1 /* 2 * Copyright (c) 2017-2021 The Linux Foundation. All rights reserved. 3 * Copyright (c) 2021-2022 Qualcomm Innovation Center, Inc. All rights reserved. 4 * 5 * Permission to use, copy, modify, and/or distribute this software for 6 * any purpose with or without fee is hereby granted, provided that the 7 * above copyright notice and this permission notice appear in all 8 * copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 11 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 12 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 13 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 14 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 15 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 16 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 17 * PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include "hal_hw_headers.h" 21 #ifndef RX_DEFRAG_DO_NOT_REINJECT 22 #ifndef DP_BE_WAR 23 #include "li/hal_li_rx.h" 24 #endif 25 #endif 26 #include "dp_types.h" 27 #include "dp_rx.h" 28 #include "dp_peer.h" 29 #include "hal_api.h" 30 #include "qdf_trace.h" 31 #include "qdf_nbuf.h" 32 #include "dp_internal.h" 33 #include "dp_rx_defrag.h" 34 #include <enet.h> /* LLC_SNAP_HDR_LEN */ 35 #include "dp_rx_defrag.h" 36 #include "dp_ipa.h" 37 #include "dp_rx_buffer_pool.h" 38 39 const struct dp_rx_defrag_cipher dp_f_ccmp = { 40 "AES-CCM", 41 IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + IEEE80211_WEP_EXTIVLEN, 42 IEEE80211_WEP_MICLEN, 43 0, 44 }; 45 46 const struct dp_rx_defrag_cipher dp_f_tkip = { 47 "TKIP", 48 IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + IEEE80211_WEP_EXTIVLEN, 49 IEEE80211_WEP_CRCLEN, 50 IEEE80211_WEP_MICLEN, 51 }; 52 53 const struct dp_rx_defrag_cipher dp_f_wep = { 54 "WEP", 55 IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN, 56 IEEE80211_WEP_CRCLEN, 57 0, 58 }; 59 60 /* 61 * The header and mic length are same for both 62 * GCMP-128 and GCMP-256. 63 */ 64 const struct dp_rx_defrag_cipher dp_f_gcmp = { 65 "AES-GCMP", 66 WLAN_IEEE80211_GCMP_HEADERLEN, 67 WLAN_IEEE80211_GCMP_MICLEN, 68 WLAN_IEEE80211_GCMP_MICLEN, 69 }; 70 71 /* 72 * dp_rx_defrag_frames_free(): Free fragment chain 73 * @frames: Fragment chain 74 * 75 * Iterates through the fragment chain and frees them 76 * Returns: None 77 */ 78 static void dp_rx_defrag_frames_free(qdf_nbuf_t frames) 79 { 80 qdf_nbuf_t next, frag = frames; 81 82 while (frag) { 83 next = qdf_nbuf_next(frag); 84 dp_rx_nbuf_free(frag); 85 frag = next; 86 } 87 } 88 89 /* 90 * dp_rx_clear_saved_desc_info(): Clears descriptor info 91 * @txrx peer: Pointer to the peer data structure 92 * @tid: Transmit ID (TID) 93 * 94 * Saves MPDU descriptor info and MSDU link pointer from REO 95 * ring descriptor. The cache is created per peer, per TID 96 * 97 * Returns: None 98 */ 99 static void dp_rx_clear_saved_desc_info(struct dp_txrx_peer *txrx_peer, 100 unsigned int tid) 101 { 102 if (txrx_peer->rx_tid[tid].dst_ring_desc) 103 qdf_mem_free(txrx_peer->rx_tid[tid].dst_ring_desc); 104 105 txrx_peer->rx_tid[tid].dst_ring_desc = NULL; 106 txrx_peer->rx_tid[tid].head_frag_desc = NULL; 107 } 108 109 static void dp_rx_return_head_frag_desc(struct dp_txrx_peer *txrx_peer, 110 unsigned int tid) 111 { 112 struct dp_soc *soc; 113 struct dp_pdev *pdev; 114 struct dp_srng *dp_rxdma_srng; 115 struct rx_desc_pool *rx_desc_pool; 116 union dp_rx_desc_list_elem_t *head = NULL; 117 union dp_rx_desc_list_elem_t *tail = NULL; 118 uint8_t pool_id; 119 120 pdev = txrx_peer->vdev->pdev; 121 soc = pdev->soc; 122 123 if (txrx_peer->rx_tid[tid].head_frag_desc) { 124 pool_id = txrx_peer->rx_tid[tid].head_frag_desc->pool_id; 125 dp_rxdma_srng = &soc->rx_refill_buf_ring[pool_id]; 126 rx_desc_pool = &soc->rx_desc_buf[pool_id]; 127 128 dp_rx_add_to_free_desc_list(&head, &tail, 129 txrx_peer->rx_tid[tid].head_frag_desc); 130 dp_rx_buffers_replenish(soc, 0, dp_rxdma_srng, rx_desc_pool, 131 1, &head, &tail); 132 } 133 134 if (txrx_peer->rx_tid[tid].dst_ring_desc) { 135 if (dp_rx_link_desc_return(soc, 136 txrx_peer->rx_tid[tid].dst_ring_desc, 137 HAL_BM_ACTION_PUT_IN_IDLE_LIST) != 138 QDF_STATUS_SUCCESS) 139 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 140 "%s: Failed to return link desc", __func__); 141 } 142 } 143 144 /* 145 * dp_rx_reorder_flush_frag(): Flush the frag list 146 * @txrx_peer: Pointer to the peer data structure 147 * @tid: Transmit ID (TID) 148 * 149 * Flush the per-TID frag list 150 * 151 * Returns: None 152 */ 153 void dp_rx_reorder_flush_frag(struct dp_txrx_peer *txrx_peer, 154 unsigned int tid) 155 { 156 dp_info_rl("Flushing TID %d", tid); 157 158 if (!txrx_peer) { 159 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 160 "%s: NULL peer", __func__); 161 return; 162 } 163 164 dp_rx_return_head_frag_desc(txrx_peer, tid); 165 dp_rx_defrag_cleanup(txrx_peer, tid); 166 } 167 168 /* 169 * dp_rx_defrag_waitlist_flush(): Flush SOC defrag wait list 170 * @soc: DP SOC 171 * 172 * Flush fragments of all waitlisted TID's 173 * 174 * Returns: None 175 */ 176 void dp_rx_defrag_waitlist_flush(struct dp_soc *soc) 177 { 178 struct dp_rx_tid_defrag *waitlist_elem = NULL; 179 struct dp_rx_tid_defrag *tmp; 180 uint32_t now_ms = qdf_system_ticks_to_msecs(qdf_system_ticks()); 181 TAILQ_HEAD(, dp_rx_tid_defrag) temp_list; 182 dp_txrx_ref_handle txrx_ref_handle = NULL; 183 184 TAILQ_INIT(&temp_list); 185 186 dp_debug("Current time %u", now_ms); 187 188 qdf_spin_lock_bh(&soc->rx.defrag.defrag_lock); 189 TAILQ_FOREACH_SAFE(waitlist_elem, &soc->rx.defrag.waitlist, 190 defrag_waitlist_elem, tmp) { 191 uint32_t tid; 192 193 if (waitlist_elem->defrag_timeout_ms > now_ms) 194 break; 195 196 tid = waitlist_elem->tid; 197 if (tid >= DP_MAX_TIDS) { 198 qdf_assert(0); 199 continue; 200 } 201 202 TAILQ_REMOVE(&soc->rx.defrag.waitlist, waitlist_elem, 203 defrag_waitlist_elem); 204 DP_STATS_DEC(soc, rx.rx_frag_wait, 1); 205 206 /* Move to temp list and clean-up later */ 207 TAILQ_INSERT_TAIL(&temp_list, waitlist_elem, 208 defrag_waitlist_elem); 209 } 210 if (waitlist_elem) { 211 soc->rx.defrag.next_flush_ms = 212 waitlist_elem->defrag_timeout_ms; 213 } else { 214 soc->rx.defrag.next_flush_ms = 215 now_ms + soc->rx.defrag.timeout_ms; 216 } 217 218 qdf_spin_unlock_bh(&soc->rx.defrag.defrag_lock); 219 220 TAILQ_FOREACH_SAFE(waitlist_elem, &temp_list, 221 defrag_waitlist_elem, tmp) { 222 struct dp_txrx_peer *txrx_peer, *temp_peer = NULL; 223 224 qdf_spin_lock_bh(&waitlist_elem->defrag_tid_lock); 225 TAILQ_REMOVE(&temp_list, waitlist_elem, 226 defrag_waitlist_elem); 227 /* get address of current peer */ 228 txrx_peer = waitlist_elem->defrag_peer; 229 qdf_spin_unlock_bh(&waitlist_elem->defrag_tid_lock); 230 231 temp_peer = dp_txrx_peer_get_ref_by_id(soc, txrx_peer->peer_id, 232 &txrx_ref_handle, 233 DP_MOD_ID_RX_ERR); 234 if (temp_peer == txrx_peer) { 235 qdf_spin_lock_bh(&waitlist_elem->defrag_tid_lock); 236 dp_rx_reorder_flush_frag(txrx_peer, waitlist_elem->tid); 237 qdf_spin_unlock_bh(&waitlist_elem->defrag_tid_lock); 238 } 239 240 if (temp_peer) 241 dp_txrx_peer_unref_delete(txrx_ref_handle, 242 DP_MOD_ID_RX_ERR); 243 244 } 245 } 246 247 /* 248 * dp_rx_defrag_waitlist_add(): Update per-PDEV defrag wait list 249 * @txrx_peer: Pointer to the peer data structure 250 * @tid: Transmit ID (TID) 251 * 252 * Appends per-tid fragments to global fragment wait list 253 * 254 * Returns: None 255 */ 256 static void dp_rx_defrag_waitlist_add(struct dp_txrx_peer *txrx_peer, 257 unsigned int tid) 258 { 259 struct dp_soc *psoc = txrx_peer->vdev->pdev->soc; 260 struct dp_rx_tid_defrag *waitlist_elem = &txrx_peer->rx_tid[tid]; 261 262 dp_debug("Adding TID %u to waitlist for peer %pK with peer_id = %d ", 263 tid, txrx_peer, txrx_peer->peer_id); 264 265 /* TODO: use LIST macros instead of TAIL macros */ 266 qdf_spin_lock_bh(&psoc->rx.defrag.defrag_lock); 267 if (TAILQ_EMPTY(&psoc->rx.defrag.waitlist)) 268 psoc->rx.defrag.next_flush_ms = 269 waitlist_elem->defrag_timeout_ms; 270 271 TAILQ_INSERT_TAIL(&psoc->rx.defrag.waitlist, waitlist_elem, 272 defrag_waitlist_elem); 273 DP_STATS_INC(psoc, rx.rx_frag_wait, 1); 274 qdf_spin_unlock_bh(&psoc->rx.defrag.defrag_lock); 275 } 276 277 /* 278 * dp_rx_defrag_waitlist_remove(): Remove fragments from waitlist 279 * @txrx peer: Pointer to the peer data structure 280 * @tid: Transmit ID (TID) 281 * 282 * Remove fragments from waitlist 283 * 284 * Returns: None 285 */ 286 void