root/drivers/net/wireless/ath/carl9170/rx.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. carl9170_dbg_message
  2. carl9170_handle_ps
  3. carl9170_check_sequence
  4. carl9170_cmd_callback
  5. carl9170_handle_command_response
  6. carl9170_rx_mac_status
  7. carl9170_rx_phy_status
  8. carl9170_rx_copy_data
  9. carl9170_find_ie
  10. carl9170_ps_beacon
  11. carl9170_ba_check
  12. carl9170_ampdu_check
  13. carl9170_handle_mpdu
  14. carl9170_rx_untie_data
  15. carl9170_rx_untie_cmds
  16. __carl9170_rx
  17. carl9170_rx_stream
  18. carl9170_rx
   1 /*
   2  * Atheros CARL9170 driver
   3  *
   4  * 802.11 & command trap routines
   5  *
   6  * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
   7  * Copyright 2009, 2010, Christian Lamparter <chunkeey@googlemail.com>
   8  *
   9  * This program is free software; you can redistribute it and/or modify
  10  * it under the terms of the GNU General Public License as published by
  11  * the Free Software Foundation; either version 2 of the License, or
  12  * (at your option) any later version.
  13  *
  14  * This program is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  * GNU General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU General Public License
  20  * along with this program; see the file COPYING.  If not, see
  21  * http://www.gnu.org/licenses/.
  22  *
  23  * This file incorporates work covered by the following copyright and
  24  * permission notice:
  25  *    Copyright (c) 2007-2008 Atheros Communications, Inc.
  26  *
  27  *    Permission to use, copy, modify, and/or distribute this software for any
  28  *    purpose with or without fee is hereby granted, provided that the above
  29  *    copyright notice and this permission notice appear in all copies.
  30  *
  31  *    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  32  *    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  33  *    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  34  *    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  35  *    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  36  *    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  37  *    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  38  */
  39 
  40 #include <linux/slab.h>
  41 #include <linux/module.h>
  42 #include <linux/etherdevice.h>
  43 #include <linux/crc32.h>
  44 #include <net/mac80211.h>
  45 #include "carl9170.h"
  46 #include "hw.h"
  47 #include "cmd.h"
  48 
  49 static void carl9170_dbg_message(struct ar9170 *ar, const char *buf, u32 len)
  50 {
  51         bool restart = false;
  52         enum carl9170_restart_reasons reason = CARL9170_RR_NO_REASON;
  53 
  54         if (len > 3) {
  55                 if (memcmp(buf, CARL9170_ERR_MAGIC, 3) == 0) {
  56                         ar->fw.err_counter++;
  57                         if (ar->fw.err_counter > 3) {
  58                                 restart = true;
  59                                 reason = CARL9170_RR_TOO_MANY_FIRMWARE_ERRORS;
  60                         }
  61                 }
  62 
  63                 if (memcmp(buf, CARL9170_BUG_MAGIC, 3) == 0) {
  64                         ar->fw.bug_counter++;
  65                         restart = true;
  66                         reason = CARL9170_RR_FATAL_FIRMWARE_ERROR;
  67                 }
  68         }
  69 
  70         wiphy_info(ar->hw->wiphy, "FW: %.*s\n", len, buf);
  71 
  72         if (restart)
  73                 carl9170_restart(ar, reason);
  74 }
  75 
  76 static void carl9170_handle_ps(struct ar9170 *ar, struct carl9170_rsp *rsp)
  77 {
  78         u32 ps;
  79         bool new_ps;
  80 
  81         ps = le32_to_cpu(rsp->psm.state);
  82 
  83         new_ps = (ps & CARL9170_PSM_COUNTER) != CARL9170_PSM_WAKE;
  84         if (ar->ps.state != new_ps) {
  85                 if (!new_ps) {
  86                         ar->ps.sleep_ms = jiffies_to_msecs(jiffies -
  87                                 ar->ps.last_action);
  88                 }
  89 
  90                 ar->ps.last_action = jiffies;
  91 
  92                 ar->ps.state = new_ps;
  93         }
  94 }
  95 
  96 static int carl9170_check_sequence(struct ar9170 *ar, unsigned int seq)
  97 {
  98         if (ar->cmd_seq < -1)
  99                 return 0;
 100 
 101         /*
 102          * Initialize Counter
 103          */
 104         if (ar->cmd_seq < 0)
 105                 ar->cmd_seq = seq;
 106 
 107         /*
 108          * The sequence is strictly monotonic increasing and it never skips!
 109          *
 110          * Therefore we can safely assume that whenever we received an
 111          * unexpected sequence we have lost some valuable data.
 112          */
 113         if (seq != ar->cmd_seq) {
 114                 int count;
 115 
 116                 count = (seq - ar->cmd_seq) % ar->fw.cmd_bufs;
 117 
 118                 wiphy_err(ar->hw->wiphy, "lost %d command responses/traps! "
 119                           "w:%d g:%d\n", count, ar->cmd_seq, seq);
 120 
 121                 carl9170_restart(ar, CARL9170_RR_LOST_RSP);
 122                 return -EIO;
 123         }
 124 
 125         ar->cmd_seq = (ar->cmd_seq + 1) % ar->fw.cmd_bufs;
 126         return 0;
 127 }
 128 
 129 static void carl9170_cmd_callback(struct ar9170 *ar, u32 len, void *buffer)
 130 {
 131         /*
 132          * Some commands may have a variable response length
 133          * and we cannot predict the correct length in advance.
