ath/carl9170/rx.c

0001 /*
0002  * Atheros CARL9170 driver
0003  *
0004  * 802.11 & command trap routines
0005  *
0006  * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
0007  * Copyright 2009, 2010, Christian Lamparter <chunkeey@googlemail.com>
0008  *
0009  * This program is free software; you can redistribute it and/or modify
0010  * it under the terms of the GNU General Public License as published by
0011  * the Free Software Foundation; either version 2 of the License, or
0012  * (at your option) any later version.
0013  *
0014  * This program is distributed in the hope that it will be useful,
0015  * but WITHOUT ANY WARRANTY; without even the implied warranty of
0016  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
0017  * GNU General Public License for more details.
0018  *
0019  * You should have received a copy of the GNU General Public License
0020  * along with this program; see the file COPYING.  If not, see
0021  * http://www.gnu.org/licenses/.
0022  *
0023  * This file incorporates work covered by the following copyright and
0024  * permission notice:
0025  *    Copyright (c) 2007-2008 Atheros Communications, Inc.
0026  *
0027  *    Permission to use, copy, modify, and/or distribute this software for any
0028  *    purpose with or without fee is hereby granted, provided that the above
0029  *    copyright notice and this permission notice appear in all copies.
0030  *
0031  *    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
0032  *    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
0033  *    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
0034  *    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
0035  *    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
0036  *    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
0037  *    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
0038  */
0039
0040 #include <linux/slab.h>
0041 #include <linux/module.h>
0042 #include <linux/etherdevice.h>
0043 #include <linux/crc32.h>
0044 #include <net/mac80211.h>
0045 #include "carl9170.h"
0046 #include "hw.h"
0047 #include "cmd.h"
0048
0049 static void carl9170_dbg_message(struct ar9170 *ar, const char *buf, u32 len)
0050 {
0051     bool restart = false;
0052     enum carl9170_restart_reasons reason = CARL9170_RR_NO_REASON;
0053
0054     if (len > 3) {
0055         if (memcmp(buf, CARL9170_ERR_MAGIC, 3) == 0) {
0056             ar->fw.err_counter++;
0057             if (ar->fw.err_counter > 3) {
0058                 restart = true;
0059                 reason = CARL9170_RR_TOO_MANY_FIRMWARE_ERRORS;
0060             }
0061         }
0062
0063         if (memcmp(buf, CARL9170_BUG_MAGIC, 3) == 0) {
0064             ar->fw.bug_counter++;
0065             restart = true;
0066             reason = CARL9170_RR_FATAL_FIRMWARE_ERROR;
0067         }
0068     }
0069
0070     wiphy_info(ar->hw->wiphy, "FW: %.*s\n", len, buf);
0071
0072     if (restart)
0073         carl9170_restart(ar, reason);
0074 }
0075
0076 static void carl9170_handle_ps(struct ar9170 *ar, struct carl9170_rsp *rsp)
0077 {
0078     u32 ps;
0079     bool new_ps;
0080
0081     ps = le32_to_cpu(rsp->psm.state);
0082
0083     new_ps = (ps & CARL9170_PSM_COUNTER) != CARL9170_PSM_WAKE;
0084     if (ar->ps.state != new_ps) {
0085         if (!new_ps) {
0086             ar->ps.sleep_ms = jiffies_to_msecs(jiffies -
0087                 ar->ps.last_action);
0088         }
0089
0090         ar->ps.last_action = jiffies;
0091
0092         ar->ps.state = new_ps;
0093     }
0094 }
0095
0096 static int carl9170_check_sequence(struct ar9170 *ar, unsigned int seq)
0097 {
0098     if (ar->cmd_seq < -1)
0099         return 0;
0100
0101     /*
0102      * Initialize Counter
0103      */
0104     if (ar->cmd_seq < 0)
0105         ar->cmd_seq = seq;
0106
0107     /*
0108      * The sequence is strictly monotonic increasing and it never skips!
0109      *
0110      * Therefore we can safely assume that whenever we received an
0111      * unexpected sequence we have lost some valuable data.
0112      */
0113     if (seq != ar->cmd_seq) {
0114         int count;
0115
0116         count = (seq - ar->cmd_seq) % ar->fw.cmd_bufs;
0117
0118         wiphy_err(ar->hw->wiphy, "lost %d command responses/traps! "
0119               "w:%d g:%d\n", count, ar->cmd_seq, seq);
0120
0121         carl9170_restart(ar, CARL9170_RR_LOST_RSP);
0122         return -EIO;
0123     }
0124
0125     ar->cmd_seq = (ar->cmd_seq + 1) % ar->fw.cmd_bufs;
0126     return 0;
0127 }
0128
0129 static void carl9170_cmd_callback(struct ar9170 *ar, u32 len, void *buffer)
0130 {
0131     /*
0132      * Some commands may have a variable response length
0133      * and we cannot predict the correct length in advance.
