1 /*
2 * NXP Wireless LAN device driver: 802.11n RX Re-ordering
3 *
4 * Copyright 2011-2020 NXP
5 *
6 * This software file (the "File") is distributed by NXP
7 * under the terms of the GNU General Public License Version 2, June 1991
8 * (the "License"). You may use, redistribute and/or modify this File in
9 * accordance with the terms and conditions of the License, a copy of which
10 * is available by writing to the Free Software Foundation, Inc.,
11 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
12 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
13 *
14 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
16 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about
17 * this warranty disclaimer.
18 */
19
20 #include "decl.h"
21 #include "ioctl.h"
22 #include "util.h"
23 #include "fw.h"
24 #include "main.h"
25 #include "wmm.h"
26 #include "11n.h"
27 #include "11n_rxreorder.h"
28
29 /* This function will dispatch amsdu packet and forward it to kernel/upper
30 * layer.
31 */
mwifiex_11n_dispatch_amsdu_pkt(struct mwifiex_private * priv,struct sk_buff * skb)32 static int mwifiex_11n_dispatch_amsdu_pkt(struct mwifiex_private *priv,
33 struct sk_buff *skb)
34 {
35 struct rxpd *local_rx_pd = (struct rxpd *)(skb->data);
36 int ret;
37
38 if (le16_to_cpu(local_rx_pd->rx_pkt_type) == PKT_TYPE_AMSDU) {
39 struct sk_buff_head list;
40 struct sk_buff *rx_skb;
41
42 __skb_queue_head_init(&list);
43
44 skb_pull(skb, le16_to_cpu(local_rx_pd->rx_pkt_offset));
45 skb_trim(skb, le16_to_cpu(local_rx_pd->rx_pkt_length));
46
47 ieee80211_amsdu_to_8023s(skb, &list, priv->curr_addr,
48 priv->wdev.iftype, 0, NULL, NULL);
49
50 while (!skb_queue_empty(&list)) {
51 struct rx_packet_hdr *rx_hdr;
52
53 rx_skb = __skb_dequeue(&list);
54 rx_hdr = (struct rx_packet_hdr *)rx_skb->data;
55 if (ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) &&
56 ntohs(rx_hdr->eth803_hdr.h_proto) == ETH_P_TDLS) {
57 mwifiex_process_tdls_action_frame(priv,
58 (u8 *)rx_hdr,
59 skb->len);
60 }
61
62 if (priv->bss_role == MWIFIEX_BSS_ROLE_UAP)
63 ret = mwifiex_uap_recv_packet(priv, rx_skb);
64 else
65 ret = mwifiex_recv_packet(priv, rx_skb);
66 if (ret == -1)
67 mwifiex_dbg(priv->adapter, ERROR,
68 "Rx of A-MSDU failed");
69 }
70 return 0;
71 }
72
73 return -1;
74 }
75
76 /* This function will process the rx packet and forward it to kernel/upper
77 * layer.
78 */
mwifiex_11n_dispatch_pkt(struct mwifiex_private * priv,struct sk_buff * payload)79 static int mwifiex_11n_dispatch_pkt(struct mwifiex_private *priv,
80 struct sk_buff *payload)
81 {
82
83 int ret;
84
85 if (!payload) {
86 mwifiex_dbg(priv->adapter, INFO, "info: fw drop data\n");
87 return 0;
88 }
89
90 ret = mwifiex_11n_dispatch_amsdu_pkt(priv, payload);
91 if (!ret)
92 return 0;
93
94 if (priv->bss_role == MWIFIEX_BSS_ROLE_UAP)
95 return mwifiex_handle_uap_rx_forward(priv, payload);
96
97 return mwifiex_process_rx_packet(priv, payload);
98 }
99
100 /*
101 * This function dispatches all packets in the Rx reorder table until the
102 * start window.
103 *
104 * There could be holes in the buffer, which are skipped by the function.
105 * Since the buffer is linear, the function uses rotation to simulate
106 * circular buffer.
107 */
108 static void
mwifiex_11n_dispatch_pkt_until_start_win(struct mwifiex_private * priv,struct mwifiex_rx_reorder_tbl * tbl,int start_win)109 mwifiex_11n_dispatch_pkt_until_start_win(struct mwifiex_private *priv,
110 struct mwifiex_rx_reorder_tbl *tbl,
111 int start_win)
112 {
113 struct sk_buff_head list;
114 struct sk_buff *skb;
115 int pkt_to_send, i;
116
117 __skb_queue_head_init(&list);
118 spin_lock_bh(&priv->rx_reorder_tbl_lock);
119
120 pkt_to_send = (start_win > tbl->start_win) ?
121 min((start_win - tbl->start_win), tbl->win_size) :
122 tbl->win_size;
123
124 for (i = 0; i < pkt_to_send; ++i) {
125 if (tbl->rx_reorder_ptr[i]) {
126 skb = tbl->rx_reorder_ptr[i];
127 __skb_queue_tail(&list, skb);
128 tbl->rx_reorder_ptr[i] = NULL;
129 }
130 }
131
132 /*
133 * We don't have a circular buffer, hence use rotation to simulate
134 * circular buffer
135 */
136 for (i = 0; i < tbl->win_size - pkt_to_send; ++i) {
137 tbl->rx_reorder_ptr[i] = tbl->rx_reorder_ptr[pkt_to_send + i];
138 tbl->rx_reorder_ptr[pkt_to_send + i] = NULL;
139 }
140
141 tbl->start_win = start_win;
142 spin_unlock_bh(&priv->rx_reorder_tbl_lock);
143
144 while ((skb = __skb_dequeue(&list)))
145 mwifiex_11n_dispatch_pkt(priv, skb);
146 }
147
148 /*
149 * This function dispatches all packets in the Rx reorder table until
150 * a hole is found.
