1 /* 2 * Copyright (c) 2017-2020 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include "hal_hw_headers.h" 20 #include "dp_types.h" 21 #include "dp_rx.h" 22 #include "dp_peer.h" 23 #include "hal_api.h" 24 #include "qdf_trace.h" 25 #include "qdf_nbuf.h" 26 #include "dp_internal.h" 27 #include "dp_rx_defrag.h" 28 #include <enet.h> /* LLC_SNAP_HDR_LEN */ 29 #include "dp_rx_defrag.h" 30 #include "dp_ipa.h" 31 #include "dp_rx_buffer_pool.h" 32 33 const struct dp_rx_defrag_cipher dp_f_ccmp = { 34 "AES-CCM", 35 IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + IEEE80211_WEP_EXTIVLEN, 36 IEEE80211_WEP_MICLEN, 37 0, 38 }; 39 40 const struct dp_rx_defrag_cipher dp_f_tkip = { 41 "TKIP", 42 IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + IEEE80211_WEP_EXTIVLEN, 43 IEEE80211_WEP_CRCLEN, 44 IEEE80211_WEP_MICLEN, 45 }; 46 47 const struct dp_rx_defrag_cipher dp_f_wep = { 48 "WEP", 49 IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN, 50 IEEE80211_WEP_CRCLEN, 51 0, 52 }; 53 54 /* 55 * dp_rx_defrag_frames_free(): Free fragment chain 56 * @frames: Fragment chain 57 * 58 * Iterates through the fragment chain and frees them 59 * Returns: None 60 */ 61 static void dp_rx_defrag_frames_free(qdf_nbuf_t frames) 62 { 63 qdf_nbuf_t next, frag = frames; 64 65 while (frag) { 66 next = qdf_nbuf_next(frag); 67 qdf_nbuf_free(frag); 68 frag = next; 69 } 70 } 71 72 /* 73 * dp_rx_clear_saved_desc_info(): Clears descriptor info 74 * @peer: Pointer to the peer data structure 75 * @tid: Transmit ID (TID) 76 * 77 * Saves MPDU descriptor info and MSDU link pointer from REO 78 * ring descriptor. The cache is created per peer, per TID 79 * 80 * Returns: None 81 */ 82 static void dp_rx_clear_saved_desc_info(struct dp_peer *peer, unsigned tid) 83 { 84 if (peer->rx_tid[tid].dst_ring_desc) 85 qdf_mem_free(peer->rx_tid[tid].dst_ring_desc); 86 87 peer->rx_tid[tid].dst_ring_desc = NULL; 88 peer->rx_tid[tid].head_frag_desc = NULL; 89 } 90 91 static void dp_rx_return_head_frag_desc(struct dp_peer *peer, 92 unsigned int tid) 93 { 94 struct dp_soc *soc; 95 struct dp_pdev *pdev; 96 struct dp_srng *dp_rxdma_srng; 97 struct rx_desc_pool *rx_desc_pool; 98 union dp_rx_desc_list_elem_t *head = NULL; 99 union dp_rx_desc_list_elem_t *tail = NULL; 100 uint8_t pool_id; 101 102 pdev = peer->vdev->pdev; 103 soc = pdev->soc; 104 105 if (peer->rx_tid[tid].head_frag_desc) { 106 pool_id = peer->rx_tid[tid].head_frag_desc->pool_id; 107 dp_rxdma_srng = &soc->rx_refill_buf_ring[pool_id]; 108 rx_desc_pool = &soc->rx_desc_buf[pool_id]; 109 110 dp_rx_add_to_free_desc_list(&head, &tail, 111 peer->rx_tid[tid].head_frag_desc); 112 dp_rx_buffers_replenish(soc, 0, dp_rxdma_srng, rx_desc_pool, 113 1, &head, &tail); 114 } 115 116 if (peer->rx_tid[tid].dst_ring_desc) { 117 if (dp_rx_link_desc_return(soc, 118 peer->rx_tid[tid].dst_ring_desc, 119 HAL_BM_ACTION_PUT_IN_IDLE_LIST) != 120 QDF_STATUS_SUCCESS) 121 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 122 "%s: Failed to return link desc", __func__); 123 } 124 } 125 126 /* 127 * dp_rx_reorder_flush_frag(): Flush the frag list 128 * @peer: Pointer to the peer data structure 129 * @tid: Transmit ID (TID) 130 * 131 * Flush the per-TID frag list 132 * 133 * Returns: None 134 */ 135 void dp_rx_reorder_flush_frag(struct dp_peer *peer, 136 unsigned int tid) 137 { 138 dp_info_rl("Flushing TID %d", tid); 139 140 if (!peer) { 141 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 142 "%s: NULL peer", __func__); 143 return; 144 } 145 146 dp_rx_return_head_frag_desc(peer, tid); 147 dp_rx_defrag_cleanup(peer, tid); 148 } 149 150 /* 151 * dp_rx_defrag_waitlist_flush(): Flush SOC defrag wait list 152 * @soc: DP SOC 153 * 154 * Flush fragments of all waitlisted TID's 155 * 156 * Returns: None 157 */ 158 void dp_rx_defrag_waitlist_flush(struct dp_soc *soc) 159 { 160 struct dp_rx_tid *rx_reorder = NULL; 161 struct dp_rx_tid *tmp; 162 uint32_t now_ms = qdf_system_ticks_to_msecs(qdf_system_ticks()); 163 TAILQ_HEAD(, dp_rx_tid) temp_list; 164 165 TAILQ_INIT(&temp_list); 166 167 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG, 168 FL("Current time %u"), now_ms); 169 170 qdf_spin_lock_bh(&soc->rx.defrag.defrag_lock); 171 TAILQ_FOREACH_SAFE(rx_reorder, &soc->rx.defrag.waitlist, 172 defrag_waitlist_elem, tmp) { 173 uint32_t tid; 174 175 if (rx_reorder->defrag_timeout_ms > now_ms) 176 break; 177 178 tid = rx_reorder->tid; 179 if (tid >= DP_MAX_TIDS) { 180 qdf_assert(0); 181 continue; 182 } 183 184 TAILQ_REMOVE(&soc->rx.defrag.waitlist, rx_reorder, 185 defrag_waitlist_elem); 186 DP_STATS_DEC(soc, rx.rx_frag_wait, 1); 187 188 /* Move to temp list and clean-up later */ 189 TAILQ_INSERT_TAIL(&temp_list, rx_reorder, 190 defrag_waitlist_elem); 191 } 192 if (rx_reorder) { 193 soc->rx.defrag.next_flush_ms = 194 rx_reorder->defrag_timeout_ms; 195 } else { 196 soc->rx.defrag.next_flush_ms = 197 now_ms + soc->rx.defrag.timeout_ms; 198 } 199 200 qdf_spin_unlock_bh(&soc->rx.defrag.defrag_lock); 201 202 TAILQ_FOREACH_SAFE(rx_reorder, &temp_list, 203 defrag_waitlist_elem, tmp) { 204 struct dp_peer *peer, *temp_peer = NULL; 205 206 qdf_spin_lock_bh(&rx_reorder->tid_lock); 207 TAILQ_REMOVE(&temp_list, rx_reorder, 208 defrag_waitlist_elem); 209 /* get address of current peer */ 210 peer = 211 container_of(rx_reorder, struct dp_peer, 212 rx_tid[rx_reorder->tid]); 213 qdf_spin_unlock_bh(&rx_reorder->tid_lock); 214 215 temp_peer = dp_peer_find_by_id(soc, peer->peer_id); 216 if (temp_peer == peer) { 217 qdf_spin_lock_bh(&rx_reorder->tid_lock); 218 dp_rx_reorder_flush_frag(peer, rx_reorder->tid); 219 qdf_spin_unlock_bh(&rx_reorder->tid_lock); 220 } 221 222 if (temp_peer) 223 dp_peer_unref_del_find_by_id(temp_peer); 224 225 } 226 } 227 228 /* 229 * dp_rx_defrag_waitlist_add(): Update per-PDEV defrag wait list 230 * @peer: Pointer to the peer data structure 231 * @tid: Transmit ID (TID) 232 * 233 * Appends per-tid fragments to global fragment wait list 234 * 235 * Returns: None 236 */ 237 static void dp_rx_defrag_waitlist_add(struct dp_peer *peer, unsigned tid) 238 { 239 struct dp_soc *psoc = peer->vdev->pdev->soc; 240 struct dp_rx_tid *rx_reorder = &peer->rx_tid[tid]; 241 242 dp_debug("Adding TID %u to waitlist for peer %pK at MAC address %pM", 243 tid, peer, peer->mac_addr.raw); 244 245 /* TODO: use LIST macros instead of TAIL macros */ 246 qdf_spin_lock_bh(&psoc->rx.defrag.defrag_lock); 247 if (TAILQ_EMPTY(&psoc->rx.defrag.waitlist)) 248 psoc->rx.defrag.next_flush_ms = rx_reorder->defrag_timeout_ms; 249 TAILQ_INSERT_TAIL(&psoc->rx.defrag.waitlist, rx_reorder, 250 defrag_waitlist_elem); 251 DP_STATS_INC(psoc, rx.rx_frag_wait, 1); 252 qdf_spin_unlock_bh(&psoc->rx.defrag.defrag_lock); 253 } 254 255 /* 256 * dp_rx_defrag_waitlist_remove(): Remove fragments from waitlist 257 * @peer: Pointer to the peer data structure 258 * @tid: Transmit ID (TID) 259 * 260 * Remove fragments from waitlist 261 * 262 * Returns: None 263 */ 264 void dp_rx_defrag_waitlist_remove(struct dp_peer *peer, unsigned tid) 265 { 266 struct dp_pdev *pdev = peer->vdev->pdev; 267 struct dp_soc *soc = pdev->soc; 268 struct dp_rx_tid *rx_reorder; 269 struct dp_rx_tid *tmp; 270 271 dp_debug("Removing TID %u to waitlist for peer %pK at MAC address %pM", 272 tid, peer, peer->mac_addr.raw); 273 274 if (tid >= DP_MAX_TIDS) { 275 dp_err("TID out of bounds: %d", tid); 276 qdf_assert_always(0); 277 } 278 279 qdf_spin_lock_bh(&soc->rx.defrag.defrag_lock); 280 TAILQ_FOREACH_SAFE(rx_reorder, &soc->rx.defrag.waitlist, 281 defrag_waitlist_elem, tmp) { 282 struct dp_peer *peer_on_waitlist; 283 284 /* get address of current peer */ 285 peer_on_waitlist = 286 container_of(rx_reorder, struct dp_peer, 287 rx_tid[rx_reorder->tid]); 288 289 /* Ensure it is TID for same peer */ 290 if (peer_on_waitlist == peer && rx_reorder->tid == tid) { 291 TAILQ_REMOVE(&soc->rx.defrag.waitlist, 292 rx_reorder, defrag_waitlist_elem); 293 DP_STATS_DEC(soc, rx.rx_frag_wait, 1); 294 } 295 } 296 qdf_spin_unlock_bh(&soc->rx.defrag.defrag_lock); 297 } 298 299 /* 300 * dp_rx_defrag_fraglist_insert(): Create a per-sequence fragment list 301 * @peer: Pointer to the peer data structure 302 * @tid: Transmit ID (TID) 303 * @head_addr: Pointer to head list 304 * @tail_addr: Pointer to tail list 305 * @frag: Incoming fragment 306 * @all_frag_present: Flag to indicate whether all fragments are received 307 * 308 * Build a per-tid, per-sequence fragment list. 309 * 310 * Returns: Success, if inserted 311 */ 312 static QDF_STATUS dp_rx_defrag_fraglist_insert(struct dp_peer *peer, unsigned tid, 313 qdf_nbuf_t *head_addr, qdf_nbuf_t *tail_addr, qdf_nbuf_t frag, 314 uint8_t *all_frag_present) 315 { 316 qdf_nbuf_t next; 317 qdf_nbuf_t prev = NULL; 318 qdf_nbuf_t cur; 319 uint16_t head_fragno, cur_fragno, next_fragno; 320 uint8_t last_morefrag = 1, count = 0; 321 struct dp_rx_tid *rx_tid = &peer->rx_tid[tid]; 322 uint8_t *rx_desc_info; 323 324 325 qdf_assert(frag); 326 qdf_assert(head_addr); 327 qdf_assert(tail_addr); 328 329 *all_frag_present = 0; 330 rx_desc_info = qdf_nbuf_data(frag); 331 cur_fragno = dp_rx_frag_get_mpdu_frag_number(rx_desc_info); 332 333 dp_debug("cur_fragno %d\n", cur_fragno); 334 /* If this is the first fragment */ 335 if (!(*head_addr)) { 336 *head_addr = *tail_addr = frag; 337 qdf_nbuf_set_next(*tail_addr, NULL); 338 rx_tid->curr_frag_num = cur_fragno; 339 340 goto insert_done; 341 } 342 343 /* In sequence fragment */ 344 if (cur_fragno > rx_tid->curr_frag_num) { 345 qdf_nbuf_set_next(*tail_addr, frag); 346 *tail_addr = frag; 347 qdf_nbuf_set_next(*tail_addr, NULL); 348 rx_tid->curr_frag_num = cur_fragno; 349 } else { 350 /* Out of sequence fragment */ 351 cur = *head_addr; 352 rx_desc_info = qdf_nbuf_data(cur); 353 head_fragno = dp_rx_frag_get_mpdu_frag_number(rx_desc_info); 354 355 if (cur_fragno == head_fragno) { 356 qdf_nbuf_free(frag); 357 goto insert_fail; 358 } else if (head_fragno > cur_fragno) { 359 qdf_nbuf_set_next(frag, cur); 360 cur = frag; 361 *head_addr = frag; /* head pointer to be updated */ 362 } else { 363 while ((cur_fragno > head_fragno) && cur) { 364 prev = cur; 365 cur = qdf_nbuf_next(cur); 366 if (cur) { 367 rx_desc_info = qdf_nbuf_data(cur); 368 head_fragno = 369 dp_rx_frag_get_mpdu_frag_number( 370 rx_desc_info); 371 } 372 } 373 374 if (cur_fragno == head_fragno) { 375 qdf_nbuf_free(frag); 376 goto insert_fail; 377 } 378 379 qdf_nbuf_set_next(prev, frag); 380 qdf_nbuf_set_next(frag, cur); 381 } 382 } 383 384 next = qdf_nbuf_next(*head_addr); 385 386 rx_desc_info = qdf_nbuf_data(*tail_addr); 387 last_morefrag = dp_rx_frag_get_more_frag_bit(rx_desc_info); 388 389 /* TODO: optimize the loop */ 390 if (!last_morefrag) { 391 /* Check if all fragments are present */ 392 do { 393 rx_desc_info = qdf_nbuf_data(next); 394 next_fragno = 395 dp_rx_frag_get_mpdu_frag_number(rx_desc_info); 396 count++; 397 398 if (next_fragno != count) 399 break; 400 401 next = qdf_nbuf_next(next); 402 } while (next); 403 404 if (!next) { 405 *all_frag_present = 1; 406 return QDF_STATUS_SUCCESS; 407 } else { 408 /* revisit */ 409 } 410 } 411 412 insert_done: 413 return QDF_STATUS_SUCCESS; 414 415 insert_fail: 416 return QDF_STATUS_E_FAILURE; 417 } 418 419 420 /* 421 * dp_rx_defrag_tkip_decap(): decap tkip encrypted fragment 422 * @msdu: Pointer to the fragment 423 * @hdrlen: 802.11 header length (mostly useful in 4 addr frames) 424 * 425 * decap tkip encrypted fragment 426 * 427 * Returns: QDF_STATUS 428 */ 429 static QDF_STATUS dp_rx_defrag_tkip_decap(qdf_nbuf_t msdu, uint16_t hdrlen) 430 { 431 uint8_t *ivp, *orig_hdr; 432 int rx_desc_len = SIZE_OF_DATA_RX_TLV; 433 434 /* start of 802.11 header info */ 435 orig_hdr = (uint8_t *)(qdf_nbuf_data(msdu) + rx_desc_len); 436 437 /* TKIP header is located post 802.11 header */ 438 ivp = orig_hdr + hdrlen; 439 if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) { 440 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 441 "IEEE80211_WEP_EXTIV is missing in TKIP fragment"); 442 return QDF_STATUS_E_DEFRAG_ERROR; 443 } 444 445 qdf_nbuf_trim_tail(msdu, dp_f_tkip.ic_trailer); 446 447 return QDF_STATUS_SUCCESS; 448 } 449 450 /* 451 * dp_rx_defrag_ccmp_demic(): Remove MIC information from CCMP fragment 452 * @nbuf: Pointer to the fragment buffer 453 * @hdrlen: 802.11 header length (mostly useful in 4 addr frames) 454 * 455 * Remove MIC information from CCMP fragment 456 * 457 * Returns: QDF_STATUS 458 */ 459 static QDF_STATUS dp_rx_defrag_ccmp_demic(qdf_nbuf_t nbuf, uint16_t hdrlen) 460 { 461 uint8_t *ivp, *orig_hdr; 462 int rx_desc_len = SIZE_OF_DATA_RX_TLV; 463 464 /* start of the 802.11 header */ 465 orig_hdr = (uint8_t *)(qdf_nbuf_data(nbuf) + rx_desc_len); 466 467 /* CCMP header is located after 802.11 header */ 468 ivp = orig_hdr + hdrlen; 469 if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) 470 return QDF_STATUS_E_DEFRAG_ERROR; 471 472 qdf_nbuf_trim_tail(nbuf, dp_f_ccmp.ic_trailer); 473 474 return QDF_STATUS_SUCCESS; 475 } 476 477 /* 478 * dp_rx_defrag_ccmp_decap(): decap CCMP encrypted fragment 479 * @nbuf: Pointer to the fragment 480 * @hdrlen: length of the header information 481 * 482 * decap CCMP encrypted fragment 483 * 484 * Returns: QDF_STATUS 485 */ 486 static QDF_STATUS dp_rx_defrag_ccmp_decap(qdf_nbuf_t nbuf, uint16_t hdrlen) 487 { 488 uint8_t *ivp, *origHdr; 489 int rx_desc_len = SIZE_OF_DATA_RX_TLV; 490 491 origHdr = (uint8_t *) (qdf_nbuf_data(nbuf) + rx_desc_len); 492 ivp = origHdr + hdrlen; 493 494 if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) 495 return QDF_STATUS_E_DEFRAG_ERROR; 496 497 /* Let's pull the header later */ 498 499 return QDF_STATUS_SUCCESS; 500 } 501 502 /* 503 * dp_rx_defrag_wep_decap(): decap WEP encrypted fragment 504 * @msdu: Pointer to the fragment 505 * @hdrlen: length of the header information 506 * 507 * decap WEP encrypted fragment 508 * 509 * Returns: QDF_STATUS 510 */ 511 static QDF_STATUS dp_rx_defrag_wep_decap(qdf_nbuf_t msdu, uint16_t hdrlen) 512 { 513 uint8_t *origHdr; 514 int rx_desc_len = SIZE_OF_DATA_RX_TLV; 515 516 origHdr = (uint8_t *) (qdf_nbuf_data(msdu) + rx_desc_len); 517 qdf_mem_move(origHdr + dp_f_wep.ic_header, origHdr, hdrlen); 518 519 qdf_nbuf_trim_tail(msdu, dp_f_wep.ic_trailer); 520 521 return QDF_STATUS_SUCCESS; 522 } 523 524 /* 525 * dp_rx_defrag_hdrsize(): Calculate the header size of the received fragment 526 * @soc: soc handle 527 * @nbuf: Pointer to the fragment 528 * 529 * Calculate the header size of the received fragment 530 * 531 * Returns: header size (uint16_t) 532 */ 533 static uint16_t dp_rx_defrag_hdrsize(struct dp_soc *soc, qdf_nbuf_t nbuf) 534 { 535 uint8_t *rx_tlv_hdr = qdf_nbuf_data(nbuf); 536 uint16_t size = sizeof(struct ieee80211_frame); 537 uint16_t fc = 0; 538 uint32_t to_ds, fr_ds; 539 uint8_t frm_ctrl_valid; 540 uint16_t frm_ctrl_field; 541 542 to_ds = hal_rx_mpdu_get_to_ds(soc->hal_soc, rx_tlv_hdr); 543 fr_ds = hal_rx_mpdu_get_fr_ds(soc->hal_soc, rx_tlv_hdr); 544 frm_ctrl_valid = 545 hal_rx_get_mpdu_frame_control_valid(soc->hal_soc, 546 rx_tlv_hdr); 547 frm_ctrl_field = hal_rx_get_frame_ctrl_field(rx_tlv_hdr); 548 549 if (to_ds && fr_ds) 550 size += QDF_MAC_ADDR_SIZE; 551 552 if (frm_ctrl_valid) { 553 fc = frm_ctrl_field; 554 555 /* use 1-st byte for validation */ 556 if (DP_RX_DEFRAG_IEEE80211_QOS_HAS_SEQ(fc & 0xff)) { 557 size += sizeof(uint16_t); 558 /* use 2-nd byte for validation */ 559 if (((fc & 0xff00) >> 8) & IEEE80211_FC1_ORDER) 560 size += sizeof(struct ieee80211_htc); 561 } 562 } 563 564 return size; 565 } 566 567 /* 568 * dp_rx_defrag_michdr(): Calculate a pseudo MIC header 569 * @wh0: Pointer to the wireless header of the fragment 570 * @hdr: Array to hold the pseudo header 571 * 572 * Calculate a pseudo MIC header 573 * 574 * Returns: None 575 */ 576 static void dp_rx_defrag_michdr(const struct ieee80211_frame *wh0, 577 uint8_t hdr[]) 578 { 579 const struct ieee80211_frame_addr4 *wh = 580 (const struct ieee80211_frame_addr4 *)wh0; 581 582 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 583 case IEEE80211_FC1_DIR_NODS: 584 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr1); /* DA */ 585 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + QDF_MAC_ADDR_SIZE, 586 wh->i_addr2); 587 break; 588 case IEEE80211_FC1_DIR_TODS: 589 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr3); /* DA */ 590 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + QDF_MAC_ADDR_SIZE, 591 wh->i_addr2); 592 break; 593 case IEEE80211_FC1_DIR_FROMDS: 594 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr1); /* DA */ 595 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + QDF_MAC_ADDR_SIZE, 596 wh->i_addr3); 597 break; 598 case IEEE80211_FC1_DIR_DSTODS: 599 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr3); /* DA */ 600 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + QDF_MAC_ADDR_SIZE, 601 wh->i_addr4); 602 break; 603 } 604 605 /* 606 * Bit 7 is QDF_IEEE80211_FC0_SUBTYPE_QOS for data frame, but 607 * it could also be set for deauth, disassoc, action, etc. for 608 * a mgt type frame. It comes into picture for MFP. 609 */ 610 if (wh->i_fc[0] & QDF_IEEE80211_FC0_SUBTYPE_QOS) { 611 if ((wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) == 612 IEEE80211_FC1_DIR_DSTODS) { 613 const struct ieee80211_qosframe_addr4 *qwh = 614 (const struct ieee80211_qosframe_addr4 *)wh; 615 hdr[12] = qwh->i_qos[0] & IEEE80211_QOS_TID; 616 } else { 617 const struct ieee80211_qosframe *qwh = 618 (const struct ieee80211_qosframe *)wh; 619 hdr[12] = qwh->i_qos[0] & IEEE80211_QOS_TID; 620 } 621 } else { 622 hdr[12] = 0; 623 } 624 625 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */ 626 } 627 628 /* 629 * dp_rx_defrag_mic(): Calculate MIC header 630 * @key: Pointer to the key 631 * @wbuf: fragment buffer 632 * @off: Offset 633 * @data_len: Data length 634 * @mic: Array to hold MIC 635 * 636 * Calculate a pseudo MIC header 637 * 638 * Returns: QDF_STATUS 639 */ 640 static QDF_STATUS dp_rx_defrag_mic(const uint8_t *key, qdf_nbuf_t wbuf, 641 uint16_t off, uint16_t data_len, uint8_t mic[]) 642 { 643 uint8_t hdr[16] = { 0, }; 644 uint32_t l, r; 645 const uint8_t *data; 646 uint32_t space; 647 int rx_desc_len = SIZE_OF_DATA_RX_TLV; 648 649 dp_rx_defrag_michdr((struct ieee80211_frame *)(qdf_nbuf_data(wbuf) 650 + rx_desc_len), hdr); 651 652 l = dp_rx_get_le32(key); 653 r = dp_rx_get_le32(key + 4); 654 655 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */ 656 l ^= dp_rx_get_le32(hdr); 657 dp_rx_michael_block(l, r); 658 l ^= dp_rx_get_le32(&hdr[4]); 659 dp_rx_michael_block(l, r); 660 l ^= dp_rx_get_le32(&hdr[8]); 661 dp_rx_michael_block(l, r); 662 l ^= dp_rx_get_le32(&hdr[12]); 663 dp_rx_michael_block(l, r); 664 665 /* first buffer has special handling */ 666 data = (uint8_t *)qdf_nbuf_data(wbuf) + off; 667 space = qdf_nbuf_len(wbuf) - off; 668 669 for (;; ) { 670 if (space > data_len) 671 space = data_len; 672 673 /* collect 32-bit blocks from current buffer */ 674 while (space >= sizeof(uint32_t)) { 675 l ^= dp_rx_get_le32(data); 676 dp_rx_michael_block(l, r); 677 data += sizeof(uint32_t); 678 space -= sizeof(uint32_t); 679 data_len -= sizeof(uint32_t); 680 } 681 if (data_len < sizeof(uint32_t)) 682 break; 683 684 wbuf = qdf_nbuf_next(wbuf); 685 if (!wbuf) 686 return QDF_STATUS_E_DEFRAG_ERROR; 687 688 if (space != 0) { 689 const uint8_t *data_next; 690 /* 691 * Block straddles buffers, split references. 692 */ 693 data_next = 694 (uint8_t *)qdf_nbuf_data(wbuf) + off; 695 if ((qdf_nbuf_len(wbuf)) < 696 sizeof(uint32_t) - space) { 697 return QDF_STATUS_E_DEFRAG_ERROR; 698 } 699 switch (space) { 700 case 1: 701 l ^= dp_rx_get_le32_split(data[0], 702 data_next[0], data_next[1], 703 data_next[2]); 704 data = data_next + 3; 705 space = (qdf_nbuf_len(wbuf) - off) - 3; 706 break; 707 case 2: 708 l ^= dp_rx_get_le32_split(data[0], data[1], 709 data_next[0], data_next[1]); 710 data = data_next + 2; 711 space = (qdf_nbuf_len(wbuf) - off) - 2; 712 break; 713 case 3: 714 l ^= dp_rx_get_le32_split(data[0], data[1], 715 data[2], data_next[0]); 716 data = data_next + 1; 717 space = (qdf_nbuf_len(wbuf) - off) - 1; 718 break; 719 } 720 dp_rx_michael_block(l, r); 721 data_len -= sizeof(uint32_t); 722 } else { 723 /* 724 * Setup for next buffer. 725 */ 726 data = (uint8_t *)qdf_nbuf_data(wbuf) + off; 727 space = qdf_nbuf_len(wbuf) - off; 728 } 729 } 730 /* Last block and padding (0x5a, 4..7 x 0) */ 731 switch (data_len) { 732 case 0: 733 l ^= dp_rx_get_le32_split(0x5a, 0, 0, 0); 734 break; 735 case 1: 736 l ^= dp_rx_get_le32_split(data[0], 0x5a, 0, 0); 737 break; 738 case 2: 739 l ^= dp_rx_get_le32_split(data[0], data[1], 0x5a, 0); 740 break; 741 case 3: 742 l ^= dp_rx_get_le32_split(data[0], data[1], data[2], 0x5a); 743 break; 744 } 745 dp_rx_michael_block(l, r); 746 dp_rx_michael_block(l, r); 747 dp_rx_put_le32(mic, l); 748 dp_rx_put_le32(mic + 4, r); 749 750 return QDF_STATUS_SUCCESS; 751 } 752 753 /* 754 * dp_rx_defrag_tkip_demic(): Remove MIC header from the TKIP frame 755 * @key: Pointer to the key 756 * @msdu: fragment buffer 757 * @hdrlen: Length of the header information 758 * 759 * Remove MIC information from the TKIP frame 760 * 761 * Returns: QDF_STATUS 762 */ 763 static QDF_STATUS dp_rx_defrag_tkip_demic(const uint8_t *key, 764 qdf_nbuf_t msdu, uint16_t hdrlen) 765 { 766 QDF_STATUS status; 767 uint32_t pktlen = 0; 768 uint8_t mic[IEEE80211_WEP_MICLEN]; 769 uint8_t mic0[IEEE80211_WEP_MICLEN]; 770 qdf_nbuf_t prev = NULL, next; 771 772 next = msdu; 773 while (next) { 774 pktlen += (qdf_nbuf_len(next) - hdrlen); 775 prev = next; 776 dp_debug("%s pktlen %u", __func__, 777 (uint32_t)(qdf_nbuf_len(next) - hdrlen)); 778 next = qdf_nbuf_next(next); 779 } 780 781 if (!prev) { 782 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 783 "%s Defrag chaining failed !\n", __func__); 784 return QDF_STATUS_E_DEFRAG_ERROR; 785 } 786 787 qdf_nbuf_copy_bits(prev, qdf_nbuf_len(prev) - dp_f_tkip.ic_miclen, 788 dp_f_tkip.ic_miclen, (caddr_t)mic0); 789 qdf_nbuf_trim_tail(prev, dp_f_tkip.ic_miclen); 790 pktlen -= dp_f_tkip.ic_miclen; 791 792 status = dp_rx_defrag_mic(key, msdu, hdrlen, 793 pktlen, mic); 794 795 if (QDF_IS_STATUS_ERROR(status)) 796 return status; 797 798 if (qdf_mem_cmp(mic, mic0, dp_f_tkip.ic_miclen)) 799 return QDF_STATUS_E_DEFRAG_ERROR; 800 801 return QDF_STATUS_SUCCESS; 802 } 803 804 /* 805 * dp_rx_frag_pull_hdr(): Pulls the RXTLV & the 802.11 headers 806 * @nbuf: buffer pointer 807 * @hdrsize: size of the header to be pulled 808 * 809 * Pull the RXTLV & the 802.11 headers 810 * 811 * Returns: None 812 */ 813 static void dp_rx_frag_pull_hdr(qdf_nbuf_t nbuf, uint16_t hdrsize) 814 { 815 struct rx_pkt_tlvs *rx_pkt_tlv = 816 (struct rx_pkt_tlvs *)qdf_nbuf_data(nbuf); 817 struct rx_mpdu_info *rx_mpdu_info_details = 818 &rx_pkt_tlv->mpdu_start_tlv.rx_mpdu_start.rx_mpdu_info_details; 819 820 dp_debug("pn_31_0 0x%x pn_63_32 0x%x pn_95_64 0x%x pn_127_96 0x%x\n", 821 rx_mpdu_info_details->pn_31_0, rx_mpdu_info_details->pn_63_32, 822 rx_mpdu_info_details->pn_95_64, 823 rx_mpdu_info_details->pn_127_96); 824 825 qdf_nbuf_pull_head(nbuf, RX_PKT_TLVS_LEN + hdrsize); 826 827 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG, 828 "%s: final pktlen %d .11len %d", 829 __func__, (uint32_t)qdf_nbuf_len(nbuf), hdrsize); 830 } 831 832 /* 833 * dp_rx_construct_fraglist(): Construct a nbuf fraglist 834 * @peer: Pointer to the peer 835 * @head: Pointer to list of fragments 836 * @hdrsize: Size of the header to be pulled 837 * 838 * Construct a nbuf fraglist 839 * 840 * Returns: None 841 */ 842 static int 843 dp_rx_construct_fraglist(struct dp_peer *peer, int tid, qdf_nbuf_t head, 844 uint16_t hdrsize) 845 { 846 qdf_nbuf_t msdu = qdf_nbuf_next(head); 847 qdf_nbuf_t rx_nbuf = msdu; 848 struct dp_rx_tid *rx_tid = &peer->rx_tid[tid]; 849 uint32_t len = 0; 850 uint64_t cur_pn128[2], prev_pn128[2]; 851 int out_of_order = 0; 852 853 prev_pn128[0] = rx_tid->pn128[0]; 854 prev_pn128[1] = rx_tid->pn128[1]; 855 856 while (msdu) { 857 struct rx_pkt_tlvs *rx_pkt_tlv = 858 (struct rx_pkt_tlvs *)qdf_nbuf_data(msdu); 859 struct rx_mpdu_info *rx_mpdu_info_details = 860 &rx_pkt_tlv->mpdu_start_tlv.rx_mpdu_start.rx_mpdu_info_details; 861 862 cur_pn128[0] = rx_mpdu_info_details->pn_31_0; 863 cur_pn128[0] |= 864 ((uint64_t)rx_mpdu_info_details->pn_63_32 << 32); 865 cur_pn128[1] = rx_mpdu_info_details->pn_95_64; 866 cur_pn128[1] |= 867 ((uint64_t)rx_mpdu_info_details->pn_127_96 << 32); 868 869 dp_debug("cur_pn128[0] 0x%llx cur_pn128[1] 0x%llx prev_pn128[0] 0x%llx prev_pn128[1] 0x%llx", 870 cur_pn128[0], cur_pn128[1], 871 prev_pn128[0], prev_pn128[1]); 872 if (cur_pn128[1] == prev_pn128[1]) 873 out_of_order = (cur_pn128[0] <= prev_pn128[0]); 874 else 875 out_of_order = (cur_pn128[1] < prev_pn128[1]); 876 877 if (out_of_order) 878 return QDF_STATUS_E_FAILURE; 879 880 prev_pn128[0] = cur_pn128[0]; 881 prev_pn128[1] = cur_pn128[1]; 882 883 dp_rx_frag_pull_hdr(msdu, hdrsize); 884 len += qdf_nbuf_len(msdu); 885 msdu = qdf_nbuf_next(msdu); 886 } 887 888 qdf_nbuf_append_ext_list(head, rx_nbuf, len); 889 qdf_nbuf_set_next(head, NULL); 890 qdf_nbuf_set_is_frag(head, 1); 891 892 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG, 893 "%s: head len %d ext len %d data len %d ", 894 __func__, 895 (uint32_t)qdf_nbuf_len(head), 896 (uint32_t)qdf_nbuf_len(rx_nbuf), 897 (uint32_t)(head->data_len)); 898 899 return QDF_STATUS_SUCCESS; 900 } 901 902 /** 903 * dp_rx_defrag_err() - rx err handler 904 * @pdev: handle to pdev object 905 * @vdev_id: vdev id 906 * @peer_mac_addr: peer mac address 907 * @tid: TID 908 * @tsf32: TSF 909 * @err_type: error type 910 * @rx_frame: rx frame 911 * @pn: PN Number 912 * @key_id: key id 913 * 914 * This function handles rx error and send MIC error notification 915 * 916 * Return: None 917 */ 918 static void dp_rx_defrag_err(struct dp_vdev *vdev, qdf_nbuf_t nbuf) 919 { 920 struct ol_if_ops *tops = NULL; 921 struct dp_pdev *pdev = vdev->pdev; 922 int rx_desc_len = SIZE_OF_DATA_RX_TLV; 923 uint8_t *orig_hdr; 924 struct ieee80211_frame *wh; 925 struct cdp_rx_mic_err_info mic_failure_info; 926 927 orig_hdr = (uint8_t *)(qdf_nbuf_data(nbuf) + rx_desc_len); 928 wh = (struct ieee80211_frame *)orig_hdr; 929 930 qdf_copy_macaddr((struct qdf_mac_addr *)&mic_failure_info.da_mac_addr, 931 (struct qdf_mac_addr *)&wh->i_addr1); 932 qdf_copy_macaddr((struct qdf_mac_addr *)&mic_failure_info.ta_mac_addr, 933 (struct qdf_mac_addr *)&wh->i_addr2); 934 mic_failure_info.key_id = 0; 935 mic_failure_info.multicast = 936 IEEE80211_IS_MULTICAST(wh->i_addr1); 937 qdf_mem_zero(mic_failure_info.tsc, MIC_SEQ_CTR_SIZE); 938 mic_failure_info.frame_type = cdp_rx_frame_type_802_11; 939 mic_failure_info.data = (uint8_t *)wh; 940 mic_failure_info.vdev_id = vdev->vdev_id; 941 942 tops = pdev->soc->cdp_soc.ol_ops; 943 if (tops->rx_mic_error) 944 tops->rx_mic_error(pdev->soc->ctrl_psoc, pdev->pdev_id, 945 &mic_failure_info); 946 } 947 948 949 /* 950 * dp_rx_defrag_nwifi_to_8023(): Transcap 802.11 to 802.3 951 * @soc: dp soc handle 952 * @nbuf: Pointer to the fragment buffer 953 * @hdrsize: Size of headers 954 * 955 * Transcap the fragment from 802.11 to 802.3 956 * 957 * Returns: None 958 */ 959 static void 960 dp_rx_defrag_nwifi_to_8023(struct dp_soc *soc, struct dp_peer *peer, int tid, 961 qdf_nbuf_t nbuf, uint16_t hdrsize) 962 { 963 struct llc_snap_hdr_t *llchdr; 964 struct ethernet_hdr_t *eth_hdr; 965 uint8_t ether_type[2]; 966 uint16_t fc = 0; 967 union dp_align_mac_addr mac_addr; 968 uint8_t *rx_desc_info = qdf_mem_malloc(RX_PKT_TLVS_LEN); 969 struct rx_pkt_tlvs *rx_pkt_tlv = 970 (struct rx_pkt_tlvs *)qdf_nbuf_data(nbuf); 971 struct rx_mpdu_info *rx_mpdu_info_details = 972 &rx_pkt_tlv->mpdu_start_tlv.rx_mpdu_start.rx_mpdu_info_details; 973 struct dp_rx_tid *rx_tid = &peer->rx_tid[tid]; 974 975 dp_debug("head_nbuf pn_31_0 0x%x pn_63_32 0x%x pn_95_64 0x%x pn_127_96 0x%x\n", 976 rx_mpdu_info_details->pn_31_0, rx_mpdu_info_details->pn_63_32, 977 rx_mpdu_info_details->pn_95_64, 978 rx_mpdu_info_details->pn_127_96); 979 980 rx_tid->pn128[0] = rx_mpdu_info_details->pn_31_0; 981 rx_tid->pn128[0] |= ((uint64_t)rx_mpdu_info_details->pn_63_32 << 32); 982 rx_tid->pn128[1] = rx_mpdu_info_details->pn_95_64; 983 rx_tid->pn128[1] |= ((uint64_t)rx_mpdu_info_details->pn_127_96 << 32); 984 985 if (!rx_desc_info) { 986 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 987 "%s: Memory alloc failed ! ", __func__); 988 QDF_ASSERT(0); 989 return; 990 } 991 992 qdf_mem_copy(rx_desc_info, qdf_nbuf_data(nbuf), RX_PKT_TLVS_LEN); 993 994 llchdr = (struct llc_snap_hdr_t *)(qdf_nbuf_data(nbuf) + 995 RX_PKT_TLVS_LEN + hdrsize); 996 qdf_mem_copy(ether_type, llchdr->ethertype, 2); 997 998 qdf_nbuf_pull_head(nbuf, (RX_PKT_TLVS_LEN + hdrsize + 999 sizeof(struct llc_snap_hdr_t) - 1000 sizeof(struct ethernet_hdr_t))); 1001 1002 eth_hdr = (struct ethernet_hdr_t *)(qdf_nbuf_data(nbuf)); 1003 1004 if (hal_rx_get_mpdu_frame_control_valid(soc->hal_soc, 1005 rx_desc_info)) 1006 fc = hal_rx_get_frame_ctrl_field(rx_desc_info); 1007 1008 dp_debug("%s: frame control type: 0x%x", __func__, fc); 1009 1010 switch (((fc & 0xff00) >> 8) & IEEE80211_FC1_DIR_MASK) { 1011 case IEEE80211_FC1_DIR_NODS: 1012 hal_rx_mpdu_get_addr1(soc->hal_soc, rx_desc_info, 1013 &mac_addr.raw[0]); 1014 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 1015 QDF_MAC_ADDR_SIZE); 1016 hal_rx_mpdu_get_addr2(soc->hal_soc, rx_desc_info, 1017 &mac_addr.raw[0]); 1018 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 1019 QDF_MAC_ADDR_SIZE); 1020 break; 1021 case IEEE80211_FC1_DIR_TODS: 1022 hal_rx_mpdu_get_addr3(soc->hal_soc, rx_desc_info, 1023 &mac_addr.raw[0]); 1024 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 1025 QDF_MAC_ADDR_SIZE); 1026 hal_rx_mpdu_get_addr2(soc->hal_soc, rx_desc_info, 1027 &mac_addr.raw[0]); 1028 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 1029 QDF_MAC_ADDR_SIZE); 1030 break; 1031 case IEEE80211_FC1_DIR_FROMDS: 1032 hal_rx_mpdu_get_addr1(soc->hal_soc, rx_desc_info, 1033 &mac_addr.raw[0]); 1034 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 1035 QDF_MAC_ADDR_SIZE); 1036 hal_rx_mpdu_get_addr3(soc->hal_soc, rx_desc_info, 1037 &mac_addr.raw[0]); 1038 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 1039 QDF_MAC_ADDR_SIZE); 1040 break; 1041 1042 case IEEE80211_FC1_DIR_DSTODS: 1043 hal_rx_mpdu_get_addr3(soc->hal_soc, rx_desc_info, 1044 &mac_addr.raw[0]); 1045 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 1046 QDF_MAC_ADDR_SIZE); 1047 hal_rx_mpdu_get_addr4(soc->hal_soc, rx_desc_info, 1048 &mac_addr.raw[0]); 1049 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 1050 QDF_MAC_ADDR_SIZE); 1051 break; 1052 1053 default: 1054 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1055 "%s: Unknown frame control type: 0x%x", __func__, fc); 1056 } 1057 1058 qdf_mem_copy(eth_hdr->ethertype, ether_type, 1059 sizeof(ether_type)); 1060 1061 qdf_nbuf_push_head(nbuf, RX_PKT_TLVS_LEN); 1062 qdf_mem_copy(qdf_nbuf_data(nbuf), rx_desc_info, RX_PKT_TLVS_LEN); 1063 qdf_mem_free(rx_desc_info); 1064 } 1065 1066 #ifdef RX_DEFRAG_DO_NOT_REINJECT 1067 /* 1068 * dp_rx_defrag_deliver(): Deliver defrag packet to stack 1069 * @peer: Pointer to the