 134          * So we only check if we provided enough space for the data.
 135          */
 136         if (unlikely(ar->readlen != (len - 4))) {
 137                 dev_warn(&ar->udev->dev, "received invalid command response:"
 138                          "got %d, instead of %d\n", len - 4, ar->readlen);
 139                 print_hex_dump_bytes("carl9170 cmd:", DUMP_PREFIX_OFFSET,
 140                         ar->cmd_buf, (ar->cmd.hdr.len + 4) & 0x3f);
 141                 print_hex_dump_bytes("carl9170 rsp:", DUMP_PREFIX_OFFSET,
 142                         buffer, len);
 143                 /*
 144                  * Do not complete. The command times out,
 145                  * and we get a stack trace from there.
 146                  */
 147                 carl9170_restart(ar, CARL9170_RR_INVALID_RSP);
 148         }
 149 
 150         spin_lock(&ar->cmd_lock);
 151         if (ar->readbuf) {
 152                 if (len >= 4)
 153                         memcpy(ar->readbuf, buffer + 4, len - 4);
 154 
 155                 ar->readbuf = NULL;
 156         }
 157         complete(&ar->cmd_wait);
 158         spin_unlock(&ar->cmd_lock);
 159 }
 160 
 161 void carl9170_handle_command_response(struct ar9170 *ar, void *buf, u32 len)
 162 {
 163         struct carl9170_rsp *cmd = buf;
 164         struct ieee80211_vif *vif;
 165 
 166         if ((cmd->hdr.cmd & CARL9170_RSP_FLAG) != CARL9170_RSP_FLAG) {
 167                 if (!(cmd->hdr.cmd & CARL9170_CMD_ASYNC_FLAG))
 168                         carl9170_cmd_callback(ar, len, buf);
 169 
 170                 return;
 171         }
 172 
 173         if (unlikely(cmd->hdr.len != (len - 4))) {
 174                 if (net_ratelimit()) {
 175                         wiphy_err(ar->hw->wiphy, "FW: received over-/under"
 176                                 "sized event %x (%d, but should be %d).\n",
 177                                cmd->hdr.cmd, cmd->hdr.len, len - 4);
 178 
 179                         print_hex_dump_bytes("dump:", DUMP_PREFIX_NONE,
 180                                              buf, len);
 181                 }
 182 
 183                 return;
 184         }
 185 
 186         /* hardware event handlers */
 187         switch (cmd->hdr.cmd) {
 188         case CARL9170_RSP_PRETBTT:
 189                 /* pre-TBTT event */
 190                 rcu_read_lock();
 191                 vif = carl9170_get_main_vif(ar);
 192 
 193                 if (!vif) {
 194                         rcu_read_unlock();
 195                         break;
 196                 }
 197 
 198                 switch (vif->type) {
 199                 case NL80211_IFTYPE_STATION:
 200                         carl9170_handle_ps(ar, cmd);
 201                         break;
 202 
 203                 case NL80211_IFTYPE_AP:
 204                 case NL80211_IFTYPE_ADHOC:
 205                 case NL80211_IFTYPE_MESH_POINT:
 206                         carl9170_update_beacon(ar, true);
 207                         break;
 208 
 209                 default:
 210                         break;
 211                 }
 212                 rcu_read_unlock();
 213 
 214                 break;
 215 
 216 
 217         case CARL9170_RSP_TXCOMP:
 218                 /* TX status notification */
 219                 carl9170_tx_process_status(ar, cmd);
 220                 break;
 221 
 222         case CARL9170_RSP_BEACON_CONFIG:
 223                 /*
 224                  * (IBSS) beacon send notification
 225                  * bytes: 04 c2 XX YY B4 B3 B2 B1
 226                  *
 227                  * XX always 80
 228                  * YY always 00
 229                  * B1-B4 "should" be the number of send out beacons.
