iwlwifi/dvm/tx.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /******************************************************************************
0003  *
0004  * Copyright(c) 2008 - 2014 Intel Corporation. All rights reserved.
0005  * Copyright (C) 2019 Intel Corporation
0006  *****************************************************************************/
0007
0008 #include <linux/kernel.h>
0009 #include <linux/module.h>
0010 #include <linux/sched.h>
0011 #include <linux/ieee80211.h>
0012 #include "iwl-io.h"
0013 #include "iwl-trans.h"
0014 #include "iwl-agn-hw.h"
0015 #include "dev.h"
0016 #include "agn.h"
0017
0018 static const u8 tid_to_ac[] = {
0019     IEEE80211_AC_BE,
0020     IEEE80211_AC_BK,
0021     IEEE80211_AC_BK,
0022     IEEE80211_AC_BE,
0023     IEEE80211_AC_VI,
0024     IEEE80211_AC_VI,
0025     IEEE80211_AC_VO,
0026     IEEE80211_AC_VO,
0027 };
0028
0029 static void iwlagn_tx_cmd_protection(struct iwl_priv *priv,
0030                      struct ieee80211_tx_info *info,
0031                      __le16 fc, __le32 *tx_flags)
0032 {
0033     if (info->control.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS ||
0034         info->control.rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT ||
0035         info->flags & IEEE80211_TX_CTL_AMPDU)
0036         *tx_flags |= TX_CMD_FLG_PROT_REQUIRE_MSK;
0037 }
0038
0039 /*
0040  * handle build REPLY_TX command notification.
0041  */
0042 static void iwlagn_tx_cmd_build_basic(struct iwl_priv *priv,
0043                       struct sk_buff *skb,
0044                       struct iwl_tx_cmd *tx_cmd,
0045                       struct ieee80211_tx_info *info,
0046                       struct ieee80211_hdr *hdr, u8 sta_id)
0047 {
0048     __le16 fc = hdr->frame_control;
0049     __le32 tx_flags = tx_cmd->tx_flags;
0050
0051     tx_cmd->stop_time.life_time = TX_CMD_LIFE_TIME_INFINITE;
0052
0053     if (!(info->flags & IEEE80211_TX_CTL_NO_ACK))
0054         tx_flags |= TX_CMD_FLG_ACK_MSK;
0055     else
0056         tx_flags &= ~TX_CMD_FLG_ACK_MSK;
0057
0058     if (ieee80211_is_probe_resp(fc))
0059         tx_flags |= TX_CMD_FLG_TSF_MSK;
0060     else if (ieee80211_is_back_req(fc))
0061         tx_flags |= TX_CMD_FLG_ACK_MSK | TX_CMD_FLG_IMM_BA_RSP_MASK;
0062     else if (info->band == NL80211_BAND_2GHZ &&
0063          priv->lib->bt_params &&
0064          priv->lib->bt_params->advanced_bt_coexist &&
0065          (ieee80211_is_auth(fc) || ieee80211_is_assoc_req(fc) ||
0066          ieee80211_is_reassoc_req(fc) ||
0067          info->control.flags & IEEE80211_TX_CTRL_PORT_CTRL_PROTO))
0068         tx_flags |= TX_CMD_FLG_IGNORE_BT;
0069
0070
0071     tx_cmd->sta_id = sta_id;
0072     if (ieee80211_has_morefrags(fc))
0073         tx_flags |= TX_CMD_FLG_MORE_FRAG_MSK;
0074
0075     if (ieee80211_is_data_qos(fc)) {
0076         u8 *qc = ieee80211_get_qos_ctl(hdr);
0077         tx_cmd->tid_tspec = qc[0] & 0xf;
0078         tx_flags &= ~TX_CMD_FLG_SEQ_CTL_MSK;
0079     } else {
0080         tx_cmd->tid_tspec = IWL_TID_NON_QOS;
0081         if (info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ)
0082             tx_flags |= TX_CMD_FLG_SEQ_CTL_MSK;
0083         else
0084             tx_flags &= ~TX_CMD_FLG_SEQ_CTL_MSK;
0085     }
0086
0087     iwlagn_tx_cmd_protection(priv, info, fc, &tx_flags);
0088
0089     tx_flags &= ~(TX_CMD_FLG_ANT_SEL_MSK);
0090     if (ieee80211_is_mgmt(fc)) {
0091         if (ieee80211_is_assoc_req(fc) || ieee80211_is_reassoc_req(fc))
0092             tx_cmd->timeout.pm_frame_timeout = cpu_to_le16(3);
0093         else
0094             tx_cmd->timeout.pm_frame_timeout = cpu_to_le16(2);
0095     } else {
0096         tx_cmd->timeout.pm_frame_timeout = 0;
0097     }
0098
0099     tx_cmd->driver_txop = 0;
0100     tx_cmd->tx_flags = tx_flags;
0101     tx_cmd->next_frame_len = 0;
0102 }
0103
0104 static void iwlagn_tx_cmd_build_rate(struct iwl_priv *priv,
0105                      struct iwl_tx_cmd *tx_cmd,
0106                      struct ieee80211_tx_info *info,
0107                      struct ieee80211_sta *sta,
0108                      __le16 fc)
0109 {
0110     u32 rate_flags;
0111     int rate_idx;
0112     u8 rts_retry_limit;
0113     u8 data_retry_limit;
0114     u8 rate_plcp;
0115
0116     if (priv->wowlan) {
0117         rts_retry_limit = IWLAGN_LOW_RETRY_LIMIT;
0118         data_retry_limit = IWLAGN_LOW_RETRY_LIMIT;
0119     } else {
0120         /* Set retry limit on RTS packets */
0121         rts_retry_limit = IWLAGN_RTS_DFAULT_RETRY_LIMIT;
0122
0123         /* Set retry limit on DATA packets and Probe Responses*/
0124         if (ieee80211_is_probe_resp(fc)) {
0125             data_retry_limit = IWLAGN_MGMT_DFAULT_RETRY_LIMIT;
0126             rts_retry_limit =
0127                 min(data_retry_limit, rts_retry_limit);
0128         } else if (ieee80211_is_back_req(fc))
0129             data_retry_limit = IWLAGN_BAR_DFAULT_RETRY_LIMIT;
0130         else
0131             data_retry_limit = IWLAGN_DEFAULT_TX_RETRY;
0132     }
0133
0134     tx_cmd->data_retry_limit = data_retry_limit;
0135     tx_cmd->rts_retry_limit = rts_retry_limit;
0136
0137     /* DATA packets will use the uCode station table for rate/antenna
0138      * selection */
0139     if (ieee80211_is_data(fc)) {
0140         tx_cmd->initial_rate_index = 0;
0141         tx_cmd->tx_flags |= TX_CMD_FLG_STA_RATE_MSK;
0142         return;
0143     } else if (ieee80211_is_back_req(fc))
0144         tx_cmd->tx_flags |= TX_CMD_FLG_STA_RATE_MSK;
0145
0146     /**
0147      * If the current TX rate stored in mac80211 has the MCS bit set, it's
0148      * not really a TX rate.  Thus, we use the lowest supported rate for
0149      * this band.  Also use the lowest supported rate if the stored rate
0150      * index is invalid.
