1 /* 2 * Copyright (c) 2016-2021 The Linux Foundation. All rights reserved. 3 * Copyright (c) 2021-2022 Qualcomm Innovation Center, Inc. All rights reserved. 4 * 5 * Permission to use, copy, modify, and/or distribute this software for 6 * any purpose with or without fee is hereby granted, provided that the 7 * above copyright notice and this permission notice appear in all 8 * copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 11 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 12 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 13 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 14 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 15 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 16 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 17 * PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include "hal_hw_headers.h" 21 #include "dp_types.h" 22 #include "dp_rx.h" 23 #include "dp_tx.h" 24 #include "dp_peer.h" 25 #include "dp_internal.h" 26 #include "hal_api.h" 27 #include "qdf_trace.h" 28 #include "qdf_nbuf.h" 29 #include "dp_rx_defrag.h" 30 #include "dp_ipa.h" 31 #ifdef WIFI_MONITOR_SUPPORT 32 #include "dp_htt.h" 33 #include <dp_mon.h> 34 #endif 35 #ifdef FEATURE_WDS 36 #include "dp_txrx_wds.h" 37 #endif 38 #include <enet.h> /* LLC_SNAP_HDR_LEN */ 39 #include "qdf_net_types.h" 40 #include "dp_rx_buffer_pool.h" 41 42 #define dp_rx_err_alert(params...) QDF_TRACE_FATAL(QDF_MODULE_ID_DP_RX_ERROR, params) 43 #define dp_rx_err_err(params...) QDF_TRACE_ERROR(QDF_MODULE_ID_DP_RX_ERROR, params) 44 #define dp_rx_err_warn(params...) QDF_TRACE_WARN(QDF_MODULE_ID_DP_RX_ERROR, params) 45 #define dp_rx_err_info(params...) \ 46 __QDF_TRACE_FL(QDF_TRACE_LEVEL_INFO_HIGH, QDF_MODULE_ID_DP_RX_ERROR, ## params) 47 #define dp_rx_err_info_rl(params...) \ 48 __QDF_TRACE_RL(QDF_TRACE_LEVEL_INFO_HIGH, QDF_MODULE_ID_DP_RX_ERROR, ## params) 49 #define dp_rx_err_debug(params...) QDF_TRACE_DEBUG(QDF_MODULE_ID_DP_RX_ERROR, params) 50 51 #ifndef QCA_HOST_MODE_WIFI_DISABLED 52 53 /* Max buffer in invalid peer SG list*/ 54 #define DP_MAX_INVALID_BUFFERS 10 55 56 /* Max regular Rx packet routing error */ 57 #define DP_MAX_REG_RX_ROUTING_ERRS_THRESHOLD 20 58 #define DP_MAX_REG_RX_ROUTING_ERRS_IN_TIMEOUT 10 59 #define DP_RX_ERR_ROUTE_TIMEOUT_US (5 * 1000 * 1000) /* micro seconds */ 60 61 #ifdef FEATURE_MEC 62 bool dp_rx_mcast_echo_check(struct dp_soc *soc, 63 struct dp_txrx_peer *txrx_peer, 64 uint8_t *rx_tlv_hdr, 65 qdf_nbuf_t nbuf) 66 { 67 struct dp_vdev *vdev = txrx_peer->vdev; 68 struct dp_pdev *pdev = vdev->pdev; 69 struct dp_mec_entry *mecentry = NULL; 70 struct dp_ast_entry *ase = NULL; 71 uint16_t sa_idx = 0; 72 uint8_t *data; 73 /* 74 * Multicast Echo Check is required only if vdev is STA and 75 * received pkt is a multicast/broadcast pkt. otherwise 76 * skip the MEC check. 77 */ 78 if (vdev->opmode != wlan_op_mode_sta) 79 return false; 80 if (!hal_rx_msdu_end_da_is_mcbc_get(soc->hal_soc, rx_tlv_hdr)) 81 return false; 82 83 data = qdf_nbuf_data(nbuf); 84 85 /* 86 * if the received pkts src mac addr matches with vdev 87 * mac address then drop the pkt as it is looped back 88 */ 89 if (!(qdf_mem_cmp(&data[QDF_MAC_ADDR_SIZE], 90 vdev->mac_addr.raw, 91 QDF_MAC_ADDR_SIZE))) 92 return true; 93 94 /* 95 * In case of qwrap isolation mode, donot drop loopback packets. 96 * In isolation mode, all packets from the wired stations need to go 97 * to rootap and loop back to reach the wireless stations and 98 * vice-versa. 99 */ 100 if (qdf_unlikely(vdev->isolation_vdev)) 101 return false; 102 103 /* 104 * if the received pkts src mac addr matches with the 105 * wired PCs MAC addr which is behind the STA or with 106 * wireless STAs MAC addr which are behind the Repeater, 107 * then drop the pkt as it is looped back 108 */ 109 if (hal_rx_msdu_end_sa_is_valid_get(soc->hal_soc, rx_tlv_hdr)) { 110 sa_idx = hal_rx_msdu_end_sa_idx_get(soc->hal_soc, rx_tlv_hdr); 111 112 if ((sa_idx < 0) || 113 (sa_idx >= wlan_cfg_get_max_ast_idx(soc->wlan_cfg_ctx))) { 114 QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR, 115 "invalid sa_idx: %d", sa_idx); 116 qdf_assert_always(0); 117 } 118 119 qdf_spin_lock_bh(&soc->ast_lock); 120 ase = soc->ast_table[sa_idx]; 121 122 /* 123 * this check was not needed since MEC is not dependent on AST, 124 * but if we dont have this check SON has some issues in 125 * dual backhaul scenario. in APS SON mode, client connected 126 * to RE 2G and sends multicast packets. the RE sends it to CAP 127 * over 5G backhaul. the CAP loopback it on 2G to RE. 128 * On receiving in 2G STA vap, we assume that client has roamed 129 * and kickout the client. 130 */ 131 if (ase && (ase->peer_id != txrx_peer->peer_id)) { 132 qdf_spin_unlock_bh(&soc->ast_lock); 133 goto drop; 134 } 135 136 qdf_spin_unlock_bh(&soc->ast_lock); 137 } 138 139 qdf_spin_lock_bh(&soc->mec_lock); 140 141 mecentry = dp_peer_mec_hash_find_by_pdevid(soc, pdev->pdev_id, 142 &data[QDF_MAC_ADDR_SIZE]); 143 if (!mecentry) { 144 qdf_spin_unlock_bh(&soc->mec_lock); 145 return false; 146 } 147 148 qdf_spin_unlock_bh(&soc->mec_lock); 149 150 drop: 151 dp_rx_err_info("%pK: received pkt with same src mac " QDF_MAC_ADDR_FMT, 152 soc, QDF_MAC_ADDR_REF(&data[QDF_MAC_ADDR_SIZE])); 153 154 return true; 155 } 156 #endif 157 #endif /* QCA_HOST_MODE_WIFI_DISABLED */ 158 159 void dp_rx_link_desc_refill_duplicate_check( 160 struct dp_soc *soc, 161 struct hal_buf_info *buf_info, 162 hal_buff_addrinfo_t ring_buf_info) 163 { 164 struct hal_buf_info current_link_desc_buf_info = { 0 }; 165 166 /* do duplicate link desc address check */ 167 hal_rx_buffer_addr_info_get_paddr(ring_buf_info, 168 ¤t_link_desc_buf_info); 169 170 /* 171 * TODO - Check if the hal soc api call can be removed 172 * since the cookie is just used for print. 173 * buffer_addr_info is the first element of ring_desc 174 */ 175 hal_rx_buf_cookie_rbm_get(soc->hal_soc, 176 (uint32_t *)ring_buf_info, 177 ¤t_link_desc_buf_info); 178 179 if (qdf_unlikely(current_link_desc_buf_info.paddr == 180 buf_info->paddr)) { 181 dp_info_rl("duplicate link desc addr: %llu, cookie: 0x%x", 182 current_link_desc_buf_info.paddr, 183 current_link_desc_buf_info.sw_cookie); 184 DP_STATS_INC(soc, rx.err.dup_refill_link_desc, 1); 185 } 186 *buf_info = current_link_desc_buf_info; 187 } 188 189 /** 190 * dp_rx_link_desc_return_by_addr - Return a MPDU link descriptor to 191 * (WBM) by address 192 * 193 * @soc: core DP main context 194 * @link_desc_addr: link descriptor addr 195 * 196 * Return: QDF_STATUS 197 */ 198 QDF_STATUS 199 dp_rx_link_desc_return_by_addr(struct dp_soc *soc, 200 hal_buff_addrinfo_t link_desc_addr, 201 uint8_t bm_action) 202 { 203 struct dp_srng *wbm_desc_rel_ring = &soc->wbm_desc_rel_ring; 204 hal_ring_handle_t wbm_rel_srng = wbm_desc_rel_ring->hal_srng; 205 hal_soc_handle_t hal_soc = soc->hal_soc; 206 QDF_STATUS status = QDF_STATUS_E_FAILURE; 207 void *src_srng_desc; 208 209 if (!wbm_rel_srng) { 210 dp_rx_err_err("%pK: WBM RELEASE RING not initialized", soc); 211 return status; 212 } 213 214 /* do duplicate link desc address check */ 215 dp_rx_link_desc_refill_duplicate_check( 216 soc, 217 &soc->last_op_info.wbm_rel_link_desc, 218 link_desc_addr); 219 220 if (qdf_unlikely(hal_srng_access_start(hal_soc, wbm_rel_srng))) { 221 222 /* TODO */ 223 /* 224 * Need API to convert from hal_ring pointer to 225 * Ring Type / Ring Id combo 226 */ 227 dp_rx_err_err("%pK: HAL RING Access For WBM Release SRNG Failed - %pK", 228 soc, wbm_rel_srng); 229 DP_STATS_INC(soc, rx.err.hal_ring_access_fail, 1); 230 goto done; 231 } 232 src_srng_desc = hal_srng_src_get_next(hal_soc, wbm_rel_srng); 233 if (qdf_likely(src_srng_desc)) { 234 /* Return link descriptor through WBM ring (SW2WBM)*/ 235 hal_rx_msdu_link_desc_set(hal_soc, 236 src_srng_desc, link_desc_addr, bm_action); 237 status = QDF_STATUS_SUCCESS; 238 } else { 239 struct hal_srng *srng = (struct hal_srng *)wbm_rel_srng; 240 241 DP_STATS_INC(soc, rx.err.hal_ring_access_full_fail, 1); 242 243 dp_info_rl("WBM Release Ring (Id %d) Full(Fail CNT %u)", 244 srng->ring_id, 245 soc->stats.rx.err.hal_ring_access_full_fail); 246 dp_info_rl("HP 0x%x Reap HP 0x%x TP 0x%x Cached TP 0x%x", 247 *srng->u.src_ring.hp_addr, 248 srng->u.src_ring.reap_hp, 249 *srng->u.src_ring.tp_addr, 250 srng->u.src_ring.cached_tp); 251 QDF_BUG(0); 252 } 253 done: 254 hal_srng_access_end(hal_soc, wbm_rel_srng); 255 return status; 256 257 } 258 259 qdf_export_symbol(dp_rx_link_desc_return_by_addr); 260 261 /** 262 * dp_rx_link_desc_return() - Return a MPDU link descriptor to HW 263 * (WBM), following error handling 264 * 265 * @soc: core DP main context 266 * @ring_desc: opaque pointer to the REO error ring descriptor 267 * 268 * Return: QDF_STATUS 269 */ 270 QDF_STATUS 271 dp_rx_link_desc_return(struct dp_soc *soc, hal_ring_desc_t ring_desc, 272 uint8_t bm_action) 273 { 274 void *buf_addr_info = HAL_RX_REO_BUF_ADDR_INFO_GET(ring_desc); 275 276 return dp_rx_link_desc_return_by_addr(soc, buf_addr_info, bm_action); 277 } 278 279 #ifndef QCA_HOST_MODE_WIFI_DISABLED 280 281 /** 282 * dp_rx_msdus_drop() - Drops all MSDU's per MPDU 283 * 284 * @soc: core txrx main context 285 * @ring_desc: opaque pointer to the REO error ring descriptor 286 * @mpdu_desc_info: MPDU descriptor information from ring descriptor 287 * @head: head of the local descriptor free-list 288 * @tail: tail of the local descriptor free-list 289 * @quota: No. of units (packets) that can be serviced in one shot. 290 * 291 * This function is used to drop all MSDU in an MPDU 292 * 293 * Return: uint32_t: No. of elements processed 294 */ 295 static uint32_t 296 dp_rx_msdus_drop(struct dp_soc *soc, hal_ring_desc_t ring_desc, 297 struct hal_rx_mpdu_desc_info *mpdu_desc_info, 298 uint8_t *mac_id, 299 uint32_t quota) 300 { 301 uint32_t rx_bufs_used = 0; 302 void *link_desc_va; 303 struct hal_buf_info buf_info; 304 struct dp_pdev *pdev; 305 struct hal_rx_msdu_list msdu_list; /* MSDU's per MPDU */ 306 int i; 307 uint8_t *rx_tlv_hdr; 308 uint32_t tid; 309 struct rx_desc_pool *rx_desc_pool; 310 struct dp_rx_desc *rx_desc; 311 /* First field in REO Dst ring Desc is buffer_addr_info */ 312 void *buf_addr_info = ring_desc; 313 struct buffer_addr_info cur_link_desc_addr_info = { 0 }; 314 struct buffer_addr_info next_link_desc_addr_info = { 0 }; 315 316 hal_rx_reo_buf_paddr_get(soc->hal_soc, ring_desc, &buf_info); 317 318 /* buffer_addr_info is the first element of ring_desc */ 319 hal_rx_buf_cookie_rbm_get(soc->hal_soc, 320 (uint32_t *)ring_desc, 321 &buf_info); 322 323 link_desc_va = dp_rx_cookie_2_link_desc_va(soc, &buf_info); 324 if (!link_desc_va) { 325 dp_rx_err_debug("link desc va is null, soc %pk", soc); 326 return rx_bufs_used; 327 } 328 329 more_msdu_link_desc: 330 /* No UNMAP required -- this is "malloc_consistent" memory */ 331 hal_rx_msdu_list_get(soc->hal_soc, link_desc_va, &msdu_list, 332 &mpdu_desc_info->msdu_count); 333 334 for (i = 0; (i < mpdu_desc_info->msdu_count); i++) { 335 rx_desc = soc->arch_ops.dp_rx_desc_cookie_2_va( 336 soc, msdu_list.sw_cookie[i]); 337 338 qdf_assert_always(rx_desc); 339 340 /* all buffers from a MSDU link link belong to same pdev */ 341 *mac_id = rx_desc->pool_id; 342 pdev = dp_get_pdev_for_lmac_id(soc, rx_desc->pool_id); 343 if (!pdev) { 344 dp_rx_err_debug("%pK: pdev is null for pool_id = %d", 345 soc, rx_desc->pool_id); 346 return rx_bufs_used; 347 } 348 349 if (!dp_rx_desc_check_magic(rx_desc)) { 350 dp_rx_err_err("%pK: Invalid rx_desc cookie=%d", 351 soc, msdu_list.sw_cookie[i]); 352 return rx_bufs_used; 353 } 354 355 rx_desc_pool = &soc->rx_desc_buf[rx_desc->pool_id]; 356 dp_ipa_rx_buf_smmu_mapping_lock(soc); 357 dp_rx_nbuf_unmap_pool(soc, rx_desc_pool, rx_desc->nbuf); 358 rx_desc->unmapped = 1; 359 dp_ipa_rx_buf_smmu_mapping_unlock(soc); 360 361 rx_desc->rx_buf_start = qdf_nbuf_data(rx_desc->nbuf); 362 363 rx_bufs_used++; 364 tid = hal_rx_mpdu_start_tid_get(soc->hal_soc, 365 rx_desc->rx_buf_start); 366 dp_rx_err_err("%pK: Packet received with PN error for tid :%d", 367 soc, tid); 368 369 rx_tlv_hdr = qdf_nbuf_data(rx_desc->nbuf); 370 if (hal_rx_encryption_info_valid(soc->hal_soc, rx_tlv_hdr)) 371 hal_rx_print_pn(soc->hal_soc, rx_tlv_hdr); 372 373 dp_rx_err_send_pktlog(soc, pdev, mpdu_desc_info, 374 rx_desc->nbuf, 375 QDF_TX_RX_STATUS_DROP, true); 376 /* Just free the buffers */ 377 dp_rx_buffer_pool_nbuf_free(soc, rx_desc->nbuf, *mac_id); 378 379 dp_rx_add_to_free_desc_list(&pdev->free_list_head, 380 &pdev->free_list_tail, rx_desc); 381 } 382 383 /* 384 * If the msdu's are spread across multiple link-descriptors, 385 * we cannot depend solely on the msdu_count(e.g., if msdu is 386 * spread across multiple buffers).Hence, it is 387 * necessary to check the next link_descriptor and release 388 * all the msdu's that are part of it. 389 */ 390 hal_rx_get_next_msdu_link_desc_buf_addr_info( 391 link_desc_va, 392 &next_link_desc_addr_info); 393 394 if (hal_rx_is_buf_addr_info_valid( 395 &next_link_desc_addr_info)) { 396 /* Clear the next link desc info for the current link_desc */ 397 hal_rx_clear_next_msdu_link_desc_buf_addr_info(link_desc_va); 398 399 dp_rx_link_desc_return_by_addr(soc, buf_addr_info, 400 HAL_BM_ACTION_PUT_IN_IDLE_LIST); 401 hal_rx_buffer_addr_info_get_paddr( 402 &next_link_desc_addr_info, 403 &buf_info); 404 /* buffer_addr_info is the first element of ring_desc */ 405 hal_rx_buf_cookie_rbm_get(soc->hal_soc, 406 (uint32_t *)&next_link_desc_addr_info, 407 &buf_info); 408 cur_link_desc_addr_info = next_link_desc_addr_info; 409 buf_addr_info = &cur_link_desc_addr_info; 410 411 link_desc_va = 412 dp_rx_cookie_2_link_desc_va(soc, &buf_info); 413 414 goto more_msdu_link_desc; 415 } 416 quota--; 417 dp_rx_link_desc_return_by_addr(soc, buf_addr_info, 418 HAL_BM_ACTION_PUT_IN_IDLE_LIST); 419 return rx_bufs_used; 420 } 421 422 /** 423 * dp_rx_pn_error_handle() - Handles PN check errors 424 * 425 * @soc: core txrx main context 