• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * NXP Wireless LAN device driver: 802.11n RX Re-ordering
3  *
4  * Copyright 2011-2020 NXP
5  *
6  * This software file (the "File") is distributed by NXP
7  * under the terms of the GNU General Public License Version 2, June 1991
8  * (the "License").  You may use, redistribute and/or modify this File in
9  * accordance with the terms and conditions of the License, a copy of which
10  * is available by writing to the Free Software Foundation, Inc.,
11  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
12  * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
13  *
14  * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
16  * ARE EXPRESSLY DISCLAIMED.  The License provides additional details about
17  * this warranty disclaimer.
18  */
19 
20 #include "decl.h"
21 #include "ioctl.h"
22 #include "util.h"
23 #include "fw.h"
24 #include "main.h"
25 #include "wmm.h"
26 #include "11n.h"
27 #include "11n_rxreorder.h"
28 
29 /* This function will dispatch amsdu packet and forward it to kernel/upper
30  * layer.
31  */
mwifiex_11n_dispatch_amsdu_pkt(struct mwifiex_private * priv,struct sk_buff * skb)32 static int mwifiex_11n_dispatch_amsdu_pkt(struct mwifiex_private *priv,
33 					  struct sk_buff *skb)
34 {
35 	struct rxpd *local_rx_pd = (struct rxpd *)(skb->data);
36 	int ret;
37 
38 	if (le16_to_cpu(local_rx_pd->rx_pkt_type) == PKT_TYPE_AMSDU) {
39 		struct sk_buff_head list;
40 		struct sk_buff *rx_skb;
41 
42 		__skb_queue_head_init(&list);
43 
44 		skb_pull(skb, le16_to_cpu(local_rx_pd->rx_pkt_offset));
45 		skb_trim(skb, le16_to_cpu(local_rx_pd->rx_pkt_length));
46 
47 		ieee80211_amsdu_to_8023s(skb, &list, priv->curr_addr,
48 					 priv->wdev.iftype, 0, NULL, NULL);
49 
50 		while (!skb_queue_empty(&list)) {
51 			struct rx_packet_hdr *rx_hdr;
52 
53 			rx_skb = __skb_dequeue(&list);
54 			rx_hdr = (struct rx_packet_hdr *)rx_skb->data;
55 			if (ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) &&
56 			    ntohs(rx_hdr->eth803_hdr.h_proto) == ETH_P_TDLS) {
57 				mwifiex_process_tdls_action_frame(priv,
58 								  (u8 *)rx_hdr,
59 								  skb->len);
60 			}
61 
62 			if (priv->bss_role == MWIFIEX_BSS_ROLE_UAP)
63 				ret = mwifiex_uap_recv_packet(priv, rx_skb);
64 			else
65 				ret = mwifiex_recv_packet(priv, rx_skb);
66 			if (ret == -1)
67 				mwifiex_dbg(priv->adapter, ERROR,
68 					    "Rx of A-MSDU failed");
69 		}
70 		return 0;
71 	}
72 
73 	return -1;
74 }
75 
76 /* This function will process the rx packet and forward it to kernel/upper
77  * layer.
78  */
mwifiex_11n_dispatch_pkt(struct mwifiex_private * priv,struct sk_buff * payload)79 static int mwifiex_11n_dispatch_pkt(struct mwifiex_private *priv,
80 				    struct sk_buff *payload)
81 {
82 
83 	int ret;
84 
85 	if (!payload) {
86 		mwifiex_dbg(priv->adapter, INFO, "info: fw drop data\n");
87 		return 0;
88 	}
89 
90 	ret = mwifiex_11n_dispatch_amsdu_pkt(priv, payload);
91 	if (!ret)
92 		return 0;
93 
94 	if (priv->bss_role == MWIFIEX_BSS_ROLE_UAP)
95 		return mwifiex_handle_uap_rx_forward(priv, payload);
96 
97 	return mwifiex_process_rx_packet(priv, payload);
98 }
99 
100 /*
101  * This function dispatches all packets in the Rx reorder table until the
102  * start window.
103  *
104  * There could be holes in the buffer, which are skipped by the function.
105  * Since the buffer is linear, the function uses rotation to simulate
106  * circular buffer.
107  */
108 static void
mwifiex_11n_dispatch_pkt_until_start_win(struct mwifiex_private * priv,struct mwifiex_rx_reorder_tbl * tbl,int start_win)109 mwifiex_11n_dispatch_pkt_until_start_win(struct mwifiex_private *priv,
110 					 struct mwifiex_rx_reorder_tbl *tbl,
111 					 int start_win)
112 {
113 	struct sk_buff_head list;
114 	struct sk_buff *skb;
115 	int pkt_to_send, i;
116 
117 	__skb_queue_head_init(&list);
118 	spin_lock_bh(&priv->rx_reorder_tbl_lock);
119 
120 	pkt_to_send = (start_win > tbl->start_win) ?
121 		      min((start_win - tbl->start_win), tbl->win_size) :
122 		      tbl->win_size;
123 
124 	for (i = 0; i < pkt_to_send; ++i) {
125 		if (tbl->rx_reorder_ptr[i]) {
126 			skb = tbl->rx_reorder_ptr[i];
127 			__skb_queue_tail(&list, skb);
128 			tbl->rx_reorder_ptr[i] = NULL;
129 		}
130 	}
131 
132 	/*
133 	 * We don't have a circular buffer, hence use rotation to simulate
134 	 * circular buffer
135 	 */
136 	for (i = 0; i < tbl->win_size - pkt_to_send; ++i) {
137 		tbl->rx_reorder_ptr[i] = tbl->rx_reorder_ptr[pkt_to_send + i];
138 		tbl->rx_reorder_ptr[pkt_to_send + i] = NULL;
139 	}
140 
141 	tbl->start_win = start_win;
142 	spin_unlock_bh(&priv->rx_reorder_tbl_lock);
143 
144 	while ((skb = __skb_dequeue(&list)))
145 		mwifiex_11n_dispatch_pkt(priv, skb);
146 }
147 
148 /*
149  * This function dispatches all packets in the Rx reorder table until
150  * a hole is found.
