1 /* 2 * Copyright (c) 2017-2020 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include "hal_hw_headers.h" 20 #include "dp_types.h" 21 #include "dp_rx.h" 22 #include "dp_peer.h" 23 #include "hal_api.h" 24 #include "qdf_trace.h" 25 #include "qdf_nbuf.h" 26 #include "dp_internal.h" 27 #include "dp_rx_defrag.h" 28 #include <enet.h> /* LLC_SNAP_HDR_LEN */ 29 #include "dp_rx_defrag.h" 30 #include "dp_ipa.h" 31 #include "dp_rx_buffer_pool.h" 32 33 const struct dp_rx_defrag_cipher dp_f_ccmp = { 34 "AES-CCM", 35 IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + IEEE80211_WEP_EXTIVLEN, 36 IEEE80211_WEP_MICLEN, 37 0, 38 }; 39 40 const struct dp_rx_defrag_cipher dp_f_tkip = { 41 "TKIP", 42 IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + IEEE80211_WEP_EXTIVLEN, 43 IEEE80211_WEP_CRCLEN, 44 IEEE80211_WEP_MICLEN, 45 }; 46 47 const struct dp_rx_defrag_cipher dp_f_wep = { 48 "WEP", 49 IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN, 50 IEEE80211_WEP_CRCLEN, 51 0, 52 }; 53 54 /* 55 * dp_rx_defrag_frames_free(): Free fragment chain 56 * @frames: Fragment chain 57 * 58 * Iterates through the fragment chain and frees them 59 * Returns: None 60 */ 61 static void dp_rx_defrag_frames_free(qdf_nbuf_t frames) 62 { 63 qdf_nbuf_t next, frag = frames; 64 65 while (frag) { 66 next = qdf_nbuf_next(frag); 67 qdf_nbuf_free(frag); 68 frag = next; 69 } 70 } 71 72 /* 73 * dp_rx_clear_saved_desc_info(): Clears descriptor info 74 * @peer: Pointer to the peer data structure 75 * @tid: Transmit ID (TID) 76 * 77 * Saves MPDU descriptor info and MSDU link pointer from REO 78 * ring descriptor. The cache is created per peer, per TID 79 * 80 * Returns: None 81 */ 82 static void dp_rx_clear_saved_desc_info(struct dp_peer *peer, unsigned tid) 83 { 84 if (peer->rx_tid[tid].dst_ring_desc) 85 qdf_mem_free(peer->rx_tid[tid].dst_ring_desc); 86 87 peer->rx_tid[tid].dst_ring_desc = NULL; 88 peer->rx_tid[tid].head_frag_desc = NULL; 89 } 90 91 static void dp_rx_return_head_frag_desc(struct dp_peer *peer, 92 unsigned int tid) 93 { 94 struct dp_soc *soc; 95 struct dp_pdev *pdev; 96 struct dp_srng *dp_rxdma_srng; 97 struct rx_desc_pool *rx_desc_pool; 98 union dp_rx_desc_list_elem_t *head = NULL; 99 union dp_rx_desc_list_elem_t *tail = NULL; 100 uint8_t pool_id; 101 102 pdev = peer->vdev->pdev; 103 soc = pdev->soc; 104 105 if (peer->rx_tid[tid].head_frag_desc) { 106 pool_id = peer->rx_tid[tid].head_frag_desc->pool_id; 107 dp_rxdma_srng = &soc->rx_refill_buf_ring[pool_id]; 108 rx_desc_pool = &soc->rx_desc_buf[pool_id]; 109 110 dp_rx_add_to_free_desc_list(&head, &tail, 111 peer->rx_tid[tid].head_frag_desc); 112 dp_rx_buffers_replenish(soc, 0, dp_rxdma_srng, rx_desc_pool, 113 1, &head, &tail); 114 } 115 116 if (peer->rx_tid[tid].dst_ring_desc) { 117 if (dp_rx_link_desc_return(soc, 118 peer->rx_tid[tid].dst_ring_desc, 119 HAL_BM_ACTION_PUT_IN_IDLE_LIST) != 120 QDF_STATUS_SUCCESS) 121 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 122 "%s: Failed to return link desc", __func__); 123 } 124 } 125 126 /* 127 * dp_rx_reorder_flush_frag(): Flush the frag list 128 * @peer: Pointer to the peer data structure 129 * @tid: Transmit ID (TID) 130 * 131 * Flush the per-TID frag list 132 * 133 * Returns: None 134 */ 135 void dp_rx_reorder_flush_frag(struct dp_peer *peer, 136 unsigned int tid) 137 { 138 dp_info_rl("Flushing TID %d", tid); 139 140 if (!peer) { 141 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 142 "%s: NULL peer", __func__); 143 return; 144 } 145 146 dp_rx_return_head_frag_desc(peer, tid); 147 dp_rx_defrag_cleanup(peer, tid); 148 } 149 150 /* 151 * dp_rx_defrag_waitlist_flush(): Flush SOC defrag wait list 152 * @soc: DP SOC 153 * 154 * Flush fragments of all waitlisted TID's 155 * 156 * Returns: None 157 */ 158 void dp_rx_defrag_waitlist_flush(struct dp_soc *soc) 159 { 160 struct dp_rx_tid *rx_reorder = NULL; 161 struct dp_rx_tid *tmp; 162 uint32_t now_ms = qdf_system_ticks_to_msecs(qdf_system_ticks()); 163 TAILQ_HEAD(, dp_rx_tid) temp_list; 164 165 TAILQ_INIT(&temp_list); 166 167 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG, 168 FL("Current time %u"), now_ms); 169 170 qdf_spin_lock_bh(&soc->rx.defrag.defrag_lock); 171 TAILQ_FOREACH_SAFE(rx_reorder, &soc->rx.defrag.waitlist, 172 defrag_waitlist_elem, tmp) { 173 uint32_t tid; 174 175 if (rx_reorder->defrag_timeout_ms > now_ms) 176 break; 177 178 tid = rx_reorder->tid; 179 if (tid >= DP_MAX_TIDS) { 180 qdf_assert(0); 181 continue; 182 } 183 184 TAILQ_REMOVE(&soc->rx.defrag.waitlist, rx_reorder, 185 defrag_waitlist_elem); 186 DP_STATS_DEC(soc, rx.rx_frag_wait, 1); 187 188 /* Move to temp list and clean-up later */ 189 TAILQ_INSERT_TAIL(&temp_list, rx_reorder, 190 defrag_waitlist_elem); 191 } 192 if (rx_reorder) { 193 soc->rx.defrag.next_flush_ms = 194 rx_reorder->defrag_timeout_ms; 195 } else { 196 soc->rx.defrag.next_flush_ms = 197 now_ms + soc->rx.defrag.timeout_ms; 198 } 199 200 qdf_spin_unlock_bh(&soc->rx.defrag.defrag_lock); 201 202 TAILQ_FOREACH_SAFE(rx_reorder, &temp_list, 203 defrag_waitlist_elem, tmp) { 204 struct dp_peer *peer, *temp_peer = NULL; 205 206 qdf_spin_lock_bh(&rx_reorder->tid_lock); 207 TAILQ_REMOVE(&temp_list, rx_reorder, 208 defrag_waitlist_elem); 209 /* get address of current peer */ 210 peer = 211 container_of(rx_reorder, struct dp_peer, 212 rx_tid[rx_reorder->tid]); 213 qdf_spin_unlock_bh(&rx_reorder->tid_lock); 214 215 temp_peer = dp_peer_get_ref_by_id(soc, peer->peer_id, 216 DP_MOD_ID_RX_ERR); 217 if (temp_peer == peer) { 218 qdf_spin_lock_bh(&rx_reorder->tid_lock); 219 dp_rx_reorder_flush_frag(peer, rx_reorder->tid); 220 qdf_spin_unlock_bh(&rx_reorder->tid_lock); 221 } 222 223 if (temp_peer) 224 dp_peer_unref_delete(temp_peer, DP_MOD_ID_RX_ERR); 225 226 } 227 } 228 229 /* 230 * dp_rx_defrag_waitlist_add(): Update per-PDEV defrag wait list 231 * @peer: Pointer to the peer data structure 232 * @tid: Transmit ID (TID) 233 * 234 * Appends per-tid fragments to global fragment wait list 235 * 236 * Returns: None 237 */ 238 static void dp_rx_defrag_waitlist_add(struct dp_peer *peer, unsigned tid) 239 { 240 struct dp_soc *psoc = peer->vdev->pdev->soc; 241 struct dp_rx_tid *rx_reorder = &peer->rx_tid[tid]; 242 243 dp_debug("Adding TID %u to waitlist for peer %pK at MAC address "QDF_MAC_ADDR_FMT, 244 tid, peer, QDF_MAC_ADDR_REF(peer->mac_addr.raw)); 245 246 /* TODO: use LIST macros instead of TAIL macros */ 247 qdf_spin_lock_bh(&psoc->rx.defrag.defrag_lock); 248 if (TAILQ_EMPTY(&psoc->rx.defrag.waitlist)) 249 psoc->rx.defrag.next_flush_ms = rx_reorder->defrag_timeout_ms; 250 TAILQ_INSERT_TAIL(&psoc->rx.defrag.waitlist, rx_reorder, 251 defrag_waitlist_elem); 252 DP_STATS_INC(psoc, rx.rx_frag_wait, 1); 253 qdf_spin_unlock_bh(&psoc->rx.defrag.defrag_lock); 254 } 255 256 /* 257 * dp_rx_defrag_waitlist_remove(): Remove fragments from waitlist 258 * @peer: Pointer to the peer data structure 259 * @tid: Transmit ID (TID) 260 * 261 * Remove fragments from waitlist 262 * 263 * Returns: None 264 */ 265 void dp_rx_defrag_waitlist_remove(struct dp_peer *peer, unsigned tid) 266 { 267 struct dp_pdev *pdev = peer->vdev->pdev; 268 struct dp_soc *soc = pdev->soc; 269 struct dp_rx_tid *rx_reorder; 270 struct dp_rx_tid *tmp; 271 272 dp_debug("Removing TID %u to waitlist for peer %pK at MAC address "QDF_MAC_ADDR_FMT, 273 tid, peer, QDF_MAC_ADDR_REF(peer->mac_addr.raw)); 274 275 if (tid >= DP_MAX_TIDS) { 276 dp_err("TID out of bounds: %d", tid); 277 qdf_assert_always(0); 278 } 279 280 qdf_spin_lock_bh(&soc->rx.defrag.defrag_lock); 281 TAILQ_FOREACH_SAFE(rx_reorder, &soc->rx.defrag.waitlist, 282 defrag_waitlist_elem, tmp) { 283 struct dp_peer *peer_on_waitlist; 284 285 /* get address of current peer */ 286 peer_on_waitlist = 287 container_of(rx_reorder, struct dp_peer, 288 rx_tid[rx_reorder->tid]); 289 290 /* Ensure it is TID for same peer */ 291 if (peer_on_waitlist == peer && rx_reorder->tid == tid) { 292 TAILQ_REMOVE(&soc->rx.defrag.waitlist, 293 rx_reorder, defrag_waitlist_elem); 294 DP_STATS_DEC(soc, rx.rx_frag_wait, 