426 * @ring_desc: opaque pointer to the REO error ring descriptor 427 * @mpdu_desc_info: MPDU descriptor information from ring descriptor 428 * @head: head of the local descriptor free-list 429 * @tail: tail of the local descriptor free-list 430 * @quota: No. of units (packets) that can be serviced in one shot. 431 * 432 * This function implements PN error handling 433 * If the peer is configured to ignore the PN check errors 434 * or if DP feels, that this frame is still OK, the frame can be 435 * re-injected back to REO to use some of the other features 436 * of REO e.g. duplicate detection/routing to other cores 437 * 438 * Return: uint32_t: No. of elements processed 439 */ 440 static uint32_t 441 dp_rx_pn_error_handle(struct dp_soc *soc, hal_ring_desc_t ring_desc, 442 struct hal_rx_mpdu_desc_info *mpdu_desc_info, 443 uint8_t *mac_id, 444 uint32_t quota) 445 { 446 uint16_t peer_id; 447 uint32_t rx_bufs_used = 0; 448 struct dp_txrx_peer *txrx_peer; 449 bool peer_pn_policy = false; 450 dp_txrx_ref_handle txrx_ref_handle = NULL; 451 452 peer_id = dp_rx_peer_metadata_peer_id_get(soc, 453 mpdu_desc_info->peer_meta_data); 454 455 456 txrx_peer = dp_tgt_txrx_peer_get_ref_by_id(soc, peer_id, 457 &txrx_ref_handle, 458 DP_MOD_ID_RX_ERR); 459 460 if (qdf_likely(txrx_peer)) { 461 /* 462 * TODO: Check for peer specific policies & set peer_pn_policy 463 */ 464 dp_err_rl("discard rx due to PN error for peer %pK", 465 txrx_peer); 466 467 dp_txrx_peer_unref_delete(txrx_ref_handle, DP_MOD_ID_RX_ERR); 468 } 469 dp_rx_err_err("%pK: Packet received with PN error", soc); 470 471 /* No peer PN policy -- definitely drop */ 472 if (!peer_pn_policy) 473 rx_bufs_used = dp_rx_msdus_drop(soc, ring_desc, 474 mpdu_desc_info, 475 mac_id, quota); 476 477 return rx_bufs_used; 478 } 479 480 #ifdef DP_RX_DELIVER_ALL_OOR_FRAMES 481 /** 482 * dp_rx_deliver_oor_frame() - deliver OOR frames to stack 483 * @soc: Datapath soc handler 484 * @peer: pointer to DP peer 485 * @nbuf: pointer to the skb of RX frame 486 * @frame_mask: the mask for speical frame needed 487 * @rx_tlv_hdr: start of rx tlv header 488 * 489 * note: Msdu_len must have been stored in QDF_NBUF_CB_RX_PKT_LEN(nbuf) and 490 * single nbuf is expected. 491 * 492 * return: true - nbuf has been delivered to stack, false - not. 493 */ 494 static bool 495 dp_rx_deliver_oor_frame(struct dp_soc *soc, 496 struct dp_txrx_peer *txrx_peer, 497 qdf_nbuf_t nbuf, uint32_t frame_mask, 498 uint8_t *rx_tlv_hdr) 499 { 500 uint32_t l2_hdr_offset = 0; 501 uint16_t msdu_len = 0; 502 uint32_t skip_len; 503 504 l2_hdr_offset = 505 hal_rx_msdu_end_l3_hdr_padding_get(soc->hal_soc, rx_tlv_hdr); 506 507 if (qdf_unlikely(qdf_nbuf_is_frag(nbuf))) { 508 skip_len = l2_hdr_offset; 509 } else { 510 msdu_len = QDF_NBUF_CB_RX_PKT_LEN(nbuf); 511 skip_len = l2_hdr_offset + soc->rx_pkt_tlv_size; 512 qdf_nbuf_set_pktlen(nbuf, msdu_len + skip_len); 513 } 514 515 QDF_NBUF_CB_RX_NUM_ELEMENTS_IN_LIST(nbuf) = 1; 516 dp_rx_set_hdr_pad(nbuf, l2_hdr_offset); 517 qdf_nbuf_pull_head(nbuf, skip_len); 518 qdf_nbuf_set_exc_frame(nbuf, 1); 519 520 dp_info_rl("OOR frame, mpdu sn 0x%x", 521 hal_rx_get_rx_sequence(soc->hal_soc, rx_tlv_hdr)); 522 dp_rx_deliver_to_stack(soc, txrx_peer->vdev, txrx_peer, nbuf, NULL); 523 return true; 524 } 525 526 #else 527 static bool 528 dp_rx_deliver_oor_frame(struct dp_soc *soc, 529 struct dp_txrx_peer *txrx_peer, 530 qdf_nbuf_t nbuf, uint32_t frame_mask, 531 uint8_t *rx_tlv_hdr) 532 { 533 return dp_rx_deliver_special_frame(soc, txrx_peer, nbuf, frame_mask, 534 rx_tlv_hdr); 535 } 536 #endif 537 538 /** 539 * dp_rx_oor_handle() - Handles the msdu which is OOR error 540 * 541 * @soc: core txrx main context 542 * @nbuf: pointer to msdu skb 543 * @peer_id: dp peer ID 544 * @rx_tlv_hdr: start of rx tlv header 545 * 546 * This function process the msdu delivered from REO2TCL 547 * ring with error type OOR 548 * 549 * Return: None 550 */ 551 static void 552 dp_rx_oor_handle(struct dp_soc *soc, 553 qdf_nbuf_t nbuf, 554 uint16_t peer_id, 555 uint8_t *rx_tlv_hdr) 556 { 557 uint32_t frame_mask = FRAME_MASK_IPV4_ARP | FRAME_MASK_IPV4_DHCP | 558 FRAME_MASK_IPV4_EAPOL | FRAME_MASK_IPV6_DHCP; 559 struct dp_txrx_peer *txrx_peer = NULL; 560 dp_txrx_ref_handle txrx_ref_handle = NULL; 561 562 txrx_peer = dp_tgt_txrx_peer_get_ref_by_id(soc, peer_id, 563 &txrx_ref_handle, 564 DP_MOD_ID_RX_ERR); 565 if (!txrx_peer) { 566 dp_info_rl("peer not found"); 567 goto free_nbuf; 568 } 569 570 if (dp_rx_deliver_oor_frame(soc, txrx_peer, nbuf, frame_mask, 571 rx_tlv_hdr)) { 572 DP_STATS_INC(soc, rx.err.reo_err_oor_to_stack, 1); 573 dp_txrx_peer_unref_delete(txrx_ref_handle, DP_MOD_ID_RX_ERR); 574 return; 575 } 576 577 free_nbuf: 578 if (txrx_peer) 579 dp_txrx_peer_unref_delete(txrx_ref_handle, DP_MOD_ID_RX_ERR); 580 581 DP_STATS_INC(soc, rx.err.reo_err_oor_drop, 1); 582 dp_rx_nbuf_free(nbuf); 583 } 584 585 /** 586 * dp_rx_err_nbuf_pn_check() - Check if the PN number of this current packet 587 * is a monotonous increment of packet number 588 * from the previous successfully re-ordered 589 * frame. 590 * @soc: Datapath SOC handle 591 * @ring_desc: REO ring descriptor 592 * @nbuf: Current packet 593 * 594 * Return: QDF_STATUS_SUCCESS, if the pn check passes, else QDF_STATUS_E_FAILURE 595 */ 596 static inline QDF_STATUS 597 dp_rx_err_nbuf_pn_check(struct dp_soc *soc, hal_ring_desc_t ring_desc, 598 qdf_nbuf_t nbuf) 599 { 600 uint64_t prev_pn, curr_pn[2]; 601 602 if (!hal_rx_encryption_info_valid(soc->hal_soc, qdf_nbuf_data(nbuf))) 603 return QDF_STATUS_SUCCESS; 604 605 hal_rx_reo_prev_pn_get(soc->hal_soc, ring_desc, &prev_pn); 606 hal_rx_tlv_get_pn_num(soc->hal_soc, qdf_nbuf_data(nbuf), curr_pn); 607 608 if (curr_pn[0] > prev_pn) 609 return QDF_STATUS_SUCCESS; 610 611 return QDF_STATUS_E_FAILURE; 612 } 613 614 #ifdef WLAN_SKIP_BAR_UPDATE 615 static 616 void dp_rx_err_handle_bar(struct dp_soc *soc, 617 struct dp_peer *peer, 618 qdf_nbuf_t nbuf) 619 { 620 dp_info_rl("BAR update to H.W is skipped"); 621 DP_STATS_INC(soc, rx.err.bar_handle_fail_count, 1); 622 } 623 #else 624 static 625 void dp_rx_err_handle_bar(struct dp_soc *soc, 626 struct dp_peer *peer, 627 qdf_nbuf_t nbuf) 628 { 629 uint8_t *rx_tlv_hdr; 630 unsigned char type, subtype; 631 uint16_t start_seq_num; 632 uint32_t tid; 633 QDF_STATUS status; 634 struct ieee80211_frame_bar *bar; 635 636 /* 637 * 1. Is this a BAR frame. If not Discard it. 638 * 2. If it is, get the peer id, tid, ssn 639 * 2a Do a tid update 640 */ 641 642 rx_tlv_hdr = qdf_nbuf_data(nbuf); 643 bar = (struct ieee80211_frame_bar *)(rx_tlv_hdr + soc->rx_pkt_tlv_size); 644 645 type = bar->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 646 subtype = bar->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 647 648 if (!(type == IEEE80211_FC0_TYPE_CTL && 649 subtype == QDF_IEEE80211_FC0_SUBTYPE_BAR)) { 650 dp_err_rl("Not a BAR frame!"); 651 return; 652 } 653 654 tid = hal_rx_mpdu_start_tid_get(soc->hal_soc, rx_tlv_hdr); 655 qdf_assert_always(tid < DP_MAX_TIDS); 656 657 start_seq_num = le16toh(bar->i_seq) >> IEEE80211_SEQ_SEQ_SHIFT; 658 659 dp_info_rl("tid %u window_size %u start_seq_num %u", 660 tid, peer->rx_tid[tid].ba_win_size, start_seq_num); 661 662 status = dp_rx_tid_update_wifi3(peer, tid, 663 peer->rx_tid[tid].ba_win_size, 664 start_seq_num, 665 true); 666 if (status != QDF_STATUS_SUCCESS) { 667 dp_err_rl("failed to handle bar frame update rx tid"); 668 DP_STATS_INC(soc, rx.err.bar_handle_fail_count, 1); 669 } else { 670 DP_STATS_INC(soc, rx.err.ssn_update_count, 1); 671 } 672 } 673 #endif 674 675 /** 676 * _dp_rx_bar_frame_handle(): Core of the BAR frame handling 677 * @soc: Datapath SoC handle 678 * @nbuf: packet being processed 679 * @mpdu_desc_info: mpdu desc info for the current packet 680 * @tid: tid on which the packet arrived 681 * @err_status: Flag to indicate if REO encountered an error while routing this 682 * frame 683 * @error_code: REO error code 684 * 685 * Return: None 686 */ 687 static void 688 _dp_rx_bar_frame_handle(struct dp_soc *soc, qdf_nbuf_t nbuf, 689 struct hal_rx_mpdu_desc_info *mpdu_desc_info, 690 uint32_t tid, uint8_t err_status, uint32_t error_code) 691 { 692 uint16_t peer_id; 693 struct dp_peer *peer; 694 695 peer_id = dp_rx_peer_metadata_peer_id_get(soc, 696 mpdu_desc_info->peer_meta_data); 697 peer = dp_peer_get_tgt_peer_by_id(soc, peer_id, DP_MOD_ID_RX_ERR); 698 if (!peer) 699 return; 700 701 dp_info("BAR frame: " 702 " peer_id = %d" 703 " tid = %u" 704 " SSN = %d" 705 " error status = %d", 706 peer->peer_id, 707 tid, 708 mpdu_desc_info->mpdu_seq, 709 err_status); 710 711 if (err_status == HAL_REO_ERROR_DETECTED) { 712 switch (error_code) { 713 case HAL_REO_ERR_BAR_FRAME_2K_JUMP: 714 case HAL_REO_ERR_BAR_FRAME_OOR: 715 dp_rx_err_handle_bar(soc, peer, nbuf); 716 DP_STATS_INC(soc, rx.err.reo_error[error_code], 1); 717 break; 718 default: 719 DP_STATS_INC(soc, rx.bar_frame, 1); 720 } 721 } 722 723 dp_peer_unref_delete(peer, DP_MOD_ID_RX_ERR); 724 } 725 726 #ifdef DP_INVALID_PEER_ASSERT 727 #define DP_PDEV_INVALID_PEER_MSDU_CHECK(head, tail) \ 728 do { \ 729 qdf_assert_always(!(head)); \ 730 qdf_assert_always(!(tail)); \ 731 } while (0) 732 #else 733 #define DP_PDEV_INVALID_PEER_MSDU_CHECK(head, tail) /* no op */ 734 #endif 735 736 /** 737 * dp_rx_chain_msdus() - Function to chain all msdus of a mpdu 738 * to pdev invalid peer list 739 * 740 * @soc: core DP main context 741 * @nbuf: Buffer pointer 742 * @rx_tlv_hdr: start of rx tlv header 743 * @mac_id: mac id 744 * 745 * Return: bool: true for last msdu of mpdu 746 */ 747 static bool 748 dp_rx_chain_msdus(struct dp_soc *soc, qdf_nbuf_t nbuf, 749 uint8_t *rx_tlv_hdr, uint8_t mac_id) 750 { 751 bool mpdu_done = false; 752 qdf_nbuf_t curr_nbuf = NULL; 753 qdf_nbuf_t tmp_nbuf = NULL; 754 755 /* TODO: Currently only single radio is supported, hence 756 * pdev hard coded to '0' index 757 */ 758 struct dp_pdev *dp_pdev = dp_get_pdev_for_lmac_id(soc, mac_id); 759 760 if (!dp_pdev) { 761 dp_rx_err_debug("%pK: pdev is null for mac_id = %d", soc, mac_id); 762 return mpdu_done; 763 } 764 /* if invalid peer SG list has max values free the buffers in list 765 * and treat current buffer as start of list 766 * 767 * current logic to detect the last buffer from attn_tlv is not reliable 768 * in OFDMA UL scenario hence add max buffers check to avoid list pile 769 * up 770 */ 771 if (!dp_pdev->first_nbuf || 772 (dp_pdev->invalid_peer_head_msdu && 773 QDF_NBUF_CB_RX_NUM_ELEMENTS_IN_LIST 774 (dp_pdev->invalid_peer_head_msdu) >= DP_MAX_INVALID_BUFFERS)) { 775 qdf_nbuf_set_rx_chfrag_start(nbuf, 1); 776 dp_pdev->ppdu_id = hal_rx_get_ppdu_id(soc->hal_soc, 777 rx_tlv_hdr); 778 dp_pdev->first_nbuf = true; 779 780 /* If the new nbuf received is the first msdu of the 781 * amsdu and there are msdus in the invalid peer msdu 782 * list, then let us free all the msdus of the invalid 783 * peer msdu list. 784 * This scenario can happen when we start receiving 785 * new a-msdu even before the previous a-msdu is completely 786 * received. 787 */ 788 curr_nbuf = dp_pdev->invalid_peer_head_msdu; 789 while (curr_nbuf) { 790 tmp_nbuf = curr_nbuf->next; 791 dp_rx_nbuf_free(curr_nbuf); 792 curr_nbuf = tmp_nbuf; 793 } 794 795 dp_pdev->invalid_peer_head_msdu = NULL; 796 dp_pdev->invalid_peer_tail_msdu = NULL; 797 798 dp_monitor_get_mpdu_status(dp_pdev, soc, rx_tlv_hdr); 799 } 800 801 if (dp_pdev->ppdu_id == hal_rx_attn_phy_ppdu_id_get(soc->hal_soc, 802 rx_tlv_hdr) && 803 hal_rx_attn_msdu_done_get(soc->hal_soc, rx_tlv_hdr)) { 804 qdf_nbuf_set_rx_chfrag_end(nbuf, 1); 805 qdf_assert_always(dp_pdev->first_nbuf == true); 806 dp_pdev->first_nbuf = false; 807 mpdu_done = true; 808 } 809 810 /* 811 * For MCL, invalid_peer_head_msdu and invalid_peer_tail_msdu 812 * should be NULL here, add the checking for debugging purpose 813 * in case some corner case. 814 */ 815 DP_PDEV_INVALID_PEER_MSDU_CHECK(dp_pdev->invalid_peer_head_msdu, 816 dp_pdev->invalid_peer_tail_msdu); 817 DP_RX_LIST_APPEND(dp_pdev->invalid_peer_head_msdu, 818 dp_pdev->invalid_peer_tail_msdu, 819 nbuf); 820 821 return mpdu_done; 822 } 823 824 /** 825 * dp_rx_bar_frame_handle() - Function to handle err BAR frames 826 * @soc: core DP main context 827 * @ring_desc: Hal ring desc 828 * @rx_desc: dp rx desc 829 * @mpdu_desc_info: mpdu desc info 830 * 831 * Handle the error BAR frames received. Ensure the SOC level 832 * stats are updated based on the REO error code. The BAR frames 833 * are further processed by updating the Rx tids with the start 834 * sequence number (SSN) and BA window size. Desc is returned 835 * to the free desc list 836 * 837 * Return: none 838 */ 839 static void 840 dp_rx_bar_frame_handle(struct dp_soc *soc, 841 hal_ring_desc_t ring_desc, 842 struct dp_rx_desc *rx_desc, 843 struct hal_rx_mpdu_desc_info *mpdu_desc_info, 844 uint8_t err_status, 845 uint32_t err_code) 846 { 847 qdf_nbuf_t nbuf; 848 struct dp_pdev *pdev; 849 struct rx_desc_pool *rx_desc_pool; 850 uint8_t *rx_tlv_hdr; 851 uint32_t tid; 852 853 nbuf = rx_desc->nbuf; 854 rx_desc_pool = &soc->rx_desc_buf[rx_desc->pool_id]; 855 dp_ipa_rx_buf_smmu_mapping_lock(soc); 856 dp_rx_nbuf_unmap_pool(soc, rx_desc_pool, nbuf); 857 rx_desc->unmapped = 1; 858 dp_ipa_rx_buf_smmu_mapping_unlock(soc); 859 rx_tlv_hdr = qdf_nbuf_data(nbuf); 860 tid = hal_rx_mpdu_start_tid_get(soc->hal_soc, 861 rx_tlv_hdr); 862 pdev = dp_get_pdev_for_lmac_id(soc, rx_desc->pool_id); 863 864 _dp_rx_bar_frame_handle(soc, nbuf, mpdu_desc_info, tid, err_status, 865 err_code); 866 dp_rx_err_send_pktlog(soc, pdev, mpdu_desc_info, nbuf, 867 QDF_TX_RX_STATUS_DROP, true); 868 dp_rx_link_desc_return(soc, ring_desc, 869 HAL_BM_ACTION_PUT_IN_IDLE_LIST); 870 dp_rx_buffer_pool_nbuf_free(soc, rx_desc->nbuf, 871 rx_desc->pool_id); 872 dp_rx_add_to_free_desc_list(&pdev->free_list_head, 873 &pdev->free_list_tail, 874 rx_desc); 875 } 876 877 #endif /* QCA_HOST_MODE_WIFI_DISABLED */ 878 879 /** 880 * dp_2k_jump_handle() - Function to handle 2k jump exception 881 * on WBM ring 882 * 883 * @soc: core DP main context 884 * @nbuf: buffer pointer 885 * @rx_tlv_hdr: start of rx tlv header 886 * @peer_id: peer id of first msdu 887 * @tid: Tid for which exception occurred 888 * 889 * This function handles 2k jump violations arising out 890 * of receiving aggregates in non BA case. This typically 891 * may happen if aggregates are received on a QOS enabled TID 892 * while Rx window size is still initialized to value of 2. Or 893 * it may also happen if negotiated window size is 1 but peer 894 * sends aggregates. 