0134      * So we only check if we provided enough space for the data.
0135      */
0136     if (unlikely(ar->readlen != (len - 4))) {
0137         dev_warn(&ar->udev->dev, "received invalid command response:"
0138              "got %d, instead of %d\n", len - 4, ar->readlen);
0139         print_hex_dump_bytes("carl9170 cmd:", DUMP_PREFIX_OFFSET,
0140             ar->cmd_buf, (ar->cmd.hdr.len + 4) & 0x3f);
0141         print_hex_dump_bytes("carl9170 rsp:", DUMP_PREFIX_OFFSET,
0142             buffer, len);
0143         /*
0144          * Do not complete. The command times out,
0145          * and we get a stack trace from there.
0146          */
0147         carl9170_restart(ar, CARL9170_RR_INVALID_RSP);
0148     }
0149
0150     spin_lock(&ar->cmd_lock);
0151     if (ar->readbuf) {
0152         if (len >= 4)
0153             memcpy(ar->readbuf, buffer + 4, len - 4);
0154
0155         ar->readbuf = NULL;
0156     }
0157     complete(&ar->cmd_wait);
0158     spin_unlock(&ar->cmd_lock);
0159 }
0160
0161 void carl9170_handle_command_response(struct ar9170 *ar, void *buf, u32 len)
0162 {
0163     struct carl9170_rsp *cmd = buf;
0164     struct ieee80211_vif *vif;
0165
0166     if ((cmd->hdr.cmd & CARL9170_RSP_FLAG) != CARL9170_RSP_FLAG) {
0167         if (!(cmd->hdr.cmd & CARL9170_CMD_ASYNC_FLAG))
0168             carl9170_cmd_callback(ar, len, buf);
0169
0170         return;
0171     }
0172
0173     if (unlikely(cmd->hdr.len != (len - 4))) {
0174         if (net_ratelimit()) {
0175             wiphy_err(ar->hw->wiphy, "FW: received over-/under"
0176                 "sized event %x (%d, but should be %d).\n",
0177                    cmd->hdr.cmd, cmd->hdr.len, len - 4);
0178
0179             print_hex_dump_bytes("dump:", DUMP_PREFIX_NONE,
0180                          buf, len);
0181         }
0182
0183         return;
0184     }
0185
0186     /* hardware event handlers */
0187     switch (cmd->hdr.cmd) {
0188     case CARL9170_RSP_PRETBTT:
0189         /* pre-TBTT event */
0190         rcu_read_lock();
0191         vif = carl9170_get_main_vif(ar);
0192
0193         if (!vif) {
0194             rcu_read_unlock();
0195             break;
0196         }
0197
0198         switch (vif->type) {
0199         case NL80211_IFTYPE_STATION:
0200             carl9170_handle_ps(ar, cmd);
0201             break;
0202
0203         case NL80211_IFTYPE_AP:
0204         case NL80211_IFTYPE_ADHOC:
0205         case NL80211_IFTYPE_MESH_POINT:
0206             carl9170_update_beacon(ar, true);
0207             break;
0208
0209         default:
0210             break;
0211         }
0212         rcu_read_unlock();
0213
0214         break;
0215
0216
0217     case CARL9170_RSP_TXCOMP:
0218         /* TX status notification */
0219         carl9170_tx_process_status(ar, cmd);
0220         break;
0221
0222     case CARL9170_RSP_BEACON_CONFIG:
0223         /*
0224          * (IBSS) beacon send notification
0225          * bytes: 04 c2 XX YY B4 B3 B2 B1
0226          *
0227          * XX always 80
0228          * YY always 00
0229          * B1-B4 "should" be the number of send out beacons.