peer 1070 * @tid: Transmit Identifier 1071 * @head: Nbuf to be delivered 1072 * 1073 * Returns: None 1074 */ 1075 static inline void dp_rx_defrag_deliver(struct dp_peer *peer, 1076 unsigned int tid, 1077 qdf_nbuf_t head) 1078 { 1079 struct dp_vdev *vdev = peer->vdev; 1080 struct dp_soc *soc = vdev->pdev->soc; 1081 qdf_nbuf_t deliver_list_head = NULL; 1082 qdf_nbuf_t deliver_list_tail = NULL; 1083 uint8_t *rx_tlv_hdr; 1084 1085 rx_tlv_hdr = qdf_nbuf_data(head); 1086 1087 QDF_NBUF_CB_RX_VDEV_ID(head) = vdev->vdev_id; 1088 qdf_nbuf_set_tid_val(head, tid); 1089 qdf_nbuf_pull_head(head, RX_PKT_TLVS_LEN); 1090 1091 DP_RX_LIST_APPEND(deliver_list_head, deliver_list_tail, 1092 head); 1093 dp_rx_deliver_to_stack(soc, vdev, peer, deliver_list_head, 1094 deliver_list_tail); 1095 } 1096 1097 /* 1098 * dp_rx_defrag_reo_reinject(): Reinject the fragment chain back into REO 1099 * @peer: Pointer to the peer 1100 * @tid: Transmit Identifier 1101 * @head: Buffer to be reinjected back 1102 * 1103 * Reinject the fragment chain back into REO 1104 * 1105 * Returns: QDF_STATUS 1106 */ 1107 static QDF_STATUS dp_rx_defrag_reo_reinject(struct dp_peer *peer, 1108 unsigned int tid, qdf_nbuf_t head) 1109 { 1110 struct dp_rx_reorder_array_elem *rx_reorder_array_elem; 1111 1112 rx_reorder_array_elem = peer->rx_tid[tid].array; 1113 1114 dp_rx_defrag_deliver(peer, tid, head); 1115 rx_reorder_array_elem->head = NULL; 1116 rx_reorder_array_elem->tail = NULL; 1117 dp_rx_return_head_frag_desc(peer, tid); 1118 1119 return QDF_STATUS_SUCCESS; 1120 } 1121 #else 1122 #ifdef WLAN_FEATURE_DP_RX_RING_HISTORY 1123 /** 1124 * dp_rx_reinject_ring_record_entry() - Record reinject ring history 1125 * @soc: Datapath soc structure 1126 * @paddr: paddr of the buffer reinjected to SW2REO ring 1127 * @sw_cookie: SW cookie of the buffer reinjected to SW2REO ring 1128 * @rbm: Return buffer manager of the buffer reinjected to SW2REO ring 1129 * 1130 * Returns: None 1131 */ 1132 static inline void 1133 dp_rx_reinject_ring_record_entry(struct dp_soc *soc, uint64_t paddr, 1134 uint32_t sw_cookie, uint8_t rbm) 1135 { 1136 struct dp_buf_info_record *record; 1137 uint32_t idx; 1138 1139 if (qdf_unlikely(soc->rx_reinject_ring_history)) 1140 return; 1141 1142 idx = dp_history_get_next_index(&soc->rx_reinject_ring_history->index, 1143 DP_RX_REINJECT_HIST_MAX); 1144 1145 /* No NULL check needed for record since its an array */ 1146 record = &soc->rx_reinject_ring_history->entry[idx]; 1147 1148 record->timestamp = qdf_get_log_timestamp(); 1149 record->hbi.paddr = paddr; 1150 record->hbi.sw_cookie = sw_cookie; 1151 record->hbi.rbm = rbm; 1152 } 1153 #else 1154 static inline void 1155 dp_rx_reinject_ring_record_entry(struct dp_soc *soc, uint64_t paddr, 1156 uint32_t sw_cookie, uint8_t rbm) 1157 { 1158 } 1159 #endif 1160 1161 /* 1162 * dp_rx_defrag_reo_reinject(): Reinject the fragment chain back into REO 1163 * @peer: Pointer to the peer 1164 * @tid: Transmit Identifier 1165 * @head: Buffer to be reinjected back 1166 * 1167 * Reinject the fragment chain back into REO 1168 * 1169 * Returns: QDF_STATUS 1170 */ 1171 static QDF_STATUS dp_rx_defrag_reo_reinject(struct dp_peer *peer, 1172 unsigned int tid, qdf_nbuf_t head) 1173 { 1174 struct dp_pdev *pdev = peer->vdev->pdev; 1175 struct dp_soc *soc = pdev->soc; 1176 struct hal_buf_info buf_info; 1177 void *link_desc_va; 1178 void *msdu0, *msdu_desc_info; 1179 void *ent_ring_desc, *ent_mpdu_desc_info, *ent_qdesc_addr; 1180 void *dst_mpdu_desc_info, *dst_qdesc_addr; 1181 qdf_dma_addr_t paddr; 1182 uint32_t nbuf_len, seq_no, dst_ind; 1183 uint32_t *mpdu_wrd; 1184 uint32_t ret, cookie; 1185 hal_ring_desc_t dst_ring_desc = 1186 peer->rx_tid[tid].dst_ring_desc; 1187 hal_ring_handle_t hal_srng = soc->reo_reinject_ring.hal_srng; 1188 struct dp_rx_desc *rx_desc = peer->rx_tid[tid].head_frag_desc; 1189 struct dp_rx_reorder_array_elem *rx_reorder_array_elem = 1190 peer->rx_tid[tid].array; 1191 qdf_nbuf_t nbuf_head; 1192 struct rx_desc_pool *rx_desc_pool = NULL; 1193 void *buf_addr_info = HAL_RX_REO_BUF_ADDR_INFO_GET(dst_ring_desc); 1194 1195 /* do duplicate link desc address check */ 1196 dp_rx_link_desc_refill_duplicate_check( 1197 soc, 1198 &soc->last_op_info.reo_reinject_link_desc, 1199 buf_addr_info); 1200 1201 nbuf_head = dp_ipa_handle_rx_reo_reinject(soc, head); 1202 if (qdf_unlikely(!nbuf_head)) { 1203 dp_err_rl("IPA RX REO reinject failed"); 1204 return QDF_STATUS_E_FAILURE; 1205 } 1206 1207 /* update new allocated skb in case IPA is enabled */ 1208 if (nbuf_head != head) { 1209 head = nbuf_head; 1210 rx_desc->nbuf = head; 1211 rx_reorder_array_elem->head = head; 1212 } 1213 1214 ent_ring_desc = hal_srng_src_get_next(soc->hal_soc, hal_srng); 1215 if (!ent_ring_desc) { 1216 dp_err_rl("HAL src ring next entry NULL"); 1217 return QDF_STATUS_E_FAILURE; 1218 } 1219 1220 hal_rx_reo_buf_paddr_get(dst_ring_desc, &buf_info); 1221 1222 link_desc_va = dp_rx_cookie_2_link_desc_va(soc, &buf_info); 1223 1224 qdf_assert_always(link_desc_va); 1225 1226 msdu0 = hal_rx_msdu0_buffer_addr_lsb(soc->hal_soc, link_desc_va); 1227 nbuf_len = qdf_nbuf_len(head) - RX_PKT_TLVS_LEN; 1228 1229 HAL_RX_UNIFORM_HDR_SET(link_desc_va, OWNER, UNI_DESC_OWNER_SW); 1230 HAL_RX_UNIFORM_HDR_SET(link_desc_va, BUFFER_TYPE, 1231 UNI_DESC_BUF_TYPE_RX_MSDU_LINK); 1232 1233 /* msdu reconfig */ 1234 msdu_desc_info = hal_rx_msdu_desc_info_ptr_get(soc->hal_soc, msdu0); 1235 1236 dst_ind = hal_rx_msdu_reo_dst_ind_get(soc->hal_soc, link_desc_va); 1237 1238 qdf_mem_zero(msdu_desc_info, sizeof(struct rx_msdu_desc_info)); 1239 1240 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1241 FIRST_MSDU_IN_MPDU_FLAG, 1); 1242 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1243 LAST_MSDU_IN_MPDU_FLAG, 1); 1244 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1245 MSDU_CONTINUATION, 0x0); 1246 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1247 REO_DESTINATION_INDICATION, dst_ind); 1248 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1249 MSDU_LENGTH, nbuf_len); 1250 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1251 SA_IS_VALID, 1); 1252 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1253 DA_IS_VALID, 1); 1254 1255 /* change RX TLV's */ 1256 hal_rx_msdu_start_msdu_len_set( 1257 qdf_nbuf_data(head), nbuf_len); 1258 1259 cookie = HAL_RX_BUF_COOKIE_GET(msdu0); 1260 rx_desc_pool = &soc->rx_desc_buf[pdev->lmac_id]; 1261 1262 /* map the nbuf before reinject it into HW */ 1263 ret = qdf_nbuf_map_nbytes_single(soc->osdev, head, 1264 QDF_DMA_FROM_DEVICE, 1265 rx_desc_pool->buf_size); 1266 if (qdf_unlikely(ret == QDF_STATUS_E_FAILURE)) { 1267 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1268 "%s: nbuf map failed !", __func__); 1269 return QDF_STATUS_E_FAILURE; 1270 } 1271 1272 /* 1273 * As part of rx frag handler bufffer was unmapped and rx desc 1274 * unmapped is set to 1. So again for defrag reinject frame reset 1275 * it back to 0. 