0151      */
0152     rate_idx = info->control.rates[0].idx;
0153     if (info->control.rates[0].flags & IEEE80211_TX_RC_MCS ||
0154             (rate_idx < 0) || (rate_idx > IWL_RATE_COUNT_LEGACY))
0155         rate_idx = rate_lowest_index(
0156                 &priv->nvm_data->bands[info->band], sta);
0157     /* For 5 GHZ band, remap mac80211 rate indices into driver indices */
0158     if (info->band == NL80211_BAND_5GHZ)
0159         rate_idx += IWL_FIRST_OFDM_RATE;
0160     /* Get PLCP rate for tx_cmd->rate_n_flags */
0161     rate_plcp = iwl_rates[rate_idx].plcp;
0162     /* Zero out flags for this packet */
0163     rate_flags = 0;
0164
0165     /* Set CCK flag as needed */
0166     if ((rate_idx >= IWL_FIRST_CCK_RATE) && (rate_idx <= IWL_LAST_CCK_RATE))
0167         rate_flags |= RATE_MCS_CCK_MSK;
0168
0169     /* Set up antennas */
0170     if (priv->lib->bt_params &&
0171         priv->lib->bt_params->advanced_bt_coexist &&
0172         priv->bt_full_concurrent) {
0173         /* operated as 1x1 in full concurrency mode */
0174         priv->mgmt_tx_ant = iwl_toggle_tx_ant(priv, priv->mgmt_tx_ant,
0175                 first_antenna(priv->nvm_data->valid_tx_ant));
0176     } else
0177         priv->mgmt_tx_ant = iwl_toggle_tx_ant(
0178                     priv, priv->mgmt_tx_ant,
0179                     priv->nvm_data->valid_tx_ant);
0180     rate_flags |= iwl_ant_idx_to_flags(priv->mgmt_tx_ant);
0181
0182     /* Set the rate in the TX cmd */
0183     tx_cmd->rate_n_flags = iwl_hw_set_rate_n_flags(rate_plcp, rate_flags);
0184 }
0185
0186 static void iwlagn_tx_cmd_build_hwcrypto(struct iwl_priv *priv,
0187                      struct ieee80211_tx_info *info,
0188                      struct iwl_tx_cmd *tx_cmd,
0189                      struct sk_buff *skb_frag)
0190 {
0191     struct ieee80211_key_conf *keyconf = info->control.hw_key;
0192
0193     switch (keyconf->cipher) {
0194     case WLAN_CIPHER_SUITE_CCMP:
0195         tx_cmd->sec_ctl = TX_CMD_SEC_CCM;
0196         memcpy(tx_cmd->key, keyconf->key, keyconf->keylen);
0197         if (info->flags & IEEE80211_TX_CTL_AMPDU)
0198             tx_cmd->tx_flags |= TX_CMD_FLG_AGG_CCMP_MSK;
0199         break;
0200
0201     case WLAN_CIPHER_SUITE_TKIP:
0202         tx_cmd->sec_ctl = TX_CMD_SEC_TKIP;
0203         ieee80211_get_tkip_p2k(keyconf, skb_frag, tx_cmd->key);
0204         break;
0205
0206     case WLAN_CIPHER_SUITE_WEP104:
0207         tx_cmd->sec_ctl |= TX_CMD_SEC_KEY128;
0208         fallthrough;
0209     case WLAN_CIPHER_SUITE_WEP40:
0210         tx_cmd->sec_ctl |= (TX_CMD_SEC_WEP |
0211             (keyconf->keyidx & TX_CMD_SEC_MSK) << TX_CMD_SEC_SHIFT);
0212
0213         memcpy(&tx_cmd->key[3], keyconf->key, keyconf->keylen);
0214
0215         IWL_DEBUG_TX(priv, "Configuring packet for WEP encryption "
0216                  "with key %d\n", keyconf->keyidx);
0217         break;
0218
0219     default:
0220         IWL_ERR(priv, "Unknown encode cipher %x\n", keyconf->cipher);
0221         break;
0222     }
0223 }
0224
0225 /**
0226  * iwl_sta_id_or_broadcast - return sta_id or broadcast sta
0227  * @context: the current context
0228  * @sta: mac80211 station
0229  *
0230  * In certain circumstances mac80211 passes a station pointer
0231  * that may be %NULL, for example during TX or key setup. In
0232  * that case, we need to use the broadcast station, so this
0233  * inline wraps that pattern.
0234  */
0235 static int iwl_sta_id_or_broadcast(struct iwl_rxon_context *context,
0236                    struct ieee80211_sta *sta)
0237 {
0238     int sta_id;
0239
0240     if (!sta)
0241         return context->bcast_sta_id;
0242
0243     sta_id = iwl_sta_id(sta);
0244
0245     /*
0246      * mac80211 should not be passing a partially
0247      * initialised station!
0248      */
0249     WARN_ON(sta_id == IWL_INVALID_STATION);
0250
0251     return sta_id;
0252 }
0253
0254 /*
0255  * start REPLY_TX command process
0256  */
0257 int iwlagn_tx_skb(struct iwl_priv *priv,
0258           struct ieee80211_sta *sta,
0259           struct sk_buff *skb)
0260 {
0261     struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
0262     struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
0263     struct iwl_station_priv *sta_priv = NULL;
0264     struct iwl_rxon_context *ctx = &priv->contexts[IWL_RXON_CTX_BSS];
0265     struct iwl_device_tx_cmd *dev_cmd;
0266     struct iwl_tx_cmd *tx_cmd;
0267     __le16 fc;
0268     u8 hdr_len;
0269     u16 len, seq_number = 0;
0270     u8 sta_id, tid = IWL_MAX_TID_COUNT;
0271     bool is_agg = false, is_data_qos = false;
0272     int txq_id;
0273
0274     if (info->control.vif)
0275         ctx = iwl_rxon_ctx_from_vif(info->control.vif);
0276
0277     if (iwl_is_rfkill(priv)) {
0278         IWL_DEBUG_DROP(priv, "Dropping - RF KILL\n");
0279         goto drop_unlock_priv;
0280     }
0281
0282     fc = hdr->frame_control;
0283
0284 #ifdef CONFIG_IWLWIFI_DEBUG
0285     if (ieee80211_is_auth(fc))
0286         IWL_DEBUG_TX(priv, "Sending AUTH frame\n");
0287     else if (ieee80211_is_assoc_req(fc))
0288         IWL_DEBUG_TX(priv, "Sending ASSOC frame\n");
0289     else if (ieee80211_is_reassoc_req(fc))
0290         IWL_DEBUG_TX(priv, "Sending REASSOC frame\n");
0291 #endif
0292
0293     if (unlikely(ieee80211_is_probe_resp(fc))) {
0294         struct iwl_wipan_noa_data *noa_data =
0295             rcu_dereference(priv->noa_data);
0296
0297         if (noa_data &&
0298             pskb_expand_head(skb, 0, noa_data->length,
0299                      GFP_ATOMIC) == 0) {
0300             skb_put_data(skb, noa_data->data, noa_data->length);
0301             hdr = (struct ieee80211_hdr *)skb->data;
0302         }
0303     }
0304
0305     hdr_len = ieee80211_hdrlen(fc);
0306
0307     /* For management frames use broadcast id to do not break aggregation */
0308     if (!ieee80211_is_data(fc))
0309         sta_id = ctx->bcast_sta_id;
0310     else {
0311         /* Find index into station table for destination station */
0312         sta_id = iwl_sta_id_or_broadcast(ctx, sta);
0313         if (sta_id == IWL_INVALID_STATION) {
0314             IWL_DEBUG_DROP(priv, "Dropping - INVALID STATION: %pM\n",
0315                        hdr->addr1);
0316             goto drop_unlock_priv;
0317         }
0318     }
0319
0320     if (sta)
0321         sta_priv = (void *)sta->drv_priv;
0322
0323     if (sta_priv && sta_priv->asleep &&
0324         (info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER)) {
0325         /*
0326          * This sends an asynchronous command to the device,
0327          * but we can rely on it being processed before the
0328          * next frame is processed -- and the next frame to
0329          * this station is the one that will consume this
0330          * counter.
0331          * For now set the counter to just 1 since we do not
0332          * support uAPSD yet.
0333          *
0334          * FIXME: If we get two non-bufferable frames one
0335          * after the other, we might only send out one of
0336          * them because this is racy.
