iwlwifi/dvm/rx.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /******************************************************************************
0003  *
0004  * Copyright(c) 2003 - 2014 Intel Corporation. All rights reserved.
0005  * Copyright(c) 2015 Intel Deutschland GmbH
0006  * Copyright(c) 2018, 2020-2021 Intel Corporation
0007  *
0008  * Portions of this file are derived from the ipw3945 project, as well
0009  * as portionhelp of the ieee80211 subsystem header files.
0010  *****************************************************************************/
0011
0012 #include <linux/etherdevice.h>
0013 #include <linux/slab.h>
0014 #include <linux/sched.h>
0015 #include <net/mac80211.h>
0016 #include <asm/unaligned.h>
0017
0018 #include "iwl-trans.h"
0019 #include "iwl-io.h"
0020 #include "dev.h"
0021 #include "calib.h"
0022 #include "agn.h"
0023
0024 /******************************************************************************
0025  *
0026  * Generic RX handler implementations
0027  *
0028  ******************************************************************************/
0029
0030 static void iwlagn_rx_reply_error(struct iwl_priv *priv,
0031                   struct iwl_rx_cmd_buffer *rxb)
0032 {
0033     struct iwl_rx_packet *pkt = rxb_addr(rxb);
0034     struct iwl_error_resp *err_resp = (void *)pkt->data;
0035
0036     IWL_ERR(priv, "Error Reply type 0x%08X cmd REPLY_ERROR (0x%02X) "
0037         "seq 0x%04X ser 0x%08X\n",
0038         le32_to_cpu(err_resp->error_type),
0039         err_resp->cmd_id,
0040         le16_to_cpu(err_resp->bad_cmd_seq_num),
0041         le32_to_cpu(err_resp->error_info));
0042 }
0043
0044 static void iwlagn_rx_csa(struct iwl_priv *priv, struct iwl_rx_cmd_buffer *rxb)
0045 {
0046     struct iwl_rx_packet *pkt = rxb_addr(rxb);
0047     struct iwl_csa_notification *csa = (void *)pkt->data;
0048     /*
0049      * MULTI-FIXME
0050      * See iwlagn_mac_channel_switch.
0051      */
0052     struct iwl_rxon_context *ctx = &priv->contexts[IWL_RXON_CTX_BSS];
0053     struct iwl_rxon_cmd *rxon = (void *)&ctx->active;
0054
0055     if (!test_bit(STATUS_CHANNEL_SWITCH_PENDING, &priv->status))
0056         return;
0057
0058     if (!le32_to_cpu(csa->status) && csa->channel == priv->switch_channel) {
0059         rxon->channel = csa->channel;
0060         ctx->staging.channel = csa->channel;
0061         IWL_DEBUG_11H(priv, "CSA notif: channel %d\n",
0062                   le16_to_cpu(csa->channel));
0063         iwl_chswitch_done(priv, true);
0064     } else {
0065         IWL_ERR(priv, "CSA notif (fail) : channel %d\n",
0066             le16_to_cpu(csa->channel));
0067         iwl_chswitch_done(priv, false);
0068     }
0069 }
0070
0071
0072 static void iwlagn_rx_spectrum_measure_notif(struct iwl_priv *priv,
0073                          struct iwl_rx_cmd_buffer *rxb)
0074 {
0075     struct iwl_rx_packet *pkt = rxb_addr(rxb);
0076     struct iwl_spectrum_notification *report = (void *)pkt->data;
0077
0078     if (!report->state) {
0079         IWL_DEBUG_11H(priv,
0080             "Spectrum Measure Notification: Start\n");
0081         return;
0082     }
0083
0084     memcpy(&priv->measure_report, report, sizeof(*report));
0085     priv->measurement_status |= MEASUREMENT_READY;
0086 }
0087
0088 static void iwlagn_rx_pm_sleep_notif(struct iwl_priv *priv,
0089                      struct iwl_rx_cmd_buffer *rxb)
0090 {
0091 #ifdef CONFIG_IWLWIFI_DEBUG
0092     struct iwl_rx_packet *pkt = rxb_addr(rxb);
0093     struct iwl_sleep_notification *sleep = (void *)pkt->data;
0094     IWL_DEBUG_RX(priv, "sleep mode: %d, src: %d\n",
0095              sleep->pm_sleep_mode, sleep->pm_wakeup_src);
0096 #endif
0097 }
0098
0099 static void iwlagn_rx_pm_debug_statistics_notif(struct iwl_priv *priv,
0100                         struct iwl_rx_cmd_buffer *rxb)
0101 {
0102     struct iwl_rx_packet *pkt = rxb_addr(rxb);
0103     u32 __maybe_unused len = iwl_rx_packet_len(pkt);
0104     IWL_DEBUG_RADIO(priv, "Dumping %d bytes of unhandled "
0105             "notification for PM_DEBUG_STATISTIC_NOTIFIC:\n", len);
0106     iwl_print_hex_dump(priv, IWL_DL_RADIO, pkt->data, len);
0107 }
0108
0109 static void iwlagn_rx_beacon_notif(struct iwl_priv *priv,
0110                    struct iwl_rx_cmd_buffer *rxb)
0111 {
0112     struct iwl_rx_packet *pkt = rxb_addr(rxb);
0113     struct iwlagn_beacon_notif *beacon = (void *)pkt->data;
0114 #ifdef CONFIG_IWLWIFI_DEBUG
0115     u16 status = le16_to_cpu(beacon->beacon_notify_hdr.status.status);
0116     u8 rate = iwl_hw_get_rate(beacon->beacon_notify_hdr.rate_n_flags);
0117
0118     IWL_DEBUG_RX(priv, "beacon status %#x, retries:%d ibssmgr:%d "
0119         "tsf:0x%.8x%.8x rate:%d\n",
0120         status & TX_STATUS_MSK,
0121         beacon->beacon_notify_hdr.failure_frame,
0122         le32_to_cpu(beacon->ibss_mgr_status),
0123         le32_to_cpu(beacon->high_tsf),
0124         le32_to_cpu(beacon->low_tsf), rate);
0125 #endif
0126
0127     priv->ibss_manager = le32_to_cpu(beacon->ibss_mgr_status);
0128 }
0129
0130 /*
0131  * iwl_good_plcp_health - checks for plcp error.