151 *
152 * The start window is adjusted automatically when a hole is located.
153 * Since the buffer is linear, the function uses rotation to simulate
154 * circular buffer.
155 */
156 static void
mwifiex_11n_scan_and_dispatch(struct mwifiex_private * priv,struct mwifiex_rx_reorder_tbl * tbl)157 mwifiex_11n_scan_and_dispatch(struct mwifiex_private *priv,
158 struct mwifiex_rx_reorder_tbl *tbl)
159 {
160 struct sk_buff_head list;
161 struct sk_buff *skb;
162 int i, j, xchg;
163
164 __skb_queue_head_init(&list);
165 spin_lock_bh(&priv->rx_reorder_tbl_lock);
166
167 for (i = 0; i < tbl->win_size; ++i) {
168 if (!tbl->rx_reorder_ptr[i])
169 break;
170 skb = tbl->rx_reorder_ptr[i];
171 __skb_queue_tail(&list, skb);
172 tbl->rx_reorder_ptr[i] = NULL;
173 }
174
175 /*
176 * We don't have a circular buffer, hence use rotation to simulate
177 * circular buffer
178 */
179 if (i > 0) {
180 xchg = tbl->win_size - i;
181 for (j = 0; j < xchg; ++j) {
182 tbl->rx_reorder_ptr[j] = tbl->rx_reorder_ptr[i + j];
183 tbl->rx_reorder_ptr[i + j] = NULL;
184 }
185 }
186 tbl->start_win = (tbl->start_win + i) & (MAX_TID_VALUE - 1);
187
188 spin_unlock_bh(&priv->rx_reorder_tbl_lock);
189
190 while ((skb = __skb_dequeue(&list)))
191 mwifiex_11n_dispatch_pkt(priv, skb);
192 }
193
194 /*
195 * This function deletes the Rx reorder table and frees the memory.
196 *
197 * The function stops the associated timer and dispatches all the
198 * pending packets in the Rx reorder table before deletion.
199 */
200 static void
mwifiex_del_rx_reorder_entry(struct mwifiex_private * priv,struct mwifiex_rx_reorder_tbl * tbl)201 mwifiex_del_rx_reorder_entry(struct mwifiex_private *priv,
202 struct mwifiex_rx_reorder_tbl *tbl)
203 {
204 int start_win;
205
206 if (!tbl)
207 return;
208
209 spin_lock_bh(&priv->adapter->rx_proc_lock);
210 priv->adapter->rx_locked = true;
211 if (priv->adapter->rx_processing) {
212 spin_unlock_bh(&priv->adapter->rx_proc_lock);
213 flush_workqueue(priv->adapter->rx_workqueue);
214 } else {
215 spin_unlock_bh(&priv->adapter->rx_proc_lock);
216 }
217
218 start_win = (tbl->start_win + tbl->win_size) & (MAX_TID_VALUE - 1);
219 mwifiex_11n_dispatch_pkt_until_start_win(priv, tbl, start_win);
220
221 del_timer_sync(&tbl->timer_context.timer);
222 tbl->timer_context.timer_is_set = false;
223
224 spin_lock_bh(&priv->rx_reorder_tbl_lock);
225 list_del(&tbl->list);
226 spin_unlock_bh(&priv->rx_reorder_tbl_lock);
227
228 kfree(tbl->rx_reorder_ptr);
229 kfree(tbl);
230
231 spin_lock_bh(&priv->adapter->rx_proc_lock);
232 priv->adapter->rx_locked = false;
233 spin_unlock_bh(&priv->adapter->rx_proc_lock);
234
235 }
236
237 /*
238 * This function returns the pointer to an entry in Rx reordering
239 * table which matches the given TA/TID pair.
240 */
241 struct mwifiex_rx_reorder_tbl *
mwifiex_11n_get_rx_reorder_tbl(struct mwifiex_private * priv,int tid,u8 * ta)242 mwifiex_11n_get_rx_reorder_tbl(struct mwifiex_private *priv, int tid, u8 *ta)
243 {
244 struct mwifiex_rx_reorder_tbl *tbl;
245
246 spin_lock_bh(&priv->rx_reorder_tbl_lock);
247 list_for_each_entry(tbl, &priv->rx_reorder_tbl_ptr, list) {
248 if (!memcmp(tbl->ta, ta, ETH_ALEN) && tbl->tid == tid) {
249 spin_unlock_bh(&priv->rx_reorder_tbl_lock);
250 return tbl;
251 }
252 }
253 spin_unlock_bh(&priv->rx_reorder_tbl_lock);
254
255 return NULL;
256 }
257
258 /* This function retrieves the pointer to an entry in Rx reordering
259 * table which matches the given TA and deletes it.
260 */
mwifiex_11n_del_rx_reorder_tbl_by_ta(struct mwifiex_private * priv,u8 * ta)261 void mwifiex_11n_del_rx_reorder_tbl_by_ta(struct mwifiex_private *priv, u8 *ta)
262 {
263 struct mwifiex_rx_reorder_tbl *tbl, *tmp;
264
265 if (!ta)
266 return;
267
268 spin_lock_bh(&priv->rx_reorder_tbl_lock);
269 list_for_each_entry_safe(tbl, tmp, &priv->rx_reorder_tbl_ptr, list) {
270 if (!memcmp(tbl->ta, ta, ETH_ALEN)) {
271 spin_unlock_bh(&priv->rx_reorder_tbl_lock);
272 mwifiex_del_rx_reorder_entry(priv, tbl);
273 spin_lock_bh(&priv->rx_reorder_tbl_lock);
274 }
275 }
276 spin_unlock_bh(&priv->rx_reorder_tbl_lock);
277
278 return;
279 }
280
281 /*
282 * This function finds the last sequence number used in the packets
283 * buffered in Rx reordering table.