0337          */
0338         iwl_sta_modify_sleep_tx_count(priv, sta_id, 1);
0339     }
0340
0341     dev_cmd = iwl_trans_alloc_tx_cmd(priv->trans);
0342
0343     if (unlikely(!dev_cmd))
0344         goto drop_unlock_priv;
0345
0346     dev_cmd->hdr.cmd = REPLY_TX;
0347     tx_cmd = (struct iwl_tx_cmd *) dev_cmd->payload;
0348
0349     /* Total # bytes to be transmitted */
0350     len = (u16)skb->len;
0351     tx_cmd->len = cpu_to_le16(len);
0352
0353     if (info->control.hw_key)
0354         iwlagn_tx_cmd_build_hwcrypto(priv, info, tx_cmd, skb);
0355
0356     /* TODO need this for burst mode later on */
0357     iwlagn_tx_cmd_build_basic(priv, skb, tx_cmd, info, hdr, sta_id);
0358
0359     iwlagn_tx_cmd_build_rate(priv, tx_cmd, info, sta, fc);
0360
0361     memset(&info->status, 0, sizeof(info->status));
0362     memset(info->driver_data, 0, sizeof(info->driver_data));
0363
0364     info->driver_data[0] = ctx;
0365     info->driver_data[1] = dev_cmd;
0366     /* From now on, we cannot access info->control */
0367
0368     spin_lock(&priv->sta_lock);
0369
0370     if (ieee80211_is_data_qos(fc) && !ieee80211_is_qos_nullfunc(fc)) {
0371         u8 *qc = NULL;
0372         struct iwl_tid_data *tid_data;
0373         qc = ieee80211_get_qos_ctl(hdr);
0374         tid = qc[0] & IEEE80211_QOS_CTL_TID_MASK;
0375         if (WARN_ON_ONCE(tid >= IWL_MAX_TID_COUNT))
0376             goto drop_unlock_sta;
0377         tid_data = &priv->tid_data[sta_id][tid];
0378
0379         /* aggregation is on for this <sta,tid> */
0380         if (info->flags & IEEE80211_TX_CTL_AMPDU &&
0381             tid_data->agg.state != IWL_AGG_ON) {
0382             IWL_ERR(priv,
0383                 "TX_CTL_AMPDU while not in AGG: Tx flags = 0x%08x, agg.state = %d\n",
0384                 info->flags, tid_data->agg.state);
0385             IWL_ERR(priv, "sta_id = %d, tid = %d seq_num = %d\n",
0386                 sta_id, tid,
0387                 IEEE80211_SEQ_TO_SN(tid_data->seq_number));
0388             goto drop_unlock_sta;
0389         }
0390
0391         /* We can receive packets from the stack in IWL_AGG_{ON,OFF}
0392          * only. Check this here.
0393          */
0394         if (WARN_ONCE(tid_data->agg.state != IWL_AGG_ON &&
0395                   tid_data->agg.state != IWL_AGG_OFF,
0396                   "Tx while agg.state = %d\n", tid_data->agg.state))
0397             goto drop_unlock_sta;
0398
0399         seq_number = tid_data->seq_number;
0400         seq_number &= IEEE80211_SCTL_SEQ;
0401         hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG);
0402         hdr->seq_ctrl |= cpu_to_le16(seq_number);
0403         seq_number += 0x10;
0404
0405         if (info->flags & IEEE80211_TX_CTL_AMPDU)
0406             is_agg = true;
0407         is_data_qos = true;
0408     }
0409
0410     /* Copy MAC header from skb into command buffer */
0411     memcpy(tx_cmd->hdr, hdr, hdr_len);
0412
0413     txq_id = info->hw_queue;
0414
0415     if (is_agg)
0416         txq_id = priv->tid_data[sta_id][tid].agg.txq_id;
0417     else if (info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM) {
0418         /*
0419          * The microcode will clear the more data
0420          * bit in the last frame it transmits.
0421          */
0422         hdr->frame_control |=
0423             cpu_to_le16(IEEE80211_FCTL_MOREDATA);
0424     }
0425
0426     WARN_ON_ONCE(is_agg &&
0427              priv->queue_to_mac80211[txq_id] != info->hw_queue);
0428
0429     IWL_DEBUG_TX(priv, "TX to [%d|%d] Q:%d - seq: 0x%x\n", sta_id, tid,
0430              txq_id, seq_number);
0431
0432     if (iwl_trans_tx(priv->trans, skb, dev_cmd, txq_id))
0433         goto drop_unlock_sta;
0434
0435     if (is_data_qos && !ieee80211_has_morefrags(fc))
0436         priv->tid_data[sta_id][tid].seq_number = seq_number;
0437
0438     spin_unlock(&priv->sta_lock);
0439
0440     /*
0441      * Avoid atomic ops if it isn't an associated client.
0442      * Also, if this is a packet for aggregation, don't
0443      * increase the counter because the ucode will stop
0444      * aggregation queues when their respective station
0445      * goes to sleep.
0446      */
0447     if (sta_priv && sta_priv->client && !is_agg)
0448         atomic_inc(&sta_priv->pending_frames);
0449
0450     return 0;
0451
0452 drop_unlock_sta:
0453     if (dev_cmd)
0454         iwl_trans_free_tx_cmd(priv->trans, dev_cmd);
0455     spin_unlock(&priv->sta_lock);
0456 drop_unlock_priv:
0457     return -1;
0458 }
0459
0460 static int iwlagn_alloc_agg_txq(struct iwl_priv *priv, int mq)
0461 {
0462     int q;
0463
0464     for (q = IWLAGN_FIRST_AMPDU_QUEUE;
0465          q < priv->trans->trans_cfg->base_params->num_of_queues; q++) {
0466         if (!test_and_set_bit(q, priv->agg_q_alloc)) {
0467             priv->queue_to_mac80211[q] = mq;
0468             return q;
0469         }
0470     }
0471
0472     return -ENOSPC;
0473 }
0474
0475 static void iwlagn_dealloc_agg_txq(struct iwl_priv *priv, int q)
0476 {
0477     clear_bit(q, priv->agg_q_alloc);
0478     priv->queue_to_mac80211[q] = IWL_INVALID_MAC80211_QUEUE;
0479 }
0480
0481 int iwlagn_tx_agg_stop(struct iwl_priv *priv, struct ieee80211_vif *vif,
0482             struct ieee80211_sta *sta, u16 tid)
0483 {
0484     struct iwl_tid_data *tid_data;
0485     int sta_id, txq_id;
0486     enum iwl_agg_state agg_state;
0487
0488     sta_id = iwl_sta_id(sta);
0489
0490     if (sta_id == IWL_INVALID_STATION) {
0491         IWL_ERR(priv, "Invalid station for AGG tid %d\n", tid);
0492         return -ENXIO;
0493     }
0494
0495     spin_lock_bh(&priv->sta_lock);
0496
0497     tid_data = &priv->tid_data[sta_id][tid];
0498     txq_id = tid_data->agg.txq_id;
0499
0500     switch (tid_data->agg.state) {
0501     case IWL_EMPTYING_HW_QUEUE_ADDBA:
0502         /*
0503         * This can happen if the peer stops aggregation
0504         * again before we've had a chance to drain the
0505         * queue we selected previously, i.e. before the
0506         * session was really started completely.
0507         */
0508         IWL_DEBUG_HT(priv, "AGG stop before setup done\n");
0509         goto turn_off;
0510     case IWL_AGG_STARTING:
0511         /*
0512          * This can happen when the session is stopped before
0513          * we receive ADDBA response
0514          */
0515         IWL_DEBUG_HT(priv, "AGG stop before AGG became operational\n");
0516         goto turn_off;
0517     case IWL_AGG_ON:
0518         break;
0519     default:
0520         IWL_WARN(priv,
0521              "Stopping AGG while state not ON or starting for %d on %d (%d)\n",
0522              sta_id, tid, tid_data->agg.state);
0523         spin_unlock_bh(&priv->sta_lock);
0524         return 0;
0525     }
0526
0527     tid_data->agg.ssn = IEEE80211_SEQ_TO_SN(tid_data->seq_number);
0528
0529     /* There are still packets for this RA / TID in the HW */
0530     if (!test_bit(txq_id, priv->agg_q_alloc)) {
0531         IWL_DEBUG_TX_QUEUES(priv,
0532             "stopping AGG on STA/TID %d/%d but hwq %d not used\n",
0533             sta_id, tid, txq_id);
0534     } else if (tid_data->agg.ssn != tid_data->next_reclaimed) {
0535         IWL_DEBUG_TX_QUEUES(priv,
0536                     "Can't proceed: ssn %d, next_recl = %d\n",
0537                     tid_data->agg.ssn,
0538                     tid_data->next_reclaimed);
0539         tid_data->agg.state = IWL_EMPTYING_HW_QUEUE_DELBA;
0540         spin_unlock_bh(&priv->sta_lock);
0541         return 0;
0542     }
0543
0544     IWL_DEBUG_TX_QUEUES(priv, "Can proceed: ssn = next_recl = %d\n",
0545                 tid_data->agg.ssn);
0546 turn_off:
0547     agg_state = tid_data->agg.state;
0548     tid_data->agg.state = IWL_AGG_OFF;
0549
0550     spin_unlock_bh(&priv->sta_lock);
0551
0552     if (test_bit(txq_id, priv->agg_q_alloc)) {
0553         /*
0554          * If the transport didn't know that we wanted to start
0555          * agreggation, don't tell it that we want to stop them.