dp_rx_defrag_waitlist_remove(struct dp_txrx_peer *txrx_peer, 287 unsigned int tid) 288 { 289 struct dp_pdev *pdev = txrx_peer->vdev->pdev; 290 struct dp_soc *soc = pdev->soc; 291 struct dp_rx_tid_defrag *waitlist_elm; 292 struct dp_rx_tid_defrag *tmp; 293 294 dp_debug("Removing TID %u to waitlist for peer %pK peer_id = %d ", 295 tid, txrx_peer, txrx_peer->peer_id); 296 297 if (tid >= DP_MAX_TIDS) { 298 dp_err("TID out of bounds: %d", tid); 299 qdf_assert_always(0); 300 } 301 302 qdf_spin_lock_bh(&soc->rx.defrag.defrag_lock); 303 TAILQ_FOREACH_SAFE(waitlist_elm, &soc->rx.defrag.waitlist, 304 defrag_waitlist_elem, tmp) { 305 struct dp_txrx_peer *peer_on_waitlist; 306 307 /* get address of current peer */ 308 peer_on_waitlist = waitlist_elm->defrag_peer; 309 310 /* Ensure it is TID for same peer */ 311 if (peer_on_waitlist == txrx_peer && waitlist_elm->tid == tid) { 312 TAILQ_REMOVE(&soc->rx.defrag.waitlist, 313 waitlist_elm, defrag_waitlist_elem); 314 DP_STATS_DEC(soc, rx.rx_frag_wait, 1); 315 } 316 } 317 qdf_spin_unlock_bh(&soc->rx.defrag.defrag_lock); 318 } 319 320 /* 321 * dp_rx_defrag_fraglist_insert(): Create a per-sequence fragment list 322 * @txrx_peer: Pointer to the peer data structure 323 * @tid: Transmit ID (TID) 324 * @head_addr: Pointer to head list 325 * @tail_addr: Pointer to tail list 326 * @frag: Incoming fragment 327 * @all_frag_present: Flag to indicate whether all fragments are received 328 * 329 * Build a per-tid, per-sequence fragment list. 330 * 331 * Returns: Success, if inserted 332 */ 333 static QDF_STATUS 334 dp_rx_defrag_fraglist_insert(struct dp_txrx_peer *txrx_peer, unsigned int tid, 335 qdf_nbuf_t *head_addr, qdf_nbuf_t *tail_addr, 336 qdf_nbuf_t frag, uint8_t *all_frag_present) 337 { 338 struct dp_soc *soc = txrx_peer->vdev->pdev->soc; 339 qdf_nbuf_t next; 340 qdf_nbuf_t prev = NULL; 341 qdf_nbuf_t cur; 342 uint16_t head_fragno, cur_fragno, next_fragno; 343 uint8_t last_morefrag = 1, count = 0; 344 struct dp_rx_tid_defrag *rx_tid = &txrx_peer->rx_tid[tid]; 345 uint8_t *rx_desc_info; 346 347 qdf_assert(frag); 348 qdf_assert(head_addr); 349 qdf_assert(tail_addr); 350 351 *all_frag_present = 0; 352 rx_desc_info = qdf_nbuf_data(frag); 353 cur_fragno = dp_rx_frag_get_mpdu_frag_number(soc, rx_desc_info); 354 355 dp_debug("cur_fragno %d\n", cur_fragno); 356 /* If this is the first fragment */ 357 if (!(*head_addr)) { 358 *head_addr = *tail_addr = frag; 359 qdf_nbuf_set_next(*tail_addr, NULL); 360 rx_tid->curr_frag_num = cur_fragno; 361 362 goto insert_done; 363 } 364 365 /* In sequence fragment */ 366 if (cur_fragno > rx_tid->curr_frag_num) { 367 qdf_nbuf_set_next(*tail_addr, frag); 368 *tail_addr = frag; 369 qdf_nbuf_set_next(*tail_addr, NULL); 370 rx_tid->curr_frag_num = cur_fragno; 371 } else { 372 /* Out of sequence fragment */ 373 cur = *head_addr; 374 rx_desc_info = qdf_nbuf_data(cur); 375 head_fragno = dp_rx_frag_get_mpdu_frag_number(soc, 376 rx_desc_info); 377 378 if (cur_fragno == head_fragno) { 379 dp_rx_nbuf_free(frag); 380 goto insert_fail; 381 } else if (head_fragno > cur_fragno) { 382 qdf_nbuf_set_next(frag, cur); 383 cur = frag; 384 *head_addr = frag; /* head pointer to be updated */ 385 } else { 386 while ((cur_fragno > head_fragno) && cur) { 387 prev = cur; 388 cur = qdf_nbuf_next(cur); 389 if (cur) { 390 rx_desc_info = qdf_nbuf_data(cur); 391 head_fragno = 392 dp_rx_frag_get_mpdu_frag_number( 393 soc, 394 rx_desc_info); 395 } 396 } 397 398 if (cur_fragno == head_fragno) { 399 dp_rx_nbuf_free(frag); 400 goto insert_fail; 401 } 402 403 qdf_nbuf_set_next(prev, frag); 404 qdf_nbuf_set_next(frag, cur); 405 } 406 } 407 408 next = qdf_nbuf_next(*head_addr); 409 410 rx_desc_info = qdf_nbuf_data(*tail_addr); 411 last_morefrag = dp_rx_frag_get_more_frag_bit(soc, rx_desc_info); 412 413 /* TODO: optimize the loop */ 414 if (!last_morefrag) { 415 /* Check if all fragments are present */ 416 do { 417 rx_desc_info = qdf_nbuf_data(next); 418 next_fragno = 419 dp_rx_frag_get_mpdu_frag_number(soc, 420 rx_desc_info); 421 count++; 422 423 if (next_fragno != count) 424 break; 425 426 next = qdf_nbuf_next(next); 427 } while (next); 428 429 if (!next) { 430 *all_frag_present = 1; 431 return QDF_STATUS_SUCCESS; 432 } else { 433 /* revisit */ 434 } 435 } 436 437 insert_done: 438 return QDF_STATUS_SUCCESS; 439 440 insert_fail: 441 return QDF_STATUS_E_FAILURE; 442 } 443 444 445 /* 446 * dp_rx_defrag_tkip_decap(): decap tkip encrypted fragment 447 * @msdu: Pointer to the fragment 448 * @hdrlen: 802.11 header length (mostly useful in 4 addr frames) 449 * 450 * decap tkip encrypted fragment 451 * 452 * Returns: QDF_STATUS 453 */ 454 static QDF_STATUS 455 dp_rx_defrag_tkip_decap(struct dp_soc *soc, 456 qdf_nbuf_t msdu, uint16_t hdrlen) 457 { 458 uint8_t *ivp, *orig_hdr; 459 int rx_desc_len = soc->rx_pkt_tlv_size; 460 461 /* start of 802.11 header info */ 462 orig_hdr = (uint8_t *)(qdf_nbuf_data(msdu) + rx_desc_len); 463 464 /* TKIP header is located post 802.11 header */ 465 ivp = orig_hdr + hdrlen; 466 if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) { 467 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 468 "IEEE80211_WEP_EXTIV is missing in TKIP fragment"); 469 return QDF_STATUS_E_DEFRAG_ERROR; 470 } 471 472 qdf_nbuf_trim_tail(msdu, dp_f_tkip.ic_trailer); 473 474 return QDF_STATUS_SUCCESS; 475 } 476 477 /* 478 * dp_rx_defrag_ccmp_demic(): Remove MIC information from CCMP fragment 479 * @nbuf: Pointer to the fragment buffer 480 * @hdrlen: 802.11 header length (mostly useful in 4 addr frames) 481 * 482 * Remove MIC information from CCMP fragment 483 * 484 * Returns: QDF_STATUS 485 */ 486 static QDF_STATUS 487 dp_rx_defrag_ccmp_demic(struct dp_soc *soc, qdf_nbuf_t nbuf, uint16_t hdrlen) 488 { 489 uint8_t *ivp, *orig_hdr; 490 int rx_desc_len = soc->rx_pkt_tlv_size; 491 492 /* start of the 802.11 header */ 493 orig_hdr = (uint8_t *)(qdf_nbuf_data(nbuf) + rx_desc_len); 494 495 /* CCMP header is located after 802.11 header */ 496 ivp = orig_hdr + hdrlen; 497 if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) 498 return QDF_STATUS_E_DEFRAG_ERROR; 499 500 qdf_nbuf_trim_tail(nbuf, dp_f_ccmp.ic_trailer); 501 502 return QDF_STATUS_SUCCESS; 503 } 504 505 /* 506 * dp_rx_defrag_ccmp_decap(): decap CCMP encrypted fragment 507 * @nbuf: Pointer to the fragment 508 * @hdrlen: length of the header information 509 * 510 * decap CCMP encrypted fragment 511 * 512 * Returns: QDF_STATUS 513 */ 514 static QDF_STATUS 515 dp_rx_defrag_ccmp_decap(struct dp_soc *soc, qdf_nbuf_t nbuf, uint16_t hdrlen) 516 { 517 uint8_t *ivp, *origHdr; 518 int rx_desc_len = soc->rx_pkt_tlv_size; 519 520 origHdr = (uint8_t *) (qdf_nbuf_data(nbuf) + rx_desc_len); 521 ivp = origHdr + hdrlen; 522 523 if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) 524 return QDF_STATUS_E_DEFRAG_ERROR; 525 526 qdf_mem_move(nbuf->data + dp_f_ccmp.ic_header, nbuf->data, 527 rx_desc_len + hdrlen); 528 qdf_nbuf_pull_head(nbuf, dp_f_ccmp.ic_header); 529 530 return QDF_STATUS_SUCCESS; 531 } 532 533 /* 534 * dp_rx_defrag_wep_decap(): decap WEP encrypted fragment 535 * @msdu: Pointer to the fragment 536 * @hdrlen: length of the header information 537 * 538 * decap WEP encrypted fragment 539 * 540 * Returns: QDF_STATUS 541 */ 542 static QDF_STATUS 543 dp_rx_defrag_wep_decap(struct dp_soc *soc, qdf_nbuf_t msdu, uint16_t hdrlen) 544 { 545 uint8_t *origHdr; 546 int rx_desc_len = soc->rx_pkt_tlv_size; 547 548 origHdr = (uint8_t *) (qdf_nbuf_data(msdu) + rx_desc_len); 549 qdf_mem_move(origHdr + dp_f_wep.ic_header, origHdr, hdrlen); 550 551 qdf_nbuf_trim_tail(msdu, dp_f_wep.ic_trailer); 552 553 return QDF_STATUS_SUCCESS; 554 } 555 556 /* 557 * dp_rx_defrag_hdrsize(): Calculate the header size of the received fragment 558 * @soc: soc handle 559 * @nbuf: Pointer to the fragment 560 * 561 * Calculate the header size of the received fragment 562 * 563 * Returns: header size (uint16_t) 564 */ 565 static uint16_t dp_rx_defrag_hdrsize(struct dp_soc *soc, qdf_nbuf_t nbuf) 566 { 567 uint8_t *rx_tlv_hdr = qdf_nbuf_data(nbuf); 568 uint16_t size = sizeof(struct ieee80211_frame); 569 uint16_t fc = 0; 570 uint32_t to_ds, fr_ds; 571 uint8_t frm_ctrl_valid; 572 uint16_t frm_ctrl_field; 573 574 to_ds = hal_rx_mpdu_get_to_ds(soc->hal_soc, rx_tlv_hdr); 575 fr_ds = hal_rx_mpdu_get_fr_ds(soc->hal_soc, rx_tlv_hdr); 576 frm_ctrl_valid = 577 hal_rx_get_mpdu_frame_control_valid(soc->hal_soc, 578 rx_tlv_hdr); 579 