151  *
152  * The start window is adjusted automatically when a hole is located.
153  * Since the buffer is linear, the function uses rotation to simulate
154  * circular buffer.
155  */
156 static void
mwifiex_11n_scan_and_dispatch(struct mwifiex_private * priv,struct mwifiex_rx_reorder_tbl * tbl)157 mwifiex_11n_scan_and_dispatch(struct mwifiex_private *priv,
158 			      struct mwifiex_rx_reorder_tbl *tbl)
159 {
160 	struct sk_buff_head list;
161 	struct sk_buff *skb;
162 	int i, j, xchg;
163 
164 	__skb_queue_head_init(&list);
165 	spin_lock_bh(&priv->rx_reorder_tbl_lock);
166 
167 	for (i = 0; i < tbl->win_size; ++i) {
168 		if (!tbl->rx_reorder_ptr[i])
169 			break;
170 		skb = tbl->rx_reorder_ptr[i];
171 		__skb_queue_tail(&list, skb);
172 		tbl->rx_reorder_ptr[i] = NULL;
173 	}
174 
175 	/*
176 	 * We don't have a circular buffer, hence use rotation to simulate
177 	 * circular buffer
178 	 */
179 	if (i > 0) {
180 		xchg = tbl->win_size - i;
181 		for (j = 0; j < xchg; ++j) {
182 			tbl->rx_reorder_ptr[j] = tbl->rx_reorder_ptr[i + j];
183 			tbl->rx_reorder_ptr[i + j] = NULL;
184 		}
185 	}
186 	tbl->start_win = (tbl->start_win + i) & (MAX_TID_VALUE - 1);
187 
188 	spin_unlock_bh(&priv->rx_reorder_tbl_lock);
189 
190 	while ((skb = __skb_dequeue(&list)))
191 		mwifiex_11n_dispatch_pkt(priv, skb);
192 }
193 
194 /*
195  * This function deletes the Rx reorder table and frees the memory.
196  *
197  * The function stops the associated timer and dispatches all the
198  * pending packets in the Rx reorder table before deletion.
199  */
200 static void
mwifiex_del_rx_reorder_entry(struct mwifiex_private * priv,struct mwifiex_rx_reorder_tbl * tbl)201 mwifiex_del_rx_reorder_entry(struct mwifiex_private *priv,
202 			     struct mwifiex_rx_reorder_tbl *tbl)
203 {
204 	int start_win;
205 
206 	if (!tbl)
207 		return;
208 
209 	spin_lock_bh(&priv->adapter->rx_proc_lock);
210 	priv->adapter->rx_locked = true;
211 	if (priv->adapter->rx_processing) {
212 		spin_unlock_bh(&priv->adapter->rx_proc_lock);
213 		flush_workqueue(priv->adapter->rx_workqueue);
214 	} else {
215 		spin_unlock_bh(&priv->adapter->rx_proc_lock);
216 	}
217 
218 	start_win = (tbl->start_win + tbl->win_size) & (MAX_TID_VALUE - 1);
219 	mwifiex_11n_dispatch_pkt_until_start_win(priv, tbl, start_win);
220 
221 	del_timer_sync(&tbl->timer_context.timer);
222 	tbl->timer_context.timer_is_set = false;
223 
224 	spin_lock_bh(&priv->rx_reorder_tbl_lock);
225 	list_del(&tbl->list);
226 	spin_unlock_bh(&priv->rx_reorder_tbl_lock);
227 
228 	kfree(tbl->rx_reorder_ptr);
229 	kfree(tbl);
230 
231 	spin_lock_bh(&priv->adapter->rx_proc_lock);
232 	priv->adapter->rx_locked = false;
233 	spin_unlock_bh(&priv->adapter->rx_proc_lock);
234 
235 }
236 
237 /*
238  * This function returns the pointer to an entry in Rx reordering
239  * table which matches the given TA/TID pair.
240  */
241 struct mwifiex_rx_reorder_tbl *
mwifiex_11n_get_rx_reorder_tbl(struct mwifiex_private * priv,int tid,u8 * ta)242 mwifiex_11n_get_rx_reorder_tbl(struct mwifiex_private *priv, int tid, u8 *ta)
243 {
244 	struct mwifiex_rx_reorder_tbl *tbl;
245 
246 	spin_lock_bh(&priv->rx_reorder_tbl_lock);
247 	list_for_each_entry(tbl, &priv->rx_reorder_tbl_ptr, list) {
248 		if (!memcmp(tbl->ta, ta, ETH_ALEN) && tbl->tid == tid) {
249 			spin_unlock_bh(&priv->rx_reorder_tbl_lock);
250 			return tbl;
251 		}
252 	}
253 	spin_unlock_bh(&priv->rx_reorder_tbl_lock);
254 
255 	return NULL;
256 }
257 
258 /* This function retrieves the pointer to an entry in Rx reordering
259  * table which matches the given TA and deletes it.
260  */
mwifiex_11n_del_rx_reorder_tbl_by_ta(struct mwifiex_private * priv,u8 * ta)261 void mwifiex_11n_del_rx_reorder_tbl_by_ta(struct mwifiex_private *priv, u8 *ta)
262 {
263 	struct mwifiex_rx_reorder_tbl *tbl, *tmp;
264 
265 	if (!ta)
266 		return;
267 
268 	spin_lock_bh(&priv->rx_reorder_tbl_lock);
269 	list_for_each_entry_safe(tbl, tmp, &priv->rx_reorder_tbl_ptr, list) {
270 		if (!memcmp(tbl->ta, ta, ETH_ALEN)) {
271 			spin_unlock_bh(&priv->rx_reorder_tbl_lock);
272 			mwifiex_del_rx_reorder_entry(priv, tbl);
273 			spin_lock_bh(&priv->rx_reorder_tbl_lock);
274 		}
275 	}
276 	spin_unlock_bh(&priv->rx_reorder_tbl_lock);
277 
278 	return;
279 }
280 
281 /*
282  * This function finds the last sequence number used in the packets
283  * buffered in Rx reordering table.
