]> git.ipfire.org Git - thirdparty/kernel/stable.git/blame - drivers/net/wireless/marvell/mwifiex/wmm.c
projects / thirdparty / kernel / stable.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
[thirdparty/kernel/stable.git] / drivers / net / wireless / marvell / mwifiex / wmm.c
CommitLineData
5e6e3a92
BZ		 1/*
2 * Marvell Wireless LAN device driver: WMM
3 *
65da33f5 4 * Copyright (C) 2011-2014, Marvell International Ltd.
5e6e3a92
BZ		 5 *
6 * This software file (the "File") is distributed by Marvell International
7 * Ltd. under the terms of the GNU General Public License Version 2, June 1991
8 * (the "License"). You may use, redistribute and/or modify this File in
9 * accordance with the terms and conditions of the License, a copy of which
10 * is available by writing to the Free Software Foundation, Inc.,
11 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
12 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
13 *
14 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
16 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about
17 * this warranty disclaimer.
18 */
19
20#include "decl.h"
21#include "ioctl.h"
22#include "util.h"
23#include "fw.h"
24#include "main.h"
25#include "wmm.h"
26#include "11n.h"
27
28
29/* Maximum value FW can accept for driver delay in packet transmission */
30#define DRV_PKT_DELAY_TO_FW_MAX 512
31
32
33#define WMM_QUEUED_PACKET_LOWER_LIMIT 180
34
35#define WMM_QUEUED_PACKET_UPPER_LIMIT 200
36
37/* Offset for TOS field in the IP header */
38#define IPTOS_OFFSET 5
39
4c9f9fb2
AK		 40static bool disable_tx_amsdu;
41module_param(disable_tx_amsdu, bool, 0644);
c9e2404c 42
5e6e3a92
BZ		 43/* WMM information IE */
44static const u8 wmm_info_ie[] = { WLAN_EID_VENDOR_SPECIFIC, 0x07,
45 0x00, 0x50, 0xf2, 0x02,
46 0x00, 0x01, 0x00
47};
48
49static const u8 wmm_aci_to_qidx_map[] = { WMM_AC_BE,
50 WMM_AC_BK,
51 WMM_AC_VI,
52 WMM_AC_VO
53};
54
55static u8 tos_to_tid[] = {
56 /* TID DSCP_P2 DSCP_P1 DSCP_P0 WMM_AC */
57 0x01, /* 0 1 0 AC_BK */
58 0x02, /* 0 0 0 AC_BK */
59 0x00, /* 0 0 1 AC_BE */
60 0x03, /* 0 1 1 AC_BE */
61 0x04, /* 1 0 0 AC_VI */
62 0x05, /* 1 0 1 AC_VI */
63 0x06, /* 1 1 0 AC_VO */
64 0x07 /* 1 1 1 AC_VO */
65};
66
5e6e3a92
BZ		 67static u8 ac_to_tid[4][2] = { {1, 2}, {0, 3}, {4, 5}, {6, 7} };
68
69/*
70 * This function debug prints the priority parameters for a WMM AC.
71 */
72static void
73mwifiex_wmm_ac_debug_print(const struct ieee_types_wmm_ac_parameters *ac_param)
74{
75 const char *ac_str[] = { "BK", "BE", "VI", "VO" };
76
77 pr_debug("info: WMM AC_%s: ACI=%d, ACM=%d, Aifsn=%d, "
c65a30f3
YAP		 78 "EcwMin=%d, EcwMax=%d, TxopLimit=%d\n",
79 ac_str[wmm_aci_to_qidx_map[(ac_param->aci_aifsn_bitmap
80 & MWIFIEX_ACI) >> 5]],
81 (ac_param->aci_aifsn_bitmap & MWIFIEX_ACI) >> 5,
82 (ac_param->aci_aifsn_bitmap & MWIFIEX_ACM) >> 4,
83 ac_param->aci_aifsn_bitmap & MWIFIEX_AIFSN,
84 ac_param->ecw_bitmap & MWIFIEX_ECW_MIN,
85 (ac_param->ecw_bitmap & MWIFIEX_ECW_MAX) >> 4,
86 le16_to_cpu(ac_param->tx_op_limit));
5e6e3a92
BZ		 87}
88
89/*
90 * This function allocates a route address list.
