1 /* 2 * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include "dp_types.h" 20 #include "dp_rx.h" 21 #include "dp_peer.h" 22 #include "hal_api.h" 23 #include "qdf_trace.h" 24 #include "qdf_nbuf.h" 25 #include "dp_rx_defrag.h" 26 #include <enet.h> /* LLC_SNAP_HDR_LEN */ 27 #include "dp_rx_defrag.h" 28 29 const struct dp_rx_defrag_cipher dp_f_ccmp = { 30 "AES-CCM", 31 IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + IEEE80211_WEP_EXTIVLEN, 32 IEEE80211_WEP_MICLEN, 33 0, 34 }; 35 36 const struct dp_rx_defrag_cipher dp_f_tkip = { 37 "TKIP", 38 IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + IEEE80211_WEP_EXTIVLEN, 39 IEEE80211_WEP_CRCLEN, 40 IEEE80211_WEP_MICLEN, 41 }; 42 43 const struct dp_rx_defrag_cipher dp_f_wep = { 44 "WEP", 45 IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN, 46 IEEE80211_WEP_CRCLEN, 47 0, 48 }; 49 50 /* 51 * dp_rx_defrag_frames_free(): Free fragment chain 52 * @frames: Fragment chain 53 * 54 * Iterates through the fragment chain and frees them 55 * Returns: None 56 */ 57 static void dp_rx_defrag_frames_free(qdf_nbuf_t frames) 58 { 59 qdf_nbuf_t next, frag = frames; 60 61 while (frag) { 62 next = qdf_nbuf_next(frag); 63 qdf_nbuf_free(frag); 64 frag = next; 65 } 66 } 67 68 /* 69 * dp_rx_clear_saved_desc_info(): Clears descriptor info 70 * @peer: Pointer to the peer data structure 71 * @tid: Transmit ID (TID) 72 * 73 * Saves MPDU descriptor info and MSDU link pointer from REO 74 * ring descriptor. The cache is created per peer, per TID 75 * 76 * Returns: None 77 */ 78 static void dp_rx_clear_saved_desc_info(struct dp_peer *peer, unsigned tid) 79 { 80 if (peer->rx_tid[tid].dst_ring_desc) 81 qdf_mem_free(peer->rx_tid[tid].dst_ring_desc); 82 83 peer->rx_tid[tid].dst_ring_desc = NULL; 84 } 85 86 /* 87 * dp_rx_reorder_flush_frag(): Flush the frag list 88 * @peer: Pointer to the peer data structure 89 * @tid: Transmit ID (TID) 90 * 91 * Flush the per-TID frag list 92 * 93 * Returns: None 94 */ 95 void dp_rx_reorder_flush_frag(struct dp_peer *peer, 96 unsigned int tid) 97 { 98 struct dp_rx_reorder_array_elem *rx_reorder_array_elem; 99 100 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 101 FL("Flushing TID %d"), tid); 102 103 rx_reorder_array_elem = peer->rx_tid[tid].array; 104 if (rx_reorder_array_elem->head) { 105 dp_rx_defrag_frames_free(rx_reorder_array_elem->head); 106 rx_reorder_array_elem->head = NULL; 107 rx_reorder_array_elem->tail = NULL; 108 } 109 } 110 111 /* 112 * dp_rx_defrag_waitlist_flush(): Flush SOC defrag wait list 113 * @soc: DP SOC 114 * 115 * Flush fragments of all waitlisted TID's 116 * 117 * Returns: None 118 */ 119 void dp_rx_defrag_waitlist_flush(struct dp_soc *soc) 120 { 121 struct dp_rx_tid *rx_reorder, *tmp; 122 uint32_t now_ms = qdf_system_ticks_to_msecs(qdf_system_ticks()); 123 124 TAILQ_FOREACH_SAFE(rx_reorder, &soc->rx.defrag.waitlist, 125 defrag_waitlist_elem, tmp) { 126 struct dp_peer *peer; 127 struct dp_rx_tid *rx_reorder_base; 128 unsigned int tid; 129 130 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 131 FL("Current time %u"), now_ms); 132 133 if (rx_reorder->defrag_timeout_ms > now_ms) 134 break; 135 136 tid = rx_reorder->tid; 137 /* get index 0 of the rx_reorder array */ 138 rx_reorder_base = rx_reorder - tid; 139 peer = 140 container_of(rx_reorder_base, struct dp_peer, 141 rx_tid[0]); 142 143 TAILQ_REMOVE(&soc->rx.defrag.waitlist, rx_reorder, 144 defrag_waitlist_elem); 145 //dp_rx_defrag_waitlist_remove(peer, tid); 146 dp_rx_reorder_flush_frag(peer, tid); 147 } 148 } 149 150 /* 151 * dp_rx_defrag_waitlist_add(): Update per-PDEV defrag wait list 152 * @peer: Pointer to the peer data structure 153 * @tid: Transmit ID (TID) 154 * 155 * Appends per-tid fragments to global fragment wait list 156 * 157 * Returns: None 158 */ 159 static void dp_rx_defrag_waitlist_add(struct dp_peer *peer, unsigned tid) 160 { 161 struct dp_soc *psoc = peer->vdev->pdev->soc; 162 struct dp_rx_tid *rx_reorder = &peer->rx_tid[tid]; 163 164 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 165 FL("Adding TID %u to waitlist"), tid); 166 167 /* TODO: use LIST macros instead of TAIL macros */ 168 TAILQ_INSERT_TAIL(&psoc->rx.defrag.waitlist, rx_reorder, 169 defrag_waitlist_elem); 170 } 171 172 /* 173 * dp_rx_defrag_waitlist_remove(): Remove fragments from waitlist 174 * @peer: Pointer to the peer data structure 175 * @tid: Transmit ID (TID) 176 * 177 * Remove fragments from waitlist 178 * 179 * Returns: None 180 */ 181 void dp_rx_defrag_waitlist_remove(struct dp_peer *peer, unsigned tid) 182 { 183 struct dp_pdev *pdev = peer->vdev->pdev; 184 struct dp_soc *soc = pdev->soc; 185 struct dp_rx_tid *rx_reorder; 186 187 if (tid > DP_MAX_TIDS) { 188 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 189 "TID out of bounds: %d", tid); 190 qdf_assert(0); 191 return; 192 } 193 194 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 195 FL("Remove TID %u from waitlist"), tid); 196 197 TAILQ_FOREACH(rx_reorder, &soc->rx.defrag.waitlist, 198 defrag_waitlist_elem) { 199 if (rx_reorder->tid == tid) 200 TAILQ_REMOVE(&soc->rx.defrag.waitlist, 201 rx_reorder, defrag_waitlist_elem); 202 } 203 } 204 205 /* 206 * dp_rx_defrag_fraglist_insert(): Create a per-sequence fragment list 207 * @peer: Pointer to the peer data structure 208 * @tid: Transmit ID (TID) 209 * @head_addr: Pointer to head list 210 * @tail_addr: Pointer to tail list 211 * @frag: Incoming fragment 212 * @all_frag_present: Flag to indicate whether all fragments are received 213 * 214 * Build a per-tid, per-sequence fragment list. 215 * 216 * Returns: Success, if inserted 217 */ 218 static QDF_STATUS dp_rx_defrag_fraglist_insert(struct dp_peer *peer, unsigned tid, 219 qdf_nbuf_t *head_addr, qdf_nbuf_t *tail_addr, qdf_nbuf_t frag, 220 uint8_t *all_frag_present) 221 { 222 qdf_nbuf_t next; 223 qdf_nbuf_t prev = NULL; 224 qdf_nbuf_t cur; 225 uint16_t head_fragno, cur_fragno, next_fragno; 226 uint8_t last_morefrag = 1, count = 0; 227 struct dp_rx_tid *rx_tid = &peer->rx_tid[tid]; 228 uint8_t *rx_desc_info; 229 230 231 qdf_assert(frag); 232 qdf_assert(head_addr); 233 qdf_assert(tail_addr); 234 235 *all_frag_present = 0; 236 rx_desc_info = qdf_nbuf_data(frag); 237 cur_fragno = dp_rx_frag_get_mpdu_frag_number(rx_desc_info); 238 239 /* If this is the first fragment */ 240 if (!