1); 295 } 296 } 297 qdf_spin_unlock_bh(&soc->rx.defrag.defrag_lock); 298 } 299 300 /* 301 * dp_rx_defrag_fraglist_insert(): Create a per-sequence fragment list 302 * @peer: Pointer to the peer data structure 303 * @tid: Transmit ID (TID) 304 * @head_addr: Pointer to head list 305 * @tail_addr: Pointer to tail list 306 * @frag: Incoming fragment 307 * @all_frag_present: Flag to indicate whether all fragments are received 308 * 309 * Build a per-tid, per-sequence fragment list. 310 * 311 * Returns: Success, if inserted 312 */ 313 static QDF_STATUS dp_rx_defrag_fraglist_insert(struct dp_peer *peer, unsigned tid, 314 qdf_nbuf_t *head_addr, qdf_nbuf_t *tail_addr, qdf_nbuf_t frag, 315 uint8_t *all_frag_present) 316 { 317 qdf_nbuf_t next; 318 qdf_nbuf_t prev = NULL; 319 qdf_nbuf_t cur; 320 uint16_t head_fragno, cur_fragno, next_fragno; 321 uint8_t last_morefrag = 1, count = 0; 322 struct dp_rx_tid *rx_tid = &peer->rx_tid[tid]; 323 uint8_t *rx_desc_info; 324 325 326 qdf_assert(frag); 327 qdf_assert(head_addr); 328 qdf_assert(tail_addr); 329 330 *all_frag_present = 0; 331 rx_desc_info = qdf_nbuf_data(frag); 332 cur_fragno = dp_rx_frag_get_mpdu_frag_number(rx_desc_info); 333 334 dp_debug("cur_fragno %d\n", cur_fragno); 335 /* If this is the first fragment */ 336 if (!(*head_addr)) { 337 *head_addr = *tail_addr = frag; 338 qdf_nbuf_set_next(*tail_addr, NULL); 339 rx_tid->curr_frag_num = cur_fragno; 340 341 goto insert_done; 342 } 343 344 /* In sequence fragment */ 345 if (cur_fragno > rx_tid->curr_frag_num) { 346 qdf_nbuf_set_next(*tail_addr, frag); 347 *tail_addr = frag; 348 qdf_nbuf_set_next(*tail_addr, NULL); 349 rx_tid->curr_frag_num = cur_fragno; 350 } else { 351 /* Out of sequence fragment */ 352 cur = *head_addr; 353 rx_desc_info = qdf_nbuf_data(cur); 354 head_fragno = dp_rx_frag_get_mpdu_frag_number(rx_desc_info); 355 356 if (cur_fragno == head_fragno) { 357 qdf_nbuf_free(frag); 358 goto insert_fail; 359 } else if (head_fragno > cur_fragno) { 360 qdf_nbuf_set_next(frag, cur); 361 cur = frag; 362 *head_addr = frag; /* head pointer to be updated */ 363 } else { 364 while ((cur_fragno > head_fragno) && cur) { 365 prev = cur; 366 cur = qdf_nbuf_next(cur); 367 if (cur) { 368 rx_desc_info = qdf_nbuf_data(cur); 369 head_fragno = 370 dp_rx_frag_get_mpdu_frag_number( 371 rx_desc_info); 372 } 373 } 374 375 if (cur_fragno == head_fragno) { 376 qdf_nbuf_free(frag); 377 goto insert_fail; 378 } 379 380 qdf_nbuf_set_next(prev, frag); 381 qdf_nbuf_set_next(frag, cur); 382 } 383 } 384 385 next = qdf_nbuf_next(*head_addr); 386 387 rx_desc_info = qdf_nbuf_data(*tail_addr); 388 last_morefrag = dp_rx_frag_get_more_frag_bit(rx_desc_info); 389 390 /* TODO: optimize the loop */ 391 if (!last_morefrag) { 392 /* Check if all fragments are present */ 393 do { 394 rx_desc_info = qdf_nbuf_data(next); 395 next_fragno = 396 dp_rx_frag_get_mpdu_frag_number(rx_desc_info); 397 count++; 398 399 if (next_fragno != count) 400 break; 401 402 next = qdf_nbuf_next(next); 403 } while (next); 404 405 if (!next) { 406 *all_frag_present = 1; 407 return QDF_STATUS_SUCCESS; 408 } else { 409 /* revisit */ 410 } 411 } 412 413 insert_done: 414 return QDF_STATUS_SUCCESS; 415 416 insert_fail: 417 return QDF_STATUS_E_FAILURE; 418 } 419 420 421 /* 422 * dp_rx_defrag_tkip_decap(): decap tkip encrypted fragment 423 * @msdu: Pointer to the fragment 424 * @hdrlen: 802.11 header length (mostly useful in 4 addr frames) 425 * 426 * decap tkip encrypted fragment 427 * 428 * Returns: QDF_STATUS 429 */ 430 static QDF_STATUS dp_rx_defrag_tkip_decap(qdf_nbuf_t msdu, uint16_t hdrlen) 431 { 432 uint8_t *ivp, *orig_hdr; 433 int rx_desc_len = SIZE_OF_DATA_RX_TLV; 434 435 /* start of 802.11 header info */ 436 orig_hdr = (uint8_t *)(qdf_nbuf_data(msdu) + rx_desc_len); 437 438 /* TKIP header is located post 802.11 header */ 439 ivp = orig_hdr + hdrlen; 440 if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) { 441 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 442 "IEEE80211_WEP_EXTIV is missing in TKIP fragment"); 443 return QDF_STATUS_E_DEFRAG_ERROR; 444 } 445 446 qdf_nbuf_trim_tail(msdu, dp_f_tkip.ic_trailer); 447 448 return QDF_STATUS_SUCCESS; 449 } 450 451 /* 452 * dp_rx_defrag_ccmp_demic(): Remove MIC information from CCMP fragment 453 * @nbuf: Pointer to the fragment buffer 454 * @hdrlen: 802.11 header length (mostly useful in 4 addr frames) 455 * 456 * Remove MIC information from CCMP fragment 457 * 458 * Returns: QDF_STATUS 459 */ 460 static QDF_STATUS dp_rx_defrag_ccmp_demic(qdf_nbuf_t nbuf, uint16_t hdrlen) 461 { 462 uint8_t *ivp, *orig_hdr; 463 int rx_desc_len = SIZE_OF_DATA_RX_TLV; 464 465 /* start of the 802.11 header */ 466 orig_hdr = (uint8_t *)(qdf_nbuf_data(nbuf) + rx_desc_len); 467 468 /* CCMP header is located after 802.11 header */ 469 ivp = orig_hdr + hdrlen; 470 if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) 471 return QDF_STATUS_E_DEFRAG_ERROR; 472 473 qdf_nbuf_trim_tail(nbuf, dp_f_ccmp.ic_trailer); 474 475 return QDF_STATUS_SUCCESS; 476 } 477 478 /* 479 * dp_rx_defrag_ccmp_decap(): decap CCMP encrypted fragment 480 * @nbuf: Pointer to the fragment 481 * @hdrlen: length of the header information 482 * 483 * decap CCMP encrypted fragment 484 * 485 * Returns: QDF_STATUS 486 */ 487 static QDF_STATUS dp_rx_defrag_ccmp_decap(qdf_nbuf_t nbuf, uint16_t hdrlen) 488 { 489 uint8_t *ivp, *origHdr; 490 int rx_desc_len = SIZE_OF_DATA_RX_TLV; 491 492 origHdr = (uint8_t *) (qdf_nbuf_data(nbuf) + rx_desc_len); 493 ivp = origHdr + hdrlen; 494 495 if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) 496 return QDF_STATUS_E_DEFRAG_ERROR; 497 498 /* Let's pull the header later */ 499 500 return QDF_STATUS_SUCCESS; 501 } 502 503 /* 504 * dp_rx_defrag_wep_decap(): decap WEP encrypted fragment 505 * @msdu: Pointer to the fragment 506 * @hdrlen: length of the header information 507 * 508 * decap WEP encrypted fragment 509 * 510 * Returns: QDF_STATUS 511 */ 512 static QDF_STATUS dp_rx_defrag_wep_decap(qdf_nbuf_t msdu, uint16_t hdrlen) 513 { 514 uint8_t *origHdr; 515 int rx_desc_len = SIZE_OF_DATA_RX_TLV; 516 517 origHdr = (uint8_t *) (qdf_nbuf_data(msdu) + rx_desc_len); 518 qdf_mem_move(origHdr + dp_f_wep.ic_header, origHdr, hdrlen); 519 520 qdf_nbuf_trim_tail(msdu, dp_f_wep.ic_trailer); 521 522 return QDF_STATUS_SUCCESS; 523 } 524 525 /* 526 * dp_rx_defrag_hdrsize(): Calculate the header size of the received fragment 527 * @soc: soc handle 528 * @nbuf: Pointer to the fragment 529 * 530 * Calculate the header size of the received fragment 531 * 532 * Returns: header size (uint16_t) 533 */ 534 static uint16_t dp_rx_defrag_hdrsize(struct dp_soc *soc, qdf_nbuf_t nbuf) 535 { 536 uint8_t *rx_tlv_hdr = qdf_nbuf_data(nbuf); 537 uint16_t size = sizeof(struct ieee80211_frame); 538 uint16_t fc = 0; 539 uint32_t to_ds, fr_ds; 540 uint8_t frm_ctrl_valid; 541 uint16_t frm_ctrl_field; 542 543 to_ds = hal_rx_mpdu_get_to_ds(soc->hal_soc, rx_tlv_hdr); 544 fr_ds = hal_rx_mpdu_get_fr_ds(soc->hal_soc, rx_tlv_hdr); 545 frm_ctrl_valid = 546 hal_rx_get_mpdu_frame_control_valid(soc->hal_soc, 547 rx_tlv_hdr); 548 frm_ctrl_field = hal_rx_get_frame_ctrl_field(rx_tlv_hdr); 549 550 if (to_ds && fr_ds) 551 size += QDF_MAC_ADDR_SIZE; 552 553 if (frm_ctrl_valid) { 554 fc = frm_ctrl_field; 555 556 /* use 1-st byte for validation */ 557 if (DP_RX_DEFRAG_IEEE80211_QOS_HAS_SEQ(fc & 0xff)) { 558 size += sizeof(uint16_t); 559 /* use 2-nd byte for validation */ 560 if (((fc & 0xff00) >> 8) & IEEE80211_FC1_ORDER) 561 size += sizeof(struct ieee80211_htc); 562 } 563 } 564 565 return size; 566 } 567 568 /* 569 * dp_rx_defrag_michdr(): Calculate a pseudo MIC header 570 * @wh0: Pointer to the wireless header of the fragment 571 * @hdr: Array to hold the pseudo header 572 * 573 * Calculate a pseudo MIC header 574 * 575 * Returns: None 576 */ 577 static void dp_rx_defrag_michdr(const struct ieee80211_frame *wh0, 578 uint8_t hdr[]) 579 { 580 const struct ieee80211_frame_addr4 *wh = 581 (const struct ieee80211_frame_addr4 *)wh0; 582 583 