root/drivers/net/wimax/i2400m/rx.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. i2400m_report_hook_work
  2. i2400m_report_hook_flush
  3. i2400m_report_hook_queue
  4. i2400m_rx_ctl_ack
  5. i2400m_rx_ctl
  6. i2400m_rx_trace
  7. __i2400m_roq_init
  8. __i2400m_roq_index
  9. __i2400m_roq_nsn
  10. i2400m_roq_log_entry_print
  11. i2400m_roq_log_add
  12. i2400m_roq_log_dump
  13. __i2400m_roq_queue
  14. __i2400m_roq_update_ws
  15. i2400m_roq_reset
  16. i2400m_roq_queue
  17. i2400m_roq_update_ws
  18. i2400m_roq_queue_update_ws
  19. i2400m_rx_roq_destroy
  20. i2400m_rx_edata
  21. i2400m_rx_payload
  22. i2400m_rx_msg_hdr_check
  23. i2400m_rx_pl_descr_check
  24. i2400m_rx
  25. i2400m_unknown_barker
  26. i2400m_rx_setup
  27. i2400m_rx_release

   1 /*
   2  * Intel Wireless WiMAX Connection 2400m
   3  * Handle incoming traffic and deliver it to the control or data planes
   4  *
   5  *
   6  * Copyright (C) 2007-2008 Intel Corporation. All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  *
  12  *   * Redistributions of source code must retain the above copyright
  13  *     notice, this list of conditions and the following disclaimer.
  14  *   * Redistributions in binary form must reproduce the above copyright
  15  *     notice, this list of conditions and the following disclaimer in
  16  *     the documentation and/or other materials provided with the
  17  *     distribution.
  18  *   * Neither the name of Intel Corporation nor the names of its
  19  *     contributors may be used to endorse or promote products derived
  20  *     from this software without specific prior written permission.
  21  *
  22  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  23  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  24  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  25  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  26  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  27  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  28  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  29  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  30  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  31  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  32  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  33  *
  34  *
  35  * Intel Corporation <linux-wimax@intel.com>
  36  * Yanir Lubetkin <yanirx.lubetkin@intel.com>
  37  *  - Initial implementation
  38  * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
  39  *  - Use skb_clone(), break up processing in chunks
  40  *  - Split transport/device specific
  41  *  - Make buffer size dynamic to exert less memory pressure
  42  *  - RX reorder support
  43  *
  44  * This handles the RX path.
  45  *
  46  * We receive an RX message from the bus-specific driver, which
  47  * contains one or more payloads that have potentially different
  48  * destinataries (data or control paths).
  49  *
  50  * So we just take that payload from the transport specific code in
  51  * the form of an skb, break it up in chunks (a cloned skb each in the
  52  * case of network packets) and pass it to netdev or to the
  53  * command/ack handler (and from there to the WiMAX stack).
  54  *
  55  * PROTOCOL FORMAT
  56  *
  57  * The format of the buffer is:
  58  *
  59  * HEADER                      (struct i2400m_msg_hdr)
  60  * PAYLOAD DESCRIPTOR 0        (struct i2400m_pld)
  61  * PAYLOAD DESCRIPTOR 1
  62  * ...
  63  * PAYLOAD DESCRIPTOR N
  64  * PAYLOAD 0                   (raw bytes)
  65  * PAYLOAD 1
  66  * ...
  67  * PAYLOAD N
  68  *
  69  * See tx.c for a deeper description on alignment requirements and
  70  * other fun facts of it.
  71  *
  72  * DATA PACKETS
  73  *
  74  * In firmwares <= v1.3, data packets have no header for RX, but they
  75  * do for TX (currently unused).
  76  *
  77  * In firmware >= 1.4, RX packets have an extended header (16
  78  * bytes). This header conveys information for management of host
  79  * reordering of packets (the device offloads storage of the packets
  80  * for reordering to the host). Read below for more information.
  81  *
  82  * The header is used as dummy space to emulate an ethernet header and
  83  * thus be able to act as an ethernet device without having to reallocate.
  84  *
  85  * DATA RX REORDERING
  86  *
  87  * Starting in firmware v1.4, the device can deliver packets for
  88  * delivery with special reordering information; this allows it to
  89  * more effectively do packet management when some frames were lost in
  90  * the radio traffic.
  91  *
  92  * Thus, for RX packets that come out of order, the device gives the
  93  * driver enough information to queue them properly and then at some
  94  * point, the signal to deliver the whole (or part) of the queued
  95  * packets to the networking stack. There are 16 such queues.
  96  *
  97  * This only happens when a packet comes in with the "need reorder"
  98  * flag set in the RX header. When such bit is set, the following
  99  * operations might be indicated:
 100  *
 101  *  - reset queue: send all queued packets to the OS
 102  *
 103  *  - queue: queue a packet
 104  *
 105  *  - update ws: update the queue's window start and deliver queued
 106  *    packets that meet the criteria
 107  *
 108  *  - queue & update ws: queue a packet, update the window start and
 109  *    deliver queued packets that meet the criteria
 110  *
 111  * (delivery criteria: the packet's [normalized] sequence number is
 112  * lower than the new [normalized] window start).
 113  *
 114  * See the i2400m_roq_*() functions for details.
 115  *
 116  * ROADMAP
 117  *
 118  * i2400m_rx
 119  *   i2400m_rx_msg_hdr_check
 120  *   i2400m_rx_pl_descr_check
 121  *   i2400m_rx_payload
 122  *     i2400m_net_rx
 123  *     i2400m_rx_edata
 124  *       i2400m_net_erx
 125  *       i2400m_roq_reset
 126  *         i2400m_net_erx
 127  *       i2400m_roq_queue
 128  *         __i2400m_roq_queue
 129  *       i2400m_roq_update_ws
 130  *         __i2400m_roq_update_ws
 131  *           i2400m_net_erx
 132  *       i2400m_roq_queue_update_ws
 133  *         __i2400m_roq_queue
 134  *         __i2400m_roq_update_ws
 135  *           i2400m_net_erx
 136  *     i2400m_rx_ctl
 137  *       i2400m_msg_size_check
 138  *       i2400m_report_hook_work    [in a workqueue]
 139  *         i2400m_report_hook
 140  *       wimax_msg_to_user
 141  *       i2400m_rx_ctl_ack
 142  *         wimax_msg_to_user_alloc
 143  *     i2400m_rx_trace
 144  *       i2400m_msg_size_check
 145  *       wimax_msg
 146  */
 147 #include <linux/slab.h>
 148 #include <linux/kernel.h>
 149 #include <linux/if_arp.h>
 150 #include <linux/netdevice.h>
 151 #include <linux/workqueue.h>
 152 #include <linux/export.h>
 153 #include <linux/moduleparam.h>
 154 #include "i2400m.h"
 155 
 156 
 157 #define D_SUBMODULE rx
 158 #include "debug-levels.h"
 159 
 160 static int i2400m_rx_reorder_disabled;  /* 0 (rx reorder enabled) by default */
 161 module_param_named(rx_reorder_disabled, i2400m_rx_reorder_disabled, int, 0644);
 162 MODULE_PARM_DESC(rx_reorder_disabled,
 163                  "If true, RX reordering will be disabled.");
 164 
 165 struct i2400m_report_hook_args {
 166         struct sk_buff *skb_rx;
 167         const struct i2400m_l3l4_hdr *l3l4_hdr;
 168         size_t size;
 169         struct list_head list_node;
 170 };
 171 
 172 
 173 /*
 174  * Execute i2400m_report_hook in a workqueue
 175  *
 176  * Goes over the list of queued reports in i2400m->rx_reports and
 177  * processes them.
 178  *
 179  * NOTE: refcounts on i2400m are not needed because we flush the
 180  *     workqueue this runs on (i2400m->work_queue) before destroying
 181  *     i2400m.