91 *
92 * The function also initializes the list with the provided RA.
93 */
94static struct mwifiex_ra_list_tbl *
3b3a0162 95mwifiex_wmm_allocate_ralist_node(struct mwifiex_adapter *adapter, const u8 *ra)
5e6e3a92
BZ		 96{
97 struct mwifiex_ra_list_tbl *ra_list;
98
99 ra_list = kzalloc(sizeof(struct mwifiex_ra_list_tbl), GFP_ATOMIC);
0d2e7a5c 100 if (!ra_list)
5e6e3a92 101 return NULL;
0d2e7a5c 102
5e6e3a92
BZ		 103 INIT_LIST_HEAD(&ra_list->list);
104 skb_queue_head_init(&ra_list->skb_head);
105
106 memcpy(ra_list->ra, ra, ETH_ALEN);
107
c7d9ed9e 108 ra_list->total_pkt_count = 0;
5e6e3a92 109
acebe8c1 110 mwifiex_dbg(adapter, INFO, "info: allocated ra_list %p\n", ra_list);
5e6e3a92
BZ		 111
112 return ra_list;
113}
114
5a009adf
AP		 115/* This function returns random no between 16 and 32 to be used as threshold
116 * for no of packets after which BA setup is initiated.
117 */
118static u8 mwifiex_get_random_ba_threshold(void)
119{
52f4f918 120 u64 ns;
5a009adf
AP		 121 /* setup ba_packet_threshold here random number between
122 * [BA_SETUP_PACKET_OFFSET,
123 * BA_SETUP_PACKET_OFFSET+BA_SETUP_MAX_PACKET_THRESHOLD-1]
124 */
52f4f918
AB		 125 ns = ktime_get_ns();
126 ns += (ns >> 32) + (ns >> 16);
5a009adf 127
52f4f918 128 return ((u8)ns % BA_SETUP_MAX_PACKET_THRESHOLD) + BA_SETUP_PACKET_OFFSET;
5a009adf
AP		 129}
130
5e6e3a92
BZ		 131/*
132 * This function allocates and adds a RA list for all TIDs
133 * with the given RA.
134 */
3b3a0162 135void mwifiex_ralist_add(struct mwifiex_private *priv, const u8 *ra)
5e6e3a92
BZ		 136{
137 int i;
138 struct mwifiex_ra_list_tbl *ra_list;
139 struct mwifiex_adapter *adapter = priv->adapter;
5a009adf 140 struct mwifiex_sta_node *node;
5a009adf 141
5e6e3a92
BZ		 142
143 for (i = 0; i < MAX_NUM_TID; ++i) {
144 ra_list = mwifiex_wmm_allocate_ralist_node(adapter, ra);
acebe8c1
ZL		 145 mwifiex_dbg(adapter, INFO,
146 "info: created ra_list %p\n", ra_list);
5e6e3a92
BZ		 147
148 if (!ra_list)
149 break;
150
5a009adf 151 ra_list->is_11n_enabled = 0;
daeb5bb4 152 ra_list->tdls_link = false;
39df5e82
ZL		 153 ra_list->ba_status = BA_SETUP_NONE;
154 ra_list->amsdu_in_ampdu = false;
5a009adf 155 if (!mwifiex_queuing_ra_based(priv)) {
55a2c077
XH		 156 if (mwifiex_is_tdls_link_setup
