1 /* 2 * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include "dp_types.h" 20 #include "dp_rx.h" 21 #include "dp_peer.h" 22 #include "hal_api.h" 23 #include "qdf_trace.h" 24 #include "qdf_nbuf.h" 25 #include "dp_rx_defrag.h" 26 #include <enet.h> /* LLC_SNAP_HDR_LEN */ 27 #include "dp_rx_defrag.h" 28 29 const struct dp_rx_defrag_cipher dp_f_ccmp = { 30 "AES-CCM", 31 IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + IEEE80211_WEP_EXTIVLEN, 32 IEEE80211_WEP_MICLEN, 33 0, 34 }; 35 36 const struct dp_rx_defrag_cipher dp_f_tkip = { 37 "TKIP", 38 IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + IEEE80211_WEP_EXTIVLEN, 39 IEEE80211_WEP_CRCLEN, 40 IEEE80211_WEP_MICLEN, 41 }; 42 43 const struct dp_rx_defrag_cipher dp_f_wep = { 44 "WEP", 45 IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN, 46 IEEE80211_WEP_CRCLEN, 47 0, 48 }; 49 50 /* 51 * dp_rx_defrag_frames_free(): Free fragment chain 52 * @frames: Fragment chain 53 * 54 * Iterates through the fragment chain and frees them 55 * Returns: None 56 */ 57 static void dp_rx_defrag_frames_free(qdf_nbuf_t frames) 58 { 59 qdf_nbuf_t next, frag = frames; 60 61 while (frag) { 62 next = qdf_nbuf_next(frag); 63 qdf_nbuf_free(frag); 64 frag = next; 65 } 66 } 67 68 /* 69 * dp_rx_clear_saved_desc_info(): Clears descriptor info 70 * @peer: Pointer to the peer data structure 71 * @tid: Transmit ID (TID) 72 * 73 * Saves MPDU descriptor info and MSDU link pointer from REO 74 * ring descriptor. The cache is created per peer, per TID 75 * 76 * Returns: None 77 */ 78 static void dp_rx_clear_saved_desc_info(struct dp_peer *peer, unsigned tid) 79 { 80 if (peer->rx_tid[tid].dst_ring_desc) 81 qdf_mem_free(peer->rx_tid[tid].dst_ring_desc); 82 83 peer->rx_tid[tid].dst_ring_desc = NULL; 84 } 85 86 /* 87 * dp_rx_reorder_flush_frag(): Flush the frag list 88 * @peer: Pointer to the peer data structure 89 * @tid: Transmit ID (TID) 90 * 91 * Flush the per-TID frag list 92 * 93 * Returns: None 94 */ 95 void dp_rx_reorder_flush_frag(struct dp_peer *peer, 96 unsigned int tid) 97 { 98 struct dp_soc *soc; 99 struct dp_srng *dp_rxdma_srng; 100 struct rx_desc_pool *rx_desc_pool; 101 struct dp_pdev *pdev; 102 union dp_rx_desc_list_elem_t *head = NULL; 103 union dp_rx_desc_list_elem_t *tail = NULL; 104 105 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 106 FL("Flushing TID %d"), tid); 107 108 if (peer == NULL) 109 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 110 "%s: NULL peer\n", __func__); 111 112 pdev = peer->vdev->pdev; 113 soc = pdev->soc; 114 115 if (peer->rx_tid[tid].dst_ring_desc) { 116 if (dp_rx_link_desc_return(soc, 117 peer->rx_tid[tid].dst_ring_desc, 118 HAL_BM_ACTION_PUT_IN_IDLE_LIST) != 119 QDF_STATUS_SUCCESS) 120 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 121 "%s: Failed to return link desc\n", 122 __func__); 123 } 124 125 if (peer->rx_tid[tid].head_frag_desc) { 126 dp_rxdma_srng = &pdev->rx_refill_buf_ring; 127 rx_desc_pool = &soc->rx_desc_buf[0]; 128 129 dp_rx_add_to_free_desc_list(&head, &tail, 130 peer->rx_tid[tid].head_frag_desc); 131 dp_rx_buffers_replenish(soc, 0, dp_rxdma_srng, rx_desc_pool, 132 1, &head, &tail); 133 } 134 135 dp_rx_defrag_cleanup(peer, tid); 136 } 137 138 /* 139 * dp_rx_defrag_waitlist_flush(): Flush SOC defrag wait list 140 * @soc: DP SOC 141 * 142 * Flush fragments of all waitlisted TID's 143 * 144 * Returns: None 145 */ 146 void dp_rx_defrag_waitlist_flush(struct dp_soc *soc) 147 { 148 struct dp_rx_tid *rx_reorder, *tmp; 149 uint32_t now_ms = qdf_system_ticks_to_msecs(qdf_system_ticks()); 150 151 TAILQ_FOREACH_SAFE(rx_reorder, &soc->rx.defrag.waitlist, 152 defrag_waitlist_elem, tmp) { 153 struct dp_peer *peer; 154 struct dp_rx_tid *rx_reorder_base; 155 unsigned int tid; 156 157 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 158 FL("Current time %u"), now_ms); 159 160 if (rx_reorder->defrag_timeout_ms > now_ms) 161 break; 162 163 tid = rx_reorder->tid; 164 if (tid >= DP_MAX_TIDS) { 165 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 166 "%s: TID out of bounds: %d", __func__, tid); 167 qdf_assert(0); 168 continue; 169 } 170 /* get index 0 of the rx_reorder array */ 171 rx_reorder_base = rx_reorder - tid; 172 peer = 173 container_of(rx_reorder_base, struct dp_peer, 174 rx_tid[0]); 175 176 TAILQ_REMOVE(&soc->rx.defrag.waitlist, rx_reorder, 177 defrag_waitlist_elem); 178 //dp_rx_defrag_waitlist_remove(peer, tid); 179 dp_rx_reorder_flush_frag(peer, tid); 180 } 181 } 182 183 /* 184 * dp_rx_defrag_waitlist_add(): Update per-PDEV defrag wait list 185 * @peer: Pointer to the peer data structure 186 * @tid: Transmit ID (TID) 187 * 188 * Appends per-tid fragments to global fragment wait list 189 * 190 * Returns: None 191 */ 192 static void dp_rx_defrag_waitlist_add(struct dp_peer *peer, unsigned tid) 193 { 194 struct dp_soc *psoc = peer->vdev->pdev->soc; 195 struct dp_rx_tid *rx_reorder = &peer->rx_tid[tid]; 196 197 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 198 FL("Adding TID %u to waitlist"), tid); 199 200 /* TODO: use LIST macros instead of TAIL macros */ 201 TAILQ_INSERT_TAIL(&psoc->rx.defrag.waitlist, rx_reorder, 202 defrag_waitlist_elem); 203 } 204 205 /* 206 * dp_rx_defrag_waitlist_remove(): Remove fragments from waitlist 207 * @peer: Pointer to the peer data structure 208 * @tid: Transmit ID (TID) 209 * 210 * Remove fragments from waitlist 211 * 212 * Returns: None 213 */ 214 void dp_rx_defrag_waitlist_remove(struct dp_peer *peer, unsigned tid) 215 { 216 struct dp_pdev *pdev = peer->vdev->pdev; 217 struct dp_soc *soc = pdev->soc; 218 struct dp_rx_tid *rx_reorder; 219 220 if (tid > DP_MAX_TIDS) { 221 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 222 "TID out of bounds: %d", tid); 223 qdf_assert(0); 224 return; 225 } 226 227 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 228 FL("Remove TID %u from waitlist"), tid); 229 230 TAILQ_FOREACH(rx_reorder, &soc->rx.defrag.waitlist, 231 defrag_waitlist_elem) { 232 if (rx_reorder->tid == tid) 233 TAILQ_REMOVE(&soc->rx.defrag.waitlist, 