frm_ctrl_field = hal_rx_get_frame_ctrl_field(soc->hal_soc, rx_tlv_hdr); 580 581 if (to_ds && fr_ds) 582 size += QDF_MAC_ADDR_SIZE; 583 584 if (frm_ctrl_valid) { 585 fc = frm_ctrl_field; 586 587 /* use 1-st byte for validation */ 588 if (DP_RX_DEFRAG_IEEE80211_QOS_HAS_SEQ(fc & 0xff)) { 589 size += sizeof(uint16_t); 590 /* use 2-nd byte for validation */ 591 if (((fc & 0xff00) >> 8) & IEEE80211_FC1_ORDER) 592 size += sizeof(struct ieee80211_htc); 593 } 594 } 595 596 return size; 597 } 598 599 /* 600 * dp_rx_defrag_michdr(): Calculate a pseudo MIC header 601 * @wh0: Pointer to the wireless header of the fragment 602 * @hdr: Array to hold the pseudo header 603 * 604 * Calculate a pseudo MIC header 605 * 606 * Returns: None 607 */ 608 static void dp_rx_defrag_michdr(const struct ieee80211_frame *wh0, 609 uint8_t hdr[]) 610 { 611 const struct ieee80211_frame_addr4 *wh = 612 (const struct ieee80211_frame_addr4 *)wh0; 613 614 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 615 case IEEE80211_FC1_DIR_NODS: 616 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr1); /* DA */ 617 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + QDF_MAC_ADDR_SIZE, 618 wh->i_addr2); 619 break; 620 case IEEE80211_FC1_DIR_TODS: 621 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr3); /* DA */ 622 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + QDF_MAC_ADDR_SIZE, 623 wh->i_addr2); 624 break; 625 case IEEE80211_FC1_DIR_FROMDS: 626 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr1); /* DA */ 627 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + QDF_MAC_ADDR_SIZE, 628 wh->i_addr3); 629 break; 630 case IEEE80211_FC1_DIR_DSTODS: 631 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr3); /* DA */ 632 DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + QDF_MAC_ADDR_SIZE, 633 wh->i_addr4); 634 break; 635 } 636 637 /* 638 * Bit 7 is QDF_IEEE80211_FC0_SUBTYPE_QOS for data frame, but 639 * it could also be set for deauth, disassoc, action, etc. for 640 * a mgt type frame. It comes into picture for MFP. 641 */ 642 if (wh->i_fc[0] & QDF_IEEE80211_FC0_SUBTYPE_QOS) { 643 if ((wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) == 644 IEEE80211_FC1_DIR_DSTODS) { 645 const struct ieee80211_qosframe_addr4 *qwh = 646 (const struct ieee80211_qosframe_addr4 *)wh; 647 hdr[12] = qwh->i_qos[0] & IEEE80211_QOS_TID; 648 } else { 649 const struct ieee80211_qosframe *qwh = 650 (const struct ieee80211_qosframe *)wh; 651 hdr[12] = qwh->i_qos[0] & IEEE80211_QOS_TID; 652 } 653 } else { 654 hdr[12] = 0; 655 } 656 657 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */ 658 } 659 660 /* 661 * dp_rx_defrag_mic(): Calculate MIC header 662 * @key: Pointer to the key 663 * @wbuf: fragment buffer 664 * @off: Offset 665 * @data_len: Data length 666 * @mic: Array to hold MIC 667 * 668 * Calculate a pseudo MIC header 669 * 670 * Returns: QDF_STATUS 671 */ 672 static QDF_STATUS dp_rx_defrag_mic(struct dp_soc *soc, const uint8_t *key, 673 qdf_nbuf_t wbuf, uint16_t off, 674 uint16_t data_len, uint8_t mic[]) 675 { 676 uint8_t hdr[16] = { 0, }; 677 uint32_t l, r; 678 const uint8_t *data; 679 uint32_t space; 680 int rx_desc_len = soc->rx_pkt_tlv_size; 681 682 dp_rx_defrag_michdr((struct ieee80211_frame *)(qdf_nbuf_data(wbuf) 683 + rx_desc_len), hdr); 684 685 l = dp_rx_get_le32(key); 686 r = dp_rx_get_le32(key + 4); 687 688 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */ 689 l ^= dp_rx_get_le32(hdr); 690 dp_rx_michael_block(l, r); 691 l ^= dp_rx_get_le32(&hdr[4]); 692 dp_rx_michael_block(l, r); 693 l ^= dp_rx_get_le32(&hdr[8]); 694 dp_rx_michael_block(l, r); 695 l ^= dp_rx_get_le32(&hdr[12]); 696 dp_rx_michael_block(l, r); 697 698 /* first buffer has special handling */ 699 data = (uint8_t *)qdf_nbuf_data(wbuf) + off; 700 space = qdf_nbuf_len(wbuf) - off; 701 702 for (;; ) { 703 if (space > data_len) 704 space = data_len; 705 706 /* collect 32-bit blocks from current buffer */ 707 while (space >= sizeof(uint32_t)) { 708 l ^= dp_rx_get_le32(data); 709 dp_rx_michael_block(l, r); 710 data += sizeof(uint32_t); 711 space -= sizeof(uint32_t); 712 data_len -= sizeof(uint32_t); 713 } 714 if (data_len < sizeof(uint32_t)) 715 break; 716 717 wbuf = qdf_nbuf_next(wbuf); 718 if (!wbuf) 719 return QDF_STATUS_E_DEFRAG_ERROR; 720 721 if (space != 0) { 722 const uint8_t *data_next; 723 /* 724 * Block straddles buffers, split references. 725 */ 726 data_next = 727 (uint8_t *)qdf_nbuf_data(wbuf) + off; 728 if ((qdf_nbuf_len(wbuf)) < 729 sizeof(uint32_t) - space) { 730 return QDF_STATUS_E_DEFRAG_ERROR; 731 } 732 switch (space) { 733 case 1: 734 l ^= dp_rx_get_le32_split(data[0], 735 data_next[0], data_next[1], 736 data_next[2]); 737 data = data_next + 3; 738 space = (qdf_nbuf_len(wbuf) - off) - 3; 739 break; 740 case 2: 741 l ^= dp_rx_get_le32_split(data[0], data[1], 742 data_next[0], data_next[1]); 743 data = data_next + 2; 744 space = (qdf_nbuf_len(wbuf) - off) - 2; 745 break; 746 case 3: 747 l ^= dp_rx_get_le32_split(data[0], data[1], 748 data[2], data_next[0]); 749 data = data_next + 1; 750 space = (qdf_nbuf_len(wbuf) - off) - 1; 751 break; 752 } 753 dp_rx_michael_block(l, r); 754 data_len -= sizeof(uint32_t); 755 } else { 756 /* 757 * Setup for next buffer. 758 */ 759 data = (uint8_t *)qdf_nbuf_data(wbuf) + off; 760 space = qdf_nbuf_len(wbuf) - off; 761 } 762 } 763 /* Last block and padding (0x5a, 4..7 x 0) */ 764 switch (data_len) { 765 case 0: 766 l ^= dp_rx_get_le32_split(0x5a, 0, 0, 0); 767 break; 768 case 1: 769 l ^= dp_rx_get_le32_split(data[0], 0x5a, 0, 0); 770 break; 771 case 2: 772 l ^= dp_rx_get_le32_split(data[0], data[1], 0x5a, 0); 773 break; 774 case 3: 775 l ^= dp_rx_get_le32_split(data[0], data[1], data[2], 0x5a); 776 break; 777 } 778 dp_rx_michael_block(l, r); 779 dp_rx_michael_block(l, r); 780 dp_rx_put_le32(mic, l); 781 dp_rx_put_le32(mic + 4, r); 782 783 return QDF_STATUS_SUCCESS; 784 } 785 786 /* 787 * dp_rx_defrag_tkip_demic(): Remove MIC header from the TKIP frame 788 * @key: Pointer to the key 789 * @msdu: fragment buffer 790 * @hdrlen: Length of the header information 791 * 792 * Remove MIC information from the TKIP frame 793 * 794 * Returns: QDF_STATUS 795 */ 796 static QDF_STATUS dp_rx_defrag_tkip_demic(struct dp_soc *soc, 797 const uint8_t *key, 798 qdf_nbuf_t msdu, uint16_t hdrlen) 799 { 800 QDF_STATUS status; 801 uint32_t pktlen = 0, prev_data_len; 802 uint8_t mic[IEEE80211_WEP_MICLEN]; 803 uint8_t mic0[IEEE80211_WEP_MICLEN]; 804 qdf_nbuf_t prev = NULL, prev0, next; 805 uint8_t len0 = 0; 806 807 next = msdu; 808 prev0 = msdu; 809 while (next) { 810 pktlen += (qdf_nbuf_len(next) - hdrlen); 811 prev = next; 812 dp_debug("pktlen %u", 813 (uint32_t)(qdf_nbuf_len(next) - hdrlen)); 814 next = qdf_nbuf_next(next); 815 if (next && !qdf_nbuf_next(next)) 816 prev0 = prev; 817 } 818 819 if (!prev) { 820 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 821 "%s Defrag chaining failed !\n", __func__); 822 return QDF_STATUS_E_DEFRAG_ERROR; 823 } 824 825 prev_data_len = qdf_nbuf_len(prev) - hdrlen; 826 if (prev_data_len < dp_f_tkip.ic_miclen) { 827 if (prev0 == prev) { 828 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 829 "%s Fragments don't have MIC header !