0132  *
0133  * When the plcp error is exceeding the thresholds, reset the radio
0134  * to improve the throughput.
0135  */
0136 static bool iwlagn_good_plcp_health(struct iwl_priv *priv,
0137                  struct statistics_rx_phy *cur_ofdm,
0138                  struct statistics_rx_ht_phy *cur_ofdm_ht,
0139                  unsigned int msecs)
0140 {
0141     int delta;
0142     int threshold = priv->plcp_delta_threshold;
0143
0144     if (threshold == IWL_MAX_PLCP_ERR_THRESHOLD_DISABLE) {
0145         IWL_DEBUG_RADIO(priv, "plcp_err check disabled\n");
0146         return true;
0147     }
0148
0149     delta = le32_to_cpu(cur_ofdm->plcp_err) -
0150         le32_to_cpu(priv->statistics.rx_ofdm.plcp_err) +
0151         le32_to_cpu(cur_ofdm_ht->plcp_err) -
0152         le32_to_cpu(priv->statistics.rx_ofdm_ht.plcp_err);
0153
0154     /* Can be negative if firmware reset statistics */
0155     if (delta <= 0)
0156         return true;
0157
0158     if ((delta * 100 / msecs) > threshold) {
0159         IWL_DEBUG_RADIO(priv,
0160                 "plcp health threshold %u delta %d msecs %u\n",
0161                 threshold, delta, msecs);
0162         return false;
0163     }
0164
0165     return true;
0166 }
0167
0168 int iwl_force_rf_reset(struct iwl_priv *priv, bool external)
0169 {
0170     struct iwl_rf_reset *rf_reset;
0171
0172     if (test_bit(STATUS_EXIT_PENDING, &priv->status))
0173         return -EAGAIN;
0174
0175     if (!iwl_is_any_associated(priv)) {
0176         IWL_DEBUG_SCAN(priv, "force reset rejected: not associated\n");
0177         return -ENOLINK;
0178     }
0179
0180     rf_reset = &priv->rf_reset;
0181     rf_reset->reset_request_count++;
0182     if (!external && rf_reset->last_reset_jiffies &&
0183         time_after(rf_reset->last_reset_jiffies +
0184                IWL_DELAY_NEXT_FORCE_RF_RESET, jiffies)) {
0185         IWL_DEBUG_INFO(priv, "RF reset rejected\n");
0186         rf_reset->reset_reject_count++;
0187         return -EAGAIN;
0188     }
0189     rf_reset->reset_success_count++;
0190     rf_reset->last_reset_jiffies = jiffies;
0191
0192     /*
0193      * There is no easy and better way to force reset the radio,
0194      * the only known method is switching channel which will force to
0195      * reset and tune the radio.
0196      * Use internal short scan (single channel) operation to should
0197      * achieve this objective.
0198      * Driver should reset the radio when number of consecutive missed
0199      * beacon, or any other uCode error condition detected.
0200      */
0201     IWL_DEBUG_INFO(priv, "perform radio reset.\n");
0202     iwl_internal_short_hw_scan(priv);
0203     return 0;
0204 }
0205
0206
0207 static void iwlagn_recover_from_statistics(struct iwl_priv *priv,
0208                 struct statistics_rx_phy *cur_ofdm,
0209                 struct statistics_rx_ht_phy *cur_ofdm_ht,
0210                 struct statistics_tx *tx,
0211                 unsigned long stamp)
0212 {
0213     unsigned int msecs;
0214
0215     if (test_bit(STATUS_EXIT_PENDING, &priv->status))
0216         return;
0217
0218     msecs = jiffies_to_msecs(stamp - priv->rx_statistics_jiffies);
0219
0220     /* Only gather statistics and update time stamp when not associated */
0221     if (!iwl_is_any_associated(priv))
0222         return;
0223
0224     /* Do not check/recover when do not have enough statistics data */
0225     if (msecs < 99)
0226         return;
0227
0228     if (!iwlagn_good_plcp_health(priv, cur_ofdm, cur_ofdm_ht, msecs))
0229         iwl_force_rf_reset(priv, false);
0230 }
0231
0232 /* Calculate noise level, based on measurements during network silence just
0233  *   before arriving beacon.  This measurement can be done only if we know
0234  *   exactly when to expect beacons, therefore only when we're associated. */
0235 static void iwlagn_rx_calc_noise(struct iwl_priv *priv)
0236 {
0237     struct statistics_rx_non_phy *rx_info;
0238     int num_active_rx = 0;
0239     int total_silence = 0;
0240     int bcn_silence_a, bcn_silence_b, bcn_silence_c;
0241     int last_rx_noise;
0242
0243     rx_info = &priv->statistics.rx_non_phy;
0244
0245     bcn_silence_a =
0246         le32_to_cpu(rx_info->beacon_silence_rssi_a) & IN_BAND_FILTER;
0247     bcn_silence_b =
0248         le32_to_cpu(rx_info->beacon_silence_rssi_b) & IN_BAND_FILTER;
0249     bcn_silence_c =
0250         le32_to_cpu(rx_info->beacon_silence_rssi_c) & IN_BAND_FILTER;
0251
0252     if (bcn_silence_a) {
0253         total_silence += bcn_silence_a;
0254         num_active_rx++;
0255     }
0256     if (bcn_silence_b) {
0257         total_silence += bcn_silence_b;
0258         num_active_rx++;
0259     }
0260     if (bcn_silence_c) {
0261         total_silence += bcn_silence_c;
0262         num_active_rx++;
0263     }
0264
0265     /* Average among active antennas */
0266     if (num_active_rx)
0267         last_rx_noise = (total_silence / num_active_rx) - 107;
0268     else
0269         last_rx_noise = IWL_NOISE_MEAS_NOT_AVAILABLE;
0270
0271     IWL_DEBUG_CALIB(priv, "inband silence a %u, b %u, c %u, dBm %d\n",
0272             bcn_silence_a, bcn_silence_b, bcn_silence_c,
0273             last_rx_noise);
0274 }
0275
0276 #ifdef CONFIG_IWLWIFI_DEBUGFS
0277 /*
0278  *  based on the assumption of all statistics counter are in DWORD
0279  *  FIXME: This function is for debugging, do not deal with
0280  *  the case of counters roll-over.