(*head_addr)) { 241 *head_addr = *tail_addr = frag; 242 qdf_nbuf_set_next(*tail_addr, NULL); 243 rx_tid->curr_frag_num = cur_fragno; 244 245 goto insert_done; 246 } 247 248 /* In sequence fragment */ 249 if (cur_fragno > rx_tid->curr_frag_num) { 250 qdf_nbuf_set_next(*tail_addr, frag); 251 *tail_addr = frag; 252 qdf_nbuf_set_next(*tail_addr, NULL); 253 rx_tid->curr_frag_num = cur_fragno; 254 } else { 255 /* Out of sequence fragment */ 256 cur = *head_addr; 257 rx_desc_info = qdf_nbuf_data(cur); 258 head_fragno = dp_rx_frag_get_mpdu_frag_number(rx_desc_info); 259 260 if (cur_fragno == head_fragno) { 261 qdf_nbuf_free(frag); 262 goto insert_fail; 263 } else if (head_fragno > cur_fragno) { 264 qdf_nbuf_set_next(frag, cur); 265 cur = frag; 266 *head_addr = frag; /* head pointer to be updated */ 267 } else { 268 while ((cur_fragno > head_fragno) && cur != NULL) { 269 prev = cur; 270 cur = qdf_nbuf_next(cur); 271 rx_desc_info = qdf_nbuf_data(cur); 272 head_fragno = 273 dp_rx_frag_get_mpdu_frag_number( 274 rx_desc_info); 275 } 276 277 if (cur_fragno == head_fragno) { 278 qdf_nbuf_free(frag); 279 goto insert_fail; 280 } 281 282 qdf_nbuf_set_next(prev, frag); 283 qdf_nbuf_set_next(frag, cur); 284 } 285 } 286 287 next = qdf_nbuf_next(*head_addr); 288 289 rx_desc_info = qdf_nbuf_data(*tail_addr); 290 last_morefrag = dp_rx_frag_get_more_frag_bit(rx_desc_info); 291 292 /* TODO: optimize the loop */ 293 if (!last_morefrag) { 294 /* Check if all fragments are present */ 295 do { 296 rx_desc_info = qdf_nbuf_data(next); 297 next_fragno = 298 dp_rx_frag_get_mpdu_frag_number(rx_desc_info); 299 count++; 300 301 if (next_fragno != count) 302 break; 303 304 next = qdf_nbuf_next(next); 305 } while (next); 306 307 if (!next) { 308 *all_frag_present = 1; 309 return QDF_STATUS_SUCCESS; 310 } 311 } 312 313 insert_done: 314 return QDF_STATUS_SUCCESS; 315 316 insert_fail: 317 return QDF_STATUS_E_FAILURE; 318 } 319 320 321 /* 322 * dp_rx_defrag_tkip_decap(): decap tkip encrypted fragment 323 * @msdu: Pointer to the fragment 324 * @hdrlen: 802.11 header length (mostly useful in 4 addr frames) 325 * 326 * decap tkip encrypted fragment 327 * 328 * Returns: QDF_STATUS 329 */ 330 static QDF_STATUS dp_rx_defrag_tkip_decap(qdf_nbuf_t msdu, uint16_t hdrlen) 331 { 332 uint8_t *ivp, *orig_hdr; 333 int rx_desc_len = sizeof(struct rx_pkt_tlvs); 334 335 /* start of 802.11 header info */ 336 orig_hdr = (uint8_t *)(qdf_nbuf_data(msdu) + rx_desc_len); 337 338 /* TKIP header is located post 802.11 header */ 339 ivp = orig_hdr + hdrlen; 340 if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) { 341 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 342 "IEEE80211_WEP_EXTIV is missing in TKIP fragment"); 343 return QDF_STATUS_E_DEFRAG_ERROR; 344 } 345 346 qdf_mem_move(orig_hdr + dp_f_tkip.ic_header, orig_hdr, hdrlen); 347 348 qdf_nbuf_pull_head(msdu, dp_f_tkip.ic_header); 349 qdf_nbuf_trim_tail(msdu, dp_f_tkip.ic_trailer); 350 351 return QDF_STATUS_SUCCESS; 352 } 353 354 /* 355 * dp_rx_defrag_ccmp_demic(): Remove MIC information from CCMP fragment 356 * @nbuf: Pointer to the fragment buffer 357 * @hdrlen: 802.11 header length (mostly useful in 4 addr frames) 358 * 359 * Remove MIC information from CCMP fragment 360 * 361 * Returns: QDF_STATUS 362 */ 363 static QDF_STATUS dp_rx_defrag_ccmp_demic(qdf_nbuf_t nbuf, uint16_t hdrlen) 364 { 365 uint8_t *ivp, *orig_hdr; 366 int rx_desc_len = sizeof(struct rx_pkt_tlvs); 367 368 /* start of the 802.11 header */ 369 orig_hdr = (uint8_t *)(qdf_nbuf_data(nbuf) + rx_desc_len); 370 371 /* CCMP header is located after 802.11 header */ 372 ivp = orig_hdr + hdrlen; 373 if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) 374 return QDF_STATUS_E_DEFRAG_ERROR; 375 376 qdf_nbuf_trim_tail(nbuf, dp_f_ccmp.ic_trailer); 377 378 return QDF_STATUS_SUCCESS; 379 } 380 381 /* 382 * dp_rx_defrag_ccmp_decap(): decap CCMP encrypted fragment 383 * @nbuf: Pointer to the fragment 384 * @hdrlen: length of the header information 385 * 386 * decap CCMP encrypted fragment 387 * 388 * Returns: QDF_STATUS 389 */ 390 static QDF_STATUS dp_rx_defrag_ccmp_decap(qdf_nbuf_t nbuf, uint16_t hdrlen) 391 { 392 uint8_t *ivp, *origHdr; 393 int rx_desc_len = sizeof(struct rx_pkt_tlvs); 394 395 origHdr = (uint8_t *) (qdf_nbuf_data(nbuf) + rx_desc_len); 396 ivp = origHdr + hdrlen; 397 398 if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) 399 return QDF_STATUS_E_DEFRAG_ERROR; 400 401 /* Let's pull the header later */ 402 403 return QDF_STATUS_SUCCESS; 404 } 405 406 /* 407 * dp_rx_defrag_wep_decap(): decap WEP encrypted fragment 408 * @msdu: Pointer to the fragment 409 * @hdrlen: length of the header information 410 * 411 * decap WEP encrypted fragment 412 * 413 * Returns: QDF_STATUS 414 */ 415 static QDF_STATUS dp_rx_defrag_wep_decap(qdf_nbuf_t msdu, uint16_t hdrlen) 416 { 417 uint8_t *origHdr; 418 int rx_desc_len = sizeof(struct rx_pkt_tlvs); 419 420 origHdr = (uint8_t *) (qdf_nbuf_data(msdu) + rx_desc_len); 421 qdf_mem_move(origHdr + dp_f_wep.ic_header, origHdr, hdrlen); 422 423 qdf_nbuf_trim_tail(msdu, dp_f_wep.ic_trailer); 424 425 return QDF_STATUS_SUCCESS; 426 } 427 428 /* 429 * dp_rx_defrag_hdrsize(): Calculate the header size of the received fragment 430 * @nbuf: Pointer to the fragment 431 * 432 * Calculate the header size of the received fragment 433 * 434 * Returns: header size (uint16_t) 435 */ 436 static uint16_t