\n", __func__); 830 return QDF_STATUS_E_DEFRAG_ERROR; 831 } 832 len0 = dp_f_tkip.ic_miclen - (uint8_t)prev_data_len; 833 qdf_nbuf_copy_bits(prev0, qdf_nbuf_len(prev0) - len0, len0, 834 (caddr_t)mic0); 835 qdf_nbuf_trim_tail(prev0, len0); 836 } 837 838 qdf_nbuf_copy_bits(prev, (qdf_nbuf_len(prev) - 839 (dp_f_tkip.ic_miclen - len0)), 840 (dp_f_tkip.ic_miclen - len0), 841 (caddr_t)(&mic0[len0])); 842 qdf_nbuf_trim_tail(prev, (dp_f_tkip.ic_miclen - len0)); 843 pktlen -= dp_f_tkip.ic_miclen; 844 845 if (((qdf_nbuf_len(prev) - hdrlen) == 0) && prev != msdu) { 846 dp_rx_nbuf_free(prev); 847 qdf_nbuf_set_next(prev0, NULL); 848 } 849 850 status = dp_rx_defrag_mic(soc, key, msdu, hdrlen, 851 pktlen, mic); 852 853 if (QDF_IS_STATUS_ERROR(status)) 854 return status; 855 856 if (qdf_mem_cmp(mic, mic0, dp_f_tkip.ic_miclen)) 857 return QDF_STATUS_E_DEFRAG_ERROR; 858 859 return QDF_STATUS_SUCCESS; 860 } 861 862 /* 863 * dp_rx_frag_pull_hdr(): Pulls the RXTLV & the 802.11 headers 864 * @nbuf: buffer pointer 865 * @hdrsize: size of the header to be pulled 866 * 867 * Pull the RXTLV & the 802.11 headers 868 * 869 * Returns: None 870 */ 871 static void dp_rx_frag_pull_hdr(struct dp_soc *soc, 872 qdf_nbuf_t nbuf, uint16_t hdrsize) 873 { 874 hal_rx_print_pn(soc->hal_soc, qdf_nbuf_data(nbuf)); 875 876 qdf_nbuf_pull_head(nbuf, soc->rx_pkt_tlv_size + hdrsize); 877 878 dp_debug("final pktlen %d .11len %d", 879 (uint32_t)qdf_nbuf_len(nbuf), hdrsize); 880 } 881 882 /* 883 * dp_rx_defrag_pn_check(): Check the PN of current fragmented with prev PN 884 * @msdu: msdu to get the current PN 885 * @cur_pn128: PN extracted from current msdu 886 * @prev_pn128: Prev PN 887 * 888 * Returns: 0 on success, non zero on failure 889 */ 890 static int dp_rx_defrag_pn_check(struct dp_soc *soc, qdf_nbuf_t msdu, 891 uint64_t *cur_pn128, uint64_t *prev_pn128) 892 { 893 int out_of_order = 0; 894 895 hal_rx_tlv_get_pn_num(soc->hal_soc, qdf_nbuf_data(msdu), cur_pn128); 896 897 if (cur_pn128[1] == prev_pn128[1]) 898 out_of_order = (cur_pn128[0] - prev_pn128[0] != 1); 899 else 900 out_of_order = (cur_pn128[1] - prev_pn128[1] != 1); 901 902 return out_of_order; 903 } 904 905 /* 906 * dp_rx_construct_fraglist(): Construct a nbuf fraglist 907 * @txrx peer: Pointer to the txrx peer 908 * @head: Pointer to list of fragments 909 * @hdrsize: Size of the header to be pulled 910 * 911 * Construct a nbuf fraglist 912 * 913 * Returns: None 914 */ 915 static int 916 dp_rx_construct_fraglist(struct dp_txrx_peer *txrx_peer, int tid, 917 qdf_nbuf_t head, 918 uint16_t hdrsize) 919 { 920 struct dp_soc *soc = txrx_peer->vdev->pdev->soc; 921 qdf_nbuf_t msdu = qdf_nbuf_next(head); 922 qdf_nbuf_t rx_nbuf = msdu; 923 struct dp_rx_tid_defrag *rx_tid = &txrx_peer->rx_tid[tid]; 924 uint32_t len = 0; 925 uint64_t cur_pn128[2] = {0, 0}, prev_pn128[2]; 926 int out_of_order = 0; 927 int index; 928 int needs_pn_check = 0; 929 enum cdp_sec_type sec_type; 930 931 prev_pn128[0] = rx_tid->pn128[0]; 932 prev_pn128[1] = rx_tid->pn128[1]; 933 934 index = hal_rx_msdu_is_wlan_mcast(soc->hal_soc, msdu) ? dp_sec_mcast : 935 dp_sec_ucast; 936 sec_type = txrx_peer->security[index].sec_type; 937 938 if (!(sec_type == cdp_sec_type_none || sec_type == cdp_sec_type_wep128 || 939 sec_type == cdp_sec_type_wep104 || sec_type == cdp_sec_type_wep40)) 940 needs_pn_check = 1; 941 942 while (msdu) { 943 if (qdf_likely(needs_pn_check)) 944 out_of_order = dp_rx_defrag_pn_check(soc, msdu, 945 &cur_pn128[0], 946 &prev_pn128[0]); 947 948 if (qdf_unlikely(out_of_order)) { 949 dp_info_rl("cur_pn128[0] 0x%llx cur_pn128[1] 0x%llx prev_pn128[0] 0x%llx prev_pn128[1] 0x%llx", 950 cur_pn128[0], cur_pn128[1], 951 prev_pn128[0], prev_pn128[1]); 952 return QDF_STATUS_E_FAILURE; 953 } 954 955 prev_pn128[0] = cur_pn128[0]; 956 prev_pn128[1] = cur_pn128[1]; 957 958 /* 959 * Broadcast and multicast frames should never be fragmented. 960 * Iterating through all msdus and dropping fragments if even 961 * one of them has mcast/bcast destination address. 962 */ 963 if (hal_rx_msdu_is_wlan_mcast(soc->hal_soc, msdu)) { 964 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 965 "Dropping multicast/broadcast fragments"); 966 return QDF_STATUS_E_FAILURE; 967 } 968 969 dp_rx_frag_pull_hdr(soc, msdu, hdrsize); 970 len += qdf_nbuf_len(msdu); 971 msdu = qdf_nbuf_next(msdu); 972 } 973 974 qdf_nbuf_append_ext_list(head, rx_nbuf, len); 975 qdf_nbuf_set_next(head, NULL); 976 qdf_nbuf_set_is_frag(head, 1); 977 978 dp_debug("head len %d ext len %d data len %d ", 979 (uint32_t)qdf_nbuf_len(head), 980 (uint32_t)qdf_nbuf_len(rx_nbuf), 981 (uint32_t)(head->data_len)); 982 983 return QDF_STATUS_SUCCESS; 984 } 985 986 /** 987 * dp_rx_defrag_err() - rx err handler 988 * @pdev: handle to pdev object 989 * @vdev_id: vdev id 990 * @peer_mac_addr: peer mac address 991 * @tid: TID 992 * @tsf32: TSF 993 * @err_type: error type 994 * @rx_frame: rx frame 995 * @pn: PN Number 996 * @key_id: key id 997 * 998 * This function handles rx error and send MIC error notification 999 * 1000 * Return: None 1001 */ 1002 static void dp_rx_defrag_err(struct dp_vdev *vdev, qdf_nbuf_t nbuf) 1003 { 1004 struct ol_if_ops *tops = NULL; 1005 struct dp_pdev *pdev = vdev->pdev; 1006 int rx_desc_len = pdev->soc->rx_pkt_tlv_size; 1007 uint8_t *orig_hdr; 1008 struct ieee80211_frame *wh; 1009 struct cdp_rx_mic_err_info mic_failure_info; 1010 1011 orig_hdr = (uint8_t *)(qdf_nbuf_data(nbuf) + rx_desc_len); 1012 wh = (struct ieee80211_frame *)orig_hdr; 1013 1014 qdf_copy_macaddr((struct qdf_mac_addr *)&mic_failure_info.da_mac_addr, 1015 (struct qdf_mac_addr *)&wh->i_addr1); 1016 qdf_copy_macaddr((struct qdf_mac_addr *)&mic_failure_info.ta_mac_addr, 1017 (struct qdf_mac_addr *)&wh->i_addr2); 1018 mic_failure_info.key_id = 0; 1019 mic_failure_info.multicast = 1020 IEEE80211_IS_MULTICAST(wh->i_addr1); 1021 qdf_mem_zero(mic_failure_info.tsc, MIC_SEQ_CTR_SIZE); 1022 mic_failure_info.frame_type = cdp_rx_frame_type_802_11; 1023 mic_failure_info.data = (uint8_t *)wh; 1024 mic_failure_info.vdev_id = vdev->vdev_id; 1025 1026 tops = pdev->soc->cdp_soc.ol_ops; 1027 if (tops->rx_mic_error) 1028 tops->rx_mic_error(pdev->soc->ctrl_psoc, pdev->pdev_id, 1029 &mic_failure_info); 1030 } 1031 1032 1033 /* 1034 * dp_rx_defrag_nwifi_to_8023(): Transcap 802.11 to 802.3 1035 * @soc: dp soc handle 1036 * @txrx_peer: txrx_peer handle 1037 * @nbuf: Pointer to the fragment buffer 1038 * @hdrsize: Size of headers 1039 * 1040 * Transcap the fragment from 802.11 to 802.3 1041 * 1042 * Returns: None 1043 */ 1044 static void 1045 dp_rx_defrag_nwifi_to_8023(struct dp_soc *soc, struct dp_txrx_peer *txrx_peer, 1046 int tid, qdf_nbuf_t nbuf, uint16_t hdrsize) 1047 { 1048 struct llc_snap_hdr_t *llchdr; 1049 struct ethernet_hdr_t *eth_hdr; 1050 uint8_t ether_type[2]; 1051 uint16_t fc = 0; 1052 union dp_align_mac_addr mac_addr; 1053 uint8_t *rx_desc_info = qdf_mem_malloc(soc->rx_pkt_tlv_size); 1054 struct dp_rx_tid_defrag *rx_tid = &txrx_peer->rx_tid[tid]; 1055 1056 hal_rx_tlv_get_pn_num(soc->hal_soc, qdf_nbuf_data(nbuf), rx_tid->pn128); 1057 1058 hal_rx_print_pn(soc->hal_soc, qdf_nbuf_data(nbuf)); 1059 1060 if (!rx_desc_info) { 1061 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1062 "%s: Memory alloc failed ! ", __func__); 1063 QDF_ASSERT(0); 1064 return; 1065 } 1066 1067 qdf_mem_copy(rx_desc_info, qdf_nbuf_data(nbuf), soc->rx_pkt_tlv_size); 1068 1069 llchdr = (struct llc_snap_hdr_t *)(qdf_nbuf_data(nbuf) + 1070 soc->rx_pkt_tlv_size + hdrsize); 1071 qdf_mem_copy(ether_type, llchdr->ethertype, 2); 1072 1073 qdf_nbuf_pull_head(nbuf, (soc->rx_pkt_tlv_size + hdrsize + 1074 sizeof(struct llc_snap_hdr_t) - 1075 sizeof(struct ethernet_hdr_t))); 1076 1077 eth_hdr = (struct ethernet_hdr_t *)(qdf_nbuf_data(nbuf)); 1078 1079 if (hal_rx_get_mpdu_frame_control_valid(soc->hal_soc, 1080 rx_desc_info)) 1081 fc = hal_rx_get_frame_ctrl_field(soc->hal_soc, rx_desc_info); 1082 1083 dp_debug("Frame control type: 0x%x", fc); 1084 1085 switch (((fc & 0xff00) >> 8) & IEEE80211_FC1_DIR_MASK) { 1086 case IEEE80211_FC1_DIR_NODS: 1087 hal_rx_mpdu_get_addr1(soc->hal_soc, rx_desc_info, 1088 &mac_addr.raw[0]); 1089 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 1090 QDF_MAC_ADDR_SIZE); 1091 hal_rx_mpdu_get_addr2(soc->hal_soc, rx_desc_info, 1092 &mac_addr.raw[0]); 1093 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 1094 QDF_MAC_ADDR_SIZE); 1095 break; 1096 case IEEE80211_FC1_DIR_TODS: 1097 hal_rx_mpdu_get_addr3(soc->hal_soc, rx_desc_info, 1098 &mac_addr.raw[0]); 1099 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 1100 QDF_MAC_ADDR_SIZE); 1101 hal_rx_mpdu_get_addr2(soc->hal_soc, rx_desc_info, 1102 &mac_addr.raw[0]); 1103 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 1104 QDF_MAC_ADDR_SIZE); 1105 break; 1106 case IEEE80211_FC1_DIR_FROMDS: 1107 hal_rx_mpdu_get_addr1(soc->hal_soc, rx_desc_info, 1108 &mac_addr.raw[0]); 1109 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 1110 QDF_MAC_ADDR_SIZE); 1111 hal_rx_mpdu_get_addr3(soc->hal_soc, rx_desc_info, 1112 &mac_addr.raw[0]); 1113 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 1114 QDF_MAC_ADDR_SIZE); 1115 break; 1116 1117 case IEEE80211_FC1_DIR_DSTODS: 1118 hal_rx_mpdu_get_addr3(soc->hal_soc, rx_desc_info, 1119 &mac_addr.raw[0]); 1120 qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0], 1121 QDF_MAC_ADDR_SIZE); 1122 hal_rx_mpdu_get_addr4(soc->hal_soc, rx_desc_info, 1123 &mac_addr.raw[0]); 1124 qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0], 1125 QDF_MAC_ADDR_SIZE); 1126 break; 1127 1128 default: 1129 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1130 "%s: Unknown