1 /* 2 * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include "dp_types.h" 20 #include "dp_rx.h" 21 #include "dp_peer.h" 22 #include "hal_api.h" 23 #include "qdf_trace.h" 24 #include "qdf_nbuf.h" 25 #include "dp_rx_defrag.h" 26 #include <enet.h> /* LLC_SNAP_HDR_LEN */ 27 #include "dp_rx_defrag.h" 28 29 const struct dp_rx_defrag_cipher dp_f_ccmp = { 30 "AES-CCM", 31 IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + IEEE80211_WEP_EXTIVLEN, 32 IEEE80211_WEP_MICLEN, 33 0, 34 }; 35 36 const struct dp_rx_defrag_cipher dp_f_tkip = { 37 "TKIP", 38 IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + IEEE80211_WEP_EXTIVLEN, 39 IEEE80211_WEP_CRCLEN, 40 IEEE80211_WEP_MICLEN, 41 }; 42 43 const struct dp_rx_defrag_cipher dp_f_wep = { 44 "WEP", 45 IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN, 46 IEEE80211_WEP_CRCLEN, 47 0, 48 }; 49 50 /* 51 * dp_rx_defrag_frames_free(): Free fragment chain 52 * @frames: Fragment chain 53 * 54 * Iterates through the fragment chain and frees them 55 * Returns: None 56 */ 57 static void dp_rx_defrag_frames_free(qdf_nbuf_t frames) 58 { 59 qdf_nbuf_t next, frag = frames; 60 61 while (frag) { 62 next = qdf_nbuf_next(frag); 63 qdf_nbuf_free(frag); 64 frag = next; 65 } 66 } 67 68 /* 69 * dp_rx_clear_saved_desc_info(): Clears descriptor info 70 * @peer: Pointer to the peer data structure 71 * @tid: Transmit ID (TID) 72 * 73 * Saves MPDU descriptor info and MSDU link pointer from REO 74 * ring descriptor. The cache is created per peer, per TID 75 * 76 * Returns: None 77 */ 78 static void dp_rx_clear_saved_desc_info(struct dp_peer *peer, unsigned tid) 79 { 80 if (peer->rx_tid[tid].dst_ring_desc) 81 qdf_mem_free(peer->rx_tid[tid].dst_ring_desc); 82 83 peer->rx_tid[tid].dst_ring_desc = NULL; 84 } 85 86 static void dp_rx_return_head_frag_desc(struct dp_peer *peer, 87 unsigned int tid) 88 { 89 struct dp_soc *soc; 90 struct dp_pdev *pdev; 91 struct dp_srng *dp_rxdma_srng; 92 struct rx_desc_pool *rx_desc_pool; 93 union dp_rx_desc_list_elem_t *head = NULL; 94 union dp_rx_desc_list_elem_t *tail = NULL; 95 96 if (peer->rx_tid[tid].head_frag_desc) { 97 pdev = peer->vdev->pdev; 98 soc = pdev->soc; 99 dp_rxdma_srng = &pdev->rx_refill_buf_ring; 100 rx_desc_pool = &soc->rx_desc_buf[pdev->pdev_id]; 101 102 dp_rx_add_to_free_desc_list(&head, &tail, 103 peer->rx_tid[tid].head_frag_desc); 104 dp_rx_buffers_replenish(soc, 0, dp_rxdma_srng, rx_desc_pool, 105 1, &head, &tail); 106 } 107 } 108 109 /* 110 * dp_rx_reorder_flush_frag(): Flush the frag list 111 * @peer: Pointer to the peer data structure 112 * @tid: Transmit ID (TID) 113 * 114 * Flush the per-TID frag list 115 * 116 * Returns: None 117 */ 118 void dp_rx_reorder_flush_frag(struct dp_peer *peer, 119 unsigned int tid) 120 { 121 struct dp_soc *soc; 122 123 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 124 FL("Flushing TID %d"), tid); 125 126 if (!peer) { 127 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 128 "%s: NULL peer\n", __func__); 129 return; 130 } 131 132 soc = peer->vdev->pdev->soc; 133 134 if (peer->rx_tid[tid].dst_ring_desc) { 135 if (dp_rx_link_desc_return(soc, 136 peer->rx_tid[tid].dst_ring_desc, 137 HAL_BM_ACTION_PUT_IN_IDLE_LIST) != 138 QDF_STATUS_SUCCESS) 139 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 140 "%s: Failed to return link desc\n", 141 __func__); 142 } 143 144 dp_rx_return_head_frag_desc(peer, tid); 145 dp_rx_defrag_cleanup(peer, tid); 146 } 147 148 /* 149 * dp_rx_defrag_waitlist_flush(): Flush SOC defrag wait list 150 * @soc: DP SOC 151 * 152 * Flush fragments of all waitlisted TID's 153 * 154 * Returns: None 155 */ 156 void dp_rx_defrag_waitlist_flush(struct dp_soc *soc) 157 { 158 struct dp_rx_tid *rx_reorder; 159 struct dp_rx_tid *tmp; 160 uint32_t now_ms = qdf_system_ticks_to_msecs(qdf_system_ticks()); 161 TAILQ_HEAD(, dp_rx_tid) temp_list; 162 163 TAILQ_INIT(&temp_list); 164 165 qdf_spin_lock_bh(&soc->rx.defrag.defrag_lock); 166 TAILQ_FOREACH_SAFE(rx_reorder, &soc->rx.defrag.waitlist, 167 defrag_waitlist_elem, tmp) { 168 unsigned int tid; 169 170 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 171 FL("Current time %u"), now_ms); 172 173 if (rx_reorder->defrag_timeout_ms > now_ms) 174 break; 175 176 tid = rx_reorder->tid; 177 if (tid >= DP_MAX_TIDS) { 178 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 179 "%s: TID out of bounds: %d", __func__, tid); 180 qdf_assert(0); 181 continue; 182 } 183 184 TAILQ_REMOVE(&soc->rx.defrag.waitlist, rx_reorder, 185 defrag_waitlist_elem); 186 187 /* Move to temp list and clean-up later */ 188 TAILQ_INSERT_TAIL(&temp_list, rx_reorder, 189 defrag_waitlist_elem); 190 } 191 qdf_spin_unlock_bh(&soc->rx.defrag.defrag_lock); 192 193 TAILQ_FOREACH_SAFE(rx_reorder, &temp_list, 194 defrag_waitlist_elem, tmp) { 195 struct dp_peer *peer; 196 197 /* get address of current peer */ 198 peer = 199 container_of(rx_reorder, struct dp_peer, 200 rx_tid[rx_reorder->tid]); 201 dp_rx_reorder_flush_frag(peer, rx_reorder->tid); 202 } 203 } 204 205 /* 206 * dp_rx_defrag_waitlist_add(): Update per-PDEV defrag wait list 207 * @peer: Pointer to the peer data structure 208 * @tid: Transmit ID (TID) 209 * 210 * Appends per-tid fragments to global fragment wait list 211 * 212 * Returns: None 213 */ 214 static void dp_rx_defrag_waitlist_add(struct dp_peer *peer, unsigned tid) 215 { 216 struct dp_soc *psoc = peer->vdev->pdev->soc; 217 struct dp_rx_tid *rx_reorder = &peer->rx_tid[tid]; 218 219 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 220 FL("Adding TID %u to waitlist for peer %pK"), 221 tid, peer); 222 223 /* TODO: use LIST macros instead of TAIL macros */ 224 qdf_spin_lock_bh(&psoc->rx.defrag.defrag_lock); 225 TAILQ_INSERT_TAIL(&psoc->rx.defrag.waitlist, rx_reorder, 226 defrag_waitlist_elem); 227 qdf_spin_unlock_bh(&psoc->rx.defrag.defrag_lock); 228 } 229 230 /* 231 * dp_rx_defrag_waitlist_remove(): Remove fragments from waitlist 232 * @peer: Pointer to the peer data structure 233 * @tid: Transmit ID (TID) 234 * 235 * Remove fragments from waitlist 236 * 237 * Returns: None 238 */ 239 void dp_rx_defrag_waitlist_remove(struct dp_peer *peer, unsigned tid) 240 { 241 struct dp_pdev *pdev = peer->vdev->pdev; 242 struct dp_soc *soc = pdev->soc; 243 struct dp_rx_tid *rx_reorder; 244 245 if (tid > DP_MAX_TIDS) { 246 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 247 "TID out of bounds: %d", tid); 248 qdf_assert(0); 249 return; 250 } 251 252 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 253 FL("Remove TID %u from waitlist for peer %pK"), 254 tid, peer); 255 256 qdf_spin_lock_bh(&soc->rx.defrag.defrag_lock); 257 TAILQ_FOREACH(rx_reorder, &soc->rx.defrag.waitlist, 258 defrag_waitlist_elem) { 259 struct dp_peer *peer_on_waitlist; 260 261 /* get address of current peer */ 262 peer_on_waitlist = 263 container_of(rx_reorder, struct dp_peer, 264 rx_tid[rx_reorder->tid]); 265 266 /* Ensure it is TID for same peer */ 267 if (peer_on_waitlist == peer && rx_reorder->tid == tid) 268 TAILQ_REMOVE(&soc->rx.defrag.waitlist, 269 rx_reorder, defrag_waitlist_elem); 270 } 271 qdf_spin_unlock_bh(&soc->rx.defrag.defrag_lock); 272 } 273 274 /* 275 * dp_rx_defrag_fraglist_insert(): Create a per-sequence fragment list 276 * @peer: Pointer to the peer data structure 277 * @tid: Transmit ID (TID) 278 * @head_addr: Pointer to head list 279 * @tail_addr: Pointer to tail list 280 * @frag: Incoming fragment 281 * @all_frag_present: Flag to indicate whether all fragments are received 282 * 283 * Build a per-tid, per-sequence fragment list. 284 * 285 * Returns: Success, if inserted 286 */ 287 static QDF_STATUS dp_rx_defrag_fraglist_insert(struct dp_peer *peer, unsigned tid, 288 qdf_nbuf_t *head_addr, qdf_nbuf_t *tail_addr, qdf_nbuf_t frag, 289 uint8_t *all_frag_present) 290 { 291 qdf_nbuf_t next; 292 qdf_nbuf_t prev = NULL; 293 qdf_nbuf_t cur; 294 uint16_t head_fragno, cur_fragno, next_fragno; 295 uint8_t last_morefrag = 1, count = 0; 296 struct dp_rx_tid *rx_tid = &peer->rx_tid[tid]; 297 uint8_t *rx_desc_info; 298 299 300 qdf_assert(frag); 301 qdf_assert(head_addr); 302 qdf_assert(tail_addr); 303 304 *all_frag_present = 0; 305 rx_desc_info = qdf_nbuf_data(frag); 306 cur_fragno = dp_rx_frag_get_mpdu_frag_number(rx_desc_info); 307 308 /* If this is the first fragment */ 309 if (!(*head_addr)) { 310 *head_addr = *tail_addr = frag; 311 qdf_nbuf_set_next(*tail_addr, NULL); 312 rx_tid->curr_frag_num = cur_fragno; 313 314 goto insert_done; 315 } 316 317 /* In sequence fragment */ 318 if (cur_fragno > rx_tid->curr_frag_num) { 319 qdf_nbuf_set_next(*tail_addr, frag); 320 *tail_addr = frag; 321 qdf_nbuf_set_next(*tail_addr, NULL); 322 rx_tid->curr_frag_num = cur_fragno; 323 } else { 324 /* Out of sequence fragment */ 325 cur = *head_addr; 326 rx_desc_info = qdf_nbuf_data(cur); 327 head_fragno = dp_rx_frag_get_mpdu_frag_number(rx_desc_info); 328 329 if (cur_fragno == head_fragno) { 330 qdf_nbuf_free(frag); 331 goto insert_fail; 332 } else if (head_fragno > cur_fragno) { 333 qdf_nbuf_set_next(frag, cur); 334 cur = frag; 335 *head_addr = frag; /* head pointer to be updated */ 336 } else { 337 while ((cur_fragno > head_fragno) && cur != NULL) { 338 prev = cur; 339 cur = qdf_nbuf_next(cur); 340 rx_desc_info = qdf_nbuf_data(cur); 341 head_fragno = 342 dp_rx_frag_get_mpdu_frag_number( 343 rx_desc_info); 344 } 345 346 if (cur_fragno == head_fragno) { 347 qdf_nbuf_free(frag); 348 goto insert_fail; 349 } 350 351 qdf_nbuf_set_next(prev, frag); 352 qdf_nbuf_set_next(frag, cur); 353 } 354 } 355 356 next = qdf_nbuf_next(*head_addr); 357 358 rx_desc_info = qdf_nbuf_data(*tail_addr); 359 last_morefrag = dp_rx_frag_get_more_frag_bit(rx_desc_info); 360 361 /* TODO: optimize the loop */ 362 if (!last_morefrag) { 363 /* Check if all fragments are present */ 364 do { 365 rx_desc_info = qdf_nbuf_data(next); 366 next_fragno = 367 dp_rx_frag_get_mpdu_frag_number(rx_desc_info); 368 count++; 369 370 if (next_fragno != count) 371 break; 372 373 next = qdf_nbuf_next(next); 374 } while (next); 375 376 if (!next) { 377 *all_frag_present = 1; 378 return QDF_STATUS_SUCCESS; 379 } 380 } 381 382 insert_done: 383 return QDF_STATUS_SUCCESS; 384 385 insert_fail: 386 return QDF_STATUS_E_FAILURE; 387 } 388 389 390 /* 391 * dp_rx_defrag_tkip_decap(): decap tkip encrypted fragment 392 * @msdu: Pointer to the fragment 393 * @hdrlen: 802.11 header length (mostly useful in 4 addr frames) 394 * 395 * decap tkip encrypted fragment 396 * 397 * Returns: QDF_STATUS 398 */ 399 static QDF_STATUS dp_rx_defrag_tkip_decap(qdf_nbuf_t msdu, uint16_t hdrlen) 400 { 401 uint8_t *ivp, *orig_hdr; 402 int rx_desc_len = sizeof(struct rx_pkt_tlvs); 403 404 /* start of 802.11 header info */ 405 orig_hdr = (uint8_t *)(qdf_nbuf_data(msdu) + rx_desc_len); 406 407 /* TKIP header is located post 802.11 header */ 408 ivp = orig_hdr + hdrlen; 409 if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) { 410 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 411 "IEEE80211_WEP_EXTIV is missing in TKIP fragment"); 412 return QDF_STATUS_E_DEFRAG_ERROR; 413 } 414 415 qdf_nbuf_trim_tail(msdu, dp_f_tkip.ic_trailer); 416 417 return QDF_STATUS_SUCCESS; 418 } 419 420 /* 421 * dp_rx_defrag_ccmp_demic(): Remove MIC information from CCMP fragment 422 * @nbuf: Pointer to the fragment buffer 423 * @hdrlen: 802.11 header length (mostly useful in 4 addr frames) 424 * 425 * Remove MIC information from CCMP fragment 426 * 427 * Returns: QDF_STATUS 428 */ 429 static QDF_STATUS dp_rx_defrag_ccmp_demic(qdf_nbuf_t nbuf, uint16_t hdrlen) 430 { 431 uint8_t *ivp, *orig_hdr; 432 int rx_desc_len = sizeof(struct rx_pkt_tlvs); 433 434 /* start of the 802.11 header */ 435 orig_hdr = (uint8_t *)(qdf_nbuf_data(nbuf) + rx_desc_len); 436 437 /* CCMP header is located after 802.11 header */ 438 ivp = orig_hdr + hdrlen; 439 if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) 440 return QDF_STATUS_E_DEFRAG_ERROR; 441 442 qdf_nbuf_trim_tail(nbuf, dp_f_ccmp.ic_trailer); 443 444 return QDF_STATUS_SUCCESS; 445 } 446 447 /* 448 * dp_rx_defrag_ccmp_decap(): decap CCMP encrypted fragment 449 * @nbuf: Pointer to the fragment 450 * @hdrlen: length of the header information 451 * 452 * decap CCMP encrypted fragment 453 * 454 * Returns: QDF_STATUS 455 */ 456 static QDF_STATUS dp_rx_defrag_ccmp_decap(qdf_nbuf_t nbuf, uint16_t hdrlen) 457 { 458 uint8_t *ivp, *origHdr; 459 int rx_desc_len = sizeof(struct rx_pkt_tlvs); 460 461 origHdr = (uint8_t *) (qdf_nbuf_data(nbuf) + rx_desc_len); 462 ivp = origHdr + hdrlen; 463 464 if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) 465 return QDF_STATUS_E_DEFRAG_ERROR; 466 467 /* Let's pull the header later */ 468 469 return QDF_STATUS_SUCCESS; 470 } 471 472 /* 473 * dp_rx_defrag_wep_decap(): decap WEP encrypted fragment 474 * @msdu: Pointer to the fragment 475 * @hdrlen: length of the header information 476 * 477 * decap WEP encrypted fragment 478 * 479 * Returns: QDF_STATUS 480 */ 481 static QDF_STATUS dp_rx_defrag_wep_decap(qdf_nbuf_t msdu, uint16_t hdrlen) 482 { 483 uint8_t *origHdr; 484 int rx_desc_len = sizeof(struct