157 (mwifiex_get_tdls_link_status(priv, ra))) {
a983e48b 158 ra_list->tdls_link = true;
daeb5bb4
AP		 159 ra_list->is_11n_enabled =
160 mwifiex_tdls_peer_11n_enabled(priv, ra);
161 } else {
162 ra_list->is_11n_enabled = IS_11N_ENABLED(priv);
163 }
5a009adf 164 } else {
8a7f9fd8 165 spin_lock_bh(&priv->sta_list_spinlock);
c11fb985 166 node = mwifiex_get_sta_entry(priv, ra);
70c5ad7e
ZL		 167 if (node)
168 ra_list->tx_paused = node->tx_pause;
5a009adf
AP		 169 ra_list->is_11n_enabled =
170 mwifiex_is_sta_11n_enabled(priv, node);
171 if (ra_list->is_11n_enabled)
172 ra_list->max_amsdu = node->max_amsdu;
8a7f9fd8 173 spin_unlock_bh(&priv->sta_list_spinlock);
5a009adf 174 }
5e6e3a92 175
acebe8c1
ZL		 176 mwifiex_dbg(adapter, DATA, "data: ralist %p: is_11n_enabled=%d\n",
177 ra_list, ra_list->is_11n_enabled);
5e6e3a92 178
5a009adf 179 if (ra_list->is_11n_enabled) {
f0cb84f8 180 ra_list->ba_pkt_count = 0;
5a009adf
AP		 181 ra_list->ba_packet_thr =
182 mwifiex_get_random_ba_threshold();
183 }
5e6e3a92 184 list_add_tail(&ra_list->list,
c65a30f3 185 &priv->wmm.tid_tbl_ptr[i].ra_list);
5e6e3a92
BZ		 186 }
187}
188
189/*
190 * This function sets the WMM queue priorities to their default values.
191 */
192static void mwifiex_wmm_default_queue_priorities(struct mwifiex_private *priv)
193{
194 /* Default queue priorities: VO->VI->BE->BK */
195 priv->wmm.queue_priority[0] = WMM_AC_VO;
196 priv->wmm.queue_priority[1] = WMM_AC_VI;
197 priv->wmm.queue_priority[2] = WMM_AC_BE;
198 priv->wmm.queue_priority[3] = WMM_AC_BK;
199}
200
201/*
202 * This function map ACs to TIDs.
203 */
204static void
41a24a29 205mwifiex_wmm_queue_priorities_tid(struct mwifiex_private *priv)
5e6e3a92 206{
41a24a29 207 struct mwifiex_wmm_desc *wmm = &priv->wmm;
49729ff6 208 u8 *queue_priority = wmm->queue_priority;
5e6e3a92
BZ		 209 int i;
210
211 for (i = 0; i < 4; ++i) {
212 tos_to_tid[7 - (i * 2)] = ac_to_tid[queue_priority[i]][1];
213 tos_to_tid[6 - (i * 2)] = ac_to_tid[queue_priority[i]][0];
214 }
49729ff6
MY		 215
216 for (i = 0; i < MAX_NUM_TID; ++i)
41a24a29 217 priv->tos_to_tid_inv[tos_to_tid[i]] = (u8)i;
49729ff6
MY		 218
219 atomic_set(&wmm->highest_queued_prio, HIGH_PRIO_TID);
5e6e3a92
BZ		 220}
221
222/*
223 * This function initializes WMM priority queues.