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 584 case IEEE80211_FC1_DIR_NODS: 585 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr1); /* DA */ 586 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + QDF_MAC_ADDR_SIZE, 587 wh->i_addr2); 588 break; 589 case IEEE80211_FC1_DIR_TODS: 590 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr3); /* DA */ 591 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + QDF_MAC_ADDR_SIZE, 592 wh->i_addr2); 593 break; 594 case IEEE80211_FC1_DIR_FROMDS: 595 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr1); /* DA */ 596 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + QDF_MAC_ADDR_SIZE, 597 wh->i_addr3); 598 break; 599 case IEEE80211_FC1_DIR_DSTODS: 600 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr3); /* DA */ 601 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + QDF_MAC_ADDR_SIZE, 602 wh->i_addr4); 603 break; 604 } 605 606 /* 607 * Bit 7 is QDF_IEEE80211_FC0_SUBTYPE_QOS for data frame, but 608 * it could also be set for deauth, disassoc, action, etc. for 609 * a mgt type frame. It comes into picture for MFP. 610 */ 611 if (wh->i_fc[0] & QDF_IEEE80211_FC0_SUBTYPE_QOS) { 612 if ((wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) == 613 IEEE80211_FC1_DIR_DSTODS) { 614 const struct ieee80211_qosframe_addr4 *qwh = 615 (const struct ieee80211_qosframe_addr4 *)wh; 616 hdr[12] = qwh->i_qos[0] & IEEE80211_QOS_TID; 617 } else { 618 const struct ieee80211_qosframe *qwh = 619 (const struct ieee80211_qosframe *)wh; 620 hdr[12] = qwh->i_qos[0] & IEEE80211_QOS_TID; 621 } 622 } else { 623 hdr[12] = 0; 624 } 625 626 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */ 627 } 628 629 /* 630 * dp_rx_defrag_mic(): Calculate MIC header 631 * @key: Pointer to the key 632 * @wbuf: fragment buffer 633 * @off: Offset 634 * @data_len: Data length 635 * @mic: Array to hold MIC 636 * 637 * Calculate a pseudo MIC header 638 * 639 * Returns: QDF_STATUS 640 */ 641 static QDF_STATUS dp_rx_defrag_mic(const uint8_t *key, qdf_nbuf_t wbuf, 642 uint16_t off, uint16_t data_len, uint8_t mic[]) 643 { 644 uint8_t hdr[16] = { 0, }; 645 uint32_t l, r; 646 const uint8_t *data; 647 uint32_t space; 648 int rx_desc_len = SIZE_OF_DATA_RX_TLV; 649 650 dp_rx_defrag_michdr((struct ieee80211_frame *)(qdf_nbuf_data(wbuf) 651 + rx_desc_len), hdr); 652 653 l = dp_rx_get_le32(key); 654 r = dp_rx_get_le32(key + 4); 655 656 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */ 657 l ^= dp_rx_get_le32(hdr); 658 dp_rx_michael_block(l, r); 659 l ^= dp_rx_get_le32(&hdr[4]); 660 dp_rx_michael_block(l, r); 661 l ^= dp_rx_get_le32(&hdr[8]); 662 dp_rx_michael_block(l, r); 663 l ^= dp_rx_get_le32(&hdr[12]); 664 dp_rx_michael_block(l, r); 665 666 /* first buffer has special handling */ 667 data = (uint8_t *)qdf_nbuf_data(wbuf) + off; 668 space = qdf_nbuf_len(wbuf) - off; 669 670 for (;; ) { 671 if (space > data_len) 672 space = data_len; 673 674 /* collect 32-bit blocks from current buffer */ 675 while (space >= sizeof(uint32_t)) { 676 l ^= dp_rx_get_le32(data); 677 dp_rx_michael_block(l, r); 678 data += sizeof(uint32_t); 679 space -= sizeof(uint32_t); 680 data_len -= sizeof(uint32_t); 681 } 682 if (data_len < sizeof(uint32_t)) 683 break; 684 685 wbuf = qdf_nbuf_next(wbuf); 686 if (!wbuf) 687 return QDF_STATUS_E_DEFRAG_ERROR; 688 689 if (space != 0) { 690 const uint8_t *data_next; 691 /* 692 * Block straddles buffers, split references. 693 */ 694 data_next = 695 (uint8_t *)qdf_nbuf_data(wbuf) + off; 696 if ((qdf_nbuf_len(wbuf)) < 697 sizeof(uint32_t) - space) { 698 return QDF_STATUS_E_DEFRAG_ERROR; 699 } 700 switch (space) { 701 case 1: 702 l ^= dp_rx_get_le32_split(data[0], 703 data_next[0], data_next[1], 704 data_next[2]); 705 data = data_next + 3; 706 space = (qdf_nbuf_len(wbuf) - off) - 3; 707 break; 708 case 2: 709 l ^= dp_rx_get_le32_split(data[0], data[1], 710 data_next[0], data_next[1]); 711 data = data_next + 2; 712 space = (qdf_nbuf_len(wbuf) - off) - 2; 713 break; 714 case 3: 715 l ^= dp_rx_get_le32_split(data[0], data[1], 716 data[2], data_next[0]); 717 data = data_next + 1; 718 space = (qdf_nbuf_len(wbuf) - off) - 1; 719 break; 720 } 721 dp_rx_michael_block(l, r); 722 data_len -= sizeof(uint32_t); 723 } else { 724 /* 725 * Setup for next buffer. 726 */ 727 data = (uint8_t *)qdf_nbuf_data(wbuf) + off; 728 space = qdf_nbuf_len(wbuf) - off; 729 } 730 } 731 /* Last block and padding (0x5a, 4..7 x 0) */ 732 switch (data_len) { 733 case 0: 734 l ^= dp_rx_get_le32_split(0x5a, 0, 0, 0); 735 break; 736 case 1: 737 l ^= dp_rx_get_le32_split(data[0], 0x5a, 0, 0); 738 break; 739 case 2: 740 l ^= dp_rx_get_le32_split(data[0], data[1], 0x5a, 0); 741 break; 742 case 3: 743 l ^= dp_rx_get_le32_split(data[0], data[1], data[2], 0x5a); 744 break; 745 } 746 dp_rx_michael_block(l, r); 747 dp_rx_michael_block(l, r); 748 dp_rx_put_le32(mic, l); 749 dp_rx_put_le32(mic + 4, r); 750 751 return QDF_STATUS_SUCCESS; 752 } 753 754 /* 755 * dp_rx_defrag_tkip_demic(): Remove MIC header from the TKIP frame 756 * @key: Pointer to the key 757 * @msdu: fragment buffer 758 * @hdrlen: Length of the header information 759 * 760 * Remove MIC information from the TKIP frame 761 * 762 * Returns: QDF_STATUS 763 */ 764 static QDF_STATUS dp_rx_defrag_tkip_demic(const uint8_t *key, 765 qdf_nbuf_t msdu, uint16_t hdrlen) 766 { 767 QDF_STATUS status; 768 uint32_t pktlen = 0, prev_data_len; 769 uint8_t mic[IEEE80211_WEP_MICLEN]; 770 uint8_t mic0[IEEE80211_WEP_MICLEN]; 771 qdf_nbuf_t prev = NULL, prev0, next; 772 uint8_t len0 = 0; 773 774 next = msdu; 775 prev0 = msdu; 776 while (next) { 777 pktlen += (qdf_nbuf_len(next) - hdrlen); 778 prev = next; 779 dp_debug("pktlen %u", 780 (uint32_t)(qdf_nbuf_len(next) - hdrlen)); 781 next = qdf_nbuf_next(next); 782 if (next && !qdf_nbuf_next(next)) 783 prev0 = prev; 784 } 785 786 if (!prev) { 787 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 788 "%s Defrag chaining failed !\n", __func__); 789 return QDF_STATUS_E_DEFRAG_ERROR; 790 } 791 792 prev_data_len = qdf_nbuf_len(prev) - hdrlen; 793 if (prev_data_len < dp_f_tkip.ic_miclen) { 794 if (prev0 == prev) { 795 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 796 "%s Fragments don't have MIC header !\n", __func__); 797 return QDF_STATUS_E_DEFRAG_ERROR; 798 } 799 len0 = dp_f_tkip.ic_miclen - (uint8_t)prev_data_len; 800 qdf_nbuf_copy_bits(prev0, qdf_nbuf_len(prev0) - len0, len0, 801 (caddr_t)mic0); 802 qdf_nbuf_trim_tail(prev0, len0); 803 } 804 805 qdf_nbuf_copy_bits(prev, (qdf_nbuf_len(prev) - 806 (dp_f_tkip.ic_miclen - len0)), 807 (dp_f_tkip.ic_miclen - len0), 808 (caddr_t)(&mic0[len0])); 809 qdf_nbuf_trim_tail(prev, (dp_f_tkip.ic_miclen - len0)); 810 pktlen -= dp_f_tkip.ic_miclen; 811 812 if (((qdf_nbuf_len(prev) - hdrlen) == 0) && prev != msdu) { 813 qdf_nbuf_free(prev); 814 qdf_nbuf_set_next(prev0, NULL); 815 } 816 817 status = dp_rx_defrag_mic(key, msdu, hdrlen, 818 pktlen, mic); 819 820 if (QDF_IS_STATUS_ERROR(status)) 821 return status; 822 823 if (qdf_mem_cmp(mic, mic0, dp_f_tkip.ic_miclen)) 824 return QDF_STATUS_E_DEFRAG_ERROR; 825 826 return QDF_STATUS_SUCCESS; 827 } 828 829 /* 830 * dp_rx_frag_pull_hdr(): Pulls the RXTLV & the 802.11 headers 831 * @nbuf: buffer pointer 832 * @hdrsize: size of the header to be pulled 833 * 834 * Pull the RXTLV & the 802.11 headers 835 * 836 * Returns: None 837 */ 838 static void dp_rx_frag_pull_hdr(qdf_nbuf_t nbuf, uint16_t hdrsize) 839 { 840 struct rx_pkt_tlvs *rx_pkt_tlv = 841 (struct rx_pkt_tlvs *)qdf_nbuf_data(nbuf); 842 struct rx_mpdu_info *rx_mpdu_info_details = 843 &rx_pkt_tlv->mpdu_start_tlv.rx_mpdu_start.rx_mpdu_info_details; 844 845 dp_debug("pn_31_0 0x%x pn_63_32 0x%x pn_95_64 0x%x pn_127_96 0x%x\n", 846 rx_mpdu_info_details->pn_31_0, rx_mpdu_info_details->pn_63_32, 847 rx_mpdu_info_details->pn_95_64, 848 rx_mpdu_info_details->pn_127_96); 849 850 qdf_nbuf_pull_head(nbuf, RX_PKT_TLVS_LEN + hdrsize); 851 852 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG, 853 "%s: final pktlen %d .11len %d", 854 __func__, (uint32_t)qdf_nbuf_len(nbuf), hdrsize); 