284  */
285 static int
mwifiex_11n_find_last_seq_num(struct reorder_tmr_cnxt * ctx)286 mwifiex_11n_find_last_seq_num(struct reorder_tmr_cnxt *ctx)
287 {
288 	struct mwifiex_rx_reorder_tbl *rx_reorder_tbl_ptr = ctx->ptr;
289 	struct mwifiex_private *priv = ctx->priv;
290 	int i;
291 
292 	spin_lock_bh(&priv->rx_reorder_tbl_lock);
293 	for (i = rx_reorder_tbl_ptr->win_size - 1; i >= 0; --i) {
294 		if (rx_reorder_tbl_ptr->rx_reorder_ptr[i]) {
295 			spin_unlock_bh(&priv->rx_reorder_tbl_lock);
296 			return i;
297 		}
298 	}
299 	spin_unlock_bh(&priv->rx_reorder_tbl_lock);
300 
301 	return -1;
302 }
303 
304 /*
305  * This function flushes all the packets in Rx reordering table.
306  *
307  * The function checks if any packets are currently buffered in the
308  * table or not. In case there are packets available, it dispatches
309  * them and then dumps the Rx reordering table.
310  */
311 static void
mwifiex_flush_data(struct timer_list * t)312 mwifiex_flush_data(struct timer_list *t)
313 {
314 	struct reorder_tmr_cnxt *ctx =
315 		from_timer(ctx, t, timer);
316 	int start_win, seq_num;
317 
318 	ctx->timer_is_set = false;
319 	seq_num = mwifiex_11n_find_last_seq_num(ctx);
320 
321 	if (seq_num < 0)
322 		return;
323 
324 	mwifiex_dbg(ctx->priv->adapter, INFO, "info: flush data %d\n", seq_num);
325 	start_win = (ctx->ptr->start_win + seq_num + 1) & (MAX_TID_VALUE - 1);
326 	mwifiex_11n_dispatch_pkt_until_start_win(ctx->priv, ctx->ptr,
327 						 start_win);
328 }
329 
330 /*
331  * This function creates an entry in Rx reordering table for the
332  * given TA/TID.
333  *
334  * The function also initializes the entry with sequence number, window
335  * size as well as initializes the timer.
336  *
337  * If the received TA/TID pair is already present, all the packets are
338  * dispatched and the window size is moved until the SSN.
339  */
340 static void
mwifiex_11n_create_rx_reorder_tbl(struct mwifiex_private * priv,u8 * ta,int tid,int win_size,int seq_num)341 mwifiex_11n_create_rx_reorder_tbl(struct mwifiex_private *priv, u8 *ta,
342 				  int tid, int win_size, int seq_num)
343 {
344 	int i;
345 	struct mwifiex_rx_reorder_tbl *tbl, *new_node;
346 	u16 last_seq = 0;
347 	struct mwifiex_sta_node *node;
348 
349 	/*
350 	 * If we get a TID, ta pair which is already present dispatch all the
351 	 * the packets and move the window size until the ssn
352 	 */
353 	tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, ta);
354 	if (tbl) {
355 		mwifiex_11n_dispatch_pkt_until_start_win(priv, tbl, seq_num);
356 		return;
357 	}
358 	/* if !tbl then create one */
359 	new_node = kzalloc(sizeof(struct mwifiex_rx_reorder_tbl), GFP_KERNEL);
360 	if (!new_node)
361 		return;
362 
363 	INIT_LIST_HEAD(&new_node->list);
364 	new_node->tid = tid;
365 	memcpy(new_node->ta, ta, ETH_ALEN);
366 	new_node->start_win = seq_num;
367 	new_node->init_win = seq_num;
368 	new_node->flags = 0;
369 
370 	spin_lock_bh(&priv->sta_list_spinlock);
371 	if (mwifiex_queuing_ra_based(priv)) {
372 		if (priv->bss_role == MWIFIEX_BSS_ROLE_UAP) {
373 			node = mwifiex_get_sta_entry(priv, ta);
374 			if (node)
375 				last_seq = node->rx_seq[tid];
376 		}
377 	} else {
378 		node = mwifiex_get_sta_entry(priv, ta);
379 		if (node)
380 			last_seq = node->rx_seq[tid];
381 		else
382 			last_seq = priv->rx_seq[tid];
383 	}
384 	spin_unlock_bh(&priv->sta_list_spinlock);
385 
386 	mwifiex_dbg(priv->adapter, INFO,
387 		    "info: last_seq=%d start_win=%d\n",
388 		    last_seq, new_node->start_win);
389 
390 	if (last_seq != MWIFIEX_DEF_11N_RX_SEQ_NUM &&
391 	    last_seq >= new_node->start_win) {
392 		new_node->start_win = last_seq + 1;
393 		new_node->flags |= RXREOR_INIT_WINDOW_SHIFT;
394 	}
395 
396 	new_node->win_size = win_size;
397 
398 	new_node->rx_reorder_ptr = kcalloc(win_size, sizeof(void *),
399 					   GFP_KERNEL);
400 	if (!new_node->rx_reorder_ptr) {
401 		kfree(new_node);
402 		mwifiex_dbg(priv->adapter, ERROR,
403 			    "%s: failed to alloc reorder_ptr\n", __func__);
404 		return;
405 	}
406 
407 	new_node->timer_context.ptr = new_node;
408 	new_node->timer_context.priv = priv;
409 	new_node->timer_context.timer_is_set = false;
410 
411 	timer_setup(&new_node->timer_context.timer, mwifiex_flush_data, 0);
412 
413 	for (i = 0; i < win_size; ++i)
414 		new_node->rx_reorder_ptr[i] = NULL;
415 
416 	spin_lock_bh(&priv->rx_reorder_tbl_lock);
417 	list_add_tail(&new_node->list, &priv->rx_reorder_tbl_ptr);
418 	spin_unlock_bh(&priv->rx_reorder_tbl_lock);
419 }
420 
421 static void
mwifiex_11n_rxreorder_timer_restart(struct mwifiex_rx_reorder_tbl * tbl)422 mwifiex_11n_rxreorder_timer_restart(struct mwifiex_rx_reorder_tbl *tbl)
423 {
424 	u32 min_flush_time;
425 
426 	if (tbl->win_size >= MWIFIEX_BA_WIN_SIZE_32)
427 		min_flush_time = MIN_FLUSH_TIMER_15_MS;
428 	else
429 		min_flush_time = MIN_FLUSH_TIMER_MS;
430 
431 	mod_timer(&tbl->timer_context.timer,
432 		  jiffies + msecs_to_jiffies(min_flush_time * tbl->win_size));
433 
434 	tbl->timer_context.timer_is_set = true;
435 }
436 
437 /*
438  * This function prepares command for adding a BA request.