0556          * This can happen when we don't get the addBA response on
0557          * time, or we hadn't time to drain the AC queues.
0558          */
0559         if (agg_state == IWL_AGG_ON)
0560             iwl_trans_txq_disable(priv->trans, txq_id, true);
0561         else
0562             IWL_DEBUG_TX_QUEUES(priv, "Don't disable tx agg: %d\n",
0563                         agg_state);
0564         iwlagn_dealloc_agg_txq(priv, txq_id);
0565     }
0566
0567     ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid);
0568
0569     return 0;
0570 }
0571
0572 int iwlagn_tx_agg_start(struct iwl_priv *priv, struct ieee80211_vif *vif,
0573             struct ieee80211_sta *sta, u16 tid, u16 *ssn)
0574 {
0575     struct iwl_rxon_context *ctx = iwl_rxon_ctx_from_vif(vif);
0576     struct iwl_tid_data *tid_data;
0577     int sta_id, txq_id, ret;
0578
0579     IWL_DEBUG_HT(priv, "TX AGG request on ra = %pM tid = %d\n",
0580              sta->addr, tid);
0581
0582     sta_id = iwl_sta_id(sta);
0583     if (sta_id == IWL_INVALID_STATION) {
0584         IWL_ERR(priv, "Start AGG on invalid station\n");
0585         return -ENXIO;
0586     }
0587     if (unlikely(tid >= IWL_MAX_TID_COUNT))
0588         return -EINVAL;
0589
0590     if (priv->tid_data[sta_id][tid].agg.state != IWL_AGG_OFF) {
0591         IWL_ERR(priv, "Start AGG when state is not IWL_AGG_OFF !\n");
0592         return -ENXIO;
0593     }
0594
0595     txq_id = iwlagn_alloc_agg_txq(priv, ctx->ac_to_queue[tid_to_ac[tid]]);
0596     if (txq_id < 0) {
0597         IWL_DEBUG_TX_QUEUES(priv,
0598             "No free aggregation queue for %pM/%d\n",
0599             sta->addr, tid);
0600         return txq_id;
0601     }
0602
0603     ret = iwl_sta_tx_modify_enable_tid(priv, sta_id, tid);
0604     if (ret)
0605         return ret;
0606
0607     spin_lock_bh(&priv->sta_lock);
0608     tid_data = &priv->tid_data[sta_id][tid];
0609     tid_data->agg.ssn = IEEE80211_SEQ_TO_SN(tid_data->seq_number);
0610     tid_data->agg.txq_id = txq_id;
0611
0612     *ssn = tid_data->agg.ssn;
0613
0614     if (*ssn == tid_data->next_reclaimed) {
0615         IWL_DEBUG_TX_QUEUES(priv, "Can proceed: ssn = next_recl = %d\n",
0616                     tid_data->agg.ssn);
0617         tid_data->agg.state = IWL_AGG_STARTING;
0618         ret = IEEE80211_AMPDU_TX_START_IMMEDIATE;
0619     } else {
0620         IWL_DEBUG_TX_QUEUES(priv, "Can't proceed: ssn %d, "
0621                     "next_reclaimed = %d\n",
0622                     tid_data->agg.ssn,
0623                     tid_data->next_reclaimed);
0624         tid_data->agg.state = IWL_EMPTYING_HW_QUEUE_ADDBA;
0625     }
0626     spin_unlock_bh(&priv->sta_lock);
0627
0628     return ret;
0629 }
0630
0631 int iwlagn_tx_agg_flush(struct iwl_priv *priv, struct ieee80211_vif *vif,
0632             struct ieee80211_sta *sta, u16 tid)
0633 {
0634     struct iwl_tid_data *tid_data;
0635     enum iwl_agg_state agg_state;
0636     int sta_id, txq_id;
0637     sta_id = iwl_sta_id(sta);
0638
0639     /*
0640      * First set the agg state to OFF to avoid calling
0641      * ieee80211_stop_tx_ba_cb in iwlagn_check_ratid_empty.
0642      */
0643     spin_lock_bh(&priv->sta_lock);
0644
0645     tid_data = &priv->tid_data[sta_id][tid];
0646     txq_id = tid_data->agg.txq_id;
0647     agg_state = tid_data->agg.state;
0648     IWL_DEBUG_TX_QUEUES(priv, "Flush AGG: sta %d tid %d q %d state %d\n",
0649                 sta_id, tid, txq_id, tid_data->agg.state);
0650
0651     tid_data->agg.state = IWL_AGG_OFF;
0652
0653     spin_unlock_bh(&priv->sta_lock);
0654
0655     if (iwlagn_txfifo_flush(priv, BIT(txq_id)))
0656         IWL_ERR(priv, "Couldn't flush the AGG queue\n");
0657
0658     if (test_bit(txq_id, priv->agg_q_alloc)) {
0659         /*
0660          * If the transport didn't know that we wanted to start
0661          * agreggation, don't tell it that we want to stop them.
0662          * This can happen when we don't get the addBA response on
0663          * time, or we hadn't time to drain the AC queues.
0664          */
0665         if (agg_state == IWL_AGG_ON)
0666             iwl_trans_txq_disable(priv->trans, txq_id, true);
0667         else
0668             IWL_DEBUG_TX_QUEUES(priv, "Don't disable tx agg: %d\n",
0669                         agg_state);
0670         iwlagn_dealloc_agg_txq(priv, txq_id);
0671     }
0672
0673     return 0;
0674 }
0675
0676 int iwlagn_tx_agg_oper(struct iwl_priv *priv, struct ieee80211_vif *vif,
0677             struct ieee80211_sta *sta, u16 tid, u8 buf_size)
0678 {
0679     struct iwl_station_priv *sta_priv = (void *) sta->drv_priv;
0680     struct iwl_rxon_context *ctx = iwl_rxon_ctx_from_vif(vif);
0681     int q, fifo;
0682     u16 ssn;
0683
0684     buf_size = min_t(int, buf_size, LINK_QUAL_AGG_FRAME_LIMIT_DEF);
0685
0686     spin_lock_bh(&priv->sta_lock);
0687     ssn = priv->tid_data[sta_priv->sta_id][tid].agg.ssn;
0688     q = priv->tid_data[sta_priv->sta_id][tid].agg.txq_id;
0689     priv->tid_data[sta_priv->sta_id][tid].agg.state = IWL_AGG_ON;
0690     spin_unlock_bh(&priv->sta_lock);
0691
0692     fifo = ctx->ac_to_fifo[tid_to_ac[tid]];
0693
0694     iwl_trans_txq_enable(priv->trans, q, fifo, sta_priv->sta_id, tid,
0695                  buf_size, ssn, 0);
0696
0697     /*
0698      * If the limit is 0, then it wasn't initialised yet,
0699      * use the default. We can do that since we take the
0700      * minimum below, and we don't want to go above our
0701      * default due to hardware restrictions.
0702      */
0703     if (sta_priv->max_agg_bufsize == 0)
0704         sta_priv->max_agg_bufsize =
0705             LINK_QUAL_AGG_FRAME_LIMIT_DEF;
0706
0707     /*
0708      * Even though in theory the peer could have different
0709      * aggregation reorder buffer sizes for different sessions,
0710      * our ucode doesn't allow for that and has a global limit
0711      * for each station. Therefore, use the minimum of all the
0712      * aggregation sessions and our default value.