dp_rx_defrag_hdrsize(qdf_nbuf_t nbuf) 437 { 438 uint8_t *rx_tlv_hdr = qdf_nbuf_data(nbuf); 439 uint16_t size = sizeof(struct ieee80211_frame); 440 uint16_t fc = 0; 441 uint32_t to_ds, fr_ds; 442 uint8_t frm_ctrl_valid; 443 uint16_t frm_ctrl_field; 444 445 to_ds = hal_rx_mpdu_get_to_ds(rx_tlv_hdr); 446 fr_ds = hal_rx_mpdu_get_fr_ds(rx_tlv_hdr); 447 frm_ctrl_valid = hal_rx_get_mpdu_frame_control_valid(rx_tlv_hdr); 448 frm_ctrl_field = hal_rx_get_frame_ctrl_field(rx_tlv_hdr); 449 450 if (to_ds && fr_ds) 451 size += IEEE80211_ADDR_LEN; 452 453 if (frm_ctrl_valid) { 454 fc = frm_ctrl_field; 455 456 /* use 1-st byte for validation */ 457 if (DP_RX_DEFRAG_IEEE80211_QOS_HAS_SEQ(fc & 0xff)) { 458 size += sizeof(uint16_t); 459 /* use 2-nd byte for validation */ 460 if (((fc & 0xff00) >> 8) & IEEE80211_FC1_ORDER) 461 size += sizeof(struct ieee80211_htc); 462 } 463 } 464 465 return size; 466 } 467 468 /* 469 * dp_rx_defrag_michdr(): Calculate a psuedo MIC header 470 * @wh0: Pointer to the wireless header of the fragment 471 * @hdr: Array to hold the psuedo header 472 * 473 * Calculate a psuedo MIC header 474 * 475 * Returns: None 476 */ 477 static void dp_rx_defrag_michdr(const struct ieee80211_frame *wh0, 478 uint8_t hdr[]) 479 { 480 const struct ieee80211_frame_addr4 *wh = 481 (const struct ieee80211_frame_addr4 *)wh0; 482 483 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 484 case IEEE80211_FC1_DIR_NODS: 485 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr1); /* DA */ 486 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + IEEE80211_ADDR_LEN, 487 wh->i_addr2); 488 break; 489 case IEEE80211_FC1_DIR_TODS: 490 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr3); /* DA */ 491 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + IEEE80211_ADDR_LEN, 492 wh->i_addr2); 493 break; 494 case IEEE80211_FC1_DIR_FROMDS: 495 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr1); /* DA */ 496 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + IEEE80211_ADDR_LEN, 497 wh->i_addr3); 498 break; 499 case IEEE80211_FC1_DIR_DSTODS: 500 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr3); /* DA */ 501 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + IEEE80211_ADDR_LEN, 502 wh->i_addr4); 503 break; 504 } 505 506 /* 507 * Bit 7 is IEEE80211_FC0_SUBTYPE_QOS for data frame, but 508 * it could also be set for deauth, disassoc, action, etc. for 509 * a mgt type frame. It comes into picture for MFP. 510 */ 511 if (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_QOS) { 512 const struct ieee80211_qosframe *qwh = 513 (const struct ieee80211_qosframe *)wh; 514 hdr[12] = qwh->i_qos[0] & IEEE80211_QOS_TID; 515 } else { 516 hdr[12] = 0; 517 } 518 519 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */ 520 } 521 522 /* 523 * dp_rx_defrag_mic(): Calculate MIC header 524 * @key: Pointer to the key 525 * @wbuf: fragment buffer 526 * @off: Offset 527 * @data_len: Data lengh 528 * @mic: Array to hold MIC 529 * 530 * Calculate a psuedo MIC header 531 * 532 * Returns: QDF_STATUS 533 */ 534 static QDF_STATUS dp_rx_defrag_mic(const uint8_t *key, qdf_nbuf_t wbuf, 535 uint16_t off, uint16_t data_len, uint8_t mic[]) 536 { 537 uint8_t hdr[16] = { 0, }; 538 uint32_t l, r; 539 const uint8_t *data; 540 uint32_t space; 541 int rx_desc_len = sizeof(struct rx_pkt_tlvs); 542 543 dp_rx_defrag_michdr((struct ieee80211_frame *)(qdf_nbuf_data(wbuf) 544 + rx_desc_len), hdr); 545 l = dp_rx_get_le32(key); 546 r = dp_rx_get_le32(key + 4); 547 548 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */ 549 l ^= dp_rx_get_le32(hdr); 550 dp_rx_michael_block(l, r); 551 l ^= dp_rx_get_le32(&hdr[4]); 552 dp_rx_michael_block(l, r); 553 l ^= dp_rx_get_le32(&hdr[8]); 554 dp_rx_michael_block(l, r); 555 l ^= dp_rx_get_le32(&hdr[12]); 556 dp_rx_michael_block(l, r); 557 558 /* first buffer has special handling */ 559 data = (uint8_t *) qdf_nbuf_data(wbuf) + rx_desc_len + off; 560 space = qdf_nbuf_len(wbuf) - rx_desc_len - off; 561 562 for (;; ) { 563 if (space > data_len) 564 space = data_len; 565 566 /* collect 32-bit blocks from current buffer */ 567 while (space >= sizeof(uint32_t)) { 568 l ^= dp_rx_get_le32(data); 569 dp_rx_michael_block(l, r); 570 data += sizeof(uint32_t); 571 space -= sizeof(uint32_t); 572 data_len -= sizeof(uint32_t); 573 } 574 if (data_len < sizeof(uint32_t)) 575 break; 576 577 wbuf = qdf_nbuf_next(wbuf); 578 if (wbuf == NULL) 579 return QDF_STATUS_E_DEFRAG_ERROR; 580 581 if (space != 0) { 582 const uint8_t *data_next; 583 /* 584 * Block straddles buffers, split references. 585 */ 586 data_next = 587 (uint8_t *) qdf_nbuf_data(wbuf) + rx_desc_len; 588 if ((qdf_nbuf_len(wbuf) - rx_desc_len) < 589 sizeof(uint32_t) - space) { 590 return QDF_STATUS_E_DEFRAG_ERROR; 591 } 592 switch (space) { 593 case 1: 594 l ^= dp_rx_get_le32_split(data[0], 595 data_next[0], data_next[1], 596 data_next[2]); 597 data = data_next + 3; 598 space = (qdf_nbuf_len(wbuf) - rx_desc_len) 599 - 3; 600 break; 601 case 2: 602 l ^= dp_rx_get_le32_split(data[0], data[1], 603 data_next[0], data_next[1]); 604 data = data_next + 2; 605 space = (qdf_nbuf_len(wbuf) - rx_desc_len) 606 - 2; 607 break; 608 case 3: 609 l ^= dp_rx_get_le32_split(data[0], data[1], 610 data[2], data_next[0]); 611 data = data_next + 1; 612 space = (qdf_nbuf_len(wbuf) - rx_desc_len) 613 - 1; 614 break; 615 } 616 dp_rx_michael_block(l, r); 617 data_len -= sizeof(uint32_t); 618 } else { 619 /* 620 * Setup for next buffer. 