224 */
225void
226mwifiex_wmm_setup_queue_priorities(struct mwifiex_private *priv,
227 struct ieee_types_wmm_parameter *wmm_ie)
228{
229 u16 cw_min, avg_back_off, tmp[4];
230 u32 i, j, num_ac;
231 u8 ac_idx;
232
233 if (!wmm_ie || !priv->wmm_enabled) {
234 /* WMM is not enabled, just set the defaults and return */
235 mwifiex_wmm_default_queue_priorities(priv);
236 return;
237 }
238
acebe8c1
ZL		 239 mwifiex_dbg(priv->adapter, INFO,
240 "info: WMM Parameter IE: version=%d,\t"
241 "qos_info Parameter Set Count=%d, Reserved=%#x\n",
63d7ef36 242 wmm_ie->version, wmm_ie->qos_info_bitmap &
acebe8c1
ZL		 243 IEEE80211_WMM_IE_AP_QOSINFO_PARAM_SET_CNT_MASK,
244 wmm_ie->reserved);
5e6e3a92
BZ		 245
246 for (num_ac = 0; num_ac < ARRAY_SIZE(wmm_ie->ac_params); num_ac++) {
c65a30f3
YAP		 247 u8 ecw = wmm_ie->ac_params[num_ac].ecw_bitmap;
248 u8 aci_aifsn = wmm_ie->ac_params[num_ac].aci_aifsn_bitmap;
249 cw_min = (1 << (ecw & MWIFIEX_ECW_MIN)) - 1;
250 avg_back_off = (cw_min >> 1) + (aci_aifsn & MWIFIEX_AIFSN);
251
252 ac_idx = wmm_aci_to_qidx_map[(aci_aifsn & MWIFIEX_ACI) >> 5];
5e6e3a92
BZ		 253 priv->wmm.queue_priority[ac_idx] = ac_idx;
254 tmp[ac_idx] = avg_back_off;
255
acebe8c1
ZL		 256 mwifiex_dbg(priv->adapter, INFO,
257 "info: WMM: CWmax=%d CWmin=%d Avg Back-off=%d\n",
258 (1 << ((ecw & MWIFIEX_ECW_MAX) >> 4)) - 1,
259 cw_min, avg_back_off);
5e6e3a92
BZ		 260 mwifiex_wmm_ac_debug_print(&wmm_ie->ac_params[num_ac]);
261 }
262
263 /* Bubble sort */
264 for (i = 0; i < num_ac; i++) {
265 for (j = 1; j < num_ac - i; j++) {
266 if (tmp[j - 1] > tmp[j]) {
267 swap(tmp[j - 1], tmp[j]);
268 swap(priv->wmm.queue_priority[j - 1],
269 priv->wmm.queue_priority[j]);
270 } else if (tmp[j - 1] == tmp[j]) {
271 if (priv->wmm.queue_priority[j - 1]
272 < priv->wmm.queue_priority[j])
273 swap(priv->wmm.queue_priority[j - 1],
274 priv->wmm.queue_priority[j]);
275 }
276 }
277 }
278
41a24a29 279 mwifiex_wmm_queue_priorities_tid(priv);
5e6e3a92
BZ		 280}
281
282/*
283 * This function evaluates whether or not an AC is to be downgraded.
284 *
285 * In case the AC is not enabled, the highest AC is returned that is
286 * enabled and does not require admission control.
287 */
288static enum mwifiex_wmm_ac_e
289mwifiex_wmm_eval_downgrade_ac(struct mwifiex_private *priv,
290 enum mwifiex_wmm_ac_e eval_ac)
291{
292 int down_ac;
293 enum mwifiex_wmm_ac_e ret_ac;
294 struct mwifiex_wmm_ac_status *ac_status;
295
296 ac_status = &priv->wmm.ac_status[eval_ac];
297
298 if (!ac_status->disabled)
299 /* Okay to use this AC, its enabled */
300 return eval_ac;
301
302 /* Setup a default return value of the lowest priority */
303 ret_ac = WMM_AC_BK;
304
305 /*
306 * Find the highest AC that is enabled and does not require
307 * admission control. The spec disallows downgrading to an AC,
308 * which is enabled due to a completed admission control.
309 * Unadmitted traffic is not to be sent on an AC with admitted
310 * traffic.
311 */
312 for (down_ac = WMM_AC_BK; down_ac < eval_ac; down_ac++) {
313 ac_status = &priv->wmm.ac_status[down_ac];
314
315 if (!ac_status->disabled && !ac_status->flow_required)
316 /* AC is enabled and does not require admission
317 control */
318 ret_ac = (enum mwifiex_wmm_ac_e) down_ac;
319 }
320
321 return ret_ac;
322}
323
324/*
325 * This function downgrades WMM priority queue.