frame control type: 0x%x", __func__, fc); 1131 } 1132 1133 qdf_mem_copy(eth_hdr->ethertype, ether_type, 1134 sizeof(ether_type)); 1135 1136 qdf_nbuf_push_head(nbuf, soc->rx_pkt_tlv_size); 1137 qdf_mem_copy(qdf_nbuf_data(nbuf), rx_desc_info, soc->rx_pkt_tlv_size); 1138 qdf_mem_free(rx_desc_info); 1139 } 1140 1141 #ifdef RX_DEFRAG_DO_NOT_REINJECT 1142 /* 1143 * dp_rx_defrag_deliver(): Deliver defrag packet to stack 1144 * @peer: Pointer to the peer 1145 * @tid: Transmit Identifier 1146 * @head: Nbuf to be delivered 1147 * 1148 * Returns: None 1149 */ 1150 static inline void dp_rx_defrag_deliver(struct dp_txrx_peer *txrx_peer, 1151 unsigned int tid, 1152 qdf_nbuf_t head) 1153 { 1154 struct dp_vdev *vdev = txrx_peer->vdev; 1155 struct dp_soc *soc = vdev->pdev->soc; 1156 qdf_nbuf_t deliver_list_head = NULL; 1157 qdf_nbuf_t deliver_list_tail = NULL; 1158 uint8_t *rx_tlv_hdr; 1159 1160 rx_tlv_hdr = qdf_nbuf_data(head); 1161 1162 QDF_NBUF_CB_RX_VDEV_ID(head) = vdev->vdev_id; 1163 qdf_nbuf_set_tid_val(head, tid); 1164 qdf_nbuf_pull_head(head, soc->rx_pkt_tlv_size); 1165 1166 DP_RX_LIST_APPEND(deliver_list_head, deliver_list_tail, 1167 head); 1168 dp_rx_deliver_to_stack(soc, vdev, txrx_peer, deliver_list_head, 1169 deliver_list_tail); 1170 } 1171 1172 /* 1173 * dp_rx_defrag_reo_reinject(): Reinject the fragment chain back into REO 1174 * @txrx peer: Pointer to the peer 1175 * @tid: Transmit Identifier 1176 * @head: Buffer to be reinjected back 1177 * 1178 * Reinject the fragment chain back into REO 1179 * 1180 * Returns: QDF_STATUS 1181 */ 1182 static QDF_STATUS dp_rx_defrag_reo_reinject(struct dp_txrx_peer *txrx_peer, 1183 unsigned int tid, qdf_nbuf_t head) 1184 { 1185 struct dp_rx_reorder_array_elem *rx_reorder_array_elem; 1186 1187 rx_reorder_array_elem = txrx_peer->rx_tid[tid].array; 1188 1189 dp_rx_defrag_deliver(txrx_peer, tid, head); 1190 rx_reorder_array_elem->head = NULL; 1191 rx_reorder_array_elem->tail = NULL; 1192 dp_rx_return_head_frag_desc(txrx_peer, tid); 1193 1194 return QDF_STATUS_SUCCESS; 1195 } 1196 #else 1197 #ifdef WLAN_FEATURE_DP_RX_RING_HISTORY 1198 /** 1199 * dp_rx_reinject_ring_record_entry() - Record reinject ring history 1200 * @soc: Datapath soc structure 1201 * @paddr: paddr of the buffer reinjected to SW2REO ring 1202 * @sw_cookie: SW cookie of the buffer reinjected to SW2REO ring 1203 * @rbm: Return buffer manager of the buffer reinjected to SW2REO ring 1204 * 1205 * Returns: None 1206 */ 1207 static inline void 1208 dp_rx_reinject_ring_record_entry(struct dp_soc *soc, uint64_t paddr, 1209 uint32_t sw_cookie, uint8_t rbm) 1210 { 1211 struct dp_buf_info_record *record; 1212 uint32_t idx; 1213 1214 if (qdf_unlikely(!soc->rx_reinject_ring_history)) 1215 return; 1216 1217 idx = dp_history_get_next_index(&soc->rx_reinject_ring_history->index, 1218 DP_RX_REINJECT_HIST_MAX); 1219 1220 /* No NULL check needed for record since its an array */ 1221 record = &soc->rx_reinject_ring_history->entry[idx]; 1222 1223 record->timestamp = qdf_get_log_timestamp(); 1224 record->hbi.paddr = paddr; 1225 record->hbi.sw_cookie = sw_cookie; 1226 record->hbi.rbm = rbm; 1227 } 1228 #else 1229 static inline void 1230 dp_rx_reinject_ring_record_entry(struct dp_soc *soc, uint64_t paddr, 1231 uint32_t sw_cookie, uint8_t rbm) 1232 { 1233 } 1234 #endif 1235 1236 /* 1237 * dp_rx_defrag_reo_reinject(): Reinject the fragment chain back into REO 1238 * @txrx_peer: Pointer to the txrx_peer 1239 * @tid: Transmit Identifier 1240 * @head: Buffer to be reinjected back 1241 * 1242 * Reinject the fragment chain back into REO 1243 * 1244 * Returns: QDF_STATUS 1245 */ 1246 static QDF_STATUS dp_rx_defrag_reo_reinject(struct dp_txrx_peer *txrx_peer, 1247 unsigned int tid, qdf_nbuf_t head) 1248 { 1249 struct dp_pdev *pdev = txrx_peer->vdev->pdev; 1250 struct dp_soc *soc = pdev->soc; 1251 struct hal_buf_info buf_info; 1252 struct hal_buf_info temp_buf_info; 1253 void *link_desc_va; 1254 void *msdu0, *msdu_desc_info; 1255 void *ent_ring_desc, *ent_mpdu_desc_info, *ent_qdesc_addr; 1256 void *dst_mpdu_desc_info; 1257 uint64_t dst_qdesc_addr; 1258 qdf_dma_addr_t paddr; 1259 uint32_t nbuf_len, seq_no, dst_ind; 1260 uint32_t *mpdu_wrd; 1261 uint32_t ret, cookie; 1262 hal_ring_desc_t dst_ring_desc = 1263 txrx_peer->rx_tid[tid].dst_ring_desc; 1264 hal_ring_handle_t hal_srng = soc->reo_reinject_ring.hal_srng; 1265 struct dp_rx_desc *rx_desc = txrx_peer->rx_tid[tid].head_frag_desc; 1266 struct dp_rx_reorder_array_elem *rx_reorder_array_elem = 1267 txrx_peer->rx_tid[tid].array; 1268 qdf_nbuf_t nbuf_head; 1269 struct rx_desc_pool *rx_desc_pool = NULL; 1270 void *buf_addr_info = HAL_RX_REO_BUF_ADDR_INFO_GET(dst_ring_desc); 1271 uint8_t rx_defrag_rbm_id = dp_rx_get_defrag_bm_id(soc); 1272 1273 /* do duplicate link desc address check */ 1274 dp_rx_link_desc_refill_duplicate_check( 1275 soc, 1276 &soc->last_op_info.reo_reinject_link_desc, 1277 buf_addr_info); 1278 1279 nbuf_head = dp_ipa_handle_rx_reo_reinject(soc, head); 1280 if (qdf_unlikely(!nbuf_head)) { 1281 dp_err_rl("IPA RX REO reinject failed"); 1282 return QDF_STATUS_E_FAILURE; 1283 } 1284 1285 /* update new allocated skb in case IPA is enabled */ 1286 if (nbuf_head != head) { 1287 head = nbuf_head; 1288 rx_desc->nbuf = head; 1289 rx_reorder_array_elem->head = head; 1290 } 1291 1292 ent_ring_desc = hal_srng_src_get_next(soc->hal_soc, hal_srng); 1293 if (!ent_ring_desc) { 1294 dp_err_rl("HAL src ring next entry NULL"); 1295 return QDF_STATUS_E_FAILURE; 1296 } 1297 1298 hal_rx_reo_buf_paddr_get(soc->hal_soc, dst_ring_desc, &buf_info); 1299 1300 /* buffer_addr_info is the first element of ring_desc */ 1301 hal_rx_buf_cookie_rbm_get(soc->hal_soc, (uint32_t *)dst_ring_desc, 1302 &buf_info); 1303 1304 link_desc_va = dp_rx_cookie_2_link_desc_va(soc, &buf_info); 1305 1306 qdf_assert_always(link_desc_va); 1307 1308 msdu0 = hal_rx_msdu0_buffer_addr_lsb(soc->hal_soc, link_desc_va); 1309 nbuf_len = qdf_nbuf_len(head) - soc->rx_pkt_tlv_size; 1310 1311 HAL_RX_UNIFORM_HDR_SET(link_desc_va, OWNER, UNI_DESC_OWNER_SW); 1312 HAL_RX_UNIFORM_HDR_SET(link_desc_va, BUFFER_TYPE, 1313 UNI_DESC_BUF_TYPE_RX_MSDU_LINK); 1314 1315 /* msdu reconfig */ 1316 msdu_desc_info = hal_rx_msdu_desc_info_ptr_get(soc->hal_soc, msdu0); 1317 1318 dst_ind = hal_rx_msdu_reo_dst_ind_get(soc->hal_soc, link_desc_va); 1319 1320 qdf_mem_zero(msdu_desc_info, sizeof(struct rx_msdu_desc_info)); 1321 1322 hal_msdu_desc_info_set(soc->hal_soc, msdu_desc_info, dst_ind, nbuf_len); 1323 1324 /* change RX TLV's */ 1325 hal_rx_tlv_msdu_len_set(soc->hal_soc, qdf_nbuf_data(head), nbuf_len); 1326 1327 hal_rx_buf_cookie_rbm_get(soc->hal_soc, (uint32_t *)msdu0, 1328 &temp_buf_info); 1329 1330 cookie = temp_buf_info.sw_cookie; 1331 rx_desc_pool = &soc->rx_desc_buf[pdev->lmac_id]; 1332 1333 /* map the nbuf before reinject it into HW */ 1334 ret = qdf_nbuf_map_nbytes_single(soc->osdev, head, 1335 QDF_DMA_FROM_DEVICE, 1336 rx_desc_pool->buf_size); 1337 if (qdf_unlikely(ret == QDF_STATUS_E_FAILURE)) { 1338 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1339 "%s: nbuf map failed !", __func__); 1340 return QDF_STATUS_E_FAILURE; 1341 } 1342 1343 dp_ipa_handle_rx_buf_smmu_mapping(soc, head, 1344 rx_desc_pool->buf_size, 1345 true); 1346 1347 /* 1348 * As part of rx frag handler bufffer was unmapped and rx desc 1349 * unmapped is set to 1. So again for defrag reinject frame reset 1350 * it back to 0. 