0281  */
0282 static void accum_stats(__le32 *prev, __le32 *cur, __le32 *delta,
0283             __le32 *max_delta, __le32 *accum, int size)
0284 {
0285     int i;
0286
0287     for (i = 0;
0288          i < size / sizeof(__le32);
0289          i++, prev++, cur++, delta++, max_delta++, accum++) {
0290         if (le32_to_cpu(*cur) > le32_to_cpu(*prev)) {
0291             *delta = cpu_to_le32(
0292                 le32_to_cpu(*cur) - le32_to_cpu(*prev));
0293             le32_add_cpu(accum, le32_to_cpu(*delta));
0294             if (le32_to_cpu(*delta) > le32_to_cpu(*max_delta))
0295                 *max_delta = *delta;
0296         }
0297     }
0298 }
0299
0300 static void
0301 iwlagn_accumulative_statistics(struct iwl_priv *priv,
0302                 struct statistics_general_common *common,
0303                 struct statistics_rx_non_phy *rx_non_phy,
0304                 struct statistics_rx_phy *rx_ofdm,
0305                 struct statistics_rx_ht_phy *rx_ofdm_ht,
0306                 struct statistics_rx_phy *rx_cck,
0307                 struct statistics_tx *tx,
0308                 struct statistics_bt_activity *bt_activity)
0309 {
0310 #define ACCUM(_name)    \
0311     accum_stats((__le32 *)&priv->statistics._name,      \
0312             (__le32 *)_name,                \
0313             (__le32 *)&priv->delta_stats._name,     \
0314             (__le32 *)&priv->max_delta_stats._name, \
0315             (__le32 *)&priv->accum_stats._name,     \
0316             sizeof(*_name))
0317
0318     ACCUM(common);
0319     ACCUM(rx_non_phy);
0320     ACCUM(rx_ofdm);
0321     ACCUM(rx_ofdm_ht);
0322     ACCUM(rx_cck);
0323     ACCUM(tx);
0324     if (bt_activity)
0325         ACCUM(bt_activity);
0326 #undef ACCUM
0327 }
0328 #else
0329 static inline void
0330 iwlagn_accumulative_statistics(struct iwl_priv *priv,
0331                 struct statistics_general_common *common,
0332                 struct statistics_rx_non_phy *rx_non_phy,
0333                 struct statistics_rx_phy *rx_ofdm,
0334                 struct statistics_rx_ht_phy *rx_ofdm_ht,
0335                 struct statistics_rx_phy *rx_cck,
0336                 struct statistics_tx *tx,
0337                 struct statistics_bt_activity *bt_activity)
0338 {
0339 }
0340 #endif
0341
0342 static void iwlagn_rx_statistics(struct iwl_priv *priv,
0343                  struct iwl_rx_cmd_buffer *rxb)
0344 {
0345     unsigned long stamp = jiffies;
0346     const int reg_recalib_period = 60;
0347     int change;
0348     struct iwl_rx_packet *pkt = rxb_addr(rxb);
0349     u32 len = iwl_rx_packet_payload_len(pkt);
0350     __le32 *flag;
0351     struct statistics_general_common *common;
0352     struct statistics_rx_non_phy *rx_non_phy;
0353     struct statistics_rx_phy *rx_ofdm;
0354     struct statistics_rx_ht_phy *rx_ofdm_ht;
0355     struct statistics_rx_phy *rx_cck;
0356     struct statistics_tx *tx;
0357     struct statistics_bt_activity *bt_activity;
0358
0359     IWL_DEBUG_RX(priv, "Statistics notification received (%d bytes).\n",
0360              len);
0361
0362     spin_lock(&priv->statistics.lock);
0363
0364     if (len == sizeof(struct iwl_bt_notif_statistics)) {
0365         struct iwl_bt_notif_statistics *stats;
0366         stats = (void *)&pkt->data;
0367         flag = &stats->flag;
0368         common = &stats->general.common;
0369         rx_non_phy = &stats->rx.general.common;
0370         rx_ofdm = &stats->rx.ofdm;
0371         rx_ofdm_ht = &stats->rx.ofdm_ht;
0372         rx_cck = &stats->rx.cck;
0373         tx = &stats->tx;
0374         bt_activity = &stats->general.activity;
0375
0376 #ifdef CONFIG_IWLWIFI_DEBUGFS
0377         /* handle this exception directly */
0378         priv->statistics.num_bt_kills = stats->rx.general.num_bt_kills;
0379         le32_add_cpu(&priv->statistics.accum_num_bt_kills,
0380                  le32_to_cpu(stats->rx.general.num_bt_kills));
0381 #endif
0382     } else if (len == sizeof(struct iwl_notif_statistics)) {
0383         struct iwl_notif_statistics *stats;
0384         stats = (void *)&pkt->data;
0385         flag = &stats->flag;
0386         common = &stats->general.common;
0387         rx_non_phy = &stats->rx.general;
0388         rx_ofdm = &stats->rx.ofdm;
0389         rx_ofdm_ht = &stats->rx.ofdm_ht;
0390         rx_cck = &stats->rx.cck;
0391         tx = &stats->tx;
0392         bt_activity = NULL;
0393     } else {
0394         WARN_ONCE(1, "len %d doesn't match BT (%zu) or normal (%zu)\n",
0395               len, sizeof(struct iwl_bt_notif_statistics),
0396               sizeof(struct iwl_notif_statistics));
0397         spin_unlock(&priv->statistics.lock);
0398         return;
0399     }
0400
0401     change = common->temperature != priv->statistics.common.temperature ||
0402          (*flag & STATISTICS_REPLY_FLG_HT40_MODE_MSK) !=
0403          (priv->statistics.flag & STATISTICS_REPLY_FLG_HT40_MODE_MSK);
0404
0405     iwlagn_accumulative_statistics(priv, common, rx_non_phy, rx_ofdm,
0406                     rx_ofdm_ht, rx_cck, tx, bt_activity);
0407
0408     iwlagn_recover_from_statistics(priv, rx_ofdm, rx_ofdm_ht, tx, stamp);
0409
0410     priv->statistics.flag = *flag;
0411     memcpy(&priv->statistics.common, common, sizeof(*common));
0412     memcpy(&priv->statistics.rx_non_phy, rx_non_phy, sizeof(*rx_non_phy));