326 */
327void
328mwifiex_wmm_setup_ac_downgrade(struct mwifiex_private *priv)
329{
330 int ac_val;
331
acebe8c1
ZL		 332 mwifiex_dbg(priv->adapter, INFO, "info: WMM: AC Priorities:\t"
333 "BK(0), BE(1), VI(2), VO(3)\n");
5e6e3a92
BZ		 334
335 if (!priv->wmm_enabled) {
336 /* WMM is not enabled, default priorities */
337 for (ac_val = WMM_AC_BK; ac_val <= WMM_AC_VO; ac_val++)
338 priv->wmm.ac_down_graded_vals[ac_val] =
c65a30f3 339 (enum mwifiex_wmm_ac_e) ac_val;
5e6e3a92
BZ		 340 } else {
341 for (ac_val = WMM_AC_BK; ac_val <= WMM_AC_VO; ac_val++) {
342 priv->wmm.ac_down_graded_vals[ac_val]
343 = mwifiex_wmm_eval_downgrade_ac(priv,
344 (enum mwifiex_wmm_ac_e) ac_val);
acebe8c1
ZL		 345 mwifiex_dbg(priv->adapter, INFO,
346 "info: WMM: AC PRIO %d maps to %d\n",
347 ac_val,
348 priv->wmm.ac_down_graded_vals[ac_val]);
5e6e3a92
BZ		 349 }
350 }
351}
352
353/*
354 * This function converts the IP TOS field to an WMM AC
355 * Queue assignment.
356 */
357static enum mwifiex_wmm_ac_e
358mwifiex_wmm_convert_tos_to_ac(struct mwifiex_adapter *adapter, u32 tos)
359{
360 /* Map of TOS UP values to WMM AC */
7dfb0ebd
CIK		 361 static const enum mwifiex_wmm_ac_e tos_to_ac[] = {
362 WMM_AC_BE,
5e6e3a92
BZ		 363 WMM_AC_BK,
364 WMM_AC_BK,
365 WMM_AC_BE,
366 WMM_AC_VI,
367 WMM_AC_VI,
368 WMM_AC_VO,
369 WMM_AC_VO
370 };
371
372 if (tos >= ARRAY_SIZE(tos_to_ac))
373 return WMM_AC_BE;
374
375 return tos_to_ac[tos];
376}
377
378/*
379 * This function evaluates a given TID and downgrades it to a lower
380 * TID if the WMM Parameter IE received from the AP indicates that the
381 * AP is disabled (due to call admission control (ACM bit). Mapping
382 * of TID to AC is taken care of internally.
383 */
5f2caaf3 384u8 mwifiex_wmm_downgrade_tid(struct mwifiex_private *priv, u32 tid)
5e6e3a92
BZ		 385{
386 enum mwifiex_wmm_ac_e ac, ac_down;
387 u8 new_tid;
388
389 ac = mwifiex_wmm_convert_tos_to_ac(priv->adapter, tid);
390 ac_down = priv->wmm.ac_down_graded_vals[ac];
391
392 /* Send the index to tid array, picking from the array will be
393 * taken care by dequeuing function
394 */
395 new_tid = ac_to_tid[ac_down][tid % 2];
396
397 return new_tid;
398}
399
400/*
401 * This function initializes the WMM state information and the
402 * WMM data path queues.