 230                  */
 231                 break;
 232 
 233         case CARL9170_RSP_ATIM:
 234                 /* End of Atim Window */
 235                 break;
 236 
 237         case CARL9170_RSP_WATCHDOG:
 238                 /* Watchdog Interrupt */
 239                 carl9170_restart(ar, CARL9170_RR_WATCHDOG);
 240                 break;
 241 
 242         case CARL9170_RSP_TEXT:
 243                 /* firmware debug */
 244                 carl9170_dbg_message(ar, (char *)buf + 4, len - 4);
 245                 break;
 246 
 247         case CARL9170_RSP_HEXDUMP:
 248                 wiphy_dbg(ar->hw->wiphy, "FW: HD %d\n", len - 4);
 249                 print_hex_dump_bytes("FW:", DUMP_PREFIX_NONE,
 250                                      (char *)buf + 4, len - 4);
 251                 break;
 252 
 253         case CARL9170_RSP_RADAR:
 254                 if (!net_ratelimit())
 255                         break;
 256 
 257                 wiphy_info(ar->hw->wiphy, "FW: RADAR! Please report this "
 258                        "incident to linux-wireless@vger.kernel.org !\n");
 259                 break;
 260 
 261         case CARL9170_RSP_GPIO:
 262 #ifdef CONFIG_CARL9170_WPC
 263                 if (ar->wps.pbc) {
 264                         bool state = !!(cmd->gpio.gpio & cpu_to_le32(
 265                                 AR9170_GPIO_PORT_WPS_BUTTON_PRESSED));
 266 
 267                         if (state != ar->wps.pbc_state) {
 268                                 ar->wps.pbc_state = state;
 269                                 input_report_key(ar->wps.pbc, KEY_WPS_BUTTON,
 270                                                  state);
 271                                 input_sync(ar->wps.pbc);
 272                         }
 273                 }
 274 #endif /* CONFIG_CARL9170_WPC */
 275                 break;
 276 
 277         case CARL9170_RSP_BOOT:
 278                 complete(&ar->fw_boot_wait);
 279                 break;
 280 
 281         default:
 282                 wiphy_err(ar->hw->wiphy, "FW: received unhandled event %x\n",
 283                         cmd->hdr.cmd);
 284                 print_hex_dump_bytes("dump:", DUMP_PREFIX_NONE, buf, len);
 285                 break;
 286         }
 287 }
 288 
 289 static int carl9170_rx_mac_status(struct ar9170 *ar,
 290         struct ar9170_rx_head *head, struct ar9170_rx_macstatus *mac,
 291         struct ieee80211_rx_status *status)
 292 {
 293         struct ieee80211_channel *chan;
 294         u8 error, decrypt;
 295 
 296         BUILD_BUG_ON(sizeof(struct ar9170_rx_head) != 12);
 297         BUILD_BUG_ON(sizeof(struct ar9170_rx_macstatus) != 4);
 298 
 299         error = mac->error;
 300 
 301         if (error & AR9170_RX_ERROR_WRONG_RA) {
 302                 if (!ar->sniffer_enabled)
 303                         return -EINVAL;
 304         }
 305 
 306         if (error & AR9170_RX_ERROR_PLCP) {
 307                 if (!(ar->filter_state & FIF_PLCPFAIL))
 308                         return -EINVAL;
 309 
 310                 status->flag |= RX_FLAG_FAILED_PLCP_CRC;
 311         }
 312 
 313         if (error & AR9170_RX_ERROR_FCS) {
 314                 ar->tx_fcs_errors++;
 315 
 316                 if (!(ar->filter_state & FIF_FCSFAIL))
 317                         return -EINVAL;
 318 
 319                 status->flag |= RX_FLAG_FAILED_FCS_CRC;
 320         }
 321 
 322         decrypt = ar9170_get_decrypt_type(mac);
 323         if (!(decrypt & AR9170_RX_ENC_SOFTWARE) &&
 324             decrypt != AR9170_ENC_ALG_NONE) {
 325                 if ((decrypt == AR9170_ENC_ALG_TKIP) &&
 326                     (error & AR9170_RX_ERROR_MMIC))
 327                         status->flag |= RX_FLAG_MMIC_ERROR;
 328 
 329                 status->flag |= RX_FLAG_DECRYPTED;
 330         }
 331 
 332         if (error & AR9170_RX_ERROR_DECRYPT && !ar->sniffer_enabled)
 333                 return -ENODATA;
 334 
 335         error &= ~(AR9170_RX_ERROR_MMIC |
 336                    AR9170_RX_ERROR_FCS |
 337                    AR9170_RX_ERROR_WRONG_RA |
 338                    AR9170_RX_ERROR_DECRYPT |
 339                    AR9170_RX_ERROR_PLCP);
 340 
 341         /* drop any other error frames */
 342         if (unlikely(error)) {
 343                 /* TODO: update netdevice's RX dropped/errors statistics */
 344 
 345                 if (net_ratelimit())
 346                         wiphy_dbg(ar->hw->wiphy, "received frame with "
 347                                "suspicious error code (%#x).\n", error);
 348 
 349                 return -EINVAL;
 350         }
 351 
 352         chan = ar->channel;
 353         if (chan) {
 354                 status->band = chan->band;
 355                 status->freq = chan->center_freq;
 356         }
 357 
 358         switch (mac->status & AR9170_RX_STATUS_MODULATION) {
 359         case AR9170_RX_STATUS_MODULATION_CCK:
 360                 if (mac->status & AR9170_RX_STATUS_SHORT_PREAMBLE)
 361                         status->enc_flags |= RX_ENC_FLAG_SHORTPRE;
 362                 switch (head->plcp[0]) {
 363                 case AR9170_RX_PHY_RATE_CCK_1M:
 364                         status->rate_idx = 0;
 365                         break;
 366                 case AR9170_RX_PHY_RATE_CCK_2M:
 367                         status->rate_idx = 1;
 368                         break;