895 * 896 */ 897 898 void 899 dp_2k_jump_handle(struct dp_soc *soc, 900 qdf_nbuf_t nbuf, 901 uint8_t *rx_tlv_hdr, 902 uint16_t peer_id, 903 uint8_t tid) 904 { 905 struct dp_peer *peer = NULL; 906 struct dp_rx_tid *rx_tid = NULL; 907 uint32_t frame_mask = FRAME_MASK_IPV4_ARP; 908 909 peer = dp_peer_get_ref_by_id(soc, peer_id, DP_MOD_ID_RX_ERR); 910 if (!peer) { 911 dp_rx_err_info_rl("%pK: peer not found", soc); 912 goto free_nbuf; 913 } 914 915 if (tid >= DP_MAX_TIDS) { 916 dp_info_rl("invalid tid"); 917 goto nbuf_deliver; 918 } 919 920 rx_tid = &peer->rx_tid[tid]; 921 qdf_spin_lock_bh(&rx_tid->tid_lock); 922 923 /* only if BA session is active, allow send Delba */ 924 if (rx_tid->ba_status != DP_RX_BA_ACTIVE) { 925 qdf_spin_unlock_bh(&rx_tid->tid_lock); 926 goto nbuf_deliver; 927 } 928 929 if (!rx_tid->delba_tx_status) { 930 rx_tid->delba_tx_retry++; 931 rx_tid->delba_tx_status = 1; 932 rx_tid->delba_rcode = 933 IEEE80211_REASON_QOS_SETUP_REQUIRED; 934 qdf_spin_unlock_bh(&rx_tid->tid_lock); 935 if (soc->cdp_soc.ol_ops->send_delba) { 936 DP_STATS_INC(soc, rx.err.rx_2k_jump_delba_sent, 937 1); 938 soc->cdp_soc.ol_ops->send_delba( 939 peer->vdev->pdev->soc->ctrl_psoc, 940 peer->vdev->vdev_id, 941 peer->mac_addr.raw, 942 tid, 943 rx_tid->delba_rcode, 944 CDP_DELBA_2K_JUMP); 945 } 946 } else { 947 qdf_spin_unlock_bh(&rx_tid->tid_lock); 948 } 949 950 nbuf_deliver: 951 if (dp_rx_deliver_special_frame(soc, peer->txrx_peer, nbuf, frame_mask, 952 rx_tlv_hdr)) { 953 DP_STATS_INC(soc, rx.err.rx_2k_jump_to_stack, 1); 954 dp_peer_unref_delete(peer, DP_MOD_ID_RX_ERR); 955 return; 956 } 957 958 free_nbuf: 959 if (peer) 960 dp_peer_unref_delete(peer, DP_MOD_ID_RX_ERR); 961 DP_STATS_INC(soc, rx.err.rx_2k_jump_drop, 1); 962 dp_rx_nbuf_free(nbuf); 963 } 964 965 #if defined(QCA_WIFI_QCA6390) || defined(QCA_WIFI_QCA6490) || \ 966 defined(QCA_WIFI_QCA6750) || defined(QCA_WIFI_KIWI) 967 /** 968 * dp_rx_null_q_handle_invalid_peer_id_exception() - to find exception 969 * @soc: pointer to dp_soc struct 970 * @pool_id: Pool id to find dp_pdev 971 * @rx_tlv_hdr: TLV header of received packet 972 * @nbuf: SKB 973 * 974 * In certain types of packets if peer_id is not correct then 975 * driver may not be able find. Try finding peer by addr_2 of 976 * received MPDU. If you find the peer then most likely sw_peer_id & 977 * ast_idx is corrupted. 978 * 979 * Return: True if you find the peer by addr_2 of received MPDU else false 980 */ 981 static bool 982 dp_rx_null_q_handle_invalid_peer_id_exception(struct dp_soc *soc, 983 uint8_t pool_id, 984 uint8_t *rx_tlv_hdr, 985 qdf_nbuf_t nbuf) 986 { 987 struct dp_peer *peer = NULL; 988 uint8_t *rx_pkt_hdr = hal_rx_pkt_hdr_get(soc->hal_soc, rx_tlv_hdr); 989 struct dp_pdev *pdev = dp_get_pdev_for_lmac_id(soc, pool_id); 990 struct ieee80211_frame *wh = (struct ieee80211_frame *)rx_pkt_hdr; 991 992 if (!pdev) { 993 dp_rx_err_debug("%pK: pdev is null for pool_id = %d", 994 soc, pool_id); 995 return false; 996 } 997 /* 998 * WAR- In certain types of packets if peer_id is not correct then 999 * driver may not be able find. Try finding peer by addr_2 of 1000 * received MPDU 1001 */ 1002 if (wh) 1003 peer = dp_peer_find_hash_find(soc, wh->i_addr2, 0, 1004 DP_VDEV_ALL, DP_MOD_ID_RX_ERR); 1005 if (peer) { 1006 dp_verbose_debug("MPDU sw_peer_id & ast_idx is corrupted"); 1007 hal_rx_dump_pkt_tlvs(soc->hal_soc, rx_tlv_hdr, 1008 QDF_TRACE_LEVEL_DEBUG); 1009 DP_STATS_INC_PKT(soc, rx.err.rx_invalid_peer_id, 1010 1, qdf_nbuf_len(nbuf)); 1011 dp_rx_nbuf_free(nbuf); 1012 1013 dp_peer_unref_delete(peer, DP_MOD_ID_RX_ERR); 1014 return true; 1015 } 1016 return false; 1017 } 1018 1019 /** 1020 * dp_rx_check_pkt_len() - Check for pktlen validity 1021 * @soc: DP SOC context 1022 * @pkt_len: computed length of the pkt from caller in bytes 1023 * 1024 * Return: true if pktlen > RX_BUFFER_SIZE, else return false 1025 * 1026 */ 1027 static inline 1028 bool dp_rx_check_pkt_len(struct dp_soc *soc, uint32_t pkt_len) 1029 { 1030 if (qdf_unlikely(pkt_len > RX_DATA_BUFFER_SIZE)) { 1031 DP_STATS_INC_PKT(soc, rx.err.rx_invalid_pkt_len, 1032 1, pkt_len); 1033 return true; 1034 } else { 1035 return false; 1036 } 1037 } 1038 1039 #else 1040 static inline bool 1041 dp_rx_null_q_handle_invalid_peer_id_exception(struct dp_soc *soc, 1042 uint8_t pool_id, 1043 uint8_t *rx_tlv_hdr, 1044 qdf_nbuf_t nbuf) 1045 { 1046 return false; 1047 } 1048 1049 static inline 1050 bool dp_rx_check_pkt_len(struct dp_soc *soc, uint32_t pkt_len) 1051 { 1052 return false; 1053 } 1054 1055 #endif 1056 1057 /* 1058 * dp_rx_deliver_to_osif_stack() - function to deliver rx pkts to stack 1059 * @soc: DP soc 1060 * @vdv: DP vdev handle 1061 * @txrx_peer: pointer to the txrx_peer object 1062 * @nbuf: skb list head 1063 * @tail: skb list tail 1064 * @is_eapol: eapol pkt check 1065 * 1066 * Return: None 1067 */ 1068 #ifdef QCA_SUPPORT_EAPOL_OVER_CONTROL_PORT 1069 static inline void 1070 dp_rx_deliver_to_osif_stack(struct dp_soc *soc, 1071 struct dp_vdev *vdev, 1072 struct dp_txrx_peer *txrx_peer, 1073 qdf_nbuf_t nbuf, 1074 qdf_nbuf_t tail, 1075 bool is_eapol) 1076 { 1077 if (is_eapol && soc->eapol_over_control_port) 1078 dp_rx_eapol_deliver_to_stack(soc, vdev, txrx_peer, nbuf, NULL); 1079 else 1080 dp_rx_deliver_to_stack(soc, vdev, txrx_peer, nbuf, NULL); 1081 } 1082 #else 1083 static inline void 1084 dp_rx_deliver_to_osif_stack(struct dp_soc *soc, 1085 struct dp_vdev *vdev, 1086 struct dp_txrx_peer *txrx_peer, 1087 qdf_nbuf_t nbuf, 1088 qdf_nbuf_t tail, 1089 bool is_eapol) 1090 { 1091 dp_rx_deliver_to_stack(soc, vdev, txrx_peer, nbuf, NULL); 1092 } 1093 #endif 1094 1095 #ifdef WLAN_FEATURE_11BE_MLO 1096 /* 1097 * dp_rx_err_match_dhost() - function to check whether dest-mac is correct 1098 * @eh: Ethernet header of incoming packet 1099 * @vdev: dp_vdev object of the VAP on which this data packet is received 1100 * 1101 * Return: 1 if the destination mac is correct, 1102 * 0 if this frame is not correctly destined to this VAP/MLD 1103 */ 1104 int dp_rx_err_match_dhost(qdf_ether_header_t *eh, struct dp_vdev *vdev) 1105 { 1106 return ((qdf_mem_cmp(eh->ether_dhost, &vdev->mac_addr.raw[0], 1107 QDF_MAC_ADDR_SIZE) == 0) || 1108 (qdf_mem_cmp(eh->ether_dhost, &vdev->mld_mac_addr.raw[0], 1109 QDF_MAC_ADDR_SIZE) == 0)); 1110 } 1111 1112 #else 1113 int dp_rx_err_match_dhost(qdf_ether_header_t *eh, struct dp_vdev *vdev) 1114 { 1115 return (qdf_mem_cmp(eh->ether_dhost, &vdev->mac_addr.raw[0], 1116 QDF_MAC_ADDR_SIZE) == 0); 1117 } 1118 #endif 1119 1120 #ifndef QCA_HOST_MODE_WIFI_DISABLED 1121 1122 /** 1123 * dp_rx_err_drop_3addr_mcast() - Check if feature drop_3ddr_mcast is enabled 1124 * If so, drop the multicast frame. 1125 * @vdev: datapath vdev 1126 * @rx_tlv_hdr: TLV header 1127 * 1128 * Return: true if packet is to be dropped, 1129 * false, if packet is not dropped. 1130 */ 1131 static bool 1132 dp_rx_err_drop_3addr_mcast(struct dp_vdev *vdev, uint8_t *rx_tlv_hdr) 1133 { 1134 struct dp_soc *soc = vdev->pdev->soc; 1135 1136 if (!vdev->drop_3addr_mcast) 1137 return false; 1138 1139 if (vdev->opmode != wlan_op_mode_sta) 1140 return false; 1141 1142 if (hal_rx_msdu_end_da_is_mcbc_get(soc->hal_soc, rx_tlv_hdr)) 1143 return true; 1144 1145 return false; 1146 } 1147 1148 /** 1149 * dp_rx_err_is_pn_check_needed() - Check if the packet number check is needed 1150 * for this frame received in REO error ring. 1151 * @soc: Datapath SOC handle 1152 * @error: REO error detected or not 1153 * @error_code: Error code in case of REO error 1154 * 1155 * Return: true if pn check if needed in software, 1156 * false, if pn check if not needed. 1157 */ 1158 static inline bool 1159 dp_rx_err_is_pn_check_needed(struct dp_soc *soc, uint8_t error, 1160 uint32_t error_code) 1161 { 1162 return (soc->features.pn_in_reo_dest && 1163 (error == HAL_REO_ERROR_DETECTED && 1164 (hal_rx_reo_is_2k_jump(error_code) || 1165 hal_rx_reo_is_oor_error(error_code) || 1166 hal_rx_reo_is_bar_oor_2k_jump(error_code)))); 1167 } 1168 1169 /** 1170 * dp_rx_null_q_desc_handle() - Function to handle NULL Queue 1171 * descriptor violation on either a 1172 * REO or WBM ring 1173 * 1174 * @soc: core DP main context 1175 * @nbuf: buffer pointer 1176 * @rx_tlv_hdr: start of rx tlv header 1177 * @pool_id: mac id 1178 * @txrx_peer: txrx peer handle 1179 * 1180 * This function handles NULL queue descriptor violations arising out 1181 * a missing REO queue for a given peer or a given TID. This typically 1182 * may happen if a packet is received on a QOS enabled TID before the 1183 * ADDBA negotiation for that TID, when the TID queue is setup. Or 1184 * it may also happen for MC/BC frames if they are not routed to the 1185 * non-QOS TID queue, in the absence of any other default TID queue. 1186 * This error can show up both in a REO destination or WBM release ring. 1187 * 1188 * Return: QDF_STATUS_SUCCESS, if nbuf handled successfully. QDF status code 1189 * if nbuf could not be handled or dropped. 1190 */ 1191 static QDF_STATUS 1192 dp_rx_null_q_desc_handle(struct dp_soc *soc, qdf_nbuf_t nbuf, 1193 uint8_t *rx_tlv_hdr, uint8_t pool_id, 1194 struct dp_txrx_peer *txrx_peer) 1195 { 1196 uint32_t pkt_len; 1197 uint16_t msdu_len; 1198 struct dp_vdev *vdev; 1199 uint8_t tid; 1200 qdf_ether_header_t *eh; 1201 struct hal_rx_msdu_metadata msdu_metadata; 1202 uint16_t sa_idx = 0; 1203 bool is_eapol = 0; 1204 bool enh_flag; 1205 1206 qdf_nbuf_set_rx_chfrag_start(nbuf, 1207 hal_rx_msdu_end_first_msdu_get(soc->hal_soc, 1208 rx_tlv_hdr)); 1209 qdf_nbuf_set_rx_chfrag_end(nbuf, 1210 hal_rx_msdu_end_last_msdu_get(soc->hal_soc, 1211 rx_tlv_hdr)); 1212 qdf_nbuf_set_da_mcbc(nbuf, hal_rx_msdu_end_da_is_mcbc_get(soc->hal_soc, 1213 rx_tlv_hdr)); 1214 qdf_nbuf_set_da_valid(nbuf, 1215 hal_rx_msdu_end_da_is_valid_get(soc->hal_soc, 1216 rx_tlv_hdr)); 1217 qdf_nbuf_set_sa_valid(nbuf, 1218 hal_rx_msdu_end_sa_is_valid_get(soc->hal_soc, 1219 rx_tlv_hdr)); 1220 1221 hal_rx_msdu_metadata_get(soc->hal_soc, rx_tlv_hdr, &msdu_metadata); 1222 msdu_len = hal_rx_msdu_start_msdu_len_get(soc->hal_soc, rx_tlv_hdr); 1223 pkt_len = msdu_len + msdu_metadata.l3_hdr_pad + soc->rx_pkt_tlv_size; 1224 1225 if (qdf_likely(!qdf_nbuf_is_frag(nbuf))) { 1226 if (dp_rx_check_pkt_len(soc, pkt_len)) 1227 goto drop_nbuf; 1228 1229 /* Set length in nbuf */ 1230 qdf_nbuf_set_pktlen( 1231 nbuf, qdf_min(pkt_len, (uint32_t)RX_DATA_BUFFER_SIZE)); 1232 qdf_assert_always(nbuf->data == rx_tlv_hdr); 1233 } 1234 1235 /* 1236 * Check if DMA completed -- msdu_done is the last bit 1237 * to be written 1238 */ 1239 if (!hal_rx_attn_msdu_done_get(soc->hal_soc, rx_tlv_hdr)) { 1240 1241 dp_err_rl("MSDU DONE failure"); 1242 hal_rx_dump_pkt_tlvs(soc->hal_soc, rx_tlv_hdr, 1243 QDF_TRACE_LEVEL_INFO); 1244 qdf_assert(0); 1245 } 1246 1247 if (!txrx_peer && 1248 dp_rx_null_q_handle_invalid_peer_id_exception(soc, pool_id, 1249 rx_tlv_hdr, nbuf)) 1250 return QDF_STATUS_E_FAILURE; 1251 1252 if (!txrx_peer) { 1253 bool mpdu_done = false; 1254 struct dp_pdev *pdev = dp_get_pdev_for_lmac_id(soc, pool_id); 1255 1256 if (!pdev) { 1257 dp_err_rl("pdev is null for pool_id = %d", pool_id); 1258 return QDF_STATUS_E_FAILURE; 1259 } 1260 1261 dp_err_rl("txrx_peer is NULL"); 1262 DP_STATS_INC_PKT(soc, rx.err.rx_invalid_peer, 1, 1263 qdf_nbuf_len(nbuf)); 1264 1265 /* QCN9000 has the support enabled */ 1266 if (qdf_unlikely(soc->wbm_release_desc_rx_sg_support)) { 1267 mpdu_done = true; 1268 nbuf->next = NULL; 1269 /* Trigger invalid peer handler wrapper */ 1270 dp_rx_process_invalid_peer_wrapper(soc, 1271 nbuf, mpdu_done, pool_id); 1272 } else { 1273 mpdu_done = dp_rx_chain_msdus(soc, nbuf, rx_tlv_hdr, pool_id); 1274 /* Trigger invalid peer handler wrapper */ 1275 dp_rx_process_invalid_peer_wrapper(soc, 1276 pdev->invalid_peer_head_msdu, 1277 mpdu_done, pool_id); 1278 } 1279 1280 if (mpdu_done) { 1281 pdev->invalid_peer_head_msdu = NULL; 1282 pdev->invalid_peer_tail_msdu = NULL; 1283 } 1284 1285 return QDF_STATUS_E_FAILURE; 1286 } 1287 1288 vdev = txrx_peer->vdev; 1289 if (!vdev) { 1290 dp_err_rl("Null vdev!"); 1291 DP_STATS_INC(soc, rx.err.invalid_vdev, 1); 1292 goto drop_nbuf; 1293 } 1294 1295 /* 1296 * Advance the packet start pointer by total size of 1297 * pre-header TLV's 1298 */ 1299 if (qdf_nbuf_is_frag(nbuf)) 1300 qdf_nbuf_pull_head(nbuf, soc->rx_pkt_tlv_size); 1301 else 1302 qdf_nbuf_pull_head(nbuf, (msdu_metadata.l3_hdr_pad + 1303 soc->rx_pkt_tlv_size)); 1304 1305 DP_STATS_INC_PKT(vdev, rx_i.null_q_desc_pkt, 1, qdf_nbuf_len(nbuf)); 1306 1307 dp_vdev_peer_stats_update_protocol_cnt(vdev, nbuf, NULL, 0, 1); 1308 1309 if (dp_rx_err_drop_3addr_mcast(vdev, rx_tlv_hdr)) { 1310 DP_PEER_PER_PKT_STATS_INC(txrx_peer, rx.mcast_3addr_drop, 1); 1311 goto drop_nbuf; 1312 } 1313 1314 if (hal_rx_msdu_end_sa_is_valid_get(soc->hal_soc, rx_tlv_hdr)) { 1315 sa_idx = hal_rx_msdu_end_sa_idx_get(soc->hal_soc, rx_tlv_hdr); 1316 1317 if ((sa_idx < 0) || 1318 (sa_idx >= wlan_cfg_get_max_ast_idx(soc->wlan_cfg_ctx))) { 1319 DP_STATS_INC(soc, rx.err.invalid_sa_da_idx, 1); 1320 goto drop_nbuf; 1321 } 1322 } 1323 1324 if ((!soc->mec_fw_offload) && 1325 dp_rx_mcast_echo_check(soc, txrx_peer, rx_tlv_hdr, nbuf)) { 1326 /* this is a looped back MCBC pkt, drop it */ 1327 DP_PEER_PER_PKT_STATS_INC_PKT(txrx_peer, rx.mec_drop, 1, 1328 qdf_nbuf_len(nbuf)); 1329 goto drop_nbuf; 1330 } 1331 1332 /* 1333 * In qwrap mode if the received packet matches with any of the vdev 1334 * mac addresses, drop it. Donot receive multicast packets originated 1335 * from any proxysta. 