284 */
285 static int
mwifiex_11n_find_last_seq_num(struct reorder_tmr_cnxt * ctx)286 mwifiex_11n_find_last_seq_num(struct reorder_tmr_cnxt *ctx)
287 {
288 struct mwifiex_rx_reorder_tbl *rx_reorder_tbl_ptr = ctx->ptr;
289 struct mwifiex_private *priv = ctx->priv;
290 int i;
291
292 spin_lock_bh(&priv->rx_reorder_tbl_lock);
293 for (i = rx_reorder_tbl_ptr->win_size - 1; i >= 0; --i) {
294 if (rx_reorder_tbl_ptr->rx_reorder_ptr[i]) {
295 spin_unlock_bh(&priv->rx_reorder_tbl_lock);
296 return i;
297 }
298 }
299 spin_unlock_bh(&priv->rx_reorder_tbl_lock);
300
301 return -1;
302 }
303
304 /*
305 * This function flushes all the packets in Rx reordering table.
306 *
307 * The function checks if any packets are currently buffered in the
308 * table or not. In case there are packets available, it dispatches
309 * them and then dumps the Rx reordering table.
310 */
311 static void
mwifiex_flush_data(struct timer_list * t)312 mwifiex_flush_data(struct timer_list *t)
313 {
314 struct reorder_tmr_cnxt *ctx =
315 from_timer(ctx, t, timer);
316 int start_win, seq_num;
317
318 ctx->timer_is_set = false;
319 seq_num = mwifiex_11n_find_last_seq_num(ctx);
320
321 if (seq_num < 0)
322 return;
323
324 mwifiex_dbg(ctx->priv->adapter, INFO, "info: flush data %d\n", seq_num);
325 start_win = (ctx->ptr->start_win + seq_num + 1) & (MAX_TID_VALUE - 1);
326 mwifiex_11n_dispatch_pkt_until_start_win(ctx->priv, ctx->ptr,
327 start_win);
328 }
329
330 /*
331 * This function creates an entry in Rx reordering table for the
332 * given TA/TID.
333 *
334 * The function also initializes the entry with sequence number, window
335 * size as well as initializes the timer.
336 *
337 * If the received TA/TID pair is already present, all the packets are
338 * dispatched and the window size is moved until the SSN.
339 */
340 static void
mwifiex_11n_create_rx_reorder_tbl(struct mwifiex_private * priv,u8 * ta,int tid,int win_size,int seq_num)341 mwifiex_11n_create_rx_reorder_tbl(struct mwifiex_private *priv, u8 *ta,
342 int tid, int win_size, int seq_num)
343 {
344 int i;
345 struct mwifiex_rx_reorder_tbl *tbl, *new_node;
346 u16 last_seq = 0;
347 struct mwifiex_sta_node *node;
348
349 /*
350 * If we get a TID, ta pair which is already present dispatch all the
351 * the packets and move the window size until the ssn
352 */
353 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, ta);
354 if (tbl) {
355 mwifiex_11n_dispatch_pkt_until_start_win(priv, tbl, seq_num);
356 return;
357 }
358 /* if !tbl then create one */
359 new_node = kzalloc(sizeof(struct mwifiex_rx_reorder_tbl), GFP_KERNEL);
360 if (!new_node)
361 return;
362
363 INIT_LIST_HEAD(&new_node->list);
364 new_node->tid = tid;
365 memcpy(new_node->ta, ta, ETH_ALEN);
366 new_node->start_win = seq_num;
367 new_node->init_win = seq_num;
368 new_node->flags = 0;
369
370 spin_lock_bh(&priv->sta_list_spinlock);
371 if (mwifiex_queuing_ra_based(priv)) {
372 if (priv->bss_role == MWIFIEX_BSS_ROLE_UAP) {
373 node = mwifiex_get_sta_entry(priv, ta);
374 if (node)
375 last_seq = node->rx_seq[tid];
376 }
377 } else {
378 node = mwifiex_get_sta_entry(priv, ta);
379 if (node)
380 last_seq = node->rx_seq[tid];
381 else
382 last_seq = priv->rx_seq[tid];
383 }
384 spin_unlock_bh(&priv->sta_list_spinlock);
385
386 mwifiex_dbg(priv->adapter, INFO,
387 "info: last_seq=%d start_win=%d\n",
388 last_seq, new_node->start_win);
389
390 if (last_seq != MWIFIEX_DEF_11N_RX_SEQ_NUM &&
391 last_seq >= new_node->start_win) {
392 new_node->start_win = last_seq + 1;
393 new_node->flags |= RXREOR_INIT_WINDOW_SHIFT;
394 }
395
396 new_node->win_size = win_size;
397
398 new_node->rx_reorder_ptr = kcalloc(win_size, sizeof(void *),
399 GFP_KERNEL);
400 if (!new_node->rx_reorder_ptr) {
401 kfree(new_node);
402 mwifiex_dbg(priv->adapter, ERROR,
403 "%s: failed to alloc reorder_ptr\n", __func__);
404 return;
405 }
406
407 new_node->timer_context.ptr = new_node;
408 new_node->timer_context.priv = priv;
409 new_node->timer_context.timer_is_set = false;
410
411 timer_setup(&new_node->timer_context.timer, mwifiex_flush_data, 0);
412
413 for (i = 0; i < win_size; ++i)
414 new_node->rx_reorder_ptr[i] = NULL;
415
416 spin_lock_bh(&priv->rx_reorder_tbl_lock);
417 list_add_tail(&new_node->list, &priv->rx_reorder_tbl_ptr);
418 spin_unlock_bh(&priv->rx_reorder_tbl_lock);
419 }
420
421 static void
mwifiex_11n_rxreorder_timer_restart(struct mwifiex_rx_reorder_tbl * tbl)422 mwifiex_11n_rxreorder_timer_restart(struct mwifiex_rx_reorder_tbl *tbl)
423 {
424 u32 min_flush_time;
425
426 if (tbl->win_size >= MWIFIEX_BA_WIN_SIZE_32)
427 min_flush_time = MIN_FLUSH_TIMER_15_MS;
428 else
429 min_flush_time = MIN_FLUSH_TIMER_MS;
430
431 mod_timer(&tbl->timer_context.timer,
432 jiffies + msecs_to_jiffies(min_flush_time * tbl->win_size));
433
434 tbl->timer_context.timer_is_set = true;
435 }
436
437 /*
438 * This function prepares command for adding a BA request.