rx_pkt_tlvs); 485 486 origHdr = (uint8_t *) (qdf_nbuf_data(msdu) + rx_desc_len); 487 qdf_mem_move(origHdr + dp_f_wep.ic_header, origHdr, hdrlen); 488 489 qdf_nbuf_trim_tail(msdu, dp_f_wep.ic_trailer); 490 491 return QDF_STATUS_SUCCESS; 492 } 493 494 /* 495 * dp_rx_defrag_hdrsize(): Calculate the header size of the received fragment 496 * @nbuf: Pointer to the fragment 497 * 498 * Calculate the header size of the received fragment 499 * 500 * Returns: header size (uint16_t) 501 */ 502 static uint16_t dp_rx_defrag_hdrsize(qdf_nbuf_t nbuf) 503 { 504 uint8_t *rx_tlv_hdr = qdf_nbuf_data(nbuf); 505 uint16_t size = sizeof(struct ieee80211_frame); 506 uint16_t fc = 0; 507 uint32_t to_ds, fr_ds; 508 uint8_t frm_ctrl_valid; 509 uint16_t frm_ctrl_field; 510 511 to_ds = hal_rx_mpdu_get_to_ds(rx_tlv_hdr); 512 fr_ds = hal_rx_mpdu_get_fr_ds(rx_tlv_hdr); 513 frm_ctrl_valid = hal_rx_get_mpdu_frame_control_valid(rx_tlv_hdr); 514 frm_ctrl_field = hal_rx_get_frame_ctrl_field(rx_tlv_hdr); 515 516 if (to_ds && fr_ds) 517 size += IEEE80211_ADDR_LEN; 518 519 if (frm_ctrl_valid) { 520 fc = frm_ctrl_field; 521 522 /* use 1-st byte for validation */ 523 if (DP_RX_DEFRAG_IEEE80211_QOS_HAS_SEQ(fc & 0xff)) { 524 size += sizeof(uint16_t); 525 /* use 2-nd byte for validation */ 526 if (((fc & 0xff00) >> 8) & IEEE80211_FC1_ORDER) 527 size += sizeof(struct ieee80211_htc); 528 } 529 } 530 531 return size; 532 } 533 534 /* 535 * dp_rx_defrag_michdr(): Calculate a pseudo MIC header 536 * @wh0: Pointer to the wireless header of the fragment 537 * @hdr: Array to hold the pseudo header 538 * 539 * Calculate a pseudo MIC header 540 * 541 * Returns: None 542 */ 543 static void dp_rx_defrag_michdr(const struct ieee80211_frame *wh0, 544 uint8_t hdr[]) 545 { 546 const struct ieee80211_frame_addr4 *wh = 547 (const struct ieee80211_frame_addr4 *)wh0; 548 549 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 550 case IEEE80211_FC1_DIR_NODS: 551 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr1); /* DA */ 552 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + IEEE80211_ADDR_LEN, 553 wh->i_addr2); 554 break; 555 case IEEE80211_FC1_DIR_TODS: 556 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr3); /* DA */ 557 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + IEEE80211_ADDR_LEN, 558 wh->i_addr2); 559 break; 560 case IEEE80211_FC1_DIR_FROMDS: 561 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr1); /* DA */ 562 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + IEEE80211_ADDR_LEN, 563 wh->i_addr3); 564 break; 565 case IEEE80211_FC1_DIR_DSTODS: 566 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr3); /* DA */ 567 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + IEEE80211_ADDR_LEN, 568 wh->i_addr4); 569 break; 570 } 571 572 /* 573 * Bit 7 is IEEE80211_FC0_SUBTYPE_QOS for data frame, but 574 * it could also be set for deauth, disassoc, action, etc. for 575 * a mgt type frame. It comes into picture for MFP. 576 */ 577 if (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_QOS) { 578 const struct ieee80211_qosframe *qwh = 579 (const struct ieee80211_qosframe *)wh; 580 hdr[12] = qwh->i_qos[0] & IEEE80211_QOS_TID; 581 } else { 582 hdr[12] = 0; 583 } 584 585 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */ 586 } 587 588 /* 589 * dp_rx_defrag_mic(): Calculate MIC header 590 * @key: Pointer to the key 591 * @wbuf: fragment buffer 592 * @off: Offset 593 * @data_len: Data length 594 * @mic: Array to hold MIC 595 * 596 * Calculate a pseudo MIC header 597 * 598 * Returns: QDF_STATUS 599 */ 600 static QDF_STATUS dp_rx_defrag_mic(const uint8_t *key, qdf_nbuf_t wbuf, 601 uint16_t off, uint16_t data_len, uint8_t mic[]) 602 { 603 uint8_t hdr[16] = { 0, }; 604 uint32_t l, r; 605 const uint8_t *data; 606 uint32_t space; 607 int rx_desc_len = sizeof(struct rx_pkt_tlvs); 608 609 dp_rx_defrag_michdr((struct ieee80211_frame *)(qdf_nbuf_data(wbuf) 610 + rx_desc_len), hdr); 611 612 l = dp_rx_get_le32(key); 613 r = dp_rx_get_le32(key + 4); 614 615 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */ 616 l ^= dp_rx_get_le32(hdr); 617 dp_rx_michael_block(l, r); 618 l ^= dp_rx_get_le32(&hdr[4]); 619 dp_rx_michael_block(l, r); 620 l ^= dp_rx_get_le32(&hdr[8]); 621 dp_rx_michael_block(l, r); 622 l ^= dp_rx_get_le32(&hdr[12]); 623 dp_rx_michael_block(l, r); 624 625 /* first buffer has special handling */ 626 data = (uint8_t *)qdf_nbuf_data(wbuf) + off; 627 space = qdf_nbuf_len(wbuf) - off; 628 629 for (;; ) { 630 if (space > data_len) 631 space = data_len; 632 633 /* collect 32-bit blocks from current buffer */ 634 while (space >= sizeof(uint32_t)) { 635 l ^= dp_rx_get_le32(data); 636 dp_rx_michael_block(l, r); 637 data += sizeof(uint32_t); 638 space -= sizeof(uint32_t); 639 data_len -= sizeof(uint32_t); 640 } 641 if (data_len < sizeof(uint32_t)) 642 break; 643 644 wbuf = qdf_nbuf_next(wbuf); 645 if (wbuf == NULL) 646 return QDF_STATUS_E_DEFRAG_ERROR; 647 648 if (space != 0) { 649 const uint8_t *data_next; 650 /* 651 * Block straddles buffers, split references. 652 */ 653 data_next = 654 (uint8_t *)qdf_nbuf_data(wbuf) + off; 655 if ((qdf_nbuf_len(wbuf)) < 656 sizeof(uint32_t) - space) { 657 return QDF_STATUS_E_DEFRAG_ERROR; 658 } 659 switch (space) { 660 case 1: 661 l ^= dp_rx_get_le32_split(data[0], 662 data_next[0], data_next[1], 663 data_next[2]); 664 data = data_next + 3; 665 space = (qdf_nbuf_len(wbuf) - off) - 3; 666 break; 667 case 2: 668 l ^= dp_rx_get_le32_split(data[0], data[1], 669 data_next[0], data_next[1]); 670 data = data_next + 2; 671 space = (qdf_nbuf_len(wbuf) - off) - 2; 672 break; 673 case 3: 674 l ^= dp_rx_get_le32_split(data[0], data[1], 675 data[2], data_next[0]); 676 data = data_next + 1; 677 space = (qdf_nbuf_len(wbuf) - off) - 1; 678 break; 679 } 680 dp_rx_michael_block(l, r); 681 data_len -= sizeof(uint32_t); 682 } else { 683 /* 684 * Setup for next buffer. 