403 */
404void
405mwifiex_wmm_init(struct mwifiex_adapter *adapter)
406{
407 int i, j;
408 struct mwifiex_private *priv;
409
410 for (j = 0; j < adapter->priv_num; ++j) {
411 priv = adapter->priv[j];
412 if (!priv)
413 continue;
414
415 for (i = 0; i < MAX_NUM_TID; ++i) {
4c9f9fb2
AK		 416 if (!disable_tx_amsdu &&
417 adapter->tx_buf_size > MWIFIEX_TX_DATA_BUF_SIZE_2K)
418 priv->aggr_prio_tbl[i].amsdu =
419 priv->tos_to_tid_inv[i];
420 else
421 priv->aggr_prio_tbl[i].amsdu =
422 BA_STREAM_NOT_ALLOWED;
41a24a29
AP		 423 priv->aggr_prio_tbl[i].ampdu_ap =
424 priv->tos_to_tid_inv[i];
425 priv->aggr_prio_tbl[i].ampdu_user =
426 priv->tos_to_tid_inv[i];
5e6e3a92
BZ		 427 }
428
31a09a5d
AP		 429 priv->aggr_prio_tbl[6].amsdu
430 = priv->aggr_prio_tbl[6].ampdu_ap
431 = priv->aggr_prio_tbl[6].ampdu_user
432 = BA_STREAM_NOT_ALLOWED;
433
434 priv->aggr_prio_tbl[7].amsdu = priv->aggr_prio_tbl[7].ampdu_ap
435 = priv->aggr_prio_tbl[7].ampdu_user
436 = BA_STREAM_NOT_ALLOWED;
437
04abc0a3 438 mwifiex_set_ba_params(priv);
92583924
SP		 439 mwifiex_reset_11n_rx_seq_num(priv);
440
6970cd44 441 priv->wmm.drv_pkt_delay_max = MWIFIEX_WMM_DRV_DELAY_MAX;
f699254c 442 atomic_set(&priv->wmm.tx_pkts_queued, 0);
49729ff6 443 atomic_set(&priv->wmm.highest_queued_prio, HIGH_PRIO_TID);
5e6e3a92
BZ		 444 }
445}
446
a1777327
AP		 447int mwifiex_bypass_txlist_empty(struct mwifiex_adapter *adapter)
448{
735ab6bf
ZL		 449 struct mwifiex_private *priv;
450 int i;
451
452 for (i = 0; i < adapter->priv_num; i++) {
453 priv = adapter->priv[i];
454 if (!priv)
455 continue;
456 if (adapter->if_ops.is_port_ready &&
457 !adapter->if_ops.is_port_ready(priv))
458 continue;
459 if (!skb_queue_empty(&priv->bypass_txq))
460 return false;
461 }
462
463 return true;
a1777327
AP		 464}
465
5e6e3a92
BZ		 466/*
467 * This function checks if WMM Tx queue is empty.
468 */
469int
470mwifiex_wmm_lists_empty(struct mwifiex_adapter *adapter)
471{
f699254c 472 int i;
5e6e3a92
BZ		 473 struct mwifiex_private *priv;
474
f699254c
MY		 475 for (i = 0; i < adapter->priv_num; ++i) {
476 priv = adapter->priv[i];
735ab6bf
ZL		 477 if (!priv)
478 continue;
dc386ce7 479 if (!priv->port_open &&
480 (priv->bss_mode != NL80211_IFTYPE_ADHOC))
735ab6bf
ZL		 481 continue;
482 if (adapter->if_ops.is_port_ready &&
483 !adapter->if_ops.is_port_ready(priv))
5c894633 484 continue;
735ab6bf 485 if (atomic_read(&priv->wmm.tx_pkts_queued))
a8aa69dc 486 return false;
5e6e3a92
BZ		 487 }
488
489 return true;
490}
491
492/*
493 * This function deletes all packets in an RA list node.
494 *
495 * The packet sent completion callback handler are called with
496 * status failure, after they are dequeued to ensure proper
497 * cleanup. The RA list node itself is freed at the end.
498 */
499static void
500mwifiex_wmm_del_pkts_in_ralist_node(struct mwifiex_private *priv,
501 struct mwifiex_ra_list_tbl *ra_list)
502{
503 struct mwifiex_adapter *adapter = priv->adapter;
504 struct sk_buff *skb, *tmp;
505
c44c0403
AK		 506 skb_queue_walk_safe(&ra_list->skb_head, skb, tmp) {
507 skb_unlink(skb, &ra_list->skb_head);
47411a06 508 mwifiex_write_data_complete(adapter, skb, 0, -1);
c44c0403 509 }
5e6e3a92
BZ		 510}
511
512/*
513 * This function deletes all packets in an RA list.
514 *
515 * Each nodes in the RA list are freed individually first, and then
516 * the RA list itself is freed.