0230          */
0231         break;
0232
0233     case CARL9170_RSP_ATIM:
0234         /* End of Atim Window */
0235         break;
0236
0237     case CARL9170_RSP_WATCHDOG:
0238         /* Watchdog Interrupt */
0239         carl9170_restart(ar, CARL9170_RR_WATCHDOG);
0240         break;
0241
0242     case CARL9170_RSP_TEXT:
0243         /* firmware debug */
0244         carl9170_dbg_message(ar, (char *)buf + 4, len - 4);
0245         break;
0246
0247     case CARL9170_RSP_HEXDUMP:
0248         wiphy_dbg(ar->hw->wiphy, "FW: HD %d\n", len - 4);
0249         print_hex_dump_bytes("FW:", DUMP_PREFIX_NONE,
0250                      (char *)buf + 4, len - 4);
0251         break;
0252
0253     case CARL9170_RSP_RADAR:
0254         if (!net_ratelimit())
0255             break;
0256
0257         wiphy_info(ar->hw->wiphy, "FW: RADAR! Please report this "
0258                "incident to linux-wireless@vger.kernel.org !\n");
0259         break;
0260
0261     case CARL9170_RSP_GPIO:
0262 #ifdef CONFIG_CARL9170_WPC
0263         if (ar->wps.pbc) {
0264             bool state = !!(cmd->gpio.gpio & cpu_to_le32(
0265                 AR9170_GPIO_PORT_WPS_BUTTON_PRESSED));
0266
0267             if (state != ar->wps.pbc_state) {
0268                 ar->wps.pbc_state = state;
0269                 input_report_key(ar->wps.pbc, KEY_WPS_BUTTON,
0270                          state);
0271                 input_sync(ar->wps.pbc);
0272             }
0273         }
0274 #endif /* CONFIG_CARL9170_WPC */
0275         break;
0276
0277     case CARL9170_RSP_BOOT:
0278         complete(&ar->fw_boot_wait);
0279         break;
0280
0281     default:
0282         wiphy_err(ar->hw->wiphy, "FW: received unhandled event %x\n",
0283             cmd->hdr.cmd);
0284         print_hex_dump_bytes("dump:", DUMP_PREFIX_NONE, buf, len);
0285         break;
0286     }
0287 }
0288
0289 static int carl9170_rx_mac_status(struct ar9170 *ar,
0290     struct ar9170_rx_head *head, struct ar9170_rx_macstatus *mac,
0291     struct ieee80211_rx_status *status)
0292 {
0293     struct ieee80211_channel *chan;
0294     u8 error, decrypt;
0295
0296     BUILD_BUG_ON(sizeof(struct ar9170_rx_head) != 12);
0297     BUILD_BUG_ON(sizeof(struct ar9170_rx_macstatus) != 4);
0298
0299     error = mac->error;
0300
0301     if (error & AR9170_RX_ERROR_WRONG_RA) {
0302         if (!ar->sniffer_enabled)
0303             return -EINVAL;
0304     }
0305
0306     if (error & AR9170_RX_ERROR_PLCP) {
0307         if (!(ar->filter_state & FIF_PLCPFAIL))
0308             return -EINVAL;
0309
0310         status->flag |= RX_FLAG_FAILED_PLCP_CRC;
0311     }
0312
0313     if (error & AR9170_RX_ERROR_FCS) {
0314         ar->tx_fcs_errors++;
0315
0316         if (!(ar->filter_state & FIF_FCSFAIL))
0317             return -EINVAL;
0318
0319         status->flag |= RX_FLAG_FAILED_FCS_CRC;
0320     }
0321
0322     decrypt = ar9170_get_decrypt_type(mac);
0323     if (!(decrypt & AR9170_RX_ENC_SOFTWARE) &&
0324         decrypt != AR9170_ENC_ALG_NONE) {
0325         if ((decrypt == AR9170_ENC_ALG_TKIP) &&
0326             (error & AR9170_RX_ERROR_MMIC))
0327             status->flag |= RX_FLAG_MMIC_ERROR;
0328
0329         status->flag |= RX_FLAG_DECRYPTED;
0330     }
0331
0332     if (error & AR9170_RX_ERROR_DECRYPT && !ar->sniffer_enabled)
0333         return -ENODATA;
0334
0335     error &= ~(AR9170_RX_ERROR_MMIC |
0336            AR9170_RX_ERROR_FCS |
0337            AR9170_RX_ERROR_WRONG_RA |
0338            AR9170_RX_ERROR_DECRYPT |
0339            AR9170_RX_ERROR_PLCP);
0340
0341     /* drop any other error frames */
0342     if (unlikely(error)) {
0343         /* TODO: update netdevice's RX dropped/errors statistics */
0344
0345         if (net_ratelimit())
0346             wiphy_dbg(ar->hw->wiphy, "received frame with "
0347                    "suspicious error code (%#x).\n", error);
0348
0349         return -EINVAL;
0350     }
0351
0352     chan = ar->channel;
0353     if (chan) {
0354         status->band = chan->band;
0355         status->freq = chan->center_freq;
0356     }
0357
0358     switch (mac->status & AR9170_RX_STATUS_MODULATION) {
0359     case AR9170_RX_STATUS_MODULATION_CCK:
0360         if (mac->status & AR9170_RX_STATUS_SHORT_PREAMBLE)
0361             status->enc_flags |= RX_ENC_FLAG_SHORTPRE;
0362         switch (head->plcp[0]) {
0363         case AR9170_RX_PHY_RATE_CCK_1M:
0364             status->rate_idx = 0;
0365             break;
0366         case AR9170_RX_PHY_RATE_CCK_2M:
0367             status->rate_idx = 1;