 182  */
 183 void i2400m_report_hook_work(struct work_struct *ws)
 184 {
 185         struct i2400m *i2400m = container_of(ws, struct i2400m, rx_report_ws);
 186         struct device *dev = i2400m_dev(i2400m);
 187         struct i2400m_report_hook_args *args, *args_next;
 188         LIST_HEAD(list);
 189         unsigned long flags;
 190 
 191         while (1) {
 192                 spin_lock_irqsave(&i2400m->rx_lock, flags);
 193                 list_splice_init(&i2400m->rx_reports, &list);
 194                 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
 195                 if (list_empty(&list))
 196                         break;
 197                 else
 198                         d_printf(1, dev, "processing queued reports\n");
 199                 list_for_each_entry_safe(args, args_next, &list, list_node) {
 200                         d_printf(2, dev, "processing queued report %p\n", args);
 201                         i2400m_report_hook(i2400m, args->l3l4_hdr, args->size);
 202                         kfree_skb(args->skb_rx);
 203                         list_del(&args->list_node);
 204                         kfree(args);
 205                 }
 206         }
 207 }
 208 
 209 
 210 /*
 211  * Flush the list of queued reports
 212  */
 213 static
 214 void i2400m_report_hook_flush(struct i2400m *i2400m)
 215 {
 216         struct device *dev = i2400m_dev(i2400m);
 217         struct i2400m_report_hook_args *args, *args_next;
 218         LIST_HEAD(list);
 219         unsigned long flags;
 220 
 221         d_printf(1, dev, "flushing queued reports\n");
 222         spin_lock_irqsave(&i2400m->rx_lock, flags);
 223         list_splice_init(&i2400m->rx_reports, &list);
 224         spin_unlock_irqrestore(&i2400m->rx_lock, flags);
 225         list_for_each_entry_safe(args, args_next, &list, list_node) {
 226                 d_printf(2, dev, "flushing queued report %p\n", args);
 227                 kfree_skb(args->skb_rx);
 228                 list_del(&args->list_node);
 229                 kfree(args);
 230         }
 231 }
 232 
 233 
 234 /*
 235  * Queue a report for later processing
 236  *
 237  * @i2400m: device descriptor
 238  * @skb_rx: skb that contains the payload (for reference counting)
 239  * @l3l4_hdr: pointer to the control
 240  * @size: size of the message
 241  */
 242 static
 243 void i2400m_report_hook_queue(struct i2400m *i2400m, struct sk_buff *skb_rx,
 244                               const void *l3l4_hdr, size_t size)
 245 {
 246         struct device *dev = i2400m_dev(i2400m);
 247         unsigned long flags;
 248         struct i2400m_report_hook_args *args;
 249 
 250         args = kzalloc(sizeof(*args), GFP_NOIO);
 251         if (args) {
 252                 args->skb_rx = skb_get(skb_rx);
 253                 args->l3l4_hdr = l3l4_hdr;
 254                 args->size = size;
 255                 spin_lock_irqsave(&i2400m->rx_lock, flags);
 256                 list_add_tail(&args->list_node, &i2400m->rx_reports);
 257                 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
 258                 d_printf(2, dev, "queued report %p\n", args);
 259                 rmb();          /* see i2400m->ready's documentation  */
 260                 if (likely(i2400m->ready))      /* only send if up */
 261                         queue_work(i2400m->work_queue, &i2400m->rx_report_ws);
 262         } else  {
 263                 if (printk_ratelimit())
 264                         dev_err(dev, "%s:%u: Can't allocate %zu B\n",
 265                                 __func__, __LINE__, sizeof(*args));
 266         }
 267 }
 268 
 269 
 270 /*
 271  * Process an ack to a command
 272  *
 273  * @i2400m: device descriptor
 274  * @payload: pointer to message
 275  * @size: size of the message
 276  *
 277  * Pass the acknodledgment (in an skb) to the thread that is waiting
 278  * for it in i2400m->msg_completion.
 279  *
 280  * We need to coordinate properly with the thread waiting for the
 281  * ack. Check if it is waiting or if it is gone. We loose the spinlock
 282  * to avoid allocating on atomic contexts (yeah, could use GFP_ATOMIC,
 283  * but this is not so speed critical).
 284  */
 285 static
 286 void i2400m_rx_ctl_ack(struct i2400m *i2400m,
 287                        const void *payload, size_t size)
 288 {
 289         struct device *dev = i2400m_dev(i2400m);
 290         struct wimax_dev *wimax_dev = &i2400m->wimax_dev;
 291         unsigned long flags;
 292         struct sk_buff *ack_skb;
 293 
 294         /* Anyone waiting for an answer? */
 295         spin_lock_irqsave(&i2400m->rx_lock, flags);
 296         if (i2400m->ack_skb != ERR_PTR(-EINPROGRESS)) {
 297                 dev_err(dev, "Huh? reply to command with no waiters\n");
 298                 goto error_no_waiter;
 299         }
 300         spin_unlock_irqrestore(&i2400m->rx_lock, flags);
 301 
 302         ack_skb = wimax_msg_alloc(wimax_dev, NULL, payload, size, GFP_KERNEL);
 303 
 304         /* Check waiter didn't time out waiting for the answer... */
 305         spin_lock_irqsave(&i2400m->rx_lock, flags);
 306         if (i2400m->ack_skb != ERR_PTR(-EINPROGRESS)) {
 307                 d_printf(1, dev, "Huh? waiter for command reply cancelled\n");
 308                 goto error_waiter_cancelled;
 309         }
 310         if (IS_ERR(ack_skb))
 311                 dev_err(dev, "CMD/GET/SET ack: cannot allocate SKB\n");
 312         i2400m->ack_skb = ack_skb;
 313         spin_unlock_irqrestore(&i2400m->rx_lock, flags);
 314         complete(&i2400m->msg_completion);
 315         return;
 316 
 317 error_waiter_cancelled:
 318         if (!IS_ERR(ack_skb))
 319                 kfree_skb(ack_skb);
 320 error_no_waiter:
 321         spin_unlock_irqrestore(&i2400m->rx_lock, flags);
 322 }
 323 
 324 
 325 /*
 326  * Receive and process a control payload
 327  *
 328  * @i2400m: device descriptor
 329  * @skb_rx: skb that contains the payload (for reference counting)
 330  * @payload: pointer to message
 331  * @size: size of the message
 332  *
 333  * There are two types of control RX messages: reports (asynchronous,
 334  * like your every day interrupts) and 'acks' (reponses to a command,
 335  * get or set request).
 336  *
 337  * If it is a report, we run hooks on it (to extract information for
 338  * things we need to do in the driver) and then pass it over to the
 339  * WiMAX stack to send it to user space.
 340  *
 341  * NOTE: report processing is done in a workqueue specific to the
 342  *     generic driver, to avoid deadlocks in the system.
 343  *
 344  * If it is not a report, it is an ack to a previously executed
 345  * command, set or get, so wake up whoever is waiting for it from
 346  * i2400m_msg_to_dev(). i2400m_rx_ctl_ack() takes care of that.
 347  *
 348  * Note that the sizes we pass to other functions from here are the
 349  * sizes of the _l3l4_hdr + payload, not full buffer sizes, as we have
 350  * verified in _msg_size_check() that they are congruent.
 351  *
 352  * For reports: We can't clone the original skb where the data is
 353  * because we need to send this up via netlink; netlink has to add
 354  * headers and we can't overwrite what's preceding the payload...as
 355  * it is another message. So we just dup them.