621 */ 622 data = (uint8_t *) qdf_nbuf_data(wbuf) + rx_desc_len; 623 space = qdf_nbuf_len(wbuf) - rx_desc_len; 624 } 625 } 626 /* Last block and padding (0x5a, 4..7 x 0) */ 627 switch (data_len) { 628 case 0: 629 l ^= dp_rx_get_le32_split(0x5a, 0, 0, 0); 630 break; 631 case 1: 632 l ^= dp_rx_get_le32_split(data[0], 0x5a, 0, 0); 633 break; 634 case 2: 635 l ^= dp_rx_get_le32_split(data[0], data[1], 0x5a, 0); 636 break; 637 case 3: 638 l ^= dp_rx_get_le32_split(data[0], data[1], data[2], 0x5a); 639 break; 640 } 641 dp_rx_michael_block(l, r); 642 dp_rx_michael_block(l, r); 643 dp_rx_put_le32(mic, l); 644 dp_rx_put_le32(mic + 4, r); 645 646 return QDF_STATUS_SUCCESS; 647 } 648 649 /* 650 * dp_rx_defrag_tkip_demic(): Remove MIC header from the TKIP frame 651 * @key: Pointer to the key 652 * @msdu: fragment buffer 653 * @hdrlen: Length of the header information 654 * 655 * Remove MIC information from the TKIP frame 656 * 657 * Returns: QDF_STATUS 658 */ 659 static QDF_STATUS dp_rx_defrag_tkip_demic(const uint8_t *key, 660 qdf_nbuf_t msdu, uint16_t hdrlen) 661 { 662 QDF_STATUS status; 663 uint32_t pktlen; 664 uint8_t mic[IEEE80211_WEP_MICLEN]; 665 uint8_t mic0[IEEE80211_WEP_MICLEN]; 666 int rx_desc_len = sizeof(struct rx_pkt_tlvs); 667 668 pktlen = qdf_nbuf_len(msdu) - rx_desc_len; 669 670 status = dp_rx_defrag_mic(key, msdu, hdrlen, 671 pktlen - (hdrlen + dp_f_tkip.ic_miclen), mic); 672 673 if (QDF_IS_STATUS_ERROR(status)) 674 return status; 675 676 qdf_nbuf_copy_bits(msdu, pktlen - dp_f_tkip.ic_miclen + rx_desc_len, 677 dp_f_tkip.ic_miclen, (caddr_t)mic0); 678 679 if (!qdf_mem_cmp(mic, mic0, dp_f_tkip.ic_miclen)) 680 return QDF_STATUS_E_DEFRAG_ERROR; 681 682 qdf_nbuf_trim_tail(msdu, dp_f_tkip.ic_miclen); 683 684 return QDF_STATUS_SUCCESS; 685 } 686 687 /* 688 * dp_rx_frag_pull_hdr(): Pulls the RXTLV & the 802.11 headers 689 * @nbuf: buffer pointer 690 * @hdrsize: size of the header to be pulled 691 * 692 * Pull the RXTLV & the 802.11 headers 693 * 694 * Returns: None 695 */ 696 static void dp_rx_frag_pull_hdr(qdf_nbuf_t nbuf, uint16_t hdrsize) 697 { 698 qdf_nbuf_pull_head(nbuf, 699 RX_PKT_TLVS_LEN + hdrsize); 700 701 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_INFO, 702 "%s: final pktlen %d .11len %d\n", 703 __func__, 704 (uint32_t)qdf_nbuf_len(nbuf), hdrsize); 705 } 706 707 /* 708 * dp_rx_construct_fraglist(): Construct a nbuf fraglist 709 * @peer: Pointer to the peer 710 * @head: Pointer to list of fragments 711 * @hdrsize: Size of the header to be pulled 712 * 713 * Construct a nbuf fraglist 714 * 715 * Returns: None 716 */ 717 static void 718 dp_rx_construct_fraglist(struct dp_peer *peer, 719 qdf_nbuf_t head, uint16_t hdrsize) 720 { 721 qdf_nbuf_t msdu = qdf_nbuf_next(head); 722 qdf_nbuf_t rx_nbuf = msdu; 723 uint32_t len = 0; 724 725 while (msdu) { 726 dp_rx_frag_pull_hdr(msdu, hdrsize); 727 len += qdf_nbuf_len(msdu); 728 msdu = qdf_nbuf_next(msdu); 729 } 730 731 qdf_nbuf_append_ext_list(head, rx_nbuf, len); 732 qdf_nbuf_set_next(head, NULL); 733 734 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_INFO, 735 "%s: head len %d ext len %d data len %d \n", 736 __func__, 737 (uint32_t)qdf_nbuf_len(head), 738 (uint32_t)qdf_nbuf_len(rx_nbuf), 739 (uint32_t)(head->data_len)); 740 } 741 742 /** 743 * dp_rx_defrag_err() - rx err handler 744 * @pdev: handle to pdev object 745 * @vdev_id: vdev id 746 * @peer_mac_addr: peer mac address 747 * @tid: TID 748 * @tsf32: TSF 749 * @err_type: error type 750 * @rx_frame: rx frame 751 * @pn: PN Number 752 * @key_id: key id 753 * 754 * This function handles rx error and send MIC error notification 755 * 756 * Return: None 757 */ 758 static void dp_rx_defrag_err(uint8_t vdev_id, uint8_t *peer_mac_addr, 759 int tid, uint32_t tsf32, uint32_t err_type, qdf_nbuf_t rx_frame, 760 uint64_t *pn, uint8_t key_id) 761 { 762 /* TODO: Who needs to know about the TKIP MIC error */ 763 } 764 765 766 /* 767 * dp_rx_defrag_nwifi_to_8023(): Transcap 802.11 to 802.3 768 * @nbuf: Pointer to the fragment buffer 769 * @hdrsize: Size of headers 770 * 771 * Transcap the fragment from 802.11 to 802.3 772 * 773 * Returns: None 774 */ 775 static void 776 dp_rx_defrag_nwifi_to_8023(qdf_nbuf_t nbuf, uint16_t hdrsize) 777 { 778 struct llc_snap_hdr_t *llchdr; 779 struct ethernet_hdr_t *eth_hdr; 780 uint8_t ether_type[2]; 781 uint16_t fc = 0; 782 union dp_align_mac_addr mac_addr; 783 uint8_t *rx_desc_info = qdf_mem_malloc(RX_PKT_TLVS_LEN); 784 785 if (rx_desc_info == NULL) { 786 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 787 "%s: Memory alloc failed ! \n", __func__); 788 QDF_ASSERT(0); 789 return; 790 } 791 792 qdf_mem_copy(rx_desc_info, qdf_nbuf_data(nbuf), RX_PKT_TLVS_LEN); 793 794 llchdr = (struct llc_snap_hdr_t *)(qdf_nbuf_data(nbuf) + 795 RX_PKT_TLVS_LEN + hdrsize); 796 qdf_mem_copy(ether_type, llchdr->ethertype, 2); 797 798 qdf_nbuf_pull_head(nbuf, (RX_PKT_TLVS_LEN + hdrsize + 799 sizeof(struct llc_snap_hdr_t) - 800 sizeof(struct ethernet_hdr_t))); 801 802 eth_hdr = (struct ethernet_hdr_t *)(qdf_nbuf_data(nbuf)); 803 804 if (hal_rx_get_mpdu_frame_control_valid(rx_desc_info)) 805 fc = hal_rx_get_frame_ctrl_field(rx_desc_info); 806 807 switch (((fc & 0xff00) >> 8) & IEEE80211_FC1_DIR_MASK) { 808 809 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_INFO, 810 "%s: frame control type: 0x%x", __func__, fc); 811 812 case IEEE80211_FC1_DIR_NODS: 813 hal_rx_mpdu_get_addr1(rx_desc_info, 814 &mac_addr.raw[0]); 815 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 816 IEEE80211_ADDR_LEN); 817 hal_rx_mpdu_get_addr2(rx_desc_info, 818 &mac_addr.raw[0]); 819 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 820 IEEE80211_ADDR_LEN); 821 break; 822 case IEEE80211_FC1_DIR_TODS: 823 hal_rx_mpdu_get_addr3(rx_desc_info, 824 &mac_addr.raw[0]); 825 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 826 IEEE80211_ADDR_LEN); 827 hal_rx_mpdu_get_addr2(rx_desc_info, 828 &mac_addr.raw[0]); 829 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 830 IEEE80211_ADDR_LEN); 831 break; 832 case IEEE80211_FC1_DIR_FROMDS: 833 hal_rx_mpdu_get_addr1(rx_desc_info, 834 &mac_addr.raw[0]); 835 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 836 IEEE80211_ADDR_LEN); 837 hal_rx_mpdu_get_addr3(rx_desc_info, 838 &mac_addr.raw[0]); 839 