439  *
440  * Preparation includes -
441  *      - Setting command ID and proper size
442  *      - Setting add BA request buffer
443  *      - Ensuring correct endian-ness
444  */
mwifiex_cmd_11n_addba_req(struct host_cmd_ds_command * cmd,void * data_buf)445 int mwifiex_cmd_11n_addba_req(struct host_cmd_ds_command *cmd, void *data_buf)
446 {
447 	struct host_cmd_ds_11n_addba_req *add_ba_req = &cmd->params.add_ba_req;
448 
449 	cmd->command = cpu_to_le16(HostCmd_CMD_11N_ADDBA_REQ);
450 	cmd->size = cpu_to_le16(sizeof(*add_ba_req) + S_DS_GEN);
451 	memcpy(add_ba_req, data_buf, sizeof(*add_ba_req));
452 
453 	return 0;
454 }
455 
456 /*
457  * This function prepares command for adding a BA response.
458  *
459  * Preparation includes -
460  *      - Setting command ID and proper size
461  *      - Setting add BA response buffer
462  *      - Ensuring correct endian-ness
463  */
mwifiex_cmd_11n_addba_rsp_gen(struct mwifiex_private * priv,struct host_cmd_ds_command * cmd,struct host_cmd_ds_11n_addba_req * cmd_addba_req)464 int mwifiex_cmd_11n_addba_rsp_gen(struct mwifiex_private *priv,
465 				  struct host_cmd_ds_command *cmd,
466 				  struct host_cmd_ds_11n_addba_req
467 				  *cmd_addba_req)
468 {
469 	struct host_cmd_ds_11n_addba_rsp *add_ba_rsp = &cmd->params.add_ba_rsp;
470 	struct mwifiex_sta_node *sta_ptr;
471 	u32 rx_win_size = priv->add_ba_param.rx_win_size;
472 	u8 tid;
473 	int win_size;
474 	uint16_t block_ack_param_set;
475 
476 	if ((GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA) &&
477 	    ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) &&
478 	    priv->adapter->is_hw_11ac_capable &&
479 	    memcmp(priv->cfg_bssid, cmd_addba_req->peer_mac_addr, ETH_ALEN)) {
480 		spin_lock_bh(&priv->sta_list_spinlock);
481 		sta_ptr = mwifiex_get_sta_entry(priv,
482 						cmd_addba_req->peer_mac_addr);
483 		if (!sta_ptr) {
484 			spin_unlock_bh(&priv->sta_list_spinlock);
485 			mwifiex_dbg(priv->adapter, ERROR,
486 				    "BA setup with unknown TDLS peer %pM!\n",
487 				    cmd_addba_req->peer_mac_addr);
488 			return -1;
489 		}
490 		if (sta_ptr->is_11ac_enabled)
491 			rx_win_size = MWIFIEX_11AC_STA_AMPDU_DEF_RXWINSIZE;
492 		spin_unlock_bh(&priv->sta_list_spinlock);
493 	}
494 
495 	cmd->command = cpu_to_le16(HostCmd_CMD_11N_ADDBA_RSP);
496 	cmd->size = cpu_to_le16(sizeof(*add_ba_rsp) + S_DS_GEN);
497 
498 	memcpy(add_ba_rsp->peer_mac_addr, cmd_addba_req->peer_mac_addr,
499 	       ETH_ALEN);
500 	add_ba_rsp->dialog_token = cmd_addba_req->dialog_token;
501 	add_ba_rsp->block_ack_tmo = cmd_addba_req->block_ack_tmo;
502 	add_ba_rsp->ssn = cmd_addba_req->ssn;
503 
504 	block_ack_param_set = le16_to_cpu(cmd_addba_req->block_ack_param_set);
505 	tid = (block_ack_param_set & IEEE80211_ADDBA_PARAM_TID_MASK)
506 		>> BLOCKACKPARAM_TID_POS;
507 	add_ba_rsp->status_code = cpu_to_le16(ADDBA_RSP_STATUS_ACCEPT);
508 	block_ack_param_set &= ~IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK;
509 
510 	/* If we don't support AMSDU inside AMPDU, reset the bit */
511 	if (!priv->add_ba_param.rx_amsdu ||
512 	    (priv->aggr_prio_tbl[tid].amsdu == BA_STREAM_NOT_ALLOWED))
513 		block_ack_param_set &= ~BLOCKACKPARAM_AMSDU_SUPP_MASK;
514 	block_ack_param_set |= rx_win_size << BLOCKACKPARAM_WINSIZE_POS;
515 	add_ba_rsp->block_ack_param_set = cpu_to_le16(block_ack_param_set);
516 	win_size = (le16_to_cpu(add_ba_rsp->block_ack_param_set)
517 					& IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK)
518 					>> BLOCKACKPARAM_WINSIZE_POS;
519 	cmd_addba_req->block_ack_param_set = cpu_to_le16(block_ack_param_set);
520 
521 	mwifiex_11n_create_rx_reorder_tbl(priv, cmd_addba_req->peer_mac_addr,
522 					  tid, win_size,
523 					  le16_to_cpu(cmd_addba_req->ssn));
524 	return 0;
525 }
526 
527 /*
528  * This function prepares command for deleting a BA request.