1336 */ 1337 if (check_qwrap_multicast_loopback(vdev, nbuf)) { 1338 DP_PEER_PER_PKT_STATS_INC_PKT(txrx_peer, rx.mec_drop, 1, 1339 qdf_nbuf_len(nbuf)); 1340 goto drop_nbuf; 1341 } 1342 1343 if (qdf_unlikely(txrx_peer->nawds_enabled && 1344 hal_rx_msdu_end_da_is_mcbc_get(soc->hal_soc, 1345 rx_tlv_hdr))) { 1346 dp_err_rl("free buffer for multicast packet"); 1347 DP_PEER_PER_PKT_STATS_INC(txrx_peer, rx.nawds_mcast_drop, 1); 1348 goto drop_nbuf; 1349 } 1350 1351 if (!dp_wds_rx_policy_check(rx_tlv_hdr, vdev, txrx_peer)) { 1352 dp_err_rl("mcast Policy Check Drop pkt"); 1353 DP_PEER_PER_PKT_STATS_INC(txrx_peer, rx.policy_check_drop, 1); 1354 goto drop_nbuf; 1355 } 1356 /* WDS Source Port Learning */ 1357 if (!soc->ast_offload_support && 1358 qdf_likely(vdev->rx_decap_type == htt_cmn_pkt_type_ethernet && 1359 vdev->wds_enabled)) 1360 dp_rx_wds_srcport_learn(soc, rx_tlv_hdr, txrx_peer, nbuf, 1361 msdu_metadata); 1362 1363 if (hal_rx_is_unicast(soc->hal_soc, rx_tlv_hdr)) { 1364 struct dp_peer *peer; 1365 tid = hal_rx_tid_get(soc->hal_soc, rx_tlv_hdr); 1366 peer = dp_peer_get_ref_by_id(soc, txrx_peer->peer_id, 1367 DP_MOD_ID_RX_ERR); 1368 if (peer) { 1369 if (!peer->rx_tid[tid].hw_qdesc_vaddr_unaligned) 1370 dp_rx_tid_setup_wifi3(peer, tid, 1, 1371 IEEE80211_SEQ_MAX); 1372 /* IEEE80211_SEQ_MAX indicates invalid start_seq */ 1373 dp_peer_unref_delete(peer, DP_MOD_ID_RX_ERR); 1374 } 1375 } 1376 1377 eh = (qdf_ether_header_t *)qdf_nbuf_data(nbuf); 1378 1379 if (!txrx_peer->authorize) { 1380 is_eapol = qdf_nbuf_is_ipv4_eapol_pkt(nbuf) || 1381 qdf_nbuf_is_ipv4_wapi_pkt(nbuf); 1382 1383 if (is_eapol) { 1384 if (!dp_rx_err_match_dhost(eh, vdev)) 1385 goto drop_nbuf; 1386 } else { 1387 goto drop_nbuf; 1388 } 1389 } 1390 1391 /* 1392 * Drop packets in this path if cce_match is found. Packets will come 1393 * in following path depending on whether tidQ is setup. 1394 * 1. If tidQ is setup: WIFILI_HAL_RX_WBM_REO_PSH_RSN_ROUTE and 1395 * cce_match = 1 1396 * Packets with WIFILI_HAL_RX_WBM_REO_PSH_RSN_ROUTE are already 1397 * dropped. 1398 * 2. If tidQ is not setup: WIFILI_HAL_RX_WBM_REO_PSH_RSN_ERROR and 1399 * cce_match = 1 1400 * These packets need to be dropped and should not get delivered 1401 * to stack. 1402 */ 1403 if (qdf_unlikely(dp_rx_err_cce_drop(soc, vdev, nbuf, rx_tlv_hdr))) { 1404 goto drop_nbuf; 1405 } 1406 1407 if (qdf_unlikely(vdev->rx_decap_type == htt_cmn_pkt_type_raw)) { 1408 qdf_nbuf_set_next(nbuf, NULL); 1409 dp_rx_deliver_raw(vdev, nbuf, txrx_peer); 1410 } else { 1411 enh_flag = vdev->pdev->enhanced_stats_en; 1412 qdf_nbuf_set_next(nbuf, NULL); 1413 DP_PEER_TO_STACK_INCC_PKT(txrx_peer, 1, qdf_nbuf_len(nbuf), 1414 enh_flag); 1415 /* 1416 * Update the protocol tag in SKB based on 1417 * CCE metadata 1418 */ 1419 dp_rx_update_protocol_tag(soc, vdev, nbuf, rx_tlv_hdr, 1420 EXCEPTION_DEST_RING_ID, 1421 true, true); 1422 1423 /* Update the flow tag in SKB based on FSE metadata */ 1424 dp_rx_update_flow_tag(soc, vdev, nbuf, 1425 rx_tlv_hdr, true); 1426 1427 if (qdf_unlikely(hal_rx_msdu_end_da_is_mcbc_get( 1428 soc->hal_soc, rx_tlv_hdr) && 1429 (vdev->rx_decap_type == 1430 htt_cmn_pkt_type_ethernet))) { 1431 DP_PEER_MC_INCC_PKT(txrx_peer, 1, qdf_nbuf_len(nbuf), 1432 enh_flag); 1433 1434 if (QDF_IS_ADDR_BROADCAST(eh->ether_dhost)) 1435 DP_PEER_BC_INCC_PKT(txrx_peer, 1, 1436 qdf_nbuf_len(nbuf), 1437 enh_flag); 1438 } 1439 1440 qdf_nbuf_set_exc_frame(nbuf, 1); 1441 dp_rx_deliver_to_osif_stack(soc, vdev, txrx_peer, nbuf, NULL, 1442 is_eapol); 1443 } 1444 return QDF_STATUS_SUCCESS; 1445 1446 drop_nbuf: 1447 dp_rx_nbuf_free(nbuf); 1448 return QDF_STATUS_E_FAILURE; 1449 } 1450 1451 /** 1452 * dp_rx_reo_err_entry_process() - Handles for REO error entry processing 1453 * 1454 * @soc: core txrx main context 1455 * @ring_desc: opaque pointer to the REO error ring descriptor 1456 * @mpdu_desc_info: pointer to mpdu level description info 1457 * @link_desc_va: pointer to msdu_link_desc virtual address 1458 * @err_code: reo erro code fetched from ring entry 1459 * 1460 * Function to handle msdus fetched from msdu link desc, currently 1461 * support REO error NULL queue, 2K jump, OOR. 1462 * 1463 * Return: msdu count processed 1464 */ 1465 static uint32_t 1466 dp_rx_reo_err_entry_process(struct dp_soc *soc, 1467 void *ring_desc, 1468 struct hal_rx_mpdu_desc_info *mpdu_desc_info, 1469 void *link_desc_va, 1470 enum hal_reo_error_code err_code) 1471 { 1472 uint32_t rx_bufs_used = 0; 1473 struct dp_pdev *pdev; 1474 int i; 1475 uint8_t *rx_tlv_hdr_first; 1476 uint8_t *rx_tlv_hdr_last; 1477 uint32_t tid = DP_MAX_TIDS; 1478 uint16_t peer_id; 1479 struct dp_rx_desc *rx_desc; 1480 struct rx_desc_pool *rx_desc_pool; 1481 qdf_nbuf_t nbuf; 1482 struct hal_buf_info buf_info; 1483 struct hal_rx_msdu_list msdu_list; 1484 uint16_t num_msdus; 1485 struct buffer_addr_info cur_link_desc_addr_info = { 0 }; 1486 struct buffer_addr_info next_link_desc_addr_info = { 0 }; 1487 /* First field in REO Dst ring Desc is buffer_addr_info */ 1488 void *buf_addr_info = ring_desc; 1489 qdf_nbuf_t head_nbuf = NULL; 1490 qdf_nbuf_t tail_nbuf = NULL; 1491 uint16_t msdu_processed = 0; 1492 QDF_STATUS status; 1493 bool ret, is_pn_check_needed; 1494 uint8_t rx_desc_pool_id; 1495 struct dp_txrx_peer *txrx_peer = NULL; 1496 dp_txrx_ref_handle txrx_ref_handle = NULL; 1497 hal_ring_handle_t hal_ring_hdl = soc->reo_exception_ring.hal_srng; 1498 1499 peer_id = dp_rx_peer_metadata_peer_id_get(soc, 1500 mpdu_desc_info->peer_meta_data); 1501 is_pn_check_needed = dp_rx_err_is_pn_check_needed(soc, 1502 HAL_REO_ERROR_DETECTED, 1503 err_code); 1504 more_msdu_link_desc: 1505 hal_rx_msdu_list_get(soc->hal_soc, link_desc_va, &msdu_list, 1506 &num_msdus); 1507 for (i = 0; i < num_msdus; i++) { 1508 rx_desc = soc->arch_ops.dp_rx_desc_cookie_2_va( 1509 soc, 1510 msdu_list.sw_cookie[i]); 1511 1512 qdf_assert_always(rx_desc); 1513 nbuf = rx_desc->nbuf; 1514 1515 /* 1516 * this is a unlikely scenario where the host is reaping 1517 * a descriptor which it already reaped just a while ago 1518 * but is yet to replenish it back to HW. 1519 * In this case host will dump the last 128 descriptors 1520 * including the software descriptor rx_desc and assert. 1521 */ 1522 if (qdf_unlikely(!rx_desc->in_use) || 1523 qdf_unlikely(!nbuf)) { 1524 DP_STATS_INC(soc, rx.err.hal_reo_dest_dup, 1); 1525 dp_info_rl("Reaping rx_desc not in use!"); 1526 dp_rx_dump_info_and_assert(soc, hal_ring_hdl, 1527 ring_desc, rx_desc); 1528 /* ignore duplicate RX desc and continue to process */ 1529 /* Pop out the descriptor */ 1530 continue; 1531 } 1532 1533 ret = dp_rx_desc_paddr_sanity_check(rx_desc, 1534 msdu_list.paddr[i]); 1535 if (!ret) { 1536 DP_STATS_INC(soc, rx.err.nbuf_sanity_fail, 1); 1537 rx_desc->in_err_state = 1; 1538 continue; 1539 } 1540 1541 rx_desc_pool_id = rx_desc->pool_id; 1542 /* all buffers from a MSDU link belong to same pdev */ 1543 pdev = dp_get_pdev_for_lmac_id(soc, rx_desc_pool_id); 1544 1545 rx_desc_pool = &soc->rx_desc_buf[rx_desc_pool_id]; 1546 dp_ipa_rx_buf_smmu_mapping_lock(soc); 1547 dp_rx_nbuf_unmap_pool(soc, rx_desc_pool, nbuf); 1548 rx_desc->unmapped = 1; 1549 dp_ipa_rx_buf_smmu_mapping_unlock(soc); 1550 1551 QDF_NBUF_CB_RX_PKT_LEN(nbuf) = msdu_list.msdu_info[i].msdu_len; 1552 rx_bufs_used++; 1553 dp_rx_add_to_free_desc_list(&pdev->free_list_head, 1554 &pdev->free_list_tail, rx_desc); 1555 1556 DP_RX_LIST_APPEND(head_nbuf, tail_nbuf, nbuf); 1557 1558 if (qdf_unlikely(msdu_list.msdu_info[i].msdu_flags & 1559 HAL_MSDU_F_MSDU_CONTINUATION)) 1560 continue; 1561 1562 if (dp_rx_buffer_pool_refill(soc, head_nbuf, 1563 rx_desc_pool_id)) { 1564 /* MSDU queued back to the pool */ 1565 goto process_next_msdu; 1566 } 1567 1568 rx_tlv_hdr_first = qdf_nbuf_data(head_nbuf); 1569 rx_tlv_hdr_last = qdf_nbuf_data(tail_nbuf); 1570 1571 if (qdf_unlikely(head_nbuf != tail_nbuf)) { 1572 nbuf = dp_rx_sg_create(soc, head_nbuf); 1573 qdf_nbuf_set_is_frag(nbuf, 1); 1574 DP_STATS_INC(soc, rx.err.reo_err_oor_sg_count, 1); 1575 } 1576 1577 if (is_pn_check_needed) { 1578 status = dp_rx_err_nbuf_pn_check(soc, ring_desc, nbuf); 1579 if (QDF_IS_STATUS_ERROR(status)) { 1580 DP_STATS_INC(soc, rx.err.pn_in_dest_check_fail, 1581 1); 1582 dp_rx_nbuf_free(nbuf); 1583 goto process_next_msdu; 1584 } 1585 1586 hal_rx_tlv_populate_mpdu_desc_info(soc->hal_soc, 1587 qdf_nbuf_data(nbuf), 1588 mpdu_desc_info); 1589 peer_id = dp_rx_peer_metadata_peer_id_get(soc, 1590 mpdu_desc_info->peer_meta_data); 1591 1592 if (mpdu_desc_info->bar_frame) 1593 _dp_rx_bar_frame_handle(soc, nbuf, 1594 mpdu_desc_info, tid, 1595 HAL_REO_ERROR_DETECTED, 1596 err_code); 1597 } 1598 1599 switch (err_code) { 1600 case HAL_REO_ERR_REGULAR_FRAME_2K_JUMP: 1601 case HAL_REO_ERR_2K_ERROR_HANDLING_FLAG_SET: 1602 case HAL_REO_ERR_BAR_FRAME_2K_JUMP: 1603 /* 1604 * only first msdu, mpdu start description tlv valid? 1605 * and use it for following msdu. 1606 */ 1607 if (hal_rx_msdu_end_first_msdu_get(soc->hal_soc, 1608 rx_tlv_hdr_last)) 1609 tid = hal_rx_mpdu_start_tid_get( 1610 soc->hal_soc, 1611 rx_tlv_hdr_first); 1612 1613 dp_2k_jump_handle(soc, nbuf, rx_tlv_hdr_last, 1614 peer_id, tid); 1615 break; 1616 case HAL_REO_ERR_REGULAR_FRAME_OOR: 1617 case HAL_REO_ERR_BAR_FRAME_OOR: 1618 dp_rx_oor_handle(soc, nbuf, peer_id, rx_tlv_hdr_last); 1619 break; 1620 case HAL_REO_ERR_QUEUE_DESC_ADDR_0: 1621 txrx_peer = dp_tgt_txrx_peer_get_ref_by_id( 1622 soc, peer_id, 1623 &txrx_ref_handle, 1624 DP_MOD_ID_RX_ERR); 1625 if (!txrx_peer) 1626 dp_info_rl("txrx_peer is null peer_id %u", 1627 peer_id); 1628 dp_rx_null_q_desc_handle(soc, nbuf, rx_tlv_hdr_last, 1629 rx_desc_pool_id, txrx_peer); 1630 if (txrx_peer) 1631 dp_txrx_peer_unref_delete(txrx_ref_handle, 1632 DP_MOD_ID_RX_ERR); 1633 break; 1634 default: 1635 dp_err_rl("Non-support error code %d", err_code); 1636 dp_rx_nbuf_free(nbuf); 1637 } 1638 1639 process_next_msdu: 1640 msdu_processed++; 1641 head_nbuf = NULL; 1642 tail_nbuf = NULL; 1643 } 1644 1645 /* 1646 * If the msdu's are spread across multiple link-descriptors, 1647 * we cannot depend solely on the msdu_count(e.g., if msdu is 1648 * spread across multiple buffers).Hence, it is 1649 * necessary to check the next link_descriptor and release 1650 * all the msdu's that are part of it. 1651 */ 1652 hal_rx_get_next_msdu_link_desc_buf_addr_info( 1653 link_desc_va, 1654 &next_link_desc_addr_info); 1655 1656 if (hal_rx_is_buf_addr_info_valid( 1657 &next_link_desc_addr_info)) { 1658 /* Clear the next link desc info for the current link_desc */ 1659 hal_rx_clear_next_msdu_link_desc_buf_addr_info(link_desc_va); 1660 dp_rx_link_desc_return_by_addr( 1661 soc, 1662 buf_addr_info, 1663 HAL_BM_ACTION_PUT_IN_IDLE_LIST); 1664 1665 hal_rx_buffer_addr_info_get_paddr( 1666 &next_link_desc_addr_info, 1667 &buf_info); 1668 /* buffer_addr_info is the first element of ring_desc */ 1669 hal_rx_buf_cookie_rbm_get(soc->hal_soc, 1670 (uint32_t *)&next_link_desc_addr_info, 1671 &buf_info); 1672 link_desc_va = 1673 dp_rx_cookie_2_link_desc_va(soc, &buf_info); 1674 cur_link_desc_addr_info = next_link_desc_addr_info; 1675 buf_addr_info = &cur_link_desc_addr_info; 1676 1677 goto more_msdu_link_desc; 1678 } 1679 1680 dp_rx_link_desc_return_by_addr(soc, buf_addr_info, 1681 HAL_BM_ACTION_PUT_IN_IDLE_LIST); 1682 if (qdf_unlikely(msdu_processed != mpdu_desc_info->msdu_count)) 1683 DP_STATS_INC(soc, rx.err.msdu_count_mismatch, 1); 1684 1685 return rx_bufs_used; 1686 } 1687 1688 #endif /* QCA_HOST_MODE_WIFI_DISABLED */ 1689 1690 /** 1691 * dp_rx_process_rxdma_err() - Function to deliver rxdma unencrypted_err 1692 * frames to OS or wifi parse errors. 1693 * @soc: core DP main context 1694 * @nbuf: buffer pointer 1695 * @rx_tlv_hdr: start of rx tlv header 1696 * @txrx_peer: peer reference 1697 * @err_code: rxdma err code 1698 * @mac_id: mac_id which is one of 3 mac_ids(Assuming mac_id and 1699 * pool_id has same mapping) 1700 * 1701 * Return: None 1702 */ 1703 void 1704 dp_rx_process_rxdma_err(struct dp_soc *soc, qdf_nbuf_t nbuf, 1705 uint8_t *rx_tlv_hdr, struct dp_txrx_peer *txrx_peer, 1706 uint8_t err_code, uint8_t mac_id) 1707 { 1708 uint32_t pkt_len, l2_hdr_offset; 1709 uint16_t msdu_len; 1710 struct dp_vdev *vdev; 1711 qdf_ether_header_t *eh; 1712 bool is_broadcast; 1713 1714 /* 1715 * Check if DMA completed -- msdu_done is the last bit 1716 * to be written 1717 */ 1718 if (!hal_rx_attn_msdu_done_get(soc->hal_soc, rx_tlv_hdr)) { 1719 1720 dp_err_rl("MSDU DONE failure"); 1721 1722 hal_rx_dump_pkt_tlvs(soc->hal_soc, rx_tlv_hdr, 1723 QDF_TRACE_LEVEL_INFO); 1724 qdf_assert(0); 1725 } 1726 1727 l2_hdr_offset = hal_rx_msdu_end_l3_hdr_padding_get(soc->hal_soc, 1728 rx_tlv_hdr); 1729 msdu_len = hal_rx_msdu_start_msdu_len_get(soc->hal_soc, rx_tlv_hdr); 1730 pkt_len = msdu_len + l2_hdr_offset + soc->rx_pkt_tlv_size; 1731 1732 if (dp_rx_check_pkt_len(soc, pkt_len)) { 1733 /* Drop & free packet */ 1734 dp_rx_nbuf_free(nbuf); 1735 return; 1736 } 1737 /* Set length in nbuf */ 1738 qdf_nbuf_set_pktlen(nbuf, pkt_len); 1739 1740 qdf_nbuf_set_next(nbuf, NULL); 1741 1742 qdf_nbuf_set_rx_chfrag_start(nbuf, 1); 1743 qdf_nbuf_set_rx_chfrag_end(nbuf, 1); 1744 1745 if (!txrx_peer) { 1746 QDF_TRACE_ERROR_RL(QDF_MODULE_ID_DP, "txrx_peer is NULL"); 1747 DP_STATS_INC_PKT(soc, rx.err.rx_invalid_peer, 1, 1748 qdf_nbuf_len(nbuf)); 1749 /* Trigger invalid peer handler wrapper */ 1750 dp_rx_process_invalid_peer_wrapper(soc, nbuf, true, mac_id); 1751 return; 1752 } 1753 1754 vdev = txrx_peer->vdev; 1755 if (!vdev) { 1756 dp_rx_err_info_rl("%pK: INVALID vdev %pK OR osif_rx", soc, 1757 vdev); 1758 /* Drop & free packet */ 1759 dp_rx_nbuf_free(nbuf); 1760 DP_STATS_INC(soc, rx.err.invalid_vdev, 1); 1761 return; 1762 } 1763 1764 /* 1765 * Advance the packet start pointer by total size of 1766 * pre-header TLV's 1767 */ 1768 dp_rx_skip_tlvs(soc, nbuf, l2_hdr_offset); 1769 1770 if (err_code == HAL_RXDMA_ERR_WIFI_PARSE) { 1771 uint8_t *pkt_type; 1772 1773 pkt_type = qdf_nbuf_data(nbuf) + (2 * QDF_MAC_ADDR_SIZE); 1774 if (*(uint16_t *)pkt_type == htons(QDF_ETH_TYPE_8021Q)) { 1775 if (*(uint16_t *)(pkt_type + DP_SKIP_VLAN) == 1776 htons(QDF_LLC_STP)) { 1777 DP_STATS_INC(vdev->pdev, vlan_tag_stp_cnt, 1); 1778 goto process_mesh; 1779 } else { 1780 goto process_rx; 1781 } 1782 } 1783 } 1784 if (vdev->rx_decap_type == htt_cmn_pkt_type_raw) 1785 goto process_mesh; 1786 1787 /* 1788 * WAPI cert AP sends rekey frames as unencrypted. 