0413     memcpy(&priv->statistics.rx_ofdm, rx_ofdm, sizeof(*rx_ofdm));
0414     memcpy(&priv->statistics.rx_ofdm_ht, rx_ofdm_ht, sizeof(*rx_ofdm_ht));
0415     memcpy(&priv->statistics.rx_cck, rx_cck, sizeof(*rx_cck));
0416     memcpy(&priv->statistics.tx, tx, sizeof(*tx));
0417 #ifdef CONFIG_IWLWIFI_DEBUGFS
0418     if (bt_activity)
0419         memcpy(&priv->statistics.bt_activity, bt_activity,
0420             sizeof(*bt_activity));
0421 #endif
0422
0423     priv->rx_statistics_jiffies = stamp;
0424
0425     set_bit(STATUS_STATISTICS, &priv->status);
0426
0427     /* Reschedule the statistics timer to occur in
0428      * reg_recalib_period seconds to ensure we get a
0429      * thermal update even if the uCode doesn't give
0430      * us one */
0431     mod_timer(&priv->statistics_periodic, jiffies +
0432           msecs_to_jiffies(reg_recalib_period * 1000));
0433
0434     if (unlikely(!test_bit(STATUS_SCANNING, &priv->status)) &&
0435         (pkt->hdr.cmd == STATISTICS_NOTIFICATION)) {
0436         iwlagn_rx_calc_noise(priv);
0437         queue_work(priv->workqueue, &priv->run_time_calib_work);
0438     }
0439     if (priv->lib->temperature && change)
0440         priv->lib->temperature(priv);
0441
0442     spin_unlock(&priv->statistics.lock);
0443 }
0444
0445 static void iwlagn_rx_reply_statistics(struct iwl_priv *priv,
0446                        struct iwl_rx_cmd_buffer *rxb)
0447 {
0448     struct iwl_rx_packet *pkt = rxb_addr(rxb);
0449     struct iwl_notif_statistics *stats = (void *)pkt->data;
0450
0451     if (le32_to_cpu(stats->flag) & UCODE_STATISTICS_CLEAR_MSK) {
0452 #ifdef CONFIG_IWLWIFI_DEBUGFS
0453         memset(&priv->accum_stats, 0,
0454             sizeof(priv->accum_stats));
0455         memset(&priv->delta_stats, 0,
0456             sizeof(priv->delta_stats));
0457         memset(&priv->max_delta_stats, 0,
0458             sizeof(priv->max_delta_stats));
0459 #endif
0460         IWL_DEBUG_RX(priv, "Statistics have been cleared\n");
0461     }
0462
0463     iwlagn_rx_statistics(priv, rxb);
0464 }
0465
0466 /* Handle notification from uCode that card's power state is changing
0467  * due to software, hardware, or critical temperature RFKILL */
0468 static void iwlagn_rx_card_state_notif(struct iwl_priv *priv,
0469                        struct iwl_rx_cmd_buffer *rxb)
0470 {
0471     struct iwl_rx_packet *pkt = rxb_addr(rxb);
0472     struct iwl_card_state_notif *card_state_notif = (void *)pkt->data;
0473     u32 flags = le32_to_cpu(card_state_notif->flags);
0474     unsigned long status = priv->status;
0475
0476     IWL_DEBUG_RF_KILL(priv, "Card state received: HW:%s SW:%s CT:%s\n",
0477               (flags & HW_CARD_DISABLED) ? "Kill" : "On",
0478               (flags & SW_CARD_DISABLED) ? "Kill" : "On",
0479               (flags & CT_CARD_DISABLED) ?
0480               "Reached" : "Not reached");
0481
0482     if (flags & (SW_CARD_DISABLED | HW_CARD_DISABLED |
0483              CT_CARD_DISABLED)) {
0484
0485         iwl_write32(priv->trans, CSR_UCODE_DRV_GP1_SET,
0486                 CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED);
0487
0488         iwl_write_direct32(priv->trans, HBUS_TARG_MBX_C,
0489                     HBUS_TARG_MBX_C_REG_BIT_CMD_BLOCKED);
0490
0491         if (!(flags & RXON_CARD_DISABLED)) {
0492             iwl_write32(priv->trans, CSR_UCODE_DRV_GP1_CLR,
0493                     CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED);
0494             iwl_write_direct32(priv->trans, HBUS_TARG_MBX_C,
0495                     HBUS_TARG_MBX_C_REG_BIT_CMD_BLOCKED);
0496         }
0497         if (flags & CT_CARD_DISABLED)
0498             iwl_tt_enter_ct_kill(priv);
0499     }
0500     if (!(flags & CT_CARD_DISABLED))
0501         iwl_tt_exit_ct_kill(priv);
0502
0503     if (flags & HW_CARD_DISABLED)
0504         set_bit(STATUS_RF_KILL_HW, &priv->status);
0505     else
0506         clear_bit(STATUS_RF_KILL_HW, &priv->status);
0507
0508
0509     if (!(flags & RXON_CARD_DISABLED))
0510         iwl_scan_cancel(priv);
0511
0512     if ((test_bit(STATUS_RF_KILL_HW, &status) !=
0513          test_bit(STATUS_RF_KILL_HW, &priv->status)))
0514         wiphy_rfkill_set_hw_state(priv->hw->wiphy,
0515             test_bit(STATUS_RF_KILL_HW, &priv->status));
0516 }
0517
0518 static void iwlagn_rx_missed_beacon_notif(struct iwl_priv *priv,
0519                       struct iwl_rx_cmd_buffer *rxb)
0520
0521 {
0522     struct iwl_rx_packet *pkt = rxb_addr(rxb);
0523     struct iwl_missed_beacon_notif *missed_beacon = (void *)pkt->data;
0524
0525     if (le32_to_cpu(missed_beacon->consecutive_missed_beacons) >
0526         priv->missed_beacon_threshold) {
0527         IWL_DEBUG_CALIB(priv,
0528             "missed bcn cnsq %d totl %d rcd %d expctd %d\n",
0529             le32_to_cpu(missed_beacon->consecutive_missed_beacons),
0530             le32_to_cpu(missed_beacon->total_missed_becons),
0531             le32_to_cpu(missed_beacon->num_recvd_beacons),
0532             le32_to_cpu(missed_beacon->num_expected_beacons));
0533         if (!test_bit(STATUS_SCANNING, &priv->status))
0534             iwl_init_sensitivity(priv);
0535     }
0536 }
0537
0538 /* Cache phy data (Rx signal strength, etc) for HT frame (REPLY_RX_PHY_CMD).