 356  */
 357 static
 358 void i2400m_rx_ctl(struct i2400m *i2400m, struct sk_buff *skb_rx,
 359                    const void *payload, size_t size)
 360 {
 361         int result;
 362         struct device *dev = i2400m_dev(i2400m);
 363         const struct i2400m_l3l4_hdr *l3l4_hdr = payload;
 364         unsigned msg_type;
 365 
 366         result = i2400m_msg_size_check(i2400m, l3l4_hdr, size);
 367         if (result < 0) {
 368                 dev_err(dev, "HW BUG? device sent a bad message: %d\n",
 369                         result);
 370                 goto error_check;
 371         }
 372         msg_type = le16_to_cpu(l3l4_hdr->type);
 373         d_printf(1, dev, "%s 0x%04x: %zu bytes\n",
 374                  msg_type & I2400M_MT_REPORT_MASK ? "REPORT" : "CMD/SET/GET",
 375                  msg_type, size);
 376         d_dump(2, dev, l3l4_hdr, size);
 377         if (msg_type & I2400M_MT_REPORT_MASK) {
 378                 /*
 379                  * Process each report
 380                  *
 381                  * - has to be ran serialized as well
 382                  *
 383                  * - the handling might force the execution of
 384                  *   commands. That might cause reentrancy issues with
 385                  *   bus-specific subdrivers and workqueues, so the we
 386                  *   run it in a separate workqueue.
 387                  *
 388                  * - when the driver is not yet ready to handle them,
 389                  *   they are queued and at some point the queue is
 390                  *   restarted [NOTE: we can't queue SKBs directly, as
 391                  *   this might be a piece of a SKB, not the whole
 392                  *   thing, and this is cheaper than cloning the
 393                  *   SKB].
 394                  *
 395                  * Note we don't do refcounting for the device
 396                  * structure; this is because before destroying
 397                  * 'i2400m', we make sure to flush the
 398                  * i2400m->work_queue, so there are no issues.
 399                  */
 400                 i2400m_report_hook_queue(i2400m, skb_rx, l3l4_hdr, size);
 401                 if (unlikely(i2400m->trace_msg_from_user))
 402                         wimax_msg(&i2400m->wimax_dev, "echo",
 403                                   l3l4_hdr, size, GFP_KERNEL);
 404                 result = wimax_msg(&i2400m->wimax_dev, NULL, l3l4_hdr, size,
 405                                    GFP_KERNEL);
 406                 if (result < 0)
 407                         dev_err(dev, "error sending report to userspace: %d\n",
 408                                 result);
 409         } else          /* an ack to a CMD, GET or SET */
 410                 i2400m_rx_ctl_ack(i2400m, payload, size);
 411 error_check:
 412         return;
 413 }
 414 
 415 
 416 /*
 417  * Receive and send up a trace
 418  *
 419  * @i2400m: device descriptor
 420  * @skb_rx: skb that contains the trace (for reference counting)
 421  * @payload: pointer to trace message inside the skb
 422  * @size: size of the message
 423  *
 424  * THe i2400m might produce trace information (diagnostics) and we
 425  * send them through a different kernel-to-user pipe (to avoid
 426  * clogging it).
 427  *
 428  * As in i2400m_rx_ctl(), we can't clone the original skb where the
 429  * data is because we need to send this up via netlink; netlink has to
 430  * add headers and we can't overwrite what's preceding the
 431  * payload...as it is another message. So we just dup them.
 432  */
 433 static
 434 void i2400m_rx_trace(struct i2400m *i2400m,
 435                      const void *payload, size_t size)
 436 {
 437         int result;
 438         struct device *dev = i2400m_dev(i2400m);
 439         struct wimax_dev *wimax_dev = &i2400m->wimax_dev;
 440         const struct i2400m_l3l4_hdr *l3l4_hdr = payload;
 441         unsigned msg_type;
 442 
 443         result = i2400m_msg_size_check(i2400m, l3l4_hdr, size);
 444         if (result < 0) {
 445                 dev_err(dev, "HW BUG? device sent a bad trace message: %d\n",
 446                         result);
 447                 goto error_check;
 448         }
 449         msg_type = le16_to_cpu(l3l4_hdr->type);
 450         d_printf(1, dev, "Trace %s 0x%04x: %zu bytes\n",
 451                  msg_type & I2400M_MT_REPORT_MASK ? "REPORT" : "CMD/SET/GET",
 452                  msg_type, size);
 453         d_dump(2, dev, l3l4_hdr, size);
 454         result = wimax_msg(wimax_dev, "trace", l3l4_hdr, size, GFP_KERNEL);
 455         if (result < 0)
 456                 dev_err(dev, "error sending trace to userspace: %d\n",
 457                         result);
 458 error_check:
 459         return;
 460 }
 461 
 462 
 463 /*
 464  * Reorder queue data stored on skb->cb while the skb is queued in the
 465  * reorder queues.
 466  */
 467 struct i2400m_roq_data {
 468         unsigned sn;            /* Serial number for the skb */
 469         enum i2400m_cs cs;      /* packet type for the skb */
 470 };
 471 
 472 
 473 /*
 474  * ReOrder Queue
 475  *
 476  * @ws: Window Start; sequence number where the current window start
 477  *     is for this queue
 478  * @queue: the skb queue itself
 479  * @log: circular ring buffer used to log information about the
 480  *     reorder process in this queue that can be displayed in case of
 481  *     error to help diagnose it.
 482  *
 483  * This is the head for a list of skbs. In the skb->cb member of the
 484  * skb when queued here contains a 'struct i2400m_roq_data' were we
 485  * store the sequence number (sn) and the cs (packet type) coming from
 486  * the RX payload header from the device.
 487  */
 488 struct i2400m_roq
 489 {
 490         unsigned ws;
 491         struct sk_buff_head queue;
 492         struct i2400m_roq_log *log;
 493 };
 494 
 495 
 496 static
 497 void __i2400m_roq_init(struct i2400m_roq *roq)
 498 {
 499         roq->ws = 0;
 500         skb_queue_head_init(&roq->queue);
 501 }
 502 
 503 
 504 static
 505 unsigned __i2400m_roq_index(struct i2400m *i2400m, struct i2400m_roq *roq)
 506 {
 507         return ((unsigned long) roq - (unsigned long) i2400m->rx_roq)
 508                 / sizeof(*roq);
 509 }
 510 
 511 
 512 /*
 513  * Normalize a sequence number based on the queue's window start
 514  *
 515  * nsn = (sn - ws) % 2048
 516  *
 517  * Note that if @sn < @roq->ws, we still need a positive number; %'s
 518  * sign is implementation specific, so we normalize it by adding 2048
 519  * to bring it to be positive.
 520  */
 521 static
 522 unsigned __i2400m_roq_nsn(struct i2400m_roq *roq, unsigned sn)
 523 {
 524         int r;
 525         r =  ((int) sn - (int) roq->ws) % 2048;
 526         if (r < 0)
 527                 r += 2048;
 528         return r;
 529 }
 530 
 531 
 532 /*
 533  * Circular buffer to keep the last N reorder operations
 534  *
 535  * In case something fails, dumb then to try to come up with what
 536  * happened.