529  *
530  * Preparation includes -
531  *      - Setting command ID and proper size
532  *      - Setting del BA request buffer
533  *      - Ensuring correct endian-ness
534  */
mwifiex_cmd_11n_delba(struct host_cmd_ds_command * cmd,void * data_buf)535 int mwifiex_cmd_11n_delba(struct host_cmd_ds_command *cmd, void *data_buf)
536 {
537 	struct host_cmd_ds_11n_delba *del_ba = &cmd->params.del_ba;
538 
539 	cmd->command = cpu_to_le16(HostCmd_CMD_11N_DELBA);
540 	cmd->size = cpu_to_le16(sizeof(*del_ba) + S_DS_GEN);
541 	memcpy(del_ba, data_buf, sizeof(*del_ba));
542 
543 	return 0;
544 }
545 
546 /*
547  * This function identifies if Rx reordering is needed for a received packet.
548  *
549  * In case reordering is required, the function will do the reordering
550  * before sending it to kernel.
551  *
552  * The Rx reorder table is checked first with the received TID/TA pair. If
553  * not found, the received packet is dispatched immediately. But if found,
554  * the packet is reordered and all the packets in the updated Rx reordering
555  * table is dispatched until a hole is found.
556  *
557  * For sequence number less than the starting window, the packet is dropped.
558  */
mwifiex_11n_rx_reorder_pkt(struct mwifiex_private * priv,u16 seq_num,u16 tid,u8 * ta,u8 pkt_type,void * payload)559 int mwifiex_11n_rx_reorder_pkt(struct mwifiex_private *priv,
560 				u16 seq_num, u16 tid,
561 				u8 *ta, u8 pkt_type, void *payload)
562 {
563 	struct mwifiex_rx_reorder_tbl *tbl;
564 	int prev_start_win, start_win, end_win, win_size;
565 	u16 pkt_index;
566 	bool init_window_shift = false;
567 	int ret = 0;
568 
569 	tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, ta);
570 	if (!tbl) {
571 		if (pkt_type != PKT_TYPE_BAR)
572 			mwifiex_11n_dispatch_pkt(priv, payload);
573 		return ret;
574 	}
575 
576 	if ((pkt_type == PKT_TYPE_AMSDU) && !tbl->amsdu) {
577 		mwifiex_11n_dispatch_pkt(priv, payload);
578 		return ret;
579 	}
580 
581 	start_win = tbl->start_win;
582 	prev_start_win = start_win;
583 	win_size = tbl->win_size;
584 	end_win = ((start_win + win_size) - 1) & (MAX_TID_VALUE - 1);
585 	if (tbl->flags & RXREOR_INIT_WINDOW_SHIFT) {
586 		init_window_shift = true;
587 		tbl->flags &= ~RXREOR_INIT_WINDOW_SHIFT;
588 	}
589 
590 	if (tbl->flags & RXREOR_FORCE_NO_DROP) {
591 		mwifiex_dbg(priv->adapter, INFO,
592 			    "RXREOR_FORCE_NO_DROP when HS is activated\n");
593 		tbl->flags &= ~RXREOR_FORCE_NO_DROP;
594 	} else if (init_window_shift && seq_num < start_win &&
595 		   seq_num >= tbl->init_win) {
596 		mwifiex_dbg(priv->adapter, INFO,
597 			    "Sender TID sequence number reset %d->%d for SSN %d\n",
598 			    start_win, seq_num, tbl->init_win);
599 		tbl->start_win = start_win = seq_num;
600 		end_win = ((start_win + win_size) - 1) & (MAX_TID_VALUE - 1);
601 	} else {
602 		/*
603 		 * If seq_num is less then starting win then ignore and drop
604 		 * the packet
605 		 */
606 		if ((start_win + TWOPOW11) > (MAX_TID_VALUE - 1)) {
607 			if (seq_num >= ((start_win + TWOPOW11) &
608 					(MAX_TID_VALUE - 1)) &&
609 			    seq_num < start_win) {
610 				ret = -1;
611 				goto done;
612 			}
613 		} else if ((seq_num < start_win) ||
614 			   (seq_num >= (start_win + TWOPOW11))) {
615 			ret = -1;
616 			goto done;
617 		}
618 	}
619 
620 	/*
621 	 * If this packet is a BAR we adjust seq_num as
622 	 * WinStart = seq_num
623 	 */
624 	if (pkt_type == PKT_TYPE_BAR)
625 		seq_num = ((seq_num + win_size) - 1) & (MAX_TID_VALUE - 1);
626 
627 	if (((end_win < start_win) &&
628 	     (seq_num < start_win) && (seq_num > end_win)) ||
629 	    ((end_win > start_win) && ((seq_num > end_win) ||
630 				       (seq_num < start_win)))) {
631 		end_win = seq_num;
632 		if (((end_win - win_size) + 1) >= 0)
633 			start_win = (end_win - win_size) + 1;
634 		else
635 			start_win = (MAX_TID_VALUE - (win_size - end_win)) + 1;
636 		mwifiex_11n_dispatch_pkt_until_start_win(priv, tbl, start_win);
637 	}
638 
639 	if (pkt_type != PKT_TYPE_BAR) {
640 		if (seq_num >= start_win)
641 			pkt_index = seq_num - start_win;
642 		else
643 			pkt_index = (seq_num+MAX_TID_VALUE) - start_win;
644 
645 		if (tbl->rx_reorder_ptr[pkt_index]) {
646 			ret = -1;
647 			goto done;
648 		}
649 
650 		tbl->rx_reorder_ptr[pkt_index] = payload;
651 	}
652 
653 	/*
654 	 * Dispatch all packets sequentially from start_win until a
655 	 * hole is found and adjust the start_win appropriately
656 	 */
657 	mwifiex_11n_scan_and_dispatch(priv, tbl);
658 
659 done:
660 	if (!tbl->timer_context.timer_is_set ||
661 	    prev_start_win != tbl->start_win)
662 		mwifiex_11n_rxreorder_timer_restart(tbl);
663 	return ret;
664 }
665 
666 /*
667  * This function deletes an entry for a given TID/TA pair.