0539  * This will be used later in iwl_rx_reply_rx() for REPLY_RX_MPDU_CMD. */
0540 static void iwlagn_rx_reply_rx_phy(struct iwl_priv *priv,
0541                    struct iwl_rx_cmd_buffer *rxb)
0542 {
0543     struct iwl_rx_packet *pkt = rxb_addr(rxb);
0544
0545     priv->last_phy_res_valid = true;
0546     priv->ampdu_ref++;
0547     memcpy(&priv->last_phy_res, pkt->data,
0548            sizeof(struct iwl_rx_phy_res));
0549 }
0550
0551 /*
0552  * returns non-zero if packet should be dropped
0553  */
0554 static int iwlagn_set_decrypted_flag(struct iwl_priv *priv,
0555                   struct ieee80211_hdr *hdr,
0556                   u32 decrypt_res,
0557                   struct ieee80211_rx_status *stats)
0558 {
0559     u16 fc = le16_to_cpu(hdr->frame_control);
0560
0561     /*
0562      * All contexts have the same setting here due to it being
0563      * a module parameter, so OK to check any context.
0564      */
0565     if (priv->contexts[IWL_RXON_CTX_BSS].active.filter_flags &
0566                         RXON_FILTER_DIS_DECRYPT_MSK)
0567         return 0;
0568
0569     if (!(fc & IEEE80211_FCTL_PROTECTED))
0570         return 0;
0571
0572     IWL_DEBUG_RX(priv, "decrypt_res:0x%x\n", decrypt_res);
0573     switch (decrypt_res & RX_RES_STATUS_SEC_TYPE_MSK) {
0574     case RX_RES_STATUS_SEC_TYPE_TKIP:
0575         /* The uCode has got a bad phase 1 Key, pushes the packet.
0576          * Decryption will be done in SW. */
0577         if ((decrypt_res & RX_RES_STATUS_DECRYPT_TYPE_MSK) ==
0578             RX_RES_STATUS_BAD_KEY_TTAK)
0579             break;
0580         fallthrough;
0581     case RX_RES_STATUS_SEC_TYPE_WEP:
0582         if ((decrypt_res & RX_RES_STATUS_DECRYPT_TYPE_MSK) ==
0583             RX_RES_STATUS_BAD_ICV_MIC) {
0584             /* bad ICV, the packet is destroyed since the
0585              * decryption is inplace, drop it */
0586             IWL_DEBUG_RX(priv, "Packet destroyed\n");
0587             return -1;
0588         }
0589         fallthrough;
0590     case RX_RES_STATUS_SEC_TYPE_CCMP:
0591         if ((decrypt_res & RX_RES_STATUS_DECRYPT_TYPE_MSK) ==
0592             RX_RES_STATUS_DECRYPT_OK) {
0593             IWL_DEBUG_RX(priv, "hw decrypt successfully!!!\n");
0594             stats->flag |= RX_FLAG_DECRYPTED;
0595         }
0596         break;
0597
0598     default:
0599         break;
0600     }
0601     return 0;
0602 }
0603
0604 static void iwlagn_pass_packet_to_mac80211(struct iwl_priv *priv,
0605                     struct ieee80211_hdr *hdr,
0606                     u16 len,
0607                     u32 ampdu_status,
0608                     struct iwl_rx_cmd_buffer *rxb,
0609                     struct ieee80211_rx_status *stats)
0610 {
0611     struct sk_buff *skb;
0612     __le16 fc = hdr->frame_control;
0613     struct iwl_rxon_context *ctx;
0614     unsigned int hdrlen, fraglen;
0615
0616     /* We only process data packets if the interface is open */
0617     if (unlikely(!priv->is_open)) {
0618         IWL_DEBUG_DROP_LIMIT(priv,
0619             "Dropping packet while interface is not open.\n");
0620         return;
0621     }
0622
0623     /* In case of HW accelerated crypto and bad decryption, drop */
0624     if (!iwlwifi_mod_params.swcrypto &&
0625         iwlagn_set_decrypted_flag(priv, hdr, ampdu_status, stats))
0626         return;
0627
0628     /* Dont use dev_alloc_skb(), we'll have enough headroom once
0629      * ieee80211_hdr pulled.
0630      */
0631     skb = alloc_skb(128, GFP_ATOMIC);
0632     if (!skb) {
0633         IWL_ERR(priv, "alloc_skb failed\n");
0634         return;
0635     }
0636     /* If frame is small enough to fit in skb->head, pull it completely.
0637      * If not, only pull ieee80211_hdr so that splice() or TCP coalesce
0638      * are more efficient.
0639      */
0640     hdrlen = (len <= skb_tailroom(skb)) ? len : sizeof(*hdr);
0641
0642     skb_put_data(skb, hdr, hdrlen);
0643     fraglen = len - hdrlen;
0644
0645     if (fraglen) {
0646         int offset = (void *)hdr + hdrlen -
0647                  rxb_addr(rxb) + rxb_offset(rxb);
0648
0649         skb_add_rx_frag(skb, 0, rxb_steal_page(rxb), offset,
0650                 fraglen, rxb->truesize);
0651     }
0652
0653     /*
0654     * Wake any queues that were stopped due to a passive channel tx
0655     * failure. This can happen because the regulatory enforcement in
0656     * the device waits for a beacon before allowing transmission,
0657     * sometimes even after already having transmitted frames for the
0658     * association because the new RXON may reset the information.