0713      */
0714     sta_priv->max_agg_bufsize =
0715         min(sta_priv->max_agg_bufsize, buf_size);
0716
0717     if (priv->hw_params.use_rts_for_aggregation) {
0718         /*
0719          * switch to RTS/CTS if it is the prefer protection
0720          * method for HT traffic
0721          */
0722
0723         sta_priv->lq_sta.lq.general_params.flags |=
0724             LINK_QUAL_FLAGS_SET_STA_TLC_RTS_MSK;
0725     }
0726     priv->agg_tids_count++;
0727     IWL_DEBUG_HT(priv, "priv->agg_tids_count = %u\n",
0728              priv->agg_tids_count);
0729
0730     sta_priv->lq_sta.lq.agg_params.agg_frame_cnt_limit =
0731         sta_priv->max_agg_bufsize;
0732
0733     IWL_DEBUG_HT(priv, "Tx aggregation enabled on ra = %pM tid = %d\n",
0734          sta->addr, tid);
0735
0736     return iwl_send_lq_cmd(priv, ctx,
0737             &sta_priv->lq_sta.lq, CMD_ASYNC, false);
0738 }
0739
0740 static void iwlagn_check_ratid_empty(struct iwl_priv *priv, int sta_id, u8 tid)
0741 {
0742     struct iwl_tid_data *tid_data = &priv->tid_data[sta_id][tid];
0743     enum iwl_rxon_context_id ctx;
0744     struct ieee80211_vif *vif;
0745     u8 *addr;
0746
0747     lockdep_assert_held(&priv->sta_lock);
0748
0749     addr = priv->stations[sta_id].sta.sta.addr;
0750     ctx = priv->stations[sta_id].ctxid;
0751     vif = priv->contexts[ctx].vif;
0752
0753     switch (priv->tid_data[sta_id][tid].agg.state) {
0754     case IWL_EMPTYING_HW_QUEUE_DELBA:
0755         /* There are no packets for this RA / TID in the HW any more */
0756         if (tid_data->agg.ssn == tid_data->next_reclaimed) {
0757             IWL_DEBUG_TX_QUEUES(priv,
0758                 "Can continue DELBA flow ssn = next_recl = %d\n",
0759                 tid_data->next_reclaimed);
0760             iwl_trans_txq_disable(priv->trans,
0761                           tid_data->agg.txq_id, true);
0762             iwlagn_dealloc_agg_txq(priv, tid_data->agg.txq_id);
0763             tid_data->agg.state = IWL_AGG_OFF;
0764             ieee80211_stop_tx_ba_cb_irqsafe(vif, addr, tid);
0765         }
0766         break;
0767     case IWL_EMPTYING_HW_QUEUE_ADDBA:
0768         /* There are no packets for this RA / TID in the HW any more */
0769         if (tid_data->agg.ssn == tid_data->next_reclaimed) {
0770             IWL_DEBUG_TX_QUEUES(priv,
0771                 "Can continue ADDBA flow ssn = next_recl = %d\n",
0772                 tid_data->next_reclaimed);
0773             tid_data->agg.state = IWL_AGG_STARTING;
0774             ieee80211_start_tx_ba_cb_irqsafe(vif, addr, tid);
0775         }
0776         break;
0777     default:
0778         break;
0779     }
0780 }
0781
0782 static void iwlagn_non_agg_tx_status(struct iwl_priv *priv,
0783                      struct iwl_rxon_context *ctx,
0784                      const u8 *addr1)
0785 {
0786     struct ieee80211_sta *sta;
0787     struct iwl_station_priv *sta_priv;
0788
0789     rcu_read_lock();
0790     sta = ieee80211_find_sta(ctx->vif, addr1);
0791     if (sta) {
0792         sta_priv = (void *)sta->drv_priv;
0793         /* avoid atomic ops if this isn't a client */
0794         if (sta_priv->client &&
0795             atomic_dec_return(&sta_priv->pending_frames) == 0)
0796             ieee80211_sta_block_awake(priv->hw, sta, false);
0797     }
0798     rcu_read_unlock();
0799 }
0800
0801 /*
0802  * translate ucode response to mac80211 tx status control values
0803  */
0804 static void iwlagn_hwrate_to_tx_control(struct iwl_priv *priv, u32 rate_n_flags,
0805                   struct ieee80211_tx_info *info)
0806 {
0807     struct ieee80211_tx_rate *r = &info->status.rates[0];
0808
0809     info->status.antenna =
0810         ((rate_n_flags & RATE_MCS_ANT_ABC_MSK) >> RATE_MCS_ANT_POS);
0811     if (rate_n_flags & RATE_MCS_HT_MSK)
0812         r->flags |= IEEE80211_TX_RC_MCS;
0813     if (rate_n_flags & RATE_MCS_GF_MSK)
0814         r->flags |= IEEE80211_TX_RC_GREEN_FIELD;
0815     if (rate_n_flags & RATE_MCS_HT40_MSK)
0816         r->flags |= IEEE80211_TX_RC_40_MHZ_WIDTH;
0817     if (rate_n_flags & RATE_MCS_DUP_MSK)
0818         r->flags |= IEEE80211_TX_RC_DUP_DATA;
0819     if (rate_n_flags & RATE_MCS_SGI_MSK)
0820         r->flags |= IEEE80211_TX_RC_SHORT_GI;
0821     r->idx = iwlagn_hwrate_to_mac80211_idx(rate_n_flags, info->band);
0822 }
0823
0824 #ifdef CONFIG_IWLWIFI_DEBUG
0825 const char *iwl_get_tx_fail_reason(u32 status)
0826 {
0827 #define TX_STATUS_FAIL(x) case TX_STATUS_FAIL_ ## x: return #x
0828 #define TX_STATUS_POSTPONE(x) case TX_STATUS_POSTPONE_ ## x: return #x
0829
0830     switch (status & TX_STATUS_MSK) {
0831     case TX_STATUS_SUCCESS:
0832         return "SUCCESS";
0833     TX_STATUS_POSTPONE(DELAY);
0834     TX_STATUS_POSTPONE(FEW_BYTES);
0835     TX_STATUS_POSTPONE(BT_PRIO);
0836     TX_STATUS_POSTPONE(QUIET_PERIOD);
0837     TX_STATUS_POSTPONE(CALC_TTAK);
0838     TX_STATUS_FAIL(INTERNAL_CROSSED_RETRY);
0839     TX_STATUS_FAIL(SHORT_LIMIT);
0840     TX_STATUS_FAIL(LONG_LIMIT);
0841     TX_STATUS_FAIL(FIFO_UNDERRUN);
0842     TX_STATUS_FAIL(DRAIN_FLOW);
0843     TX_STATUS_FAIL(RFKILL_FLUSH);
0844     TX_STATUS_FAIL(LIFE_EXPIRE);
0845     TX_STATUS_FAIL(DEST_PS);
0846     TX_STATUS_FAIL(HOST_ABORTED);
0847     TX_STATUS_FAIL(BT_RETRY);
0848     TX_STATUS_FAIL(STA_INVALID);
0849     TX_STATUS_FAIL(FRAG_DROPPED);
0850     TX_STATUS_FAIL(TID_DISABLE);
0851     TX_STATUS_FAIL(FIFO_FLUSHED);
0852     TX_STATUS_FAIL(INSUFFICIENT_CF_POLL);
0853     TX_STATUS_FAIL(PASSIVE_NO_RX);
0854     TX_STATUS_FAIL(NO_BEACON_ON_RADAR);
0855     }
0856
0857     return "UNKNOWN";
0858
0859 #undef TX_STATUS_FAIL
0860 #undef TX_STATUS_POSTPONE
0861 }
0862 #endif /* CONFIG_IWLWIFI_DEBUG */
0863
0864 static void iwlagn_count_agg_tx_err_status(struct iwl_priv *priv, u16 status)
0865 {
0866     status &= AGG_TX_STATUS_MSK;
0867
0868     switch (status) {
0869     case AGG_TX_STATE_UNDERRUN_MSK:
0870         priv->reply_agg_tx_stats.underrun++;
0871         break;
0872     case AGG_TX_STATE_BT_PRIO_MSK:
0873         priv->reply_agg_tx_stats.bt_prio++;
0874         break;
0875     case AGG_TX_STATE_FEW_BYTES_MSK:
0876         priv->reply_agg_tx_stats.few_bytes++;
0877         break;
0878     case AGG_TX_STATE_ABORT_MSK:
0879         priv->reply_agg_tx_stats.abort++;
0880         break;
0881     case AGG_TX_STATE_LAST_SENT_TTL_MSK:
0882         priv->reply_agg_tx_stats.last_sent_ttl++;
0883         break;
0884     case AGG_TX_STATE_LAST_SENT_TRY_CNT_MSK:
0885         priv->reply_agg_tx_stats.last_sent_try++;
0886         break;
0887     case AGG_TX_STATE_LAST_SENT_BT_KILL_MSK:
0888         priv->reply_agg_tx_stats.last_sent_bt_kill++;
0889         break;
0890     case AGG_TX_STATE_SCD_QUERY_MSK:
0891         priv->reply_agg_tx_stats.scd_query++;
0892         break;
0893     case AGG_TX_STATE_TEST_BAD_CRC32_MSK:
0894         priv->reply_agg_tx_stats.bad_crc32++;
0895         break;
0896     case AGG_TX_STATE_RESPONSE_MSK:
0897         priv->reply_agg_tx_stats.response++;
0898         break;