668  *
669  * The TID/TA are taken from del BA event body.
670  */
671 void
mwifiex_del_ba_tbl(struct mwifiex_private * priv,int tid,u8 * peer_mac,u8 type,int initiator)672 mwifiex_del_ba_tbl(struct mwifiex_private *priv, int tid, u8 *peer_mac,
673 		   u8 type, int initiator)
674 {
675 	struct mwifiex_rx_reorder_tbl *tbl;
676 	struct mwifiex_tx_ba_stream_tbl *ptx_tbl;
677 	struct mwifiex_ra_list_tbl *ra_list;
678 	u8 cleanup_rx_reorder_tbl;
679 	int tid_down;
680 
681 	if (type == TYPE_DELBA_RECEIVE)
682 		cleanup_rx_reorder_tbl = (initiator) ? true : false;
683 	else
684 		cleanup_rx_reorder_tbl = (initiator) ? false : true;
685 
686 	mwifiex_dbg(priv->adapter, EVENT, "event: DELBA: %pM tid=%d initiator=%d\n",
687 		    peer_mac, tid, initiator);
688 
689 	if (cleanup_rx_reorder_tbl) {
690 		tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid,
691 								 peer_mac);
692 		if (!tbl) {
693 			mwifiex_dbg(priv->adapter, EVENT,
694 				    "event: TID, TA not found in table\n");
695 			return;
696 		}
697 		mwifiex_del_rx_reorder_entry(priv, tbl);
698 	} else {
699 		ptx_tbl = mwifiex_get_ba_tbl(priv, tid, peer_mac);
700 		if (!ptx_tbl) {
701 			mwifiex_dbg(priv->adapter, EVENT,
702 				    "event: TID, RA not found in table\n");
703 			return;
704 		}
705 
706 		tid_down = mwifiex_wmm_downgrade_tid(priv, tid);
707 		ra_list = mwifiex_wmm_get_ralist_node(priv, tid_down, peer_mac);
708 		if (ra_list) {
709 			ra_list->amsdu_in_ampdu = false;
710 			ra_list->ba_status = BA_SETUP_NONE;
711 		}
712 		spin_lock_bh(&priv->tx_ba_stream_tbl_lock);
713 		mwifiex_11n_delete_tx_ba_stream_tbl_entry(priv, ptx_tbl);
714 		spin_unlock_bh(&priv->tx_ba_stream_tbl_lock);
715 	}
716 }
717 
718 /*
719  * This function handles the command response of an add BA response.
720  *
721  * Handling includes changing the header fields into CPU format and
722  * creating the stream, provided the add BA is accepted.
723  */
mwifiex_ret_11n_addba_resp(struct mwifiex_private * priv,struct host_cmd_ds_command * resp)724 int mwifiex_ret_11n_addba_resp(struct mwifiex_private *priv,
725 			       struct host_cmd_ds_command *resp)
726 {
727 	struct host_cmd_ds_11n_addba_rsp *add_ba_rsp = &resp->params.add_ba_rsp;
728 	int tid, win_size;
729 	struct mwifiex_rx_reorder_tbl *tbl;
730 	uint16_t block_ack_param_set;
731 
732 	block_ack_param_set = le16_to_cpu(add_ba_rsp->block_ack_param_set);
733 
734 	tid = (block_ack_param_set & IEEE80211_ADDBA_PARAM_TID_MASK)
735 		>> BLOCKACKPARAM_TID_POS;
736 	/*
737 	 * Check if we had rejected the ADDBA, if yes then do not create
738 	 * the stream
739 	 */
740 	if (le16_to_cpu(add_ba_rsp->status_code) != BA_RESULT_SUCCESS) {
741 		mwifiex_dbg(priv->adapter, ERROR, "ADDBA RSP: failed %pM tid=%d)\n",
742 			    add_ba_rsp->peer_mac_addr, tid);
743 
744 		tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid,
745 						     add_ba_rsp->peer_mac_addr);
746 		if (tbl)
747 			mwifiex_del_rx_reorder_entry(priv, tbl);
748 
749 		return 0;
750 	}
751 
752 	win_size = (block_ack_param_set & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK)
753 		    >> BLOCKACKPARAM_WINSIZE_POS;
754 
755 	tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid,
756 					     add_ba_rsp->peer_mac_addr);
757 	if (tbl) {
758 		if ((block_ack_param_set & BLOCKACKPARAM_AMSDU_SUPP_MASK) &&
759 		    priv->add_ba_param.rx_amsdu &&
760 		    (priv->aggr_prio_tbl[tid].amsdu != BA_STREAM_NOT_ALLOWED))
761 			tbl->amsdu = true;
762 		else
763 			tbl->amsdu = false;
764 	}
765 
766 	mwifiex_dbg(priv->adapter, CMD,
767 		    "cmd: ADDBA RSP: %pM tid=%d ssn=%d win_size=%d\n",
768 		add_ba_rsp->peer_mac_addr, tid, add_ba_rsp->ssn, win_size);
769 
770 	return 0;
771 }
772 
773 /*
774  * This function handles BA stream timeout event by preparing and sending
775  * a command to the firmware.