234 rx_reorder, defrag_waitlist_elem); 235 } 236 } 237 238 /* 239 * dp_rx_defrag_fraglist_insert(): Create a per-sequence fragment list 240 * @peer: Pointer to the peer data structure 241 * @tid: Transmit ID (TID) 242 * @head_addr: Pointer to head list 243 * @tail_addr: Pointer to tail list 244 * @frag: Incoming fragment 245 * @all_frag_present: Flag to indicate whether all fragments are received 246 * 247 * Build a per-tid, per-sequence fragment list. 248 * 249 * Returns: Success, if inserted 250 */ 251 static QDF_STATUS dp_rx_defrag_fraglist_insert(struct dp_peer *peer, unsigned tid, 252 qdf_nbuf_t *head_addr, qdf_nbuf_t *tail_addr, qdf_nbuf_t frag, 253 uint8_t *all_frag_present) 254 { 255 qdf_nbuf_t next; 256 qdf_nbuf_t prev = NULL; 257 qdf_nbuf_t cur; 258 uint16_t head_fragno, cur_fragno, next_fragno; 259 uint8_t last_morefrag = 1, count = 0; 260 struct dp_rx_tid *rx_tid = &peer->rx_tid[tid]; 261 uint8_t *rx_desc_info; 262 263 264 qdf_assert(frag); 265 qdf_assert(head_addr); 266 qdf_assert(tail_addr); 267 268 *all_frag_present = 0; 269 rx_desc_info = qdf_nbuf_data(frag); 270 cur_fragno = dp_rx_frag_get_mpdu_frag_number(rx_desc_info); 271 272 /* If this is the first fragment */ 273 if (!(*head_addr)) { 274 *head_addr = *tail_addr = frag; 275 qdf_nbuf_set_next(*tail_addr, NULL); 276 rx_tid->curr_frag_num = cur_fragno; 277 278 goto insert_done; 279 } 280 281 /* In sequence fragment */ 282 if (cur_fragno > rx_tid->curr_frag_num) { 283 qdf_nbuf_set_next(*tail_addr, frag); 284 *tail_addr = frag; 285 qdf_nbuf_set_next(*tail_addr, NULL); 286 rx_tid->curr_frag_num = cur_fragno; 287 } else { 288 /* Out of sequence fragment */ 289 cur = *head_addr; 290 rx_desc_info = qdf_nbuf_data(cur); 291 head_fragno = dp_rx_frag_get_mpdu_frag_number(rx_desc_info); 292 293 if (cur_fragno == head_fragno) { 294 qdf_nbuf_free(frag); 295 goto insert_fail; 296 } else if (head_fragno > cur_fragno) { 297 qdf_nbuf_set_next(frag, cur); 298 cur = frag; 299 *head_addr = frag; /* head pointer to be updated */ 300 } else { 301 while ((cur_fragno > head_fragno) && cur != NULL) { 302 prev = cur; 303 cur = qdf_nbuf_next(cur); 304 rx_desc_info = qdf_nbuf_data(cur); 305 head_fragno = 306 dp_rx_frag_get_mpdu_frag_number( 307 rx_desc_info); 308 } 309 310 if (cur_fragno == head_fragno) { 311 qdf_nbuf_free(frag); 312 goto insert_fail; 313 } 314 315 qdf_nbuf_set_next(prev, frag); 316 qdf_nbuf_set_next(frag, cur); 317 } 318 } 319 320 next = qdf_nbuf_next(*head_addr); 321 322 rx_desc_info = qdf_nbuf_data(*tail_addr); 323 last_morefrag = dp_rx_frag_get_more_frag_bit(rx_desc_info); 324 325 /* TODO: optimize the loop */ 326 if (!last_morefrag) { 327 /* Check if all fragments are present */ 328 do { 329 rx_desc_info = qdf_nbuf_data(next); 330 next_fragno = 331 dp_rx_frag_get_mpdu_frag_number(rx_desc_info); 332 count++; 333 334 if (next_fragno != count) 335 break; 336 337 next = qdf_nbuf_next(next); 338 } while (next); 339 340 if (!next) { 341 *all_frag_present = 1; 342 return QDF_STATUS_SUCCESS; 343 } 344 } 345 346 insert_done: 347 return QDF_STATUS_SUCCESS; 348 349 insert_fail: 350 return QDF_STATUS_E_FAILURE; 351 } 352 353 354 /* 355 * dp_rx_defrag_tkip_decap(): decap tkip encrypted fragment 356 * @msdu: Pointer to the fragment 357 * @hdrlen: 802.11 header length (mostly useful in 4 addr frames) 358 * 359 * decap tkip encrypted fragment 360 * 361 * Returns: QDF_STATUS 362 */ 363 static QDF_STATUS dp_rx_defrag_tkip_decap(qdf_nbuf_t msdu, uint16_t hdrlen) 364 { 365 uint8_t *ivp, *orig_hdr; 366 int rx_desc_len = sizeof(struct rx_pkt_tlvs); 367 368 /* start of 802.11 header info */ 369 orig_hdr = (uint8_t *)(qdf_nbuf_data(msdu) + rx_desc_len); 370 371 /* TKIP header is located post 802.11 header */ 372 ivp = orig_hdr + hdrlen; 373 if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) { 374 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 375 "IEEE80211_WEP_EXTIV is missing in TKIP fragment"); 376 return QDF_STATUS_E_DEFRAG_ERROR; 377 } 378 379 qdf_mem_move(orig_hdr + dp_f_tkip.ic_header, orig_hdr, hdrlen); 380 381 qdf_nbuf_pull_head(msdu, dp_f_tkip.ic_header); 382 qdf_nbuf_trim_tail(msdu, dp_f_tkip.ic_trailer); 383 384 return QDF_STATUS_SUCCESS; 385 } 386 387 /* 388 * dp_rx_defrag_ccmp_demic(): Remove MIC information from CCMP fragment 389 * @nbuf: Pointer to the fragment buffer 390 * @hdrlen: 802.11 header length (mostly useful in 4 addr frames) 391 * 392 * Remove MIC information from CCMP fragment 393 * 394 * Returns: QDF_STATUS 395 */ 396 static QDF_STATUS dp_rx_defrag_ccmp_demic(qdf_nbuf_t nbuf, uint16_t hdrlen) 397 { 398 uint8_t *ivp, *orig_hdr; 399 int rx_desc_len = sizeof(struct rx_pkt_tlvs); 400 401 /* start of the 802.11 header */ 402 orig_hdr = (uint8_t *)(qdf_nbuf_data(nbuf) + rx_desc_len); 403 404 /* CCMP header is located after 802.11 header */ 405 ivp = orig_hdr + hdrlen; 406 if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) 407 return QDF_STATUS_E_DEFRAG_ERROR; 408 409 qdf_nbuf_trim_tail(nbuf, dp_f_ccmp.ic_trailer); 410 411 return QDF_STATUS_SUCCESS; 412 } 413 414 /* 415 * dp_rx_defrag_ccmp_decap(): decap CCMP encrypted fragment 416 * @nbuf: Pointer to the fragment 417 * @hdrlen: length of the header information 418 * 419 * decap CCMP encrypted fragment 420 * 421 * Returns: QDF_STATUS 422 */ 423 static QDF_STATUS dp_rx_defrag_ccmp_decap(qdf_nbuf_t nbuf, uint16_t hdrlen) 424 { 425 uint8_t *ivp, *origHdr; 426 int rx_desc_len = sizeof(struct rx_pkt_tlvs); 427 428 origHdr = (uint8_t *) (qdf_nbuf_data(nbuf) + rx_desc_len); 429 ivp = origHdr + hdrlen; 430 431 if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) 432 return QDF_STATUS_E_DEFRAG_ERROR; 433 434 /* Let's pull the header later */ 435 436 return QDF_STATUS_SUCCESS; 437 } 438 439 /* 440 * dp_rx_defrag_wep_decap(): decap WEP encrypted fragment 441 * @msdu: Pointer to the fragment 442 * @hdrlen: length of the header information 443 * 444 * decap WEP encrypted fragment 445 * 446 * Returns: QDF_STATUS 447 */ 448 static QDF_STATUS dp_rx_defrag_wep_decap(qdf_nbuf_t