0899     case AGG_TX_STATE_DUMP_TX_MSK:
0900         priv->reply_agg_tx_stats.dump_tx++;
0901         break;
0902     case AGG_TX_STATE_DELAY_TX_MSK:
0903         priv->reply_agg_tx_stats.delay_tx++;
0904         break;
0905     default:
0906         priv->reply_agg_tx_stats.unknown++;
0907         break;
0908     }
0909 }
0910
0911 static inline u32 iwlagn_get_scd_ssn(struct iwlagn_tx_resp *tx_resp)
0912 {
0913     return le32_to_cpup((__le32 *)&tx_resp->status +
0914                 tx_resp->frame_count) & IEEE80211_MAX_SN;
0915 }
0916
0917 static void iwl_rx_reply_tx_agg(struct iwl_priv *priv,
0918                 struct iwlagn_tx_resp *tx_resp)
0919 {
0920     struct agg_tx_status *frame_status = &tx_resp->status;
0921     int tid = (tx_resp->ra_tid & IWLAGN_TX_RES_TID_MSK) >>
0922         IWLAGN_TX_RES_TID_POS;
0923     int sta_id = (tx_resp->ra_tid & IWLAGN_TX_RES_RA_MSK) >>
0924         IWLAGN_TX_RES_RA_POS;
0925     struct iwl_ht_agg *agg = &priv->tid_data[sta_id][tid].agg;
0926     u32 status = le16_to_cpu(tx_resp->status.status);
0927     int i;
0928
0929     WARN_ON(tid == IWL_TID_NON_QOS);
0930
0931     if (agg->wait_for_ba)
0932         IWL_DEBUG_TX_REPLY(priv,
0933             "got tx response w/o block-ack\n");
0934
0935     agg->rate_n_flags = le32_to_cpu(tx_resp->rate_n_flags);
0936     agg->wait_for_ba = (tx_resp->frame_count > 1);
0937
0938     /*
0939      * If the BT kill count is non-zero, we'll get this
0940      * notification again.
0941      */
0942     if (tx_resp->bt_kill_count && tx_resp->frame_count == 1 &&
0943         priv->lib->bt_params &&
0944         priv->lib->bt_params->advanced_bt_coexist) {
0945         IWL_DEBUG_COEX(priv, "receive reply tx w/ bt_kill\n");
0946     }
0947
0948     if (tx_resp->frame_count == 1)
0949         return;
0950
0951     IWL_DEBUG_TX_REPLY(priv, "TXQ %d initial_rate 0x%x ssn %d frm_cnt %d\n",
0952                agg->txq_id,
0953                le32_to_cpu(tx_resp->rate_n_flags),
0954                iwlagn_get_scd_ssn(tx_resp), tx_resp->frame_count);
0955
0956     /* Construct bit-map of pending frames within Tx window */
0957     for (i = 0; i < tx_resp->frame_count; i++) {
0958         u16 fstatus = le16_to_cpu(frame_status[i].status);
0959         u8 retry_cnt = (fstatus & AGG_TX_TRY_MSK) >> AGG_TX_TRY_POS;
0960
0961         if (status & AGG_TX_STATUS_MSK)
0962             iwlagn_count_agg_tx_err_status(priv, fstatus);
0963
0964         if (status & (AGG_TX_STATE_FEW_BYTES_MSK |
0965                   AGG_TX_STATE_ABORT_MSK))
0966             continue;
0967
0968         if (status & AGG_TX_STATUS_MSK || retry_cnt > 1)
0969             IWL_DEBUG_TX_REPLY(priv,
0970                        "%d: status %s (0x%04x), try-count (0x%01x)\n",
0971                        i,
0972                        iwl_get_agg_tx_fail_reason(fstatus),
0973                        fstatus & AGG_TX_STATUS_MSK,
0974                        retry_cnt);
0975     }
0976 }
0977
0978 #ifdef CONFIG_IWLWIFI_DEBUG
0979 #define AGG_TX_STATE_FAIL(x) case AGG_TX_STATE_ ## x: return #x
0980
0981 const char *iwl_get_agg_tx_fail_reason(u16 status)
0982 {
0983     status &= AGG_TX_STATUS_MSK;
0984     switch (status) {
0985     case AGG_TX_STATE_TRANSMITTED:
0986         return "SUCCESS";
0987         AGG_TX_STATE_FAIL(UNDERRUN_MSK);
0988         AGG_TX_STATE_FAIL(BT_PRIO_MSK);
0989         AGG_TX_STATE_FAIL(FEW_BYTES_MSK);
0990         AGG_TX_STATE_FAIL(ABORT_MSK);
0991         AGG_TX_STATE_FAIL(LAST_SENT_TTL_MSK);
0992         AGG_TX_STATE_FAIL(LAST_SENT_TRY_CNT_MSK);
0993         AGG_TX_STATE_FAIL(LAST_SENT_BT_KILL_MSK);
0994         AGG_TX_STATE_FAIL(SCD_QUERY_MSK);
0995         AGG_TX_STATE_FAIL(TEST_BAD_CRC32_MSK);
0996         AGG_TX_STATE_FAIL(RESPONSE_MSK);
0997         AGG_TX_STATE_FAIL(DUMP_TX_MSK);
0998         AGG_TX_STATE_FAIL(DELAY_TX_MSK);
0999     }
1000
1001     return "UNKNOWN";
1002 }
1003 #endif /* CONFIG_IWLWIFI_DEBUG */
1004
1005 static void iwlagn_count_tx_err_status(struct iwl_priv *priv, u16 status)
1006 {
1007     status &= TX_STATUS_MSK;
1008
1009     switch (status) {
1010     case TX_STATUS_POSTPONE_DELAY:
1011         priv->reply_tx_stats.pp_delay++;
1012         break;
1013     case TX_STATUS_POSTPONE_FEW_BYTES:
1014         priv->reply_tx_stats.pp_few_bytes++;
1015         break;
1016     case TX_STATUS_POSTPONE_BT_PRIO:
1017         priv->reply_tx_stats.pp_bt_prio++;
1018         break;
1019     case TX_STATUS_POSTPONE_QUIET_PERIOD:
1020         priv->reply_tx_stats.pp_quiet_period++;
1021         break;
1022     case TX_STATUS_POSTPONE_CALC_TTAK:
1023         priv->reply_tx_stats.pp_calc_ttak++;
1024         break;
1025     case TX_STATUS_FAIL_INTERNAL_CROSSED_RETRY:
1026         priv->reply_tx_stats.int_crossed_retry++;
1027         break;
1028     case TX_STATUS_FAIL_SHORT_LIMIT:
1029         priv->reply_tx_stats.short_limit++;
1030         break;
1031     case TX_STATUS_FAIL_LONG_LIMIT:
1032         priv->reply_tx_stats.long_limit++;
1033         break;
1034     case TX_STATUS_FAIL_FIFO_UNDERRUN:
1035         priv->reply_tx_stats.fifo_underrun++;
1036         break;
1037     case TX_STATUS_FAIL_DRAIN_FLOW:
1038         priv->reply_tx_stats.drain_flow++;
1039         break;
1040     case TX_STATUS_FAIL_RFKILL_FLUSH:
1041         priv->reply_tx_stats.rfkill_flush++;
1042         break;
1043     case TX_STATUS_FAIL_LIFE_EXPIRE:
1044         priv->reply_tx_stats.life_expire++;
1045         break;
1046     case TX_STATUS_FAIL_DEST_PS:
1047         priv->reply_tx_stats.dest_ps++;
1048         break;
1049     case TX_STATUS_FAIL_HOST_ABORTED:
1050         priv->reply_tx_stats.host_abort++;
1051         break;
1052     case TX_STATUS_FAIL_BT_RETRY:
1053         priv->reply_tx_stats.bt_retry++;
1054         break;
1055     case TX_STATUS_FAIL_STA_INVALID:
1056         priv->reply_tx_stats.sta_invalid++;
1057         break;
1058     case TX_STATUS_FAIL_FRAG_DROPPED:
1059         priv->reply_tx_stats.frag_drop++;
1060         break;
1061     case TX_STATUS_FAIL_TID_DISABLE:
1062         priv->reply_tx_stats.tid_disable++;
1063         break;
1064     case TX_STATUS_FAIL_FIFO_FLUSHED:
1065         priv->reply_tx_stats.fifo_flush++;
1066         break;
1067     case TX_STATUS_FAIL_INSUFFICIENT_CF_POLL:
1068         priv->reply_tx_stats.insuff_cf_poll++;
1069         break;
1070     case TX_STATUS_FAIL_PASSIVE_NO_RX:
1071         priv->reply_tx_stats.fail_hw_drop++;
1072         break;
1073     case TX_STATUS_FAIL_NO_BEACON_ON_RADAR:
1074         priv->reply_tx_stats.sta_color_mismatch++;
1075         break;
1076     default:
1077         priv->reply_tx_stats.unknown++;
1078         break;
1079     }
1080 }
1081
1082 static void iwlagn_set_tx_status(struct iwl_priv *priv,
1083                  struct ieee80211_tx_info *info,
1084                  struct iwlagn_tx_resp *tx_resp)
1085 {
1086     u16 status = le16_to_cpu(tx_resp->status.status);
1087
1088     info->flags &= ~IEEE80211_TX_CTL_AMPDU;
1089