1276 */ 1277 rx_desc->unmapped = 0; 1278 1279 dp_ipa_handle_rx_buf_smmu_mapping(soc, head, 1280 rx_desc_pool->buf_size, 1281 true); 1282 1283 paddr = qdf_nbuf_get_frag_paddr(head, 0); 1284 1285 ret = check_x86_paddr(soc, &head, &paddr, rx_desc_pool); 1286 1287 if (ret == QDF_STATUS_E_FAILURE) { 1288 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1289 "%s: x86 check failed !", __func__); 1290 return QDF_STATUS_E_FAILURE; 1291 } 1292 1293 hal_rxdma_buff_addr_info_set(msdu0, paddr, cookie, DP_DEFRAG_RBM); 1294 1295 /* Lets fill entrance ring now !!! */ 1296 if (qdf_unlikely(hal_srng_access_start(soc->hal_soc, hal_srng))) { 1297 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1298 "HAL RING Access For REO entrance SRNG Failed: %pK", 1299 hal_srng); 1300 1301 return QDF_STATUS_E_FAILURE; 1302 } 1303 1304 dp_rx_reinject_ring_record_entry(soc, paddr, cookie, DP_DEFRAG_RBM); 1305 paddr = (uint64_t)buf_info.paddr; 1306 /* buf addr */ 1307 hal_rxdma_buff_addr_info_set(ent_ring_desc, paddr, 1308 buf_info.sw_cookie, 1309 HAL_RX_BUF_RBM_WBM_IDLE_DESC_LIST); 1310 /* mpdu desc info */ 1311 ent_mpdu_desc_info = hal_ent_mpdu_desc_info(soc->hal_soc, 1312 ent_ring_desc); 1313 dst_mpdu_desc_info = hal_dst_mpdu_desc_info(soc->hal_soc, 1314 dst_ring_desc); 1315 1316 qdf_mem_copy(ent_mpdu_desc_info, dst_mpdu_desc_info, 1317 sizeof(struct rx_mpdu_desc_info)); 1318 qdf_mem_zero(ent_mpdu_desc_info, sizeof(uint32_t)); 1319 1320 mpdu_wrd = (uint32_t *)dst_mpdu_desc_info; 1321 seq_no = HAL_RX_MPDU_SEQUENCE_NUMBER_GET(mpdu_wrd); 1322 1323 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1324 MSDU_COUNT, 0x1); 1325 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1326 MPDU_SEQUENCE_NUMBER, seq_no); 1327 /* unset frag bit */ 1328 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1329 FRAGMENT_FLAG, 0x0); 1330 /* set sa/da valid bits */ 1331 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1332 SA_IS_VALID, 0x1); 1333 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1334 DA_IS_VALID, 0x1); 1335 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1336 RAW_MPDU, 0x0); 1337 1338 /* qdesc addr */ 1339 ent_qdesc_addr = (uint8_t *)ent_ring_desc + 1340 REO_ENTRANCE_RING_4_RX_REO_QUEUE_DESC_ADDR_31_0_OFFSET; 1341 1342 dst_qdesc_addr = (uint8_t *)dst_ring_desc + 1343 REO_DESTINATION_RING_6_RX_REO_QUEUE_DESC_ADDR_31_0_OFFSET; 1344 1345 qdf_mem_copy(ent_qdesc_addr, dst_qdesc_addr, 8); 1346 1347 HAL_RX_FLD_SET(ent_ring_desc, REO_ENTRANCE_RING_5, 1348 REO_DESTINATION_INDICATION, dst_ind); 1349 1350 hal_srng_access_end(soc->hal_soc, hal_srng); 1351 1352 DP_STATS_INC(soc, rx.reo_reinject, 1); 1353 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG, 1354 "%s: reinjection done !", __func__); 1355 return QDF_STATUS_SUCCESS; 1356 } 1357 #endif 1358 1359 /* 1360 * dp_rx_defrag(): Defragment the fragment chain 1361 * @peer: Pointer to the peer 1362 * @tid: Transmit Identifier 1363 * @frag_list_head: Pointer to head list 1364 * @frag_list_tail: Pointer to tail list 1365 * 1366 * Defragment the fragment chain 1367 * 1368 * Returns: QDF_STATUS 1369 */ 1370 static QDF_STATUS dp_rx_defrag(struct dp_peer *peer, unsigned tid, 1371 qdf_nbuf_t frag_list_head, qdf_nbuf_t frag_list_tail) 1372 { 1373 qdf_nbuf_t tmp_next, prev; 1374 qdf_nbuf_t cur = frag_list_head, msdu; 1375 uint32_t index, tkip_demic = 0; 1376 uint16_t hdr_space; 1377 uint8_t key[DEFRAG_IEEE80211_KEY_LEN]; 1378 struct dp_vdev *vdev = peer->vdev; 1379 struct dp_soc *soc = vdev->pdev->soc; 1380 uint8_t status = 0; 1381 1382 hdr_space = dp_rx_defrag_hdrsize(soc, cur); 1383 index = hal_rx_msdu_is_wlan_mcast(cur) ? 1384 dp_sec_mcast : dp_sec_ucast; 1385 1386 /* Remove FCS from all fragments */ 1387 while (cur) { 1388 tmp_next = qdf_nbuf_next(cur); 1389 qdf_nbuf_set_next(cur, NULL); 1390 qdf_nbuf_trim_tail(cur, DEFRAG_IEEE80211_FCS_LEN); 1391 prev = cur; 1392 qdf_nbuf_set_next(cur, tmp_next); 1393 cur = tmp_next; 1394 } 1395 cur = frag_list_head; 1396 1397 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_DEBUG, 1398 "%s: index %d Security type: %d", __func__, 1399 index, peer->security[index].sec_type); 1400 1401 switch (peer->security[index].sec_type) { 1402 case cdp_sec_type_tkip: 1403 tkip_demic = 1; 1404 1405 case cdp_sec_type_tkip_nomic: 1406 while (cur) { 1407 tmp_next = qdf_nbuf_next(cur); 1408 if (dp_rx_defrag_tkip_decap(cur, hdr_space)) { 1409 1410 QDF_TRACE(QDF_MODULE_ID_TXRX, 1411 QDF_TRACE_LEVEL_ERROR, 1412 "dp_rx_defrag: TKIP decap failed"); 1413 1414 return QDF_STATUS_E_DEFRAG_ERROR; 1415 } 1416 cur = tmp_next; 1417 } 1418 1419 /* If success, increment header to be stripped later */ 1420 hdr_space += dp_f_tkip.ic_header; 1421 break; 1422 1423 case cdp_sec_type_aes_ccmp: 1424 while (cur) { 1425 tmp_next = qdf_nbuf_next(cur); 1426 if (dp_rx_defrag_ccmp_demic(cur, hdr_space)) { 1427 1428 QDF_TRACE(QDF_MODULE_ID_TXRX, 1429 QDF_TRACE_LEVEL_ERROR, 1430 "dp_rx_defrag: CCMP demic failed"); 1431 1432 return QDF_STATUS_E_DEFRAG_ERROR; 1433 } 1434 if (dp_rx_defrag_ccmp_decap(cur, hdr_space)) { 1435 1436 QDF_TRACE(QDF_MODULE_ID_TXRX, 1437 QDF_TRACE_LEVEL_ERROR, 1438 "dp_rx_defrag: CCMP decap failed"); 1439 1440 return QDF_STATUS_E_DEFRAG_ERROR; 1441 } 1442 cur = tmp_next; 1443 } 1444 1445 /* If success, increment header to be stripped later */ 1446 hdr_space += dp_f_ccmp.ic_header; 1447 break; 1448 1449 case cdp_sec_type_wep40: 1450 case cdp_sec_type_wep104: 1451 case cdp_sec_type_wep128: 1452 while (cur) { 1453 tmp_next = qdf_nbuf_next(cur); 1454 if (dp_rx_defrag_wep_decap(cur, hdr_space)) { 1455 1456 QDF_TRACE(QDF_MODULE_ID_TXRX, 1457 QDF_TRACE_LEVEL_ERROR, 1458 "dp_rx_defrag: WEP decap failed"); 1459 1460 return QDF_STATUS_E_DEFRAG_ERROR; 1461 } 1462 cur = tmp_next; 1463 } 1464 1465 /* If success, increment header to be stripped later */ 1466 hdr_space += dp_f_wep.ic_header; 1467 break; 1468 default: 1469 break; 1470 } 1471 1472 if (tkip_demic) { 1473 msdu = frag_list_head; 1474 qdf_mem_copy(key, 1475 &peer->security[index].michael_key[0], 1476 IEEE80211_WEP_MICLEN); 1477 status = dp_rx_defrag_tkip_demic(key, msdu, 1478 RX_PKT_TLVS_LEN + 1479 hdr_space); 1480 1481 if (status) { 1482 dp_rx_defrag_err(vdev, frag_list_head); 1483 1484 QDF_TRACE(QDF_MODULE_ID_TXRX, 1485 QDF_TRACE_LEVEL_ERROR, 1486 "%s: TKIP demic failed status %d", 1487 __func__, status); 1488 1489 return QDF_STATUS_E_DEFRAG_ERROR; 1490 } 1491 } 1492 1493 /* Convert the header to 802.3 header */ 1494 dp_rx_defrag_nwifi_to_8023(soc, peer, tid, frag_list_head, hdr_space); 1495 if (dp_rx_construct_fraglist(peer, tid, frag_list_head, hdr_space)) 1496 return QDF_STATUS_E_DEFRAG_ERROR; 1497 1498 return QDF_STATUS_SUCCESS; 1499 } 1500 1501 /* 1502 * dp_rx_defrag_cleanup(): Clean up activities 1503 * @peer: Pointer to the peer 1504 * @tid: Transmit Identifier 1505 * 1506 * Returns: None 1507 */ 1508 void dp_rx_defrag_cleanup(struct dp_peer *peer, unsigned tid) 1509 { 1510 struct dp_rx_reorder_array_elem *rx_reorder_array_elem = 1511 peer->rx_tid[tid].array; 1512 1513 if (rx_reorder_array_elem) { 1514 /* Free up nbufs */ 1515 dp_rx_defrag_frames_free(rx_reorder_array_elem->head); 1516 rx_reorder_array_elem->head = NULL; 1517 rx_reorder_array_elem->tail = NULL; 1518 } else { 1519 dp_info("Cleanup self peer %pK and TID %u at MAC address %pM", 1520 peer, tid, peer->mac_addr.raw); 1521 } 1522 1523 /* Free up saved ring descriptors */ 1524 dp_rx_clear_saved_desc_info(peer, tid); 1525 1526 peer->rx_tid[tid].defrag_timeout_ms = 0; 1527 peer->rx_tid[tid].curr_frag_num = 0; 1528 peer->rx_tid[tid].curr_seq_num = 0; 1529 } 1530 1531 /* 1532 * dp_rx_defrag_save_info_from_ring_desc(): Save info from REO ring descriptor 1533 * @ring_desc: Pointer to the dst ring descriptor 1534 * @peer: Pointer to the peer 1535 * @tid: Transmit Identifier 1536 * 1537 * Returns: None 1538 */ 1539 static QDF_STATUS 1540 dp_rx_defrag_save_info_from_ring_desc(hal_ring_desc_t ring_desc, 1541 struct dp_rx_desc *rx_desc, 1542 struct dp_peer *peer, 1543 unsigned int tid) 1544 { 1545 void *dst_ring_desc = qdf_mem_malloc( 1546 sizeof(struct reo_destination_ring)); 1547 1548 if (!dst_ring_desc) { 1549 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1550 "%s: Memory alloc failed !", __func__); 1551 QDF_ASSERT(0); 1552 return QDF_STATUS_E_NOMEM; 1553 } 1554 1555 qdf_mem_copy(dst_ring_desc, ring_desc, 1556 sizeof(struct reo_destination_ring)); 1557 1558 peer->rx_tid[tid].dst_ring_desc = dst_ring_desc; 1559 peer->rx_tid[tid].head_frag_desc = rx_desc; 1560 1561 return QDF_STATUS_SUCCESS; 1562 } 1563 1564 /* 1565 * dp_rx_defrag_store_fragment(): Store incoming fragments 1566 * @soc: Pointer to the SOC data structure 