 537  */
 538 enum {
 539         I2400M_ROQ_LOG_LENGTH = 32,
 540 };
 541 
 542 struct i2400m_roq_log {
 543         struct i2400m_roq_log_entry {
 544                 enum i2400m_ro_type type;
 545                 unsigned ws, count, sn, nsn, new_ws;
 546         } entry[I2400M_ROQ_LOG_LENGTH];
 547         unsigned in, out;
 548 };
 549 
 550 
 551 /* Print a log entry */
 552 static
 553 void i2400m_roq_log_entry_print(struct i2400m *i2400m, unsigned index,
 554                                 unsigned e_index,
 555                                 struct i2400m_roq_log_entry *e)
 556 {
 557         struct device *dev = i2400m_dev(i2400m);
 558 
 559         switch(e->type) {
 560         case I2400M_RO_TYPE_RESET:
 561                 dev_err(dev, "q#%d reset           ws %u cnt %u sn %u/%u"
 562                         " - new nws %u\n",
 563                         index, e->ws, e->count, e->sn, e->nsn, e->new_ws);
 564                 break;
 565         case I2400M_RO_TYPE_PACKET:
 566                 dev_err(dev, "q#%d queue           ws %u cnt %u sn %u/%u\n",
 567                         index, e->ws, e->count, e->sn, e->nsn);
 568                 break;
 569         case I2400M_RO_TYPE_WS:
 570                 dev_err(dev, "q#%d update_ws       ws %u cnt %u sn %u/%u"
 571                         " - new nws %u\n",
 572                         index, e->ws, e->count, e->sn, e->nsn, e->new_ws);
 573                 break;
 574         case I2400M_RO_TYPE_PACKET_WS:
 575                 dev_err(dev, "q#%d queue_update_ws ws %u cnt %u sn %u/%u"
 576                         " - new nws %u\n",
 577                         index, e->ws, e->count, e->sn, e->nsn, e->new_ws);
 578                 break;
 579         default:
 580                 dev_err(dev, "q#%d BUG? entry %u - unknown type %u\n",
 581                         index, e_index, e->type);
 582                 break;
 583         }
 584 }
 585 
 586 
 587 static
 588 void i2400m_roq_log_add(struct i2400m *i2400m,
 589                         struct i2400m_roq *roq, enum i2400m_ro_type type,
 590                         unsigned ws, unsigned count, unsigned sn,
 591                         unsigned nsn, unsigned new_ws)
 592 {
 593         struct i2400m_roq_log_entry *e;
 594         unsigned cnt_idx;
 595         int index = __i2400m_roq_index(i2400m, roq);
 596 
 597         /* if we run out of space, we eat from the end */
 598         if (roq->log->in - roq->log->out == I2400M_ROQ_LOG_LENGTH)
 599                 roq->log->out++;
 600         cnt_idx = roq->log->in++ % I2400M_ROQ_LOG_LENGTH;
 601         e = &roq->log->entry[cnt_idx];
 602 
 603         e->type = type;
 604         e->ws = ws;
 605         e->count = count;
 606         e->sn = sn;
 607         e->nsn = nsn;
 608         e->new_ws = new_ws;
 609 
 610         if (d_test(1))
 611                 i2400m_roq_log_entry_print(i2400m, index, cnt_idx, e);
 612 }
 613 
 614 
 615 /* Dump all the entries in the FIFO and reinitialize it */
 616 static
 617 void i2400m_roq_log_dump(struct i2400m *i2400m, struct i2400m_roq *roq)
 618 {
 619         unsigned cnt, cnt_idx;
 620         struct i2400m_roq_log_entry *e;
 621         int index = __i2400m_roq_index(i2400m, roq);
 622 
 623         BUG_ON(roq->log->out > roq->log->in);
 624         for (cnt = roq->log->out; cnt < roq->log->in; cnt++) {
 625                 cnt_idx = cnt % I2400M_ROQ_LOG_LENGTH;
 626                 e = &roq->log->entry[cnt_idx];
 627                 i2400m_roq_log_entry_print(i2400m, index, cnt_idx, e);
 628                 memset(e, 0, sizeof(*e));
 629         }
 630         roq->log->in = roq->log->out = 0;
 631 }
 632 
 633 
 634 /*
 635  * Backbone for the queuing of an skb (by normalized sequence number)
 636  *
 637  * @i2400m: device descriptor
 638  * @roq: reorder queue where to add
 639  * @skb: the skb to add
 640  * @sn: the sequence number of the skb
 641  * @nsn: the normalized sequence number of the skb (pre-computed by the
 642  *     caller from the @sn and @roq->ws).
 643  *
 644  * We try first a couple of quick cases:
 645  *
 646  *   - the queue is empty
 647  *   - the skb would be appended to the queue
 648  *
 649  * These will be the most common operations.
 650  *
 651  * If these fail, then we have to do a sorted insertion in the queue,
 652  * which is the slowest path.
 653  *
 654  * We don't have to acquire a reference count as we are going to own it.
 655  */
 656 static
 657 void __i2400m_roq_queue(struct i2400m *i2400m, struct i2400m_roq *roq,
 658                         struct sk_buff *skb, unsigned sn, unsigned nsn)
 659 {
 660         struct device *dev = i2400m_dev(i2400m);
 661         struct sk_buff *skb_itr;
 662         struct i2400m_roq_data *roq_data_itr, *roq_data;
 663         unsigned nsn_itr;
 664 
 665         d_fnstart(4, dev, "(i2400m %p roq %p skb %p sn %u nsn %u)\n",
 666                   i2400m, roq, skb, sn, nsn);
 667 
 668         roq_data = (struct i2400m_roq_data *) &skb->cb;
 669         BUILD_BUG_ON(sizeof(*roq_data) > sizeof(skb->cb));
 670         roq_data->sn = sn;
 671         d_printf(3, dev, "ERX: roq %p [ws %u] nsn %d sn %u\n",
 672                  roq, roq->ws, nsn, roq_data->sn);
 673 
 674         /* Queues will be empty on not-so-bad environments, so try
 675          * that first */
 676         if (skb_queue_empty(&roq->queue)) {
 677                 d_printf(2, dev, "ERX: roq %p - first one\n", roq);
 678                 __skb_queue_head(&roq->queue, skb);
 679                 goto out;
 680         }
 681         /* Now try append, as most of the operations will be that */
 682         skb_itr = skb_peek_tail(&roq->queue);
 683         roq_data_itr = (struct i2400m_roq_data *) &skb_itr->cb;
 684         nsn_itr = __i2400m_roq_nsn(roq, roq_data_itr->sn);
 685         /* NSN bounds assumed correct (checked when it was queued) */
 686         if (nsn >= nsn_itr) {
 687                 d_printf(2, dev, "ERX: roq %p - appended after %p (nsn %d sn %u)\n",
 688                          roq, skb_itr, nsn_itr, roq_data_itr->sn);
 689                 __skb_queue_tail(&roq->queue, skb);
 690                 goto out;
 691         }
 692         /* None of the fast paths option worked. Iterate to find the
 693          * right spot where to insert the packet; we know the queue is
 694          * not empty, so we are not the first ones; we also know we
 695          * are not going to be the last ones. The list is sorted, so
 696          * we have to insert before the the first guy with an nsn_itr
 697          * greater that our nsn. */
 698         skb_queue_walk(&roq->queue, skb_itr) {
 699                 roq_data_itr = (struct i2400m_roq_data *) &skb_itr->cb;
 700                 nsn_itr = __i2400m_roq_nsn(roq, roq_data_itr->sn);
 701                 /* NSN bounds assumed correct (checked when it was queued) */
 702                 if (nsn_itr > nsn) {
 703                         d_printf(2, dev, "ERX: roq %p - queued before %p "
 704                                  "(nsn %d sn %u)\n", roq, skb_itr, nsn_itr,
 705                                  roq_data_itr->sn);
 706                         __skb_queue_before(&roq->queue, skb_itr, skb);
 707                         goto out;
 708                 }
 709         }
 710         /* If we get here, that is VERY bad -- print info to help
 711          * diagnose and crash it */
 712         dev_err(dev, "SW BUG? failed to insert packet\n");
 713         dev_err(dev, "ERX: roq %p [ws %u] skb %p nsn %d sn %u\n",
 714                 roq, roq->ws, skb, nsn, roq_data->sn);
 715         skb_queue_walk(&roq->queue, skb_itr) {
 716                 roq_data_itr = (struct i2400m_roq_data *) &skb_itr->cb;
 717                 nsn_itr = __i2400m_roq_nsn(roq, roq_data_itr->sn);
 718                 /* NSN bounds assumed correct (checked when it was queued) */
 719                 dev_err(dev, "ERX: roq %p skb_itr %p nsn %d sn %u\n",
 720                         roq, skb_itr, nsn_itr, roq_data_itr->sn);
 721         }
 722         BUG();
 723 out:
 724         d_fnend(4, dev, "(i2400m %p roq %p skb %p sn %u nsn %d) = void\n",
 725                 i2400m, roq, skb, sn, nsn);
 726 }
 727 
 728 
 729 /*
 730  * Backbone for the update window start operation
 731  *
 732  * @i2400m: device descriptor
 733  * @roq: Reorder queue
 734  * @sn: New sequence number
 735  *
 736  * Updates the window start of a queue; when doing so, it must deliver
 737  * to the networking stack all the queued skb's whose normalized
 738  * sequence number is lower than the new normalized window start.