685 */ 686 data = (uint8_t *)qdf_nbuf_data(wbuf) + off; 687 space = qdf_nbuf_len(wbuf) - off; 688 } 689 } 690 /* Last block and padding (0x5a, 4..7 x 0) */ 691 switch (data_len) { 692 case 0: 693 l ^= dp_rx_get_le32_split(0x5a, 0, 0, 0); 694 break; 695 case 1: 696 l ^= dp_rx_get_le32_split(data[0], 0x5a, 0, 0); 697 break; 698 case 2: 699 l ^= dp_rx_get_le32_split(data[0], data[1], 0x5a, 0); 700 break; 701 case 3: 702 l ^= dp_rx_get_le32_split(data[0], data[1], data[2], 0x5a); 703 break; 704 } 705 dp_rx_michael_block(l, r); 706 dp_rx_michael_block(l, r); 707 dp_rx_put_le32(mic, l); 708 dp_rx_put_le32(mic + 4, r); 709 710 return QDF_STATUS_SUCCESS; 711 } 712 713 /* 714 * dp_rx_defrag_tkip_demic(): Remove MIC header from the TKIP frame 715 * @key: Pointer to the key 716 * @msdu: fragment buffer 717 * @hdrlen: Length of the header information 718 * 719 * Remove MIC information from the TKIP frame 720 * 721 * Returns: QDF_STATUS 722 */ 723 static QDF_STATUS dp_rx_defrag_tkip_demic(const uint8_t *key, 724 qdf_nbuf_t msdu, uint16_t hdrlen) 725 { 726 QDF_STATUS status; 727 uint32_t pktlen = 0; 728 uint8_t mic[IEEE80211_WEP_MICLEN]; 729 uint8_t mic0[IEEE80211_WEP_MICLEN]; 730 qdf_nbuf_t prev = NULL, next; 731 732 next = msdu; 733 while (next) { 734 pktlen += (qdf_nbuf_len(next) - hdrlen); 735 prev = next; 736 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_INFO, 737 "%s pktlen %ld\n", __func__, 738 qdf_nbuf_len(next) - hdrlen); 739 next = qdf_nbuf_next(next); 740 } 741 742 qdf_nbuf_copy_bits(prev, qdf_nbuf_len(prev) - dp_f_tkip.ic_miclen, 743 dp_f_tkip.ic_miclen, (caddr_t)mic0); 744 qdf_nbuf_trim_tail(prev, dp_f_tkip.ic_miclen); 745 pktlen -= dp_f_tkip.ic_miclen; 746 747 status = dp_rx_defrag_mic(key, msdu, hdrlen, 748 pktlen, mic); 749 750 if (QDF_IS_STATUS_ERROR(status)) 751 return status; 752 753 if (qdf_mem_cmp(mic, mic0, dp_f_tkip.ic_miclen)) 754 return QDF_STATUS_E_DEFRAG_ERROR; 755 756 return QDF_STATUS_SUCCESS; 757 } 758 759 /* 760 * dp_rx_frag_pull_hdr(): Pulls the RXTLV & the 802.11 headers 761 * @nbuf: buffer pointer 762 * @hdrsize: size of the header to be pulled 763 * 764 * Pull the RXTLV & the 802.11 headers 765 * 766 * Returns: None 767 */ 768 static void dp_rx_frag_pull_hdr(qdf_nbuf_t nbuf, uint16_t hdrsize) 769 { 770 qdf_nbuf_pull_head(nbuf, 771 RX_PKT_TLVS_LEN + hdrsize); 772 773 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_INFO, 774 "%s: final pktlen %d .11len %d\n", 775 __func__, 776 (uint32_t)qdf_nbuf_len(nbuf), hdrsize); 777 } 778 779 /* 780 * dp_rx_construct_fraglist(): Construct a nbuf fraglist 781 * @peer: Pointer to the peer 782 * @head: Pointer to list of fragments 783 * @hdrsize: Size of the header to be pulled 784 * 785 * Construct a nbuf fraglist 786 * 787 * Returns: None 788 */ 789 static void 790 dp_rx_construct_fraglist(struct dp_peer *peer, 791 qdf_nbuf_t head, uint16_t hdrsize) 792 { 793 qdf_nbuf_t msdu = qdf_nbuf_next(head); 794 qdf_nbuf_t rx_nbuf = msdu; 795 uint32_t len = 0; 796 797 while (msdu) { 798 dp_rx_frag_pull_hdr(msdu, hdrsize); 799 len += qdf_nbuf_len(msdu); 800 msdu = qdf_nbuf_next(msdu); 801 } 802 803 qdf_nbuf_append_ext_list(head, rx_nbuf, len); 804 qdf_nbuf_set_next(head, NULL); 805 806 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_INFO, 807 "%s: head len %d ext len %d data len %d \n", 808 __func__, 809 (uint32_t)qdf_nbuf_len(head), 810 (uint32_t)qdf_nbuf_len(rx_nbuf), 811 (uint32_t)(head->data_len)); 812 } 813 814 /** 815 * dp_rx_defrag_err() - rx err handler 816 * @pdev: handle to pdev object 817 * @vdev_id: vdev id 818 * @peer_mac_addr: peer mac address 819 * @tid: TID 820 * @tsf32: TSF 821 * @err_type: error type 822 * @rx_frame: rx frame 823 * @pn: PN Number 824 * @key_id: key id 825 * 826 * This function handles rx error and send MIC error notification 827 * 828 * Return: None 829 */ 830 static void dp_rx_defrag_err(struct dp_vdev *vdev, qdf_nbuf_t nbuf) 831 { 832 struct ol_if_ops *tops = NULL; 833 struct dp_pdev *pdev = vdev->pdev; 834 int rx_desc_len = sizeof(struct rx_pkt_tlvs); 835 uint8_t *orig_hdr; 836 struct ieee80211_frame *wh; 837 838 orig_hdr = (uint8_t *)(qdf_nbuf_data(nbuf) + rx_desc_len); 839 wh = (struct ieee80211_frame *)orig_hdr; 840 841 tops = pdev->soc->cdp_soc.ol_ops; 842 if (tops->rx_mic_error) 843 tops->rx_mic_error(pdev->ctrl_pdev, vdev->vdev_id, wh); 844 } 845 846 847 /* 848 * dp_rx_defrag_nwifi_to_8023(): Transcap 802.11 to 802.3 849 * @nbuf: Pointer to the fragment buffer 850 * @hdrsize: Size of headers 851 * 852 * Transcap the fragment from 802.11 to 802.3 853 * 854 * Returns: None 855 */ 856 static void 857 dp_rx_defrag_nwifi_to_8023(qdf_nbuf_t nbuf, uint16_t hdrsize) 858 { 859 struct llc_snap_hdr_t *llchdr; 860 struct ethernet_hdr_t *eth_hdr; 861 uint8_t ether_type[2]; 862 uint16_t fc = 0; 863 union dp_align_mac_addr mac_addr; 864 uint8_t *rx_desc_info = qdf_mem_malloc(RX_PKT_TLVS_LEN); 865 866 if (rx_desc_info == NULL) { 867 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 868 "%s: Memory alloc failed ! \n", __func__); 869 QDF_ASSERT(0); 870 return; 871 } 872 873 qdf_mem_copy(rx_desc_info, qdf_nbuf_data(nbuf), RX_PKT_TLVS_LEN); 874 875 llchdr = (struct llc_snap_hdr_t *)(qdf_nbuf_data(nbuf) + 876 RX_PKT_TLVS_LEN + hdrsize); 877 qdf_mem_copy(ether_type, llchdr->ethertype, 2); 878 879 qdf_nbuf_pull_head(nbuf, (RX_PKT_TLVS_LEN + hdrsize + 880 sizeof(struct llc_snap_hdr_t) - 881 sizeof(struct ethernet_hdr_t))); 882 883 eth_hdr = (struct ethernet_hdr_t *)(qdf_nbuf_data(nbuf)); 884 885 if (hal_rx_get_mpdu_frame_control_valid(rx_desc_info)) 886 fc = hal_rx_get_frame_ctrl_field(rx_desc_info); 887 888 switch (((fc & 0xff00) >> 8) & IEEE80211_FC1_DIR_MASK) { 889 890 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_INFO, 891 "%s: frame control type: 0x%x", __func__, fc); 892 893 case IEEE80211_FC1_DIR_NODS: 894 hal_rx_mpdu_get_addr1(rx_desc_info, 895 &mac_addr.raw[0]); 896 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 897 IEEE80211_ADDR_LEN); 898 hal_rx_mpdu_get_addr2(rx_desc_info, 899 &mac_addr.raw[0]); 900 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 901 IEEE80211_ADDR_LEN); 902 break; 903 case IEEE80211_FC1_DIR_TODS: 904 hal_rx_mpdu_get_addr3(rx_desc_info, 905 &mac_addr.raw[0]); 906 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 907 IEEE80211_ADDR_LEN); 908 hal_rx_mpdu_get_addr2(rx_desc_info, 909 &mac_addr.raw[0]); 910 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 911 IEEE80211_ADDR_LEN); 912 break; 913 case IEEE80211_FC1_DIR_FROMDS: 914 hal_rx_mpdu_get_addr1(rx_desc_info, 915 &mac_addr.raw[0]); 916 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 917 IEEE80211_ADDR_LEN); 918 hal_rx_mpdu_get_addr3(rx_desc_info, 919 &mac_addr.raw[0]); 920 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 921 IEEE80211_ADDR_LEN); 922 break; 923 924 case IEEE80211_FC1_DIR_DSTODS: 925 hal_rx_mpdu_get_addr3(rx_desc_info, 926 &mac_addr.raw[0]); 927 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 928 IEEE80211_ADDR_LEN); 929 hal_rx_mpdu_get_addr4(rx_desc_info, 930 &mac_addr.raw[0]); 931 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 932 IEEE80211_ADDR_LEN); 933 break; 934 935 default: 936 