855 } 856 857 /* 858 * dp_rx_defrag_pn_check(): Check the PN of current fragmented with prev PN 859 * @msdu: msdu to get the current PN 860 * @cur_pn128: PN extracted from current msdu 861 * @prev_pn128: Prev PN 862 * 863 * Returns: 0 on success, non zero on failure 864 */ 865 static int dp_rx_defrag_pn_check(qdf_nbuf_t msdu, 866 uint64_t *cur_pn128, uint64_t *prev_pn128) 867 { 868 struct rx_pkt_tlvs *rx_pkt_tlv = 869 (struct rx_pkt_tlvs *)qdf_nbuf_data(msdu); 870 struct rx_mpdu_info *rx_mpdu_info_details = 871 &rx_pkt_tlv->mpdu_start_tlv.rx_mpdu_start.rx_mpdu_info_details; 872 int out_of_order = 0; 873 874 cur_pn128[0] = rx_mpdu_info_details->pn_31_0; 875 cur_pn128[0] |= 876 ((uint64_t)rx_mpdu_info_details->pn_63_32 << 32); 877 cur_pn128[1] = rx_mpdu_info_details->pn_95_64; 878 cur_pn128[1] |= 879 ((uint64_t)rx_mpdu_info_details->pn_127_96 << 32); 880 881 if (cur_pn128[1] == prev_pn128[1]) 882 out_of_order = (cur_pn128[0] <= prev_pn128[0]); 883 else 884 out_of_order = (cur_pn128[1] < prev_pn128[1]); 885 886 return out_of_order; 887 } 888 889 /* 890 * dp_rx_construct_fraglist(): Construct a nbuf fraglist 891 * @peer: Pointer to the peer 892 * @head: Pointer to list of fragments 893 * @hdrsize: Size of the header to be pulled 894 * 895 * Construct a nbuf fraglist 896 * 897 * Returns: None 898 */ 899 static int 900 dp_rx_construct_fraglist(struct dp_peer *peer, int tid, qdf_nbuf_t head, 901 uint16_t hdrsize) 902 { 903 qdf_nbuf_t msdu = qdf_nbuf_next(head); 904 qdf_nbuf_t rx_nbuf = msdu; 905 struct dp_rx_tid *rx_tid = &peer->rx_tid[tid]; 906 uint32_t len = 0; 907 uint64_t cur_pn128[2] = {0, 0}, prev_pn128[2]; 908 int out_of_order = 0; 909 int index; 910 int needs_pn_check = 0; 911 912 prev_pn128[0] = rx_tid->pn128[0]; 913 prev_pn128[1] = rx_tid->pn128[1]; 914 915 index = hal_rx_msdu_is_wlan_mcast(msdu) ? dp_sec_mcast : dp_sec_ucast; 916 if (qdf_likely(peer->security[index].sec_type != cdp_sec_type_none)) 917 needs_pn_check = 1; 918 919 while (msdu) { 920 if (qdf_likely(needs_pn_check)) 921 out_of_order = dp_rx_defrag_pn_check(msdu, 922 &cur_pn128[0], 923 &prev_pn128[0]); 924 925 if (qdf_unlikely(out_of_order)) { 926 dp_info_rl("cur_pn128[0] 0x%llx cur_pn128[1] 0x%llx prev_pn128[0] 0x%llx prev_pn128[1] 0x%llx", 927 cur_pn128[0], cur_pn128[1], 928 prev_pn128[0], prev_pn128[1]); 929 return QDF_STATUS_E_FAILURE; 930 } 931 932 prev_pn128[0] = cur_pn128[0]; 933 prev_pn128[1] = cur_pn128[1]; 934 935 dp_rx_frag_pull_hdr(msdu, hdrsize); 936 len += qdf_nbuf_len(msdu); 937 msdu = qdf_nbuf_next(msdu); 938 } 939 940 qdf_nbuf_append_ext_list(head, rx_nbuf, len); 941 qdf_nbuf_set_next(head, NULL); 942 qdf_nbuf_set_is_frag(head, 1); 943 944 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG, 945 "%s: head len %d ext len %d data len %d ", 946 __func__, 947 (uint32_t)qdf_nbuf_len(head), 948 (uint32_t)qdf_nbuf_len(rx_nbuf), 949 (uint32_t)(head->data_len)); 950 951 return QDF_STATUS_SUCCESS; 952 } 953 954 /** 955 * dp_rx_defrag_err() - rx err handler 956 * @pdev: handle to pdev object 957 * @vdev_id: vdev id 958 * @peer_mac_addr: peer mac address 959 * @tid: TID 960 * @tsf32: TSF 961 * @err_type: error type 962 * @rx_frame: rx frame 963 * @pn: PN Number 964 * @key_id: key id 965 * 966 * This function handles rx error and send MIC error notification 967 * 968 * Return: None 969 */ 970 static void dp_rx_defrag_err(struct dp_vdev *vdev, qdf_nbuf_t nbuf) 971 { 972 struct ol_if_ops *tops = NULL; 973 struct dp_pdev *pdev = vdev->pdev; 974 int rx_desc_len = SIZE_OF_DATA_RX_TLV; 975 uint8_t *orig_hdr; 976 struct ieee80211_frame *wh; 977 struct cdp_rx_mic_err_info mic_failure_info; 978 979 orig_hdr = (uint8_t *)(qdf_nbuf_data(nbuf) + rx_desc_len); 980 wh = (struct ieee80211_frame *)orig_hdr; 981 982 qdf_copy_macaddr((struct qdf_mac_addr *)&mic_failure_info.da_mac_addr, 983 (struct qdf_mac_addr *)&wh->i_addr1); 984 qdf_copy_macaddr((struct qdf_mac_addr *)&mic_failure_info.ta_mac_addr, 985 (struct qdf_mac_addr *)&wh->i_addr2); 986 mic_failure_info.key_id = 0; 987 mic_failure_info.multicast = 988 IEEE80211_IS_MULTICAST(wh->i_addr1); 989 qdf_mem_zero(mic_failure_info.tsc, MIC_SEQ_CTR_SIZE); 990 mic_failure_info.frame_type = cdp_rx_frame_type_802_11; 991 mic_failure_info.data = (uint8_t *)wh; 992 mic_failure_info.vdev_id = vdev->vdev_id; 993 994 tops = pdev->soc->cdp_soc.ol_ops; 995 if (tops->rx_mic_error) 996 tops->rx_mic_error(pdev->soc->ctrl_psoc, pdev->pdev_id, 997 &mic_failure_info); 998 } 999 1000 1001 /* 1002 * dp_rx_defrag_nwifi_to_8023(): Transcap 802.11 to 802.3 1003 * @soc: dp soc handle 1004 * @nbuf: Pointer to the fragment buffer 1005 * @hdrsize: Size of headers 1006 * 1007 * Transcap the fragment from 802.11 to 802.3 1008 * 1009 * Returns: None 1010 */ 1011 static void 1012 dp_rx_defrag_nwifi_to_8023(struct dp_soc *soc, struct dp_peer *peer, int tid, 1013 qdf_nbuf_t nbuf, uint16_t hdrsize) 1014 { 1015 struct llc_snap_hdr_t *llchdr; 1016 struct ethernet_hdr_t *eth_hdr; 1017 uint8_t ether_type[2]; 1018 uint16_t fc = 0; 1019 union dp_align_mac_addr mac_addr; 1020 uint8_t *rx_desc_info = qdf_mem_malloc(RX_PKT_TLVS_LEN); 1021 struct rx_pkt_tlvs *rx_pkt_tlv = 1022 (struct rx_pkt_tlvs *)qdf_nbuf_data(nbuf); 1023 struct rx_mpdu_info *rx_mpdu_info_details = 1024 &rx_pkt_tlv->mpdu_start_tlv.rx_mpdu_start.rx_mpdu_info_details; 1025 struct dp_rx_tid *rx_tid = &peer->rx_tid[tid]; 1026 1027 dp_debug("head_nbuf pn_31_0 0x%x pn_63_32 0x%x pn_95_64 0x%x pn_127_96 0x%x\n", 1028 rx_mpdu_info_details->pn_31_0, rx_mpdu_info_details->pn_63_32, 1029 rx_mpdu_info_details->pn_95_64, 1030 rx_mpdu_info_details->pn_127_96); 1031 1032 rx_tid->pn128[0] = rx_mpdu_info_details->pn_31_0; 1033 rx_tid->pn128[0] |= ((uint64_t)rx_mpdu_info_details->pn_63_32 << 32); 1034 rx_tid->pn128[1] = rx_mpdu_info_details->pn_95_64; 1035 rx_tid->pn128[1] |= ((uint64_t)rx_mpdu_info_details->pn_127_96 << 32); 1036 1037 if (!rx_desc_info) { 1038 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1039 "%s: Memory alloc failed ! ", __func__); 1040 QDF_ASSERT(0); 1041 return; 1042 } 1043 1044 qdf_mem_copy(rx_desc_info, qdf_nbuf_data(nbuf), RX_PKT_TLVS_LEN); 1045 1046 llchdr = (struct llc_snap_hdr_t *)(qdf_nbuf_data(nbuf) + 1047 RX_PKT_TLVS_LEN + hdrsize); 1048 qdf_mem_copy(ether_type, llchdr->ethertype, 2); 1049 1050 qdf_nbuf_pull_head(nbuf, (RX_PKT_TLVS_LEN + hdrsize + 1051 sizeof(struct llc_snap_hdr_t) - 1052 sizeof(struct ethernet_hdr_t))); 1053 1054 eth_hdr = (struct ethernet_hdr_t *)(qdf_nbuf_data(nbuf)); 1055 1056 if (hal_rx_get_mpdu_frame_control_valid(soc->hal_soc, 1057 rx_desc_info)) 1058 fc = hal_rx_get_frame_ctrl_field(rx_desc_info); 1059 1060 dp_debug("Frame control type: 0x%x", fc); 1061 1062 switch (((fc & 0xff00) >> 8) & IEEE80211_FC1_DIR_MASK) { 1063 case IEEE80211_FC1_DIR_NODS: 1064 hal_rx_mpdu_get_addr1(soc->hal_soc, rx_desc_info, 1065 &mac_addr.raw[0]); 1066 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 1067 QDF_MAC_ADDR_SIZE); 1068 hal_rx_mpdu_get_addr2(soc->hal_soc, rx_desc_info, 1069 &mac_addr.raw[0]); 1070 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 1071 QDF_MAC_ADDR_SIZE); 1072 break; 1073 case IEEE80211_FC1_DIR_TODS: 1074 hal_rx_mpdu_get_addr3(soc->hal_soc, rx_desc_info, 1075 &mac_addr.raw[0]); 1076 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 1077 QDF_MAC_ADDR_SIZE); 1078 hal_rx_mpdu_get_addr2(soc->hal_soc, rx_desc_info, 1079 &mac_addr.raw[0]); 1080 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 1081 QDF_MAC_ADDR_SIZE); 1082 break; 1083 case IEEE80211_FC1_DIR_FROMDS: 1084 hal_rx_mpdu_get_addr1(soc->hal_soc, rx_desc_info, 1085 &mac_addr.raw[0]); 1086 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 1087 QDF_MAC_ADDR_SIZE); 1088 hal_rx_mpdu_get_addr3(soc->hal_soc, rx_desc_info, 1089 &mac_addr.raw[0]); 1090 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 1091 QDF_MAC_ADDR_SIZE); 1092 break; 1093 1094 case IEEE80211_FC1_DIR_DSTODS: 1095 hal_rx_mpdu_get_addr3(soc->hal_soc, rx_desc_info, 1096 &mac_addr.raw[0]); 1097 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 