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 840 IEEE80211_ADDR_LEN); 841 break; 842 843 case IEEE80211_FC1_DIR_DSTODS: 844 hal_rx_mpdu_get_addr3(rx_desc_info, 845 &mac_addr.raw[0]); 846 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 847 IEEE80211_ADDR_LEN); 848 hal_rx_mpdu_get_addr4(rx_desc_info, 849 &mac_addr.raw[0]); 850 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 851 IEEE80211_ADDR_LEN); 852 break; 853 854 default: 855 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 856 "%s: Unknown frame control type: 0x%x", __func__, fc); 857 } 858 859 qdf_mem_copy(eth_hdr->ethertype, ether_type, 860 sizeof(ether_type)); 861 862 qdf_nbuf_push_head(nbuf, RX_PKT_TLVS_LEN); 863 qdf_mem_copy(qdf_nbuf_data(nbuf), rx_desc_info, RX_PKT_TLVS_LEN); 864 qdf_mem_free(rx_desc_info); 865 } 866 867 /* 868 * dp_rx_defrag_reo_reinject(): Reinject the fragment chain back into REO 869 * @peer: Pointer to the peer 870 * @tid: Transmit Identifier 871 * @head: Buffer to be reinjected back 872 * 873 * Reinject the fragment chain back into REO 874 * 875 * Returns: QDF_STATUS 876 */ 877 static QDF_STATUS dp_rx_defrag_reo_reinject(struct dp_peer *peer, 878 unsigned tid, qdf_nbuf_t head) 879 { 880 struct dp_pdev *pdev = peer->vdev->pdev; 881 struct dp_soc *soc = pdev->soc; 882 struct hal_buf_info buf_info; 883 void *link_desc_va; 884 void *msdu0, *msdu_desc_info; 885 void *ent_ring_desc, *ent_mpdu_desc_info, *ent_qdesc_addr; 886 void *dst_mpdu_desc_info, *dst_qdesc_addr; 887 qdf_dma_addr_t paddr; 888 uint32_t nbuf_len, seq_no, dst_ind; 889 uint32_t *mpdu_wrd; 890 uint32_t ret, cookie; 891 892 void *dst_ring_desc = 893 peer->rx_tid[tid].dst_ring_desc; 894 void *hal_srng = soc->reo_reinject_ring.hal_srng; 895 896 hal_rx_reo_buf_paddr_get(dst_ring_desc, &buf_info); 897 898 link_desc_va = dp_rx_cookie_2_link_desc_va(soc, &buf_info); 899 900 qdf_assert(link_desc_va); 901 902 msdu0 = (uint8_t *)link_desc_va + 903 RX_MSDU_LINK_8_RX_MSDU_DETAILS_MSDU_0_OFFSET; 904 905 nbuf_len = qdf_nbuf_len(head) - RX_PKT_TLVS_LEN; 906 907 HAL_RX_UNIFORM_HDR_SET(link_desc_va, OWNER, UNI_DESC_OWNER_SW); 908 HAL_RX_UNIFORM_HDR_SET(link_desc_va, BUFFER_TYPE, 909 UNI_DESC_BUF_TYPE_RX_MSDU_LINK); 910 911 /* msdu reconfig */ 912 msdu_desc_info = (uint8_t *)msdu0 + 913 RX_MSDU_DETAILS_2_RX_MSDU_DESC_INFO_RX_MSDU_DESC_INFO_DETAILS_OFFSET; 914 915 dst_ind = hal_rx_msdu_reo_dst_ind_get(link_desc_va); 916 917 qdf_mem_zero(msdu_desc_info, sizeof(struct rx_msdu_desc_info)); 918 919 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 920 FIRST_MSDU_IN_MPDU_FLAG, 1); 921 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 922 LAST_MSDU_IN_MPDU_FLAG, 1); 923 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 924 MSDU_CONTINUATION, 0x0); 925 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 926 REO_DESTINATION_INDICATION, dst_ind); 927 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 928 MSDU_LENGTH, nbuf_len); 929 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 930 SA_IS_VALID, 1); 931 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 932 DA_IS_VALID, 1); 933 934 /* change RX TLV's */ 935 hal_rx_msdu_start_msdu_len_set( 936 qdf_nbuf_data(head), nbuf_len); 937 938 cookie = HAL_RX_BUF_COOKIE_GET(msdu0); 939 940 /* map the nbuf before reinject it into HW */ 941 ret = qdf_nbuf_map_single(soc->osdev, head, 942 QDF_DMA_BIDIRECTIONAL); 943 944 if (qdf_unlikely(ret == QDF_STATUS_E_FAILURE)) { 945 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 946 "%s: nbuf map failed !\n", __func__); 947 qdf_nbuf_free(head); 948 return QDF_STATUS_E_FAILURE; 949 } 950 951 paddr = qdf_nbuf_get_frag_paddr(head, 0); 952 953 ret = check_x86_paddr(soc, &head, &paddr, pdev); 954 955 if (ret == QDF_STATUS_E_FAILURE) { 956 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 957 "%s: x86 check failed !\n", __func__); 958 return QDF_STATUS_E_FAILURE; 959 } 960 961 hal_rxdma_buff_addr_info_set(msdu0, paddr, cookie, 962 HAL_RX_BUF_RBM_SW3_BM); 963 964 /* Lets fill entrance ring now !!! */ 965 if (qdf_unlikely(hal_srng_access_start(soc->hal_soc, hal_srng))) { 966 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 967 "HAL RING Access For REO entrance SRNG Failed: %pK", 968 hal_srng); 969 970 return QDF_STATUS_E_FAILURE; 971 } 972 973 ent_ring_desc = hal_srng_src_get_next(soc->hal_soc, hal_srng); 974 975 qdf_assert(ent_ring_desc); 976 977 paddr = (uint64_t)buf_info.paddr; 978 /* buf addr */ 979 hal_rxdma_buff_addr_info_set(ent_ring_desc, paddr, 980 buf_info.sw_cookie, 981 HAL_RX_BUF_RBM_WBM_IDLE_DESC_LIST); 982 /* mpdu desc info */ 983 ent_mpdu_desc_info = (uint8_t *)ent_ring_desc + 984 RX_MPDU_DETAILS_2_RX_MPDU_DESC_INFO_RX_MPDU_DESC_INFO_DETAILS_OFFSET; 985 986 dst_mpdu_desc_info = (uint8_t *)dst_ring_desc + 987 REO_DESTINATION_RING_2_RX_MPDU_DESC_INFO_RX_MPDU_DESC_INFO_DETAILS_OFFSET; 988 989 qdf_mem_copy(ent_mpdu_desc_info, dst_mpdu_desc_info, 990 sizeof(struct rx_mpdu_desc_info)); 991 qdf_mem_zero(ent_mpdu_desc_info, sizeof(uint32_t)); 992 993 mpdu_wrd = (uint32_t *)dst_mpdu_desc_info; 994 seq_no = HAL_RX_MPDU_SEQUENCE_NUMBER_GET(mpdu_wrd); 995 996 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 997 MSDU_COUNT, 0x1); 998 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 999 MPDU_SEQUENCE_NUMBER, seq_no); 1000 1001 /* unset frag bit */ 1002 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1003 FRAGMENT_FLAG, 0x0); 1004 1005 /* set sa/da valid bits */ 1006 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1007 SA_IS_VALID, 0x1); 1008 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1009 DA_IS_VALID, 0x1); 1010 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1011 RAW_MPDU, 0x0); 1012 1013 /* qdesc addr */ 1014 ent_qdesc_addr = (uint8_t *)ent_ring_desc + 1015 REO_ENTRANCE_RING_4_RX_REO_QUEUE_DESC_ADDR_31_0_OFFSET; 1016 1017 dst_qdesc_addr = (uint8_t *)dst_ring_desc + 1018 REO_DESTINATION_RING_6_RX_REO_QUEUE_DESC_ADDR_31_0_OFFSET; 1019 1020 qdf_mem_copy(ent_qdesc_addr, dst_qdesc_addr, 8); 1021 1022 HAL_RX_FLD_SET(ent_ring_desc, REO_ENTRANCE_RING_5, 1023 REO_DESTINATION_INDICATION, dst_ind); 1024 1025 hal_srng_access_end(soc->hal_soc, hal_srng); 1026 1027 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_INFO, 1028 "%s: reinjection done !