439 *
440 * Preparation includes -
441 * - Setting command ID and proper size
442 * - Setting add BA request buffer
443 * - Ensuring correct endian-ness
444 */
mwifiex_cmd_11n_addba_req(struct host_cmd_ds_command * cmd,void * data_buf)445 int mwifiex_cmd_11n_addba_req(struct host_cmd_ds_command *cmd, void *data_buf)
446 {
447 struct host_cmd_ds_11n_addba_req *add_ba_req = &cmd->params.add_ba_req;
448
449 cmd->command = cpu_to_le16(HostCmd_CMD_11N_ADDBA_REQ);
450 cmd->size = cpu_to_le16(sizeof(*add_ba_req) + S_DS_GEN);
451 memcpy(add_ba_req, data_buf, sizeof(*add_ba_req));
452
453 return 0;
454 }
455
456 /*
457 * This function prepares command for adding a BA response.
458 *
459 * Preparation includes -
460 * - Setting command ID and proper size
461 * - Setting add BA response buffer
462 * - Ensuring correct endian-ness
463 */
mwifiex_cmd_11n_addba_rsp_gen(struct mwifiex_private * priv,struct host_cmd_ds_command * cmd,struct host_cmd_ds_11n_addba_req * cmd_addba_req)464 int mwifiex_cmd_11n_addba_rsp_gen(struct mwifiex_private *priv,
465 struct host_cmd_ds_command *cmd,
466 struct host_cmd_ds_11n_addba_req
467 *cmd_addba_req)
468 {
469 struct host_cmd_ds_11n_addba_rsp *add_ba_rsp = &cmd->params.add_ba_rsp;
470 struct mwifiex_sta_node *sta_ptr;
471 u32 rx_win_size = priv->add_ba_param.rx_win_size;
472 u8 tid;
473 int win_size;
474 uint16_t block_ack_param_set;
475
476 if ((GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA) &&
477 ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) &&
478 priv->adapter->is_hw_11ac_capable &&
479 memcmp(priv->cfg_bssid, cmd_addba_req->peer_mac_addr, ETH_ALEN)) {
480 spin_lock_bh(&priv->sta_list_spinlock);
481 sta_ptr = mwifiex_get_sta_entry(priv,
482 cmd_addba_req->peer_mac_addr);
483 if (!sta_ptr) {
484 spin_unlock_bh(&priv->sta_list_spinlock);
485 mwifiex_dbg(priv->adapter, ERROR,
486 "BA setup with unknown TDLS peer %pM!\n",
487 cmd_addba_req->peer_mac_addr);
488 return -1;
489 }
490 if (sta_ptr->is_11ac_enabled)
491 rx_win_size = MWIFIEX_11AC_STA_AMPDU_DEF_RXWINSIZE;
492 spin_unlock_bh(&priv->sta_list_spinlock);
493 }
494
495 cmd->command = cpu_to_le16(HostCmd_CMD_11N_ADDBA_RSP);
496 cmd->size = cpu_to_le16(sizeof(*add_ba_rsp) + S_DS_GEN);
497
498 memcpy(add_ba_rsp->peer_mac_addr, cmd_addba_req->peer_mac_addr,
499 ETH_ALEN);
500 add_ba_rsp->dialog_token = cmd_addba_req->dialog_token;
501 add_ba_rsp->block_ack_tmo = cmd_addba_req->block_ack_tmo;
502 add_ba_rsp->ssn = cmd_addba_req->ssn;
503
504 block_ack_param_set = le16_to_cpu(cmd_addba_req->block_ack_param_set);
505 tid = (block_ack_param_set & IEEE80211_ADDBA_PARAM_TID_MASK)
506 >> BLOCKACKPARAM_TID_POS;
507 add_ba_rsp->status_code = cpu_to_le16(ADDBA_RSP_STATUS_ACCEPT);
508 block_ack_param_set &= ~IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK;
509
510 /* If we don't support AMSDU inside AMPDU, reset the bit */
511 if (!priv->add_ba_param.rx_amsdu ||
512 (priv->aggr_prio_tbl[tid].amsdu == BA_STREAM_NOT_ALLOWED))
513 block_ack_param_set &= ~BLOCKACKPARAM_AMSDU_SUPP_MASK;
514 block_ack_param_set |= rx_win_size << BLOCKACKPARAM_WINSIZE_POS;
515 add_ba_rsp->block_ack_param_set = cpu_to_le16(block_ack_param_set);
516 win_size = (le16_to_cpu(add_ba_rsp->block_ack_param_set)
517 & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK)
518 >> BLOCKACKPARAM_WINSIZE_POS;
519 cmd_addba_req->block_ack_param_set = cpu_to_le16(block_ack_param_set);
520
521 mwifiex_11n_create_rx_reorder_tbl(priv, cmd_addba_req->peer_mac_addr,
522 tid, win_size,
523 le16_to_cpu(cmd_addba_req->ssn));
524 return 0;
525 }
526
527 /*
528 * This function prepares command for deleting a BA request.