1090     info->status.rates[0].count = tx_resp->failure_frame + 1;
1091     info->flags |= iwl_tx_status_to_mac80211(status);
1092     iwlagn_hwrate_to_tx_control(priv, le32_to_cpu(tx_resp->rate_n_flags),
1093                     info);
1094     if (!iwl_is_tx_success(status))
1095         iwlagn_count_tx_err_status(priv, status);
1096 }
1097
1098 static void iwl_check_abort_status(struct iwl_priv *priv,
1099                 u8 frame_count, u32 status)
1100 {
1101     if (frame_count == 1 && status == TX_STATUS_FAIL_RFKILL_FLUSH) {
1102         IWL_ERR(priv, "Tx flush command to flush out all frames\n");
1103         if (!test_bit(STATUS_EXIT_PENDING, &priv->status))
1104             queue_work(priv->workqueue, &priv->tx_flush);
1105     }
1106 }
1107
1108 void iwlagn_rx_reply_tx(struct iwl_priv *priv, struct iwl_rx_cmd_buffer *rxb)
1109 {
1110     struct iwl_rx_packet *pkt = rxb_addr(rxb);
1111     u16 sequence = le16_to_cpu(pkt->hdr.sequence);
1112     int txq_id = SEQ_TO_QUEUE(sequence);
1113     int cmd_index __maybe_unused = SEQ_TO_INDEX(sequence);
1114     struct iwlagn_tx_resp *tx_resp = (void *)pkt->data;
1115     struct ieee80211_hdr *hdr;
1116     u32 status = le16_to_cpu(tx_resp->status.status);
1117     u16 ssn = iwlagn_get_scd_ssn(tx_resp);
1118     int tid;
1119     int sta_id;
1120     int freed;
1121     struct ieee80211_tx_info *info;
1122     struct sk_buff_head skbs;
1123     struct sk_buff *skb;
1124     struct iwl_rxon_context *ctx;
1125     bool is_agg = (txq_id >= IWLAGN_FIRST_AMPDU_QUEUE);
1126
1127     tid = (tx_resp->ra_tid & IWLAGN_TX_RES_TID_MSK) >>
1128         IWLAGN_TX_RES_TID_POS;
1129     sta_id = (tx_resp->ra_tid & IWLAGN_TX_RES_RA_MSK) >>
1130         IWLAGN_TX_RES_RA_POS;
1131
1132     spin_lock_bh(&priv->sta_lock);
1133
1134     if (is_agg) {
1135         WARN_ON_ONCE(sta_id >= IWLAGN_STATION_COUNT ||
1136                  tid >= IWL_MAX_TID_COUNT);
1137         if (txq_id != priv->tid_data[sta_id][tid].agg.txq_id)
1138             IWL_ERR(priv, "txq_id mismatch: %d %d\n", txq_id,
1139                 priv->tid_data[sta_id][tid].agg.txq_id);
1140         iwl_rx_reply_tx_agg(priv, tx_resp);
1141     }
1142
1143     __skb_queue_head_init(&skbs);
1144
1145     if (tx_resp->frame_count == 1) {
1146         u16 next_reclaimed = le16_to_cpu(tx_resp->seq_ctl);
1147         next_reclaimed = IEEE80211_SEQ_TO_SN(next_reclaimed + 0x10);
1148
1149         if (is_agg) {
1150             /* If this is an aggregation queue, we can rely on the
1151              * ssn since the wifi sequence number corresponds to
1152              * the index in the TFD ring (%256).
1153              * The seq_ctl is the sequence control of the packet
1154              * to which this Tx response relates. But if there is a
1155              * hole in the bitmap of the BA we received, this Tx
1156              * response may allow to reclaim the hole and all the
1157              * subsequent packets that were already acked.
1158              * In that case, seq_ctl != ssn, and the next packet
1159              * to be reclaimed will be ssn and not seq_ctl.
1160              */
1161             next_reclaimed = ssn;
1162         }
1163
1164         if (tid != IWL_TID_NON_QOS) {
1165             priv->tid_data[sta_id][tid].next_reclaimed =
1166                 next_reclaimed;
1167             IWL_DEBUG_TX_REPLY(priv, "Next reclaimed packet:%d\n",
1168                           next_reclaimed);
1169             iwlagn_check_ratid_empty(priv, sta_id, tid);
1170         }
1171
1172         iwl_trans_reclaim(priv->trans, txq_id, ssn, &skbs);
1173
1174         freed = 0;
1175
1176         /* process frames */
1177         skb_queue_walk(&skbs, skb) {
1178             hdr = (struct ieee80211_hdr *)skb->data;
1179
1180             if (!ieee80211_is_data_qos(hdr->frame_control))
1181                 priv->last_seq_ctl = tx_resp->seq_ctl;
1182
1183             info = IEEE80211_SKB_CB(skb);
1184             ctx = info->driver_data[0];
1185             iwl_trans_free_tx_cmd(priv->trans,
1186                           info->driver_data[1]);
1187
1188             memset(&info->status, 0, sizeof(info->status));
1189
1190             if (status == TX_STATUS_FAIL_PASSIVE_NO_RX &&
1191                 ctx->vif &&
1192                 ctx->vif->type == NL80211_IFTYPE_STATION) {
1193                 /* block and stop all queues */
1194                 priv->passive_no_rx = true;
1195                 IWL_DEBUG_TX_QUEUES(priv,
1196                     "stop all queues: passive channel\n");
1197                 ieee80211_stop_queues(priv->hw);
1198
1199                 IWL_DEBUG_TX_REPLY(priv,
1200                        "TXQ %d status %s (0x%08x) "
1201                        "rate_n_flags 0x%x retries %d\n",
1202                        txq_id,
1203                        iwl_get_tx_fail_reason(status),
1204                        status,
1205                        le32_to_cpu(tx_resp->rate_n_flags),
1206                        tx_resp->failure_frame);
1207
1208                 IWL_DEBUG_TX_REPLY(priv,
1209                        "FrameCnt = %d, idx=%d\n",
1210                        tx_resp->frame_count, cmd_index);
1211             }
1212
1213             /* check if BAR is needed */
1214             if (is_agg && !iwl_is_tx_success(status))
1215                 info->flags |= IEEE80211_TX_STAT_AMPDU_NO_BACK;
1216             iwlagn_set_tx_status(priv, IEEE80211_SKB_CB(skb),
1217                      tx_resp);
1218             if (!is_agg)
1219                 iwlagn_non_agg_tx_status(priv, ctx, hdr->addr1);
1220
1221             freed++;
1222         }
1223
1224         if (tid != IWL_TID_NON_QOS) {
1225             priv->tid_data[sta_id][tid].next_reclaimed =
1226                 next_reclaimed;
1227             IWL_DEBUG_TX_REPLY(priv, "Next reclaimed packet:%d\n",
1228                        next_reclaimed);
1229         }
1230
1231         if (!is_agg && freed != 1)
1232             IWL_ERR(priv, "Q: %d, freed %d\n", txq_id, freed);
1233
1234         IWL_DEBUG_TX_REPLY(priv, "TXQ %d status %s (0x%08x)\n", txq_id,
1235                    iwl_get_tx_fail_reason(status), status);
1236
1237         IWL_DEBUG_TX_REPLY(priv,
1238                    "\t\t\t\tinitial_rate 0x%x retries %d, idx=%d ssn=%d seq_ctl=0x%x\n",
1239                    le32_to_cpu(tx_resp->rate_n_flags),
1240                    tx_resp->failure_frame,
1241                    SEQ_TO_INDEX(sequence), ssn,
1242                    le16_to_cpu(tx_resp->seq_ctl));
1243     }
1244
1245     iwl_check_abort_status(priv, tx_resp->frame_count, status);
1246     spin_unlock_bh(&priv->sta_lock);
1247
1248     while (!skb_queue_empty(&skbs)) {
1249         skb = __skb_dequeue(&skbs);
1250         ieee80211_tx_status(priv->hw, skb);
1251     }
1252 }
1253
1254 /*
1255  * iwlagn_rx_reply_compressed_ba - Handler for REPLY_COMPRESSED_BA
1256  *
1257  * Handles block-acknowledge notification from device, which reports success
1258  * of frames sent via aggregation.