msdu, uint16_t hdrlen) 449 { 450 uint8_t *origHdr; 451 int rx_desc_len = sizeof(struct rx_pkt_tlvs); 452 453 origHdr = (uint8_t *) (qdf_nbuf_data(msdu) + rx_desc_len); 454 qdf_mem_move(origHdr + dp_f_wep.ic_header, origHdr, hdrlen); 455 456 qdf_nbuf_trim_tail(msdu, dp_f_wep.ic_trailer); 457 458 return QDF_STATUS_SUCCESS; 459 } 460 461 /* 462 * dp_rx_defrag_hdrsize(): Calculate the header size of the received fragment 463 * @nbuf: Pointer to the fragment 464 * 465 * Calculate the header size of the received fragment 466 * 467 * Returns: header size (uint16_t) 468 */ 469 static uint16_t dp_rx_defrag_hdrsize(qdf_nbuf_t nbuf) 470 { 471 uint8_t *rx_tlv_hdr = qdf_nbuf_data(nbuf); 472 uint16_t size = sizeof(struct ieee80211_frame); 473 uint16_t fc = 0; 474 uint32_t to_ds, fr_ds; 475 uint8_t frm_ctrl_valid; 476 uint16_t frm_ctrl_field; 477 478 to_ds = hal_rx_mpdu_get_to_ds(rx_tlv_hdr); 479 fr_ds = hal_rx_mpdu_get_fr_ds(rx_tlv_hdr); 480 frm_ctrl_valid = hal_rx_get_mpdu_frame_control_valid(rx_tlv_hdr); 481 frm_ctrl_field = hal_rx_get_frame_ctrl_field(rx_tlv_hdr); 482 483 if (to_ds && fr_ds) 484 size += IEEE80211_ADDR_LEN; 485 486 if (frm_ctrl_valid) { 487 fc = frm_ctrl_field; 488 489 /* use 1-st byte for validation */ 490 if (DP_RX_DEFRAG_IEEE80211_QOS_HAS_SEQ(fc & 0xff)) { 491 size += sizeof(uint16_t); 492 /* use 2-nd byte for validation */ 493 if (((fc & 0xff00) >> 8) & IEEE80211_FC1_ORDER) 494 size += sizeof(struct ieee80211_htc); 495 } 496 } 497 498 return size; 499 } 500 501 /* 502 * dp_rx_defrag_michdr(): Calculate a psuedo MIC header 503 * @wh0: Pointer to the wireless header of the fragment 504 * @hdr: Array to hold the psuedo header 505 * 506 * Calculate a psuedo MIC header 507 * 508 * Returns: None 509 */ 510 static void dp_rx_defrag_michdr(const struct ieee80211_frame *wh0, 511 uint8_t hdr[]) 512 { 513 const struct ieee80211_frame_addr4 *wh = 514 (const struct ieee80211_frame_addr4 *)wh0; 515 516 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 517 case IEEE80211_FC1_DIR_NODS: 518 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr1); /* DA */ 519 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + IEEE80211_ADDR_LEN, 520 wh->i_addr2); 521 break; 522 case IEEE80211_FC1_DIR_TODS: 523 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr3); /* DA */ 524 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + IEEE80211_ADDR_LEN, 525 wh->i_addr2); 526 break; 527 case IEEE80211_FC1_DIR_FROMDS: 528 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr1); /* DA */ 529 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + IEEE80211_ADDR_LEN, 530 wh->i_addr3); 531 break; 532 case IEEE80211_FC1_DIR_DSTODS: 533 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr3); /* DA */ 534 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + IEEE80211_ADDR_LEN, 535 wh->i_addr4); 536 break; 537 } 538 539 /* 540 * Bit 7 is IEEE80211_FC0_SUBTYPE_QOS for data frame, but 541 * it could also be set for deauth, disassoc, action, etc. for 542 * a mgt type frame. It comes into picture for MFP. 543 */ 544 if (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_QOS) { 545 const struct ieee80211_qosframe *qwh = 546 (const struct ieee80211_qosframe *)wh; 547 hdr[12] = qwh->i_qos[0] & IEEE80211_QOS_TID; 548 } else { 549 hdr[12] = 0; 550 } 551 552 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */ 553 } 554 555 /* 556 * dp_rx_defrag_mic(): Calculate MIC header 557 * @key: Pointer to the key 558 * @wbuf: fragment buffer 559 * @off: Offset 560 * @data_len: Data lengh 561 * @mic: Array to hold MIC 562 * 563 * Calculate a psuedo MIC header 564 * 565 * Returns: QDF_STATUS 566 */ 567 static QDF_STATUS dp_rx_defrag_mic(const uint8_t *key, qdf_nbuf_t wbuf, 568 uint16_t off, uint16_t data_len, uint8_t mic[]) 569 { 570 uint8_t hdr[16] = { 0, }; 571 uint32_t l, r; 572 const uint8_t *data; 573 uint32_t space; 574 int rx_desc_len = sizeof(struct rx_pkt_tlvs); 575 576 dp_rx_defrag_michdr((struct ieee80211_frame *)(qdf_nbuf_data(wbuf) 577 + rx_desc_len), hdr); 578 l = dp_rx_get_le32(key); 579 r = dp_rx_get_le32(key + 4); 580 581 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */ 582 l ^= dp_rx_get_le32(hdr); 583 dp_rx_michael_block(l, r); 584 l ^= dp_rx_get_le32(&hdr[4]); 585 dp_rx_michael_block(l, r); 586 l ^= dp_rx_get_le32(&hdr[8]); 587 dp_rx_michael_block(l, r); 588 l ^= dp_rx_get_le32(&hdr[12]); 589 dp_rx_michael_block(l, r); 590 591 /* first buffer has special handling */ 592 data = (uint8_t *) qdf_nbuf_data(wbuf) + rx_desc_len + off; 593 space = qdf_nbuf_len(wbuf) - rx_desc_len - off; 594 595 for (;; ) { 596 if (space > data_len) 597 space = data_len; 598 599 /* collect 32-bit blocks from current buffer */ 600 while (space >= sizeof(uint32_t)) { 601 l ^= dp_rx_get_le32(data); 602 dp_rx_michael_block(l, r); 603 data += sizeof(uint32_t); 604 space -= sizeof(uint32_t); 605 data_len -= sizeof(uint32_t); 606 } 607 if (data_len < sizeof(uint32_t)) 608 break; 609 610 wbuf = qdf_nbuf_next(wbuf); 611 if (wbuf == NULL) 612 return QDF_STATUS_E_DEFRAG_ERROR; 613 614 if (space != 0) { 615 const uint8_t *data_next; 616 /* 617 * Block straddles buffers, split references. 618 */ 619 data_next = 620 (uint8_t *) qdf_nbuf_data(wbuf) + rx_desc_len; 621 if ((qdf_nbuf_len(wbuf) - rx_desc_len) < 622 sizeof(uint32_t) - space) { 623 return QDF_STATUS_E_DEFRAG_ERROR; 624 } 625 switch (space) { 626 case 1: 627 l ^= dp_rx_get_le32_split(data[0], 628 data_next[0], data_next[1], 629 data_next[2]); 630 data = data_next + 3; 631 space = (qdf_nbuf_len(wbuf) - rx_desc_len) 632 - 3; 633 break; 634 case 2: 635 l ^= dp_rx_get_le32_split(data[0], data[1], 636 data_next[0], data_next[1]); 637 data = data_next + 2; 638 space = (qdf_nbuf_len(wbuf) - rx_desc_len) 639 - 2; 640 break; 641 case 3: 642 l ^= dp_rx_get_le32_split(data[0], data[1], 643 data[2], data_next[0]); 644 data = data_next + 1; 645 space = (qdf_nbuf_len(wbuf) - rx_desc_len) 646 - 1; 647 break; 648 } 649 dp_rx_michael_block(l, r); 650 data_len -= sizeof(uint32_t); 651 } else { 652 /* 653 * Setup for next buffer. 