 739  */
 740 static
 741 unsigned __i2400m_roq_update_ws(struct i2400m *i2400m, struct i2400m_roq *roq,
 742                                 unsigned sn)
 743 {
 744         struct device *dev = i2400m_dev(i2400m);
 745         struct sk_buff *skb_itr, *tmp_itr;
 746         struct i2400m_roq_data *roq_data_itr;
 747         unsigned new_nws, nsn_itr;
 748 
 749         new_nws = __i2400m_roq_nsn(roq, sn);
 750         /*
 751          * For type 2(update_window_start) rx messages, there is no
 752          * need to check if the normalized sequence number is greater 1023.
 753          * Simply insert and deliver all packets to the host up to the
 754          * window start.
 755          */
 756         skb_queue_walk_safe(&roq->queue, skb_itr, tmp_itr) {
 757                 roq_data_itr = (struct i2400m_roq_data *) &skb_itr->cb;
 758                 nsn_itr = __i2400m_roq_nsn(roq, roq_data_itr->sn);
 759                 /* NSN bounds assumed correct (checked when it was queued) */
 760                 if (nsn_itr < new_nws) {
 761                         d_printf(2, dev, "ERX: roq %p - release skb %p "
 762                                  "(nsn %u/%u new nws %u)\n",
 763                                  roq, skb_itr, nsn_itr, roq_data_itr->sn,
 764                                  new_nws);
 765                         __skb_unlink(skb_itr, &roq->queue);
 766                         i2400m_net_erx(i2400m, skb_itr, roq_data_itr->cs);
 767                 }
 768                 else
 769                         break;  /* rest of packets all nsn_itr > nws */
 770         }
 771         roq->ws = sn;
 772         return new_nws;
 773 }
 774 
 775 
 776 /*
 777  * Reset a queue
 778  *
 779  * @i2400m: device descriptor
 780  * @cin: Queue Index
 781  *
 782  * Deliver all the packets and reset the window-start to zero. Name is
 783  * kind of misleading.
 784  */
 785 static
 786 void i2400m_roq_reset(struct i2400m *i2400m, struct i2400m_roq *roq)
 787 {
 788         struct device *dev = i2400m_dev(i2400m);
 789         struct sk_buff *skb_itr, *tmp_itr;
 790         struct i2400m_roq_data *roq_data_itr;
 791 
 792         d_fnstart(2, dev, "(i2400m %p roq %p)\n", i2400m, roq);
 793         i2400m_roq_log_add(i2400m, roq, I2400M_RO_TYPE_RESET,
 794                              roq->ws, skb_queue_len(&roq->queue),
 795                              ~0, ~0, 0);
 796         skb_queue_walk_safe(&roq->queue, skb_itr, tmp_itr) {
 797                 roq_data_itr = (struct i2400m_roq_data *) &skb_itr->cb;
 798                 d_printf(2, dev, "ERX: roq %p - release skb %p (sn %u)\n",
 799                          roq, skb_itr, roq_data_itr->sn);
 800                 __skb_unlink(skb_itr, &roq->queue);
 801                 i2400m_net_erx(i2400m, skb_itr, roq_data_itr->cs);
 802         }
 803         roq->ws = 0;
 804         d_fnend(2, dev, "(i2400m %p roq %p) = void\n", i2400m, roq);
 805 }
 806 
 807 
 808 /*
 809  * Queue a packet
 810  *
 811  * @i2400m: device descriptor
 812  * @cin: Queue Index
 813  * @skb: containing the packet data
 814  * @fbn: First block number of the packet in @skb
 815  * @lbn: Last block number of the packet in @skb
 816  *
 817  * The hardware is asking the driver to queue a packet for later
 818  * delivery to the networking stack.
 819  */
 820 static
 821 void i2400m_roq_queue(struct i2400m *i2400m, struct i2400m_roq *roq,
 822                       struct sk_buff * skb, unsigned lbn)
 823 {
 824         struct device *dev = i2400m_dev(i2400m);
 825         unsigned nsn, len;
 826 
 827         d_fnstart(2, dev, "(i2400m %p roq %p skb %p lbn %u) = void\n",
 828                   i2400m, roq, skb, lbn);
 829         len = skb_queue_len(&roq->queue);
 830         nsn = __i2400m_roq_nsn(roq, lbn);
 831         if (unlikely(nsn >= 1024)) {
 832                 dev_err(dev, "SW BUG? queue nsn %d (lbn %u ws %u)\n",
 833                         nsn, lbn, roq->ws);
 834                 i2400m_roq_log_dump(i2400m, roq);
 835                 i2400m_reset(i2400m, I2400M_RT_WARM);
 836         } else {
 837                 __i2400m_roq_queue(i2400m, roq, skb, lbn, nsn);
 838                 i2400m_roq_log_add(i2400m, roq, I2400M_RO_TYPE_PACKET,
 839                                      roq->ws, len, lbn, nsn, ~0);
 840         }
 841         d_fnend(2, dev, "(i2400m %p roq %p skb %p lbn %u) = void\n",
 842                 i2400m, roq, skb, lbn);
 843 }
 844 
 845 
 846 /*
 847  * Update the window start in a reorder queue and deliver all skbs
 848  * with a lower window start
 849  *
 850  * @i2400m: device descriptor
 851  * @roq: Reorder queue
 852  * @sn: New sequence number
 853  */
 854 static
 855 void i2400m_roq_update_ws(struct i2400m *i2400m, struct i2400m_roq *roq,
 856                           unsigned sn)
 857 {
 858         struct device *dev = i2400m_dev(i2400m);
 859         unsigned old_ws, nsn, len;
 860 
 861         d_fnstart(2, dev, "(i2400m %p roq %p sn %u)\n", i2400m, roq, sn);
 862         old_ws = roq->ws;
 863         len = skb_queue_len(&roq->queue);
 864         nsn = __i2400m_roq_update_ws(i2400m, roq, sn);
 865         i2400m_roq_log_add(i2400m, roq, I2400M_RO_TYPE_WS,
 866                              old_ws, len, sn, nsn, roq->ws);
 867         d_fnstart(2, dev, "(i2400m %p roq %p sn %u) = void\n", i2400m, roq, sn);
 868 }
 869 
 870 
 871 /*
 872  * Queue a packet and update the window start
 873  *
 874  * @i2400m: device descriptor
 875  * @cin: Queue Index
 876  * @skb: containing the packet data
 877  * @fbn: First block number of the packet in @skb
 878  * @sn: Last block number of the packet in @skb
 879  *
 880  * Note that unlike i2400m_roq_update_ws(), which sets the new window
 881  * start to @sn, in here we'll set it to @sn + 1.