\n", __func__); 1029 return QDF_STATUS_SUCCESS; 1030 } 1031 1032 /* 1033 * dp_rx_defrag(): Defragment the fragment chain 1034 * @peer: Pointer to the peer 1035 * @tid: Transmit Identifier 1036 * @frag_list_head: Pointer to head list 1037 * @frag_list_tail: Pointer to tail list 1038 * 1039 * Defragment the fragment chain 1040 * 1041 * Returns: QDF_STATUS 1042 */ 1043 static QDF_STATUS dp_rx_defrag(struct dp_peer *peer, unsigned tid, 1044 qdf_nbuf_t frag_list_head, qdf_nbuf_t frag_list_tail) 1045 { 1046 qdf_nbuf_t tmp_next, prev; 1047 qdf_nbuf_t cur = frag_list_head, msdu; 1048 uint32_t index, tkip_demic = 0; 1049 uint16_t hdr_space; 1050 uint8_t key[DEFRAG_IEEE80211_KEY_LEN]; 1051 struct dp_vdev *vdev = peer->vdev; 1052 1053 hdr_space = dp_rx_defrag_hdrsize(cur); 1054 index = hal_rx_msdu_is_wlan_mcast(cur) ? 1055 dp_sec_mcast : dp_sec_ucast; 1056 1057 /* Remove FCS from all fragments */ 1058 while (cur) { 1059 tmp_next = qdf_nbuf_next(cur); 1060 qdf_nbuf_set_next(cur, NULL); 1061 qdf_nbuf_trim_tail(cur, DEFRAG_IEEE80211_FCS_LEN); 1062 prev = cur; 1063 qdf_nbuf_set_next(cur, tmp_next); 1064 cur = tmp_next; 1065 } 1066 cur = frag_list_head; 1067 1068 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_INFO, 1069 "%s: Security type: %d\n", __func__, 1070 peer->security[index].sec_type); 1071 1072 /* Temporary fix to drop TKIP encrypted packets */ 1073 if (peer->security[index].sec_type == 1074 htt_sec_type_tkip) { 1075 return QDF_STATUS_E_DEFRAG_ERROR; 1076 } 1077 1078 switch (peer->security[index].sec_type) { 1079 case htt_sec_type_tkip: 1080 tkip_demic = 1; 1081 1082 case htt_sec_type_tkip_nomic: 1083 while (cur) { 1084 tmp_next = qdf_nbuf_next(cur); 1085 if (dp_rx_defrag_tkip_decap(cur, hdr_space)) { 1086 1087 /* TKIP decap failed, discard frags */ 1088 dp_rx_defrag_frames_free(frag_list_head); 1089 1090 QDF_TRACE(QDF_MODULE_ID_TXRX, 1091 QDF_TRACE_LEVEL_ERROR, 1092 "dp_rx_defrag: TKIP decap failed"); 1093 1094 return QDF_STATUS_E_DEFRAG_ERROR; 1095 } 1096 cur = tmp_next; 1097 } 1098 break; 1099 1100 case htt_sec_type_aes_ccmp: 1101 while (cur) { 1102 tmp_next = qdf_nbuf_next(cur); 1103 if (dp_rx_defrag_ccmp_demic(cur, hdr_space)) { 1104 1105 /* CCMP demic failed, discard frags */ 1106 dp_rx_defrag_frames_free(frag_list_head); 1107 1108 QDF_TRACE(QDF_MODULE_ID_TXRX, 1109 QDF_TRACE_LEVEL_ERROR, 1110 "dp_rx_defrag: CCMP demic failed"); 1111 1112 return QDF_STATUS_E_DEFRAG_ERROR; 1113 } 1114 if (dp_rx_defrag_ccmp_decap(cur, hdr_space)) { 1115 1116 /* CCMP decap failed, discard frags */ 1117 dp_rx_defrag_frames_free(frag_list_head); 1118 1119 QDF_TRACE(QDF_MODULE_ID_TXRX, 1120 QDF_TRACE_LEVEL_ERROR, 1121 "dp_rx_defrag: CCMP decap failed"); 1122 1123 return QDF_STATUS_E_DEFRAG_ERROR; 1124 } 1125 cur = tmp_next; 1126 } 1127 1128 /* If success, increment header to be stripped later */ 1129 hdr_space += dp_f_ccmp.ic_header; 1130 break; 1131 case htt_sec_type_wep40: 1132 case htt_sec_type_wep104: 1133 case htt_sec_type_wep128: 1134 while (cur) { 1135 tmp_next = qdf_nbuf_next(cur); 1136 if (dp_rx_defrag_wep_decap(cur, hdr_space)) { 1137 1138 /* WEP decap failed, discard frags */ 1139 dp_rx_defrag_frames_free(frag_list_head); 1140 1141 QDF_TRACE(QDF_MODULE_ID_TXRX, 1142 QDF_TRACE_LEVEL_ERROR, 1143 "dp_rx_defrag: WEP decap failed"); 1144 1145 return QDF_STATUS_E_DEFRAG_ERROR; 1146 } 1147 cur = tmp_next; 1148 } 1149 1150 /* If success, increment header to be stripped later */ 1151 hdr_space += dp_f_wep.ic_header; 1152 break; 1153 default: 1154 QDF_TRACE(QDF_MODULE_ID_TXRX, 1155 QDF_TRACE_LEVEL_ERROR, 1156 "dp_rx_defrag: Did not match any security type"); 1157 break; 1158 } 1159 1160 if (tkip_demic) { 1161 msdu = frag_list_tail; /* Only last fragment has the MIC */ 1162 1163 qdf_mem_copy(key, 1164 peer->security[index].michael_key, 1165 sizeof(peer->security[index].michael_key)); 1166 if (dp_rx_defrag_tkip_demic(key, msdu, hdr_space)) { 1167 qdf_nbuf_free(msdu); 1168 dp_rx_defrag_err(vdev->vdev_id, peer->mac_addr.raw, 1169 tid, 0, QDF_STATUS_E_DEFRAG_ERROR, msdu, 1170 NULL, 0); 1171 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1172 "dp_rx_defrag: TKIP demic failed"); 1173 return QDF_STATUS_E_DEFRAG_ERROR; 1174 } 1175 } 1176 1177 /* Convert the header to 802.3 header */ 1178 dp_rx_defrag_nwifi_to_8023(frag_list_head, hdr_space); 1179 dp_rx_construct_fraglist(peer, frag_list_head, hdr_space); 1180 1181 return QDF_STATUS_SUCCESS; 1182 } 1183 1184 /* 1185 * dp_rx_defrag_cleanup(): Clean up activities 1186 * @peer: Pointer to the peer 1187 * @tid: Transmit Identifier 1188 * 1189 * Returns: None 1190 */ 1191 static void dp_rx_defrag_cleanup(struct dp_peer *peer, unsigned tid) 1192 { 1193 struct dp_rx_reorder_array_elem *rx_reorder_array_elem = 1194 peer->rx_tid[tid].array; 1195 1196 /* Free up nbufs */ 1197 dp_rx_defrag_frames_free(rx_reorder_array_elem->head); 1198 1199 /* Free up saved ring descriptors */ 1200 dp_rx_clear_saved_desc_info(peer, tid); 1201 1202 rx_reorder_array_elem->head = NULL; 1203 rx_reorder_array_elem->tail = NULL; 1204 peer->rx_tid[tid].defrag_timeout_ms = 0; 1205 peer->rx_tid[tid].curr_frag_num = 0; 1206 peer->rx_tid[tid].curr_seq_num = 0; 1207 } 1208 1209 /* 1210 * dp_rx_defrag_save_info_from_ring_desc(): Save info from REO ring descriptor 1211 * @ring_desc: Pointer to the dst ring descriptor 1212 * @peer: Pointer to the peer 1213 * @tid: Transmit Identifier 1214 * 1215 * Returns: None 1216 */ 1217 static QDF_STATUS dp_rx_defrag_save_info_from_ring_desc(void *ring_desc, 1218 struct dp_peer *peer, unsigned tid) 1219 { 1220 void *dst_ring_desc = qdf_mem_malloc( 1221 sizeof(struct reo_destination_ring)); 1222 1223 if (dst_ring_desc == NULL) { 1224 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1225 "%s: Memory alloc failed !