 369                 case AR9170_RX_PHY_RATE_CCK_5M:
 370                         status->rate_idx = 2;
 371                         break;
 372                 case AR9170_RX_PHY_RATE_CCK_11M:
 373                         status->rate_idx = 3;
 374                         break;
 375                 default:
 376                         if (net_ratelimit()) {
 377                                 wiphy_err(ar->hw->wiphy, "invalid plcp cck "
 378                                        "rate (%x).\n", head->plcp[0]);
 379                         }
 380 
 381                         return -EINVAL;
 382                 }
 383                 break;
 384 
 385         case AR9170_RX_STATUS_MODULATION_DUPOFDM:
 386         case AR9170_RX_STATUS_MODULATION_OFDM:
 387                 switch (head->plcp[0] & 0xf) {
 388                 case AR9170_TXRX_PHY_RATE_OFDM_6M:
 389                         status->rate_idx = 0;
 390                         break;
 391                 case AR9170_TXRX_PHY_RATE_OFDM_9M:
 392                         status->rate_idx = 1;
 393                         break;
 394                 case AR9170_TXRX_PHY_RATE_OFDM_12M:
 395                         status->rate_idx = 2;
 396                         break;
 397                 case AR9170_TXRX_PHY_RATE_OFDM_18M:
 398                         status->rate_idx = 3;
 399                         break;
 400                 case AR9170_TXRX_PHY_RATE_OFDM_24M:
 401                         status->rate_idx = 4;
 402                         break;
 403                 case AR9170_TXRX_PHY_RATE_OFDM_36M:
 404                         status->rate_idx = 5;
 405                         break;
 406                 case AR9170_TXRX_PHY_RATE_OFDM_48M:
 407                         status->rate_idx = 6;
 408                         break;
 409                 case AR9170_TXRX_PHY_RATE_OFDM_54M:
 410                         status->rate_idx = 7;
 411                         break;
 412                 default:
 413                         if (net_ratelimit()) {
 414                                 wiphy_err(ar->hw->wiphy, "invalid plcp ofdm "
 415                                         "rate (%x).\n", head->plcp[0]);
 416                         }
 417 
 418                         return -EINVAL;
 419                 }
 420                 if (status->band == NL80211_BAND_2GHZ)
 421                         status->rate_idx += 4;
 422                 break;
 423 
 424         case AR9170_RX_STATUS_MODULATION_HT:
 425                 if (head->plcp[3] & 0x80)
 426                         status->bw = RATE_INFO_BW_40;
 427                 if (head->plcp[6] & 0x80)
 428                         status->enc_flags |= RX_ENC_FLAG_SHORT_GI;
 429 
 430                 status->rate_idx = clamp(head->plcp[3] & 0x7f, 0, 75);
 431                 status->encoding = RX_ENC_HT;
 432                 break;
 433 
 434         default:
 435                 BUG();
 436                 return -ENOSYS;
 437         }
 438 
 439         return 0;
 440 }
 441 
 442 static void carl9170_rx_phy_status(struct ar9170 *ar,
 443         struct ar9170_rx_phystatus *phy, struct ieee80211_rx_status *status)
 444 {
 445         int i;
 446 
 447         BUILD_BUG_ON(sizeof(struct ar9170_rx_phystatus) != 20);
 448 
 449         for (i = 0; i < 3; i++)
 450                 if (phy->rssi[i] != 0x80)
 451                         status->antenna |= BIT(i);
 452 
 453         /* post-process RSSI */
 454         for (i = 0; i < 7; i++)
 455                 if (phy->rssi[i] & 0x80)
 456                         phy->rssi[i] = ((~phy->rssi[i] & 0x7f) + 1) & 0x7f;
 457 
 458         /* TODO: we could do something with phy_errors */
 459         status->signal = ar->noise[0] + phy->rssi_combined;
 460 }
 461 
 462 static struct sk_buff *carl9170_rx_copy_data(u8 *buf, int len)
 463 {
 464         struct sk_buff *skb;
 465         int reserved = 0;
 466         struct ieee80211_hdr *hdr = (void *) buf;
 467 
 468         if (ieee80211_is_data_qos(hdr->frame_control)) {
 469                 u8 *qc = ieee80211_get_qos_ctl(hdr);
 470                 reserved += NET_IP_ALIGN;
 471 
 472                 if (*qc & IEEE80211_QOS_CTL_A_MSDU_PRESENT)
 473                         reserved += NET_IP_ALIGN;
 474         }
 475 
 476         if (ieee80211_has_a4(hdr->frame_control))
 477                 reserved += NET_IP_ALIGN;
 478 
 479         reserved = 32 + (reserved & NET_IP_ALIGN);
 480 
 481         skb = dev_alloc_skb(len + reserved);
 482         if (likely(skb)) {
 483                 skb_reserve(skb, reserved);
 484                 skb_put_data(skb, buf, len);
 485         }
 486 
 487         return skb;
 488 }
 489 
 490 static u8 *carl9170_find_ie(u8 *data, unsigned int len, u8 ie)
 491 {
 492         struct ieee80211_mgmt *mgmt = (void *)data;
 493         u8 *pos, *end;
 494 
 495         pos = (u8 *)mgmt->u.beacon.variable;
 496         end = data + len;
 497         while (pos < end) {
 498                 if (pos + 2 + pos[1] > end)
 499                         return NULL;
 500 
 501                 if (pos[0] == ie)
 502                         return pos;
 503 
 504                 pos += 2 + pos[1];
 505         }
 506         return NULL;
 507 }
 508 
 509 /*
 510  * NOTE:
 511  *
 512  * The firmware is in charge of waking up the device just before
 513  * the AP is expected to transmit the next beacon.