0659     */
0660     if (unlikely(ieee80211_is_beacon(fc) && priv->passive_no_rx)) {
0661         for_each_context(priv, ctx) {
0662             if (!ether_addr_equal(hdr->addr3,
0663                           ctx->active.bssid_addr))
0664                 continue;
0665             iwlagn_lift_passive_no_rx(priv);
0666         }
0667     }
0668
0669     memcpy(IEEE80211_SKB_RXCB(skb), stats, sizeof(*stats));
0670
0671     ieee80211_rx_napi(priv->hw, NULL, skb, priv->napi);
0672 }
0673
0674 static u32 iwlagn_translate_rx_status(struct iwl_priv *priv, u32 decrypt_in)
0675 {
0676     u32 decrypt_out = 0;
0677
0678     if ((decrypt_in & RX_RES_STATUS_STATION_FOUND) ==
0679                     RX_RES_STATUS_STATION_FOUND)
0680         decrypt_out |= (RX_RES_STATUS_STATION_FOUND |
0681                 RX_RES_STATUS_NO_STATION_INFO_MISMATCH);
0682
0683     decrypt_out |= (decrypt_in & RX_RES_STATUS_SEC_TYPE_MSK);
0684
0685     /* packet was not encrypted */
0686     if ((decrypt_in & RX_RES_STATUS_SEC_TYPE_MSK) ==
0687                     RX_RES_STATUS_SEC_TYPE_NONE)
0688         return decrypt_out;
0689
0690     /* packet was encrypted with unknown alg */
0691     if ((decrypt_in & RX_RES_STATUS_SEC_TYPE_MSK) ==
0692                     RX_RES_STATUS_SEC_TYPE_ERR)
0693         return decrypt_out;
0694
0695     /* decryption was not done in HW */
0696     if ((decrypt_in & RX_MPDU_RES_STATUS_DEC_DONE_MSK) !=
0697                     RX_MPDU_RES_STATUS_DEC_DONE_MSK)
0698         return decrypt_out;
0699
0700     switch (decrypt_in & RX_RES_STATUS_SEC_TYPE_MSK) {
0701
0702     case RX_RES_STATUS_SEC_TYPE_CCMP:
0703         /* alg is CCM: check MIC only */
0704         if (!(decrypt_in & RX_MPDU_RES_STATUS_MIC_OK))
0705             /* Bad MIC */
0706             decrypt_out |= RX_RES_STATUS_BAD_ICV_MIC;
0707         else
0708             decrypt_out |= RX_RES_STATUS_DECRYPT_OK;
0709
0710         break;
0711
0712     case RX_RES_STATUS_SEC_TYPE_TKIP:
0713         if (!(decrypt_in & RX_MPDU_RES_STATUS_TTAK_OK)) {
0714             /* Bad TTAK */
0715             decrypt_out |= RX_RES_STATUS_BAD_KEY_TTAK;
0716             break;
0717         }
0718         fallthrough;
0719     default:
0720         if (!(decrypt_in & RX_MPDU_RES_STATUS_ICV_OK))
0721             decrypt_out |= RX_RES_STATUS_BAD_ICV_MIC;
0722         else
0723             decrypt_out |= RX_RES_STATUS_DECRYPT_OK;
0724         break;
0725     }
0726
0727     IWL_DEBUG_RX(priv, "decrypt_in:0x%x  decrypt_out = 0x%x\n",
0728                     decrypt_in, decrypt_out);
0729
0730     return decrypt_out;
0731 }
0732
0733 /* Calc max signal level (dBm) among 3 possible receivers */
0734 static int iwlagn_calc_rssi(struct iwl_priv *priv,
0735                  struct iwl_rx_phy_res *rx_resp)
0736 {
0737     /* data from PHY/DSP regarding signal strength, etc.,
0738      *   contents are always there, not configurable by host
0739      */
0740     struct iwlagn_non_cfg_phy *ncphy =
0741         (struct iwlagn_non_cfg_phy *)rx_resp->non_cfg_phy_buf;
0742     u32 val, rssi_a, rssi_b, rssi_c, max_rssi;
0743     u8 agc;
0744
0745     val  = le32_to_cpu(ncphy->non_cfg_phy[IWLAGN_RX_RES_AGC_IDX]);
0746     agc = (val & IWLAGN_OFDM_AGC_MSK) >> IWLAGN_OFDM_AGC_BIT_POS;
0747
0748     /* Find max rssi among 3 possible receivers.
0749      * These values are measured by the digital signal processor (DSP).
0750      * They should stay fairly constant even as the signal strength varies,
0751      *   if the radio's automatic gain control (AGC) is working right.
0752      * AGC value (see below) will provide the "interesting" info.
0753      */
0754     val = le32_to_cpu(ncphy->non_cfg_phy[IWLAGN_RX_RES_RSSI_AB_IDX]);
0755     rssi_a = (val & IWLAGN_OFDM_RSSI_INBAND_A_BITMSK) >>
0756         IWLAGN_OFDM_RSSI_A_BIT_POS;
0757     rssi_b = (val & IWLAGN_OFDM_RSSI_INBAND_B_BITMSK) >>
0758         IWLAGN_OFDM_RSSI_B_BIT_POS;
0759     val = le32_to_cpu(ncphy->non_cfg_phy[IWLAGN_RX_RES_RSSI_C_IDX]);
0760     rssi_c = (val & IWLAGN_OFDM_RSSI_INBAND_C_BITMSK) >>
0761         IWLAGN_OFDM_RSSI_C_BIT_POS;
0762
0763     max_rssi = max_t(u32, rssi_a, rssi_b);
0764     max_rssi = max_t(u32, max_rssi, rssi_c);
0765
0766     IWL_DEBUG_STATS(priv, "Rssi In A %d B %d C %d Max %d AGC dB %d\n",
0767         rssi_a, rssi_b, rssi_c, max_rssi, agc);
0768
0769     /* dBm = max_rssi dB - agc dB - constant.