 882  */
 883 static
 884 void i2400m_roq_queue_update_ws(struct i2400m *i2400m, struct i2400m_roq *roq,
 885                                 struct sk_buff * skb, unsigned sn)
 886 {
 887         struct device *dev = i2400m_dev(i2400m);
 888         unsigned nsn, old_ws, len;
 889 
 890         d_fnstart(2, dev, "(i2400m %p roq %p skb %p sn %u)\n",
 891                   i2400m, roq, skb, sn);
 892         len = skb_queue_len(&roq->queue);
 893         nsn = __i2400m_roq_nsn(roq, sn);
 894         /*
 895          * For type 3(queue_update_window_start) rx messages, there is no
 896          * need to check if the normalized sequence number is greater 1023.
 897          * Simply insert and deliver all packets to the host up to the
 898          * window start.
 899          */
 900         old_ws = roq->ws;
 901         /* If the queue is empty, don't bother as we'd queue
 902          * it and immediately unqueue it -- just deliver it.
 903          */
 904         if (len == 0) {
 905                 struct i2400m_roq_data *roq_data;
 906                 roq_data = (struct i2400m_roq_data *) &skb->cb;
 907                 i2400m_net_erx(i2400m, skb, roq_data->cs);
 908         } else
 909                 __i2400m_roq_queue(i2400m, roq, skb, sn, nsn);
 910 
 911         __i2400m_roq_update_ws(i2400m, roq, sn + 1);
 912         i2400m_roq_log_add(i2400m, roq, I2400M_RO_TYPE_PACKET_WS,
 913                            old_ws, len, sn, nsn, roq->ws);
 914 
 915         d_fnend(2, dev, "(i2400m %p roq %p skb %p sn %u) = void\n",
 916                 i2400m, roq, skb, sn);
 917 }
 918 
 919 
 920 /*
 921  * This routine destroys the memory allocated for rx_roq, when no
 922  * other thread is accessing it. Access to rx_roq is refcounted by
 923  * rx_roq_refcount, hence memory allocated must be destroyed when
 924  * rx_roq_refcount becomes zero. This routine gets executed when
 925  * rx_roq_refcount becomes zero.
 926  */
 927 static void i2400m_rx_roq_destroy(struct kref *ref)
 928 {
 929         unsigned itr;
 930         struct i2400m *i2400m
 931                         = container_of(ref, struct i2400m, rx_roq_refcount);
 932         for (itr = 0; itr < I2400M_RO_CIN + 1; itr++)
 933                 __skb_queue_purge(&i2400m->rx_roq[itr].queue);
 934         kfree(i2400m->rx_roq[0].log);
 935         kfree(i2400m->rx_roq);
 936         i2400m->rx_roq = NULL;
 937 }
 938 
 939 /*
 940  * Receive and send up an extended data packet
 941  *
 942  * @i2400m: device descriptor
 943  * @skb_rx: skb that contains the extended data packet
 944  * @single_last: 1 if the payload is the only one or the last one of
 945  *     the skb.
 946  * @payload: pointer to the packet's data inside the skb
 947  * @size: size of the payload
 948  *
 949  * Starting in v1.4 of the i2400m's firmware, the device can send data
 950  * packets to the host in an extended format that; this incudes a 16
 951  * byte header (struct i2400m_pl_edata_hdr). Using this header's space
 952  * we can fake ethernet headers for ethernet device emulation without
 953  * having to copy packets around.
 954  *
 955  * This function handles said path.
 956  *
 957  *
 958  * Receive and send up an extended data packet that requires no reordering
 959  *
 960  * @i2400m: device descriptor
 961  * @skb_rx: skb that contains the extended data packet
 962  * @single_last: 1 if the payload is the only one or the last one of
 963  *     the skb.
 964  * @payload: pointer to the packet's data (past the actual extended
 965  *     data payload header).
 966  * @size: size of the payload
 967  *
 968  * Pass over to the networking stack a data packet that might have
 969  * reordering requirements.
 970  *
 971  * This needs to the decide if the skb in which the packet is
 972  * contained can be reused or if it needs to be cloned. Then it has to
 973  * be trimmed in the edges so that the beginning is the space for eth
 974  * header and then pass it to i2400m_net_erx() for the stack
 975  *
 976  * Assumes the caller has verified the sanity of the payload (size,
 977  * etc) already.
 978  */
 979 static
 980 void i2400m_rx_edata(struct i2400m *i2400m, struct sk_buff *skb_rx,
 981                      unsigned single_last, const void *payload, size_t size)
 982 {
 983         struct device *dev = i2400m_dev(i2400m);
 984         const struct i2400m_pl_edata_hdr *hdr = payload;
 985         struct net_device *net_dev = i2400m->wimax_dev.net_dev;
 986         struct sk_buff *skb;
 987         enum i2400m_cs cs;
 988         u32 reorder;
 989         unsigned ro_needed, ro_type, ro_cin, ro_sn;
 990         struct i2400m_roq *roq;
 991         struct i2400m_roq_data *roq_data;
 992         unsigned long flags;
 993 
 994         BUILD_BUG_ON(ETH_HLEN > sizeof(*hdr));
 995 
 996         d_fnstart(2, dev, "(i2400m %p skb_rx %p single %u payload %p "
 997                   "size %zu)\n", i2400m, skb_rx, single_last, payload, size);
 998         if (size < sizeof(*hdr)) {
 999                 dev_err(dev, "ERX: HW BUG? message with short header (%zu "
1000                         "vs %zu bytes expected)\n", size, sizeof(*hdr));
1001                 goto error;
1002         }
1003 
1004         if (single_last) {
1005                 skb = skb_get(skb_rx);
1006                 d_printf(3, dev, "ERX: skb %p reusing\n", skb);
1007         } else {
1008                 skb = skb_clone(skb_rx, GFP_KERNEL);
1009                 if (skb == NULL) {
1010                         dev_err(dev, "ERX: no memory to clone skb\n");
1011                         net_dev->stats.rx_dropped++;
1012                         goto error_skb_clone;
1013                 }
1014                 d_printf(3, dev, "ERX: skb %p cloned from %p\n", skb, skb_rx);
1015         }
1016         /* now we have to pull and trim so that the skb points to the
1017          * beginning of the IP packet; the netdev part will add the
1018          * ethernet header as needed - we know there is enough space
1019          * because we checked in i2400m_rx_edata(). */
1020         skb_pull(skb, payload + sizeof(*hdr) - (void *) skb->data);
1021         skb_trim(skb, (void *) skb_end_pointer(skb) - payload - sizeof(*hdr));
1022 
1023         reorder = le32_to_cpu(hdr->reorder);
1024         ro_needed = reorder & I2400M_RO_NEEDED;
1025         cs = hdr->cs;
1026         if (ro_needed) {
1027                 ro_type = (reorder >> I2400M_RO_TYPE_SHIFT) & I2400M_RO_TYPE;
1028                 ro_cin = (reorder >> I2400M_RO_CIN_SHIFT) & I2400M_RO_CIN;
1029                 ro_sn = (reorder >> I2400M_RO_SN_SHIFT) & I2400M_RO_SN;
1030 
1031                 spin_lock_irqsave(&i2400m->rx_lock, flags);
1032                 if (i2400m->rx_roq == NULL) {
1033                         kfree_skb(skb); /* rx_roq is already destroyed */
1034                         spin_unlock_irqrestore(&i2400m->rx_lock, flags);
1035                         goto error;
1036                 }
1037                 roq = &i2400m->rx_roq[ro_cin];
1038                 kref_get(&i2400m->rx_roq_refcount);
1039                 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
1040 
1041                 roq_data = (struct i2400m_roq_data *) &skb->cb;
1042                 roq_data->sn = ro_sn;
1043                 roq_data->cs = cs;
1044                 d_printf(2, dev, "ERX: reorder needed: "
1045                          "type %u cin %u [ws %u] sn %u/%u len %zuB\n",
1046                          ro_type, ro_cin, roq->ws, ro_sn,
1047                          __i2400m_roq_nsn(roq, ro_sn), size);
1048                 d_dump(2, dev, payload, size);
1049                 switch(ro_type) {
1050                 case I2400M_RO_TYPE_RESET:
1051                         i2400m_roq_reset(i2400m, roq);
1052                         kfree_skb(skb); /* no data here */
1053                         break;
1054                 case I2400M_RO_TYPE_PACKET:
1055                         i2400m_roq_queue(i2400m, roq, skb, ro_sn);
1056                         break;
1057                 case I2400M_RO_TYPE_WS:
1058                         i2400m_roq_update_ws(i2400m, roq, ro_sn);
1059                         kfree_skb(skb); /* no data here */
1060                         break;
1061                 case I2400M_RO_TYPE_PACKET_WS:
1062                         i2400m_roq_queue_update_ws(i2400m, roq, skb, ro_sn);
1063                         break;
1064                 default:
1065                         dev_err(dev, "HW BUG? unknown reorder type %u\n", ro_type);
1066                 }
1067 
1068                 spin_lock_irqsave(&i2400m->rx_lock, flags);
1069                 kref_put(&i2400m->rx_roq_refcount, i2400m_rx_roq_destroy);
1070                 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
1071         }
1072         else
1073                 i2400m_net_erx(i2400m, skb, cs);
1074 error_skb_clone:
1075 error:
1076         d_fnend(2, dev, "(i2400m %p skb_rx %p single %u payload %p "
1077                 "size %zu) = void\n", i2400m, skb_rx, single_last, payload, size);
1078 }
1079 
1080 
1081 /*
1082  * Act on a received payload
1083  *
1084  * @i2400m: device instance
1085  * @skb_rx: skb where the transaction was received
1086  * @single_last: 1 this is the only payload or the last one (so the
1087  *     skb can be reused instead of cloned).