 514  *
 515  * This leaves the driver with the important task of deciding when
 516  * to set the PHY back to bed again.
 517  */
 518 static void carl9170_ps_beacon(struct ar9170 *ar, void *data, unsigned int len)
 519 {
 520         struct ieee80211_hdr *hdr = data;
 521         struct ieee80211_tim_ie *tim_ie;
 522         struct ath_common *common = &ar->common;
 523         u8 *tim;
 524         u8 tim_len;
 525         bool cam;
 526 
 527         if (likely(!(ar->hw->conf.flags & IEEE80211_CONF_PS)))
 528                 return;
 529 
 530         /* min. beacon length + FCS_LEN */
 531         if (len <= 40 + FCS_LEN)
 532                 return;
 533 
 534         /* check if this really is a beacon */
 535         /* and only beacons from the associated BSSID, please */
 536         if (!ath_is_mybeacon(common, hdr) || !common->curaid)
 537                 return;
 538 
 539         ar->ps.last_beacon = jiffies;
 540 
 541         tim = carl9170_find_ie(data, len - FCS_LEN, WLAN_EID_TIM);
 542         if (!tim)
 543                 return;
 544 
 545         if (tim[1] < sizeof(*tim_ie))
 546                 return;
 547 
 548         tim_len = tim[1];
 549         tim_ie = (struct ieee80211_tim_ie *) &tim[2];
 550 
 551         if (!WARN_ON_ONCE(!ar->hw->conf.ps_dtim_period))
 552                 ar->ps.dtim_counter = (tim_ie->dtim_count - 1) %
 553                         ar->hw->conf.ps_dtim_period;
 554 
 555         /* Check whenever the PHY can be turned off again. */
 556 
 557         /* 1. What about buffered unicast traffic for our AID? */
 558         cam = ieee80211_check_tim(tim_ie, tim_len, ar->common.curaid);
 559 
 560         /* 2. Maybe the AP wants to send multicast/broadcast data? */
 561         cam |= !!(tim_ie->bitmap_ctrl & 0x01);
 562 
 563         if (!cam) {
 564                 /* back to low-power land. */
 565                 ar->ps.off_override &= ~PS_OFF_BCN;
 566                 carl9170_ps_check(ar);
 567         } else {
 568                 /* force CAM */
 569                 ar->ps.off_override |= PS_OFF_BCN;
 570         }
 571 }
 572 
 573 static void carl9170_ba_check(struct ar9170 *ar, void *data, unsigned int len)
 574 {
 575         struct ieee80211_bar *bar = data;
 576         struct carl9170_bar_list_entry *entry;
 577         unsigned int queue;
 578 
 579         if (likely(!ieee80211_is_back(bar->frame_control)))
 580                 return;
 581 
 582         if (len <= sizeof(*bar) + FCS_LEN)
 583                 return;
 584 
 585         queue = TID_TO_WME_AC(((le16_to_cpu(bar->control) &
 586                 IEEE80211_BAR_CTRL_TID_INFO_MASK) >>
 587                 IEEE80211_BAR_CTRL_TID_INFO_SHIFT) & 7);
 588 
 589         rcu_read_lock();
 590         list_for_each_entry_rcu(entry, &ar->bar_list[queue], list) {
 591                 struct sk_buff *entry_skb = entry->skb;
 592                 struct _carl9170_tx_superframe *super = (void *)entry_skb->data;
 593                 struct ieee80211_bar *entry_bar = (void *)super->frame_data;
 594 
 595 #define TID_CHECK(a, b) (                                               \
 596         ((a) & cpu_to_le16(IEEE80211_BAR_CTRL_TID_INFO_MASK)) ==        \
 597         ((b) & cpu_to_le16(IEEE80211_BAR_CTRL_TID_INFO_MASK)))          \
 598 
 599                 if (bar->start_seq_num == entry_bar->start_seq_num &&
 600                     TID_CHECK(bar->control, entry_bar->control) &&
 601                     ether_addr_equal_64bits(bar->ra, entry_bar->ta) &&
 602                     ether_addr_equal_64bits(bar->ta, entry_bar->ra)) {
 603                         struct ieee80211_tx_info *tx_info;
 604 
 605                         tx_info = IEEE80211_SKB_CB(entry_skb);
 606                         tx_info->flags |= IEEE80211_TX_STAT_ACK;
 607 
 608                         spin_lock_bh(&ar->bar_list_lock[queue]);
 609                         list_del_rcu(&entry->list);
 610                         spin_unlock_bh(&ar->bar_list_lock[queue]);
 611                         kfree_rcu(entry, head);
 612                         break;
 613                 }
 614         }
 615         rcu_read_unlock();
 616 
 617 #undef TID_CHECK
 618 }
 619 
 620 static bool carl9170_ampdu_check(struct ar9170 *ar, u8 *buf, u8 ms,
 621                                  struct ieee80211_rx_status *rx_status)
 622 {
 623         __le16 fc;
 624 
 625         if ((ms & AR9170_RX_STATUS_MPDU) == AR9170_RX_STATUS_MPDU_SINGLE) {
 626                 /*
 627                  * This frame is not part of an aMPDU.