776  */
mwifiex_11n_ba_stream_timeout(struct mwifiex_private * priv,struct host_cmd_ds_11n_batimeout * event)777 void mwifiex_11n_ba_stream_timeout(struct mwifiex_private *priv,
778 				   struct host_cmd_ds_11n_batimeout *event)
779 {
780 	struct host_cmd_ds_11n_delba delba;
781 
782 	memset(&delba, 0, sizeof(struct host_cmd_ds_11n_delba));
783 	memcpy(delba.peer_mac_addr, event->peer_mac_addr, ETH_ALEN);
784 
785 	delba.del_ba_param_set |=
786 		cpu_to_le16((u16) event->tid << DELBA_TID_POS);
787 	delba.del_ba_param_set |= cpu_to_le16(
788 		(u16) event->origninator << DELBA_INITIATOR_POS);
789 	delba.reason_code = cpu_to_le16(WLAN_REASON_QSTA_TIMEOUT);
790 	mwifiex_send_cmd(priv, HostCmd_CMD_11N_DELBA, 0, 0, &delba, false);
791 }
792 
793 /*
794  * This function cleans up the Rx reorder table by deleting all the entries
795  * and re-initializing.
796  */
mwifiex_11n_cleanup_reorder_tbl(struct mwifiex_private * priv)797 void mwifiex_11n_cleanup_reorder_tbl(struct mwifiex_private *priv)
798 {
799 	struct mwifiex_rx_reorder_tbl *del_tbl_ptr, *tmp_node;
800 
801 	spin_lock_bh(&priv->rx_reorder_tbl_lock);
802 	list_for_each_entry_safe(del_tbl_ptr, tmp_node,
803 				 &priv->rx_reorder_tbl_ptr, list) {
804 		spin_unlock_bh(&priv->rx_reorder_tbl_lock);
805 		mwifiex_del_rx_reorder_entry(priv, del_tbl_ptr);
806 		spin_lock_bh(&priv->rx_reorder_tbl_lock);
807 	}
808 	INIT_LIST_HEAD(&priv->rx_reorder_tbl_ptr);
809 	spin_unlock_bh(&priv->rx_reorder_tbl_lock);
810 
811 	mwifiex_reset_11n_rx_seq_num(priv);
812 }
813 
814 /*
815  * This function updates all rx_reorder_tbl's flags.
816  */
mwifiex_update_rxreor_flags(struct mwifiex_adapter * adapter,u8 flags)817 void mwifiex_update_rxreor_flags(struct mwifiex_adapter *adapter, u8 flags)
818 {
819 	struct mwifiex_private *priv;
820 	struct mwifiex_rx_reorder_tbl *tbl;
821 	int i;
822 
823 	for (i = 0; i < adapter->priv_num; i++) {
824 		priv = adapter->priv[i];
825 		if (!priv)
826 			continue;
827 
828 		spin_lock_bh(&priv->rx_reorder_tbl_lock);
829 		list_for_each_entry(tbl, &priv->rx_reorder_tbl_ptr, list)
830 			tbl->flags = flags;
831 		spin_unlock_bh(&priv->rx_reorder_tbl_lock);
832 	}
833 
834 	return;
835 }
836 
837 /* This function update all the rx_win_size based on coex flag
838  */
mwifiex_update_ampdu_rxwinsize(struct mwifiex_adapter * adapter,bool coex_flag)839 static void mwifiex_update_ampdu_rxwinsize(struct mwifiex_adapter *adapter,
840 					   bool coex_flag)
841 {
842 	u8 i;
843 	u32 rx_win_size;
844 	struct mwifiex_private *priv;
845 
846 	dev_dbg(adapter->dev, "Update rxwinsize %d\n", coex_flag);
847 
848 	for (i = 0; i < adapter->priv_num; i++) {
849 		if (!adapter->priv[i])
850 			continue;
851 		priv = adapter->priv[i];
852 		rx_win_size = priv->add_ba_param.rx_win_size;
853 		if (coex_flag) {
854 			if (priv->bss_type == MWIFIEX_BSS_TYPE_STA)
855 				priv->add_ba_param.rx_win_size =
856 					MWIFIEX_STA_COEX_AMPDU_DEF_RXWINSIZE;
857 			if (priv->bss_type == MWIFIEX_BSS_TYPE_P2P)
858 				priv->add_ba_param.rx_win_size =
859 					MWIFIEX_STA_COEX_AMPDU_DEF_RXWINSIZE;
860 			if (priv->bss_type == MWIFIEX_BSS_TYPE_UAP)
861 				priv->add_ba_param.rx_win_size =
862 					MWIFIEX_UAP_COEX_AMPDU_DEF_RXWINSIZE;
863 		} else {
864 			if (priv->bss_type == MWIFIEX_BSS_TYPE_STA)
865 				priv->add_ba_param.rx_win_size =
866 					MWIFIEX_STA_AMPDU_DEF_RXWINSIZE;
867 			if (priv->bss_type == MWIFIEX_BSS_TYPE_P2P)
868 				priv->add_ba_param.rx_win_size =
869 					MWIFIEX_STA_AMPDU_DEF_RXWINSIZE;
870 			if (priv->bss_type == MWIFIEX_BSS_TYPE_UAP)
871 				priv->add_ba_param.rx_win_size =
872 					MWIFIEX_UAP_AMPDU_DEF_RXWINSIZE;
873 		}
874 
875 		if (adapter->coex_win_size && adapter->coex_rx_win_size)
876 			priv->add_ba_param.rx_win_size =
877 					adapter->coex_rx_win_size;
878 
879 		if (rx_win_size != priv->add_ba_param.rx_win_size) {