529 *
530 * Preparation includes -
531 * - Setting command ID and proper size
532 * - Setting del BA request buffer
533 * - Ensuring correct endian-ness
534 */
mwifiex_cmd_11n_delba(struct host_cmd_ds_command * cmd,void * data_buf)535 int mwifiex_cmd_11n_delba(struct host_cmd_ds_command *cmd, void *data_buf)
536 {
537 struct host_cmd_ds_11n_delba *del_ba = &cmd->params.del_ba;
538
539 cmd->command = cpu_to_le16(HostCmd_CMD_11N_DELBA);
540 cmd->size = cpu_to_le16(sizeof(*del_ba) + S_DS_GEN);
541 memcpy(del_ba, data_buf, sizeof(*del_ba));
542
543 return 0;
544 }
545
546 /*
547 * This function identifies if Rx reordering is needed for a received packet.
548 *
549 * In case reordering is required, the function will do the reordering
550 * before sending it to kernel.
551 *
552 * The Rx reorder table is checked first with the received TID/TA pair. If
553 * not found, the received packet is dispatched immediately. But if found,
554 * the packet is reordered and all the packets in the updated Rx reordering
555 * table is dispatched until a hole is found.
556 *
557 * For sequence number less than the starting window, the packet is dropped.
558 */
mwifiex_11n_rx_reorder_pkt(struct mwifiex_private * priv,u16 seq_num,u16 tid,u8 * ta,u8 pkt_type,void * payload)559 int mwifiex_11n_rx_reorder_pkt(struct mwifiex_private *priv,
560 u16 seq_num, u16 tid,
561 u8 *ta, u8 pkt_type, void *payload)
562 {
563 struct mwifiex_rx_reorder_tbl *tbl;
564 int prev_start_win, start_win, end_win, win_size;
565 u16 pkt_index;
566 bool init_window_shift = false;
567 int ret = 0;
568
569 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, ta);
570 if (!tbl) {
571 if (pkt_type != PKT_TYPE_BAR)
572 mwifiex_11n_dispatch_pkt(priv, payload);
573 return ret;
574 }
575
576 if ((pkt_type == PKT_TYPE_AMSDU) && !tbl->amsdu) {
577 mwifiex_11n_dispatch_pkt(priv, payload);
578 return ret;
579 }
580
581 start_win = tbl->start_win;
582 prev_start_win = start_win;
583 win_size = tbl->win_size;
584 end_win = ((start_win + win_size) - 1) & (MAX_TID_VALUE - 1);
585 if (tbl->flags & RXREOR_INIT_WINDOW_SHIFT) {
586 init_window_shift = true;
587 tbl->flags &= ~RXREOR_INIT_WINDOW_SHIFT;
588 }
589
590 if (tbl->flags & RXREOR_FORCE_NO_DROP) {
591 mwifiex_dbg(priv->adapter, INFO,
592 "RXREOR_FORCE_NO_DROP when HS is activated\n");
593 tbl->flags &= ~RXREOR_FORCE_NO_DROP;
594 } else if (init_window_shift && seq_num < start_win &&
595 seq_num >= tbl->init_win) {
596 mwifiex_dbg(priv->adapter, INFO,
597 "Sender TID sequence number reset %d->%d for SSN %d\n",
598 start_win, seq_num, tbl->init_win);
599 tbl->start_win = start_win = seq_num;
600 end_win = ((start_win + win_size) - 1) & (MAX_TID_VALUE - 1);
601 } else {
602 /*
603 * If seq_num is less then starting win then ignore and drop
604 * the packet
605 */
606 if ((start_win + TWOPOW11) > (MAX_TID_VALUE - 1)) {
607 if (seq_num >= ((start_win + TWOPOW11) &
608 (MAX_TID_VALUE - 1)) &&
609 seq_num < start_win) {
610 ret = -1;
611 goto done;
612 }
613 } else if ((seq_num < start_win) ||
614 (seq_num >= (start_win + TWOPOW11))) {
615 ret = -1;
616 goto done;
617 }
618 }
619
620 /*
621 * If this packet is a BAR we adjust seq_num as
622 * WinStart = seq_num
623 */
624 if (pkt_type == PKT_TYPE_BAR)
625 seq_num = ((seq_num + win_size) - 1) & (MAX_TID_VALUE - 1);
626
627 if (((end_win < start_win) &&
628 (seq_num < start_win) && (seq_num > end_win)) ||
629 ((end_win > start_win) && ((seq_num > end_win) ||
630 (seq_num < start_win)))) {
631 end_win = seq_num;
632 if (((end_win - win_size) + 1) >= 0)
633 start_win = (end_win - win_size) + 1;
634 else
635 start_win = (MAX_TID_VALUE - (win_size - end_win)) + 1;
636 mwifiex_11n_dispatch_pkt_until_start_win(priv, tbl, start_win);
637 }
638
639 if (pkt_type != PKT_TYPE_BAR) {
640 if (seq_num >= start_win)
641 pkt_index = seq_num - start_win;
642 else
643 pkt_index = (seq_num+MAX_TID_VALUE) - start_win;
644
645 if (tbl->rx_reorder_ptr[pkt_index]) {
646 ret = -1;
647 goto done;
648 }
649
650 tbl->rx_reorder_ptr[pkt_index] = payload;
651 }
652
653 /*
654 * Dispatch all packets sequentially from start_win until a
655 * hole is found and adjust the start_win appropriately
656 */
657 mwifiex_11n_scan_and_dispatch(priv, tbl);
658
659 done:
660 if (!tbl->timer_context.timer_is_set ||
661 prev_start_win != tbl->start_win)
662 mwifiex_11n_rxreorder_timer_restart(tbl);
663 return ret;
664 }
665
666 /*
667 * This function deletes an entry for a given TID/TA pair.