1351 */ 1352 rx_desc->unmapped = 0; 1353 1354 paddr = qdf_nbuf_get_frag_paddr(head, 0); 1355 1356 ret = dp_check_paddr(soc, &head, &paddr, rx_desc_pool); 1357 1358 if (ret == QDF_STATUS_E_FAILURE) { 1359 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1360 "%s: x86 check failed !", __func__); 1361 return QDF_STATUS_E_FAILURE; 1362 } 1363 1364 hal_rxdma_buff_addr_info_set(soc->hal_soc, msdu0, paddr, cookie, 1365 rx_defrag_rbm_id); 1366 1367 /* Lets fill entrance ring now !!! */ 1368 if (qdf_unlikely(hal_srng_access_start(soc->hal_soc, hal_srng))) { 1369 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1370 "HAL RING Access For REO entrance SRNG Failed: %pK", 1371 hal_srng); 1372 1373 return QDF_STATUS_E_FAILURE; 1374 } 1375 1376 dp_rx_reinject_ring_record_entry(soc, paddr, cookie, 1377 rx_defrag_rbm_id); 1378 paddr = (uint64_t)buf_info.paddr; 1379 /* buf addr */ 1380 hal_rxdma_buff_addr_info_set(soc->hal_soc, ent_ring_desc, paddr, 1381 buf_info.sw_cookie, 1382 soc->idle_link_bm_id); 1383 /* mpdu desc info */ 1384 ent_mpdu_desc_info = hal_ent_mpdu_desc_info(soc->hal_soc, 1385 ent_ring_desc); 1386 dst_mpdu_desc_info = hal_dst_mpdu_desc_info(soc->hal_soc, 1387 dst_ring_desc); 1388 1389 qdf_mem_copy(ent_mpdu_desc_info, dst_mpdu_desc_info, 1390 sizeof(struct rx_mpdu_desc_info)); 1391 qdf_mem_zero(ent_mpdu_desc_info, sizeof(uint32_t)); 1392 1393 mpdu_wrd = (uint32_t *)dst_mpdu_desc_info; 1394 seq_no = hal_rx_get_rx_sequence(soc->hal_soc, qdf_nbuf_data(head)); 1395 1396 hal_mpdu_desc_info_set(soc->hal_soc, ent_mpdu_desc_info, seq_no); 1397 /* qdesc addr */ 1398 ent_qdesc_addr = hal_get_reo_ent_desc_qdesc_addr(soc->hal_soc, 1399 (uint8_t *)ent_ring_desc); 1400 1401 dst_qdesc_addr = hal_rx_get_qdesc_addr(soc->hal_soc, 1402 (uint8_t *)dst_ring_desc, 1403 qdf_nbuf_data(head)); 1404 1405 qdf_mem_copy(ent_qdesc_addr, &dst_qdesc_addr, 5); 1406 1407 hal_set_reo_ent_desc_reo_dest_ind(soc->hal_soc, 1408 (uint8_t *)ent_ring_desc, dst_ind); 1409 1410 hal_srng_access_end(soc->hal_soc, hal_srng); 1411 1412 DP_STATS_INC(soc, rx.reo_reinject, 1); 1413 dp_debug("reinjection done !"); 1414 return QDF_STATUS_SUCCESS; 1415 } 1416 #endif 1417 1418 /* 1419 * dp_rx_defrag_gcmp_demic(): Remove MIC information from GCMP fragment 1420 * @soc: Datapath soc structure 1421 * @nbuf: Pointer to the fragment buffer 1422 * @hdrlen: 802.11 header length 1423 * 1424 * Remove MIC information from GCMP fragment 1425 * 1426 * Returns: QDF_STATUS 1427 */ 1428 static QDF_STATUS dp_rx_defrag_gcmp_demic(struct dp_soc *soc, qdf_nbuf_t nbuf, 1429 uint16_t hdrlen) 1430 { 1431 uint8_t *ivp, *orig_hdr; 1432 int rx_desc_len = soc->rx_pkt_tlv_size; 1433 1434 /* start of the 802.11 header */ 1435 orig_hdr = (uint8_t *)(qdf_nbuf_data(nbuf) + rx_desc_len); 1436 1437 /* 1438 * GCMP header is located after 802.11 header and EXTIV 1439 * field should always be set to 1 for GCMP protocol. 1440 */ 1441 ivp = orig_hdr + hdrlen; 1442 if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) 1443 return QDF_STATUS_E_DEFRAG_ERROR; 1444 1445 qdf_nbuf_trim_tail(nbuf, dp_f_gcmp.ic_trailer); 1446 1447 return QDF_STATUS_SUCCESS; 1448 } 1449 1450 /* 1451 * dp_rx_defrag(): Defragment the fragment chain 1452 * @txrx peer: Pointer to the peer 1453 * @tid: Transmit Identifier 1454 * @frag_list_head: Pointer to head list 1455 * @frag_list_tail: Pointer to tail list 1456 * 1457 * Defragment the fragment chain 1458 * 1459 * Returns: QDF_STATUS 1460 */ 1461 static QDF_STATUS dp_rx_defrag(struct dp_txrx_peer *txrx_peer, unsigned int tid, 1462 qdf_nbuf_t frag_list_head, 1463 qdf_nbuf_t frag_list_tail) 1464 { 1465 qdf_nbuf_t tmp_next, prev; 1466 qdf_nbuf_t cur = frag_list_head, msdu; 1467 uint32_t index, tkip_demic = 0; 1468 uint16_t hdr_space; 1469 uint8_t key[DEFRAG_IEEE80211_KEY_LEN]; 1470 struct dp_vdev *vdev = txrx_peer->vdev; 1471 struct dp_soc *soc = vdev->pdev->soc; 1472 uint8_t status = 0; 1473 1474 if (!cur) 1475 return QDF_STATUS_E_DEFRAG_ERROR; 1476 1477 hdr_space = dp_rx_defrag_hdrsize(soc, cur); 1478 index = hal_rx_msdu_is_wlan_mcast(soc->hal_soc, cur) ? 1479 dp_sec_mcast : dp_sec_ucast; 1480 1481 /* Remove FCS from all fragments */ 1482 while (cur) { 1483 tmp_next = qdf_nbuf_next(cur); 1484 qdf_nbuf_set_next(cur, NULL); 1485 qdf_nbuf_trim_tail(cur, DEFRAG_IEEE80211_FCS_LEN); 1486 prev = cur; 1487 qdf_nbuf_set_next(cur, tmp_next); 1488 cur = tmp_next; 1489 } 1490 cur = frag_list_head; 1491 1492 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_DEBUG, 1493 "%s: index %d Security type: %d", __func__, 1494 index, txrx_peer->security[index].sec_type); 1495 1496 switch (txrx_peer->security[index].sec_type) { 1497 case cdp_sec_type_tkip: 1498 tkip_demic = 1; 1499 fallthrough; 1500 case cdp_sec_type_tkip_nomic: 1501 while (cur) { 1502 tmp_next = qdf_nbuf_next(cur); 1503 if (dp_rx_defrag_tkip_decap(soc, cur, hdr_space)) { 1504 1505 QDF_TRACE(QDF_MODULE_ID_TXRX, 1506 QDF_TRACE_LEVEL_ERROR, 1507 "dp_rx_defrag: TKIP decap failed"); 1508 1509 return QDF_STATUS_E_DEFRAG_ERROR; 1510 } 1511 cur = tmp_next; 1512 } 1513 1514 /* If success, increment header to be stripped later */ 1515 hdr_space += dp_f_tkip.ic_header; 1516 break; 1517 1518 case cdp_sec_type_aes_ccmp: 1519 while (cur) { 1520 tmp_next = qdf_nbuf_next(cur); 1521 if (dp_rx_defrag_ccmp_demic(soc, cur, hdr_space)) { 1522 1523 QDF_TRACE(QDF_MODULE_ID_TXRX, 1524 QDF_TRACE_LEVEL_ERROR, 1525 "dp_rx_defrag: CCMP demic failed"); 1526 1527 return QDF_STATUS_E_DEFRAG_ERROR; 1528 } 1529 if (dp_rx_defrag_ccmp_decap(soc, cur, hdr_space)) { 1530 1531 QDF_TRACE(QDF_MODULE_ID_TXRX, 1532 QDF_TRACE_LEVEL_ERROR, 1533 "dp_rx_defrag: CCMP decap failed"); 1534 1535 return QDF_STATUS_E_DEFRAG_ERROR; 1536 } 1537 cur = tmp_next; 1538 } 1539 1540 /* If success, increment header to be stripped later */ 1541 hdr_space += dp_f_ccmp.ic_header; 1542 break; 1543 1544 case cdp_sec_type_wep40: 1545 case cdp_sec_type_wep104: 1546 case cdp_sec_type_wep128: 1547 while (cur) { 1548 tmp_next = qdf_nbuf_next(cur); 1549 if (dp_rx_defrag_wep_decap(soc, cur, hdr_space)) { 1550 1551 QDF_TRACE(QDF_MODULE_ID_TXRX, 1552 QDF_TRACE_LEVEL_ERROR, 1553 "dp_rx_defrag: WEP decap failed"); 1554 1555 return QDF_STATUS_E_DEFRAG_ERROR; 1556 } 1557 cur = tmp_next; 1558 } 1559 1560 /* If success, increment header to be stripped later */ 1561 hdr_space += dp_f_wep.ic_header; 1562 break; 1563 case cdp_sec_type_aes_gcmp: 1564 case cdp_sec_type_aes_gcmp_256: 1565 while (cur) { 1566 tmp_next = qdf_nbuf_next(cur); 1567 if (dp_rx_defrag_gcmp_demic(soc, cur, hdr_space)) { 1568 QDF_TRACE(QDF_MODULE_ID_TXRX, 1569 QDF_TRACE_LEVEL_ERROR, 1570 "dp_rx_defrag: GCMP demic failed"); 1571 1572 return QDF_STATUS_E_DEFRAG_ERROR; 1573 } 1574 cur = tmp_next; 1575 } 1576 1577 hdr_space += dp_f_gcmp.ic_header; 1578 break; 1579 default: 1580 break; 1581 } 1582 1583 if (tkip_demic) { 1584 msdu = frag_list_head; 1585 qdf_mem_copy(key, 1586 &txrx_peer->security[index].michael_key[0], 1587 IEEE80211_WEP_MICLEN); 1588 status = dp_rx_defrag_tkip_demic(soc, key, msdu, 1589 soc->rx_pkt_tlv_size + 1590 hdr_space); 1591 1592 if (status) { 1593 dp_rx_defrag_err(vdev, frag_list_head); 1594 1595 QDF_TRACE(QDF_MODULE_ID_TXRX, 1596 QDF_TRACE_LEVEL_ERROR, 1597 "%s: TKIP demic failed status %d", 1598 __func__, status); 1599 1600 return QDF_STATUS_E_DEFRAG_ERROR; 1601 } 1602 } 1603 1604 /* Convert the header to 802.3 header */ 1605 dp_rx_defrag_nwifi_to_8023(soc, txrx_peer, tid, frag_list_head, 1606 hdr_space); 1607 if (qdf_nbuf_next(frag_list_head)) { 1608 if (dp_rx_construct_fraglist(txrx_peer, tid, frag_list_head, 1609 hdr_space)) 1610 return QDF_STATUS_E_DEFRAG_ERROR; 1611 } 1612 1613 return QDF_STATUS_SUCCESS; 1614 } 1615 1616 /* 1617 * dp_rx_defrag_cleanup(): Clean up activities 1618 * @txrx_peer: Pointer to the peer 1619 * @tid: Transmit Identifier 1620 * 1621 * Returns: None 1622 */ 1623 void dp_rx_defrag_cleanup(struct dp_txrx_peer *txrx_peer, unsigned int tid) 1624 { 1625 struct dp_rx_reorder_array_elem *rx_reorder_array_elem = 1626 txrx_peer->rx_tid[tid].array; 1627 1628 if (rx_reorder_array_elem) { 1629 /* Free up nbufs */ 1630 dp_rx_defrag_frames_free(rx_reorder_array_elem->head); 1631 rx_reorder_array_elem->head = NULL; 1632 rx_reorder_array_elem->tail = NULL; 1633 } else { 1634 dp_info("Cleanup self peer %pK and TID %u", 1635 txrx_peer, tid); 1636 } 1637 1638 /* Free up saved ring descriptors */ 1639 dp_rx_clear_saved_desc_info(txrx_peer, tid); 1640 1641 txrx_peer->rx_tid[tid].defrag_timeout_ms = 0; 1642 txrx_peer->rx_tid[tid].curr_frag_num = 0; 1643 txrx_peer->rx_tid[tid].curr_seq_num = 0; 1644 } 1645 1646 /* 1647 * dp_rx_defrag_save_info_from_ring_desc(): Save info from REO ring descriptor 1648 * @ring_desc: Pointer to the dst ring descriptor 1649 * @txrx_peer: Pointer to the peer 1650 * @tid: Transmit Identifier 1651 * 1652 * Returns: None 1653 */ 1654 static QDF_STATUS 1655 dp_rx_defrag_save_info_from_ring_desc(hal_ring_desc_t ring_desc, 1656 struct dp_rx_desc *rx_desc, 1657 struct dp_txrx_peer *txrx_peer, 1658 unsigned int tid) 1659 { 1660 void *dst_ring_desc = qdf_mem_malloc( 1661 sizeof(struct reo_destination_ring)); 1662 1663 if (!dst_ring_desc) { 1664 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1665 "%s: Memory alloc failed !", __func__); 1666 QDF_ASSERT(0); 1667 return QDF_STATUS_E_NOMEM; 1668 } 1669 1670 qdf_mem_copy(dst_ring_desc, ring_desc, 1671 sizeof(struct reo_destination_ring)); 1672 1673 