0368             break;
0369         case AR9170_RX_PHY_RATE_CCK_5M:
0370             status->rate_idx = 2;
0371             break;
0372         case AR9170_RX_PHY_RATE_CCK_11M:
0373             status->rate_idx = 3;
0374             break;
0375         default:
0376             if (net_ratelimit()) {
0377                 wiphy_err(ar->hw->wiphy, "invalid plcp cck "
0378                        "rate (%x).\n", head->plcp[0]);
0379             }
0380
0381             return -EINVAL;
0382         }
0383         break;
0384
0385     case AR9170_RX_STATUS_MODULATION_DUPOFDM:
0386     case AR9170_RX_STATUS_MODULATION_OFDM:
0387         switch (head->plcp[0] & 0xf) {
0388         case AR9170_TXRX_PHY_RATE_OFDM_6M:
0389             status->rate_idx = 0;
0390             break;
0391         case AR9170_TXRX_PHY_RATE_OFDM_9M:
0392             status->rate_idx = 1;
0393             break;
0394         case AR9170_TXRX_PHY_RATE_OFDM_12M:
0395             status->rate_idx = 2;
0396             break;
0397         case AR9170_TXRX_PHY_RATE_OFDM_18M:
0398             status->rate_idx = 3;
0399             break;
0400         case AR9170_TXRX_PHY_RATE_OFDM_24M:
0401             status->rate_idx = 4;
0402             break;
0403         case AR9170_TXRX_PHY_RATE_OFDM_36M:
0404             status->rate_idx = 5;
0405             break;
0406         case AR9170_TXRX_PHY_RATE_OFDM_48M:
0407             status->rate_idx = 6;
0408             break;
0409         case AR9170_TXRX_PHY_RATE_OFDM_54M:
0410             status->rate_idx = 7;
0411             break;
0412         default:
0413             if (net_ratelimit()) {
0414                 wiphy_err(ar->hw->wiphy, "invalid plcp ofdm "
0415                     "rate (%x).\n", head->plcp[0]);
0416             }
0417
0418             return -EINVAL;
0419         }
0420         if (status->band == NL80211_BAND_2GHZ)
0421             status->rate_idx += 4;
0422         break;
0423
0424     case AR9170_RX_STATUS_MODULATION_HT:
0425         if (head->plcp[3] & 0x80)
0426             status->bw = RATE_INFO_BW_40;
0427         if (head->plcp[6] & 0x80)
0428             status->enc_flags |= RX_ENC_FLAG_SHORT_GI;
0429
0430         status->rate_idx = clamp(head->plcp[3] & 0x7f, 0, 75);
0431         status->encoding = RX_ENC_HT;
0432         break;
0433
0434     default:
0435         BUG();
0436         return -ENOSYS;
0437     }
0438
0439     return 0;
0440 }
0441
0442 static void carl9170_rx_phy_status(struct ar9170 *ar,
0443     struct ar9170_rx_phystatus *phy, struct ieee80211_rx_status *status)
0444 {
0445     int i;
0446
0447     BUILD_BUG_ON(sizeof(struct ar9170_rx_phystatus) != 20);
0448
0449     for (i = 0; i < 3; i++)
0450         if (phy->rssi[i] != 0x80)
0451             status->antenna |= BIT(i);
0452
0453     /* post-process RSSI */
0454     for (i = 0; i < 7; i++)
0455         if (phy->rssi[i] & 0x80)
0456             phy->rssi[i] = ((~phy->rssi[i] & 0x7f) + 1) & 0x7f;
0457
0458     /* TODO: we could do something with phy_errors */
0459     status->signal = ar->noise[0] + phy->rssi_combined;
0460 }
0461
0462 static struct sk_buff *carl9170_rx_copy_data(u8 *buf, int len)
0463 {
0464     struct sk_buff *skb;
0465     int reserved = 0;
0466     struct ieee80211_hdr *hdr = (void *) buf;
0467
0468     if (ieee80211_is_data_qos(hdr->frame_control)) {
0469         u8 *qc = ieee80211_get_qos_ctl(hdr);
0470         reserved += NET_IP_ALIGN;
0471
0472         if (*qc & IEEE80211_QOS_CTL_A_MSDU_PRESENT)
0473             reserved += NET_IP_ALIGN;
0474     }
0475
0476     if (ieee80211_has_a4(hdr->frame_control))
0477         reserved += NET_IP_ALIGN;
0478
0479     reserved = 32 + (reserved & NET_IP_ALIGN);
0480
0481     skb = dev_alloc_skb(len + reserved);
0482     if (likely(skb)) {
0483         skb_reserve(skb, reserved);
0484         skb_put_data(skb, buf, len);
0485     }
0486
0487     return skb;
0488 }
0489
0490 static u8 *carl9170_find_ie(u8 *data, unsigned int len, u8 ie)
0491 {
0492     struct ieee80211_mgmt *mgmt = (void *)data;
0493     u8 *pos, *end;
0494
0495     pos = (u8 *)mgmt->u.beacon.variable;
0496     end = data + len;
0497     while (pos < end) {
0498         if (pos + 2 + pos[1] > end)
0499             return NULL;
0500
0501         if (pos[0] == ie)
0502             return pos;
0503
0504         pos += 2 + pos[1];
0505     }
0506     return NULL;
0507 }
0508
0509 /*
0510  * NOTE:
0511  *
0512  * The firmware is in charge of waking up the device just before
0513  * the AP is expected to transmit the next beacon.