668 *
669 * The TID/TA are taken from del BA event body.
670 */
671 void
mwifiex_del_ba_tbl(struct mwifiex_private * priv,int tid,u8 * peer_mac,u8 type,int initiator)672 mwifiex_del_ba_tbl(struct mwifiex_private *priv, int tid, u8 *peer_mac,
673 u8 type, int initiator)
674 {
675 struct mwifiex_rx_reorder_tbl *tbl;
676 struct mwifiex_tx_ba_stream_tbl *ptx_tbl;
677 struct mwifiex_ra_list_tbl *ra_list;
678 u8 cleanup_rx_reorder_tbl;
679 int tid_down;
680
681 if (type == TYPE_DELBA_RECEIVE)
682 cleanup_rx_reorder_tbl = (initiator) ? true : false;
683 else
684 cleanup_rx_reorder_tbl = (initiator) ? false : true;
685
686 mwifiex_dbg(priv->adapter, EVENT, "event: DELBA: %pM tid=%d initiator=%d\n",
687 peer_mac, tid, initiator);
688
689 if (cleanup_rx_reorder_tbl) {
690 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid,
691 peer_mac);
692 if (!tbl) {
693 mwifiex_dbg(priv->adapter, EVENT,
694 "event: TID, TA not found in table\n");
695 return;
696 }
697 mwifiex_del_rx_reorder_entry(priv, tbl);
698 } else {
699 ptx_tbl = mwifiex_get_ba_tbl(priv, tid, peer_mac);
700 if (!ptx_tbl) {
701 mwifiex_dbg(priv->adapter, EVENT,
702 "event: TID, RA not found in table\n");
703 return;
704 }
705
706 tid_down = mwifiex_wmm_downgrade_tid(priv, tid);
707 ra_list = mwifiex_wmm_get_ralist_node(priv, tid_down, peer_mac);
708 if (ra_list) {
709 ra_list->amsdu_in_ampdu = false;
710 ra_list->ba_status = BA_SETUP_NONE;
711 }
712 spin_lock_bh(&priv->tx_ba_stream_tbl_lock);
713 mwifiex_11n_delete_tx_ba_stream_tbl_entry(priv, ptx_tbl);
714 spin_unlock_bh(&priv->tx_ba_stream_tbl_lock);
715 }
716 }
717
718 /*
719 * This function handles the command response of an add BA response.
720 *
721 * Handling includes changing the header fields into CPU format and
722 * creating the stream, provided the add BA is accepted.
723 */
mwifiex_ret_11n_addba_resp(struct mwifiex_private * priv,struct host_cmd_ds_command * resp)724 int mwifiex_ret_11n_addba_resp(struct mwifiex_private *priv,
725 struct host_cmd_ds_command *resp)
726 {
727 struct host_cmd_ds_11n_addba_rsp *add_ba_rsp = &resp->params.add_ba_rsp;
728 int tid, win_size;
729 struct mwifiex_rx_reorder_tbl *tbl;
730 uint16_t block_ack_param_set;
731
732 block_ack_param_set = le16_to_cpu(add_ba_rsp->block_ack_param_set);
733
734 tid = (block_ack_param_set & IEEE80211_ADDBA_PARAM_TID_MASK)
735 >> BLOCKACKPARAM_TID_POS;
736 /*
737 * Check if we had rejected the ADDBA, if yes then do not create
738 * the stream
739 */
740 if (le16_to_cpu(add_ba_rsp->status_code) != BA_RESULT_SUCCESS) {
741 mwifiex_dbg(priv->adapter, ERROR, "ADDBA RSP: failed %pM tid=%d)\n",
742 add_ba_rsp->peer_mac_addr, tid);
743
744 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid,
745 add_ba_rsp->peer_mac_addr);
746 if (tbl)
747 mwifiex_del_rx_reorder_entry(priv, tbl);
748
749 return 0;
750 }
751
752 win_size = (block_ack_param_set & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK)
753 >> BLOCKACKPARAM_WINSIZE_POS;
754
755 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid,
756 add_ba_rsp->peer_mac_addr);
757 if (tbl) {
758 if ((block_ack_param_set & BLOCKACKPARAM_AMSDU_SUPP_MASK) &&
759 priv->add_ba_param.rx_amsdu &&
760 (priv->aggr_prio_tbl[tid].amsdu != BA_STREAM_NOT_ALLOWED))
761 tbl->amsdu = true;
762 else
763 tbl->amsdu = false;
764 }
765
766 mwifiex_dbg(priv->adapter, CMD,
767 "cmd: ADDBA RSP: %pM tid=%d ssn=%d win_size=%d\n",
768 add_ba_rsp->peer_mac_addr, tid, add_ba_rsp->ssn, win_size);
769
770 return 0;
771 }
772
773 /*
774 * This function handles BA stream timeout event by preparing and sending
775 * a command to the firmware.