txrx_peer->rx_tid[tid].dst_ring_desc = dst_ring_desc; 1674 txrx_peer->rx_tid[tid].head_frag_desc = rx_desc; 1675 1676 return QDF_STATUS_SUCCESS; 1677 } 1678 1679 /* 1680 * dp_rx_defrag_store_fragment(): Store incoming fragments 1681 * @soc: Pointer to the SOC data structure 1682 * @ring_desc: Pointer to the ring descriptor 1683 * @mpdu_desc_info: MPDU descriptor info 1684 * @tid: Traffic Identifier 1685 * @rx_desc: Pointer to rx descriptor 1686 * @rx_bfs: Number of bfs consumed 1687 * 1688 * Returns: QDF_STATUS 1689 */ 1690 static QDF_STATUS 1691 dp_rx_defrag_store_fragment(struct dp_soc *soc, 1692 hal_ring_desc_t ring_desc, 1693 union dp_rx_desc_list_elem_t **head, 1694 union dp_rx_desc_list_elem_t **tail, 1695 struct hal_rx_mpdu_desc_info *mpdu_desc_info, 1696 unsigned int tid, struct dp_rx_desc *rx_desc, 1697 uint32_t *rx_bfs) 1698 { 1699 struct dp_rx_reorder_array_elem *rx_reorder_array_elem; 1700 struct dp_pdev *pdev; 1701 struct dp_txrx_peer *txrx_peer = NULL; 1702 dp_txrx_ref_handle txrx_ref_handle = NULL; 1703 uint16_t peer_id; 1704 uint8_t fragno, more_frag, all_frag_present = 0; 1705 uint16_t rxseq = mpdu_desc_info->mpdu_seq; 1706 QDF_STATUS status; 1707 struct dp_rx_tid_defrag *rx_tid; 1708 uint8_t mpdu_sequence_control_valid; 1709 uint8_t mpdu_frame_control_valid; 1710 qdf_nbuf_t frag = rx_desc->nbuf; 1711 uint32_t msdu_len; 1712 1713 if (qdf_nbuf_len(frag) > 0) { 1714 dp_info("Dropping unexpected packet with skb_len: %d," 1715 "data len: %d, cookie: %d", 1716 (uint32_t)qdf_nbuf_len(frag), frag->data_len, 1717 rx_desc->cookie); 1718 DP_STATS_INC(soc, rx.rx_frag_err_len_error, 1); 1719 goto discard_frag; 1720 } 1721 1722 if (dp_rx_buffer_pool_refill(soc, frag, rx_desc->pool_id)) { 1723 /* fragment queued back to the pool, free the link desc */ 1724 goto err_free_desc; 1725 } 1726 1727 msdu_len = hal_rx_msdu_start_msdu_len_get(soc->hal_soc, 1728 rx_desc->rx_buf_start); 1729 1730 qdf_nbuf_set_pktlen(frag, (msdu_len + soc->rx_pkt_tlv_size)); 1731 qdf_nbuf_append_ext_list(frag, NULL, 0); 1732 1733 /* Check if the packet is from a valid peer */ 1734 peer_id = dp_rx_peer_metadata_peer_id_get(soc, 1735 mpdu_desc_info->peer_meta_data); 1736 txrx_peer = dp_txrx_peer_get_ref_by_id(soc, peer_id, &txrx_ref_handle, 1737 DP_MOD_ID_RX_ERR); 1738 1739 if (!txrx_peer) { 1740 /* We should not receive anything from unknown peer 1741 * however, that might happen while we are in the monitor mode. 1742 * We don't need to handle that here 1743 */ 1744 dp_info_rl("Unknown peer with peer_id %d, dropping fragment", 1745 peer_id); 1746 DP_STATS_INC(soc, rx.rx_frag_err_no_peer, 1); 1747 goto discard_frag; 1748 } 1749 1750 if (tid >= DP_MAX_TIDS) { 1751 dp_info("TID out of bounds: %d", tid); 1752 qdf_assert_always(0); 1753 goto discard_frag; 1754 } 1755 1756 mpdu_sequence_control_valid = 1757 hal_rx_get_mpdu_sequence_control_valid(soc->hal_soc, 1758 rx_desc->rx_buf_start); 1759 1760 /* Invalid MPDU sequence control field, MPDU is of no use */ 1761 if (!mpdu_sequence_control_valid) { 1762 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1763 "Invalid MPDU seq control field, dropping MPDU"); 1764 1765 qdf_assert(0); 1766 goto discard_frag; 1767 } 1768 1769 mpdu_frame_control_valid = 1770 hal_rx_get_mpdu_frame_control_valid(soc->hal_soc, 1771 rx_desc->rx_buf_start); 1772 1773 /* Invalid frame control field */ 1774 if (!mpdu_frame_control_valid) { 1775 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1776 "Invalid frame control field, dropping MPDU"); 1777 1778 qdf_assert(0); 1779 goto discard_frag; 1780 } 1781 1782 /* Current mpdu sequence */ 1783 more_frag = dp_rx_frag_get_more_frag_bit(soc, rx_desc->rx_buf_start); 1784 1785 /* HW does not populate the fragment number as of now 1786 * need to get from the 802.11 header 1787 */ 1788 fragno = dp_rx_frag_get_mpdu_frag_number(soc, rx_desc->rx_buf_start); 1789 1790 pdev = txrx_peer->vdev->pdev; 1791 rx_tid = &txrx_peer->rx_tid[tid]; 1792 1793 dp_rx_err_send_pktlog(soc, pdev, mpdu_desc_info, frag, 1794 QDF_TX_RX_STATUS_OK, false); 1795 1796 qdf_spin_lock_bh(&rx_tid->defrag_tid_lock); 1797 rx_reorder_array_elem = txrx_peer->rx_tid[tid].array; 1798 if (!rx_reorder_array_elem) { 1799 dp_err_rl("Rcvd Fragmented pkt before tid setup for peer %pK", 1800 txrx_peer); 1801 qdf_spin_unlock_bh(&rx_tid->defrag_tid_lock); 1802 goto discard_frag; 1803 } 1804 1805 /* 1806 * !more_frag: no more fragments to be delivered 1807 * !frag_no: packet is not fragmented 1808 * !rx_reorder_array_elem->head: no saved fragments so far 1809 */ 1810 if ((!more_frag) && (!fragno) && (!rx_reorder_array_elem->head)) { 1811 /* We should not get into this situation here. 1812 * It means an unfragmented packet with fragment flag 1813 * is delivered over the REO exception ring. 1814 * Typically it follows normal rx path. 1815 */ 1816 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1817 "Rcvd unfragmented pkt on REO Err srng, dropping"); 1818 1819 qdf_spin_unlock_bh(&rx_tid->defrag_tid_lock); 1820 qdf_assert(0); 1821 goto discard_frag; 1822 } 1823 1824 /* Check if the fragment is for the same sequence or a different one */ 1825 dp_debug("rx_tid %d", tid); 1826 if (rx_reorder_array_elem->head) { 1827 dp_debug("rxseq %d\n", rxseq); 1828 if (rxseq != rx_tid->curr_seq_num) { 1829 1830 dp_debug("mismatch cur_seq %d rxseq %d\n", 1831 rx_tid->curr_seq_num, rxseq); 1832 /* Drop stored fragments if out of sequence 1833 * fragment is received 1834 */ 1835 dp_rx_reorder_flush_frag(txrx_peer, tid); 1836 1837 DP_STATS_INC(soc, rx.rx_frag_oor, 1); 1838 1839 dp_debug("cur rxseq %d\n", rxseq); 1840 /* 1841 * The sequence number for this fragment becomes the 1842 * new sequence number to be processed 1843 */ 1844 rx_tid->curr_seq_num = rxseq; 1845 } 1846 } else { 1847 /* Check if we are processing first fragment if it is 1848 * not first fragment discard fragment. 1849 */ 1850 if (fragno) { 1851 qdf_spin_unlock_bh(&rx_tid->defrag_tid_lock); 1852 goto discard_frag; 1853 } 1854 dp_debug("cur rxseq %d\n", rxseq); 1855 /* Start of a new sequence */ 1856 dp_rx_defrag_cleanup(txrx_peer, tid); 1857 rx_tid->curr_seq_num = rxseq; 1858 /* store PN number also */ 1859 } 1860 1861 /* 1862 * If the earlier sequence was dropped, this will be the fresh start. 1863 * Else, continue with next fragment in a given sequence 1864 */ 1865 status = dp_rx_defrag_fraglist_insert(txrx_peer, tid, 1866 &rx_reorder_array_elem->head, 1867 &rx_reorder_array_elem->tail, 1868 frag, &all_frag_present); 1869 1870 /* 1871 * Currently, we can have only 6 MSDUs per-MPDU, if the current 1872 * packet sequence has more than 6 MSDUs for some reason, we will 1873 * have to use the next MSDU link descriptor and chain them together 1874 * before reinjection. 1875 * ring_desc is validated in dp_rx_err_process. 1876 */ 1877 if ((fragno == 0) && (status == QDF_STATUS_SUCCESS) && 1878 (rx_reorder_array_elem->head == frag)) { 1879 1880 status = dp_rx_defrag_save_info_from_ring_desc(ring_desc, 1881 rx_desc, txrx_peer, tid); 1882 1883 if (status != QDF_STATUS_SUCCESS) { 1884 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1885 "%s: Unable to store ring desc !", __func__); 1886 qdf_spin_unlock_bh(&rx_tid->defrag_tid_lock); 1887 goto discard_frag; 1888 } 1889 } else { 1890 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1891 (*rx_bfs)++; 1892 1893 /* Return the non-head link desc */ 1894 if (dp_rx_link_desc_return(soc, ring_desc, 1895 HAL_BM_ACTION_PUT_IN_IDLE_LIST) != 1896 QDF_STATUS_SUCCESS) 1897 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1898 "%s: Failed to return link desc", __func__); 1899 1900 } 1901 1902 if (pdev->soc->rx.flags.defrag_timeout_check) 1903 dp_rx_defrag_waitlist_remove(txrx_peer, tid); 1904 1905 /* Yet to receive more fragments for this sequence number */ 1906 if (!all_frag_present) { 1907 uint32_t now_ms = 1908 qdf_system_ticks_to_msecs(qdf_system_ticks()); 1909 1910 txrx_peer->rx_tid[tid].defrag_timeout_ms = 1911 now_ms + pdev->soc->rx.defrag.timeout_ms; 1912 1913 dp_rx_defrag_waitlist_add(txrx_peer, tid); 1914 dp_txrx_peer_unref_delete(txrx_ref_handle, DP_MOD_ID_RX_ERR); 1915 qdf_spin_unlock_bh(&rx_tid->defrag_tid_lock); 1916 1917 return QDF_STATUS_SUCCESS; 1918 } 1919 1920 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_DEBUG, 1921 "All fragments received for sequence: %d", rxseq); 1922 1923 /* Process the fragments */ 1924 status = dp_rx_defrag(txrx_peer, tid, rx_reorder_array_elem->head, 