1789 * Thus RXDMA will report unencrypted frame error. 1790 * To pass WAPI cert case, SW needs to pass unencrypted 1791 * rekey frame to stack. 1792 */ 1793 if (qdf_nbuf_is_ipv4_wapi_pkt(nbuf)) { 1794 goto process_rx; 1795 } 1796 /* 1797 * In dynamic WEP case rekey frames are not encrypted 1798 * similar to WAPI. Allow EAPOL when 8021+wep is enabled and 1799 * key install is already done 1800 */ 1801 if ((vdev->sec_type == cdp_sec_type_wep104) && 1802 (qdf_nbuf_is_ipv4_eapol_pkt(nbuf))) 1803 goto process_rx; 1804 1805 process_mesh: 1806 1807 if (!vdev->mesh_vdev && err_code == HAL_RXDMA_ERR_UNENCRYPTED) { 1808 dp_rx_nbuf_free(nbuf); 1809 DP_STATS_INC(soc, rx.err.invalid_vdev, 1); 1810 return; 1811 } 1812 1813 if (vdev->mesh_vdev) { 1814 if (dp_rx_filter_mesh_packets(vdev, nbuf, rx_tlv_hdr) 1815 == QDF_STATUS_SUCCESS) { 1816 dp_rx_err_info("%pK: mesh pkt filtered", soc); 1817 DP_STATS_INC(vdev->pdev, dropped.mesh_filter, 1); 1818 1819 dp_rx_nbuf_free(nbuf); 1820 return; 1821 } 1822 dp_rx_fill_mesh_stats(vdev, nbuf, rx_tlv_hdr, txrx_peer); 1823 } 1824 process_rx: 1825 if (qdf_unlikely(hal_rx_msdu_end_da_is_mcbc_get(soc->hal_soc, 1826 rx_tlv_hdr) && 1827 (vdev->rx_decap_type == 1828 htt_cmn_pkt_type_ethernet))) { 1829 eh = (qdf_ether_header_t *)qdf_nbuf_data(nbuf); 1830 is_broadcast = (QDF_IS_ADDR_BROADCAST 1831 (eh->ether_dhost)) ? 1 : 0 ; 1832 DP_PEER_PER_PKT_STATS_INC_PKT(txrx_peer, rx.multicast, 1, 1833 qdf_nbuf_len(nbuf)); 1834 if (is_broadcast) { 1835 DP_PEER_PER_PKT_STATS_INC_PKT(txrx_peer, rx.bcast, 1, 1836 qdf_nbuf_len(nbuf)); 1837 } 1838 } 1839 1840 if (qdf_unlikely(vdev->rx_decap_type == htt_cmn_pkt_type_raw)) { 1841 dp_rx_deliver_raw(vdev, nbuf, txrx_peer); 1842 } else { 1843 /* Update the protocol tag in SKB based on CCE metadata */ 1844 dp_rx_update_protocol_tag(soc, vdev, nbuf, rx_tlv_hdr, 1845 EXCEPTION_DEST_RING_ID, true, true); 1846 /* Update the flow tag in SKB based on FSE metadata */ 1847 dp_rx_update_flow_tag(soc, vdev, nbuf, rx_tlv_hdr, true); 1848 DP_PEER_STATS_FLAT_INC(txrx_peer, to_stack.num, 1); 1849 qdf_nbuf_set_exc_frame(nbuf, 1); 1850 dp_rx_deliver_to_stack(soc, vdev, txrx_peer, nbuf, NULL); 1851 } 1852 1853 return; 1854 } 1855 1856 /** 1857 * dp_rx_process_mic_error(): Function to pass mic error indication to umac 1858 * @soc: core DP main context 1859 * @nbuf: buffer pointer 1860 * @rx_tlv_hdr: start of rx tlv header 1861 * @txrx_peer: txrx peer handle 1862 * 1863 * return: void 1864 */ 1865 void dp_rx_process_mic_error(struct dp_soc *soc, qdf_nbuf_t nbuf, 1866 uint8_t *rx_tlv_hdr, 1867 struct dp_txrx_peer *txrx_peer) 1868 { 1869 struct dp_vdev *vdev = NULL; 1870 struct dp_pdev *pdev = NULL; 1871 struct ol_if_ops *tops = NULL; 1872 uint16_t rx_seq, fragno; 1873 uint8_t is_raw; 1874 unsigned int tid; 1875 QDF_STATUS status; 1876 struct cdp_rx_mic_err_info mic_failure_info; 1877 1878 if (!hal_rx_msdu_end_first_msdu_get(soc->hal_soc, 1879 rx_tlv_hdr)) 1880 return; 1881 1882 if (!txrx_peer) { 1883 dp_info_rl("txrx_peer not found"); 1884 goto fail; 1885 } 1886 1887 vdev = txrx_peer->vdev; 1888 if (!vdev) { 1889 dp_info_rl("VDEV not found"); 1890 goto fail; 1891 } 1892 1893 pdev = vdev->pdev; 1894 if (!pdev) { 1895 dp_info_rl("PDEV not found"); 1896 goto fail; 1897 } 1898 1899 is_raw = HAL_IS_DECAP_FORMAT_RAW(soc->hal_soc, qdf_nbuf_data(nbuf)); 1900 if (is_raw) { 1901 fragno = dp_rx_frag_get_mpdu_frag_number(soc, 1902 qdf_nbuf_data(nbuf)); 1903 /* Can get only last fragment */ 1904 if (fragno) { 1905 tid = hal_rx_mpdu_start_tid_get(soc->hal_soc, 1906 qdf_nbuf_data(nbuf)); 1907 rx_seq = hal_rx_get_rx_sequence(soc->hal_soc, 1908 qdf_nbuf_data(nbuf)); 1909 1910 status = dp_rx_defrag_add_last_frag(soc, txrx_peer, 1911 tid, rx_seq, nbuf); 1912 dp_info_rl("Frag pkt seq# %d frag# %d consumed " 1913 "status %d !", rx_seq, fragno, status); 1914 return; 1915 } 1916 } 1917 1918 if (hal_rx_mpdu_get_addr1(soc->hal_soc, qdf_nbuf_data(nbuf), 1919 &mic_failure_info.da_mac_addr.bytes[0])) { 1920 dp_err_rl("Failed to get da_mac_addr"); 1921 goto fail; 1922 } 1923 1924 if (hal_rx_mpdu_get_addr2(soc->hal_soc, qdf_nbuf_data(nbuf), 1925 &mic_failure_info.ta_mac_addr.bytes[0])) { 1926 dp_err_rl("Failed to get ta_mac_addr"); 1927 goto fail; 1928 } 1929 1930 mic_failure_info.key_id = 0; 1931 mic_failure_info.multicast = 1932 IEEE80211_IS_MULTICAST(mic_failure_info.da_mac_addr.bytes); 1933 qdf_mem_zero(mic_failure_info.tsc, MIC_SEQ_CTR_SIZE); 1934 mic_failure_info.frame_type = cdp_rx_frame_type_802_11; 1935 mic_failure_info.data = NULL; 1936 mic_failure_info.vdev_id = vdev->vdev_id; 1937 1938 tops = pdev->soc->cdp_soc.ol_ops; 1939 if (tops->rx_mic_error) 1940 tops->rx_mic_error(soc->ctrl_psoc, pdev->pdev_id, 1941 &mic_failure_info); 1942 1943 fail: 1944 dp_rx_nbuf_free(nbuf); 1945 return; 1946 } 1947 1948 #if defined(WLAN_FEATURE_11BE_MLO) && defined(WLAN_MLO_MULTI_CHIP) && \ 1949 defined(WLAN_MCAST_MLO) 1950 static bool dp_rx_igmp_handler(struct dp_soc *soc, 1951 struct dp_vdev *vdev, 1952 struct dp_txrx_peer *peer, 1953 qdf_nbuf_t nbuf) 1954 { 1955 if (soc->arch_ops.dp_rx_mcast_handler) { 1956 if (soc->arch_ops.dp_rx_mcast_handler(soc, vdev, peer, nbuf)) 1957 return true; 1958 } 1959 return false; 1960 } 1961 #else 1962 static bool dp_rx_igmp_handler(struct dp_soc *soc, 1963 struct dp_vdev *vdev, 1964 struct dp_txrx_peer *peer, 1965 qdf_nbuf_t nbuf) 1966 { 1967 return false; 1968 } 1969 #endif 1970 1971 /** 1972 * dp_rx_err_route_hdl() - Function to send EAPOL frames to stack 1973 * Free any other packet which comes in 1974 * this path. 1975 * 1976 * @soc: core DP main context 1977 * @nbuf: buffer pointer 1978 * @txrx_peer: txrx peer handle 1979 * @rx_tlv_hdr: start of rx tlv header 1980 * @err_src: rxdma/reo 1981 * 1982 * This function indicates EAPOL frame received in wbm error ring to stack. 1983 * Any other frame should be dropped. 1984 * 1985 * Return: SUCCESS if delivered to stack 1986 */ 1987 static void 1988 dp_rx_err_route_hdl(struct dp_soc *soc, qdf_nbuf_t nbuf, 1989 struct dp_txrx_peer *txrx_peer, uint8_t *rx_tlv_hdr, 1990 enum hal_rx_wbm_error_source err_src) 1991 { 1992 uint32_t pkt_len; 1993 uint16_t msdu_len; 1994 struct dp_vdev *vdev; 1995 struct hal_rx_msdu_metadata msdu_metadata; 1996 bool is_eapol; 1997 1998 hal_rx_msdu_metadata_get(soc->hal_soc, rx_tlv_hdr, &msdu_metadata); 1999 msdu_len = hal_rx_msdu_start_msdu_len_get(soc->hal_soc, rx_tlv_hdr); 2000 pkt_len = msdu_len + msdu_metadata.l3_hdr_pad + soc->rx_pkt_tlv_size; 2001 2002 if (qdf_likely(!qdf_nbuf_is_frag(nbuf))) { 2003 if (dp_rx_check_pkt_len(soc, pkt_len)) 2004 goto drop_nbuf; 2005 2006 /* Set length in nbuf */ 2007 qdf_nbuf_set_pktlen( 2008 nbuf, qdf_min(pkt_len, (uint32_t)RX_DATA_BUFFER_SIZE)); 2009 qdf_assert_always(nbuf->data == rx_tlv_hdr); 2010 } 2011 2012 /* 2013 * Check if DMA completed -- msdu_done is the last bit 2014 * to be written 2015 */ 2016 if (!hal_rx_attn_msdu_done_get(soc->hal_soc, rx_tlv_hdr)) { 2017 dp_err_rl("MSDU DONE failure"); 2018 hal_rx_dump_pkt_tlvs(soc->hal_soc, rx_tlv_hdr, 2019 QDF_TRACE_LEVEL_INFO); 2020 qdf_assert(0); 2021 } 2022 2023 if (!txrx_peer) 2024 goto drop_nbuf; 2025 2026 vdev = txrx_peer->vdev; 2027 if (!vdev) { 2028 dp_err_rl("Null vdev!"); 2029 DP_STATS_INC(soc, rx.err.invalid_vdev, 1); 2030 goto drop_nbuf; 2031 } 2032 2033 /* 2034 * Advance the packet start pointer by total size of 2035 * pre-header TLV's 2036 */ 2037 if (qdf_nbuf_is_frag(nbuf)) 2038 qdf_nbuf_pull_head(nbuf, soc->rx_pkt_tlv_size); 2039 else 2040 qdf_nbuf_pull_head(nbuf, (msdu_metadata.l3_hdr_pad + 2041 soc->rx_pkt_tlv_size)); 2042 2043 if (dp_rx_igmp_handler(soc, vdev, txrx_peer, nbuf)) 2044 return; 2045 2046 dp_vdev_peer_stats_update_protocol_cnt(vdev, nbuf, NULL, 0, 1); 2047 2048 /* 2049 * Indicate EAPOL frame to stack only when vap mac address 2050 * matches the destination address. 2051 */ 2052 is_eapol = qdf_nbuf_is_ipv4_eapol_pkt(nbuf); 2053 if (is_eapol || qdf_nbuf_is_ipv4_wapi_pkt(nbuf)) { 2054 qdf_ether_header_t *eh = 2055 (qdf_ether_header_t *)qdf_nbuf_data(nbuf); 2056 if (dp_rx_err_match_dhost(eh, vdev)) { 2057 DP_STATS_INC_PKT(vdev, rx_i.routed_eapol_pkt, 1, 2058 qdf_nbuf_len(nbuf)); 2059 2060 /* 2061 * Update the protocol tag in SKB based on 2062 * CCE metadata. 2063 */ 2064 dp_rx_update_protocol_tag(soc, vdev, nbuf, rx_tlv_hdr, 2065 EXCEPTION_DEST_RING_ID, 2066 true, true); 2067 /* Update the flow tag in SKB based on FSE metadata */ 2068 dp_rx_update_flow_tag(soc, vdev, nbuf, rx_tlv_hdr, 2069 true); 2070 DP_PEER_TO_STACK_INCC_PKT(txrx_peer, 1, 2071 qdf_nbuf_len(nbuf), 2072 vdev->pdev->enhanced_stats_en); 2073 qdf_nbuf_set_exc_frame(nbuf, 1); 2074 qdf_nbuf_set_next(nbuf, NULL); 2075 2076 dp_rx_deliver_to_osif_stack(soc, vdev, txrx_peer, nbuf, 2077 NULL, is_eapol); 2078 2079 return; 2080 } 2081 } 2082 2083 drop_nbuf: 2084 2085 DP_STATS_INCC(soc, rx.reo2rel_route_drop, 1, 2086 err_src == HAL_RX_WBM_ERR_SRC_REO); 2087 DP_STATS_INCC(soc, rx.rxdma2rel_route_drop, 1, 2088 err_src == HAL_RX_WBM_ERR_SRC_RXDMA); 2089 2090 dp_rx_nbuf_free(nbuf); 2091 } 2092 2093 #ifndef QCA_HOST_MODE_WIFI_DISABLED 2094 2095 #ifdef DP_RX_DESC_COOKIE_INVALIDATE 2096 /** 2097 * dp_rx_link_cookie_check() - Validate link desc cookie 2098 * @ring_desc: ring descriptor 2099 * 2100 * Return: qdf status 2101 */ 2102 static inline QDF_STATUS 2103 dp_rx_link_cookie_check(hal_ring_desc_t ring_desc) 2104 { 2105 if (qdf_unlikely(HAL_RX_REO_BUF_LINK_COOKIE_INVALID_GET(ring_desc))) 2106 return QDF_STATUS_E_FAILURE; 2107 2108 return QDF_STATUS_SUCCESS; 2109 } 2110 2111 /** 2112 * dp_rx_link_cookie_invalidate() - Invalidate link desc cookie 2113 * @ring_desc: ring descriptor 2114 * 2115 * Return: None 2116 */ 2117 static inline void 2118 dp_rx_link_cookie_invalidate(hal_ring_desc_t ring_desc) 2119 { 2120 HAL_RX_REO_BUF_LINK_COOKIE_INVALID_SET(ring_desc); 2121 } 2122 #else 2123 static inline QDF_STATUS 2124 dp_rx_link_cookie_check(hal_ring_desc_t ring_desc) 2125 { 2126 return QDF_STATUS_SUCCESS; 2127 } 2128 2129 static inline void 2130 dp_rx_link_cookie_invalidate(hal_ring_desc_t ring_desc) 2131 { 2132 } 2133 #endif 2134 2135 #ifdef WLAN_FEATURE_DP_RX_RING_HISTORY 2136 /** 2137 * dp_rx_err_ring_record_entry() - Record rx err ring history 2138 * @soc: Datapath soc structure 2139 * @paddr: paddr of the buffer in RX err ring 2140 * @sw_cookie: SW cookie of the buffer in RX err ring 2141 * @rbm: Return buffer manager of the buffer in RX err ring 2142 * 2143 * Returns: None 2144 */ 2145 static inline void 2146 dp_rx_err_ring_record_entry(struct dp_soc *soc, uint64_t paddr, 2147 uint32_t sw_cookie, uint8_t rbm) 2148 { 2149 struct dp_buf_info_record *record; 2150 uint32_t idx; 2151 2152 if (qdf_unlikely(!soc->rx_err_ring_history)) 2153 return; 2154 2155 idx = dp_history_get_next_index(&soc->rx_err_ring_history->index, 2156 DP_RX_ERR_HIST_MAX); 2157 2158 /* No NULL check needed for record since its an array */ 2159 record = &soc->rx_err_ring_history->entry[idx]; 2160 2161 record->timestamp = qdf_get_log_timestamp(); 2162 record->hbi.paddr = paddr; 2163 record->hbi.sw_cookie = sw_cookie; 2164 record->hbi.rbm = rbm; 2165 } 2166 #else 2167 static inline void 2168 dp_rx_err_ring_record_entry(struct dp_soc *soc, uint64_t paddr, 2169 uint32_t sw_cookie, uint8_t rbm) 2170 { 2171 } 2172 #endif 2173 2174 #ifdef HANDLE_RX_REROUTE_ERR 2175 static int dp_rx_err_handle_msdu_buf(struct dp_soc *soc, 2176 hal_ring_desc_t ring_desc) 2177 { 2178 int lmac_id = DP_INVALID_LMAC_ID; 2179 struct dp_rx_desc *rx_desc; 2180 struct hal_buf_info hbi; 2181 struct dp_pdev *pdev; 2182 struct rx_desc_pool *rx_desc_pool; 2183 2184 hal_rx_reo_buf_paddr_get(soc->hal_soc, ring_desc, &hbi); 2185 2186 rx_desc = dp_rx_cookie_2_va_rxdma_buf(soc, hbi.sw_cookie); 2187 2188 /* sanity */ 2189 if (!rx_desc) { 2190 DP_STATS_INC(soc, rx.err.reo_err_msdu_buf_invalid_cookie, 1); 2191 goto assert_return; 2192 } 2193 2194 if (!rx_desc->nbuf) 2195 goto assert_return; 2196 2197 dp_rx_err_ring_record_entry(soc, hbi.paddr, 2198 hbi.sw_cookie, 2199 hal_rx_ret_buf_manager_get(soc->hal_soc, 2200 ring_desc)); 2201 if (hbi.paddr != qdf_nbuf_get_frag_paddr(rx_desc->nbuf, 0)) { 2202 DP_STATS_INC(soc, rx.err.nbuf_sanity_fail, 1); 2203 rx_desc->in_err_state = 1; 2204 goto assert_return; 2205 } 2206 2207 rx_desc_pool = &soc->rx_desc_buf[rx_desc->pool_id]; 2208 /* After this point the rx_desc and nbuf are valid */ 2209 dp_ipa_rx_buf_smmu_mapping_lock(soc); 2210 qdf_assert_always(!rx_desc->unmapped); 2211 dp_rx_nbuf_unmap_pool(soc, rx_desc_pool, rx_desc->nbuf); 2212 rx_desc->unmapped = 1; 2213 dp_ipa_rx_buf_smmu_mapping_unlock(soc); 2214 dp_rx_buffer_pool_nbuf_free(soc, rx_desc->nbuf, 2215 rx_desc->pool_id); 2216 2217 pdev = dp_get_pdev_for_lmac_id(soc, rx_desc->pool_id); 2218 lmac_id = rx_desc->pool_id; 2219 dp_rx_add_to_free_desc_list(&pdev->free_list_head, 2220 &pdev->free_list_tail, 2221 rx_desc); 2222 return lmac_id; 2223 2224 assert_return: 2225 qdf_assert(0); 2226 return lmac_id; 2227 } 2228 2229 static int dp_rx_err_exception(struct dp_soc *soc, hal_ring_desc_t ring_desc) 2230 { 2231 int ret; 2232 uint64_t cur_time_stamp; 2233 2234 DP_STATS_INC(soc, rx.err.reo_err_msdu_buf_rcved, 1); 2235 2236 /* Recover if overall error count exceeds threshold */ 2237 if (soc->stats.rx.err.reo_err_msdu_buf_rcved > 2238 