776 */
mwifiex_11n_ba_stream_timeout(struct mwifiex_private * priv,struct host_cmd_ds_11n_batimeout * event)777 void mwifiex_11n_ba_stream_timeout(struct mwifiex_private *priv,
778 struct host_cmd_ds_11n_batimeout *event)
779 {
780 struct host_cmd_ds_11n_delba delba;
781
782 memset(&delba, 0, sizeof(struct host_cmd_ds_11n_delba));
783 memcpy(delba.peer_mac_addr, event->peer_mac_addr, ETH_ALEN);
784
785 delba.del_ba_param_set |=
786 cpu_to_le16((u16) event->tid << DELBA_TID_POS);
787 delba.del_ba_param_set |= cpu_to_le16(
788 (u16) event->origninator << DELBA_INITIATOR_POS);
789 delba.reason_code = cpu_to_le16(WLAN_REASON_QSTA_TIMEOUT);
790 mwifiex_send_cmd(priv, HostCmd_CMD_11N_DELBA, 0, 0, &delba, false);
791 }
792
793 /*
794 * This function cleans up the Rx reorder table by deleting all the entries
795 * and re-initializing.
796 */
mwifiex_11n_cleanup_reorder_tbl(struct mwifiex_private * priv)797 void mwifiex_11n_cleanup_reorder_tbl(struct mwifiex_private *priv)
798 {
799 struct mwifiex_rx_reorder_tbl *del_tbl_ptr, *tmp_node;
800
801 spin_lock_bh(&priv->rx_reorder_tbl_lock);
802 list_for_each_entry_safe(del_tbl_ptr, tmp_node,
803 &priv->rx_reorder_tbl_ptr, list) {
804 spin_unlock_bh(&priv->rx_reorder_tbl_lock);
805 mwifiex_del_rx_reorder_entry(priv, del_tbl_ptr);
806 spin_lock_bh(&priv->rx_reorder_tbl_lock);
807 }
808 INIT_LIST_HEAD(&priv->rx_reorder_tbl_ptr);
809 spin_unlock_bh(&priv->rx_reorder_tbl_lock);
810
811 mwifiex_reset_11n_rx_seq_num(priv);
812 }
813
814 /*
815 * This function updates all rx_reorder_tbl's flags.
816 */
mwifiex_update_rxreor_flags(struct mwifiex_adapter * adapter,u8 flags)817 void mwifiex_update_rxreor_flags(struct mwifiex_adapter *adapter, u8 flags)
818 {
819 struct mwifiex_private *priv;
820 struct mwifiex_rx_reorder_tbl *tbl;
821 int i;
822
823 for (i = 0; i < adapter->priv_num; i++) {
824 priv = adapter->priv[i];
825 if (!priv)
826 continue;
827
828 spin_lock_bh(&priv->rx_reorder_tbl_lock);
829 list_for_each_entry(tbl, &priv->rx_reorder_tbl_ptr, list)
830 tbl->flags = flags;
831 spin_unlock_bh(&priv->rx_reorder_tbl_lock);
832 }
833
834 return;
835 }
836
837 /* This function update all the rx_win_size based on coex flag
838 */
mwifiex_update_ampdu_rxwinsize(struct mwifiex_adapter * adapter,bool coex_flag)839 static void mwifiex_update_ampdu_rxwinsize(struct mwifiex_adapter *adapter,
840 bool coex_flag)
841 {
842 u8 i;
843 u32 rx_win_size;
844 struct mwifiex_private *priv;
845
846 dev_dbg(adapter->dev, "Update rxwinsize %d\n", coex_flag);
847
848 for (i = 0; i < adapter->priv_num; i++) {
849 if (!adapter->priv[i])
850 continue;
851 priv = adapter->priv[i];
852 rx_win_size = priv->add_ba_param.rx_win_size;
853 if (coex_flag) {
854 if (priv->bss_type == MWIFIEX_BSS_TYPE_STA)
855 priv->add_ba_param.rx_win_size =
856 MWIFIEX_STA_COEX_AMPDU_DEF_RXWINSIZE;
857 if (priv->bss_type == MWIFIEX_BSS_TYPE_P2P)
858 priv->add_ba_param.rx_win_size =
859 MWIFIEX_STA_COEX_AMPDU_DEF_RXWINSIZE;
860 if (priv->bss_type == MWIFIEX_BSS_TYPE_UAP)
861 priv->add_ba_param.rx_win_size =
862 MWIFIEX_UAP_COEX_AMPDU_DEF_RXWINSIZE;
863 } else {
864 if (priv->bss_type == MWIFIEX_BSS_TYPE_STA)
865 priv->add_ba_param.rx_win_size =
866 MWIFIEX_STA_AMPDU_DEF_RXWINSIZE;
867 if (priv->bss_type == MWIFIEX_BSS_TYPE_P2P)
868 priv->add_ba_param.rx_win_size =
869 MWIFIEX_STA_AMPDU_DEF_RXWINSIZE;
870 if (priv->bss_type == MWIFIEX_BSS_TYPE_UAP)
871 priv->add_ba_param.rx_win_size =
872 MWIFIEX_UAP_AMPDU_DEF_RXWINSIZE;
873 }
874
875 if (adapter->coex_win_size && adapter->coex_rx_win_size)
876 priv->add_ba_param.rx_win_size =