880 			if (!priv->media_connected)
881 				continue;
882 			for (i = 0; i < MAX_NUM_TID; i++)
883 				mwifiex_11n_delba(priv, i);
884 		}
885 	}
886 }
887 
888 /* This function check coex for RX BA
889  */
mwifiex_coex_ampdu_rxwinsize(struct mwifiex_adapter * adapter)890 void mwifiex_coex_ampdu_rxwinsize(struct mwifiex_adapter *adapter)
891 {
892 	u8 i;
893 	struct mwifiex_private *priv;
894 	u8 count = 0;
895 
896 	for (i = 0; i < adapter->priv_num; i++) {
897 		if (adapter->priv[i]) {
898 			priv = adapter->priv[i];
899 			if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA) {
900 				if (priv->media_connected)
901 					count++;
902 			}
903 			if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_UAP) {
904 				if (priv->bss_started)
905 					count++;
906 			}
907 		}
908 		if (count >= MWIFIEX_BSS_COEX_COUNT)
909 			break;
910 	}
911 	if (count >= MWIFIEX_BSS_COEX_COUNT)
912 		mwifiex_update_ampdu_rxwinsize(adapter, true);
913 	else
914 		mwifiex_update_ampdu_rxwinsize(adapter, false);
915 }
916 
917 /* This function handles rxba_sync event
918  */
mwifiex_11n_rxba_sync_event(struct mwifiex_private * priv,u8 * event_buf,u16 len)919 void mwifiex_11n_rxba_sync_event(struct mwifiex_private *priv,
920 				 u8 *event_buf, u16 len)
921 {
922 	struct mwifiex_ie_types_rxba_sync *tlv_rxba = (void *)event_buf;
923 	u16 tlv_type, tlv_len;
924 	struct mwifiex_rx_reorder_tbl *rx_reor_tbl_ptr;
925 	u8 i, j;
926 	u16 seq_num, tlv_seq_num, tlv_bitmap_len;
927 	int tlv_buf_left = len;
928 	int ret;
929 	u8 *tmp;
930 
931 	mwifiex_dbg_dump(priv->adapter, EVT_D, "RXBA_SYNC event:",
932 			 event_buf, len);
933 	while (tlv_buf_left >= sizeof(*tlv_rxba)) {
934 		tlv_type = le16_to_cpu(tlv_rxba->header.type);
935 		tlv_len  = le16_to_cpu(tlv_rxba->header.len);
936 		if (size_add(sizeof(tlv_rxba->header), tlv_len) > tlv_buf_left) {
937 			mwifiex_dbg(priv->adapter, WARN,
938 				    "TLV size (%zu) overflows event_buf buf_left=%d\n",
939 				    size_add(sizeof(tlv_rxba->header), tlv_len),
940 				    tlv_buf_left);
941 			return;
942 		}
943 
944 		if (tlv_type != TLV_TYPE_RXBA_SYNC) {
945 			mwifiex_dbg(priv->adapter, ERROR,
946 				    "Wrong TLV id=0x%x\n", tlv_type);
947 			return;
948 		}
949 
950 		tlv_seq_num = le16_to_cpu(tlv_rxba->seq_num);
951 		tlv_bitmap_len = le16_to_cpu(tlv_rxba->bitmap_len);
952 		if (size_add(sizeof(*tlv_rxba), tlv_bitmap_len) > tlv_buf_left) {
953 			mwifiex_dbg(priv->adapter, WARN,
954 				    "TLV size (%zu) overflows event_buf buf_left=%d\n",
955 				    size_add(sizeof(*tlv_rxba), tlv_bitmap_len),
956 				    tlv_buf_left);
957 			return;
958 		}
959 
960 		mwifiex_dbg(priv->adapter, INFO,
961 			    "%pM tid=%d seq_num=%d bitmap_len=%d\n",
962 			    tlv_rxba->mac, tlv_rxba->tid, tlv_seq_num,
963 			    tlv_bitmap_len);
964 
965 		rx_reor_tbl_ptr =
966 			mwifiex_11n_get_rx_reorder_tbl(priv, tlv_rxba->tid,
967 						       tlv_rxba->mac);
968 		if (!rx_reor_tbl_ptr) {
969 			mwifiex_dbg(priv->adapter, ERROR,
970 				    "Can not find rx_reorder_tbl!");
971 			return;
972 		}
973 
974 		for (i = 0; i < tlv_bitmap_len; i++) {
975 			for (j = 0 ; j < 8; j++) {
976 				if (tlv_rxba->bitmap[i] & (1 << j)) {
977 					seq_num = (MAX_TID_VALUE - 1) &
978 						(tlv_seq_num + i * 8 + j);
979 
980 					mwifiex_dbg(priv->adapter, ERROR,
981 						    "drop packet,seq=%d\n",
982 						    seq_num);
983 
984 					ret = mwifiex_11n_rx_reorder_pkt
985 					(priv, seq_num, tlv_rxba->tid,
986 					 tlv_rxba->mac, 0, NULL);
987 
988 					if (ret)
989 						mwifiex_dbg(priv->adapter,
990 							    ERROR,
991 							    "Fail to drop packet");
992 				}
993 			}
994 		}
995 
996 		tlv_buf_left -= (sizeof(tlv_rxba->header) + tlv_len);
997 		tmp = (u8 *)tlv_rxba  + sizeof(tlv_rxba->header) + tlv_len;
998 		tlv_rxba = (struct mwifiex_ie_types_rxba_sync *)tmp;
999 	}
1000 }
1001