DP_MAX_REG_RX_ROUTING_ERRS_THRESHOLD) { 2239 dp_err("pkt threshold breached! reo_err_msdu_buf_rcved %u first err pkt time_stamp %llu", 2240 soc->stats.rx.err.reo_err_msdu_buf_rcved, 2241 soc->rx_route_err_start_pkt_ts); 2242 qdf_trigger_self_recovery(NULL, QDF_RX_REG_PKT_ROUTE_ERR); 2243 } 2244 2245 cur_time_stamp = qdf_get_log_timestamp_usecs(); 2246 if (!soc->rx_route_err_start_pkt_ts) 2247 soc->rx_route_err_start_pkt_ts = cur_time_stamp; 2248 2249 /* Recover if threshold number of packets received in threshold time */ 2250 if ((cur_time_stamp - soc->rx_route_err_start_pkt_ts) > 2251 DP_RX_ERR_ROUTE_TIMEOUT_US) { 2252 soc->rx_route_err_start_pkt_ts = cur_time_stamp; 2253 2254 if (soc->rx_route_err_in_window > 2255 DP_MAX_REG_RX_ROUTING_ERRS_IN_TIMEOUT) { 2256 qdf_trigger_self_recovery(NULL, 2257 QDF_RX_REG_PKT_ROUTE_ERR); 2258 dp_err("rate threshold breached! reo_err_msdu_buf_rcved %u first err pkt time_stamp %llu", 2259 soc->stats.rx.err.reo_err_msdu_buf_rcved, 2260 soc->rx_route_err_start_pkt_ts); 2261 } else { 2262 soc->rx_route_err_in_window = 1; 2263 } 2264 } else { 2265 soc->rx_route_err_in_window++; 2266 } 2267 2268 ret = dp_rx_err_handle_msdu_buf(soc, ring_desc); 2269 2270 return ret; 2271 } 2272 #else /* HANDLE_RX_REROUTE_ERR */ 2273 2274 static int dp_rx_err_exception(struct dp_soc *soc, hal_ring_desc_t ring_desc) 2275 { 2276 qdf_assert_always(0); 2277 2278 return DP_INVALID_LMAC_ID; 2279 } 2280 #endif /* HANDLE_RX_REROUTE_ERR */ 2281 2282 uint32_t 2283 dp_rx_err_process(struct dp_intr *int_ctx, struct dp_soc *soc, 2284 hal_ring_handle_t hal_ring_hdl, uint32_t quota) 2285 { 2286 hal_ring_desc_t ring_desc; 2287 hal_soc_handle_t hal_soc; 2288 uint32_t count = 0; 2289 uint32_t rx_bufs_used = 0; 2290 uint32_t rx_bufs_reaped[MAX_PDEV_CNT] = { 0 }; 2291 uint8_t mac_id = 0; 2292 uint8_t buf_type; 2293 uint8_t err_status; 2294 struct hal_rx_mpdu_desc_info mpdu_desc_info; 2295 struct hal_buf_info hbi; 2296 struct dp_pdev *dp_pdev; 2297 struct dp_srng *dp_rxdma_srng; 2298 struct rx_desc_pool *rx_desc_pool; 2299 void *link_desc_va; 2300 struct hal_rx_msdu_list msdu_list; /* MSDU's per MPDU */ 2301 uint16_t num_msdus; 2302 struct dp_rx_desc *rx_desc = NULL; 2303 QDF_STATUS status; 2304 bool ret; 2305 uint32_t error_code = 0; 2306 bool sw_pn_check_needed; 2307 int max_reap_limit = dp_rx_get_loop_pkt_limit(soc); 2308 int i, rx_bufs_reaped_total; 2309 2310 /* Debug -- Remove later */ 2311 qdf_assert(soc && hal_ring_hdl); 2312 2313 hal_soc = soc->hal_soc; 2314 2315 /* Debug -- Remove later */ 2316 qdf_assert(hal_soc); 2317 2318 if (qdf_unlikely(dp_srng_access_start(int_ctx, soc, hal_ring_hdl))) { 2319 2320 /* TODO */ 2321 /* 2322 * Need API to convert from hal_ring pointer to 2323 * Ring Type / Ring Id combo 2324 */ 2325 DP_STATS_INC(soc, rx.err.hal_ring_access_fail, 1); 2326 dp_rx_err_err("%pK: HAL RING Access Failed -- %pK", soc, 2327 hal_ring_hdl); 2328 goto done; 2329 } 2330 2331 while (qdf_likely(quota-- && (ring_desc = 2332 hal_srng_dst_peek(hal_soc, 2333 hal_ring_hdl)))) { 2334 2335 DP_STATS_INC(soc, rx.err_ring_pkts, 1); 2336 err_status = hal_rx_err_status_get(hal_soc, ring_desc); 2337 buf_type = hal_rx_reo_buf_type_get(hal_soc, ring_desc); 2338 2339 if (err_status == HAL_REO_ERROR_DETECTED) 2340 error_code = hal_rx_get_reo_error_code(hal_soc, 2341 ring_desc); 2342 2343 qdf_mem_set(&mpdu_desc_info, sizeof(mpdu_desc_info), 0); 2344 sw_pn_check_needed = dp_rx_err_is_pn_check_needed(soc, 2345 err_status, 2346 error_code); 2347 if (!sw_pn_check_needed) { 2348 /* 2349 * MPDU desc info will be present in the REO desc 2350 * only in the below scenarios 2351 * 1) pn_in_dest_disabled: always 2352 * 2) pn_in_dest enabled: All cases except 2k-jup 2353 * and OOR errors 2354 */ 2355 hal_rx_mpdu_desc_info_get(hal_soc, ring_desc, 2356 &mpdu_desc_info); 2357 } 2358 2359 if (HAL_RX_REO_DESC_MSDU_COUNT_GET(ring_desc) == 0) 2360 goto next_entry; 2361 2362 /* 2363 * For REO error ring, only MSDU LINK DESC is expected. 2364 * Handle HAL_RX_REO_MSDU_BUF_ADDR_TYPE exception case. 2365 */ 2366 if (qdf_unlikely(buf_type != HAL_RX_REO_MSDU_LINK_DESC_TYPE)) { 2367 int lmac_id; 2368 2369 lmac_id = dp_rx_err_exception(soc, ring_desc); 2370 if (lmac_id >= 0) 2371 rx_bufs_reaped[lmac_id] += 1; 2372 goto next_entry; 2373 } 2374 2375 hal_rx_buf_cookie_rbm_get(hal_soc, (uint32_t *)ring_desc, 2376 &hbi); 2377 /* 2378 * check for the magic number in the sw cookie 2379 */ 2380 qdf_assert_always((hbi.sw_cookie >> LINK_DESC_ID_SHIFT) & 2381 soc->link_desc_id_start); 2382 2383 status = dp_rx_link_cookie_check(ring_desc); 2384 if (qdf_unlikely(QDF_IS_STATUS_ERROR(status))) { 2385 DP_STATS_INC(soc, rx.err.invalid_link_cookie, 1); 2386 break; 2387 } 2388 2389 hal_rx_reo_buf_paddr_get(soc->hal_soc, ring_desc, &hbi); 2390 link_desc_va = dp_rx_cookie_2_link_desc_va(soc, &hbi); 2391 hal_rx_msdu_list_get(soc->hal_soc, link_desc_va, &msdu_list, 2392 &num_msdus); 2393 if (!num_msdus || 2394 !dp_rx_is_sw_cookie_valid(soc, msdu_list.sw_cookie[0])) { 2395 dp_rx_err_info_rl("Invalid MSDU info num_msdus %u cookie: 0x%x", 2396 num_msdus, msdu_list.sw_cookie[0]); 2397 dp_rx_link_desc_return(soc, ring_desc, 2398 HAL_BM_ACTION_PUT_IN_IDLE_LIST); 2399 goto next_entry; 2400 } 2401 2402 dp_rx_err_ring_record_entry(soc, msdu_list.paddr[0], 2403 msdu_list.sw_cookie[0], 2404 msdu_list.rbm[0]); 2405 // TODO - BE- Check if the RBM is to be checked for all chips 2406 if (qdf_unlikely((msdu_list.rbm[0] != 2407 dp_rx_get_rx_bm_id(soc)) && 2408 (msdu_list.rbm[0] != 2409 soc->idle_link_bm_id) && 2410 (msdu_list.rbm[0] != 2411 dp_rx_get_defrag_bm_id(soc)))) { 2412 /* TODO */ 2413 /* Call appropriate handler */ 2414 if (!wlan_cfg_get_dp_soc_nss_cfg(soc->wlan_cfg_ctx)) { 2415 DP_STATS_INC(soc, rx.err.invalid_rbm, 1); 2416 dp_rx_err_err("%pK: Invalid RBM %d", 2417 soc, msdu_list.rbm[0]); 2418 } 2419 2420 /* Return link descriptor through WBM ring (SW2WBM)*/ 2421 dp_rx_link_desc_return(soc, ring_desc, 2422 HAL_BM_ACTION_RELEASE_MSDU_LIST); 2423 goto next_entry; 2424 } 2425 2426 rx_desc = soc->arch_ops.dp_rx_desc_cookie_2_va( 2427 soc, 2428 msdu_list.sw_cookie[0]); 2429 qdf_assert_always(rx_desc); 2430 2431 mac_id = rx_desc->pool_id; 2432 2433 if (sw_pn_check_needed) { 2434 goto process_reo_error_code; 2435 } 2436 2437 if (mpdu_desc_info.bar_frame) { 2438 qdf_assert_always(mpdu_desc_info.msdu_count == 1); 2439 2440 dp_rx_bar_frame_handle(soc, ring_desc, rx_desc, 2441 &mpdu_desc_info, err_status, 2442 error_code); 2443 2444 rx_bufs_reaped[mac_id] += 1; 2445 goto next_entry; 2446 } 2447 2448 if (mpdu_desc_info.mpdu_flags & HAL_MPDU_F_FRAGMENT) { 2449 /* 2450 * We only handle one msdu per link desc for fragmented 2451 * case. We drop the msdus and release the link desc 2452 * back if there are more than one msdu in link desc. 2453 */ 2454 if (qdf_unlikely(num_msdus > 1)) { 2455 count = dp_rx_msdus_drop(soc, ring_desc, 2456 &mpdu_desc_info, 2457 &mac_id, quota); 2458 rx_bufs_reaped[mac_id] += count; 2459 goto next_entry; 2460 } 2461 2462 /* 2463 * this is a unlikely scenario where the host is reaping 2464 * a descriptor which it already reaped just a while ago 2465 * but is yet to replenish it back to HW. 2466 * In this case host will dump the last 128 descriptors 2467 * including the software descriptor rx_desc and assert. 2468 */ 2469 2470 if (qdf_unlikely(!rx_desc->in_use)) { 2471 DP_STATS_INC(soc, rx.err.hal_reo_dest_dup, 1); 2472 dp_info_rl("Reaping rx_desc not in use!"); 2473 dp_rx_dump_info_and_assert(soc, hal_ring_hdl, 2474 ring_desc, rx_desc); 2475 /* ignore duplicate RX desc and continue */ 2476 /* Pop out the descriptor */ 2477 goto next_entry; 2478 } 2479 2480 ret = dp_rx_desc_paddr_sanity_check(rx_desc, 2481 msdu_list.paddr[0]); 2482 if (!ret) { 2483 DP_STATS_INC(soc, rx.err.nbuf_sanity_fail, 1); 2484 rx_desc->in_err_state = 1; 2485 goto next_entry; 2486 } 2487 2488 count = dp_rx_frag_handle(soc, 2489 ring_desc, &mpdu_desc_info, 2490 rx_desc, &mac_id, quota); 2491 2492 rx_bufs_reaped[mac_id] += count; 2493 DP_STATS_INC(soc, rx.rx_frags, 1); 2494 goto next_entry; 2495 } 2496 2497 process_reo_error_code: 2498 /* 2499 * Expect REO errors to be handled after this point 2500 */ 2501 qdf_assert_always(err_status == HAL_REO_ERROR_DETECTED); 2502 2503 dp_info_rl("Got pkt with REO ERROR: %d", error_code); 2504 2505 switch (error_code) { 2506 case HAL_REO_ERR_PN_CHECK_FAILED: 2507 case HAL_REO_ERR_PN_ERROR_HANDLING_FLAG_SET: 2508 DP_STATS_INC(soc, rx.err.reo_error[error_code], 1); 2509 dp_pdev = dp_get_pdev_for_lmac_id(soc, mac_id); 2510 if (dp_pdev) 2511 DP_STATS_INC(dp_pdev, err.reo_error, 1); 2512 count = dp_rx_pn_error_handle(soc, 2513 ring_desc, 2514 &mpdu_desc_info, &mac_id, 2515 quota); 2516 2517 rx_bufs_reaped[mac_id] += count; 2518 break; 2519 case HAL_REO_ERR_REGULAR_FRAME_2K_JUMP: 2520 case HAL_REO_ERR_2K_ERROR_HANDLING_FLAG_SET: 2521 case HAL_REO_ERR_BAR_FRAME_2K_JUMP: 2522 case HAL_REO_ERR_REGULAR_FRAME_OOR: 2523 case HAL_REO_ERR_BAR_FRAME_OOR: 2524 case HAL_REO_ERR_QUEUE_DESC_ADDR_0: 2525 DP_STATS_INC(soc, rx.err.reo_error[error_code], 1); 2526 dp_pdev = dp_get_pdev_for_lmac_id(soc, mac_id); 2527 if (dp_pdev) 2528 DP_STATS_INC(dp_pdev, err.reo_error, 1); 2529 count = dp_rx_reo_err_entry_process( 2530 soc, 2531 ring_desc, 2532 &mpdu_desc_info, 2533 link_desc_va, 2534 error_code); 2535 2536 rx_bufs_reaped[mac_id] += count; 2537 break; 2538 case HAL_REO_ERR_QUEUE_DESC_INVALID: 2539 case HAL_REO_ERR_AMPDU_IN_NON_BA: 2540 case HAL_REO_ERR_NON_BA_DUPLICATE: 2541 case HAL_REO_ERR_BA_DUPLICATE: 2542 case HAL_REO_ERR_BAR_FRAME_NO_BA_SESSION: 2543 case HAL_REO_ERR_BAR_FRAME_SN_EQUALS_SSN: 2544 case HAL_REO_ERR_QUEUE_DESC_BLOCKED_SET: 2545 DP_STATS_INC(soc, rx.err.reo_error[error_code], 1); 2546 count = dp_rx_msdus_drop(soc, ring_desc, 2547 &mpdu_desc_info, 2548 &mac_id, quota); 2549 rx_bufs_reaped[mac_id] += count; 2550 break; 2551 default: 2552 /* Assert if unexpected error type */ 2553 qdf_assert_always(0); 2554 } 2555 next_entry: 2556 dp_rx_link_cookie_invalidate(ring_desc); 2557 hal_srng_dst_get_next(hal_soc, hal_ring_hdl); 2558 2559 rx_bufs_reaped_total = 0; 2560 for (i = 0; i < MAX_PDEV_CNT; i++) 2561 rx_bufs_reaped_total += rx_bufs_reaped[i]; 2562 2563 if (dp_rx_reap_loop_pkt_limit_hit(soc, rx_bufs_reaped_total, 2564 max_reap_limit)) 2565 break; 2566 } 2567 2568 done: 2569 dp_srng_access_end(int_ctx, soc, hal_ring_hdl); 2570 2571 if (soc->rx.flags.defrag_timeout_check) { 2572 uint32_t now_ms = 2573 qdf_system_ticks_to_msecs(qdf_system_ticks()); 2574 2575 if (now_ms >= soc->rx.defrag.next_flush_ms) 2576 dp_rx_defrag_waitlist_flush(soc); 2577 } 2578 2579 for (mac_id = 0; mac_id < MAX_PDEV_CNT; mac_id++) { 2580 if (rx_bufs_reaped[mac_id]) { 2581 dp_pdev = dp_get_pdev_for_lmac_id(soc, mac_id); 2582 dp_rxdma_srng = &soc->rx_refill_buf_ring[mac_id]; 2583 rx_desc_pool = &soc->rx_desc_buf[mac_id]; 2584 2585 dp_rx_buffers_replenish(soc, mac_id, dp_rxdma_srng, 2586 rx_desc_pool, 2587 rx_bufs_reaped[mac_id], 2588 &dp_pdev->free_list_head, 2589 &dp_pdev->free_list_tail, 2590 false); 2591 rx_bufs_used += rx_bufs_reaped[mac_id]; 2592 } 2593 } 2594 2595 return rx_bufs_used; /* Assume no scale factor for now */ 2596 } 2597 2598 #ifdef DROP_RXDMA_DECRYPT_ERR 2599 /** 2600 * dp_handle_rxdma_decrypt_err() - Check if decrypt err frames can be handled 2601 * 2602 * Return: true if rxdma decrypt err frames are handled and false otheriwse 2603 */ 2604 static inline bool dp_handle_rxdma_decrypt_err(void) 2605 { 2606 return false; 2607 } 2608 #else 2609 static inline bool dp_handle_rxdma_decrypt_err(void) 2610 { 2611 return true; 2612 } 2613 #endif 2614 2615 /* 2616 * dp_rx_wbm_sg_list_last_msdu_war() - war for HW issue 2617 * 2618 * This is a war for HW issue where length is only valid in last msdu 2619 *@soc: DP SOC handle 2620 */ 2621 static inline void dp_rx_wbm_sg_list_last_msdu_war(struct dp_soc *soc) 2622 { 2623 if (soc->wbm_sg_last_msdu_war) { 2624 uint32_t len; 2625 qdf_nbuf_t temp = soc->wbm_sg_param.wbm_sg_nbuf_tail; 2626 2627 len = hal_rx_msdu_start_msdu_len_get(soc->hal_soc, 2628 qdf_nbuf_data(temp)); 2629 temp = soc->wbm_sg_param.wbm_sg_nbuf_head; 2630 while (temp) { 2631 QDF_NBUF_CB_RX_PKT_LEN(temp) = len; 2632 temp = temp->next; 2633 } 2634 } 2635 } 2636 2637 #ifdef RX_DESC_DEBUG_CHECK 2638 /** 2639 * dp_rx_wbm_desc_nbuf_sanity_check - Add sanity check to for WBM rx_desc paddr 2640 * corruption 2641 * @soc: core txrx main context 2642 * @hal_ring_hdl: opaque pointer to the HAL Rx Error Ring 2643 * @ring_desc: REO ring descriptor 2644 * @rx_desc: Rx descriptor 2645 * 2646 * Return: NONE 2647 */ 2648 static 2649 QDF_STATUS dp_rx_wbm_desc_nbuf_sanity_check(struct dp_soc *soc, 2650 hal_ring_handle_t hal_ring_hdl, 2651 hal_ring_desc_t ring_desc, 2652 struct dp_rx_desc *rx_desc) 2653 { 2654 struct hal_buf_info hbi; 2655 2656 hal_rx_wbm_rel_buf_paddr_get(soc->hal_soc, ring_desc, &hbi); 2657 /* Sanity check for possible buffer paddr corruption */ 2658 if (dp_rx_desc_paddr_sanity_check(rx_desc, (&hbi)->paddr)) 2659 return QDF_STATUS_SUCCESS; 2660 2661 hal_srng_dump_ring_desc(soc->hal_soc, hal_ring_hdl, ring_desc); 2662 2663 return QDF_STATUS_E_FAILURE; 2664 } 2665 2666 #else 2667 static 2668 QDF_STATUS dp_rx_wbm_desc_nbuf_sanity_check(struct dp_soc *soc, 2669 hal_ring_handle_t hal_ring_hdl, 2670 hal_ring_desc_t ring_desc, 2671 struct dp_rx_desc *rx_desc) 2672 { 2673 return QDF_STATUS_SUCCESS; 2674 } 2675 #endif 2676 2677 static inline bool 2678 dp_rx_is_sg_formation_required(struct hal_wbm_err_desc_info *info) 2679 { 2680 /* 2681 * Currently Null Queue and Unencrypted error handlers has support for 2682 * SG. Other error handler do not deal with SG buffer. 