0770      * Higher AGC (higher radio gain) means lower signal. */
0771     return max_rssi - agc - IWLAGN_RSSI_OFFSET;
0772 }
0773
0774 /* Called for REPLY_RX_MPDU_CMD */
0775 static void iwlagn_rx_reply_rx(struct iwl_priv *priv,
0776                    struct iwl_rx_cmd_buffer *rxb)
0777 {
0778     struct ieee80211_hdr *header;
0779     struct ieee80211_rx_status rx_status = {};
0780     struct iwl_rx_packet *pkt = rxb_addr(rxb);
0781     struct iwl_rx_phy_res *phy_res;
0782     __le32 rx_pkt_status;
0783     struct iwl_rx_mpdu_res_start *amsdu;
0784     u32 len, pkt_len = iwl_rx_packet_len(pkt);
0785     u32 ampdu_status;
0786     u32 rate_n_flags;
0787
0788     if (!priv->last_phy_res_valid) {
0789         IWL_ERR(priv, "MPDU frame without cached PHY data\n");
0790         return;
0791     }
0792
0793     if (unlikely(pkt_len < sizeof(*amsdu))) {
0794         IWL_DEBUG_DROP(priv, "Bad REPLY_RX_MPDU_CMD size\n");
0795         return;
0796     }
0797
0798     phy_res = &priv->last_phy_res;
0799     amsdu = (struct iwl_rx_mpdu_res_start *)pkt->data;
0800     header = (struct ieee80211_hdr *)(pkt->data + sizeof(*amsdu));
0801     len = le16_to_cpu(amsdu->byte_count);
0802
0803     if (unlikely(len + sizeof(*amsdu) + sizeof(__le32) > pkt_len)) {
0804         IWL_DEBUG_DROP(priv, "FW lied about packet len\n");
0805         return;
0806     }
0807
0808     rx_pkt_status = *(__le32 *)(pkt->data + sizeof(*amsdu) + len);
0809     ampdu_status = iwlagn_translate_rx_status(priv,
0810                           le32_to_cpu(rx_pkt_status));
0811
0812     if ((unlikely(phy_res->cfg_phy_cnt > 20))) {
0813         IWL_DEBUG_DROP(priv, "dsp size out of range [0,20]: %d\n",
0814                 phy_res->cfg_phy_cnt);
0815         return;
0816     }
0817
0818     if (!(rx_pkt_status & RX_RES_STATUS_NO_CRC32_ERROR) ||
0819         !(rx_pkt_status & RX_RES_STATUS_NO_RXE_OVERFLOW)) {
0820         IWL_DEBUG_RX(priv, "Bad CRC or FIFO: 0x%08X.\n",
0821                 le32_to_cpu(rx_pkt_status));
0822         return;
0823     }
0824
0825     /* This will be used in several places later */
0826     rate_n_flags = le32_to_cpu(phy_res->rate_n_flags);
0827
0828     /* rx_status carries information about the packet to mac80211 */
0829     rx_status.mactime = le64_to_cpu(phy_res->timestamp);
0830     rx_status.band = (phy_res->phy_flags & RX_RES_PHY_FLAGS_BAND_24_MSK) ?
0831                 NL80211_BAND_2GHZ : NL80211_BAND_5GHZ;
0832     rx_status.freq =
0833         ieee80211_channel_to_frequency(le16_to_cpu(phy_res->channel),
0834                            rx_status.band);
0835     rx_status.rate_idx =
0836         iwlagn_hwrate_to_mac80211_idx(rate_n_flags, rx_status.band);
0837     rx_status.flag = 0;
0838
0839     /* TSF isn't reliable. In order to allow smooth user experience,
0840      * this W/A doesn't propagate it to the mac80211 */
0841     /*rx_status.flag |= RX_FLAG_MACTIME_START;*/
0842
0843     priv->ucode_beacon_time = le32_to_cpu(phy_res->beacon_time_stamp);
0844
0845     /* Find max signal strength (dBm) among 3 antenna/receiver chains */
0846     rx_status.signal = iwlagn_calc_rssi(priv, phy_res);
0847
0848     IWL_DEBUG_STATS_LIMIT(priv, "Rssi %d, TSF %llu\n",
0849         rx_status.signal, (unsigned long long)rx_status.mactime);
0850
0851     /*
0852      * "antenna number"
0853      *
0854      * It seems that the antenna field in the phy flags value
0855      * is actually a bit field. This is undefined by radiotap,
0856      * it wants an actual antenna number but I always get "7"
0857      * for most legacy frames I receive indicating that the
0858      * same frame was received on all three RX chains.
0859      *
0860      * I think this field should be removed in favor of a
0861      * new 802.11n radiotap field "RX chains" that is defined
0862      * as a bitmask.