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 937 "%s: Unknown frame control type: 0x%x", __func__, fc); 938 } 939 940 qdf_mem_copy(eth_hdr->ethertype, ether_type, 941 sizeof(ether_type)); 942 943 qdf_nbuf_push_head(nbuf, RX_PKT_TLVS_LEN); 944 qdf_mem_copy(qdf_nbuf_data(nbuf), rx_desc_info, RX_PKT_TLVS_LEN); 945 qdf_mem_free(rx_desc_info); 946 } 947 948 /* 949 * dp_rx_defrag_reo_reinject(): Reinject the fragment chain back into REO 950 * @peer: Pointer to the peer 951 * @tid: Transmit Identifier 952 * @head: Buffer to be reinjected back 953 * 954 * Reinject the fragment chain back into REO 955 * 956 * Returns: QDF_STATUS 957 */ 958 static QDF_STATUS dp_rx_defrag_reo_reinject(struct dp_peer *peer, 959 unsigned tid, qdf_nbuf_t head) 960 { 961 struct dp_pdev *pdev = peer->vdev->pdev; 962 struct dp_soc *soc = pdev->soc; 963 struct hal_buf_info buf_info; 964 void *link_desc_va; 965 void *msdu0, *msdu_desc_info; 966 void *ent_ring_desc, *ent_mpdu_desc_info, *ent_qdesc_addr; 967 void *dst_mpdu_desc_info, *dst_qdesc_addr; 968 qdf_dma_addr_t paddr; 969 uint32_t nbuf_len, seq_no, dst_ind; 970 uint32_t *mpdu_wrd; 971 uint32_t ret, cookie; 972 973 void *dst_ring_desc = 974 peer->rx_tid[tid].dst_ring_desc; 975 void *hal_srng = soc->reo_reinject_ring.hal_srng; 976 977 hal_rx_reo_buf_paddr_get(dst_ring_desc, &buf_info); 978 979 link_desc_va = dp_rx_cookie_2_link_desc_va(soc, &buf_info); 980 981 qdf_assert(link_desc_va); 982 983 msdu0 = (uint8_t *)link_desc_va + 984 RX_MSDU_LINK_8_RX_MSDU_DETAILS_MSDU_0_OFFSET; 985 986 nbuf_len = qdf_nbuf_len(head) - RX_PKT_TLVS_LEN; 987 988 HAL_RX_UNIFORM_HDR_SET(link_desc_va, OWNER, UNI_DESC_OWNER_SW); 989 HAL_RX_UNIFORM_HDR_SET(link_desc_va, BUFFER_TYPE, 990 UNI_DESC_BUF_TYPE_RX_MSDU_LINK); 991 992 /* msdu reconfig */ 993 msdu_desc_info = (uint8_t *)msdu0 + 994 RX_MSDU_DETAILS_2_RX_MSDU_DESC_INFO_RX_MSDU_DESC_INFO_DETAILS_OFFSET; 995 996 dst_ind = hal_rx_msdu_reo_dst_ind_get(link_desc_va); 997 998 qdf_mem_zero(msdu_desc_info, sizeof(struct rx_msdu_desc_info)); 999 1000 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1001 FIRST_MSDU_IN_MPDU_FLAG, 1); 1002 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1003 LAST_MSDU_IN_MPDU_FLAG, 1); 1004 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1005 MSDU_CONTINUATION, 0x0); 1006 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1007 REO_DESTINATION_INDICATION, dst_ind); 1008 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1009 MSDU_LENGTH, nbuf_len); 1010 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1011 SA_IS_VALID, 1); 1012 HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info, 1013 DA_IS_VALID, 1); 1014 1015 /* change RX TLV's */ 1016 hal_rx_msdu_start_msdu_len_set( 1017 qdf_nbuf_data(head), nbuf_len); 1018 1019 cookie = HAL_RX_BUF_COOKIE_GET(msdu0); 1020 1021 /* map the nbuf before reinject it into HW */ 1022 ret = qdf_nbuf_map_single(soc->osdev, head, 1023 QDF_DMA_BIDIRECTIONAL); 1024 1025 if (qdf_unlikely(ret == QDF_STATUS_E_FAILURE)) { 1026 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1027 "%s: nbuf map failed !\n", __func__); 1028 qdf_nbuf_free(head); 1029 return QDF_STATUS_E_FAILURE; 1030 } 1031 1032 paddr = qdf_nbuf_get_frag_paddr(head, 0); 1033 1034 ret = check_x86_paddr(soc, &head, &paddr, pdev); 1035 1036 if (ret == QDF_STATUS_E_FAILURE) { 1037 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1038 "%s: x86 check failed !\n", __func__); 1039 return QDF_STATUS_E_FAILURE; 1040 } 1041 1042 hal_rxdma_buff_addr_info_set(msdu0, paddr, cookie, DP_WBM2SW_RBM); 1043 1044 /* Lets fill entrance ring now !!! */ 1045 if (qdf_unlikely(hal_srng_access_start(soc->hal_soc, hal_srng))) { 1046 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1047 "HAL RING Access For REO entrance SRNG Failed: %pK", 1048 hal_srng); 1049 1050 return QDF_STATUS_E_FAILURE; 1051 } 1052 1053 ent_ring_desc = hal_srng_src_get_next(soc->hal_soc, hal_srng); 1054 1055 qdf_assert(ent_ring_desc); 1056 1057 paddr = (uint64_t)buf_info.paddr; 1058 /* buf addr */ 1059 hal_rxdma_buff_addr_info_set(ent_ring_desc, paddr, 1060 buf_info.sw_cookie, 1061 HAL_RX_BUF_RBM_WBM_IDLE_DESC_LIST); 1062 /* mpdu desc info */ 1063 ent_mpdu_desc_info = (uint8_t *)ent_ring_desc + 1064 RX_MPDU_DETAILS_2_RX_MPDU_DESC_INFO_RX_MPDU_DESC_INFO_DETAILS_OFFSET; 1065 1066 dst_mpdu_desc_info = (uint8_t *)dst_ring_desc + 1067 REO_DESTINATION_RING_2_RX_MPDU_DESC_INFO_RX_MPDU_DESC_INFO_DETAILS_OFFSET; 1068 1069 qdf_mem_copy(ent_mpdu_desc_info, dst_mpdu_desc_info, 1070 sizeof(struct rx_mpdu_desc_info)); 1071 qdf_mem_zero(ent_mpdu_desc_info, sizeof(uint32_t)); 1072 1073 mpdu_wrd = (uint32_t *)dst_mpdu_desc_info; 1074 seq_no = HAL_RX_MPDU_SEQUENCE_NUMBER_GET(mpdu_wrd); 1075 1076 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1077 MSDU_COUNT, 0x1); 1078 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1079 MPDU_SEQUENCE_NUMBER, seq_no); 1080 1081 /* unset frag bit */ 1082 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1083 FRAGMENT_FLAG, 0x0); 1084 1085 /* set sa/da valid bits */ 1086 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1087 SA_IS_VALID, 0x1); 1088 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1089 DA_IS_VALID, 0x1); 1090 HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info, 1091 RAW_MPDU, 0x0); 1092 1093 /* qdesc addr */ 1094 ent_qdesc_addr = (uint8_t *)ent_ring_desc + 1095 REO_ENTRANCE_RING_4_RX_REO_QUEUE_DESC_ADDR_31_0_OFFSET; 1096 1097 dst_qdesc_addr = (uint8_t *)dst_ring_desc + 1098 REO_DESTINATION_RING_6_RX_REO_QUEUE_DESC_ADDR_31_0_OFFSET; 1099 1100 qdf_mem_copy(ent_qdesc_addr, dst_qdesc_addr, 8); 1101 1102 HAL_RX_FLD_SET(ent_ring_desc, REO_ENTRANCE_RING_5, 1103 REO_DESTINATION_INDICATION, dst_ind); 1104 1105 hal_srng_access_end(soc->hal_soc, hal_srng); 1106 1107 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_INFO, 1108 "%s: reinjection done !\n", __func__); 1109 return QDF_STATUS_SUCCESS; 1110 } 1111 1112 /* 1113 * dp_rx_defrag(): Defragment the fragment chain 1114 * @peer: Pointer to the peer 1115 * @tid: Transmit Identifier 1116 * @frag_list_head: Pointer to head list 1117 * @frag_list_tail: Pointer to tail list 1118 * 1119 * Defragment the fragment chain 1120 * 1121 * Returns: QDF_STATUS 1122 */ 1123 static QDF_STATUS dp_rx_defrag(struct dp_peer *peer, unsigned tid, 1124 qdf_nbuf_t frag_list_head, qdf_nbuf_t frag_list_tail) 1125 { 1126 qdf_nbuf_t tmp_next, prev; 1127 qdf_nbuf_t cur = frag_list_head, msdu; 1128 uint32_t index, tkip_demic = 0; 1129 uint16_t hdr_space; 1130 uint8_t key[DEFRAG_IEEE80211_KEY_LEN]; 1131 struct dp_vdev *vdev = peer->vdev; 1132 struct dp_soc *soc = vdev->pdev->soc; 1133 uint8_t status = 0; 1134 1135 hdr_space = dp_rx_defrag_hdrsize(cur); 1136 index = hal_rx_msdu_is_wlan_mcast(cur) ? 