1567 * @ring_desc: Pointer to the ring descriptor 1568 * @mpdu_desc_info: MPDU descriptor info 1569 * @tid: Traffic Identifier 1570 * @rx_desc: Pointer to rx descriptor 1571 * @rx_bfs: Number of bfs consumed 1572 * 1573 * Returns: QDF_STATUS 1574 */ 1575 static QDF_STATUS 1576 dp_rx_defrag_store_fragment(struct dp_soc *soc, 1577 hal_ring_desc_t ring_desc, 1578 union dp_rx_desc_list_elem_t **head, 1579 union dp_rx_desc_list_elem_t **tail, 1580 struct hal_rx_mpdu_desc_info *mpdu_desc_info, 1581 unsigned int tid, struct dp_rx_desc *rx_desc, 1582 uint32_t *rx_bfs) 1583 { 1584 struct dp_rx_reorder_array_elem *rx_reorder_array_elem; 1585 struct dp_pdev *pdev; 1586 struct dp_peer *peer = NULL; 1587 uint16_t peer_id; 1588 uint8_t fragno, more_frag, all_frag_present = 0; 1589 uint16_t rxseq = mpdu_desc_info->mpdu_seq; 1590 QDF_STATUS status; 1591 struct dp_rx_tid *rx_tid; 1592 uint8_t mpdu_sequence_control_valid; 1593 uint8_t mpdu_frame_control_valid; 1594 qdf_nbuf_t frag = rx_desc->nbuf; 1595 uint32_t msdu_len; 1596 1597 if (qdf_nbuf_len(frag) > 0) { 1598 dp_info("Dropping unexpected packet with skb_len: %d," 1599 "data len: %d, cookie: %d", 1600 (uint32_t)qdf_nbuf_len(frag), frag->data_len, 1601 rx_desc->cookie); 1602 DP_STATS_INC(soc, rx.rx_frag_err_len_error, 1); 1603 goto discard_frag; 1604 } 1605 1606 if (dp_rx_buffer_pool_refill(soc, frag, rx_desc->pool_id)) { 1607 /* fragment queued back to the pool, free the link desc */ 1608 goto err_free_desc; 1609 } 1610 1611 msdu_len = hal_rx_msdu_start_msdu_len_get(rx_desc->rx_buf_start); 1612 1613 qdf_nbuf_set_pktlen(frag, (msdu_len + RX_PKT_TLVS_LEN)); 1614 qdf_nbuf_append_ext_list(frag, NULL, 0); 1615 1616 /* Check if the packet is from a valid peer */ 1617 peer_id = DP_PEER_METADATA_PEER_ID_GET( 1618 mpdu_desc_info->peer_meta_data); 1619 peer = dp_peer_find_by_id(soc, peer_id); 1620 1621 if (!peer) { 1622 /* We should not receive anything from unknown peer 1623 * however, that might happen while we are in the monitor mode. 1624 * We don't need to handle that here 1625 */ 1626 dp_info_rl("Unknown peer with peer_id %d, dropping fragment", 1627 peer_id); 1628 DP_STATS_INC(soc, rx.rx_frag_err_no_peer, 1); 1629 goto discard_frag; 1630 } 1631 1632 if (tid >= DP_MAX_TIDS) { 1633 dp_info("TID out of bounds: %d", tid); 1634 qdf_assert_always(0); 1635 } 1636 1637 pdev = peer->vdev->pdev; 1638 rx_tid = &peer->rx_tid[tid]; 1639 1640 mpdu_sequence_control_valid = 1641 hal_rx_get_mpdu_sequence_control_valid(soc->hal_soc, 1642 rx_desc->rx_buf_start); 1643 1644 /* Invalid MPDU sequence control field, MPDU is of no use */ 1645 if (!mpdu_sequence_control_valid) { 1646 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1647 "Invalid MPDU seq control field, dropping MPDU"); 1648 1649 qdf_assert(0); 1650 goto discard_frag; 1651 } 1652 1653 mpdu_frame_control_valid = 1654 hal_rx_get_mpdu_frame_control_valid(soc->hal_soc, 1655 rx_desc->rx_buf_start); 1656 1657 /* Invalid frame control field */ 1658 if (!mpdu_frame_control_valid) { 1659 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1660 "Invalid frame control field, dropping MPDU"); 1661 1662 qdf_assert(0); 1663 goto discard_frag; 1664 } 1665 1666 /* Current mpdu sequence */ 1667 more_frag = dp_rx_frag_get_more_frag_bit(rx_desc->rx_buf_start); 1668 1669 /* HW does not populate the fragment number as of now 1670 * need to get from the 802.11 header 1671 */ 1672 fragno = dp_rx_frag_get_mpdu_frag_number(rx_desc->rx_buf_start); 1673 1674 rx_reorder_array_elem = peer->rx_tid[tid].array; 1675 if (!rx_reorder_array_elem) { 1676 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1677 "Rcvd Fragmented pkt before peer_tid is setup"); 1678 goto discard_frag; 1679 } 1680 1681 /* 1682 * !more_frag: no more fragments to be delivered 1683 * !frag_no: packet is not fragmented 1684 * !rx_reorder_array_elem->head: no saved fragments so far 1685 */ 1686 if ((!more_frag) && (!fragno) && (!rx_reorder_array_elem->head)) { 1687 /* We should not get into this situation here. 1688 * It means an unfragmented packet with fragment flag 1689 * is delivered over the REO exception ring. 1690 * Typically it follows normal rx path. 1691 */ 1692 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1693 "Rcvd unfragmented pkt on REO Err srng, dropping"); 1694 1695 qdf_assert(0); 1696 goto discard_frag; 1697 } 1698 1699 /* Check if the fragment is for the same sequence or a different one */ 1700 dp_debug("rx_tid %d", tid); 1701 if (rx_reorder_array_elem->head) { 1702 dp_debug("rxseq %d\n", rxseq); 1703 if (rxseq != rx_tid->curr_seq_num) { 1704 1705 dp_debug("mismatch cur_seq %d rxseq %d\n", 1706 rx_tid->curr_seq_num, rxseq); 1707 /* Drop stored fragments if out of sequence 1708 * fragment is received 1709 */ 1710 dp_rx_reorder_flush_frag(peer, tid); 1711 1712 DP_STATS_INC(soc, rx.rx_frag_oor, 1); 1713 1714 dp_debug("cur rxseq %d\n", rxseq); 1715 /* 1716 * The sequence number for this fragment becomes the 1717 * new sequence number to be processed 1718 */ 1719 rx_tid->curr_seq_num = rxseq; 1720 } 1721 } else { 1722 dp_debug("cur rxseq %d\n", rxseq); 1723 /* Start of a new sequence */ 1724 dp_rx_defrag_cleanup(peer, tid); 1725 rx_tid->curr_seq_num = rxseq; 1726 /* store PN number also */ 1727 } 1728 1729 /* 1730 * If the earlier sequence was dropped, this will be the fresh start. 1731 * Else, continue with next fragment in a given sequence 1732 */ 1733 status = dp_rx_defrag_fraglist_insert(peer, tid, &rx_reorder_array_elem->head, 1734 &rx_reorder_array_elem->tail, frag, 1735 &all_frag_present); 1736 1737 /* 1738 * Currently, we can have only 6 MSDUs per-MPDU, if the current 1739 * packet sequence has more than 6 MSDUs for some reason, we will 1740 * have to use the next MSDU link descriptor and chain them together 1741 * before reinjection 1742 */ 1743 if ((fragno == 0) && (status == QDF_STATUS_SUCCESS) && 1744 (rx_reorder_array_elem->head == frag)) { 1745 1746 qdf_assert_always(ring_desc); 1747 status = dp_rx_defrag_save_info_from_ring_desc(ring_desc, 1748 rx_desc, peer, tid); 1749 1750 if (status != QDF_STATUS_SUCCESS) { 1751 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1752 "%s: Unable to store ring desc !", __func__); 1753 goto discard_frag; 1754 } 1755 } else { 1756 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1757 (*rx_bfs)++; 1758 1759 /* Return the non-head link desc */ 1760 if (ring_desc && 1761 dp_rx_link_desc_return(soc, ring_desc, 1762 HAL_BM_ACTION_PUT_IN_IDLE_LIST) != 1763 QDF_STATUS_SUCCESS) 1764 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1765 "%s: Failed to return link desc", __func__); 1766 1767 } 1768 1769 if (pdev->soc->rx.flags.defrag_timeout_check) 1770 dp_rx_defrag_waitlist_remove(peer, tid); 1771 1772 /* Yet to receive more fragments for this sequence number */ 1773 if (!all_frag_present) { 1774 uint32_t now_ms = 1775 qdf_system_ticks_to_msecs(qdf_system_ticks()); 1776 1777 peer->rx_tid[tid].defrag_timeout_ms = 1778 now_ms + pdev->soc->rx.defrag.timeout_ms; 1779 1780 dp_rx_defrag_waitlist_add(peer, tid); 1781 dp_peer_unref_del_find_by_id(peer); 1782 1783 return QDF_STATUS_SUCCESS; 1784 } 1785 1786 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_DEBUG, 1787 "All fragments received for sequence: %d", rxseq); 1788 1789 /* Process the fragments */ 1790 status = dp_rx_defrag(peer, tid, rx_reorder_array_elem->head, 1791 rx_reorder_array_elem->tail); 1792 if (QDF_IS_STATUS_ERROR(status)) { 1793 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1794 "Fragment processing failed"); 1795 1796 dp_rx_add_to_free_desc_list(head, tail, 1797 peer->rx_tid[tid].head_frag_desc); 1798 (*rx_bfs)++; 1799 1800 if (dp_rx_link_desc_return(soc, 1801 peer->rx_tid[tid].dst_ring_desc, 1802 HAL_BM_ACTION_PUT_IN_IDLE_LIST) != 1803 QDF_STATUS_SUCCESS) 