0514  *
0515  * This leaves the driver with the important task of deciding when
0516  * to set the PHY back to bed again.
0517  */
0518 static void carl9170_ps_beacon(struct ar9170 *ar, void *data, unsigned int len)
0519 {
0520     struct ieee80211_hdr *hdr = data;
0521     struct ieee80211_tim_ie *tim_ie;
0522     struct ath_common *common = &ar->common;
0523     u8 *tim;
0524     u8 tim_len;
0525     bool cam;
0526
0527     if (likely(!(ar->hw->conf.flags & IEEE80211_CONF_PS)))
0528         return;
0529
0530     /* min. beacon length + FCS_LEN */
0531     if (len <= 40 + FCS_LEN)
0532         return;
0533
0534     /* check if this really is a beacon */
0535     /* and only beacons from the associated BSSID, please */
0536     if (!ath_is_mybeacon(common, hdr) || !common->curaid)
0537         return;
0538
0539     ar->ps.last_beacon = jiffies;
0540
0541     tim = carl9170_find_ie(data, len - FCS_LEN, WLAN_EID_TIM);
0542     if (!tim)
0543         return;
0544
0545     if (tim[1] < sizeof(*tim_ie))
0546         return;
0547
0548     tim_len = tim[1];
0549     tim_ie = (struct ieee80211_tim_ie *) &tim[2];
0550
0551     if (!WARN_ON_ONCE(!ar->hw->conf.ps_dtim_period))
0552         ar->ps.dtim_counter = (tim_ie->dtim_count - 1) %
0553             ar->hw->conf.ps_dtim_period;
0554
0555     /* Check whenever the PHY can be turned off again. */
0556
0557     /* 1. What about buffered unicast traffic for our AID? */
0558     cam = ieee80211_check_tim(tim_ie, tim_len, ar->common.curaid);
0559
0560     /* 2. Maybe the AP wants to send multicast/broadcast data? */
0561     cam |= !!(tim_ie->bitmap_ctrl & 0x01);
0562
0563     if (!cam) {
0564         /* back to low-power land. */
0565         ar->ps.off_override &= ~PS_OFF_BCN;
0566         carl9170_ps_check(ar);
0567     } else {
0568         /* force CAM */
0569         ar->ps.off_override |= PS_OFF_BCN;
0570     }
0571 }
0572
0573 static void carl9170_ba_check(struct ar9170 *ar, void *data, unsigned int len)
0574 {
0575     struct ieee80211_bar *bar = data;
0576     struct carl9170_bar_list_entry *entry;
0577     unsigned int queue;
0578
0579     if (likely(!ieee80211_is_back(bar->frame_control)))
0580         return;
0581
0582     if (len <= sizeof(*bar) + FCS_LEN)
0583         return;
0584
0585     queue = TID_TO_WME_AC(((le16_to_cpu(bar->control) &
0586         IEEE80211_BAR_CTRL_TID_INFO_MASK) >>
0587         IEEE80211_BAR_CTRL_TID_INFO_SHIFT) & 7);
0588
0589     rcu_read_lock();
0590     list_for_each_entry_rcu(entry, &ar->bar_list[queue], list) {
0591         struct sk_buff *entry_skb = entry->skb;
0592         struct _carl9170_tx_superframe *super = (void *)entry_skb->data;
0593         struct ieee80211_bar *entry_bar = (void *)super->frame_data;
0594
0595 #define TID_CHECK(a, b) (                       \
0596     ((a) & cpu_to_le16(IEEE80211_BAR_CTRL_TID_INFO_MASK)) ==    \
0597     ((b) & cpu_to_le16(IEEE80211_BAR_CTRL_TID_INFO_MASK)))      \
0598
0599         if (bar->start_seq_num == entry_bar->start_seq_num &&
0600             TID_CHECK(bar->control, entry_bar->control) &&
0601             ether_addr_equal_64bits(bar->ra, entry_bar->ta) &&
0602             ether_addr_equal_64bits(bar->ta, entry_bar->ra)) {
0603             struct ieee80211_tx_info *tx_info;
0604
0605             tx_info = IEEE80211_SKB_CB(entry_skb);
0606             tx_info->flags |= IEEE80211_TX_STAT_ACK;
0607
0608             spin_lock_bh(&ar->bar_list_lock[queue]);
0609             list_del_rcu(&entry->list);
0610             spin_unlock_bh(&ar->bar_list_lock[queue]);
0611             kfree_rcu(entry, head);
0612             break;
0613         }
0614     }
0615     rcu_read_unlock();
0616
0617 #undef TID_CHECK
0618 }
0619
0620 static bool carl9170_ampdu_check(struct ar9170 *ar, u8 *buf, u8 ms,
0621                  struct ieee80211_rx_status *rx_status)
0622 {
0623     __le16 fc;
0624
0625     if ((ms & AR9170_RX_STATUS_MPDU) == AR9170_RX_STATUS_MPDU_SINGLE) {
0626         /*
0627          * This frame is not part of an aMPDU.