2683 */ 2684 if (((info->wbm_err_src == HAL_RX_WBM_ERR_SRC_REO) && 2685 (info->reo_err_code == HAL_REO_ERR_QUEUE_DESC_ADDR_0)) || 2686 ((info->wbm_err_src == HAL_RX_WBM_ERR_SRC_RXDMA) && 2687 (info->rxdma_err_code == HAL_RXDMA_ERR_UNENCRYPTED))) 2688 return true; 2689 2690 return false; 2691 } 2692 2693 uint32_t 2694 dp_rx_wbm_err_process(struct dp_intr *int_ctx, struct dp_soc *soc, 2695 hal_ring_handle_t hal_ring_hdl, uint32_t quota) 2696 { 2697 hal_ring_desc_t ring_desc; 2698 hal_soc_handle_t hal_soc; 2699 struct dp_rx_desc *rx_desc; 2700 union dp_rx_desc_list_elem_t *head[MAX_PDEV_CNT] = { NULL }; 2701 union dp_rx_desc_list_elem_t *tail[MAX_PDEV_CNT] = { NULL }; 2702 uint32_t rx_bufs_used = 0; 2703 uint32_t rx_bufs_reaped[MAX_PDEV_CNT] = { 0 }; 2704 uint8_t buf_type; 2705 uint8_t mac_id; 2706 struct dp_pdev *dp_pdev; 2707 struct dp_srng *dp_rxdma_srng; 2708 struct rx_desc_pool *rx_desc_pool; 2709 uint8_t *rx_tlv_hdr; 2710 bool is_tkip_mic_err; 2711 qdf_nbuf_t nbuf_head = NULL; 2712 qdf_nbuf_t nbuf_tail = NULL; 2713 qdf_nbuf_t nbuf, next; 2714 struct hal_wbm_err_desc_info wbm_err_info = { 0 }; 2715 uint8_t pool_id; 2716 uint8_t tid = 0; 2717 uint8_t msdu_continuation = 0; 2718 bool process_sg_buf = false; 2719 uint32_t wbm_err_src; 2720 QDF_STATUS status; 2721 struct hal_rx_mpdu_desc_info mpdu_desc_info = { 0 }; 2722 2723 /* Debug -- Remove later */ 2724 qdf_assert(soc && hal_ring_hdl); 2725 2726 hal_soc = soc->hal_soc; 2727 2728 /* Debug -- Remove later */ 2729 qdf_assert(hal_soc); 2730 2731 if (qdf_unlikely(dp_srng_access_start(int_ctx, soc, hal_ring_hdl))) { 2732 2733 /* TODO */ 2734 /* 2735 * Need API to convert from hal_ring pointer to 2736 * Ring Type / Ring Id combo 2737 */ 2738 dp_rx_err_err("%pK: HAL RING Access Failed -- %pK", 2739 soc, hal_ring_hdl); 2740 goto done; 2741 } 2742 2743 while (qdf_likely(quota)) { 2744 ring_desc = hal_srng_dst_get_next(hal_soc, hal_ring_hdl); 2745 if (qdf_unlikely(!ring_desc)) 2746 break; 2747 2748 /* XXX */ 2749 buf_type = HAL_RX_WBM_BUF_TYPE_GET(ring_desc); 2750 2751 /* 2752 * For WBM ring, expect only MSDU buffers 2753 */ 2754 qdf_assert_always(buf_type == HAL_RX_WBM_BUF_TYPE_REL_BUF); 2755 2756 wbm_err_src = hal_rx_wbm_err_src_get(hal_soc, ring_desc); 2757 qdf_assert((wbm_err_src == HAL_RX_WBM_ERR_SRC_RXDMA) || 2758 (wbm_err_src == HAL_RX_WBM_ERR_SRC_REO)); 2759 2760 if (soc->arch_ops.dp_wbm_get_rx_desc_from_hal_desc(soc, 2761 ring_desc, 2762 &rx_desc)) { 2763 dp_rx_err_err("get rx desc from hal_desc failed"); 2764 continue; 2765 } 2766 2767 qdf_assert_always(rx_desc); 2768 2769 if (!dp_rx_desc_check_magic(rx_desc)) { 2770 dp_rx_err_err("%pk: Invalid rx_desc %pk", 2771 soc, rx_desc); 2772 continue; 2773 } 2774 2775 /* 2776 * this is a unlikely scenario where the host is reaping 2777 * a descriptor which it already reaped just a while ago 2778 * but is yet to replenish it back to HW. 2779 * In this case host will dump the last 128 descriptors 2780 * including the software descriptor rx_desc and assert. 2781 */ 2782 if (qdf_unlikely(!rx_desc->in_use)) { 2783 DP_STATS_INC(soc, rx.err.hal_wbm_rel_dup, 1); 2784 dp_rx_dump_info_and_assert(soc, hal_ring_hdl, 2785 ring_desc, rx_desc); 2786 continue; 2787 } 2788 2789 hal_rx_wbm_err_info_get(ring_desc, &wbm_err_info, hal_soc); 2790 nbuf = rx_desc->nbuf; 2791 2792 status = dp_rx_wbm_desc_nbuf_sanity_check(soc, hal_ring_hdl, 2793 ring_desc, rx_desc); 2794 if (qdf_unlikely(QDF_IS_STATUS_ERROR(status))) { 2795 DP_STATS_INC(soc, rx.err.nbuf_sanity_fail, 1); 2796 dp_info_rl("Rx error Nbuf %pk sanity check failure!", 2797 nbuf); 2798 rx_desc->in_err_state = 1; 2799 rx_desc->unmapped = 1; 2800 rx_bufs_reaped[rx_desc->pool_id]++; 2801 dp_rx_add_to_free_desc_list(&head[rx_desc->pool_id], 2802 &tail[rx_desc->pool_id], 2803 rx_desc); 2804 2805 continue; 2806 } 2807 2808 /* Get MPDU DESC info */ 2809 hal_rx_mpdu_desc_info_get(hal_soc, ring_desc, &mpdu_desc_info); 2810 2811 if (qdf_likely(mpdu_desc_info.mpdu_flags & 2812 HAL_MPDU_F_QOS_CONTROL_VALID)) 2813 qdf_nbuf_set_tid_val(rx_desc->nbuf, mpdu_desc_info.tid); 2814 2815 rx_desc_pool = &soc->rx_desc_buf[rx_desc->pool_id]; 2816 dp_ipa_rx_buf_smmu_mapping_lock(soc); 2817 dp_rx_nbuf_unmap_pool(soc, rx_desc_pool, nbuf); 2818 rx_desc->unmapped = 1; 2819 dp_ipa_rx_buf_smmu_mapping_unlock(soc); 2820 2821 if (qdf_unlikely(soc->wbm_release_desc_rx_sg_support && 2822 dp_rx_is_sg_formation_required(&wbm_err_info))) { 2823 /* SG is detected from continuation bit */ 2824 msdu_continuation = 2825 hal_rx_wbm_err_msdu_continuation_get(hal_soc, 2826 ring_desc); 2827 if (msdu_continuation && 2828 !(soc->wbm_sg_param.wbm_is_first_msdu_in_sg)) { 2829 /* Update length from first buffer in SG */ 2830 soc->wbm_sg_param.wbm_sg_desc_msdu_len = 2831 hal_rx_msdu_start_msdu_len_get( 2832 soc->hal_soc, 2833 qdf_nbuf_data(nbuf)); 2834 soc->wbm_sg_param.wbm_is_first_msdu_in_sg = true; 2835 } 2836 2837 if (msdu_continuation) { 2838 /* MSDU continued packets */ 2839 qdf_nbuf_set_rx_chfrag_cont(nbuf, 1); 2840 QDF_NBUF_CB_RX_PKT_LEN(nbuf) = 2841 soc->wbm_sg_param.wbm_sg_desc_msdu_len; 2842 } else { 2843 /* This is the terminal packet in SG */ 2844 qdf_nbuf_set_rx_chfrag_start(nbuf, 1); 2845 qdf_nbuf_set_rx_chfrag_end(nbuf, 1); 2846 QDF_NBUF_CB_RX_PKT_LEN(nbuf) = 2847 soc->wbm_sg_param.wbm_sg_desc_msdu_len; 2848 process_sg_buf = true; 2849 } 2850 } 2851 2852 /* 2853 * save the wbm desc info in nbuf TLV. We will need this 2854 * info when we do the actual nbuf processing 2855 */ 2856 wbm_err_info.pool_id = rx_desc->pool_id; 2857 hal_rx_priv_info_set_in_tlv(soc->hal_soc, 2858 qdf_nbuf_data(nbuf), 2859 (uint8_t *)&wbm_err_info, 2860 sizeof(wbm_err_info)); 2861 2862 rx_bufs_reaped[rx_desc->pool_id]++; 2863 2864 if (qdf_nbuf_is_rx_chfrag_cont(nbuf) || process_sg_buf) { 2865 DP_RX_LIST_APPEND(soc->wbm_sg_param.wbm_sg_nbuf_head, 2866 soc->wbm_sg_param.wbm_sg_nbuf_tail, 2867 nbuf); 2868 if (process_sg_buf) { 2869 if (!dp_rx_buffer_pool_refill( 2870 soc, 2871 soc->wbm_sg_param.wbm_sg_nbuf_head, 2872 rx_desc->pool_id)) 2873 DP_RX_MERGE_TWO_LIST( 2874 nbuf_head, nbuf_tail, 2875 soc->wbm_sg_param.wbm_sg_nbuf_head, 2876 soc->wbm_sg_param.wbm_sg_nbuf_tail); 2877 dp_rx_wbm_sg_list_last_msdu_war(soc); 2878 dp_rx_wbm_sg_list_reset(soc); 2879 process_sg_buf = false; 2880 } 2881 } else if (!dp_rx_buffer_pool_refill(soc, nbuf, 2882 rx_desc->pool_id)) { 2883 DP_RX_LIST_APPEND(nbuf_head, nbuf_tail, nbuf); 2884 } 2885 2886 dp_rx_add_to_free_desc_list(&head[rx_desc->pool_id], 2887 &tail[rx_desc->pool_id], 2888 rx_desc); 2889 2890 /* 2891 * if continuation bit is set then we have MSDU spread 2892 * across multiple buffers, let us not decrement quota 2893 * till we reap all buffers of that MSDU. 2894 */ 2895 if (qdf_likely(!msdu_continuation)) 2896 quota -= 1; 2897 } 2898 done: 2899 dp_srng_access_end(int_ctx, soc, hal_ring_hdl); 2900 2901 for (mac_id = 0; mac_id < MAX_PDEV_CNT; mac_id++) { 2902 if (rx_bufs_reaped[mac_id]) { 2903 dp_rxdma_srng = &soc->rx_refill_buf_ring[mac_id]; 2904 rx_desc_pool = &soc->rx_desc_buf[mac_id]; 2905 2906 dp_rx_buffers_replenish(soc, mac_id, dp_rxdma_srng, 2907 rx_desc_pool, rx_bufs_reaped[mac_id], 2908 &head[mac_id], &tail[mac_id], false); 2909 rx_bufs_used += rx_bufs_reaped[mac_id]; 2910 } 2911 } 2912 2913 nbuf = nbuf_head; 2914 while (nbuf) { 2915 struct dp_txrx_peer *txrx_peer; 2916 struct dp_peer *peer; 2917 uint16_t peer_id; 2918 uint8_t err_code; 2919 uint8_t *tlv_hdr; 2920 uint32_t peer_meta_data; 2921 dp_txrx_ref_handle txrx_ref_handle = NULL; 2922 rx_tlv_hdr = qdf_nbuf_data(nbuf); 2923 2924 /* 2925 * retrieve the wbm desc info from nbuf TLV, so we can 2926 * handle error cases appropriately 2927 */ 2928 hal_rx_priv_info_get_from_tlv(soc->hal_soc, rx_tlv_hdr, 2929 (uint8_t *)&wbm_err_info, 2930 sizeof(wbm_err_info)); 2931 2932 peer_meta_data = hal_rx_tlv_peer_meta_data_get(soc->hal_soc, 2933 rx_tlv_hdr); 2934 peer_id = dp_rx_peer_metadata_peer_id_get(soc, peer_meta_data); 2935 txrx_peer = dp_tgt_txrx_peer_get_ref_by_id(soc, peer_id, 2936 &txrx_ref_handle, 2937 DP_MOD_ID_RX_ERR); 2938 2939 if (!txrx_peer) 2940 dp_info_rl("peer is null peer_id%u err_src%u err_rsn%u", 2941 peer_id, wbm_err_info.wbm_err_src, 2942 wbm_err_info.reo_psh_rsn); 2943 2944 /* Set queue_mapping in nbuf to 0 */ 2945 dp_set_rx_queue(nbuf, 0); 2946 2947 next = nbuf->next; 2948 2949 /* 2950 * Form the SG for msdu continued buffers 2951 * QCN9000 has this support 2952 */ 2953 if (qdf_nbuf_is_rx_chfrag_cont(nbuf)) { 2954 nbuf = dp_rx_sg_create(soc, nbuf); 2955 next = nbuf->next; 2956 /* 2957 * SG error handling is not done correctly, 2958 * drop SG frames for now. 2959 */ 2960 dp_rx_nbuf_free(nbuf); 2961 dp_info_rl("scattered msdu dropped"); 2962 nbuf = next; 2963 if (txrx_peer) 2964 dp_txrx_peer_unref_delete(txrx_ref_handle, 2965 DP_MOD_ID_RX_ERR); 2966 continue; 2967 } 2968 2969 if (wbm_err_info.wbm_err_src == HAL_RX_WBM_ERR_SRC_REO) { 2970 if (wbm_err_info.reo_psh_rsn 2971 == HAL_RX_WBM_REO_PSH_RSN_ERROR) { 2972 2973 DP_STATS_INC(soc, 2974 rx.err.reo_error 2975 [wbm_err_info.reo_err_code], 1); 2976 /* increment @pdev level */ 2977 pool_id = wbm_err_info.pool_id; 2978 dp_pdev = dp_get_pdev_for_lmac_id(soc, pool_id); 2979 if (dp_pdev) 2980 DP_STATS_INC(dp_pdev, err.reo_error, 2981 1); 2982 2983 switch (wbm_err_info.reo_err_code) { 2984 /* 2985 * Handling for packets which have NULL REO 2986 * queue descriptor 2987 */ 2988 case HAL_REO_ERR_QUEUE_DESC_ADDR_0: 2989 pool_id = wbm_err_info.pool_id; 2990 dp_rx_null_q_desc_handle(soc, nbuf, 2991 rx_tlv_hdr, 2992 pool_id, 2993 txrx_peer); 2994 break; 2995 /* TODO */ 2996 /* Add per error code accounting */ 2997 case HAL_REO_ERR_REGULAR_FRAME_2K_JUMP: 2998 if (txrx_peer) 2999 DP_PEER_PER_PKT_STATS_INC(txrx_peer, 3000 rx.err.jump_2k_err, 3001 1); 3002 3003 pool_id = wbm_err_info.pool_id; 3004 3005 if (hal_rx_msdu_end_first_msdu_get(soc->hal_soc, 3006 rx_tlv_hdr)) { 3007 tid = 3008 hal_rx_mpdu_start_tid_get(hal_soc, rx_tlv_hdr); 3009 } 3010 QDF_NBUF_CB_RX_PKT_LEN(nbuf) = 3011 hal_rx_msdu_start_msdu_len_get( 3012 soc->hal_soc, rx_tlv_hdr); 3013 nbuf->next = NULL; 3014 dp_2k_jump_handle(soc, nbuf, 3015 rx_tlv_hdr, 3016 peer_id, tid); 3017 break; 3018 case HAL_REO_ERR_REGULAR_FRAME_OOR: 3019 if (txrx_peer) 3020 DP_PEER_PER_PKT_STATS_INC(txrx_peer, 3021 rx.err.oor_err, 3022 1); 3023 if (hal_rx_msdu_end_first_msdu_get(soc->hal_soc, 3024 rx_tlv_hdr)) { 3025 tid = 3026 hal_rx_mpdu_start_tid_get(hal_soc, rx_tlv_hdr); 3027 } 3028 QDF_NBUF_CB_RX_PKT_LEN(nbuf) = 3029 hal_rx_msdu_start_msdu_len_get( 3030 soc->hal_soc, rx_tlv_hdr); 3031 nbuf->next = NULL; 3032 dp_rx_oor_handle(soc, nbuf, 3033 peer_id, 3034 rx_tlv_hdr); 3035 break; 3036 case HAL_REO_ERR_BAR_FRAME_2K_JUMP: 3037 case HAL_REO_ERR_BAR_FRAME_OOR: 3038 peer = dp_peer_get_tgt_peer_by_id(soc, peer_id, DP_MOD_ID_RX_ERR); 3039 if (peer) { 3040 dp_rx_err_handle_bar(soc, peer, 3041 nbuf); 3042 dp_peer_unref_delete(peer, DP_MOD_ID_RX_ERR); 3043 } 3044 dp_rx_nbuf_free(nbuf); 3045 break; 3046 3047 case HAL_REO_ERR_PN_CHECK_FAILED: 3048 case HAL_REO_ERR_PN_ERROR_HANDLING_FLAG_SET: 3049 if (txrx_peer) 3050 DP_PEER_PER_PKT_STATS_INC(txrx_peer, 3051 rx.err.pn_err, 3052 1); 3053 dp_rx_nbuf_free(nbuf); 3054 break; 3055 3056 default: 3057 dp_info_rl("Got pkt with REO ERROR: %d", 3058 wbm_err_info.reo_err_code); 3059 dp_rx_nbuf_free(nbuf); 3060 } 3061 } else if (wbm_err_info.reo_psh_rsn 3062 == HAL_RX_WBM_REO_PSH_RSN_ROUTE) { 3063 dp_rx_err_route_hdl(soc, nbuf, txrx_peer, 3064 rx_tlv_hdr, 3065 HAL_RX_WBM_ERR_SRC_REO); 3066 } else { 3067 /* should not enter here */ 3068 dp_rx_err_alert("invalid reo push reason %u", 3069 wbm_err_info.reo_psh_rsn); 3070 dp_rx_nbuf_free(nbuf); 3071 qdf_assert_always(0); 3072 } 3073 } else if (wbm_err_info.wbm_err_src == 3074 HAL_RX_WBM_ERR_SRC_RXDMA) { 3075 if (wbm_err_info.rxdma_psh_rsn 3076 == HAL_RX_WBM_RXDMA_PSH_RSN_ERROR) { 3077 DP_STATS_INC(soc, 3078 rx.err.rxdma_error 3079 [wbm_err_info.rxdma_err_code], 1); 3080 /* increment @pdev level */ 3081 pool_id = wbm_err_info.pool_id; 3082 dp_pdev = dp_get_pdev_for_lmac_id(soc, pool_id); 3083 if (dp_pdev) 3084 DP_STATS_INC(dp_pdev, 3085 err.rxdma_error, 1); 3086 3087 switch (wbm_err_info.rxdma_err_code) { 3088 case HAL_RXDMA_ERR_UNENCRYPTED: 3089 3090 case HAL_RXDMA_ERR_WIFI_PARSE: 3091 if (txrx_peer) 3092 DP_PEER_PER_PKT_STATS_INC(txrx_peer, 3093 rx.err.rxdma_wifi_parse_err, 3094 1); 3095 3096 pool_id = wbm_err_info.pool_id; 3097 dp_rx_process_rxdma_err(soc, nbuf, 3098 rx_tlv_hdr, 3099 txrx_peer, 3100 wbm_err_info. 3101 rxdma_err_code, 3102 pool_id); 3103 break; 3104 3105 case HAL_RXDMA_ERR_TKIP_MIC: 3106 dp_rx_process_mic_error(soc, nbuf, 3107 rx_tlv_hdr, 3108 txrx_peer); 3109 if (txrx_peer) 3110 DP_PEER_PER_PKT_STATS_INC(txrx_peer, 3111 rx.err.mic_err, 3112 1); 3113 break; 3114 3115 case HAL_RXDMA_ERR_DECRYPT: 3116 /* All the TKIP-MIC failures are treated as Decrypt Errors 3117 * for QCN9224 Targets 3118 */ 3119 is_tkip_mic_err = hal_rx_msdu_end_is_tkip_mic_err(hal_soc, rx_tlv_hdr); 3120 3121 if (is_tkip_mic_err && txrx_peer) { 3122 dp_rx_process_mic_error(soc, nbuf, 3123 rx_tlv_hdr, 3124 txrx_peer); 3125 DP_PEER_PER_PKT_STATS_INC(txrx_peer, 3126 rx.err.mic_err, 3127 1); 3128 break; 3129 } 3130 3131 if (txrx_peer) { 3132 DP_PEER_PER_PKT_STATS_INC(txrx_peer, 3133 rx.err.decrypt_err, 3134 1); 3135 dp_rx_nbuf_free(nbuf); 3136 break; 3137 } 3138 3139 if (!dp_handle_rxdma_decrypt_err()) { 3140 dp_rx_nbuf_free(nbuf); 3141 break; 3142 } 3143 3144 pool_id = wbm_err_info.pool_id; 3145 err_code = wbm_err_info.rxdma_err_code; 3146 tlv_hdr = rx_tlv_hdr; 3147 dp_rx_process_rxdma_err(soc, nbuf, 3148 tlv_hdr, NULL, 3149 err_code, 3150 pool_id); 3151 break; 3152 case HAL_RXDMA_MULTICAST_ECHO: 3153 if (txrx_peer) 3154 DP_PEER_PER_PKT_STATS_INC_PKT(txrx_peer, 3155 rx.mec_drop, 1, 3156 qdf_nbuf_len(nbuf)); 3157 dp_rx_nbuf_free(nbuf); 3158 break; 3159 case HAL_RXDMA_UNAUTHORIZED_WDS: 3160 pool_id = wbm_err_info.pool_id; 3161 err_code = wbm_err_info.rxdma_err_code; 3162 tlv_hdr = rx_tlv_hdr; 3163 dp_rx_process_rxdma_err(soc, nbuf, 3164 tlv_hdr, NULL, 3165 err_code, 3166 pool_id); 3167 break; 3168 default: 3169 dp_rx_nbuf_free(nbuf); 3170 dp_err_rl("RXDMA error %d", 3171 wbm_err_info.rxdma_err_code); 