654 */ 655 data = (uint8_t *) qdf_nbuf_data(wbuf) + rx_desc_len; 656 space = qdf_nbuf_len(wbuf) - rx_desc_len; 657 } 658 } 659 /* Last block and padding (0x5a, 4..7 x 0) */ 660 switch (data_len) { 661 case 0: 662 l ^= dp_rx_get_le32_split(0x5a, 0, 0, 0); 663 break; 664 case 1: 665 l ^= dp_rx_get_le32_split(data[0], 0x5a, 0, 0); 666 break; 667 case 2: 668 l ^= dp_rx_get_le32_split(data[0], data[1], 0x5a, 0); 669 break; 670 case 3: 671 l ^= dp_rx_get_le32_split(data[0], data[1], data[2], 0x5a); 672 break; 673 } 674 dp_rx_michael_block(l, r); 675 dp_rx_michael_block(l, r); 676 dp_rx_put_le32(mic, l); 677 dp_rx_put_le32(mic + 4, r); 678 679 return QDF_STATUS_SUCCESS; 680 } 681 682 /* 683 * dp_rx_defrag_tkip_demic(): Remove MIC header from the TKIP frame 684 * @key: Pointer to the key 685 * @msdu: fragment buffer 686 * @hdrlen: Length of the header information 687 * 688 * Remove MIC information from the TKIP frame 689 * 690 * Returns: QDF_STATUS 691 */ 692 static QDF_STATUS dp_rx_defrag_tkip_demic(const uint8_t *key, 693 qdf_nbuf_t msdu, uint16_t hdrlen) 694 { 695 QDF_STATUS status; 696 uint32_t pktlen; 697 uint8_t mic[IEEE80211_WEP_MICLEN]; 698 uint8_t mic0[IEEE80211_WEP_MICLEN]; 699 int rx_desc_len = sizeof(struct rx_pkt_tlvs); 700 701 pktlen = qdf_nbuf_len(msdu) - rx_desc_len; 702 703 status = dp_rx_defrag_mic(key, msdu, hdrlen, 704 pktlen - (hdrlen + dp_f_tkip.ic_miclen), mic); 705 706 if (QDF_IS_STATUS_ERROR(status)) 707 return status; 708 709 qdf_nbuf_copy_bits(msdu, pktlen - dp_f_tkip.ic_miclen + rx_desc_len, 710 dp_f_tkip.ic_miclen, (caddr_t)mic0); 711 712 if (!qdf_mem_cmp(mic, mic0, dp_f_tkip.ic_miclen)) 713 return QDF_STATUS_E_DEFRAG_ERROR; 714 715 qdf_nbuf_trim_tail(msdu, dp_f_tkip.ic_miclen); 716 717 return QDF_STATUS_SUCCESS; 718 } 719 720 /* 721 * dp_rx_frag_pull_hdr(): Pulls the RXTLV & the 802.11 headers 722 * @nbuf: buffer pointer 723 * @hdrsize: size of the header to be pulled 724 * 725 * Pull the RXTLV & the 802.11 headers 726 * 727 * Returns: None 728 */ 729 static void dp_rx_frag_pull_hdr(qdf_nbuf_t nbuf, uint16_t hdrsize) 730 { 731 qdf_nbuf_pull_head(nbuf, 732 RX_PKT_TLVS_LEN + hdrsize); 733 734 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_INFO, 735 "%s: final pktlen %d .11len %d\n", 736 __func__, 737 (uint32_t)qdf_nbuf_len(nbuf), hdrsize); 738 } 739 740 /* 741 * dp_rx_construct_fraglist(): Construct a nbuf fraglist 742 * @peer: Pointer to the peer 743 * @head: Pointer to list of fragments 744 * @hdrsize: Size of the header to be pulled 745 * 746 * Construct a nbuf fraglist 747 * 748 * Returns: None 749 */ 750 static void 751 dp_rx_construct_fraglist(struct dp_peer *peer, 752 qdf_nbuf_t head, uint16_t hdrsize) 753 { 754 qdf_nbuf_t msdu = qdf_nbuf_next(head); 755 qdf_nbuf_t rx_nbuf = msdu; 756 uint32_t len = 0; 757 758 while (msdu) { 759 dp_rx_frag_pull_hdr(msdu, hdrsize); 760 len += qdf_nbuf_len(msdu); 761 msdu = qdf_nbuf_next(msdu); 762 } 763 764 qdf_nbuf_append_ext_list(head, rx_nbuf, len); 765 qdf_nbuf_set_next(head, NULL); 766 767 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_INFO, 768 "%s: head len %d ext len %d data len %d \n", 769 __func__, 770 (uint32_t)qdf_nbuf_len(head), 771 (uint32_t)qdf_nbuf_len(rx_nbuf), 772 (uint32_t)(head->data_len)); 773 } 774 775 /** 776 * dp_rx_defrag_err() - rx err handler 777 * @pdev: handle to pdev object 778 * @vdev_id: vdev id 779 * @peer_mac_addr: peer mac address 780 * @tid: TID 781 * @tsf32: TSF 782 * @err_type: error type 783 * @rx_frame: rx frame 784 * @pn: PN Number 785 * @key_id: key id 786 * 787 * This function handles rx error and send MIC error notification 788 * 789 * Return: None 790 */ 791 static void dp_rx_defrag_err(uint8_t vdev_id, uint8_t *peer_mac_addr, 792 int tid, uint32_t tsf32, uint32_t err_type, qdf_nbuf_t rx_frame, 793 uint64_t *pn, uint8_t key_id) 794 { 795 /* TODO: Who needs to know about the TKIP MIC error */ 796 } 797 798 799 /* 800 * dp_rx_defrag_nwifi_to_8023(): Transcap 802.11 to 802.3 801 * @nbuf: Pointer to the fragment buffer 802 * @hdrsize: Size of headers 803 * 804 * Transcap the fragment from 802.11 to 802.3 805 * 806 * Returns: None 807 */ 808 static void 809 dp_rx_defrag_nwifi_to_8023(qdf_nbuf_t nbuf, uint16_t hdrsize) 810 { 811 struct llc_snap_hdr_t *llchdr; 812 struct ethernet_hdr_t *eth_hdr; 813 uint8_t ether_type[2]; 814 uint16_t fc = 0; 815 union dp_align_mac_addr mac_addr; 816 uint8_t *rx_desc_info = qdf_mem_malloc(RX_PKT_TLVS_LEN); 817 818 if (rx_desc_info == NULL) { 819 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 820 "%s: Memory alloc failed ! \n", __func__); 821 QDF_ASSERT(0); 822 return; 823 } 824 825 qdf_mem_copy(rx_desc_info, qdf_nbuf_data(nbuf), RX_PKT_TLVS_LEN); 826 827 llchdr = (struct llc_snap_hdr_t *)(qdf_nbuf_data(nbuf) + 828 RX_PKT_TLVS_LEN + hdrsize); 829 qdf_mem_copy(ether_type, llchdr->ethertype, 2); 830 831 qdf_nbuf_pull_head(nbuf, (RX_PKT_TLVS_LEN + hdrsize + 832 sizeof(struct llc_snap_hdr_t) - 833 sizeof(struct ethernet_hdr_t))); 834 835 eth_hdr = (struct ethernet_hdr_t *)(qdf_nbuf_data(nbuf)); 836 837 if (hal_rx_get_mpdu_frame_control_valid(rx_desc_info)) 838 fc = hal_rx_get_frame_ctrl_field(rx_desc_info); 839 840 switch (((fc & 0xff00) >> 8) & IEEE80211_FC1_DIR_MASK) { 841 842 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_INFO, 843 "%s: frame control type: 0x%x", __func__, fc); 844 845 case IEEE80211_FC1_DIR_NODS: 846 hal_rx_mpdu_get_addr1(rx_desc_info, 847 &mac_addr.raw[0]); 848 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 849 IEEE80211_ADDR_LEN); 850 hal_rx_mpdu_get_addr2(rx_desc_info, 851 &mac_addr.raw[0]); 852 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 853 IEEE80211_ADDR_LEN); 854 break; 855 case IEEE80211_FC1_DIR_TODS: 856 hal_rx_mpdu_get_addr3(rx_desc_info, 857 &mac_addr.raw[0]); 858 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 859 IEEE80211_ADDR_LEN); 860 hal_rx_mpdu_get_addr2(rx_desc_info, 861 &mac_addr.raw[0]); 862 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 