 628                  * Therefore it is not subjected to any
 629                  * of the following content restrictions.
 630                  */
 631                 return true;
 632         }
 633 
 634         rx_status->flag |= RX_FLAG_AMPDU_DETAILS | RX_FLAG_AMPDU_LAST_KNOWN;
 635         rx_status->ampdu_reference = ar->ampdu_ref;
 636 
 637         /*
 638          * "802.11n - 7.4a.3 A-MPDU contents" describes in which contexts
 639          * certain frame types can be part of an aMPDU.
 640          *
 641          * In order to keep the processing cost down, I opted for a
 642          * stateless filter solely based on the frame control field.
 643          */
 644 
 645         fc = ((struct ieee80211_hdr *)buf)->frame_control;
 646         if (ieee80211_is_data_qos(fc) && ieee80211_is_data_present(fc))
 647                 return true;
 648 
 649         if (ieee80211_is_ack(fc) || ieee80211_is_back(fc) ||
 650             ieee80211_is_back_req(fc))
 651                 return true;
 652 
 653         if (ieee80211_is_action(fc))
 654                 return true;
 655 
 656         return false;
 657 }
 658 
 659 static int carl9170_handle_mpdu(struct ar9170 *ar, u8 *buf, int len,
 660                                 struct ieee80211_rx_status *status)
 661 {
 662         struct sk_buff *skb;
 663 
 664         /* (driver) frame trap handler
 665          *
 666          * Because power-saving mode handing has to be implemented by
 667          * the driver/firmware. We have to check each incoming beacon
 668          * from the associated AP, if there's new data for us (either
 669          * broadcast/multicast or unicast) we have to react quickly.
 670          *
 671          * So, if you have you want to add additional frame trap
 672          * handlers, this would be the perfect place!
 673          */
 674 
 675         carl9170_ps_beacon(ar, buf, len);
 676 
 677         carl9170_ba_check(ar, buf, len);
 678 
 679         skb = carl9170_rx_copy_data(buf, len);
 680         if (!skb)
 681                 return -ENOMEM;
 682 
 683         memcpy(IEEE80211_SKB_RXCB(skb), status, sizeof(*status));
 684         ieee80211_rx(ar->hw, skb);
 685         return 0;
 686 }
 687 
 688 /*
 689  * If the frame alignment is right (or the kernel has
 690  * CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS), and there
 691  * is only a single MPDU in the USB frame, then we could
 692  * submit to mac80211 the SKB directly. However, since
 693  * there may be multiple packets in one SKB in stream
 694  * mode, and we need to observe the proper ordering,
 695  * this is non-trivial.
 696  */
 697 static void carl9170_rx_untie_data(struct ar9170 *ar, u8 *buf, int len)
 698 {
 699         struct ar9170_rx_head *head;
 700         struct ar9170_rx_macstatus *mac;
 701         struct ar9170_rx_phystatus *phy = NULL;
 702         struct ieee80211_rx_status status;
 703         int mpdu_len;
 704         u8 mac_status;
 705 
 706         if (!IS_STARTED(ar))
 707                 return;
 708 
 709         if (unlikely(len < sizeof(*mac)))
 710                 goto drop;
 711 
 712         memset(&status, 0, sizeof(status));
 713 
 714         mpdu_len = len - sizeof(*mac);
 715 
 716         mac = (void *)(buf + mpdu_len);
 717         mac_status = mac->status;
 718         switch (mac_status & AR9170_RX_STATUS_MPDU) {
 719         case AR9170_RX_STATUS_MPDU_FIRST:
 720                 ar->ampdu_ref++;
 721                 /* Aggregated MPDUs start with an PLCP header */
 722                 if (likely(mpdu_len >= sizeof(struct ar9170_rx_head))) {
 723                         head = (void *) buf;
 724 
 725                         /*
 726                          * The PLCP header needs to be cached for the
 727                          * following MIDDLE + LAST A-MPDU packets.
 728                          *
 729                          * So, if you are wondering why all frames seem
 730                          * to share a common RX status information,
 731                          * then you have the answer right here...