1098 QDF_MAC_ADDR_SIZE); 1099 hal_rx_mpdu_get_addr4(soc->hal_soc, rx_desc_info, 1100 &mac_addr.raw[0]); 1101 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 1102 QDF_MAC_ADDR_SIZE); 1103 break; 1104 1105 default: 1106 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1107 "%s: Unknown frame control type: 0x%x", __func__, fc); 1108 } 1109 1110 qdf_mem_copy(eth_hdr->ethertype, ether_type, 1111 sizeof(ether_type)); 1112 1113 qdf_nbuf_push_head(nbuf, RX_PKT_TLVS_LEN); 1114 qdf_mem_copy(qdf_nbuf_data(nbuf), rx_desc_info, RX_PKT_TLVS_LEN); 1115 qdf_mem_free(rx_desc_info); 1116 } 1117 1118 #ifdef RX_DEFRAG_DO_NOT_REINJECT 1119 /* 1120 * dp_rx_defrag_deliver(): Deliver defrag packet to stack 1121 * @peer: Pointer to the peer 1122 * @tid: Transmit Identifier 1123 * @head: Nbuf to be delivered 1124 * 1125 * Returns: None 1126 */ 1127 static inline void dp_rx_defrag_deliver(struct dp_peer *peer, 1128 unsigned int tid, 1129 qdf_nbuf_t head) 1130 { 1131 struct dp_vdev *vdev = peer->vdev; 1132 struct dp_soc *soc = vdev->pdev->soc; 1133 qdf_nbuf_t deliver_list_head = NULL; 1134 qdf_nbuf_t deliver_list_tail = NULL; 1135 uint8_t *rx_tlv_hdr; 1136 1137 rx_tlv_hdr = qdf_nbuf_data(head); 1138 1139 QDF_NBUF_CB_RX_VDEV_ID(head) = vdev->vdev_id; 1140 qdf_nbuf_set_tid_val(head, tid); 1141 qdf_nbuf_pull_head(head, RX_PKT_TLVS_LEN); 1142 1143 DP_RX_LIST_APPEND(deliver_list_head, deliver_list_tail, 1144 head); 1145 dp_rx_deliver_to_stack(soc, vdev, peer, deliver_list_head, 1146 deliver_list_tail); 1147 } 1148 1149 /* 1150 * dp_rx_defrag_reo_reinject(): Reinject the fragment chain back into REO 1151 * @peer: Pointer to the peer 1152 * @tid: Transmit Identifier 1153 * @head: Buffer to be reinjected back 1154 * 1155 * Reinject the fragment chain back into REO 1156 * 1157 * Returns: QDF_STATUS 1158 */ 1159 static QDF_STATUS dp_rx_defrag_reo_reinject(struct dp_peer *peer, 1160 unsigned int tid, qdf_nbuf_t head) 1161 { 1162 struct dp_rx_reorder_array_elem *rx_reorder_array_elem; 1163 1164 rx_reorder_array_elem = peer->rx_tid[tid].array; 1165 1166 dp_rx_defrag_deliver(peer, tid, head); 1167 rx_reorder_array_elem->head = NULL; 1168 rx_reorder_array_elem->tail = NULL; 1169 dp_rx_return_head_frag_desc(peer, tid); 1170 1171 return QDF_STATUS_SUCCESS; 1172 } 1173 #else 1174 #ifdef WLAN_FEATURE_DP_RX_RING_HISTORY 1175 /** 1176 * dp_rx_reinject_ring_record_entry() - Record reinject ring history 1177 * @soc: Datapath soc structure 1178 * @paddr: paddr of the buffer reinjected to SW2REO ring 1179 * @sw_cookie: SW cookie of the buffer reinjected to SW2REO ring 1180 * @rbm: Return buffer manager of the buffer reinjected to SW2REO ring 1181 * 1182 * Returns: None 1183 */ 1184 static inline void 1185 dp_rx_reinject_ring_record_entry(struct dp_soc *soc, uint64_t paddr, 1186 uint32_t sw_cookie, uint8_t rbm) 1187 { 1188 struct dp_buf_info_record *record; 1189 uint32_t idx; 1190 1191 if (qdf_unlikely(!soc->rx_reinject_ring_history)) 1192 return; 1193 1194 idx = dp_history_get_next_index(&soc->rx_reinject_ring_history->index, 1195 DP_RX_REINJECT_HIST_MAX); 1196 1197 /* No NULL check needed for record since its an array */ 1198 record = &soc->rx_reinject_ring_history->entry[idx]; 1199 1200 record->timestamp = qdf_get_log_timestamp(); 1201 record->hbi.paddr = paddr; 1202 record->hbi.sw_cookie = sw_cookie; 1203 record->hbi.rbm = rbm; 1204 } 1205 #else 1206 static inline void 1207 dp_rx_reinject_ring_record_entry(struct dp_soc *soc, uint64_t paddr, 1208 uint32_t sw_cookie, uint8_t rbm) 1209 { 1210 } 1211 #endif 1212 1213 /* 1214 * dp_rx_defrag_reo_reinject(): Reinject the fragment chain back into REO 1215 * @peer: Pointer to the peer 1216 * @tid: Transmit Identifier 1217 * @head: Buffer to be reinjected back 1218 * 1219 * Reinject the fragment chain back into REO 1220 * 1221 * Returns: QDF_STATUS 1222 */ 1223 static QDF_STATUS dp_rx_defrag_reo_reinject(struct dp_peer *peer, 1224 unsigned int tid, qdf_nbuf_t head) 1225 { 1226 struct dp_pdev *pdev = peer->vdev->pdev; 1227 struct dp_soc *soc = pdev->soc; 1228 struct hal_buf_info buf_info; 1229 void *link_desc_va; 1230 void *msdu0, *msdu_desc_info; 1231 void *ent_ring_desc, *ent_mpdu_desc_info, *ent_qdesc_addr; 1232 void *dst_mpdu_desc_info, *dst_qdesc_addr; 1233 qdf_dma_addr_t paddr; 1234 uint32_t nbuf_len, seq_no, dst_ind; 1235 uint32_t *mpdu_wrd; 1236 uint32_t ret, cookie; 1237 hal_ring_desc_t dst_ring_desc = 1238 peer->rx_tid[tid].dst_ring_desc; 1239 hal_ring_handle_t hal_srng = soc->reo_reinject_ring.hal_srng; 1240 struct dp_rx_desc *rx_desc = peer->rx_tid[tid].head_frag_desc; 1241 struct dp_rx_reorder_array_elem *rx_reorder_array_elem = 1242 peer->rx_tid[tid].array; 1243 qdf_nbuf_t nbuf_head; 1244 struct rx_desc_pool *rx_desc_pool = NULL; 1245 void *buf_addr_info = HAL_RX_REO_BUF_ADDR_INFO_GET(dst_ring_desc); 1246 1247 /* do duplicate link desc address check */ 1248 dp_rx_link_desc_refill_duplicate_check( 1249 soc, 1250 &soc->last_op_info.reo_reinject_link_desc, 1251 buf_addr_info); 1252 1253 nbuf_head = dp_ipa_handle_rx_reo_reinject(soc, head); 1254 if (qdf_unlikely(!nbuf_head)) { 1255 dp_err_rl("IPA RX REO reinject failed"); 1256 return QDF_STATUS_E_FAILURE; 1257 } 1258 1259 /* update new allocated skb in case IPA is enabled */ 1260 if (nbuf_head != head) { 1261 head = nbuf_head; 1262 rx_desc->nbuf = head; 1263 rx_reorder_array_elem->head = head; 1264 } 1265 1266 ent_ring_desc = hal_srng_src_get_next(soc->hal_soc, hal_srng); 1267 if (!ent_ring_desc) { 1268 dp_err_rl("HAL src ring next entry NULL"); 1269 return QDF_STATUS_E_FAILURE; 1270 } 1271 1272 hal_rx_reo_buf_paddr_get(dst_ring_desc, &buf_info); 1273 1274 link_desc_va = dp_rx_cookie_2_link_desc_va(soc, &buf_info); 1275 1276 qdf_assert_always(link_desc_va); 1277 1278 msdu0 = hal_rx_msdu0_buffer_addr_lsb(soc->hal_soc, link_desc_va); 1279 nbuf_len = qdf_nbuf_len(head) - RX_PKT_TLVS_LEN; 1280 1281 HAL_RX_UNIFORM_HDR_SET(link_desc_va, OWNER, UNI_DESC_OWNER_SW); 1282 HAL_RX_UNIFORM_HDR_SET(link_desc_va, BUFFER_TYPE, 1283 UNI_DESC_BUF_TYPE_RX_MSDU_LINK); 1284 1285 /* msdu reconfig */ 1286 msdu_desc_info = hal_rx_msdu_desc_info_ptr_get(soc->hal_soc, msdu0); 1287 1288 dst_ind = hal_rx_msdu_reo_dst_ind_get(soc->hal_soc, link_desc_va); 1289 1290 qdf_mem_zero(msdu_desc_info, sizeof(struct rx_msdu_desc_info)); 1291 1292 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1293 FIRST_MSDU_IN_MPDU_FLAG, 1); 1294 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1295 LAST_MSDU_IN_MPDU_FLAG, 1); 1296 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1297 MSDU_CONTINUATION, 0x0); 1298 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1299 REO_DESTINATION_INDICATION, dst_ind); 1300 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1301 MSDU_LENGTH, nbuf_len); 1302 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1303 SA_IS_VALID, 1); 1304 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1305 DA_IS_VALID, 1); 1306 1307 /* change RX TLV's */ 1308 hal_rx_msdu_start_msdu_len_set( 1309 qdf_nbuf_data(head), nbuf_len); 1310 1311 cookie = HAL_RX_BUF_COOKIE_GET(msdu0); 1312 rx_desc_pool = &soc->rx_desc_buf[pdev->lmac_id]; 1313 1314 /* map the nbuf before reinject it into HW */ 1315 ret = qdf_nbuf_map_nbytes_single(soc->osdev, head, 1316 QDF_DMA_FROM_DEVICE, 1317 rx_desc_pool->buf_size); 1318 if (qdf_unlikely(ret == QDF_STATUS_E_FAILURE)) { 1319 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1320 "%s: nbuf map failed !", __func__); 1321 return QDF_STATUS_E_FAILURE; 1322 } 1323 1324 /* 1325 * As part of rx frag handler bufffer was unmapped and rx desc 1326 * unmapped is set to 1. So again for defrag reinject frame reset 1327 * it back to 0. 