\n", __func__); 1226 QDF_ASSERT(0); 1227 return QDF_STATUS_E_NOMEM; 1228 } 1229 1230 qdf_mem_copy(dst_ring_desc, ring_desc, 1231 sizeof(struct reo_destination_ring)); 1232 1233 peer->rx_tid[tid].dst_ring_desc = dst_ring_desc; 1234 1235 return QDF_STATUS_SUCCESS; 1236 } 1237 1238 /* 1239 * dp_rx_defrag_store_fragment(): Store incoming fragments 1240 * @soc: Pointer to the SOC data structure 1241 * @ring_desc: Pointer to the ring descriptor 1242 * @mpdu_desc_info: MPDU descriptor info 1243 * @tid: Traffic Identifier 1244 * @rx_desc: Pointer to rx descriptor 1245 * @rx_bfs: Number of bfs consumed 1246 * 1247 * Returns: QDF_STATUS 1248 */ 1249 static QDF_STATUS dp_rx_defrag_store_fragment(struct dp_soc *soc, 1250 void *ring_desc, 1251 union dp_rx_desc_list_elem_t **head, 1252 union dp_rx_desc_list_elem_t **tail, 1253 struct hal_rx_mpdu_desc_info *mpdu_desc_info, 1254 unsigned tid, struct dp_rx_desc *rx_desc, 1255 uint32_t *rx_bfs) 1256 { 1257 struct dp_rx_reorder_array_elem *rx_reorder_array_elem; 1258 struct dp_pdev *pdev; 1259 struct dp_peer *peer; 1260 uint16_t peer_id; 1261 uint8_t fragno, more_frag, all_frag_present = 0; 1262 uint16_t rxseq = mpdu_desc_info->mpdu_seq; 1263 QDF_STATUS status; 1264 struct dp_rx_tid *rx_tid; 1265 uint8_t mpdu_sequence_control_valid; 1266 uint8_t mpdu_frame_control_valid; 1267 qdf_nbuf_t frag = rx_desc->nbuf; 1268 1269 /* Check if the packet is from a valid peer */ 1270 peer_id = DP_PEER_METADATA_PEER_ID_GET( 1271 mpdu_desc_info->peer_meta_data); 1272 peer = dp_peer_find_by_id(soc, peer_id); 1273 1274 if (!peer) { 1275 /* We should not recieve anything from unknown peer 1276 * however, that might happen while we are in the monitor mode. 1277 * We don't need to handle that here 1278 */ 1279 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1280 "Unknown peer, dropping the fragment"); 1281 1282 qdf_nbuf_free(frag); 1283 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1284 1285 return QDF_STATUS_E_DEFRAG_ERROR; 1286 } 1287 1288 pdev = peer->vdev->pdev; 1289 rx_tid = &peer->rx_tid[tid]; 1290 1291 rx_reorder_array_elem = peer->rx_tid[tid].array; 1292 1293 mpdu_sequence_control_valid = 1294 hal_rx_get_mpdu_sequence_control_valid(rx_desc->rx_buf_start); 1295 1296 /* Invalid MPDU sequence control field, MPDU is of no use */ 1297 if (!mpdu_sequence_control_valid) { 1298 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1299 "Invalid MPDU seq control field, dropping MPDU"); 1300 qdf_nbuf_free(frag); 1301 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1302 1303 qdf_assert(0); 1304 goto end; 1305 } 1306 1307 mpdu_frame_control_valid = 1308 hal_rx_get_mpdu_frame_control_valid(rx_desc->rx_buf_start); 1309 1310 /* Invalid frame control field */ 1311 if (!mpdu_frame_control_valid) { 1312 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1313 "Invalid frame control field, dropping MPDU"); 1314 qdf_nbuf_free(frag); 1315 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1316 1317 qdf_assert(0); 1318 goto end; 1319 } 1320 1321 /* Current mpdu sequence */ 1322 more_frag = dp_rx_frag_get_more_frag_bit(rx_desc->rx_buf_start); 1323 1324 /* HW does not populate the fragment number as of now 1325 * need to get from the 802.11 header 1326 */ 1327 fragno = dp_rx_frag_get_mpdu_frag_number(rx_desc->rx_buf_start); 1328 1329 /* 1330 * !more_frag: no more fragments to be delivered 1331 * !frag_no: packet is not fragmented 1332 * !rx_reorder_array_elem->head: no saved fragments so far 1333 */ 1334 if ((!more_frag) && (!fragno) && (!rx_reorder_array_elem->head)) { 1335 /* We should not get into this situation here. 1336 * It means an unfragmented packet with fragment flag 1337 * is delivered over the REO exception ring. 1338 * Typically it follows normal rx path. 1339 */ 1340 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1341 "Rcvd unfragmented pkt on REO Err srng, dropping"); 1342 qdf_nbuf_free(frag); 1343 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1344 1345 qdf_assert(0); 1346 goto end; 1347 } 1348 1349 /* Check if the fragment is for the same sequence or a different one */ 1350 if (rx_reorder_array_elem->head) { 1351 if (rxseq != rx_tid->curr_seq_num) { 1352 1353 /* Drop stored fragments if out of sequence 1354 * fragment is received 1355 */ 1356 dp_rx_defrag_frames_free(rx_reorder_array_elem->head); 1357 1358 rx_reorder_array_elem->head = NULL; 1359 rx_reorder_array_elem->tail = NULL; 1360 1361 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1362 "%s mismatch, dropping earlier sequence ", 1363 (rxseq == rx_tid->curr_seq_num) 1364 ? "address" 1365 : "seq number"); 1366 1367 /* 1368 * The sequence number for this fragment becomes the 1369 * new sequence number to be processed 1370 */ 1371 rx_tid->curr_seq_num = rxseq; 1372 1373 } 1374 } else { 1375 /* Start of a new sequence */ 1376 dp_rx_defrag_cleanup(peer, tid); 1377 rx_tid->curr_seq_num = rxseq; 1378 } 1379 1380 /* 1381 * If the earlier sequence was dropped, this will be the fresh start. 1382 * Else, continue with next fragment in a given sequence 1383 */ 1384 status = dp_rx_defrag_fraglist_insert(peer, tid, &rx_reorder_array_elem->head, 1385 &rx_reorder_array_elem->tail, frag, 1386 &all_frag_present); 1387 1388 /* 1389 * Currently, we can have only 6 MSDUs per-MPDU, if the current 1390 * packet sequence has more than 6 MSDUs for some reason, we will 1391 * have to use the next MSDU link descriptor and chain them together 1392 * before reinjection 1393 */ 1394 if ((fragno == 0) && (status == QDF_STATUS_SUCCESS) && 1395 (rx_reorder_array_elem->head == frag)) { 1396 1397 status = dp_rx_defrag_save_info_from_ring_desc(ring_desc, 1398 peer, tid); 1399 1400 if (status != QDF_STATUS_SUCCESS) { 1401 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1402 "%s: Unable to store ring desc !