517 */
518static void
519mwifiex_wmm_del_pkts_in_ralist(struct mwifiex_private *priv,
520 struct list_head *ra_list_head)
521{
522 struct mwifiex_ra_list_tbl *ra_list;
523
524 list_for_each_entry(ra_list, ra_list_head, list)
525 mwifiex_wmm_del_pkts_in_ralist_node(priv, ra_list);
526}
527
528/*
529 * This function deletes all packets in all RA lists.
530 */
531static void mwifiex_wmm_cleanup_queues(struct mwifiex_private *priv)
532{
533 int i;
534
535 for (i = 0; i < MAX_NUM_TID; i++)
536 mwifiex_wmm_del_pkts_in_ralist(priv, &priv->wmm.tid_tbl_ptr[i].
c65a30f3 537 ra_list);
f699254c
MY		 538
539 atomic_set(&priv->wmm.tx_pkts_queued, 0);
49729ff6 540 atomic_set(&priv->wmm.highest_queued_prio, HIGH_PRIO_TID);
5e6e3a92
BZ		 541}
542
543/*
544 * This function deletes all route addresses from all RA lists.
545 */
546static void mwifiex_wmm_delete_all_ralist(struct mwifiex_private *priv)
547{
548 struct mwifiex_ra_list_tbl *ra_list, *tmp_node;
549 int i;
550
551 for (i = 0; i < MAX_NUM_TID; ++i) {
acebe8c1
ZL		 552 mwifiex_dbg(priv->adapter, INFO,
553 "info: ra_list: freeing buf for tid %d\n", i);
5e6e3a92 554 list_for_each_entry_safe(ra_list, tmp_node,
c65a30f3
YAP		 555 &priv->wmm.tid_tbl_ptr[i].ra_list,
556 list) {
5e6e3a92
BZ		 557 list_del(&ra_list->list);
558 kfree(ra_list);
559 }
560
561 INIT_LIST_HEAD(&priv->wmm.tid_tbl_ptr[i].ra_list);
5e6e3a92
BZ		 562 }
563}
564
808bbebc
AK		 565static int mwifiex_free_ack_frame(int id, void *p, void *data)
566{
567 pr_warn("Have pending ack frames!\n");
568 kfree_skb(p);
569 return 0;
570}
571
5e6e3a92
BZ		 572/*
573 * This function cleans up the Tx and Rx queues.
574 *
575 * Cleanup includes -
576 * - All packets in RA lists
577 * - All entries in Rx reorder table
578 * - All entries in Tx BA stream table
579 * - MPA buffer (if required)
580 * - All RA lists
581 */
582void
583mwifiex_clean_txrx(struct mwifiex_private *priv)
584{
56bd24a1 585 struct sk_buff *skb, *tmp;
5e6e3a92
BZ		 586
587 mwifiex_11n_cleanup_reorder_tbl(priv);
8a7f9fd8 588 spin_lock_bh(&priv->wmm.ra_list_spinlock);
5e6e3a92
BZ		 589
590 mwifiex_wmm_cleanup_queues(priv);
591 mwifiex_11n_delete_all_tx_ba_stream_tbl(priv);
592
593 if (priv->adapter->if_ops.cleanup_mpa_buf)
594 priv->adapter->if_ops.cleanup_mpa_buf(priv->adapter);
595
596 mwifiex_wmm_delete_all_ralist(priv);
597 memcpy(tos_to_tid, ac_to_tid, sizeof(tos_to_tid));
598
4f7ba432 599 if (priv->adapter->if_ops.clean_pcie_ring &&
fc3a2fca 600 !test_bit(MWIFIEX_SURPRISE_REMOVED, &priv->adapter->work_flags))
fbd7e7ac 601 priv->adapter->if_ops.clean_pcie_ring(priv->adapter);
8a7f9fd8 602 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
56bd24a1 603
c44c0403
AK		 604 skb_queue_walk_safe(&priv->tdls_txq, skb, tmp) {
605 skb_unlink(skb, &priv->tdls_txq);
56bd24a1 606 mwifiex_write_data_complete(priv->adapter, skb, 0, -1);
c44c0403 607 }
808bbebc 608
c44c0403
AK		 609 skb_queue_walk_safe(&priv->bypass_txq, skb, tmp) {
610 skb_unlink(skb, &priv->bypass_txq);
a1777327 611 mwifiex_write_data_complete(priv->adapter, skb, 0, -1);
c44c0403 612 }
a1777327
AP		 613 atomic_set(&priv->adapter->bypass_tx_pending, 0);
614
808bbebc
AK		 615 idr_for_each(&priv->ack_status_frames, mwifiex_free_ack_frame, NULL);
616 idr_destroy(&priv->ack_status_frames);
5e6e3a92
BZ		 617}
618
619/*
620 * This function retrieves a particular RA list node, matching with the
621 * given TID and RA address.