863 IEEE80211_ADDR_LEN); 864 break; 865 case IEEE80211_FC1_DIR_FROMDS: 866 hal_rx_mpdu_get_addr1(rx_desc_info, 867 &mac_addr.raw[0]); 868 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 869 IEEE80211_ADDR_LEN); 870 hal_rx_mpdu_get_addr3(rx_desc_info, 871 &mac_addr.raw[0]); 872 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 873 IEEE80211_ADDR_LEN); 874 break; 875 876 case IEEE80211_FC1_DIR_DSTODS: 877 hal_rx_mpdu_get_addr3(rx_desc_info, 878 &mac_addr.raw[0]); 879 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 880 IEEE80211_ADDR_LEN); 881 hal_rx_mpdu_get_addr4(rx_desc_info, 882 &mac_addr.raw[0]); 883 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 884 IEEE80211_ADDR_LEN); 885 break; 886 887 default: 888 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 889 "%s: Unknown frame control type: 0x%x", __func__, fc); 890 } 891 892 qdf_mem_copy(eth_hdr->ethertype, ether_type, 893 sizeof(ether_type)); 894 895 qdf_nbuf_push_head(nbuf, RX_PKT_TLVS_LEN); 896 qdf_mem_copy(qdf_nbuf_data(nbuf), rx_desc_info, RX_PKT_TLVS_LEN); 897 qdf_mem_free(rx_desc_info); 898 } 899 900 /* 901 * dp_rx_defrag_reo_reinject(): Reinject the fragment chain back into REO 902 * @peer: Pointer to the peer 903 * @tid: Transmit Identifier 904 * @head: Buffer to be reinjected back 905 * 906 * Reinject the fragment chain back into REO 907 * 908 * Returns: QDF_STATUS 909 */ 910 static QDF_STATUS dp_rx_defrag_reo_reinject(struct dp_peer *peer, 911 unsigned tid, qdf_nbuf_t head) 912 { 913 struct dp_pdev *pdev = peer->vdev->pdev; 914 struct dp_soc *soc = pdev->soc; 915 struct hal_buf_info buf_info; 916 void *link_desc_va; 917 void *msdu0, *msdu_desc_info; 918 void *ent_ring_desc, *ent_mpdu_desc_info, *ent_qdesc_addr; 919 void *dst_mpdu_desc_info, *dst_qdesc_addr; 920 qdf_dma_addr_t paddr; 921 uint32_t nbuf_len, seq_no, dst_ind; 922 uint32_t *mpdu_wrd; 923 uint32_t ret, cookie; 924 925 void *dst_ring_desc = 926 peer->rx_tid[tid].dst_ring_desc; 927 void *hal_srng = soc->reo_reinject_ring.hal_srng; 928 929 hal_rx_reo_buf_paddr_get(dst_ring_desc, &buf_info); 930 931 link_desc_va = dp_rx_cookie_2_link_desc_va(soc, &buf_info); 932 933 qdf_assert(link_desc_va); 934 935 msdu0 = (uint8_t *)link_desc_va + 936 RX_MSDU_LINK_8_RX_MSDU_DETAILS_MSDU_0_OFFSET; 937 938 nbuf_len = qdf_nbuf_len(head) - RX_PKT_TLVS_LEN; 939 940 HAL_RX_UNIFORM_HDR_SET(link_desc_va, OWNER, UNI_DESC_OWNER_SW); 941 HAL_RX_UNIFORM_HDR_SET(link_desc_va, BUFFER_TYPE, 942 UNI_DESC_BUF_TYPE_RX_MSDU_LINK); 943 944 /* msdu reconfig */ 945 msdu_desc_info = (uint8_t *)msdu0 + 946 RX_MSDU_DETAILS_2_RX_MSDU_DESC_INFO_RX_MSDU_DESC_INFO_DETAILS_OFFSET; 947 948 dst_ind = hal_rx_msdu_reo_dst_ind_get(link_desc_va); 949 950 qdf_mem_zero(msdu_desc_info, sizeof(struct rx_msdu_desc_info)); 951 952 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 953 FIRST_MSDU_IN_MPDU_FLAG, 1); 954 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 955 LAST_MSDU_IN_MPDU_FLAG, 1); 956 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 957 MSDU_CONTINUATION, 0x0); 958 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 959 REO_DESTINATION_INDICATION, dst_ind); 960 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 961 MSDU_LENGTH, nbuf_len); 962 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 963 SA_IS_VALID, 1); 964 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 965 DA_IS_VALID, 1); 966 967 /* change RX TLV's */ 968 hal_rx_msdu_start_msdu_len_set( 969 qdf_nbuf_data(head), nbuf_len); 970 971 cookie = HAL_RX_BUF_COOKIE_GET(msdu0); 972 973 /* map the nbuf before reinject it into HW */ 974 ret = qdf_nbuf_map_single(soc->osdev, head, 975 QDF_DMA_BIDIRECTIONAL); 976 977 if (qdf_unlikely(ret == QDF_STATUS_E_FAILURE)) { 978 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 979 "%s: nbuf map failed !\n", __func__); 980 qdf_nbuf_free(head); 981 return QDF_STATUS_E_FAILURE; 982 } 983 984 paddr = qdf_nbuf_get_frag_paddr(head, 0); 985 986 ret = check_x86_paddr(soc, &head, &paddr, pdev); 987 988 if (ret == QDF_STATUS_E_FAILURE) { 989 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 990 "%s: x86 check failed !\n", __func__); 991 return QDF_STATUS_E_FAILURE; 992 } 993 994 hal_rxdma_buff_addr_info_set(msdu0, paddr, cookie, 995 HAL_RX_BUF_RBM_SW3_BM); 996 997 /* Lets fill entrance ring now !!! */ 998 if (qdf_unlikely(hal_srng_access_start(soc->hal_soc, hal_srng))) { 999 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1000 "HAL RING Access For REO entrance SRNG Failed: %pK", 1001 hal_srng); 1002 1003 return QDF_STATUS_E_FAILURE; 1004 } 1005 1006 ent_ring_desc = hal_srng_src_get_next(soc->hal_soc, hal_srng); 1007 1008 qdf_assert(ent_ring_desc); 1009 1010 paddr = (uint64_t)buf_info.paddr; 1011 /* buf addr */ 1012 hal_rxdma_buff_addr_info_set(ent_ring_desc, paddr, 1013 buf_info.sw_cookie, 1014 HAL_RX_BUF_RBM_WBM_IDLE_DESC_LIST); 1015 /* mpdu desc info */ 1016 ent_mpdu_desc_info = (uint8_t *)ent_ring_desc + 1017 RX_MPDU_DETAILS_2_RX_MPDU_DESC_INFO_RX_MPDU_DESC_INFO_DETAILS_OFFSET; 1018 1019 dst_mpdu_desc_info = (uint8_t *)dst_ring_desc + 1020 REO_DESTINATION_RING_2_RX_MPDU_DESC_INFO_RX_MPDU_DESC_INFO_DETAILS_OFFSET; 1021 1022 qdf_mem_copy(ent_mpdu_desc_info, dst_mpdu_desc_info, 1023 sizeof(struct rx_mpdu_desc_info)); 1024 qdf_mem_zero(ent_mpdu_desc_info, sizeof(uint32_t)); 1025 1026 mpdu_wrd = (uint32_t *)dst_mpdu_desc_info; 1027 seq_no = HAL_RX_MPDU_SEQUENCE_NUMBER_GET(mpdu_wrd); 1028 1029 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1030 MSDU_COUNT, 0x1); 1031 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1032 MPDU_SEQUENCE_NUMBER, seq_no); 1033 1034 /* unset frag bit */ 1035 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1036 FRAGMENT_FLAG, 0x0); 1037 1038 /* set sa/da valid bits */ 1039 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1040 SA_IS_VALID, 0x1); 1041 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1042 DA_IS_VALID, 0x1); 1043 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1044 RAW_MPDU, 0x0); 1045 1046 /* qdesc addr */ 1047 ent_qdesc_addr = (uint8_t *)ent_ring_desc + 1048 REO_ENTRANCE_RING_4_RX_REO_QUEUE_DESC_ADDR_31_0_OFFSET; 1049 1050 dst_qdesc_addr = (uint8_t *)dst_ring_desc + 1051 REO_DESTINATION_RING_6_RX_REO_QUEUE_DESC_ADDR_31_0_OFFSET; 1052 1053 qdf_mem_copy(ent_qdesc_addr, dst_qdesc_addr, 8); 1054 1055 HAL_RX_FLD_SET(ent_ring_desc, REO_ENTRANCE_RING_5, 1056 REO_DESTINATION_INDICATION, dst_ind); 1057 1058 hal_srng_access_end(soc->hal_soc, hal_srng); 1059 1060 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_INFO, 1061 "%s: reinjection done !