0628          * Therefore it is not subjected to any
0629          * of the following content restrictions.
0630          */
0631         return true;
0632     }
0633
0634     rx_status->flag |= RX_FLAG_AMPDU_DETAILS | RX_FLAG_AMPDU_LAST_KNOWN;
0635     rx_status->ampdu_reference = ar->ampdu_ref;
0636
0637     /*
0638      * "802.11n - 7.4a.3 A-MPDU contents" describes in which contexts
0639      * certain frame types can be part of an aMPDU.
0640      *
0641      * In order to keep the processing cost down, I opted for a
0642      * stateless filter solely based on the frame control field.
0643      */
0644
0645     fc = ((struct ieee80211_hdr *)buf)->frame_control;
0646     if (ieee80211_is_data_qos(fc) && ieee80211_is_data_present(fc))
0647         return true;
0648
0649     if (ieee80211_is_ack(fc) || ieee80211_is_back(fc) ||
0650         ieee80211_is_back_req(fc))
0651         return true;
0652
0653     if (ieee80211_is_action(fc))
0654         return true;
0655
0656     return false;
0657 }
0658
0659 static int carl9170_handle_mpdu(struct ar9170 *ar, u8 *buf, int len,
0660                 struct ieee80211_rx_status *status)
0661 {
0662     struct sk_buff *skb;
0663
0664     /* (driver) frame trap handler
0665      *
0666      * Because power-saving mode handing has to be implemented by
0667      * the driver/firmware. We have to check each incoming beacon
0668      * from the associated AP, if there's new data for us (either
0669      * broadcast/multicast or unicast) we have to react quickly.
0670      *
0671      * So, if you have you want to add additional frame trap
0672      * handlers, this would be the perfect place!
0673      */
0674
0675     carl9170_ps_beacon(ar, buf, len);
0676
0677     carl9170_ba_check(ar, buf, len);
0678
0679     skb = carl9170_rx_copy_data(buf, len);
0680     if (!skb)
0681         return -ENOMEM;
0682
0683     memcpy(IEEE80211_SKB_RXCB(skb), status, sizeof(*status));
0684     ieee80211_rx(ar->hw, skb);
0685     return 0;
0686 }
0687
0688 /*
0689  * If the frame alignment is right (or the kernel has
0690  * CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS), and there
0691  * is only a single MPDU in the USB frame, then we could
0692  * submit to mac80211 the SKB directly. However, since
0693  * there may be multiple packets in one SKB in stream
0694  * mode, and we need to observe the proper ordering,
0695  * this is non-trivial.
0696  */
0697 static void carl9170_rx_untie_data(struct ar9170 *ar, u8 *buf, int len)
0698 {
0699     struct ar9170_rx_head *head;
0700     struct ar9170_rx_macstatus *mac;
0701     struct ar9170_rx_phystatus *phy = NULL;
0702     struct ieee80211_rx_status status;
0703     int mpdu_len;
0704     u8 mac_status;
0705
0706     if (!IS_STARTED(ar))
0707         return;
0708
0709     if (unlikely(len < sizeof(*mac)))
0710         goto drop;
0711
0712     memset(&status, 0, sizeof(status));
0713
0714     mpdu_len = len - sizeof(*mac);
0715
0716     mac = (void *)(buf + mpdu_len);
0717     mac_status = mac->status;
0718     switch (mac_status & AR9170_RX_STATUS_MPDU) {
0719     case AR9170_RX_STATUS_MPDU_FIRST:
0720         ar->ampdu_ref++;
0721         /* Aggregated MPDUs start with an PLCP header */
0722         if (likely(mpdu_len >= sizeof(struct ar9170_rx_head))) {
0723             head = (void *) buf;
0724
0725             /*
0726              * The PLCP header needs to be cached for the
0727              * following MIDDLE + LAST A-MPDU packets.
0728              *
0729              * So, if you are wondering why all frames seem
0730              * to share a common RX status information,
0731              * then you have the answer right here...