1328 */ 1329 rx_desc->unmapped = 0; 1330 1331 dp_ipa_handle_rx_buf_smmu_mapping(soc, head, 1332 rx_desc_pool->buf_size, 1333 true); 1334 1335 paddr = qdf_nbuf_get_frag_paddr(head, 0); 1336 1337 ret = check_x86_paddr(soc, &head, &paddr, rx_desc_pool); 1338 1339 if (ret == QDF_STATUS_E_FAILURE) { 1340 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1341 "%s: x86 check failed !", __func__); 1342 return QDF_STATUS_E_FAILURE; 1343 } 1344 1345 hal_rxdma_buff_addr_info_set(msdu0, paddr, cookie, DP_DEFRAG_RBM); 1346 1347 /* Lets fill entrance ring now !!! */ 1348 if (qdf_unlikely(hal_srng_access_start(soc->hal_soc, hal_srng))) { 1349 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1350 "HAL RING Access For REO entrance SRNG Failed: %pK", 1351 hal_srng); 1352 1353 return QDF_STATUS_E_FAILURE; 1354 } 1355 1356 dp_rx_reinject_ring_record_entry(soc, paddr, cookie, DP_DEFRAG_RBM); 1357 paddr = (uint64_t)buf_info.paddr; 1358 /* buf addr */ 1359 hal_rxdma_buff_addr_info_set(ent_ring_desc, paddr, 1360 buf_info.sw_cookie, 1361 HAL_RX_BUF_RBM_WBM_IDLE_DESC_LIST); 1362 /* mpdu desc info */ 1363 ent_mpdu_desc_info = hal_ent_mpdu_desc_info(soc->hal_soc, 1364 ent_ring_desc); 1365 dst_mpdu_desc_info = hal_dst_mpdu_desc_info(soc->hal_soc, 1366 dst_ring_desc); 1367 1368 qdf_mem_copy(ent_mpdu_desc_info, dst_mpdu_desc_info, 1369 sizeof(struct rx_mpdu_desc_info)); 1370 qdf_mem_zero(ent_mpdu_desc_info, sizeof(uint32_t)); 1371 1372 mpdu_wrd = (uint32_t *)dst_mpdu_desc_info; 1373 seq_no = HAL_RX_MPDU_SEQUENCE_NUMBER_GET(mpdu_wrd); 1374 1375 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1376 MSDU_COUNT, 0x1); 1377 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1378 MPDU_SEQUENCE_NUMBER, seq_no); 1379 /* unset frag bit */ 1380 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1381 FRAGMENT_FLAG, 0x0); 1382 /* set sa/da valid bits */ 1383 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1384 SA_IS_VALID, 0x1); 1385 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1386 DA_IS_VALID, 0x1); 1387 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1388 RAW_MPDU, 0x0); 1389 1390 /* qdesc addr */ 1391 ent_qdesc_addr = (uint8_t *)ent_ring_desc + 1392 REO_ENTRANCE_RING_4_RX_REO_QUEUE_DESC_ADDR_31_0_OFFSET; 1393 1394 dst_qdesc_addr = (uint8_t *)dst_ring_desc + 1395 REO_DESTINATION_RING_6_RX_REO_QUEUE_DESC_ADDR_31_0_OFFSET; 1396 1397 qdf_mem_copy(ent_qdesc_addr, dst_qdesc_addr, 8); 1398 1399 HAL_RX_FLD_SET(ent_ring_desc, REO_ENTRANCE_RING_5, 1400 REO_DESTINATION_INDICATION, dst_ind); 1401 1402 hal_srng_access_end(soc->hal_soc, hal_srng); 1403 1404 DP_STATS_INC(soc, rx.reo_reinject, 1); 1405 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG, 1406 "%s: reinjection done !", __func__); 1407 return QDF_STATUS_SUCCESS; 1408 } 1409 #endif 1410 1411 /* 1412 * dp_rx_defrag(): Defragment the fragment chain 1413 * @peer: Pointer to the peer 1414 * @tid: Transmit Identifier 1415 * @frag_list_head: Pointer to head list 1416 * @frag_list_tail: Pointer to tail list 1417 * 1418 * Defragment the fragment chain 1419 * 1420 * Returns: QDF_STATUS 1421 */ 1422 static QDF_STATUS dp_rx_defrag(struct dp_peer *peer, unsigned tid, 1423 qdf_nbuf_t frag_list_head, qdf_nbuf_t frag_list_tail) 1424 { 1425 qdf_nbuf_t tmp_next, prev; 1426 qdf_nbuf_t cur = frag_list_head, msdu; 1427 uint32_t index, tkip_demic = 0; 1428 uint16_t hdr_space; 1429 uint8_t key[DEFRAG_IEEE80211_KEY_LEN]; 1430 struct dp_vdev *vdev = peer->vdev; 1431 struct dp_soc *soc = vdev->pdev->soc; 1432 uint8_t status = 0; 1433 1434 hdr_space = dp_rx_defrag_hdrsize(soc, cur); 1435 index = hal_rx_msdu_is_wlan_mcast(cur) ? 1436 dp_sec_mcast : dp_sec_ucast; 1437 1438 /* Remove FCS from all fragments */ 1439 while (cur) { 1440 tmp_next = qdf_nbuf_next(cur); 1441 qdf_nbuf_set_next(cur, NULL); 1442 qdf_nbuf_trim_tail(cur, DEFRAG_IEEE80211_FCS_LEN); 1443 prev = cur; 1444 qdf_nbuf_set_next(cur, tmp_next); 1445 cur = tmp_next; 1446 } 1447 cur = frag_list_head; 1448 1449 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_DEBUG, 1450 "%s: index %d Security type: %d", __func__, 1451 index, peer->security[index].sec_type); 1452 1453 switch (peer->security[index].sec_type) { 1454 case cdp_sec_type_tkip: 1455 tkip_demic = 1; 1456 1457 case cdp_sec_type_tkip_nomic: 1458 while (cur) { 1459 tmp_next = qdf_nbuf_next(cur); 1460 if (dp_rx_defrag_tkip_decap(cur, hdr_space)) { 1461 1462 QDF_TRACE(QDF_MODULE_ID_TXRX, 1463 QDF_TRACE_LEVEL_ERROR, 1464 "dp_rx_defrag: TKIP decap failed"); 1465 1466 return QDF_STATUS_E_DEFRAG_ERROR; 1467 } 1468 cur = tmp_next; 1469 } 1470 1471 /* If success, increment header to be stripped later */ 1472 hdr_space += dp_f_tkip.ic_header; 1473 break; 1474 1475 case cdp_sec_type_aes_ccmp: 1476 while (cur) { 1477 tmp_next = qdf_nbuf_next(cur); 1478 if (dp_rx_defrag_ccmp_demic(cur, hdr_space)) { 1479 1480 QDF_TRACE(QDF_MODULE_ID_TXRX, 1481 QDF_TRACE_LEVEL_ERROR, 1482 "dp_rx_defrag: CCMP demic failed"); 1483 1484 return QDF_STATUS_E_DEFRAG_ERROR; 1485 } 1486 if (dp_rx_defrag_ccmp_decap(cur, hdr_space)) { 1487 1488 QDF_TRACE(QDF_MODULE_ID_TXRX, 1489 QDF_TRACE_LEVEL_ERROR, 1490 "dp_rx_defrag: CCMP decap failed"); 1491 1492 return QDF_STATUS_E_DEFRAG_ERROR; 1493 } 1494 cur = tmp_next; 1495 } 1496 1497 /* If success, increment header to be stripped later */ 1498 hdr_space += dp_f_ccmp.ic_header; 1499 break; 1500 1501 case cdp_sec_type_wep40: 1502 case cdp_sec_type_wep104: 1503 case cdp_sec_type_wep128: 1504 while (cur) { 1505 tmp_next = qdf_nbuf_next(cur); 1506 if (dp_rx_defrag_wep_decap(cur, hdr_space)) { 1507 1508 QDF_TRACE(QDF_MODULE_ID_TXRX, 1509 QDF_TRACE_LEVEL_ERROR, 1510 "dp_rx_defrag: WEP decap failed"); 1511 1512 return QDF_STATUS_E_DEFRAG_ERROR; 1513 } 1514 cur = tmp_next; 1515 } 1516 1517 /* If success, increment header to be stripped later */ 1518 hdr_space += dp_f_wep.ic_header; 1519 break; 1520 default: 1521 break; 1522 } 1523 1524 if (tkip_demic) { 1525 msdu = frag_list_head; 1526 qdf_mem_copy(key, 1527 &peer->security[index].michael_key[0], 1528 IEEE80211_WEP_MICLEN); 1529 status = dp_rx_defrag_tkip_demic(key, msdu, 1530 RX_PKT_TLVS_LEN + 1531 hdr_space); 1532 1533 if (status) { 1534 dp_rx_defrag_err(vdev, frag_list_head); 1535 1536 QDF_TRACE(QDF_MODULE_ID_TXRX, 1537 QDF_TRACE_LEVEL_ERROR, 1538 "%s: TKIP demic failed status %d", 1539 __func__, status); 1540 1541 return QDF_STATUS_E_DEFRAG_ERROR; 1542 } 1543 } 1544 1545 /* Convert the header to 802.3 header */ 1546 dp_rx_defrag_nwifi_to_8023(soc, peer, tid, frag_list_head, hdr_space); 1547 if (qdf_nbuf_next(frag_list_head)) { 1548 if (dp_rx_construct_fraglist(peer, tid, frag_list_head, hdr_space)) 1549 return QDF_STATUS_E_DEFRAG_ERROR; 1550 } 1551 1552 return QDF_STATUS_SUCCESS; 1553 } 1554 1555 /* 1556 * dp_rx_defrag_cleanup(): Clean up activities 1557 * @peer: Pointer to the peer 1558 * @tid: Transmit Identifier 1559 * 1560 * Returns: None 1561 */ 1562 void dp_rx_defrag_cleanup(struct dp_peer *peer, unsigned tid) 1563 { 1564 struct dp_rx_reorder_array_elem *rx_reorder_array_elem = 1565 peer->rx_tid[tid].array; 1566 1567 if (rx_reorder_array_elem) { 1568 /* Free up nbufs */ 1569 dp_rx_defrag_frames_free(rx_reorder_array_elem->head); 1570 rx_reorder_array_elem->head = NULL; 1571 rx_reorder_array_elem->tail = NULL; 1572 } else { 1573 dp_info("Cleanup self peer %pK and TID %u at MAC address "QDF_MAC_ADDR_FMT, 1574 peer, tid, QDF_MAC_ADDR_REF(peer->mac_addr.raw)); 1575 } 1576 1577 /* Free up saved ring descriptors */ 1578 dp_rx_clear_saved_desc_info(peer, tid); 1579 1580 peer->rx_tid[tid].defrag_timeout_ms = 0; 1581 peer->rx_tid[tid].curr_frag_num = 0; 1582 peer->rx_tid[tid].curr_seq_num = 0; 1583 } 1584 1585 /* 1586 * dp_rx_defrag_save_info_from_ring_desc(): Save info from REO ring descriptor 1587 * @ring_desc: Pointer to the dst ring descriptor 1588 * @peer: Pointer to the peer 1589 * @tid: Transmit Identifier 1590 * 1591 * Returns: None 1592 */ 1593 static QDF_STATUS 1594 dp_rx_defrag_save_info_from_ring_desc(hal_ring_desc_t ring_desc, 1595 struct dp_rx_desc *rx_desc, 1596 struct dp_peer *peer, 1597 unsigned int tid) 1598 { 1599 void *dst_ring_desc = qdf_mem_malloc( 1600 sizeof(struct reo_destination_ring)); 1601 1602 if (!dst_ring_desc) { 1603 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1604 "%s: Memory alloc failed !", __func__); 1605 QDF_ASSERT(0); 1606 return QDF_STATUS_E_NOMEM; 1607 } 