1259  */
1260 void iwlagn_rx_reply_compressed_ba(struct iwl_priv *priv,
1261                    struct iwl_rx_cmd_buffer *rxb)
1262 {
1263     struct iwl_rx_packet *pkt = rxb_addr(rxb);
1264     struct iwl_compressed_ba_resp *ba_resp = (void *)pkt->data;
1265     struct iwl_ht_agg *agg;
1266     struct sk_buff_head reclaimed_skbs;
1267     struct sk_buff *skb;
1268     int sta_id;
1269     int tid;
1270     int freed;
1271
1272     /* "flow" corresponds to Tx queue */
1273     u16 scd_flow = le16_to_cpu(ba_resp->scd_flow);
1274
1275     /* "ssn" is start of block-ack Tx window, corresponds to index
1276      * (in Tx queue's circular buffer) of first TFD/frame in window */
1277     u16 ba_resp_scd_ssn = le16_to_cpu(ba_resp->scd_ssn);
1278
1279     if (scd_flow >= priv->trans->trans_cfg->base_params->num_of_queues) {
1280         IWL_ERR(priv,
1281             "BUG_ON scd_flow is bigger than number of queues\n");
1282         return;
1283     }
1284
1285     sta_id = ba_resp->sta_id;
1286     tid = ba_resp->tid;
1287     agg = &priv->tid_data[sta_id][tid].agg;
1288
1289     spin_lock_bh(&priv->sta_lock);
1290
1291     if (unlikely(!agg->wait_for_ba)) {
1292         if (unlikely(ba_resp->bitmap))
1293             IWL_ERR(priv, "Received BA when not expected\n");
1294         spin_unlock_bh(&priv->sta_lock);
1295         return;
1296     }
1297
1298     if (unlikely(scd_flow != agg->txq_id)) {
1299         /*
1300          * FIXME: this is a uCode bug which need to be addressed,
1301          * log the information and return for now.
1302          * Since it is can possibly happen very often and in order
1303          * not to fill the syslog, don't use IWL_ERR or IWL_WARN
1304          */
1305         IWL_DEBUG_TX_QUEUES(priv,
1306                     "Bad queue mapping txq_id=%d, agg_txq[sta:%d,tid:%d]=%d\n",
1307                     scd_flow, sta_id, tid, agg->txq_id);
1308         spin_unlock_bh(&priv->sta_lock);
1309         return;
1310     }
1311
1312     __skb_queue_head_init(&reclaimed_skbs);
1313
1314     /* Release all TFDs before the SSN, i.e. all TFDs in front of
1315      * block-ack window (we assume that they've been successfully
1316      * transmitted ... if not, it's too late anyway). */
1317     iwl_trans_reclaim(priv->trans, scd_flow, ba_resp_scd_ssn,
1318               &reclaimed_skbs);
1319
1320     IWL_DEBUG_TX_REPLY(priv, "REPLY_COMPRESSED_BA [%d] Received from %pM, "
1321                "sta_id = %d\n",
1322                agg->wait_for_ba,
1323                (u8 *) &ba_resp->sta_addr_lo32,
1324                ba_resp->sta_id);
1325     IWL_DEBUG_TX_REPLY(priv, "TID = %d, SeqCtl = %d, bitmap = 0x%llx, "
1326                "scd_flow = %d, scd_ssn = %d sent:%d, acked:%d\n",
1327                ba_resp->tid, le16_to_cpu(ba_resp->seq_ctl),
1328                (unsigned long long)le64_to_cpu(ba_resp->bitmap),
1329                scd_flow, ba_resp_scd_ssn, ba_resp->txed,
1330                ba_resp->txed_2_done);
1331
1332     /* Mark that the expected block-ack response arrived */
1333     agg->wait_for_ba = false;
1334
1335     /* Sanity check values reported by uCode */
1336     if (ba_resp->txed_2_done > ba_resp->txed) {
1337         IWL_DEBUG_TX_REPLY(priv,
1338             "bogus sent(%d) and ack(%d) count\n",
1339             ba_resp->txed, ba_resp->txed_2_done);
1340         /*
1341          * set txed_2_done = txed,
1342          * so it won't impact rate scale
1343          */
1344         ba_resp->txed = ba_resp->txed_2_done;
1345     }
1346
1347     priv->tid_data[sta_id][tid].next_reclaimed = ba_resp_scd_ssn;
1348
1349     iwlagn_check_ratid_empty(priv, sta_id, tid);
1350     freed = 0;
1351
1352     skb_queue_walk(&reclaimed_skbs, skb) {
1353         struct ieee80211_hdr *hdr = (void *)skb->data;
1354         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1355
1356         if (ieee80211_is_data_qos(hdr->frame_control))
1357             freed++;
1358         else
1359             WARN_ON_ONCE(1);
1360
1361         iwl_trans_free_tx_cmd(priv->trans, info->driver_data[1]);
1362
1363         memset(&info->status, 0, sizeof(info->status));
1364         /* Packet was transmitted successfully, failures come as single
1365          * frames because before failing a frame the firmware transmits
1366          * it without aggregation at least once.
1367          */
1368         info->flags |= IEEE80211_TX_STAT_ACK;
1369
1370         if (freed == 1) {
1371             /* this is the first skb we deliver in this batch */
1372             /* put the rate scaling data there */
1373             info = IEEE80211_SKB_CB(skb);
1374             memset(&info->status, 0, sizeof(info->status));
1375             info->flags |= IEEE80211_TX_STAT_AMPDU;
1376             info->status.ampdu_ack_len = ba_resp->txed_2_done;
1377             info->status.ampdu_len = ba_resp->txed;
1378             iwlagn_hwrate_to_tx_control(priv, agg->rate_n_flags,
1379                             info);
1380         }
1381     }
1382
1383     spin_unlock_bh(&priv->sta_lock);
1384
1385     while (!skb_queue_empty(&reclaimed_skbs)) {
1386         skb = __skb_dequeue(&reclaimed_skbs);
1387         ieee80211_tx_status(priv->hw, skb);
1388     }
1389 }