0732              */
0733             memcpy(&ar->rx_plcp, (void *) buf,
0734                    sizeof(struct ar9170_rx_head));
0735
0736             mpdu_len -= sizeof(struct ar9170_rx_head);
0737             buf += sizeof(struct ar9170_rx_head);
0738
0739             ar->rx_has_plcp = true;
0740         } else {
0741             if (net_ratelimit()) {
0742                 wiphy_err(ar->hw->wiphy, "plcp info "
0743                     "is clipped.\n");
0744             }
0745
0746             goto drop;
0747         }
0748         break;
0749
0750     case AR9170_RX_STATUS_MPDU_LAST:
0751         status.flag |= RX_FLAG_AMPDU_IS_LAST;
0752
0753         /*
0754          * The last frame of an A-MPDU has an extra tail
0755          * which does contain the phy status of the whole
0756          * aggregate.
0757          */
0758         if (likely(mpdu_len >= sizeof(struct ar9170_rx_phystatus))) {
0759             mpdu_len -= sizeof(struct ar9170_rx_phystatus);
0760             phy = (void *)(buf + mpdu_len);
0761         } else {
0762             if (net_ratelimit()) {
0763                 wiphy_err(ar->hw->wiphy, "frame tail "
0764                     "is clipped.\n");
0765             }
0766
0767             goto drop;
0768         }
0769         fallthrough;
0770
0771     case AR9170_RX_STATUS_MPDU_MIDDLE:
0772         /*  These are just data + mac status */
0773         if (unlikely(!ar->rx_has_plcp)) {
0774             if (!net_ratelimit())
0775                 return;
0776
0777             wiphy_err(ar->hw->wiphy, "rx stream does not start "
0778                     "with a first_mpdu frame tag.\n");
0779
0780             goto drop;
0781         }
0782
0783         head = &ar->rx_plcp;
0784         break;
0785
0786     case AR9170_RX_STATUS_MPDU_SINGLE:
0787         /* single mpdu has both: plcp (head) and phy status (tail) */
0788         head = (void *) buf;
0789
0790         mpdu_len -= sizeof(struct ar9170_rx_head);
0791         mpdu_len -= sizeof(struct ar9170_rx_phystatus);
0792
0793         buf += sizeof(struct ar9170_rx_head);
0794         phy = (void *)(buf + mpdu_len);
0795         break;
0796
0797     default:
0798         BUG();
0799         break;
0800     }
0801
0802     /* FC + DU + RA + FCS */
0803     if (unlikely(mpdu_len < (2 + 2 + ETH_ALEN + FCS_LEN)))
0804         goto drop;
0805
0806     if (unlikely(carl9170_rx_mac_status(ar, head, mac, &status)))
0807         goto drop;
0808
0809     if (!carl9170_ampdu_check(ar, buf, mac_status, &status))
0810         goto drop;
0811
0812     if (phy)
0813         carl9170_rx_phy_status(ar, phy, &status);
0814     else
0815         status.flag |= RX_FLAG_NO_SIGNAL_VAL;
0816
0817     if (carl9170_handle_mpdu(ar, buf, mpdu_len, &status))
0818         goto drop;
0819
0820     return;
0821 drop:
0822     ar->rx_dropped++;
0823 }
0824
0825 static void carl9170_rx_untie_cmds(struct ar9170 *ar, const u8 *respbuf,
0826                    const unsigned int resplen)
0827 {
0828     struct carl9170_rsp *cmd;
0829     int i = 0;
0830
0831     while (i < resplen) {
0832         cmd = (void *) &respbuf[i];
0833
0834         i += cmd->hdr.len + 4;
0835         if (unlikely(i > resplen))
0836             break;
0837
0838         if (carl9170_check_sequence(ar, cmd->hdr.seq))
0839             break;
0840
0841         carl9170_handle_command_response(ar, cmd, cmd->hdr.len + 4);
0842     }
0843
0844     if (unlikely(i != resplen)) {
0845         if (!net_ratelimit())
0846             return;
0847
0848         wiphy_err(ar->hw->wiphy, "malformed firmware trap:\n");
0849         print_hex_dump_bytes("rxcmd:", DUMP_PREFIX_OFFSET,
0850                      respbuf, resplen);
0851     }
0852 }
0853
0854 static void __carl9170_rx(struct ar9170 *ar, u8 *buf, unsigned int len)
0855 {
0856     unsigned int i = 0;
0857
0858     /* weird thing, but this is the same in the original driver */
0859     while (len > 2 && i < 12 && buf[0] == 0xff && buf[1] == 0xff) {
0860         i += 2;
0861         len -= 2;
0862         buf += 2;
0863     }
0864
0865     if (unlikely(len < 4))
0866         return;
0867
0868     /* found the 6 * 0xffff marker? */
0869     if (i == 12)
0870         carl9170_rx_untie_cmds(ar, buf, len);
0871     else
0872         carl9170_rx_untie_data(ar, buf, len);
0873 }
0874
0875 static void carl9170_rx_stream(struct ar9170 *ar, void *buf, unsigned int len)
0876 {
0877     unsigned int tlen, wlen = 0, clen = 0;
0878     struct ar9170_stream *rx_stream;
0879     u8 *tbuf;
0880
0881     tbuf = buf;
0882     tlen = len;
0883
0884     while (tlen >= 4) {
0885         rx_stream = (void *) tbuf;
0886         clen = le16_to_cpu(rx_stream->length);
0887         wlen = ALIGN(clen, 4);
0888
0889         /* check if this is stream has a valid tag.*/
0890         if (rx_stream->tag != cpu_to_le16(AR9170_RX_STREAM_TAG)) {
0891             /*
0892              * TODO: handle the highly unlikely event that the
0893              * corrupted stream has the TAG at the right position.