877 adapter->coex_rx_win_size;
878
879 if (rx_win_size != priv->add_ba_param.rx_win_size) {
880 if (!priv->media_connected)
881 continue;
882 for (i = 0; i < MAX_NUM_TID; i++)
883 mwifiex_11n_delba(priv, i);
884 }
885 }
886 }
887
888 /* This function check coex for RX BA
889 */
mwifiex_coex_ampdu_rxwinsize(struct mwifiex_adapter * adapter)890 void mwifiex_coex_ampdu_rxwinsize(struct mwifiex_adapter *adapter)
891 {
892 u8 i;
893 struct mwifiex_private *priv;
894 u8 count = 0;
895
896 for (i = 0; i < adapter->priv_num; i++) {
897 if (adapter->priv[i]) {
898 priv = adapter->priv[i];
899 if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA) {
900 if (priv->media_connected)
901 count++;
902 }
903 if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_UAP) {
904 if (priv->bss_started)
905 count++;
906 }
907 }
908 if (count >= MWIFIEX_BSS_COEX_COUNT)
909 break;
910 }
911 if (count >= MWIFIEX_BSS_COEX_COUNT)
912 mwifiex_update_ampdu_rxwinsize(adapter, true);
913 else
914 mwifiex_update_ampdu_rxwinsize(adapter, false);
915 }
916
917 /* This function handles rxba_sync event
918 */
mwifiex_11n_rxba_sync_event(struct mwifiex_private * priv,u8 * event_buf,u16 len)919 void mwifiex_11n_rxba_sync_event(struct mwifiex_private *priv,
920 u8 *event_buf, u16 len)
921 {
922 struct mwifiex_ie_types_rxba_sync *tlv_rxba = (void *)event_buf;
923 u16 tlv_type, tlv_len;
924 struct mwifiex_rx_reorder_tbl *rx_reor_tbl_ptr;
925 u8 i, j;
926 u16 seq_num, tlv_seq_num, tlv_bitmap_len;
927 int tlv_buf_left = len;
928 int ret;
929 u8 *tmp;
930
931 mwifiex_dbg_dump(priv->adapter, EVT_D, "RXBA_SYNC event:",
932 event_buf, len);
933 while (tlv_buf_left >= sizeof(*tlv_rxba)) {
934 tlv_type = le16_to_cpu(tlv_rxba->header.type);
935 tlv_len = le16_to_cpu(tlv_rxba->header.len);
936 if (size_add(sizeof(tlv_rxba->header), tlv_len) > tlv_buf_left) {
937 mwifiex_dbg(priv->adapter, WARN,
938 "TLV size (%zu) overflows event_buf buf_left=%d\n",
939 size_add(sizeof(tlv_rxba->header), tlv_len),
940 tlv_buf_left);
941 return;
942 }
943
944 if (tlv_type != TLV_TYPE_RXBA_SYNC) {
945 mwifiex_dbg(priv->adapter, ERROR,
946 "Wrong TLV id=0x%x\n", tlv_type);
947 return;
948 }
949
950 tlv_seq_num = le16_to_cpu(tlv_rxba->seq_num);
951 tlv_bitmap_len = le16_to_cpu(tlv_rxba->bitmap_len);
952 if (size_add(sizeof(*tlv_rxba), tlv_bitmap_len) > tlv_buf_left) {
953 mwifiex_dbg(priv->adapter, WARN,
954 "TLV size (%zu) overflows event_buf buf_left=%d\n",
955 size_add(sizeof(*tlv_rxba), tlv_bitmap_len),
956 tlv_buf_left);
957 return;
958 }
959
960 mwifiex_dbg(priv->adapter, INFO,
961 "%pM tid=%d seq_num=%d bitmap_len=%d\n",
962 tlv_rxba->mac, tlv_rxba->tid, tlv_seq_num,
963 tlv_bitmap_len);
964
965 rx_reor_tbl_ptr =
966 mwifiex_11n_get_rx_reorder_tbl(priv, tlv_rxba->tid,
967 tlv_rxba->mac);
968 if (!rx_reor_tbl_ptr) {
969 mwifiex_dbg(priv->adapter, ERROR,
970 "Can not find rx_reorder_tbl!");
971 return;
972 }
973
974 for (i = 0; i < tlv_bitmap_len; i++) {
975 for (j = 0 ; j < 8; j++) {
976 if (tlv_rxba->bitmap[i] & (1 << j)) {
977 seq_num = (MAX_TID_VALUE - 1) &
978 (tlv_seq_num + i * 8 + j);
979
980 mwifiex_dbg(priv->adapter, ERROR,
981 "drop packet,seq=%d\n",
982 seq_num);
983
984 ret = mwifiex_11n_rx_reorder_pkt
985 (priv, seq_num, tlv_rxba->tid,
986 tlv_rxba->mac, 0, NULL);
987
988 if (ret)
989 mwifiex_dbg(priv->adapter,
990 ERROR,
991 "Fail to drop packet");
992 }
993 }
994 }
995
996 tlv_buf_left -= (sizeof(tlv_rxba->header) + tlv_len);
997 tmp = (u8 *)tlv_rxba + sizeof(tlv_rxba->header) + tlv_len;
998 tlv_rxba = (struct mwifiex_ie_types_rxba_sync *)tmp;
999 }
1000 }
1001