\n", __func__); 1062 return QDF_STATUS_SUCCESS; 1063 } 1064 1065 /* 1066 * dp_rx_defrag(): Defragment the fragment chain 1067 * @peer: Pointer to the peer 1068 * @tid: Transmit Identifier 1069 * @frag_list_head: Pointer to head list 1070 * @frag_list_tail: Pointer to tail list 1071 * 1072 * Defragment the fragment chain 1073 * 1074 * Returns: QDF_STATUS 1075 */ 1076 static QDF_STATUS dp_rx_defrag(struct dp_peer *peer, unsigned tid, 1077 qdf_nbuf_t frag_list_head, qdf_nbuf_t frag_list_tail) 1078 { 1079 qdf_nbuf_t tmp_next, prev; 1080 qdf_nbuf_t cur = frag_list_head, msdu; 1081 uint32_t index, tkip_demic = 0; 1082 uint16_t hdr_space; 1083 uint8_t key[DEFRAG_IEEE80211_KEY_LEN]; 1084 struct dp_vdev *vdev = peer->vdev; 1085 1086 hdr_space = dp_rx_defrag_hdrsize(cur); 1087 index = hal_rx_msdu_is_wlan_mcast(cur) ? 1088 dp_sec_mcast : dp_sec_ucast; 1089 1090 /* Remove FCS from all fragments */ 1091 while (cur) { 1092 tmp_next = qdf_nbuf_next(cur); 1093 qdf_nbuf_set_next(cur, NULL); 1094 qdf_nbuf_trim_tail(cur, DEFRAG_IEEE80211_FCS_LEN); 1095 prev = cur; 1096 qdf_nbuf_set_next(cur, tmp_next); 1097 cur = tmp_next; 1098 } 1099 cur = frag_list_head; 1100 1101 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_INFO, 1102 "%s: Security type: %d\n", __func__, 1103 peer->security[index].sec_type); 1104 1105 /* Temporary fix to drop TKIP encrypted packets */ 1106 if (peer->security[index].sec_type == 1107 htt_sec_type_tkip) { 1108 return QDF_STATUS_E_DEFRAG_ERROR; 1109 } 1110 1111 switch (peer->security[index].sec_type) { 1112 case htt_sec_type_tkip: 1113 tkip_demic = 1; 1114 1115 case htt_sec_type_tkip_nomic: 1116 while (cur) { 1117 tmp_next = qdf_nbuf_next(cur); 1118 if (dp_rx_defrag_tkip_decap(cur, hdr_space)) { 1119 1120 /* TKIP decap failed, discard frags */ 1121 dp_rx_defrag_frames_free(frag_list_head); 1122 1123 QDF_TRACE(QDF_MODULE_ID_TXRX, 1124 QDF_TRACE_LEVEL_ERROR, 1125 "dp_rx_defrag: TKIP decap failed"); 1126 1127 return QDF_STATUS_E_DEFRAG_ERROR; 1128 } 1129 cur = tmp_next; 1130 } 1131 break; 1132 1133 case htt_sec_type_aes_ccmp: 1134 while (cur) { 1135 tmp_next = qdf_nbuf_next(cur); 1136 if (dp_rx_defrag_ccmp_demic(cur, hdr_space)) { 1137 1138 /* CCMP demic failed, discard frags */ 1139 dp_rx_defrag_frames_free(frag_list_head); 1140 1141 QDF_TRACE(QDF_MODULE_ID_TXRX, 1142 QDF_TRACE_LEVEL_ERROR, 1143 "dp_rx_defrag: CCMP demic failed"); 1144 1145 return QDF_STATUS_E_DEFRAG_ERROR; 1146 } 1147 if (dp_rx_defrag_ccmp_decap(cur, hdr_space)) { 1148 1149 /* CCMP decap failed, discard frags */ 1150 dp_rx_defrag_frames_free(frag_list_head); 1151 1152 QDF_TRACE(QDF_MODULE_ID_TXRX, 1153 QDF_TRACE_LEVEL_ERROR, 1154 "dp_rx_defrag: CCMP decap failed"); 1155 1156 return QDF_STATUS_E_DEFRAG_ERROR; 1157 } 1158 cur = tmp_next; 1159 } 1160 1161 /* If success, increment header to be stripped later */ 1162 hdr_space += dp_f_ccmp.ic_header; 1163 break; 1164 case htt_sec_type_wep40: 1165 case htt_sec_type_wep104: 1166 case htt_sec_type_wep128: 1167 while (cur) { 1168 tmp_next = qdf_nbuf_next(cur); 1169 if (dp_rx_defrag_wep_decap(cur, hdr_space)) { 1170 1171 /* WEP decap failed, discard frags */ 1172 dp_rx_defrag_frames_free(frag_list_head); 1173 1174 QDF_TRACE(QDF_MODULE_ID_TXRX, 1175 QDF_TRACE_LEVEL_ERROR, 1176 "dp_rx_defrag: WEP decap failed"); 1177 1178 return QDF_STATUS_E_DEFRAG_ERROR; 1179 } 1180 cur = tmp_next; 1181 } 1182 1183 /* If success, increment header to be stripped later */ 1184 hdr_space += dp_f_wep.ic_header; 1185 break; 1186 default: 1187 QDF_TRACE(QDF_MODULE_ID_TXRX, 1188 QDF_TRACE_LEVEL_ERROR, 1189 "dp_rx_defrag: Did not match any security type"); 1190 break; 1191 } 1192 1193 if (tkip_demic) { 1194 msdu = frag_list_tail; /* Only last fragment has the MIC */ 1195 1196 qdf_mem_copy(key, 1197 peer->security[index].michael_key, 1198 sizeof(peer->security[index].michael_key)); 1199 if (dp_rx_defrag_tkip_demic(key, msdu, hdr_space)) { 1200 qdf_nbuf_free(msdu); 1201 dp_rx_defrag_err(vdev->vdev_id, peer->mac_addr.raw, 1202 tid, 0, QDF_STATUS_E_DEFRAG_ERROR, msdu, 1203 NULL, 0); 1204 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1205 "dp_rx_defrag: TKIP demic failed"); 1206 return QDF_STATUS_E_DEFRAG_ERROR; 1207 } 1208 } 1209 1210 /* Convert the header to 802.3 header */ 1211 dp_rx_defrag_nwifi_to_8023(frag_list_head, hdr_space); 1212 dp_rx_construct_fraglist(peer, frag_list_head, hdr_space); 1213 1214 return QDF_STATUS_SUCCESS; 1215 } 1216 1217 /* 1218 * dp_rx_defrag_cleanup(): Clean up activities 1219 * @peer: Pointer to the peer 1220 * @tid: Transmit Identifier 1221 * 1222 * Returns: None 1223 */ 1224 void dp_rx_defrag_cleanup(struct dp_peer *peer, unsigned tid) 1225 { 1226 struct dp_rx_reorder_array_elem *rx_reorder_array_elem = 1227 peer->rx_tid[tid].array; 1228 1229 /* Free up nbufs */ 1230 dp_rx_defrag_frames_free(rx_reorder_array_elem->head); 1231 1232 /* Free up saved ring descriptors */ 1233 dp_rx_clear_saved_desc_info(peer, tid); 1234 1235 rx_reorder_array_elem->head = NULL; 1236 rx_reorder_array_elem->tail = NULL; 1237 peer->rx_tid[tid].defrag_timeout_ms = 0; 1238 peer->rx_tid[tid].curr_frag_num = 0; 1239 peer->rx_tid[tid].curr_seq_num = 0; 1240 peer->rx_tid[tid].head_frag_desc = NULL; 1241 } 1242 1243 /* 1244 * dp_rx_defrag_save_info_from_ring_desc(): Save info from REO ring descriptor 1245 * @ring_desc: Pointer to the dst ring descriptor 1246 * @peer: Pointer to the peer 1247 * @tid: Transmit Identifier 1248 * 1249 * Returns: None 1250 */ 1251 static QDF_STATUS dp_rx_defrag_save_info_from_ring_desc(void *ring_desc, 1252 struct dp_rx_desc *rx_desc, struct dp_peer *peer, unsigned tid) 1253 { 1254 void *dst_ring_desc = qdf_mem_malloc( 1255 sizeof(struct reo_destination_ring)); 1256 1257 if (dst_ring_desc == NULL) { 1258 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1259 "%s: Memory alloc failed !