0894              */
0895
0896             /* check if the frame can be repaired. */
0897             if (!ar->rx_failover_missing) {
0898
0899                 /* this is not "short read". */
0900                 if (net_ratelimit()) {
0901                     wiphy_err(ar->hw->wiphy,
0902                         "missing tag!\n");
0903                 }
0904
0905                 __carl9170_rx(ar, tbuf, tlen);
0906                 return;
0907             }
0908
0909             if (ar->rx_failover_missing > tlen) {
0910                 if (net_ratelimit()) {
0911                     wiphy_err(ar->hw->wiphy,
0912                         "possible multi "
0913                         "stream corruption!\n");
0914                     goto err_telluser;
0915                 } else {
0916                     goto err_silent;
0917                 }
0918             }
0919
0920             skb_put_data(ar->rx_failover, tbuf, tlen);
0921             ar->rx_failover_missing -= tlen;
0922
0923             if (ar->rx_failover_missing <= 0) {
0924                 /*
0925                  * nested carl9170_rx_stream call!
0926                  *
0927                  * termination is guaranteed, even when the
0928                  * combined frame also have an element with
0929                  * a bad tag.
0930                  */
0931
0932                 ar->rx_failover_missing = 0;
0933                 carl9170_rx_stream(ar, ar->rx_failover->data,
0934                            ar->rx_failover->len);
0935
0936                 skb_reset_tail_pointer(ar->rx_failover);
0937                 skb_trim(ar->rx_failover, 0);
0938             }
0939
0940             return;
0941         }
0942
0943         /* check if stream is clipped */
0944         if (wlen > tlen - 4) {
0945             if (ar->rx_failover_missing) {
0946                 /* TODO: handle double stream corruption. */
0947                 if (net_ratelimit()) {
0948                     wiphy_err(ar->hw->wiphy, "double rx "
0949                         "stream corruption!\n");
0950                     goto err_telluser;
0951                 } else {
0952                     goto err_silent;
0953                 }
0954             }
0955
0956             /*
0957              * save incomplete data set.
0958              * the firmware will resend the missing bits when
0959              * the rx - descriptor comes round again.
0960              */
0961
0962             skb_put_data(ar->rx_failover, tbuf, tlen);
0963             ar->rx_failover_missing = clen - tlen;
0964             return;
0965         }
0966         __carl9170_rx(ar, rx_stream->payload, clen);
0967
0968         tbuf += wlen + 4;
0969         tlen -= wlen + 4;
0970     }
0971
0972     if (tlen) {
0973         if (net_ratelimit()) {
0974             wiphy_err(ar->hw->wiphy, "%d bytes of unprocessed "
0975                 "data left in rx stream!\n", tlen);
0976         }
0977
0978         goto err_telluser;
0979     }
0980
0981     return;
0982
0983 err_telluser:
0984     wiphy_err(ar->hw->wiphy, "damaged RX stream data [want:%d, "
0985         "data:%d, rx:%d, pending:%d ]\n", clen, wlen, tlen,
0986         ar->rx_failover_missing);
0987
0988     if (ar->rx_failover_missing)
0989         print_hex_dump_bytes("rxbuf:", DUMP_PREFIX_OFFSET,
0990                      ar->rx_failover->data,
0991                      ar->rx_failover->len);
0992
0993     print_hex_dump_bytes("stream:", DUMP_PREFIX_OFFSET,
0994                  buf, len);
0995
0996     wiphy_err(ar->hw->wiphy, "please check your hardware and cables, if "
0997         "you see this message frequently.\n");
0998
0999 err_silent:
1000     if (ar->rx_failover_missing) {
1001         skb_reset_tail_pointer(ar->rx_failover);
1002         skb_trim(ar->rx_failover, 0);
1003         ar->rx_failover_missing = 0;
1004     }
1005 }
1006
1007 void carl9170_rx(struct ar9170 *ar, void *buf, unsigned int len)
1008 {
1009     if (ar->fw.rx_stream)
1010         carl9170_rx_stream(ar, buf, len);
1011     else
1012         __carl9170_rx(ar, buf, len);
1013 }