1804 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1805 "%s: Failed to return link desc", 1806 __func__); 1807 dp_rx_defrag_cleanup(peer, tid); 1808 goto end; 1809 } 1810 1811 /* Re-inject the fragments back to REO for further processing */ 1812 status = dp_rx_defrag_reo_reinject(peer, tid, 1813 rx_reorder_array_elem->head); 1814 if (QDF_IS_STATUS_SUCCESS(status)) { 1815 rx_reorder_array_elem->head = NULL; 1816 rx_reorder_array_elem->tail = NULL; 1817 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_DEBUG, 1818 "Fragmented sequence successfully reinjected"); 1819 } else { 1820 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1821 "Fragmented sequence reinjection failed"); 1822 dp_rx_return_head_frag_desc(peer, tid); 1823 } 1824 1825 dp_rx_defrag_cleanup(peer, tid); 1826 1827 dp_peer_unref_del_find_by_id(peer); 1828 1829 return QDF_STATUS_SUCCESS; 1830 1831 discard_frag: 1832 qdf_nbuf_free(frag); 1833 err_free_desc: 1834 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1835 if (dp_rx_link_desc_return(soc, ring_desc, 1836 HAL_BM_ACTION_PUT_IN_IDLE_LIST) != 1837 QDF_STATUS_SUCCESS) 1838 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1839 "%s: Failed to return link desc", __func__); 1840 (*rx_bfs)++; 1841 1842 end: 1843 if (peer) 1844 dp_peer_unref_del_find_by_id(peer); 1845 1846 DP_STATS_INC(soc, rx.rx_frag_err, 1); 1847 return QDF_STATUS_E_DEFRAG_ERROR; 1848 } 1849 1850 /** 1851 * dp_rx_frag_handle() - Handles fragmented Rx frames 1852 * 1853 * @soc: core txrx main context 1854 * @ring_desc: opaque pointer to the REO error ring descriptor 1855 * @mpdu_desc_info: MPDU descriptor information from ring descriptor 1856 * @head: head of the local descriptor free-list 1857 * @tail: tail of the local descriptor free-list 1858 * @quota: No. of units (packets) that can be serviced in one shot. 1859 * 1860 * This function implements RX 802.11 fragmentation handling 1861 * The handling is mostly same as legacy fragmentation handling. 1862 * If required, this function can re-inject the frames back to 1863 * REO ring (with proper setting to by-pass fragmentation check 1864 * but use duplicate detection / re-ordering and routing these frames 1865 * to a different core. 1866 * 1867 * Return: uint32_t: No. of elements processed 1868 */ 1869 uint32_t dp_rx_frag_handle(struct dp_soc *soc, hal_ring_desc_t ring_desc, 1870 struct hal_rx_mpdu_desc_info *mpdu_desc_info, 1871 struct dp_rx_desc *rx_desc, 1872 uint8_t *mac_id, 1873 uint32_t quota) 1874 { 1875 uint32_t rx_bufs_used = 0; 1876 qdf_nbuf_t msdu = NULL; 1877 uint32_t tid; 1878 uint32_t rx_bfs = 0; 1879 struct dp_pdev *pdev; 1880 QDF_STATUS status = QDF_STATUS_SUCCESS; 1881 struct rx_desc_pool *rx_desc_pool; 1882 1883 qdf_assert(soc); 1884 qdf_assert(mpdu_desc_info); 1885 qdf_assert(rx_desc); 1886 1887 dp_debug("Number of MSDUs to process, num_msdus: %d", 1888 mpdu_desc_info->msdu_count); 1889 1890 1891 if (qdf_unlikely(mpdu_desc_info->msdu_count == 0)) { 1892 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1893 "Not sufficient MSDUs to process"); 1894 return rx_bufs_used; 1895 } 1896 1897 /* all buffers in MSDU link belong to same pdev */ 1898 pdev = dp_get_pdev_for_lmac_id(soc, rx_desc->pool_id); 1899 if (!pdev) { 1900 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG, 1901 "pdev is null for pool_id = %d", rx_desc->pool_id); 1902 return rx_bufs_used; 1903 } 1904 1905 *mac_id = rx_desc->pool_id; 1906 1907 msdu = rx_desc->nbuf; 1908 1909 rx_desc_pool = &soc->rx_desc_buf[rx_desc->pool_id]; 1910 1911 if (rx_desc->unmapped) 1912 return rx_bufs_used; 1913 1914 dp_ipa_handle_rx_buf_smmu_mapping(soc, rx_desc->nbuf, 1915 rx_desc_pool->buf_size, 1916 false); 1917 qdf_nbuf_unmap_nbytes_single(soc->osdev, rx_desc->nbuf, 1918 QDF_DMA_FROM_DEVICE, 1919 rx_desc_pool->buf_size); 1920 rx_desc->unmapped = 1; 1921 1922 rx_desc->rx_buf_start = qdf_nbuf_data(msdu); 1923 1924 tid = hal_rx_mpdu_start_tid_get(soc->hal_soc, rx_desc->rx_buf_start); 1925 1926 /* Process fragment-by-fragment */ 1927 status = dp_rx_defrag_store_fragment(soc, ring_desc, 1928 &pdev->free_list_head, 1929 &pdev->free_list_tail, 1930 mpdu_desc_info, 1931 tid, rx_desc, &rx_bfs); 1932 1933 if (rx_bfs) 1934 rx_bufs_used += rx_bfs; 1935 1936 if (!QDF_IS_STATUS_SUCCESS(status)) 1937 dp_info_rl("Rx Defrag err seq#:0x%x msdu_count:%d flags:%d", 1938 mpdu_desc_info->mpdu_seq, 1939 mpdu_desc_info->msdu_count, 1940 mpdu_desc_info->mpdu_flags); 1941 1942 return rx_bufs_used; 1943 } 1944 1945 QDF_STATUS dp_rx_defrag_add_last_frag(struct dp_soc *soc, 1946 struct dp_peer *peer, uint16_t tid, 1947 uint16_t rxseq, qdf_nbuf_t nbuf) 1948 { 1949 struct dp_rx_tid *rx_tid = &peer->rx_tid[tid]; 1950 struct dp_rx_reorder_array_elem *rx_reorder_array_elem; 1951 uint8_t all_frag_present; 1952 uint32_t msdu_len; 1953 QDF_STATUS status; 1954 1955 rx_reorder_array_elem = peer->rx_tid[tid].array; 1956 1957 /* 1958 * HW may fill in unexpected peer_id in RX PKT TLV, 1959 * if this peer_id related peer is valid by coincidence, 1960 * but actually this peer won't do dp_peer_rx_init(like SAP vdev 1961 * self peer), then invalid access to rx_reorder_array_elem happened. 1962 */ 1963 if (!rx_reorder_array_elem) { 1964 dp_verbose_debug( 1965 "peer id:%d mac: %pM drop rx frame!", 1966 peer->peer_id, 1967 peer->mac_addr.raw); 1968 DP_STATS_INC(soc, rx.err.defrag_peer_uninit, 1); 1969 qdf_nbuf_free(nbuf); 1970 goto fail; 1971 } 1972 1973 if (rx_reorder_array_elem->head && 1974 rxseq != rx_tid->curr_seq_num) { 1975 /* Drop stored fragments if out of sequence 1976 * fragment is received 1977 */ 1978 dp_rx_reorder_flush_frag(peer, tid); 1979 1980 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1981 "%s: No list found for TID %d Seq# %d", 1982 __func__, tid, rxseq); 1983 qdf_nbuf_free(nbuf); 1984 goto fail; 1985 } 1986 1987 msdu_len = hal_rx_msdu_start_msdu_len_get(qdf_nbuf_data(nbuf)); 1988 1989 qdf_nbuf_set_pktlen(nbuf, (msdu_len + RX_PKT_TLVS_LEN)); 1990 1991 status = dp_rx_defrag_fraglist_insert(peer, tid, 1992 &rx_reorder_array_elem->head, 1993 &rx_reorder_array_elem->tail, nbuf, 1994 &all_frag_present); 1995 1996 if (QDF_IS_STATUS_ERROR(status)) { 1997 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1998 "%s Fragment insert failed", __func__); 1999 2000 goto fail; 2001 } 2002 2003 if (soc->rx.flags.defrag_timeout_check) 2004 dp_rx_defrag_waitlist_remove(peer, tid); 2005 2006 if (!all_frag_present) { 2007 uint32_t now_ms = 2008 qdf_system_ticks_to_msecs(qdf_system_ticks()); 2009 2010 peer->rx_tid[tid].defrag_timeout_ms = 2011 now_ms + soc->rx.defrag.timeout_ms; 2012 2013 dp_rx_defrag_waitlist_add(peer, tid); 2014 2015 return QDF_STATUS_SUCCESS; 2016 } 2017 2018 status = dp_rx_defrag(peer, tid, rx_reorder_array_elem->head, 2019 rx_reorder_array_elem->tail); 2020 2021 if (QDF_IS_STATUS_ERROR(status)) { 2022 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 2023 "%s Fragment processing failed", __func__); 2024 2025 dp_rx_return_head_frag_desc(peer, tid); 2026 dp_rx_defrag_cleanup(peer, tid); 2027 2028 goto fail; 2029 } 2030 2031 /* Re-inject the fragments back to REO for further processing */ 2032 status = dp_rx_defrag_reo_reinject(peer, tid, 2033 rx_reorder_array_elem->head); 2034 if (QDF_IS_STATUS_SUCCESS(status)) { 2035 rx_reorder_array_elem->head = NULL; 2036 rx_reorder_array_elem->tail = NULL; 2037 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_INFO, 2038 "%s: Frag seq successfully reinjected", 2039 __func__); 2040 } else { 2041 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 2042 "%s: Frag seq reinjection failed", __func__); 2043 dp_rx_return_head_frag_desc(peer, tid); 2044 } 2045 2046 dp_rx_defrag_cleanup(peer, tid); 2047 return QDF_STATUS_SUCCESS; 2048 2049 fail: 2050 return QDF_STATUS_E_DEFRAG_ERROR; 2051 } 2052