\n", __func__); 1403 goto end; 1404 } 1405 } else { 1406 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1407 *rx_bfs = 1; 1408 1409 /* Return the non-head link desc */ 1410 if (dp_rx_link_desc_return(soc, ring_desc, 1411 HAL_BM_ACTION_PUT_IN_IDLE_LIST) != 1412 QDF_STATUS_SUCCESS) 1413 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1414 "%s: Failed to return link desc\n", 1415 __func__); 1416 1417 } 1418 1419 if (pdev->soc->rx.flags.defrag_timeout_check) 1420 dp_rx_defrag_waitlist_remove(peer, tid); 1421 1422 /* Yet to receive more fragments for this sequence number */ 1423 if (!all_frag_present) { 1424 uint32_t now_ms = 1425 qdf_system_ticks_to_msecs(qdf_system_ticks()); 1426 1427 peer->rx_tid[tid].defrag_timeout_ms = 1428 now_ms + pdev->soc->rx.defrag.timeout_ms; 1429 1430 dp_rx_defrag_waitlist_add(peer, tid); 1431 1432 return QDF_STATUS_SUCCESS; 1433 } 1434 1435 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_INFO, 1436 "All fragments received for sequence: %d", rxseq); 1437 1438 /* Process the fragments */ 1439 status = dp_rx_defrag(peer, tid, rx_reorder_array_elem->head, 1440 rx_reorder_array_elem->tail); 1441 if (QDF_IS_STATUS_ERROR(status)) { 1442 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1443 "Fragment processing failed"); 1444 if (dp_rx_link_desc_return(soc, 1445 peer->rx_tid[tid].dst_ring_desc, 1446 HAL_BM_ACTION_PUT_IN_IDLE_LIST) != 1447 QDF_STATUS_SUCCESS) 1448 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1449 "%s: Failed to return link desc\n", 1450 __func__); 1451 dp_rx_defrag_cleanup(peer, tid); 1452 goto end; 1453 } 1454 1455 /* Re-inject the fragments back to REO for further processing */ 1456 status = dp_rx_defrag_reo_reinject(peer, tid, 1457 rx_reorder_array_elem->head); 1458 if (QDF_IS_STATUS_SUCCESS(status)) { 1459 rx_reorder_array_elem->head = NULL; 1460 rx_reorder_array_elem->tail = NULL; 1461 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_INFO, 1462 "Fragmented sequence successfully reinjected"); 1463 } 1464 else 1465 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1466 "Fragmented sequence reinjection failed"); 1467 1468 dp_rx_defrag_cleanup(peer, tid); 1469 return QDF_STATUS_SUCCESS; 1470 1471 end: 1472 return QDF_STATUS_E_DEFRAG_ERROR; 1473 } 1474 1475 /** 1476 * dp_rx_frag_handle() - Handles fragmented Rx frames 1477 * 1478 * @soc: core txrx main context 1479 * @ring_desc: opaque pointer to the REO error ring descriptor 1480 * @mpdu_desc_info: MPDU descriptor information from ring descriptor 1481 * @head: head of the local descriptor free-list 1482 * @tail: tail of the local descriptor free-list 1483 * @quota: No. of units (packets) that can be serviced in one shot. 1484 * 1485 * This function implements RX 802.11 fragmentation handling 1486 * The handling is mostly same as legacy fragmentation handling. 1487 * If required, this function can re-inject the frames back to 1488 * REO ring (with proper setting to by-pass fragmentation check 1489 * but use duplicate detection / re-ordering and routing these frames 1490 * to a different core. 1491 * 1492 * Return: uint32_t: No. of elements processed 1493 */ 1494 uint32_t dp_rx_frag_handle(struct dp_soc *soc, void *ring_desc, 1495 struct hal_rx_mpdu_desc_info *mpdu_desc_info, 1496 union dp_rx_desc_list_elem_t **head, 1497 union dp_rx_desc_list_elem_t **tail, 1498 uint32_t quota) 1499 { 1500 uint32_t rx_bufs_used = 0; 1501 void *link_desc_va; 1502 struct hal_buf_info buf_info; 1503 struct hal_rx_msdu_list msdu_list; /* per MPDU list of MSDUs */ 1504 qdf_nbuf_t msdu = NULL; 1505 uint32_t tid, msdu_len; 1506 int idx, rx_bfs = 0; 1507 QDF_STATUS status; 1508 1509 qdf_assert(soc); 1510 qdf_assert(mpdu_desc_info); 1511 1512 /* Fragment from a valid peer */ 1513 hal_rx_reo_buf_paddr_get(ring_desc, &buf_info); 1514 1515 link_desc_va = dp_rx_cookie_2_link_desc_va(soc, &buf_info); 1516 1517 qdf_assert(link_desc_va); 1518 1519 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_INFO_HIGH, 1520 "Number of MSDUs to process, num_msdus: %d", 1521 mpdu_desc_info->msdu_count); 1522 1523 1524 if (qdf_unlikely(mpdu_desc_info->msdu_count == 0)) { 1525 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1526 "Not sufficient MSDUs to process"); 1527 return rx_bufs_used; 1528 } 1529 1530 /* Get msdu_list for the given MPDU */ 1531 hal_rx_msdu_list_get(link_desc_va, &msdu_list, 1532 &mpdu_desc_info->msdu_count); 1533 1534 /* Process all MSDUs in the current MPDU */ 1535 for (idx = 0; (idx < mpdu_desc_info->msdu_count) && quota--; idx++) { 1536 struct dp_rx_desc *rx_desc = 1537 dp_rx_cookie_2_va_rxdma_buf(soc, 1538 msdu_list.sw_cookie[idx]); 1539 1540 qdf_assert(rx_desc); 1541 1542 msdu = rx_desc->nbuf; 1543 1544 qdf_nbuf_unmap_single(soc->osdev, msdu, 1545 QDF_DMA_BIDIRECTIONAL); 1546 1547 rx_desc->rx_buf_start = qdf_nbuf_data(msdu); 1548 1549 msdu_len = hal_rx_msdu_start_msdu_len_get( 1550 rx_desc->rx_buf_start); 1551 1552 qdf_nbuf_set_pktlen(msdu, (msdu_len + RX_PKT_TLVS_LEN)); 1553 1554 tid = hal_rx_mpdu_start_tid_get(rx_desc->rx_buf_start); 1555 1556 /* Process fragment-by-fragment */ 1557 status = dp_rx_defrag_store_fragment(soc, ring_desc, 1558 head, tail, mpdu_desc_info, 1559 tid, rx_desc, &rx_bfs); 1560 1561 if (QDF_IS_STATUS_SUCCESS(status)) { 1562 if (rx_bfs) 1563 rx_bufs_used++; 1564 } else { 1565 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1566 "Rx Defrag err seq#:0x%x msdu_count:%d flags:%d", 1567 mpdu_desc_info->mpdu_seq, 1568 mpdu_desc_info->msdu_count, 1569 mpdu_desc_info->mpdu_flags); 1570 1571 /* No point in processing rest of the fragments */ 1572 break; 1573 } 1574 } 1575 1576 return rx_bufs_used; 1577 } 1578