1608 1609 qdf_mem_copy(dst_ring_desc, ring_desc, 1610 sizeof(struct reo_destination_ring)); 1611 1612 peer->rx_tid[tid].dst_ring_desc = dst_ring_desc; 1613 peer->rx_tid[tid].head_frag_desc = rx_desc; 1614 1615 return QDF_STATUS_SUCCESS; 1616 } 1617 1618 /* 1619 * dp_rx_defrag_store_fragment(): Store incoming fragments 1620 * @soc: Pointer to the SOC data structure 1621 * @ring_desc: Pointer to the ring descriptor 1622 * @mpdu_desc_info: MPDU descriptor info 1623 * @tid: Traffic Identifier 1624 * @rx_desc: Pointer to rx descriptor 1625 * @rx_bfs: Number of bfs consumed 1626 * 1627 * Returns: QDF_STATUS 1628 */ 1629 static QDF_STATUS 1630 dp_rx_defrag_store_fragment(struct dp_soc *soc, 1631 hal_ring_desc_t ring_desc, 1632 union dp_rx_desc_list_elem_t **head, 1633 union dp_rx_desc_list_elem_t **tail, 1634 struct hal_rx_mpdu_desc_info *mpdu_desc_info, 1635 unsigned int tid, struct dp_rx_desc *rx_desc, 1636 uint32_t *rx_bfs) 1637 { 1638 struct dp_rx_reorder_array_elem *rx_reorder_array_elem; 1639 struct dp_pdev *pdev; 1640 struct dp_peer *peer = NULL; 1641 uint16_t peer_id; 1642 uint8_t fragno, more_frag, all_frag_present = 0; 1643 uint16_t rxseq = mpdu_desc_info->mpdu_seq; 1644 QDF_STATUS status; 1645 struct dp_rx_tid *rx_tid; 1646 uint8_t mpdu_sequence_control_valid; 1647 uint8_t mpdu_frame_control_valid; 1648 qdf_nbuf_t frag = rx_desc->nbuf; 1649 uint32_t msdu_len; 1650 1651 if (qdf_nbuf_len(frag) > 0) { 1652 dp_info("Dropping unexpected packet with skb_len: %d," 1653 "data len: %d, cookie: %d", 1654 (uint32_t)qdf_nbuf_len(frag), frag->data_len, 1655 rx_desc->cookie); 1656 DP_STATS_INC(soc, rx.rx_frag_err_len_error, 1); 1657 goto discard_frag; 1658 } 1659 1660 if (dp_rx_buffer_pool_refill(soc, frag, rx_desc->pool_id)) { 1661 /* fragment queued back to the pool, free the link desc */ 1662 goto err_free_desc; 1663 } 1664 1665 msdu_len = hal_rx_msdu_start_msdu_len_get(rx_desc->rx_buf_start); 1666 1667 qdf_nbuf_set_pktlen(frag, (msdu_len + RX_PKT_TLVS_LEN)); 1668 qdf_nbuf_append_ext_list(frag, NULL, 0); 1669 1670 /* Check if the packet is from a valid peer */ 1671 peer_id = DP_PEER_METADATA_PEER_ID_GET( 1672 mpdu_desc_info->peer_meta_data); 1673 peer = dp_peer_get_ref_by_id(soc, peer_id, DP_MOD_ID_RX_ERR); 1674 1675 if (!peer) { 1676 /* We should not receive anything from unknown peer 1677 * however, that might happen while we are in the monitor mode. 1678 * We don't need to handle that here 1679 */ 1680 dp_info_rl("Unknown peer with peer_id %d, dropping fragment", 1681 peer_id); 1682 DP_STATS_INC(soc, rx.rx_frag_err_no_peer, 1); 1683 goto discard_frag; 1684 } 1685 1686 if (tid >= DP_MAX_TIDS) { 1687 dp_info("TID out of bounds: %d", tid); 1688 qdf_assert_always(0); 1689 goto discard_frag; 1690 } 1691 1692 pdev = peer->vdev->pdev; 1693 rx_tid = &peer->rx_tid[tid]; 1694 1695 mpdu_sequence_control_valid = 1696 hal_rx_get_mpdu_sequence_control_valid(soc->hal_soc, 1697 rx_desc->rx_buf_start); 1698 1699 /* Invalid MPDU sequence control field, MPDU is of no use */ 1700 if (!mpdu_sequence_control_valid) { 1701 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1702 "Invalid MPDU seq control field, dropping MPDU"); 1703 1704 qdf_assert(0); 1705 goto discard_frag; 1706 } 1707 1708 mpdu_frame_control_valid = 1709 hal_rx_get_mpdu_frame_control_valid(soc->hal_soc, 1710 rx_desc->rx_buf_start); 1711 1712 /* Invalid frame control field */ 1713 if (!mpdu_frame_control_valid) { 1714 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1715 "Invalid frame control field, dropping MPDU"); 1716 1717 qdf_assert(0); 1718 goto discard_frag; 1719 } 1720 1721 /* Current mpdu sequence */ 1722 more_frag = dp_rx_frag_get_more_frag_bit(rx_desc->rx_buf_start); 1723 1724 /* HW does not populate the fragment number as of now 1725 * need to get from the 802.11 header 1726 */ 1727 fragno = dp_rx_frag_get_mpdu_frag_number(rx_desc->rx_buf_start); 1728 1729 rx_reorder_array_elem = peer->rx_tid[tid].array; 1730 if (!rx_reorder_array_elem) { 1731 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1732 "Rcvd Fragmented pkt before peer_tid is setup"); 1733 goto discard_frag; 1734 } 1735 1736 /* 1737 * !more_frag: no more fragments to be delivered 1738 * !frag_no: packet is not fragmented 1739 * !rx_reorder_array_elem->head: no saved fragments so far 1740 */ 1741 if ((!more_frag) && (!fragno) && (!rx_reorder_array_elem->head)) { 1742 /* We should not get into this situation here. 1743 * It means an unfragmented packet with fragment flag 1744 * is delivered over the REO exception ring. 1745 * Typically it follows normal rx path. 1746 */ 1747 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1748 "Rcvd unfragmented pkt on REO Err srng, dropping"); 1749 1750 qdf_assert(0); 1751 goto discard_frag; 1752 } 1753 1754 /* Check if the fragment is for the same sequence or a different one */ 1755 dp_debug("rx_tid %d", tid); 1756 if (rx_reorder_array_elem->head) { 1757 dp_debug("rxseq %d\n", rxseq); 1758 if (rxseq != rx_tid->curr_seq_num) { 1759 1760 dp_debug("mismatch cur_seq %d rxseq %d\n", 1761 rx_tid->curr_seq_num, rxseq); 1762 /* Drop stored fragments if out of sequence 1763 * fragment is received 1764 */ 1765 dp_rx_reorder_flush_frag(peer, tid); 1766 1767 DP_STATS_INC(soc, rx.rx_frag_oor, 1); 1768 1769 dp_debug("cur rxseq %d\n", rxseq); 1770 /* 1771 * The sequence number for this fragment becomes the 1772 * new sequence number to be processed 1773 */ 1774 rx_tid->curr_seq_num = rxseq; 1775 } 1776 } else { 1777 dp_debug("cur rxseq %d\n", rxseq); 1778 /* Start of a new sequence */ 1779 dp_rx_defrag_cleanup(peer, tid); 1780 rx_tid->curr_seq_num = rxseq; 1781 /* store PN number also */ 1782 } 1783 1784 /* 1785 * If the earlier sequence was dropped, this will be the fresh start. 1786 * Else, continue with next fragment in a given sequence 1787 */ 1788 status = dp_rx_defrag_fraglist_insert(peer, tid, &rx_reorder_array_elem->head, 1789 &rx_reorder_array_elem->tail, frag, 1790 &all_frag_present); 1791 1792 /* 1793 * Currently, we can have only 6 MSDUs per-MPDU, if the current 1794 * packet sequence has more than 6 MSDUs for some reason, we will 1795 * have to use the next MSDU link descriptor and chain them together 1796 * before reinjection. 1797 * ring_desc is validated in dp_rx_err_process. 1798 */ 1799 if ((fragno == 0) && (status == QDF_STATUS_SUCCESS) && 1800 (rx_reorder_array_elem->head == frag)) { 1801 1802 status = dp_rx_defrag_save_info_from_ring_desc(ring_desc, 1803 rx_desc, peer, tid); 1804 1805 if (status != QDF_STATUS_SUCCESS) { 1806 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1807 "%s: Unable to store ring desc !", __func__); 1808 goto discard_frag; 1809 } 1810 } else { 1811 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1812 (*rx_bfs)++; 1813 1814 /* Return the non-head link desc */ 1815 if (dp_rx_link_desc_return(soc, ring_desc, 1816 HAL_BM_ACTION_PUT_IN_IDLE_LIST) != 1817 QDF_STATUS_SUCCESS) 1818 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1819 "%s: Failed to return link desc", __func__); 1820 1821 } 1822 1823 if (pdev->soc->rx.flags.defrag_timeout_check) 1824 dp_rx_defrag_waitlist_remove(peer, tid); 1825 1826 /* Yet to receive more fragments for this sequence number */ 1827 if (!all_frag_present) { 1828 uint32_t now_ms = 1829 qdf_system_ticks_to_msecs(qdf_system_ticks()); 1830 1831 peer->rx_tid[tid].defrag_timeout_ms = 1832 now_ms + pdev->soc->rx.defrag.timeout_ms; 1833 1834 dp_rx_defrag_waitlist_add(peer, tid); 1835 dp_peer_unref_delete(peer, DP_MOD_ID_RX_ERR); 1836 1837 return QDF_STATUS_SUCCESS; 1838 } 1839 1840 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_DEBUG, 1841 "All fragments received for sequence: %d", rxseq); 1842 1843 /* Process the fragments */ 1844 status = dp_rx_defrag(peer, tid, rx_reorder_array_elem->head, 1845 rx_reorder_array_elem->tail); 1846 if (QDF_IS_STATUS_ERROR(status)) { 1847 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1848 "Fragment processing failed"); 1849 1850 dp_rx_add_to_free_desc_list(head, tail, 1851 peer->rx_tid[tid].head_frag_desc); 