1088  * @pld: payload descriptor
1089  * @payload: payload data
1090  *
1091  * Upon reception of a payload, look at its guts in the payload
1092  * descriptor and decide what to do with it. If it is a single payload
1093  * skb or if the last skb is a data packet, the skb will be referenced
1094  * and modified (so it doesn't have to be cloned).
1095  */
1096 static
1097 void i2400m_rx_payload(struct i2400m *i2400m, struct sk_buff *skb_rx,
1098                        unsigned single_last, const struct i2400m_pld *pld,
1099                        const void *payload)
1100 {
1101         struct device *dev = i2400m_dev(i2400m);
1102         size_t pl_size = i2400m_pld_size(pld);
1103         enum i2400m_pt pl_type = i2400m_pld_type(pld);
1104 
1105         d_printf(7, dev, "RX: received payload type %u, %zu bytes\n",
1106                  pl_type, pl_size);
1107         d_dump(8, dev, payload, pl_size);
1108 
1109         switch (pl_type) {
1110         case I2400M_PT_DATA:
1111                 d_printf(3, dev, "RX: data payload %zu bytes\n", pl_size);
1112                 i2400m_net_rx(i2400m, skb_rx, single_last, payload, pl_size);
1113                 break;
1114         case I2400M_PT_CTRL:
1115                 i2400m_rx_ctl(i2400m, skb_rx, payload, pl_size);
1116                 break;
1117         case I2400M_PT_TRACE:
1118                 i2400m_rx_trace(i2400m, payload, pl_size);
1119                 break;
1120         case I2400M_PT_EDATA:
1121                 d_printf(3, dev, "ERX: data payload %zu bytes\n", pl_size);
1122                 i2400m_rx_edata(i2400m, skb_rx, single_last, payload, pl_size);
1123                 break;
1124         default:        /* Anything else shouldn't come to the host */
1125                 if (printk_ratelimit())
1126                         dev_err(dev, "RX: HW BUG? unexpected payload type %u\n",
1127                                 pl_type);
1128         }
1129 }
1130 
1131 
1132 /*
1133  * Check a received transaction's message header
1134  *
1135  * @i2400m: device descriptor
1136  * @msg_hdr: message header
1137  * @buf_size: size of the received buffer
1138  *
1139  * Check that the declarations done by a RX buffer message header are
1140  * sane and consistent with the amount of data that was received.
1141  */
1142 static
1143 int i2400m_rx_msg_hdr_check(struct i2400m *i2400m,
1144                             const struct i2400m_msg_hdr *msg_hdr,
1145                             size_t buf_size)
1146 {
1147         int result = -EIO;
1148         struct device *dev = i2400m_dev(i2400m);
1149         if (buf_size < sizeof(*msg_hdr)) {
1150                 dev_err(dev, "RX: HW BUG? message with short header (%zu "
1151                         "vs %zu bytes expected)\n", buf_size, sizeof(*msg_hdr));
1152                 goto error;
1153         }
1154         if (msg_hdr->barker != cpu_to_le32(I2400M_D2H_MSG_BARKER)) {
1155                 dev_err(dev, "RX: HW BUG? message received with unknown "
1156                         "barker 0x%08x (buf_size %zu bytes)\n",
1157                         le32_to_cpu(msg_hdr->barker), buf_size);
1158                 goto error;
1159         }
1160         if (msg_hdr->num_pls == 0) {
1161                 dev_err(dev, "RX: HW BUG? zero payload packets in message\n");
1162                 goto error;
1163         }
1164         if (le16_to_cpu(msg_hdr->num_pls) > I2400M_MAX_PLS_IN_MSG) {
1165                 dev_err(dev, "RX: HW BUG? message contains more payload "
1166                         "than maximum; ignoring.\n");
1167                 goto error;
1168         }
1169         result = 0;
1170 error:
1171         return result;
1172 }
1173 
1174 
1175 /*
1176  * Check a payload descriptor against the received data
1177  *
1178  * @i2400m: device descriptor
1179  * @pld: payload descriptor
1180  * @pl_itr: offset (in bytes) in the received buffer the payload is
1181  *          located
1182  * @buf_size: size of the received buffer
1183  *
1184  * Given a payload descriptor (part of a RX buffer), check it is sane
1185  * and that the data it declares fits in the buffer.
1186  */
1187 static
1188 int i2400m_rx_pl_descr_check(struct i2400m *i2400m,
1189                               const struct i2400m_pld *pld,
1190                               size_t pl_itr, size_t buf_size)
1191 {
1192         int result = -EIO;
1193         struct device *dev = i2400m_dev(i2400m);
1194         size_t pl_size = i2400m_pld_size(pld);
1195         enum i2400m_pt pl_type = i2400m_pld_type(pld);
1196 
1197         if (pl_size > i2400m->bus_pl_size_max) {
1198                 dev_err(dev, "RX: HW BUG? payload @%zu: size %zu is "
1199                         "bigger than maximum %zu; ignoring message\n",
1200                         pl_itr, pl_size, i2400m->bus_pl_size_max);
1201                 goto error;
1202         }
1203         if (pl_itr + pl_size > buf_size) {      /* enough? */
1204                 dev_err(dev, "RX: HW BUG? payload @%zu: size %zu "
1205                         "goes beyond the received buffer "
1206                         "size (%zu bytes); ignoring message\n",
1207                         pl_itr, pl_size, buf_size);
1208                 goto error;
1209         }
1210         if (pl_type >= I2400M_PT_ILLEGAL) {
1211                 dev_err(dev, "RX: HW BUG? illegal payload type %u; "
1212                         "ignoring message\n", pl_type);
1213                 goto error;
1214         }
1215         result = 0;
1216 error:
1217         return result;
1218 }
1219 
1220 
1221 /**
1222  * i2400m_rx - Receive a buffer of data from the device
1223  *
1224  * @i2400m: device descriptor
1225  * @skb: skbuff where the data has been received
1226  *
1227  * Parse in a buffer of data that contains an RX message sent from the
1228  * device. See the file header for the format. Run all checks on the
1229  * buffer header, then run over each payload's descriptors, verify
1230  * their consistency and act on each payload's contents.  If
1231  * everything is successful, update the device's statistics.
