the caller DOESN'T have 1241 * to run kfree_skb() on it. However, on error, the caller still owns 1242 * the skb and it is responsible for releasing it. 1243 */ 1244int i2400m_rx(struct i2400m *i2400m, struct sk_buff *skb) 1245{ 1246 int i, result; 1247 struct device *dev = i2400m_dev(i2400m); 1248 const struct i2400m_msg_hdr *msg_hdr; 1249 size_t pl_itr, pl_size; 1250 unsigned long flags; 1251 unsigned num_pls, single_last, skb_len; 1252 1253 skb_len = skb->len; 1254 d_fnstart(4, dev, "(i2400m %p skb %p [size %u])\n", 1255 i2400m, skb, skb_len); 1256 result = -EIO; 1257 msg_hdr = (void *) skb->data; 1258 result = i2400m_rx_msg_hdr_check(i2400m, msg_hdr, skb_len); 1259 if (result < 0) 1260 goto error_msg_hdr_check; 1261 result = -EIO; 1262 num_pls = le16_to_cpu(msg_hdr->num_pls); 1263 pl_itr = sizeof(*msg_hdr) + /* Check payload descriptor(s) */ 1264 num_pls * sizeof(msg_hdr->pld[0]); 1265 pl_itr = ALIGN(pl_itr, I2400M_PL_ALIGN); 1266 if (pl_itr > skb_len) { /* got all the payload descriptors? */ 1267 dev_err(dev, "RX: HW BUG? message too short (%u bytes) for " 1268 "%u payload descriptors (%zu each, total %zu)\n", 1269 skb_len, num_pls, sizeof(msg_hdr->pld[0]), pl_itr); 1270 goto error_pl_descr_short; 1271 } 1272 /* Walk each payload payload--check we really got it */ 1273 for (i = 0; i < num_pls; i++) { 1274 /* work around old gcc warnings */ 1275 pl_size = i2400m_pld_size(&msg_hdr->pld[i]); 1276 result = i2400m_rx_pl_descr_check(i2400m, &msg_hdr->pld[i], 1277 pl_itr, skb_len); 1278 if (result < 0) 1279 goto error_pl_descr_check; 1280 single_last = num_pls == 1 || i == num_pls - 1; 1281 i2400m_rx_payload(i2400m, skb, single_last, &msg_hdr->pld[i], 1282 skb->data + pl_itr); 1283 pl_itr += ALIGN(pl_size, I2400M_PL_ALIGN); 1284 cond_resched(); /* Don't monopolize */ 1285 } 1286 kfree_skb(skb); 1287 /* Update device statistics */ 1288 spin_lock_irqsave(&i2400m->rx_lock, flags); 1289 i2400m->rx_pl_num += i; 1290 if (i > i2400m->rx_pl_max) 1291 i2400m->rx_pl_max = i; 1292 if (i < i2400m->rx_pl_min) 1293 i2400m->rx_pl_min = i; 1294 i2400m->rx_num++; 1295 i2400m->rx_size_acc += skb_len; 1296 if (skb_len < i2400m->rx_size_min) 1297 i2400m->rx_size_min = skb_len; 1298 if (skb_len > i2400m->rx_size_max) 1299 i2400m->rx_size_max = skb_len; 1300 spin_unlock_irqrestore(&i2400m->rx_lock, flags); 1301error_pl_descr_check: 1302error_pl_descr_short: 1303error_msg_hdr_check: 1304 d_fnend(4, dev, "(i2400m %p skb %p [size %u]) = %d\n", 1305 i2400m, skb, skb_len, result); 1306 return result; 1307} 1308EXPORT_SYMBOL_GPL(i2400m_rx); 1309 1310 1311void i2400m_unknown_barker(struct i2400m *i2400m, 1312 const void *buf, size_t size) 1313{ 1314 struct device *dev = i2400m_dev(i2400m); 1315 char prefix[64]; 1316 const __le32 *barker = buf; 1317 dev_err(dev, "RX: HW BUG? unknown barker %08x, " 1318 "dropping %zu bytes\n", le32_to_cpu(*barker), size); 1319 snprintf(prefix, sizeof(prefix), "%s %s: ", 1320 dev_driver_string(dev), dev_name(dev)); 1321 if (size > 64) { 1322 print_hex_dump(KERN_ERR, prefix, DUMP_PREFIX_OFFSET, 1323 8, 4, buf, 64, 0); 1324 printk(KERN_ERR "%s... (only first 64 bytes " 1325 "dumped)\n", prefix); 1326 } else 1327 print_hex_dump(KERN_ERR, prefix, DUMP_PREFIX_OFFSET, 1328 8, 4, buf, size, 0); 1329} 1330EXPORT_SYMBOL(i2400m_unknown_barker); 1331 1332 1333/* 1334 * Initialize the RX queue and infrastructure 1335 * 1336 * This sets up all the RX reordering infrastructures, which will not 1337 * be used if reordering is not enabled or if the firmware does not 1338 * support it. The device is told to do reordering in 1339 * i2400m_dev_initialize(), where it also looks at the value of the 1340 * i2400m->rx_reorder switch before taking a decission. 1341 * 1342 * Note we allocate the roq queues in one chunk and the actual logging 1343 * support for it (logging) in another one and then we setup the 1344 * pointers from the first to the last. 1345 */ 1346int i2400m_rx_setup(struct i2400m *i2400m) 1347{ 1348 int result = 0; 1349 1350 i2400m->rx_reorder = i2400m_rx_reorder_disabled? 0 : 1; 1351 if (i2400m->rx_reorder) { 1352 unsigned itr; 1353 struct i2400m_roq_log *rd; 1354 1355 result = -ENOMEM; 1356 1357 i2400m->rx_roq = kcalloc(I2400M_RO_CIN + 1, 1358 sizeof(i2400m->rx_roq[0]), GFP_KERNEL); 1359 if (i2400m->rx_roq == NULL) 1360 goto error_roq_alloc; 1361 1362 rd = kcalloc(I2400M_RO_CIN + 1, sizeof(*i2400m->rx_roq[0].log), 1363 GFP_KERNEL); 1364 if (rd == NULL) { 1365 result = -ENOMEM; 1366 goto error_roq_log_alloc; 1367 } 1368 1369 for(itr = 0; itr < I2400M_RO_CIN + 1; itr++) { 1370 __i2400m_roq_init(&i2400m->rx_roq[itr]); 1371 i2400m->rx_roq[itr].log = &rd[itr]; 1372 } 1373 kref_init(&i2400m->rx_roq_refcount); 1374 } 1375 return 0; 1376 1377error_roq_log_alloc: 1378 kfree(i2400m->rx_roq); 1379error_roq_alloc: 1380 return result; 1381} 1382 1383 1384/* Tear down the RX queue and infrastructure */ 1385void i2400m_rx_release(struct i2400m *i2400m) 1386{ 1387 unsigned long flags; 1388 1389 if (i2400m->rx_reorder) { 1390 spin_lock_irqsave(&i2400m->rx_lock, flags); 1391 kref_put(&i2400m->rx_roq_refcount, i2400m_rx_roq_destroy); 1392 spin_unlock_irqrestore(&i2400m->rx_lock, flags); 1393 } 1394 /* at this point, nothing can be received... */ 1395 i2400m_report_hook_flush(i2400m); 1396} 1397