1925 rx_reorder_array_elem->tail); 1926 if (QDF_IS_STATUS_ERROR(status)) { 1927 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1928 "Fragment processing failed"); 1929 1930 dp_rx_add_to_free_desc_list(head, tail, 1931 txrx_peer->rx_tid[tid].head_frag_desc); 1932 (*rx_bfs)++; 1933 1934 if (dp_rx_link_desc_return(soc, 1935 txrx_peer->rx_tid[tid].dst_ring_desc, 1936 HAL_BM_ACTION_PUT_IN_IDLE_LIST) != 1937 QDF_STATUS_SUCCESS) 1938 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1939 "%s: Failed to return link desc", 1940 __func__); 1941 dp_rx_defrag_cleanup(txrx_peer, tid); 1942 qdf_spin_unlock_bh(&rx_tid->defrag_tid_lock); 1943 goto end; 1944 } 1945 1946 /* Re-inject the fragments back to REO for further processing */ 1947 status = dp_rx_defrag_reo_reinject(txrx_peer, tid, 1948 rx_reorder_array_elem->head); 1949 if (QDF_IS_STATUS_SUCCESS(status)) { 1950 rx_reorder_array_elem->head = NULL; 1951 rx_reorder_array_elem->tail = NULL; 1952 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_DEBUG, 1953 "Fragmented sequence successfully reinjected"); 1954 } else { 1955 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 1956 "Fragmented sequence reinjection failed"); 1957 dp_rx_return_head_frag_desc(txrx_peer, tid); 1958 } 1959 1960 dp_rx_defrag_cleanup(txrx_peer, tid); 1961 qdf_spin_unlock_bh(&rx_tid->defrag_tid_lock); 1962 1963 dp_txrx_peer_unref_delete(txrx_ref_handle, DP_MOD_ID_RX_ERR); 1964 1965 return QDF_STATUS_SUCCESS; 1966 1967 discard_frag: 1968 dp_rx_nbuf_free(frag); 1969 err_free_desc: 1970 dp_rx_add_to_free_desc_list(head, tail, rx_desc); 1971 if (dp_rx_link_desc_return(soc, ring_desc, 1972 HAL_BM_ACTION_PUT_IN_IDLE_LIST) != 1973 QDF_STATUS_SUCCESS) 1974 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 1975 "%s: Failed to return link desc", __func__); 1976 (*rx_bfs)++; 1977 1978 end: 1979 if (txrx_peer) 1980 dp_txrx_peer_unref_delete(txrx_ref_handle, DP_MOD_ID_RX_ERR); 1981 1982 DP_STATS_INC(soc, rx.rx_frag_err, 1); 1983 return QDF_STATUS_E_DEFRAG_ERROR; 1984 } 1985 1986 /** 1987 * dp_rx_frag_handle() - Handles fragmented Rx frames 1988 * 1989 * @soc: core txrx main context 1990 * @ring_desc: opaque pointer to the REO error ring descriptor 1991 * @mpdu_desc_info: MPDU descriptor information from ring descriptor 1992 * @head: head of the local descriptor free-list 1993 * @tail: tail of the local descriptor free-list 1994 * @quota: No. of units (packets) that can be serviced in one shot. 1995 * 1996 * This function implements RX 802.11 fragmentation handling 1997 * The handling is mostly same as legacy fragmentation handling. 1998 * If required, this function can re-inject the frames back to 1999 * REO ring (with proper setting to by-pass fragmentation check 2000 * but use duplicate detection / re-ordering and routing these frames 2001 * to a different core. 2002 * 2003 * Return: uint32_t: No. of elements processed 2004 */ 2005 uint32_t dp_rx_frag_handle(struct dp_soc *soc, hal_ring_desc_t ring_desc, 2006 struct hal_rx_mpdu_desc_info *mpdu_desc_info, 2007 struct dp_rx_desc *rx_desc, 2008 uint8_t *mac_id, 2009 uint32_t quota) 2010 { 2011 uint32_t rx_bufs_used = 0; 2012 qdf_nbuf_t msdu = NULL; 2013 uint32_t tid; 2014 uint32_t rx_bfs = 0; 2015 struct dp_pdev *pdev; 2016 QDF_STATUS status = QDF_STATUS_SUCCESS; 2017 struct rx_desc_pool *rx_desc_pool; 2018 2019 qdf_assert(soc); 2020 qdf_assert(mpdu_desc_info); 2021 qdf_assert(rx_desc); 2022 2023 dp_debug("Number of MSDUs to process, num_msdus: %d", 2024 mpdu_desc_info->msdu_count); 2025 2026 2027 if (qdf_unlikely(mpdu_desc_info->msdu_count == 0)) { 2028 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 2029 "Not sufficient MSDUs to process"); 2030 return rx_bufs_used; 2031 } 2032 2033 /* all buffers in MSDU link belong to same pdev */ 2034 pdev = dp_get_pdev_for_lmac_id(soc, rx_desc->pool_id); 2035 if (!pdev) { 2036 dp_nofl_debug("pdev is null for pool_id = %d", 2037 rx_desc->pool_id); 2038 return rx_bufs_used; 2039 } 2040 2041 *mac_id = rx_desc->pool_id; 2042 2043 msdu = rx_desc->nbuf; 2044 2045 rx_desc_pool = &soc->rx_desc_buf[rx_desc->pool_id]; 2046 2047 if (rx_desc->unmapped) 2048 return rx_bufs_used; 2049 2050 dp_ipa_rx_buf_smmu_mapping_lock(soc); 2051 dp_rx_nbuf_unmap_pool(soc, rx_desc_pool, rx_desc->nbuf); 2052 rx_desc->unmapped = 1; 2053 dp_ipa_rx_buf_smmu_mapping_unlock(soc); 2054 2055 rx_desc->rx_buf_start = qdf_nbuf_data(msdu); 2056 2057 tid = hal_rx_mpdu_start_tid_get(soc->hal_soc, rx_desc->rx_buf_start); 2058 2059 /* Process fragment-by-fragment */ 2060 status = dp_rx_defrag_store_fragment(soc, ring_desc, 2061 &pdev->free_list_head, 2062 &pdev->free_list_tail, 2063 mpdu_desc_info, 2064 tid, rx_desc, &rx_bfs); 2065 2066 if (rx_bfs) 2067 rx_bufs_used += rx_bfs; 2068 2069 if (!QDF_IS_STATUS_SUCCESS(status)) 2070 dp_info_rl("Rx Defrag err seq#:0x%x msdu_count:%d flags:%d", 2071 mpdu_desc_info->mpdu_seq, 2072 mpdu_desc_info->msdu_count, 2073 mpdu_desc_info->mpdu_flags); 2074 2075 return rx_bufs_used; 2076 } 2077 2078 QDF_STATUS dp_rx_defrag_add_last_frag(struct dp_soc *soc, 2079 struct dp_txrx_peer *txrx_peer, 2080 uint16_t tid, 2081 uint16_t rxseq, qdf_nbuf_t nbuf) 2082 { 2083 struct dp_rx_tid_defrag *rx_tid = &txrx_peer->rx_tid[tid]; 2084 struct dp_rx_reorder_array_elem *rx_reorder_array_elem; 2085 uint8_t all_frag_present; 2086 uint32_t msdu_len; 2087 QDF_STATUS status; 2088 2089 rx_reorder_array_elem = txrx_peer->rx_tid[tid].array; 2090 2091 /* 2092 * HW may fill in unexpected peer_id in RX PKT TLV, 2093 * if this peer_id related peer is valid by coincidence, 2094 * but actually this peer won't do dp_peer_rx_init(like SAP vdev 2095 * self peer), then invalid access to rx_reorder_array_elem happened. 2096 */ 2097 if (!rx_reorder_array_elem) { 2098 dp_verbose_debug( 2099 "peer id:%d drop rx frame!", 2100 txrx_peer->peer_id); 2101 DP_STATS_INC(soc, rx.err.defrag_peer_uninit, 1); 2102 dp_rx_nbuf_free(nbuf); 2103 goto fail; 2104 } 2105 2106 if (rx_reorder_array_elem->head && 2107 rxseq != rx_tid->curr_seq_num) { 2108 /* Drop stored fragments if out of sequence 2109 * fragment is received 2110 */ 2111 dp_rx_reorder_flush_frag(txrx_peer, tid); 2112 2113 QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR, 2114 "%s: No list found for TID %d Seq# %d", 2115 __func__, tid, rxseq); 2116 dp_rx_nbuf_free(nbuf); 2117 goto fail; 2118 } 2119 2120 msdu_len = hal_rx_msdu_start_msdu_len_get(soc->hal_soc, 2121 qdf_nbuf_data(nbuf)); 2122 2123 qdf_nbuf_set_pktlen(nbuf, (msdu_len + soc->rx_pkt_tlv_size)); 2124 2125 status = dp_rx_defrag_fraglist_insert(txrx_peer, tid, 2126 &rx_reorder_array_elem->head, 2127 &rx_reorder_array_elem->tail, nbuf, 2128 &all_frag_present); 2129 2130 if (QDF_IS_STATUS_ERROR(status)) { 2131 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 2132 "%s Fragment insert failed", __func__); 2133 2134 goto fail; 2135 } 2136 2137 if (soc->rx.flags.defrag_timeout_check) 2138 dp_rx_defrag_waitlist_remove(txrx_peer, tid); 2139 2140 if (!all_frag_present) { 2141 uint32_t now_ms = 2142 qdf_system_ticks_to_msecs(qdf_system_ticks()); 2143 2144 txrx_peer->rx_tid[tid].defrag_timeout_ms = 2145 now_ms + soc->rx.defrag.timeout_ms; 2146 2147 dp_rx_defrag_waitlist_add(txrx_peer, tid); 2148 2149 return QDF_STATUS_SUCCESS; 2150 } 2151 2152 status = dp_rx_defrag(txrx_peer, tid, rx_reorder_array_elem->head, 2153 rx_reorder_array_elem->tail); 2154 2155 if (QDF_IS_STATUS_ERROR(status)) { 2156 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 2157 "%s Fragment processing failed", __func__); 2158 2159 dp_rx_return_head_frag_desc(txrx_peer, tid); 2160 dp_rx_defrag_cleanup(txrx_peer, tid); 2161 2162 goto fail; 2163 } 2164 2165 /* Re-inject the fragments back to REO for further processing */ 2166 status = dp_rx_defrag_reo_reinject(txrx_peer, tid, 2167 rx_reorder_array_elem->head); 2168 if (QDF_IS_STATUS_SUCCESS(status)) { 2169 rx_reorder_array_elem->head = NULL; 2170 rx_reorder_array_elem->tail = NULL; 2171 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_INFO, 2172 "%s: Frag seq successfully reinjected", 2173 __func__); 2174 } else { 2175 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 2176 "%s: Frag seq reinjection failed", __func__); 2177 dp_rx_return_head_frag_desc(txrx_peer, tid); 2178 } 2179 2180 dp_rx_defrag_cleanup(txrx_peer, tid); 2181 return QDF_STATUS_SUCCESS; 2182 2183 fail: 2184 return QDF_STATUS_E_DEFRAG_ERROR; 2185 } 2186