1232  *
1233  * Note: You need to set the skb to contain only the length of the
1234  * received buffer; for that, use skb_trim(skb, RECEIVED_SIZE).
1235  *
1236  * Returns:
1237  *
1238  * 0 if ok, < 0 errno on error
1239  *
1240  * If ok, this function owns now the skb and the caller DOESN'T have
1241  * to run kfree_skb() on it. However, on error, the caller still owns
1242  * the skb and it is responsible for releasing it.
1243  */
1244 int i2400m_rx(struct i2400m *i2400m, struct sk_buff *skb)
1245 {
1246         int i, result;
1247         struct device *dev = i2400m_dev(i2400m);
1248         const struct i2400m_msg_hdr *msg_hdr;
1249         size_t pl_itr, pl_size;
1250         unsigned long flags;
1251         unsigned num_pls, single_last, skb_len;
1252 
1253         skb_len = skb->len;
1254         d_fnstart(4, dev, "(i2400m %p skb %p [size %u])\n",
1255                   i2400m, skb, skb_len);
1256         msg_hdr = (void *) skb->data;
1257         result = i2400m_rx_msg_hdr_check(i2400m, msg_hdr, skb_len);
1258         if (result < 0)
1259                 goto error_msg_hdr_check;
1260         result = -EIO;
1261         num_pls = le16_to_cpu(msg_hdr->num_pls);
1262         /* Check payload descriptor(s) */
1263         pl_itr = struct_size(msg_hdr, pld, num_pls);
1264         pl_itr = ALIGN(pl_itr, I2400M_PL_ALIGN);
1265         if (pl_itr > skb_len) { /* got all the payload descriptors? */
1266                 dev_err(dev, "RX: HW BUG? message too short (%u bytes) for "
1267                         "%u payload descriptors (%zu each, total %zu)\n",
1268                         skb_len, num_pls, sizeof(msg_hdr->pld[0]), pl_itr);
1269                 goto error_pl_descr_short;
1270         }
1271         /* Walk each payload payload--check we really got it */
1272         for (i = 0; i < num_pls; i++) {
1273                 /* work around old gcc warnings */
1274                 pl_size = i2400m_pld_size(&msg_hdr->pld[i]);
1275                 result = i2400m_rx_pl_descr_check(i2400m, &msg_hdr->pld[i],
1276                                                   pl_itr, skb_len);
1277                 if (result < 0)
1278                         goto error_pl_descr_check;
1279                 single_last = num_pls == 1 || i == num_pls - 1;
1280                 i2400m_rx_payload(i2400m, skb, single_last, &msg_hdr->pld[i],
1281                                   skb->data + pl_itr);
1282                 pl_itr += ALIGN(pl_size, I2400M_PL_ALIGN);
1283                 cond_resched();         /* Don't monopolize */
1284         }
1285         kfree_skb(skb);
1286         /* Update device statistics */
1287         spin_lock_irqsave(&i2400m->rx_lock, flags);
1288         i2400m->rx_pl_num += i;
1289         if (i > i2400m->rx_pl_max)
1290                 i2400m->rx_pl_max = i;
1291         if (i < i2400m->rx_pl_min)
1292                 i2400m->rx_pl_min = i;
1293         i2400m->rx_num++;
1294         i2400m->rx_size_acc += skb_len;
1295         if (skb_len < i2400m->rx_size_min)
1296                 i2400m->rx_size_min = skb_len;
1297         if (skb_len > i2400m->rx_size_max)
1298                 i2400m->rx_size_max = skb_len;
1299         spin_unlock_irqrestore(&i2400m->rx_lock, flags);
1300 error_pl_descr_check:
1301 error_pl_descr_short:
1302 error_msg_hdr_check:
1303         d_fnend(4, dev, "(i2400m %p skb %p [size %u]) = %d\n",
1304                 i2400m, skb, skb_len, result);
1305         return result;
1306 }
1307 EXPORT_SYMBOL_GPL(i2400m_rx);
1308 
1309 
1310 void i2400m_unknown_barker(struct i2400m *i2400m,
1311                            const void *buf, size_t size)
1312 {
1313         struct device *dev = i2400m_dev(i2400m);
1314         char prefix[64];
1315         const __le32 *barker = buf;
1316         dev_err(dev, "RX: HW BUG? unknown barker %08x, "
1317                 "dropping %zu bytes\n", le32_to_cpu(*barker), size);
1318         snprintf(prefix, sizeof(prefix), "%s %s: ",
1319                  dev_driver_string(dev), dev_name(dev));
1320         if (size > 64) {
1321                 print_hex_dump(KERN_ERR, prefix, DUMP_PREFIX_OFFSET,
1322                                8, 4, buf, 64, 0);
1323                 printk(KERN_ERR "%s... (only first 64 bytes "
1324                        "dumped)\n", prefix);
1325         } else
1326                 print_hex_dump(KERN_ERR, prefix, DUMP_PREFIX_OFFSET,
1327                                8, 4, buf, size, 0);
1328 }
1329 EXPORT_SYMBOL(i2400m_unknown_barker);
1330 
1331 
1332 /*
1333  * Initialize the RX queue and infrastructure
1334  *
1335  * This sets up all the RX reordering infrastructures, which will not
1336  * be used if reordering is not enabled or if the firmware does not
1337  * support it. The device is told to do reordering in
1338  * i2400m_dev_initialize(), where it also looks at the value of the
1339  * i2400m->rx_reorder switch before taking a decission.
1340  *
1341  * Note we allocate the roq queues in one chunk and the actual logging
1342  * support for it (logging) in another one and then we setup the
1343  * pointers from the first to the last.
1344  */
1345 int i2400m_rx_setup(struct i2400m *i2400m)
1346 {
1347         int result = 0;
1348 
1349         i2400m->rx_reorder = i2400m_rx_reorder_disabled? 0 : 1;
1350         if (i2400m->rx_reorder) {
1351                 unsigned itr;
1352                 struct i2400m_roq_log *rd;
1353 
1354                 result = -ENOMEM;
1355 
1356                 i2400m->rx_roq = kcalloc(I2400M_RO_CIN + 1,
1357                                          sizeof(i2400m->rx_roq[0]), GFP_KERNEL);
1358                 if (i2400m->rx_roq == NULL)
1359                         goto error_roq_alloc;
1360 
1361                 rd = kcalloc(I2400M_RO_CIN + 1, sizeof(*i2400m->rx_roq[0].log),
1362                              GFP_KERNEL);
1363                 if (rd == NULL) {
1364                         result = -ENOMEM;
1365                         goto error_roq_log_alloc;
1366                 }
1367 
1368                 for(itr = 0; itr < I2400M_RO_CIN + 1; itr++) {
1369                         __i2400m_roq_init(&i2400m->rx_roq[itr]);
1370                         i2400m->rx_roq[itr].log = &rd[itr];
1371                 }
1372                 kref_init(&i2400m->rx_roq_refcount);
1373         }
1374         return 0;
1375 
1376 error_roq_log_alloc:
1377         kfree(i2400m->rx_roq);
1378 error_roq_alloc:
1379         return result;
1380 }
1381 
1382 
1383 /* Tear down the RX queue and infrastructure */
1384 void i2400m_rx_release(struct i2400m *i2400m)
1385 {
1386         unsigned long flags;
1387 
1388         if (i2400m->rx_reorder) {
1389                 spin_lock_irqsave(&i2400m->rx_lock, flags);
1390                 kref_put(&i2400m->rx_roq_refcount, i2400m_rx_roq_destroy);
1391                 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
1392         }
1393         /* at this point, nothing can be received... */
1394         i2400m_report_hook_flush(i2400m);
1395 }

/* [<][>][^][v][top][bottom][index][help] */