 732                          */
 733                         memcpy(&ar->rx_plcp, (void *) buf,
 734                                sizeof(struct ar9170_rx_head));
 735 
 736                         mpdu_len -= sizeof(struct ar9170_rx_head);
 737                         buf += sizeof(struct ar9170_rx_head);
 738 
 739                         ar->rx_has_plcp = true;
 740                 } else {
 741                         if (net_ratelimit()) {
 742                                 wiphy_err(ar->hw->wiphy, "plcp info "
 743                                         "is clipped.\n");
 744                         }
 745 
 746                         goto drop;
 747                 }
 748                 break;
 749 
 750         case AR9170_RX_STATUS_MPDU_LAST:
 751                 status.flag |= RX_FLAG_AMPDU_IS_LAST;
 752 
 753                 /*
 754                  * The last frame of an A-MPDU has an extra tail
 755                  * which does contain the phy status of the whole
 756                  * aggregate.
 757                  */
 758                 if (likely(mpdu_len >= sizeof(struct ar9170_rx_phystatus))) {
 759                         mpdu_len -= sizeof(struct ar9170_rx_phystatus);
 760                         phy = (void *)(buf + mpdu_len);
 761                 } else {
 762                         if (net_ratelimit()) {
 763                                 wiphy_err(ar->hw->wiphy, "frame tail "
 764                                         "is clipped.\n");
 765                         }
 766 
 767                         goto drop;
 768                 }
 769                 /* fall through */
 770 
 771         case AR9170_RX_STATUS_MPDU_MIDDLE:
 772                 /*  These are just data + mac status */
 773                 if (unlikely(!ar->rx_has_plcp)) {
 774                         if (!net_ratelimit())
 775                                 return;
 776 
 777                         wiphy_err(ar->hw->wiphy, "rx stream does not start "
 778                                         "with a first_mpdu frame tag.\n");
 779 
 780                         goto drop;
 781                 }
 782 
 783                 head = &ar->rx_plcp;
 784                 break;
 785 
 786         case AR9170_RX_STATUS_MPDU_SINGLE:
 787                 /* single mpdu has both: plcp (head) and phy status (tail) */
 788                 head = (void *) buf;
 789 
 790                 mpdu_len -= sizeof(struct ar9170_rx_head);
 791                 mpdu_len -= sizeof(struct ar9170_rx_phystatus);
 792 
 793                 buf += sizeof(struct ar9170_rx_head);
 794                 phy = (void *)(buf + mpdu_len);
 795                 break;
 796 
 797         default:
 798                 BUG();
 799                 break;
 800         }
 801 
 802         /* FC + DU + RA + FCS */
 803         if (unlikely(mpdu_len < (2 + 2 + ETH_ALEN + FCS_LEN)))
 804                 goto drop;
 805 
 806         if (unlikely(carl9170_rx_mac_status(ar, head, mac, &status)))
 807                 goto drop;
 808 
 809         if (!carl9170_ampdu_check(ar, buf, mac_status, &status))
 810                 goto drop;
 811 
 812         if (phy)
 813                 carl9170_rx_phy_status(ar, phy, &status);
 814         else
 815                 status.flag |= RX_FLAG_NO_SIGNAL_VAL;
 816 
 817         if (carl9170_handle_mpdu(ar, buf, mpdu_len, &status))
 818                 goto drop;
 819 
 820         return;
 821 drop:
 822         ar->rx_dropped++;
 823 }
 824 
 825 static void carl9170_rx_untie_cmds(struct ar9170 *ar, const u8 *respbuf,
 826                                    const unsigned int resplen)
 827 {
 828         struct carl9170_rsp *cmd;
 829         int i = 0;
 830 
 831         while (i < resplen) {
 832                 cmd = (void *) &respbuf[i];
 833 
 834                 i += cmd->hdr.len + 4;
 835                 if (unlikely(i > resplen))
 836                         break;
 837 
 838                 if (carl9170_check_sequence(ar, cmd->hdr.seq))
 839                         break;
 840 
 841                 carl9170_handle_command_response(ar, cmd, cmd->hdr.len + 4);
 842         }
 843 
 844         if (unlikely(i != resplen)) {
 845                 if (!net_ratelimit())
 846                         return;
 847 
 848                 wiphy_err(ar->hw->wiphy, "malformed firmware trap:\n");
 849                 print_hex_dump_bytes("rxcmd:", DUMP_PREFIX_OFFSET,
 850                                      respbuf, resplen);
 851         }
 852 }
 853 
 854 static void __carl9170_rx(struct ar9170 *ar, u8 *buf, unsigned int len)
 855 {
 856         unsigned int i = 0;
 857 
 858         /* weird thing, but this is the same in the original driver */
 859         while (len > 2 && i < 12 && buf[0] == 0xff && buf[1] == 0xff) {
 860                 i += 2;
 861                 len -= 2;
 862                 buf += 2;
 863         }
 864 
 865         if (unlikely(len < 4))
 866                 return;
 867 
 868         /* found the 6 * 0xffff marker? */
 869         if (i == 12)
 870                 carl9170_rx_untie_cmds(ar, buf, len);
 871         else
 872                 carl9170_rx_untie_data(ar, buf, len);
 873 }
 874 
 875 static void carl9170_rx_stream(struct ar9170 *ar, void *buf, unsigned int len)
 876 {
 877         unsigned int tlen, wlen = 0, clen = 0;
 878         struct ar9170_stream *rx_stream;
 879         u8 *tbuf;
 880 
 881         tbuf = buf;
 882         tlen = len;
 883 
 884         while (tlen >= 4) {
 885                 rx_stream = (void *) tbuf;
 886                 clen = le16_to_cpu(rx_stream->length);
 887                 wlen = ALIGN(clen, 4);
 888 
 889                 /* check if this is stream has a valid tag.*/
 890                 if (rx_stream->tag != cpu_to_le16(AR9170_RX_STREAM_TAG)) {
 891                         /*
 892                          * TODO: handle the highly unlikely event that the
 893                          * corrupted stream has the TAG at the right position.