3172 } 3173 } else if (wbm_err_info.rxdma_psh_rsn 3174 == HAL_RX_WBM_RXDMA_PSH_RSN_ROUTE) { 3175 dp_rx_err_route_hdl(soc, nbuf, txrx_peer, 3176 rx_tlv_hdr, 3177 HAL_RX_WBM_ERR_SRC_RXDMA); 3178 } else if (wbm_err_info.rxdma_psh_rsn 3179 == HAL_RX_WBM_RXDMA_PSH_RSN_FLUSH) { 3180 dp_rx_err_err("rxdma push reason %u", 3181 wbm_err_info.rxdma_psh_rsn); 3182 DP_STATS_INC(soc, rx.err.rx_flush_count, 1); 3183 dp_rx_nbuf_free(nbuf); 3184 } else { 3185 /* should not enter here */ 3186 dp_rx_err_alert("invalid rxdma push reason %u", 3187 wbm_err_info.rxdma_psh_rsn); 3188 dp_rx_nbuf_free(nbuf); 3189 qdf_assert_always(0); 3190 } 3191 } else { 3192 /* Should not come here */ 3193 qdf_assert(0); 3194 } 3195 3196 if (txrx_peer) 3197 dp_txrx_peer_unref_delete(txrx_ref_handle, 3198 DP_MOD_ID_RX_ERR); 3199 3200 nbuf = next; 3201 } 3202 return rx_bufs_used; /* Assume no scale factor for now */ 3203 } 3204 3205 #endif /* QCA_HOST_MODE_WIFI_DISABLED */ 3206 3207 /** 3208 * dup_desc_dbg() - dump and assert if duplicate rx desc found 3209 * 3210 * @soc: core DP main context 3211 * @rxdma_dst_ring_desc: void pointer to monitor link descriptor buf addr info 3212 * @rx_desc: void pointer to rx descriptor 3213 * 3214 * Return: void 3215 */ 3216 static void dup_desc_dbg(struct dp_soc *soc, 3217 hal_rxdma_desc_t rxdma_dst_ring_desc, 3218 void *rx_desc) 3219 { 3220 DP_STATS_INC(soc, rx.err.hal_rxdma_err_dup, 1); 3221 dp_rx_dump_info_and_assert( 3222 soc, 3223 soc->rx_rel_ring.hal_srng, 3224 hal_rxdma_desc_to_hal_ring_desc(rxdma_dst_ring_desc), 3225 rx_desc); 3226 } 3227 3228 /** 3229 * dp_rx_err_mpdu_pop() - extract the MSDU's from link descs 3230 * 3231 * @soc: core DP main context 3232 * @mac_id: mac id which is one of 3 mac_ids 3233 * @rxdma_dst_ring_desc: void pointer to monitor link descriptor buf addr info 3234 * @head: head of descs list to be freed 3235 * @tail: tail of decs list to be freed 3236 3237 * Return: number of msdu in MPDU to be popped 3238 */ 3239 static inline uint32_t 3240 dp_rx_err_mpdu_pop(struct dp_soc *soc, uint32_t mac_id, 3241 hal_rxdma_desc_t rxdma_dst_ring_desc, 3242 union dp_rx_desc_list_elem_t **head, 3243 union dp_rx_desc_list_elem_t **tail) 3244 { 3245 void *rx_msdu_link_desc; 3246 qdf_nbuf_t msdu; 3247 qdf_nbuf_t last; 3248 struct hal_rx_msdu_list msdu_list; 3249 uint16_t num_msdus; 3250 struct hal_buf_info buf_info; 3251 uint32_t rx_bufs_used = 0; 3252 uint32_t msdu_cnt; 3253 uint32_t i; 3254 uint8_t push_reason; 3255 uint8_t rxdma_error_code = 0; 3256 uint8_t bm_action = HAL_BM_ACTION_PUT_IN_IDLE_LIST; 3257 struct dp_pdev *pdev = dp_get_pdev_for_lmac_id(soc, mac_id); 3258 uint32_t rx_link_buf_info[HAL_RX_BUFFINFO_NUM_DWORDS]; 3259 hal_rxdma_desc_t ring_desc; 3260 struct rx_desc_pool *rx_desc_pool; 3261 3262 if (!pdev) { 3263 dp_rx_err_debug("%pK: pdev is null for mac_id = %d", 3264 soc, mac_id); 3265 return rx_bufs_used; 3266 } 3267 3268 msdu = 0; 3269 3270 last = NULL; 3271 3272 hal_rx_reo_ent_buf_paddr_get(soc->hal_soc, rxdma_dst_ring_desc, 3273 &buf_info, &msdu_cnt); 3274 3275 push_reason = 3276 hal_rx_reo_ent_rxdma_push_reason_get(rxdma_dst_ring_desc); 3277 if (push_reason == HAL_RX_WBM_RXDMA_PSH_RSN_ERROR) { 3278 rxdma_error_code = 3279 hal_rx_reo_ent_rxdma_error_code_get(rxdma_dst_ring_desc); 3280 } 3281 3282 do { 3283 rx_msdu_link_desc = 3284 dp_rx_cookie_2_link_desc_va(soc, &buf_info); 3285 3286 qdf_assert_always(rx_msdu_link_desc); 3287 3288 hal_rx_msdu_list_get(soc->hal_soc, rx_msdu_link_desc, 3289 &msdu_list, &num_msdus); 3290 3291 if (msdu_list.sw_cookie[0] != HAL_RX_COOKIE_SPECIAL) { 3292 /* if the msdus belongs to NSS offloaded radio && 3293 * the rbm is not SW1_BM then return the msdu_link 3294 * descriptor without freeing the msdus (nbufs). let 3295 * these buffers be given to NSS completion ring for 3296 * NSS to free them. 3297 * else iterate through the msdu link desc list and 3298 * free each msdu in the list. 3299 */ 3300 if (msdu_list.rbm[0] != 3301 HAL_RX_BUF_RBM_SW3_BM(soc->wbm_sw0_bm_id) && 3302 wlan_cfg_get_dp_pdev_nss_enabled( 3303 pdev->wlan_cfg_ctx)) 3304 bm_action = HAL_BM_ACTION_RELEASE_MSDU_LIST; 3305 else { 3306 for (i = 0; i < num_msdus; i++) { 3307 struct dp_rx_desc *rx_desc = 3308 soc->arch_ops. 3309 dp_rx_desc_cookie_2_va( 3310 soc, 3311 msdu_list.sw_cookie[i]); 3312 qdf_assert_always(rx_desc); 3313 msdu = rx_desc->nbuf; 3314 /* 3315 * this is a unlikely scenario 3316 * where the host is reaping 3317 * a descriptor which 3318 * it already reaped just a while ago 3319 * but is yet to replenish 3320 * it back to HW. 3321 * In this case host will dump 3322 * the last 128 descriptors 3323 * including the software descriptor 3324 * rx_desc and assert. 3325 */ 3326 ring_desc = rxdma_dst_ring_desc; 3327 if (qdf_unlikely(!rx_desc->in_use)) { 3328 dup_desc_dbg(soc, 3329 ring_desc, 3330 rx_desc); 3331 continue; 3332 } 3333 3334 if (rx_desc->unmapped == 0) { 3335 rx_desc_pool = 3336 &soc->rx_desc_buf[rx_desc->pool_id]; 3337 dp_ipa_rx_buf_smmu_mapping_lock(soc); 3338 dp_rx_nbuf_unmap_pool(soc, 3339 rx_desc_pool, 3340 msdu); 3341 rx_desc->unmapped = 1; 3342 dp_ipa_rx_buf_smmu_mapping_unlock(soc); 3343 } 3344 3345 dp_rx_err_debug("%pK: msdu_nbuf=%pK ", 3346 soc, msdu); 3347 3348 dp_rx_buffer_pool_nbuf_free(soc, msdu, 3349 rx_desc->pool_id); 3350 rx_bufs_used++; 3351 dp_rx_add_to_free_desc_list(head, 3352 tail, rx_desc); 3353 } 3354 } 3355 } else { 3356 rxdma_error_code = HAL_RXDMA_ERR_WAR; 3357 } 3358 3359 /* 3360 * Store the current link buffer into to the local structure 3361 * to be used for release purpose. 3362 */ 3363 hal_rxdma_buff_addr_info_set(soc->hal_soc, rx_link_buf_info, 3364 buf_info.paddr, buf_info.sw_cookie, 3365 buf_info.rbm); 3366 3367 hal_rx_mon_next_link_desc_get(soc->hal_soc, rx_msdu_link_desc, 3368 &buf_info); 3369 dp_rx_link_desc_return_by_addr(soc, 3370 (hal_buff_addrinfo_t) 3371 rx_link_buf_info, 3372 bm_action); 3373 } while (buf_info.paddr); 3374 3375 DP_STATS_INC(soc, rx.err.rxdma_error[rxdma_error_code], 1); 3376 if (pdev) 3377 DP_STATS_INC(pdev, err.rxdma_error, 1); 3378 3379 if (rxdma_error_code == HAL_RXDMA_ERR_DECRYPT) { 3380 dp_rx_err_err("%pK: Packet received with Decrypt error", soc); 3381 } 3382 3383 return rx_bufs_used; 3384 } 3385 3386 uint32_t 3387 dp_rxdma_err_process(struct dp_intr *int_ctx, struct dp_soc *soc, 3388 uint32_t mac_id, uint32_t quota) 3389 { 3390 struct dp_pdev *pdev = dp_get_pdev_for_lmac_id(soc, mac_id); 3391 hal_rxdma_desc_t rxdma_dst_ring_desc; 3392 hal_soc_handle_t hal_soc; 3393 void *err_dst_srng; 3394 union dp_rx_desc_list_elem_t *head = NULL; 3395 union dp_rx_desc_list_elem_t *tail = NULL; 3396 struct dp_srng *dp_rxdma_srng; 3397 struct rx_desc_pool *rx_desc_pool; 3398 uint32_t work_done = 0; 3399 uint32_t rx_bufs_used = 0; 3400 3401 if (!pdev) 3402 return 0; 3403 3404 err_dst_srng = soc->rxdma_err_dst_ring[mac_id].hal_srng; 3405 3406 if (!err_dst_srng) { 3407 dp_rx_err_err("%pK: HAL Monitor Destination Ring Init Failed -- %pK", 3408 soc, err_dst_srng); 3409 return 0; 3410 } 3411 3412 hal_soc = soc->hal_soc; 3413 3414 qdf_assert(hal_soc); 3415 3416 if (qdf_unlikely(dp_srng_access_start(int_ctx, soc, err_dst_srng))) { 3417 dp_rx_err_err("%pK: HAL Monitor Destination Ring Init Failed -- %pK", 3418 soc, err_dst_srng); 3419 return 0; 3420 } 3421 3422 while (qdf_likely(quota-- && (rxdma_dst_ring_desc = 3423 hal_srng_dst_get_next(hal_soc, err_dst_srng)))) { 3424 3425 rx_bufs_used += dp_rx_err_mpdu_pop(soc, mac_id, 3426 rxdma_dst_ring_desc, 3427 &head, &tail); 3428 } 3429 3430 dp_srng_access_end(int_ctx, soc, err_dst_srng); 3431 3432 if (rx_bufs_used) { 3433 if (wlan_cfg_per_pdev_lmac_ring(soc->wlan_cfg_ctx)) { 3434 dp_rxdma_srng = &soc->rx_refill_buf_ring[mac_id]; 3435 rx_desc_pool = &soc->rx_desc_buf[mac_id]; 3436 } else { 3437 dp_rxdma_srng = &soc->rx_refill_buf_ring[pdev->lmac_id]; 3438 rx_desc_pool = &soc->rx_desc_buf[pdev->lmac_id]; 3439 } 3440 3441 dp_rx_buffers_replenish(soc, mac_id, dp_rxdma_srng, 3442 rx_desc_pool, rx_bufs_used, &head, &tail, false); 3443 3444 work_done += rx_bufs_used; 3445 } 3446 3447 return work_done; 3448 } 3449 3450 #ifndef QCA_HOST_MODE_WIFI_DISABLED 3451 3452 static inline void 3453 dp_wbm_int_err_mpdu_pop(struct dp_soc *soc, uint32_t mac_id, 3454 hal_rxdma_desc_t rxdma_dst_ring_desc, 3455 union dp_rx_desc_list_elem_t **head, 3456 union dp_rx_desc_list_elem_t **tail, 3457 uint32_t *rx_bufs_used) 3458 { 3459 void *rx_msdu_link_desc; 3460 qdf_nbuf_t msdu; 3461 qdf_nbuf_t last; 3462 struct hal_rx_msdu_list msdu_list; 3463 uint16_t num_msdus; 3464 struct hal_buf_info buf_info; 3465 uint32_t msdu_cnt, i; 3466 uint32_t rx_link_buf_info[HAL_RX_BUFFINFO_NUM_DWORDS]; 3467 struct rx_desc_pool *rx_desc_pool; 3468 struct dp_rx_desc *rx_desc; 3469 3470 msdu = 0; 3471 3472 last = NULL; 3473 3474 hal_rx_reo_ent_buf_paddr_get(soc->hal_soc, rxdma_dst_ring_desc, 3475 &buf_info, &msdu_cnt); 3476 3477 do { 3478 rx_msdu_link_desc = 3479 dp_rx_cookie_2_link_desc_va(soc, &buf_info); 3480 3481 if (!rx_msdu_link_desc) { 3482 DP_STATS_INC(soc, tx.wbm_internal_error[WBM_INT_ERROR_REO_NULL_LINK_DESC], 1); 3483 break; 3484 } 3485 3486 hal_rx_msdu_list_get(soc->hal_soc, rx_msdu_link_desc, 3487 &msdu_list, &num_msdus); 3488 3489 if (msdu_list.sw_cookie[0] != HAL_RX_COOKIE_SPECIAL) { 3490 for (i = 0; i < num_msdus; i++) { 3491 if (!dp_rx_is_sw_cookie_valid(soc, msdu_list.sw_cookie[i])) { 3492 dp_rx_err_info_rl("Invalid MSDU info cookie: 0x%x", 3493 msdu_list.sw_cookie[i]); 3494 continue; 3495 } 3496 3497 rx_desc = soc->arch_ops.dp_rx_desc_cookie_2_va( 3498 soc, 3499 msdu_list.sw_cookie[i]); 3500 qdf_assert_always(rx_desc); 3501 rx_desc_pool = 3502 &soc->rx_desc_buf[rx_desc->pool_id]; 3503 msdu = rx_desc->nbuf; 3504 3505 /* 3506 * this is a unlikely scenario where the host is reaping 3507 * a descriptor which it already reaped just a while ago 3508 * but is yet to replenish it back to HW. 3509 */ 3510 if (qdf_unlikely(!rx_desc->in_use) || 3511 qdf_unlikely(!msdu)) { 3512 dp_rx_err_info_rl("Reaping rx_desc not in use!"); 3513 continue; 3514 } 3515 3516 dp_ipa_rx_buf_smmu_mapping_lock(soc); 3517 dp_rx_nbuf_unmap_pool(soc, rx_desc_pool, msdu); 3518 rx_desc->unmapped = 1; 3519 dp_ipa_rx_buf_smmu_mapping_unlock(soc); 3520 3521 dp_rx_buffer_pool_nbuf_free(soc, msdu, 3522 rx_desc->pool_id); 3523 rx_bufs_used[rx_desc->pool_id]++; 3524 dp_rx_add_to_free_desc_list(head, 3525 tail, rx_desc); 3526 } 3527 } 3528 3529 /* 3530 * Store the current link buffer into to the local structure 3531 * to be used for release purpose. 3532 */ 3533 hal_rxdma_buff_addr_info_set(soc->hal_soc, rx_link_buf_info, 3534 buf_info.paddr, buf_info.sw_cookie, 3535 buf_info.rbm); 3536 3537 hal_rx_mon_next_link_desc_get(soc->hal_soc, rx_msdu_link_desc, 3538 &buf_info); 3539 dp_rx_link_desc_return_by_addr(soc, (hal_buff_addrinfo_t) 3540 rx_link_buf_info, 3541 HAL_BM_ACTION_PUT_IN_IDLE_LIST); 3542 } while (buf_info.paddr); 3543 } 3544 3545 /* 3546 * 3547 * dp_handle_wbm_internal_error() - handles wbm_internal_error case 3548 * 3549 * @soc: core DP main context 3550 * @hal_desc: hal descriptor 3551 * @buf_type: indicates if the buffer is of type link disc or msdu 3552 * Return: None 3553 * 3554 * wbm_internal_error is seen in following scenarios : 3555 * 3556 * 1. Null pointers detected in WBM_RELEASE_RING descriptors 3557 * 2. Null pointers detected during delinking process 3558 * 3559 * Some null pointer cases: 3560 * 3561 * a. MSDU buffer pointer is NULL 3562 * b. Next_MSDU_Link_Desc pointer is NULL, with no last msdu flag 3563 * c. MSDU buffer pointer is NULL or Next_Link_Desc pointer is NULL 3564 */ 3565 void 3566 dp_handle_wbm_internal_error(struct dp_soc *soc, void *hal_desc, 3567 uint32_t buf_type) 3568 { 3569 struct hal_buf_info buf_info = {0}; 3570 struct dp_rx_desc *rx_desc = NULL; 3571 struct rx_desc_pool *rx_desc_pool; 3572 uint32_t rx_bufs_reaped[MAX_PDEV_CNT] = {0}; 3573 union dp_rx_desc_list_elem_t *head = NULL; 3574 union dp_rx_desc_list_elem_t *tail = NULL; 3575 uint8_t pool_id; 3576 uint8_t mac_id; 3577 3578 hal_rx_reo_buf_paddr_get(soc->hal_soc, hal_desc, &buf_info); 3579 3580 if (!buf_info.paddr) { 3581 DP_STATS_INC(soc, tx.wbm_internal_error[WBM_INT_ERROR_REO_NULL_BUFFER], 1); 3582 return; 3583 } 3584 3585 /* buffer_addr_info is the first element of ring_desc */ 3586 hal_rx_buf_cookie_rbm_get(soc->hal_soc, (uint32_t *)hal_desc, 3587 &buf_info); 3588 pool_id = DP_RX_DESC_COOKIE_POOL_ID_GET(buf_info.sw_cookie); 3589 3590 if (buf_type == HAL_WBM_RELEASE_RING_2_BUFFER_TYPE) { 3591 DP_STATS_INC(soc, tx.wbm_internal_error[WBM_INT_ERROR_REO_NULL_MSDU_BUFF], 1); 3592 rx_desc = soc->arch_ops.dp_rx_desc_cookie_2_va( 3593 soc, 3594 buf_info.sw_cookie); 3595 3596 if (rx_desc && rx_desc->nbuf) { 3597 rx_desc_pool = &soc->rx_desc_buf[rx_desc->pool_id]; 3598 dp_ipa_rx_buf_smmu_mapping_lock(soc); 3599 dp_rx_nbuf_unmap_pool(soc, rx_desc_pool, 3600 rx_desc->nbuf); 3601 rx_desc->unmapped = 1; 3602 dp_ipa_rx_buf_smmu_mapping_unlock(soc); 3603 3604 dp_rx_buffer_pool_nbuf_free(soc, rx_desc->nbuf, 3605 rx_desc->pool_id); 3606 dp_rx_add_to_free_desc_list(&head, 3607 &tail, 3608 rx_desc); 3609 3610 rx_bufs_reaped[rx_desc->pool_id]++; 3611 } 3612 } else if (buf_type == HAL_WBM_RELEASE_RING_2_DESC_TYPE) { 3613 dp_wbm_int_err_mpdu_pop(soc, pool_id, hal_desc, 3614 &head, &tail, rx_bufs_reaped); 3615 } 3616 3617 for (mac_id = 0; mac_id < MAX_PDEV_CNT; mac_id++) { 3618 struct rx_desc_pool *rx_desc_pool; 3619 struct dp_srng *dp_rxdma_srng; 3620 3621 if (!rx_bufs_reaped[mac_id]) 3622 continue; 3623 3624 DP_STATS_INC(soc, tx.wbm_internal_error[WBM_INT_ERROR_REO_BUFF_REAPED], 1); 3625 dp_rxdma_srng = &soc->rx_refill_buf_ring[mac_id]; 3626 rx_desc_pool = &soc->rx_desc_buf[mac_id]; 3627 3628 dp_rx_buffers_replenish(soc, mac_id, dp_rxdma_srng, 3629 rx_desc_pool, 3630 rx_bufs_reaped[mac_id], 3631 &head, &tail, false); 3632 } 3633 } 3634 3635 #endif /* QCA_HOST_MODE_WIFI_DISABLED */ 3636