1137 dp_sec_mcast : dp_sec_ucast; 1138 1139 /* Remove FCS from all fragments */ 1140 while (cur) { 1141 tmp_next = qdf_nbuf_next(cur); 1142 qdf_nbuf_set_next(cur, NULL); 1143 qdf_nbuf_trim_tail(cur, DEFRAG_IEEE80211_FCS_LEN); 1144 prev = cur; 1145 qdf_nbuf_set_next(cur, tmp_next); 1146 cur = tmp_next; 1147 } 1148 cur = frag_list_head; 1149 1150 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_INFO, 1151 "%s: index %d Security type: %d\n", __func__, 1152 index, peer->security[index].sec_type); 1153 1154 switch (peer->security[index].sec_type) { 1155 case htt_sec_type_tkip: 1156 tkip_demic = 1; 1157 1158 case htt_sec_type_tkip_nomic: 1159 while (cur) { 1160 tmp_next = qdf_nbuf_next(cur); 1161 if (dp_rx_defrag_tkip_decap(cur, hdr_space)) { 1162 1163 QDF_TRACE(QDF_MODULE_ID_TXRX, 1164 QDF_TRACE_LEVEL_ERROR, 1165 "dp_rx_defrag: TKIP decap failed"); 1166 1167 return QDF_STATUS_E_DEFRAG_ERROR; 1168 } 1169 cur = tmp_next; 1170 } 1171 1172 /* If success, increment header to be stripped later */ 1173 hdr_space += dp_f_tkip.ic_header; 1174 break; 1175 1176 case htt_sec_type_aes_ccmp: 1177 while (cur) { 1178 tmp_next = qdf_nbuf_next(cur); 1179 if (dp_rx_defrag_ccmp_demic(cur, hdr_space)) { 1180 1181 QDF_TRACE(QDF_MODULE_ID_TXRX, 1182 QDF_TRACE_LEVEL_ERROR, 1183 "dp_rx_defrag: CCMP demic failed"); 1184 1185 return QDF_STATUS_E_DEFRAG_ERROR; 1186 } 1187 if (dp_rx_defrag_ccmp_decap(cur, hdr_space)) { 1188 1189 QDF_TRACE(QDF_MODULE_ID_TXRX, 1190 QDF_TRACE_LEVEL_ERROR, 1191 "dp_rx_defrag: CCMP decap failed"); 1192 1193 return QDF_STATUS_E_DEFRAG_ERROR; 1194 } 1195 cur = tmp_next; 1196 } 1197 1198 /* If success, increment header to be stripped later */ 1199 hdr_space += dp_f_ccmp.ic_header; 1200 break; 1201 1202 case htt_sec_type_wep40: 1203 case htt_sec_type_wep104: 1204 case htt_sec_type_wep128: 1205 while (cur) { 1206 tmp_next = qdf_nbuf_next(cur); 1207 if (dp_rx_defrag_wep_decap(cur, hdr_space)) { 1208 1209 QDF_TRACE(QDF_MODULE_ID_TXRX, 1210 QDF_TRACE_LEVEL_ERROR, 1211 "dp_rx_defrag: WEP decap failed"); 1212 1213 return QDF_STATUS_E_DEFRAG_ERROR; 1214 } 1215 cur = tmp_next; 1216 } 1217 1218 /* If success, increment header to be stripped later */ 1219 hdr_space += dp_f_wep.ic_header; 1220 break; 1221 default: 1222 QDF_TRACE(QDF_MODULE_ID_TXRX, 1223 QDF_TRACE_LEVEL_ERROR, 1224 "dp_rx_defrag: Did not match any security type"); 1225 break; 1226 } 1227 1228 if (tkip_demic) { 1229 msdu = frag_list_head; 1230 if (soc->cdp_soc.ol_ops->rx_frag_tkip_demic) { 1231 status = soc->cdp_soc.ol_ops->rx_frag_tkip_demic( 1232 (void *)peer->ctrl_peer, msdu, hdr_space); 1233 } else { 1234 qdf_mem_copy(key, 1235 &peer->security[index].michael_key[0], 1236 IEEE80211_WEP_MICLEN); 1237 status = dp_rx_defrag_tkip_demic(key, msdu, 1238 RX_PKT_TLVS_LEN + 1239 hdr_space); 1240 1241 if (status) { 1242 dp_rx_defrag_err(vdev, frag_list_head); 1243 1244 QDF_TRACE(QDF_MODULE_ID_TXRX, 1245 QDF_TRACE_LEVEL_ERROR, 1246 "%s: TKIP demic failed status %d\n", 1247 __func__, status); 1248 1249 return QDF_STATUS_E_DEFRAG_ERROR; 1250 } 1251 } 1252 } 1253 1254 /* Convert the header to 802.3 header */ 1255 dp_rx_defrag_nwifi_to_8023(frag_list_head, hdr_space); 1256 dp_rx_construct_fraglist(peer, frag_list_head, hdr_space); 1257 1258 return QDF_STATUS_SUCCESS; 1259 } 1260 1261 /* 1262 * dp_rx_defrag_cleanup(): Clean up activities 1263 * @peer: Pointer to the peer 1264 * @tid: Transmit Identifier 1265 * 1266 * Returns: None 1267 */ 1268 void dp_rx_defrag_cleanup(struct dp_peer *peer, unsigned tid) 1269 { 1270 struct dp_rx_reorder_array_elem *rx_reorder_array_elem = 1271 peer->rx_tid[tid].array; 1272 1273 if (!rx_reorder_array_elem) { 1274 /* 1275 * if this condition is hit then somebody 1276 * must have reset this pointer to NULL. 1277 * array pointer usually points to base variable 1278 * of TID queue structure: "struct dp_rx_tid" 1279 */ 1280 QDF_ASSERT(0); 1281 return; 1282 } 1283 /* Free up nbufs */ 1284 dp_rx_defrag_frames_free(rx_reorder_array_elem->head); 1285 1286 /* Free up saved ring descriptors */ 1287 dp_rx_clear_saved_desc_info(peer, tid); 1288 1289 rx_reorder_array_elem->head = NULL; 1290 rx_reorder_array_elem->tail = NULL; 1291 peer->rx_tid[tid].defrag_timeout_ms = 0; 1292 peer->rx_tid[tid].curr_frag_num = 0; 1293 peer->rx_tid[tid].curr_seq_num = 0; 1294 peer->rx_tid[tid].head_frag_desc = NULL; 1295 } 1296 1297 /* 1298 * dp_rx_defrag_save_info_from_ring_desc(): Save info from REO ring descriptor 1299 * @ring_desc: Pointer to the dst ring descriptor 1300 * @peer: Pointer to the peer 1301 * @tid: Transmit Identifier 1302 * 1303 * Returns: None 1304 */ 1305 static QDF_STATUS dp_rx_defrag_save_info_from_ring_desc(void *ring_desc, 1306 struct dp_rx_desc *rx_desc, struct dp_peer *peer, unsigned tid) 1307 { 1308 void *dst_ring_desc = qdf_mem_malloc( 1309 sizeof(struct reo_destination_ring)); 1310 1311 if (dst_ring_desc == NULL) { 1312 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1313 "%s: Memory alloc failed !\n", __func__); 1314 QDF_ASSERT(0); 1315 return QDF_STATUS_E_NOMEM; 1316 } 1317 1318 qdf_mem_copy(dst_ring_desc, ring_desc, 1319 sizeof(struct reo_destination_ring)); 1320 1321 peer->rx_tid[tid].dst_ring_desc = dst_ring_desc; 1322 peer->rx_tid[tid].head_frag_desc = rx_desc; 1323 1324 return QDF_STATUS_SUCCESS; 1325 } 1326 1327 /* 1328 * dp_rx_defrag_store_fragment(): Store incoming fragments 1329 * @soc: Pointer to the SOC data structure 1330 * @ring_desc: Pointer to the ring descriptor 1331 * @mpdu_desc_info: MPDU descriptor info 1332 * @tid: Traffic Identifier 1333 * @rx_desc: Pointer to rx descriptor 1334 * @rx_bfs: Number of bfs consumed 1335 * 1336 * Returns: QDF_STATUS 1337 */ 1338 static QDF_STATUS dp_rx_defrag_store_fragment(struct dp_soc *soc, 1339 void *ring_desc, 1340 union dp_rx_desc_list_elem_t **head, 1341 union dp_rx_desc_list_elem_t **tail, 1342 struct hal_rx_mpdu_desc_info *mpdu_desc_info, 1343 unsigned tid, struct dp_rx_desc *rx_desc, 1344 uint32_t *rx_bfs) 1345 { 1346 struct dp_rx_reorder_array_elem *rx_reorder_array_elem; 1347 struct dp_pdev *pdev; 1348 struct dp_peer *peer; 1349 uint16_t peer_id; 1350 uint8_t fragno, more_frag, all_frag_present = 0; 1351 uint16_t rxseq = mpdu_desc_info->mpdu_seq; 1352 QDF_STATUS status; 1353 struct dp_rx_tid *rx_tid; 1354 uint8_t mpdu_sequence_control_valid; 