0863      */
0864     rx_status.antenna =
0865         (le16_to_cpu(phy_res->phy_flags) & RX_RES_PHY_FLAGS_ANTENNA_MSK)
0866         >> RX_RES_PHY_FLAGS_ANTENNA_POS;
0867
0868     /* set the preamble flag if appropriate */
0869     if (phy_res->phy_flags & RX_RES_PHY_FLAGS_SHORT_PREAMBLE_MSK)
0870         rx_status.enc_flags |= RX_ENC_FLAG_SHORTPRE;
0871
0872     if (phy_res->phy_flags & RX_RES_PHY_FLAGS_AGG_MSK) {
0873         /*
0874          * We know which subframes of an A-MPDU belong
0875          * together since we get a single PHY response
0876          * from the firmware for all of them
0877          */
0878         rx_status.flag |= RX_FLAG_AMPDU_DETAILS;
0879         rx_status.ampdu_reference = priv->ampdu_ref;
0880     }
0881
0882     /* Set up the HT phy flags */
0883     if (rate_n_flags & RATE_MCS_HT_MSK)
0884         rx_status.encoding = RX_ENC_HT;
0885     if (rate_n_flags & RATE_MCS_HT40_MSK)
0886         rx_status.bw = RATE_INFO_BW_40;
0887     else
0888         rx_status.bw = RATE_INFO_BW_20;
0889     if (rate_n_flags & RATE_MCS_SGI_MSK)
0890         rx_status.enc_flags |= RX_ENC_FLAG_SHORT_GI;
0891     if (rate_n_flags & RATE_MCS_GF_MSK)
0892         rx_status.enc_flags |= RX_ENC_FLAG_HT_GF;
0893
0894     iwlagn_pass_packet_to_mac80211(priv, header, len, ampdu_status,
0895                     rxb, &rx_status);
0896 }
0897
0898 static void iwlagn_rx_noa_notification(struct iwl_priv *priv,
0899                        struct iwl_rx_cmd_buffer *rxb)
0900 {
0901     struct iwl_wipan_noa_data *new_data, *old_data;
0902     struct iwl_rx_packet *pkt = rxb_addr(rxb);
0903     struct iwl_wipan_noa_notification *noa_notif = (void *)pkt->data;
0904
0905     /* no condition -- we're in softirq */
0906     old_data = rcu_dereference_protected(priv->noa_data, true);
0907
0908     if (noa_notif->noa_active) {
0909         u32 len = le16_to_cpu(noa_notif->noa_attribute.length);
0910         u32 copylen = len;
0911
0912         /* EID, len, OUI, subtype */
0913         len += 1 + 1 + 3 + 1;
0914         /* P2P id, P2P length */
0915         len += 1 + 2;
0916         copylen += 1 + 2;
0917
0918         new_data = kmalloc(struct_size(new_data, data, len), GFP_ATOMIC);
0919         if (new_data) {
0920             new_data->length = len;
0921             new_data->data[0] = WLAN_EID_VENDOR_SPECIFIC;
0922             new_data->data[1] = len - 2; /* not counting EID, len */
0923             new_data->data[2] = (WLAN_OUI_WFA >> 16) & 0xff;
0924             new_data->data[3] = (WLAN_OUI_WFA >> 8) & 0xff;
0925             new_data->data[4] = (WLAN_OUI_WFA >> 0) & 0xff;
0926             new_data->data[5] = WLAN_OUI_TYPE_WFA_P2P;
0927             memcpy(&new_data->data[6], &noa_notif->noa_attribute,
0928                    copylen);
0929         }
0930     } else
0931         new_data = NULL;
0932
0933     rcu_assign_pointer(priv->noa_data, new_data);
0934
0935     if (old_data)
0936         kfree_rcu(old_data, rcu_head);
0937 }
0938
0939 /*
0940  * iwl_setup_rx_handlers - Initialize Rx handler callbacks
0941  *
0942  * Setup the RX handlers for each of the reply types sent from the uCode
0943  * to the host.
0944  */
0945 void iwl_setup_rx_handlers(struct iwl_priv *priv)
0946 {
0947     void (**handlers)(struct iwl_priv *priv, struct iwl_rx_cmd_buffer *rxb);
0948
0949     handlers = priv->rx_handlers;
0950
0951     handlers[REPLY_ERROR]           = iwlagn_rx_reply_error;
0952     handlers[CHANNEL_SWITCH_NOTIFICATION]   = iwlagn_rx_csa;
0953     handlers[SPECTRUM_MEASURE_NOTIFICATION] =
0954         iwlagn_rx_spectrum_measure_notif;
0955     handlers[PM_SLEEP_NOTIFICATION]     = iwlagn_rx_pm_sleep_notif;
0956     handlers[PM_DEBUG_STATISTIC_NOTIFIC]    =
0957         iwlagn_rx_pm_debug_statistics_notif;
0958     handlers[BEACON_NOTIFICATION]       = iwlagn_rx_beacon_notif;
0959     handlers[REPLY_ADD_STA]         = iwl_add_sta_callback;
0960
0961     handlers[REPLY_WIPAN_NOA_NOTIFICATION]  = iwlagn_rx_noa_notification;
0962
0963     /*
0964      * The same handler is used for both the REPLY to a discrete
0965      * statistics request from the host as well as for the periodic
0966      * statistics notifications (after received beacons) from the uCode.
0967      */
0968     handlers[REPLY_STATISTICS_CMD]      = iwlagn_rx_reply_statistics;
0969     handlers[STATISTICS_NOTIFICATION]   = iwlagn_rx_statistics;
0970
0971     iwl_setup_rx_scan_handlers(priv);
0972
0973     handlers[CARD_STATE_NOTIFICATION]   = iwlagn_rx_card_state_notif;
0974     handlers[MISSED_BEACONS_NOTIFICATION]   =
0975         iwlagn_rx_missed_beacon_notif;
0976
0977     /* Rx handlers */
0978     handlers[REPLY_RX_PHY_CMD]      = iwlagn_rx_reply_rx_phy;
0979     handlers[REPLY_RX_MPDU_CMD]     = iwlagn_rx_reply_rx;
0980
0981     /* block ack */
0982     handlers[REPLY_COMPRESSED_BA]       =
0983         iwlagn_rx_reply_compressed_ba;
0984
0985     priv->rx_handlers[REPLY_TX] = iwlagn_rx_reply_tx;
0986
0987     /* set up notification wait support */
0988     iwl_notification_wait_init(&priv->notif_wait);
0989
0990     /* Set up BT Rx handlers */
0991     if (priv->lib->bt_params)
0992         iwlagn_bt_rx_handler_setup(priv);
0993 }
0994
0995 void iwl_rx_dispatch(struct iwl_op_mode *op_mode, struct napi_struct *napi,
0996              struct iwl_rx_cmd_buffer *rxb)
0997 {
0998     struct iwl_rx_packet *pkt = rxb_addr(rxb);
0999     struct iwl_priv *priv = IWL_OP_MODE_GET_DVM(op_mode);
1000
1001     /*
1002      * Do the notification wait before RX handlers so
1003      * even if the RX handler consumes the RXB we have
1004      * access to it in the notification wait entry.
1005      */
1006     iwl_notification_wait_notify(&priv->notif_wait, pkt);
1007
1008     /* Based on type of command response or notification,
1009      *   handle those that need handling via function in
1010      *   rx_handlers table.  See iwl_setup_rx_handlers() */
1011     if (priv->rx_handlers[pkt->hdr.cmd]) {
1012         priv->rx_handlers_stats[pkt->hdr.cmd]++;
1013         priv->rx_handlers[pkt->hdr.cmd](priv, rxb);
1014     } else {
1015         /* No handling needed */
1016         IWL_DEBUG_RX(priv, "No handler needed for %s, 0x%02x\n",
1017                  iwl_get_cmd_string(priv->trans,
1018                         WIDE_ID(0, pkt->hdr.cmd)),
1019                  pkt->hdr.cmd);
1020     }
1021 }