1852 (*rx_bfs)++; 1853 1854 if (dp_rx_link_desc_return(soc, 1855 peer->rx_tid[tid].dst_ring_desc, 1856 HAL_BM_ACTION_PUT_IN_IDLE_LIST) != 1857 QDF_STATUS_SUCCESS) 1858 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1859 "%s: Failed to return link desc", 1860 __func__); 1861 dp_rx_defrag_cleanup(peer, tid); 1862 goto end; 1863 } 1864 1865 /* Re-inject the fragments back to REO for further processing */ 1866 status = dp_rx_defrag_reo_reinject(peer, tid, 1867 rx_reorder_array_elem->head); 1868 if (QDF_IS_STATUS_SUCCESS(status)) { 1869 rx_reorder_array_elem->head = NULL; 1870 rx_reorder_array_elem->tail = NULL; 1871 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_DEBUG, 1872 "Fragmented sequence successfully reinjected"); 1873 } else { 1874 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1875 "Fragmented sequence reinjection failed"); 1876 dp_rx_return_head_frag_desc(peer, tid); 1877 } 1878 1879 dp_rx_defrag_cleanup(peer, tid); 1880 1881 dp_peer_unref_delete(peer, DP_MOD_ID_RX_ERR); 1882 1883 return QDF_STATUS_SUCCESS; 1884 1885 discard_frag: 1886 qdf_nbuf_free(frag); 1887 err_free_desc: 1888 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1889 if (dp_rx_link_desc_return(soc, ring_desc, 1890 HAL_BM_ACTION_PUT_IN_IDLE_LIST) != 1891 QDF_STATUS_SUCCESS) 1892 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1893 "%s: Failed to return link desc", __func__); 1894 (*rx_bfs)++; 1895 1896 end: 1897 if (peer) 1898 dp_peer_unref_delete(peer, DP_MOD_ID_RX_ERR); 1899 1900 DP_STATS_INC(soc, rx.rx_frag_err, 1); 1901 return QDF_STATUS_E_DEFRAG_ERROR; 1902 } 1903 1904 /** 1905 * dp_rx_frag_handle() - Handles fragmented Rx frames 1906 * 1907 * @soc: core txrx main context 1908 * @ring_desc: opaque pointer to the REO error ring descriptor 1909 * @mpdu_desc_info: MPDU descriptor information from ring descriptor 1910 * @head: head of the local descriptor free-list 1911 * @tail: tail of the local descriptor free-list 1912 * @quota: No. of units (packets) that can be serviced in one shot. 1913 * 1914 * This function implements RX 802.11 fragmentation handling 1915 * The handling is mostly same as legacy fragmentation handling. 1916 * If required, this function can re-inject the frames back to 1917 * REO ring (with proper setting to by-pass fragmentation check 1918 * but use duplicate detection / re-ordering and routing these frames 1919 * to a different core. 1920 * 1921 * Return: uint32_t: No. of elements processed 1922 */ 1923 uint32_t dp_rx_frag_handle(struct dp_soc *soc, hal_ring_desc_t ring_desc, 1924 struct hal_rx_mpdu_desc_info *mpdu_desc_info, 1925 struct dp_rx_desc *rx_desc, 1926 uint8_t *mac_id, 1927 uint32_t quota) 1928 { 1929 uint32_t rx_bufs_used = 0; 1930 qdf_nbuf_t msdu = NULL; 1931 uint32_t tid; 1932 uint32_t rx_bfs = 0; 1933 struct dp_pdev *pdev; 1934 QDF_STATUS status = QDF_STATUS_SUCCESS; 1935 struct rx_desc_pool *rx_desc_pool; 1936 1937 qdf_assert(soc); 1938 qdf_assert(mpdu_desc_info); 1939 qdf_assert(rx_desc); 1940 1941 dp_debug("Number of MSDUs to process, num_msdus: %d", 1942 mpdu_desc_info->msdu_count); 1943 1944 1945 if (qdf_unlikely(mpdu_desc_info->msdu_count == 0)) { 1946 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1947 "Not sufficient MSDUs to process"); 1948 return rx_bufs_used; 1949 } 1950 1951 /* all buffers in MSDU link belong to same pdev */ 1952 pdev = dp_get_pdev_for_lmac_id(soc, rx_desc->pool_id); 1953 if (!pdev) { 1954 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG, 1955 "pdev is null for pool_id = %d", rx_desc->pool_id); 1956 return rx_bufs_used; 1957 } 1958 1959 *mac_id = rx_desc->pool_id; 1960 1961 msdu = rx_desc->nbuf; 1962 1963 rx_desc_pool = &soc->rx_desc_buf[rx_desc->pool_id]; 1964 1965 if (rx_desc->unmapped) 1966 return rx_bufs_used; 1967 1968 dp_ipa_handle_rx_buf_smmu_mapping(soc, rx_desc->nbuf, 1969 rx_desc_pool->buf_size, 1970 false); 1971 qdf_nbuf_unmap_nbytes_single(soc->osdev, rx_desc->nbuf, 1972 QDF_DMA_FROM_DEVICE, 1973 rx_desc_pool->buf_size); 1974 rx_desc->unmapped = 1; 1975 1976 rx_desc->rx_buf_start = qdf_nbuf_data(msdu); 1977 1978 tid = hal_rx_mpdu_start_tid_get(soc->hal_soc, rx_desc->rx_buf_start); 1979 1980 /* Process fragment-by-fragment */ 1981 status = dp_rx_defrag_store_fragment(soc, ring_desc, 1982 &pdev->free_list_head, 1983 &pdev->free_list_tail, 1984 mpdu_desc_info, 1985 tid, rx_desc, &rx_bfs); 1986 1987 if (rx_bfs) 1988 rx_bufs_used += rx_bfs; 1989 1990 if (!QDF_IS_STATUS_SUCCESS(status)) 1991 dp_info_rl("Rx Defrag err seq#:0x%x msdu_count:%d flags:%d", 1992 mpdu_desc_info->mpdu_seq, 1993 mpdu_desc_info->msdu_count, 1994 mpdu_desc_info->mpdu_flags); 1995 1996 return rx_bufs_used; 1997 } 1998 1999 QDF_STATUS dp_rx_defrag_add_last_frag(struct dp_soc *soc, 2000 struct dp_peer *peer, uint16_t tid, 2001 uint16_t rxseq, qdf_nbuf_t nbuf) 2002 { 2003 struct dp_rx_tid *rx_tid = &peer->rx_tid[tid]; 2004 struct dp_rx_reorder_array_elem *rx_reorder_array_elem; 2005 uint8_t all_frag_present; 2006 uint32_t msdu_len; 2007 QDF_STATUS status; 2008 2009 rx_reorder_array_elem = peer->rx_tid[tid].array; 2010 2011 /* 2012 * HW may fill in unexpected peer_id in RX PKT TLV, 2013 * if this peer_id related peer is valid by coincidence, 2014 * but actually this peer won't do dp_peer_rx_init(like SAP vdev 2015 * self peer), then invalid access to rx_reorder_array_elem happened. 2016 */ 2017 if (!rx_reorder_array_elem) { 2018 dp_verbose_debug( 2019 "peer id:%d mac: "QDF_MAC_ADDR_FMT" drop rx frame!", 2020 peer->peer_id, 2021 QDF_MAC_ADDR_REF(peer->mac_addr.raw)); 2022 DP_STATS_INC(soc, rx.err.defrag_peer_uninit, 1); 2023 qdf_nbuf_free(nbuf); 2024 goto fail; 2025 } 2026 2027 if (rx_reorder_array_elem->head && 2028 rxseq != rx_tid->curr_seq_num) { 2029 /* Drop stored fragments if out of sequence 2030 * fragment is received 2031 */ 2032 dp_rx_reorder_flush_frag(peer, tid); 2033 2034 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 2035 "%s: No list found for TID %d Seq# %d", 2036 __func__, tid, rxseq); 2037 qdf_nbuf_free(nbuf); 2038 goto fail; 2039 } 2040 2041 msdu_len = hal_rx_msdu_start_msdu_len_get(qdf_nbuf_data(nbuf)); 2042 2043 qdf_nbuf_set_pktlen(nbuf, (msdu_len + RX_PKT_TLVS_LEN)); 2044 2045 status = dp_rx_defrag_fraglist_insert(peer, tid, 2046 &rx_reorder_array_elem->head, 2047 &rx_reorder_array_elem->tail, nbuf, 2048 &all_frag_present); 2049 2050 if (QDF_IS_STATUS_ERROR(status)) { 2051 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 2052 "%s Fragment insert failed", __func__); 2053 2054 goto fail; 2055 } 2056 2057 if (soc->rx.flags.defrag_timeout_check) 2058 dp_rx_defrag_waitlist_remove(peer, tid); 2059 2060 if (!all_frag_present) { 2061 uint32_t now_ms = 2062 qdf_system_ticks_to_msecs(qdf_system_ticks()); 2063 2064 peer->rx_tid[tid].defrag_timeout_ms = 2065 now_ms + soc->rx.defrag.timeout_ms; 2066 2067 dp_rx_defrag_waitlist_add(peer, tid); 2068 2069 return QDF_STATUS_SUCCESS; 2070 } 2071 2072 status = dp_rx_defrag(peer, tid, rx_reorder_array_elem->head, 2073 rx_reorder_array_elem->tail); 2074 2075 if (QDF_IS_STATUS_ERROR(status)) { 2076 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 2077 "%s Fragment processing failed", __func__); 2078 2079 dp_rx_return_head_frag_desc(peer, tid); 2080 dp_rx_defrag_cleanup(peer, tid); 2081 2082 goto fail; 2083 } 2084 2085 /* Re-inject the fragments back to REO for further processing */ 2086 status = dp_rx_defrag_reo_reinject(peer, tid, 2087 rx_reorder_array_elem->head); 2088 if (QDF_IS_STATUS_SUCCESS(status)) { 2089 rx_reorder_array_elem->head = NULL; 2090 rx_reorder_array_elem->tail = NULL; 2091 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_INFO, 2092 "%s: Frag seq successfully reinjected", 2093 __func__); 2094 } else { 2095 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 2096 "%s: Frag seq reinjection failed", __func__); 2097 dp_rx_return_head_frag_desc(peer, tid); 2098 } 2099 2100 dp_rx_defrag_cleanup(peer, tid); 2101 return QDF_STATUS_SUCCESS; 2102 2103 fail: 2104 return QDF_STATUS_E_DEFRAG_ERROR; 2105 } 2106