\n", __func__); 1260 QDF_ASSERT(0); 1261 return QDF_STATUS_E_NOMEM; 1262 } 1263 1264 qdf_mem_copy(dst_ring_desc, ring_desc, 1265 sizeof(struct reo_destination_ring)); 1266 1267 peer->rx_tid[tid].dst_ring_desc = dst_ring_desc; 1268 peer->rx_tid[tid].head_frag_desc = rx_desc; 1269 1270 return QDF_STATUS_SUCCESS; 1271 } 1272 1273 /* 1274 * dp_rx_defrag_store_fragment(): Store incoming fragments 1275 * @soc: Pointer to the SOC data structure 1276 * @ring_desc: Pointer to the ring descriptor 1277 * @mpdu_desc_info: MPDU descriptor info 1278 * @tid: Traffic Identifier 1279 * @rx_desc: Pointer to rx descriptor 1280 * @rx_bfs: Number of bfs consumed 1281 * 1282 * Returns: QDF_STATUS 1283 */ 1284 static QDF_STATUS dp_rx_defrag_store_fragment(struct dp_soc *soc, 1285 void *ring_desc, 1286 union dp_rx_desc_list_elem_t **head, 1287 union dp_rx_desc_list_elem_t **tail, 1288 struct hal_rx_mpdu_desc_info *mpdu_desc_info, 1289 unsigned tid, struct dp_rx_desc *rx_desc, 1290 uint32_t *rx_bfs) 1291 { 1292 struct dp_rx_reorder_array_elem *rx_reorder_array_elem; 1293 struct dp_pdev *pdev; 1294 struct dp_peer *peer; 1295 uint16_t peer_id; 1296 uint8_t fragno, more_frag, all_frag_present = 0; 1297 uint16_t rxseq = mpdu_desc_info->mpdu_seq; 1298 QDF_STATUS status; 1299 struct dp_rx_tid *rx_tid; 1300 uint8_t mpdu_sequence_control_valid; 1301 uint8_t mpdu_frame_control_valid; 1302 qdf_nbuf_t frag = rx_desc->nbuf; 1303 1304 /* Check if the packet is from a valid peer */ 1305 peer_id = DP_PEER_METADATA_PEER_ID_GET( 1306 mpdu_desc_info->peer_meta_data); 1307 peer = dp_peer_find_by_id(soc, peer_id); 1308 1309 if (!peer) { 1310 /* We should not recieve anything from unknown peer 1311 * however, that might happen while we are in the monitor mode. 1312 * We don't need to handle that here 1313 */ 1314 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1315 "Unknown peer, dropping the fragment"); 1316 1317 qdf_nbuf_free(frag); 1318 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1319 *rx_bfs = 1; 1320 1321 return QDF_STATUS_E_DEFRAG_ERROR; 1322 } 1323 1324 pdev = peer->vdev->pdev; 1325 rx_tid = &peer->rx_tid[tid]; 1326 1327 rx_reorder_array_elem = peer->rx_tid[tid].array; 1328 1329 mpdu_sequence_control_valid = 1330 hal_rx_get_mpdu_sequence_control_valid(rx_desc->rx_buf_start); 1331 1332 /* Invalid MPDU sequence control field, MPDU is of no use */ 1333 if (!mpdu_sequence_control_valid) { 1334 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1335 "Invalid MPDU seq control field, dropping MPDU"); 1336 qdf_nbuf_free(frag); 1337 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1338 *rx_bfs = 1; 1339 1340 qdf_assert(0); 1341 goto end; 1342 } 1343 1344 mpdu_frame_control_valid = 1345 hal_rx_get_mpdu_frame_control_valid(rx_desc->rx_buf_start); 1346 1347 /* Invalid frame control field */ 1348 if (!mpdu_frame_control_valid) { 1349 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1350 "Invalid frame control field, dropping MPDU"); 1351 qdf_nbuf_free(frag); 1352 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1353 *rx_bfs = 1; 1354 1355 qdf_assert(0); 1356 goto end; 1357 } 1358 1359 /* Current mpdu sequence */ 1360 more_frag = dp_rx_frag_get_more_frag_bit(rx_desc->rx_buf_start); 1361 1362 /* HW does not populate the fragment number as of now 1363 * need to get from the 802.11 header 1364 */ 1365 fragno = dp_rx_frag_get_mpdu_frag_number(rx_desc->rx_buf_start); 1366 1367 /* 1368 * !more_frag: no more fragments to be delivered 1369 * !frag_no: packet is not fragmented 1370 * !rx_reorder_array_elem->head: no saved fragments so far 1371 */ 1372 if ((!more_frag) && (!fragno) && (!rx_reorder_array_elem->head)) { 1373 /* We should not get into this situation here. 1374 * It means an unfragmented packet with fragment flag 1375 * is delivered over the REO exception ring. 1376 * Typically it follows normal rx path. 1377 */ 1378 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1379 "Rcvd unfragmented pkt on REO Err srng, dropping"); 1380 qdf_nbuf_free(frag); 1381 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1382 *rx_bfs = 1; 1383 1384 qdf_assert(0); 1385 goto end; 1386 } 1387 1388 /* Check if the fragment is for the same sequence or a different one */ 1389 if (rx_reorder_array_elem->head) { 1390 if (rxseq != rx_tid->curr_seq_num) { 1391 1392 /* Drop stored fragments if out of sequence 1393 * fragment is received 1394 */ 1395 dp_rx_defrag_frames_free(rx_reorder_array_elem->head); 1396 1397 rx_reorder_array_elem->head = NULL; 1398 rx_reorder_array_elem->tail = NULL; 1399 1400 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1401 "%s mismatch, dropping earlier sequence ", 1402 (rxseq == rx_tid->curr_seq_num) 1403 ? "address" 1404 : "seq number"); 1405 1406 /* 1407 * The sequence number for this fragment becomes the 1408 * new sequence number to be processed 1409 */ 1410 rx_tid->curr_seq_num = rxseq; 1411 1412 } 1413 } else { 1414 /* Start of a new sequence */ 1415 dp_rx_defrag_cleanup(peer, tid); 1416 rx_tid->curr_seq_num = rxseq; 1417 } 1418 1419 /* 1420 * If the earlier sequence was dropped, this will be the fresh start. 1421 * Else, continue with next fragment in a given sequence 1422 */ 1423 status = dp_rx_defrag_fraglist_insert(peer, tid, &rx_reorder_array_elem->head, 1424 &rx_reorder_array_elem->tail, frag, 1425 &all_frag_present); 1426 1427 /* 1428 * Currently, we can have only 6 MSDUs per-MPDU, if the current 1429 * packet sequence has more than 6 MSDUs for some reason, we will 1430 * have to use the next MSDU link descriptor and chain them together 1431 * before reinjection 1432 */ 1433 if ((fragno == 0) && (status == QDF_STATUS_SUCCESS) && 1434 (rx_reorder_array_elem->head == frag)) { 1435 1436 status = dp_rx_defrag_save_info_from_ring_desc(ring_desc, 1437 rx_desc, peer, tid); 1438 1439 if (status != QDF_STATUS_SUCCESS) { 1440 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1441 "%s: Unable to store ring desc !