1355 uint8_t mpdu_frame_control_valid; 1356 qdf_nbuf_t frag = rx_desc->nbuf; 1357 1358 /* Check if the packet is from a valid peer */ 1359 peer_id = DP_PEER_METADATA_PEER_ID_GET( 1360 mpdu_desc_info->peer_meta_data); 1361 peer = dp_peer_find_by_id(soc, peer_id); 1362 1363 if (!peer) { 1364 /* We should not receive anything from unknown peer 1365 * however, that might happen while we are in the monitor mode. 1366 * We don't need to handle that here 1367 */ 1368 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1369 "Unknown peer, dropping the fragment"); 1370 1371 qdf_nbuf_free(frag); 1372 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1373 *rx_bfs = 1; 1374 1375 return QDF_STATUS_E_DEFRAG_ERROR; 1376 } 1377 1378 pdev = peer->vdev->pdev; 1379 rx_tid = &peer->rx_tid[tid]; 1380 1381 rx_reorder_array_elem = peer->rx_tid[tid].array; 1382 1383 mpdu_sequence_control_valid = 1384 hal_rx_get_mpdu_sequence_control_valid(rx_desc->rx_buf_start); 1385 1386 /* Invalid MPDU sequence control field, MPDU is of no use */ 1387 if (!mpdu_sequence_control_valid) { 1388 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1389 "Invalid MPDU seq control field, dropping MPDU"); 1390 qdf_nbuf_free(frag); 1391 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1392 *rx_bfs = 1; 1393 1394 qdf_assert(0); 1395 goto end; 1396 } 1397 1398 mpdu_frame_control_valid = 1399 hal_rx_get_mpdu_frame_control_valid(rx_desc->rx_buf_start); 1400 1401 /* Invalid frame control field */ 1402 if (!mpdu_frame_control_valid) { 1403 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1404 "Invalid frame control field, dropping MPDU"); 1405 qdf_nbuf_free(frag); 1406 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1407 *rx_bfs = 1; 1408 1409 qdf_assert(0); 1410 goto end; 1411 } 1412 1413 /* Current mpdu sequence */ 1414 more_frag = dp_rx_frag_get_more_frag_bit(rx_desc->rx_buf_start); 1415 1416 /* HW does not populate the fragment number as of now 1417 * need to get from the 802.11 header 1418 */ 1419 fragno = dp_rx_frag_get_mpdu_frag_number(rx_desc->rx_buf_start); 1420 1421 /* 1422 * !more_frag: no more fragments to be delivered 1423 * !frag_no: packet is not fragmented 1424 * !rx_reorder_array_elem->head: no saved fragments so far 1425 */ 1426 if ((!more_frag) && (!fragno) && (!rx_reorder_array_elem->head)) { 1427 /* We should not get into this situation here. 1428 * It means an unfragmented packet with fragment flag 1429 * is delivered over the REO exception ring. 1430 * Typically it follows normal rx path. 1431 */ 1432 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1433 "Rcvd unfragmented pkt on REO Err srng, dropping"); 1434 qdf_nbuf_free(frag); 1435 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1436 *rx_bfs = 1; 1437 1438 qdf_assert(0); 1439 goto end; 1440 } 1441 1442 /* Check if the fragment is for the same sequence or a different one */ 1443 if (rx_reorder_array_elem->head) { 1444 if (rxseq != rx_tid->curr_seq_num) { 1445 1446 /* Drop stored fragments if out of sequence 1447 * fragment is received 1448 */ 1449 dp_rx_defrag_frames_free(rx_reorder_array_elem->head); 1450 1451 rx_reorder_array_elem->head = NULL; 1452 rx_reorder_array_elem->tail = NULL; 1453 1454 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1455 "%s mismatch, dropping earlier sequence ", 1456 (rxseq == rx_tid->curr_seq_num) 1457 ? "address" 1458 : "seq number"); 1459 1460 /* 1461 * The sequence number for this fragment becomes the 1462 * new sequence number to be processed 1463 */ 1464 rx_tid->curr_seq_num = rxseq; 1465 1466 } 1467 } else { 1468 /* Start of a new sequence */ 1469 dp_rx_defrag_cleanup(peer, tid); 1470 rx_tid->curr_seq_num = rxseq; 1471 } 1472 1473 /* 1474 * If the earlier sequence was dropped, this will be the fresh start. 1475 * Else, continue with next fragment in a given sequence 1476 */ 1477 status = dp_rx_defrag_fraglist_insert(peer, tid, &rx_reorder_array_elem->head, 1478 &rx_reorder_array_elem->tail, frag, 1479 &all_frag_present); 1480 1481 /* 1482 * Currently, we can have only 6 MSDUs per-MPDU, if the current 1483 * packet sequence has more than 6 MSDUs for some reason, we will 1484 * have to use the next MSDU link descriptor and chain them together 1485 * before reinjection 1486 */ 1487 if ((fragno == 0) && (status == QDF_STATUS_SUCCESS) && 1488 (rx_reorder_array_elem->head == frag)) { 1489 1490 status = dp_rx_defrag_save_info_from_ring_desc(ring_desc, 1491 rx_desc, peer, tid); 1492 1493 if (status != QDF_STATUS_SUCCESS) { 1494 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1495 "%s: Unable to store ring desc !\n", __func__); 1496 goto end; 1497 } 1498 } else { 1499 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1500 *rx_bfs = 1; 1501 1502 /* Return the non-head link desc */ 1503 if (dp_rx_link_desc_return(soc, ring_desc, 1504 HAL_BM_ACTION_PUT_IN_IDLE_LIST) != 1505 QDF_STATUS_SUCCESS) 1506 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1507 "%s: Failed to return link desc\n", 1508 __func__); 1509 1510 } 1511 1512 if (pdev->soc->rx.flags.defrag_timeout_check) 1513 dp_rx_defrag_waitlist_remove(peer, tid); 1514 1515 /* Yet to receive more fragments for this sequence number */ 1516 if (!all_frag_present) { 1517 uint32_t now_ms = 1518 qdf_system_ticks_to_msecs(qdf_system_ticks()); 1519 1520 peer->rx_tid[tid].defrag_timeout_ms = 1521 now_ms + pdev->soc->rx.defrag.timeout_ms; 1522 1523 dp_rx_defrag_waitlist_add(peer, tid); 1524 1525 return QDF_STATUS_SUCCESS; 1526 } 1527 1528 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_INFO, 1529 "All fragments received for sequence: %d", rxseq); 1530 1531 /* Process the fragments */ 1532 status = dp_rx_defrag(peer, tid, rx_reorder_array_elem->head, 1533 rx_reorder_array_elem->tail); 1534 if (QDF_IS_STATUS_ERROR(status)) { 1535 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1536 "Fragment processing failed"); 1537 1538 dp_rx_add_to_free_desc_list(head, tail, 1539 peer->rx_tid[tid].head_frag_desc); 1540 *rx_bfs = 1; 1541 1542 if (dp_rx_link_desc_return(soc, 1543 peer->rx_tid[tid].dst_ring_desc, 1544 HAL_BM_ACTION_PUT_IN_IDLE_LIST) != 1545 QDF_STATUS_SUCCESS) 1546 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1547 "%s: Failed to return link desc\n", 1548 __func__); 1549 dp_rx_defrag_cleanup(peer, tid); 1550 goto end; 1551 } 1552 1553 /* Re-inject the fragments back to REO for further processing */ 1554 status = dp_rx_defrag_reo_reinject(peer, tid, 1555 rx_reorder_array_elem->head); 1556 if (QDF_IS_STATUS_SUCCESS(status)) { 1557 