 894                          */
 895 
 896                         /* check if the frame can be repaired. */
 897                         if (!ar->rx_failover_missing) {
 898 
 899                                 /* this is not "short read". */
 900                                 if (net_ratelimit()) {
 901                                         wiphy_err(ar->hw->wiphy,
 902                                                 "missing tag!\n");
 903                                 }
 904 
 905                                 __carl9170_rx(ar, tbuf, tlen);
 906                                 return;
 907                         }
 908 
 909                         if (ar->rx_failover_missing > tlen) {
 910                                 if (net_ratelimit()) {
 911                                         wiphy_err(ar->hw->wiphy,
 912                                                 "possible multi "
 913                                                 "stream corruption!\n");
 914                                         goto err_telluser;
 915                                 } else {
 916                                         goto err_silent;
 917                                 }
 918                         }
 919 
 920                         skb_put_data(ar->rx_failover, tbuf, tlen);
 921                         ar->rx_failover_missing -= tlen;
 922 
 923                         if (ar->rx_failover_missing <= 0) {
 924                                 /*
 925                                  * nested carl9170_rx_stream call!
 926                                  *
 927                                  * termination is guaranteed, even when the
 928                                  * combined frame also have an element with
 929                                  * a bad tag.
 930                                  */
 931 
 932                                 ar->rx_failover_missing = 0;
 933                                 carl9170_rx_stream(ar, ar->rx_failover->data,
 934                                                    ar->rx_failover->len);
 935 
 936                                 skb_reset_tail_pointer(ar->rx_failover);
 937                                 skb_trim(ar->rx_failover, 0);
 938                         }
 939 
 940                         return;
 941                 }
 942 
 943                 /* check if stream is clipped */
 944                 if (wlen > tlen - 4) {
 945                         if (ar->rx_failover_missing) {
 946                                 /* TODO: handle double stream corruption. */
 947                                 if (net_ratelimit()) {
 948                                         wiphy_err(ar->hw->wiphy, "double rx "
 949                                                 "stream corruption!\n");
 950                                         goto err_telluser;
 951                                 } else {
 952                                         goto err_silent;
 953                                 }
 954                         }
 955 
 956                         /*
 957                          * save incomplete data set.
 958                          * the firmware will resend the missing bits when
 959                          * the rx - descriptor comes round again.
 960                          */
 961 
 962                         skb_put_data(ar->rx_failover, tbuf, tlen);
 963                         ar->rx_failover_missing = clen - tlen;
 964                         return;
 965                 }
 966                 __carl9170_rx(ar, rx_stream->payload, clen);
 967 
 968                 tbuf += wlen + 4;
 969                 tlen -= wlen + 4;
 970         }
 971 
 972         if (tlen) {
 973                 if (net_ratelimit()) {
 974                         wiphy_err(ar->hw->wiphy, "%d bytes of unprocessed "
 975                                 "data left in rx stream!\n", tlen);
 976                 }
 977 
 978                 goto err_telluser;
 979         }
 980 
 981         return;
 982 
 983 err_telluser:
 984         wiphy_err(ar->hw->wiphy, "damaged RX stream data [want:%d, "
 985                 "data:%d, rx:%d, pending:%d ]\n", clen, wlen, tlen,
 986                 ar->rx_failover_missing);
 987 
 988         if (ar->rx_failover_missing)
 989                 print_hex_dump_bytes("rxbuf:", DUMP_PREFIX_OFFSET,
 990                                      ar->rx_failover->data,
 991                                      ar->rx_failover->len);
 992 
 993         print_hex_dump_bytes("stream:", DUMP_PREFIX_OFFSET,
 994                              buf, len);
 995 
 996         wiphy_err(ar->hw->wiphy, "please check your hardware and cables, if "
 997                 "you see this message frequently.\n");
 998 
 999 err_silent:
1000         if (ar->rx_failover_missing) {
1001                 skb_reset_tail_pointer(ar->rx_failover);
1002                 skb_trim(ar->rx_failover, 0);
1003                 ar->rx_failover_missing = 0;
1004         }
1005 }
1006 
1007 void carl9170_rx(struct ar9170 *ar, void *buf, unsigned int len)
1008 {
1009         if (ar->fw.rx_stream)
1010                 carl9170_rx_stream(ar, buf, len);
1011         else
1012                 __carl9170_rx(ar, buf, len);
1013 }
/* [<][>][^][v][top][bottom][index][help] */