\n", __func__); 1442 goto end; 1443 } 1444 } else { 1445 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1446 *rx_bfs = 1; 1447 1448 /* Return the non-head link desc */ 1449 if (dp_rx_link_desc_return(soc, ring_desc, 1450 HAL_BM_ACTION_PUT_IN_IDLE_LIST) != 1451 QDF_STATUS_SUCCESS) 1452 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1453 "%s: Failed to return link desc\n", 1454 __func__); 1455 1456 } 1457 1458 if (pdev->soc->rx.flags.defrag_timeout_check) 1459 dp_rx_defrag_waitlist_remove(peer, tid); 1460 1461 /* Yet to receive more fragments for this sequence number */ 1462 if (!all_frag_present) { 1463 uint32_t now_ms = 1464 qdf_system_ticks_to_msecs(qdf_system_ticks()); 1465 1466 peer->rx_tid[tid].defrag_timeout_ms = 1467 now_ms + pdev->soc->rx.defrag.timeout_ms; 1468 1469 dp_rx_defrag_waitlist_add(peer, tid); 1470 1471 return QDF_STATUS_SUCCESS; 1472 } 1473 1474 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_INFO, 1475 "All fragments received for sequence: %d", rxseq); 1476 1477 /* Process the fragments */ 1478 status = dp_rx_defrag(peer, tid, rx_reorder_array_elem->head, 1479 rx_reorder_array_elem->tail); 1480 if (QDF_IS_STATUS_ERROR(status)) { 1481 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1482 "Fragment processing failed"); 1483 1484 dp_rx_add_to_free_desc_list(head, tail, 1485 peer->rx_tid[tid].head_frag_desc); 1486 *rx_bfs = 1; 1487 1488 if (dp_rx_link_desc_return(soc, 1489 peer->rx_tid[tid].dst_ring_desc, 1490 HAL_BM_ACTION_PUT_IN_IDLE_LIST) != 1491 QDF_STATUS_SUCCESS) 1492 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1493 "%s: Failed to return link desc\n", 1494 __func__); 1495 dp_rx_defrag_cleanup(peer, tid); 1496 goto end; 1497 } 1498 1499 /* Re-inject the fragments back to REO for further processing */ 1500 status = dp_rx_defrag_reo_reinject(peer, tid, 1501 rx_reorder_array_elem->head); 1502 if (QDF_IS_STATUS_SUCCESS(status)) { 1503 rx_reorder_array_elem->head = NULL; 1504 rx_reorder_array_elem->tail = NULL; 1505 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_INFO, 1506 "Fragmented sequence successfully reinjected"); 1507 } 1508 else 1509 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1510 "Fragmented sequence reinjection failed"); 1511 1512 dp_rx_defrag_cleanup(peer, tid); 1513 return QDF_STATUS_SUCCESS; 1514 1515 end: 1516 return QDF_STATUS_E_DEFRAG_ERROR; 1517 } 1518 1519 /** 1520 * dp_rx_frag_handle() - Handles fragmented Rx frames 1521 * 1522 * @soc: core txrx main context 1523 * @ring_desc: opaque pointer to the REO error ring descriptor 1524 * @mpdu_desc_info: MPDU descriptor information from ring descriptor 1525 * @head: head of the local descriptor free-list 1526 * @tail: tail of the local descriptor free-list 1527 * @quota: No. of units (packets) that can be serviced in one shot. 1528 * 1529 * This function implements RX 802.11 fragmentation handling 1530 * The handling is mostly same as legacy fragmentation handling. 1531 * If required, this function can re-inject the frames back to 1532 * REO ring (with proper setting to by-pass fragmentation check 1533 * but use duplicate detection / re-ordering and routing these frames 1534 * to a different core. 1535 * 1536 * Return: uint32_t: No. of elements processed 1537 */ 1538 uint32_t dp_rx_frag_handle(struct dp_soc *soc, void *ring_desc, 1539 struct hal_rx_mpdu_desc_info *mpdu_desc_info, 1540 union dp_rx_desc_list_elem_t **head, 1541 union dp_rx_desc_list_elem_t **tail, 1542 uint32_t quota) 1543 { 1544 uint32_t rx_bufs_used = 0; 1545 void *link_desc_va; 1546 struct hal_buf_info buf_info; 1547 struct hal_rx_msdu_list msdu_list; /* per MPDU list of MSDUs */ 1548 qdf_nbuf_t msdu = NULL; 1549 uint32_t tid, msdu_len; 1550 int idx, rx_bfs = 0; 1551 QDF_STATUS status; 1552 1553 qdf_assert(soc); 1554 qdf_assert(mpdu_desc_info); 1555 1556 /* Fragment from a valid peer */ 1557 hal_rx_reo_buf_paddr_get(ring_desc, &buf_info); 1558 1559 link_desc_va = dp_rx_cookie_2_link_desc_va(soc, &buf_info); 1560 1561 qdf_assert(link_desc_va); 1562 1563 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_INFO_HIGH, 1564 "Number of MSDUs to process, num_msdus: %d", 1565 mpdu_desc_info->msdu_count); 1566 1567 1568 if (qdf_unlikely(mpdu_desc_info->msdu_count == 0)) { 1569 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1570 "Not sufficient MSDUs to process"); 1571 return rx_bufs_used; 1572 } 1573 1574 /* Get msdu_list for the given MPDU */ 1575 hal_rx_msdu_list_get(link_desc_va, &msdu_list, 1576 &mpdu_desc_info->msdu_count); 1577 1578 /* Process all MSDUs in the current MPDU */ 1579 for (idx = 0; (idx < mpdu_desc_info->msdu_count) && quota--; idx++) { 1580 struct dp_rx_desc *rx_desc = 1581 dp_rx_cookie_2_va_rxdma_buf(soc, 1582 msdu_list.sw_cookie[idx]); 1583 1584 qdf_assert(rx_desc); 1585 1586 msdu = rx_desc->nbuf; 1587 1588 qdf_nbuf_unmap_single(soc->osdev, msdu, 1589 QDF_DMA_BIDIRECTIONAL); 1590 1591 rx_desc->rx_buf_start = qdf_nbuf_data(msdu); 1592 1593 msdu_len = hal_rx_msdu_start_msdu_len_get( 1594 rx_desc->rx_buf_start); 1595 1596 qdf_nbuf_set_pktlen(msdu, (msdu_len + RX_PKT_TLVS_LEN)); 1597 1598 tid = hal_rx_mpdu_start_tid_get(rx_desc->rx_buf_start); 1599 1600 /* Process fragment-by-fragment */ 1601 status = dp_rx_defrag_store_fragment(soc, ring_desc, 1602 head, tail, mpdu_desc_info, 1603 tid, rx_desc, &rx_bfs); 1604 1605 if (rx_bfs) 1606 rx_bufs_used++; 1607 1608 if (!QDF_IS_STATUS_SUCCESS(status)) { 1609 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1610 "Rx Defrag err seq#:0x%x msdu_count:%d flags:%d", 1611 mpdu_desc_info->mpdu_seq, 1612 mpdu_desc_info->msdu_count, 1613 mpdu_desc_info->mpdu_flags); 1614 1615 /* No point in processing rest of the fragments */ 1616 break; 1617 } 1618 } 1619 1620 return rx_bufs_used; 1621 } 1622