rx_reorder_array_elem->head = NULL; 1558 rx_reorder_array_elem->tail = NULL; 1559 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_INFO, 1560 "Fragmented sequence successfully reinjected"); 1561 } else { 1562 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1563 "Fragmented sequence reinjection failed"); 1564 dp_rx_return_head_frag_desc(peer, tid); 1565 } 1566 1567 dp_rx_defrag_cleanup(peer, tid); 1568 return QDF_STATUS_SUCCESS; 1569 1570 end: 1571 return QDF_STATUS_E_DEFRAG_ERROR; 1572 } 1573 1574 /** 1575 * dp_rx_frag_handle() - Handles fragmented Rx frames 1576 * 1577 * @soc: core txrx main context 1578 * @ring_desc: opaque pointer to the REO error ring descriptor 1579 * @mpdu_desc_info: MPDU descriptor information from ring descriptor 1580 * @head: head of the local descriptor free-list 1581 * @tail: tail of the local descriptor free-list 1582 * @quota: No. of units (packets) that can be serviced in one shot. 1583 * 1584 * This function implements RX 802.11 fragmentation handling 1585 * The handling is mostly same as legacy fragmentation handling. 1586 * If required, this function can re-inject the frames back to 1587 * REO ring (with proper setting to by-pass fragmentation check 1588 * but use duplicate detection / re-ordering and routing these frames 1589 * to a different core. 1590 * 1591 * Return: uint32_t: No. of elements processed 1592 */ 1593 uint32_t dp_rx_frag_handle(struct dp_soc *soc, void *ring_desc, 1594 struct hal_rx_mpdu_desc_info *mpdu_desc_info, 1595 union dp_rx_desc_list_elem_t **head, 1596 union dp_rx_desc_list_elem_t **tail, 1597 uint32_t quota) 1598 { 1599 uint32_t rx_bufs_used = 0; 1600 void *link_desc_va; 1601 struct hal_buf_info buf_info; 1602 struct hal_rx_msdu_list msdu_list; /* per MPDU list of MSDUs */ 1603 qdf_nbuf_t msdu = NULL; 1604 uint32_t tid, msdu_len; 1605 int idx, rx_bfs = 0; 1606 QDF_STATUS status; 1607 1608 qdf_assert(soc); 1609 qdf_assert(mpdu_desc_info); 1610 1611 /* Fragment from a valid peer */ 1612 hal_rx_reo_buf_paddr_get(ring_desc, &buf_info); 1613 1614 link_desc_va = dp_rx_cookie_2_link_desc_va(soc, &buf_info); 1615 1616 qdf_assert(link_desc_va); 1617 1618 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_INFO_HIGH, 1619 "Number of MSDUs to process, num_msdus: %d", 1620 mpdu_desc_info->msdu_count); 1621 1622 1623 if (qdf_unlikely(mpdu_desc_info->msdu_count == 0)) { 1624 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1625 "Not sufficient MSDUs to process"); 1626 return rx_bufs_used; 1627 } 1628 1629 /* Get msdu_list for the given MPDU */ 1630 hal_rx_msdu_list_get(link_desc_va, &msdu_list, 1631 &mpdu_desc_info->msdu_count); 1632 1633 /* Process all MSDUs in the current MPDU */ 1634 for (idx = 0; (idx < mpdu_desc_info->msdu_count) && quota--; idx++) { 1635 struct dp_rx_desc *rx_desc = 1636 dp_rx_cookie_2_va_rxdma_buf(soc, 1637 msdu_list.sw_cookie[idx]); 1638 1639 qdf_assert(rx_desc); 1640 1641 msdu = rx_desc->nbuf; 1642 1643 qdf_nbuf_unmap_single(soc->osdev, msdu, 1644 QDF_DMA_BIDIRECTIONAL); 1645 1646 rx_desc->rx_buf_start = qdf_nbuf_data(msdu); 1647 1648 msdu_len = hal_rx_msdu_start_msdu_len_get( 1649 rx_desc->rx_buf_start); 1650 1651 qdf_nbuf_set_pktlen(msdu, (msdu_len + RX_PKT_TLVS_LEN)); 1652 1653 tid = hal_rx_mpdu_start_tid_get(rx_desc->rx_buf_start); 1654 1655 /* Process fragment-by-fragment */ 1656 status = dp_rx_defrag_store_fragment(soc, ring_desc, 1657 head, tail, mpdu_desc_info, 1658 tid, rx_desc, &rx_bfs); 1659 1660 if (rx_bfs) 1661 rx_bufs_used++; 1662 1663 if (!QDF_IS_STATUS_SUCCESS(status)) { 1664 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1665 "Rx Defrag err seq#:0x%x msdu_count:%d flags:%d", 1666 mpdu_desc_info->mpdu_seq, 1667 mpdu_desc_info->msdu_count, 1668 mpdu_desc_info->mpdu_flags); 1669 1670 /* No point in processing rest of the fragments */ 1671 break; 1672 } 1673 } 1674 1675 return rx_bufs_used; 1676 } 1677 1678 QDF_STATUS dp_rx_defrag_add_last_frag(struct dp_soc *soc, 1679 struct dp_peer *peer, uint16_t tid, 1680 uint16_t rxseq, qdf_nbuf_t nbuf) 1681 { 1682 struct dp_rx_tid *rx_tid = &peer->rx_tid[tid]; 1683 struct dp_rx_reorder_array_elem *rx_reorder_array_elem; 1684 uint8_t all_frag_present; 1685 uint32_t msdu_len; 1686 QDF_STATUS status; 1687 1688 rx_reorder_array_elem = peer->rx_tid[tid].array; 1689 1690 if (rx_reorder_array_elem->head && 1691 rxseq != rx_tid->curr_seq_num) { 1692 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1693 "%s: No list found for TID %d Seq# %d\n", 1694 __func__, tid, rxseq); 1695 qdf_nbuf_free(nbuf); 1696 goto fail; 1697 } 1698 1699 msdu_len = hal_rx_msdu_start_msdu_len_get(qdf_nbuf_data(nbuf)); 1700 1701 qdf_nbuf_set_pktlen(nbuf, (msdu_len + RX_PKT_TLVS_LEN)); 1702 1703 status = dp_rx_defrag_fraglist_insert(peer, tid, 1704 &rx_reorder_array_elem->head, 1705 &rx_reorder_array_elem->tail, nbuf, 1706 &all_frag_present); 1707 1708 if (QDF_IS_STATUS_ERROR(status)) { 1709 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1710 "%s Fragment insert failed\n", __func__); 1711 1712 goto fail; 1713 } 1714 1715 if (soc->rx.flags.defrag_timeout_check) 1716 dp_rx_defrag_waitlist_remove(peer, tid); 1717 1718 if (!all_frag_present) { 1719 uint32_t now_ms = 1720 qdf_system_ticks_to_msecs(qdf_system_ticks()); 1721 1722 peer->rx_tid[tid].defrag_timeout_ms = 1723 now_ms + soc->rx.defrag.timeout_ms; 1724 1725 dp_rx_defrag_waitlist_add(peer, tid); 1726 1727 return QDF_STATUS_SUCCESS; 1728 } 1729 1730 status = dp_rx_defrag(peer, tid, rx_reorder_array_elem->head, 1731 rx_reorder_array_elem->tail); 1732 1733 if (QDF_IS_STATUS_ERROR(status)) { 1734 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1735 "%s Fragment processing failed\n", __func__); 1736 1737 dp_rx_return_head_frag_desc(peer, tid); 1738 dp_rx_defrag_cleanup(peer, tid); 1739 1740 goto fail; 1741 } 1742 1743 /* Re-inject the fragments back to REO for further processing */ 1744 status = dp_rx_defrag_reo_reinject(peer, tid, 1745 rx_reorder_array_elem->head); 1746 if (QDF_IS_STATUS_SUCCESS(status)) { 1747 rx_reorder_array_elem->head = NULL; 1748 rx_reorder_array_elem->tail = NULL; 1749 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_INFO, 1750 "%s: Frag seq successfully reinjected\n", 1751 __func__); 1752 } else { 1753 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1754 "%s: Frag seq reinjection failed\n", 1755 __func__); 1756 dp_rx_return_head_frag_desc(peer, tid); 1757 } 1758 1759 dp_rx_defrag_cleanup(peer, tid); 1760 return QDF_STATUS_SUCCESS; 1761 1762 fail: 1763 return QDF_STATUS_E_DEFRAG_ERROR; 1764 } 1765