622 */
39df5e82 623struct mwifiex_ra_list_tbl *
5e6e3a92 624mwifiex_wmm_get_ralist_node(struct mwifiex_private *priv, u8 tid,
3b3a0162 625 const u8 *ra_addr)
5e6e3a92
BZ		 626{
627 struct mwifiex_ra_list_tbl *ra_list;
628
629 list_for_each_entry(ra_list, &priv->wmm.tid_tbl_ptr[tid].ra_list,
630 list) {
631 if (!memcmp(ra_list->ra, ra_addr, ETH_ALEN))
632 return ra_list;
633 }
634
635 return NULL;
636}
637
4e6ee91b
AP		 638void mwifiex_update_ralist_tx_pause(struct mwifiex_private *priv, u8 *mac,
639 u8 tx_pause)
640{
641 struct mwifiex_ra_list_tbl *ra_list;
642 u32 pkt_cnt = 0, tx_pkts_queued;
4e6ee91b
AP		 643 int i;
644
8a7f9fd8 645 spin_lock_bh(&priv->wmm.ra_list_spinlock);
4e6ee91b
AP		 646
647 for (i = 0; i < MAX_NUM_TID; ++i) {
648 ra_list = mwifiex_wmm_get_ralist_node(priv, i, mac);
649 if (ra_list && ra_list->tx_paused != tx_pause) {
650 pkt_cnt += ra_list->total_pkt_count;
651 ra_list->tx_paused = tx_pause;
652 if (tx_pause)
653 priv->wmm.pkts_paused[i] +=
654 ra_list->total_pkt_count;
655 else
656 priv->wmm.pkts_paused[i] -=
657 ra_list->total_pkt_count;
658 }
659 }
660
f7669877
XH		 661 if (pkt_cnt) {
662 tx_pkts_queued = atomic_read(&priv->wmm.tx_pkts_queued);
663 if (tx_pause)
664 tx_pkts_queued -= pkt_cnt;
665 else
666 tx_pkts_queued += pkt_cnt;
667
668 atomic_set(&priv->wmm.tx_pkts_queued, tx_pkts_queued);
669 atomic_set(&priv->wmm.highest_queued_prio, HIGH_PRIO_TID);
670 }
8a7f9fd8 671 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
f7669877
XH		 672}
673
08a7e621
MY		 674/* This function updates non-tdls peer ralist tx_pause while
675 * tdls channel switching
f7669877
XH		 676 */
677void mwifiex_update_ralist_tx_pause_in_tdls_cs(struct mwifiex_private *priv,
678 u8 *mac, u8 tx_pause)
679{
680 struct mwifiex_ra_list_tbl *ra_list;
681 u32 pkt_cnt = 0, tx_pkts_queued;
f7669877
XH		 682 int i;
683
8a7f9fd8 684 spin_lock_bh(&priv->wmm.ra_list_spinlock);
f7669877
XH		 685
686 for (i = 0; i < MAX_NUM_TID; ++i) {
687 list_for_each_entry(ra_list, &priv->wmm.tid_tbl_ptr[i].ra_list,
688 list) {
689 if (!memcmp(ra_list->ra, mac, ETH_ALEN))
690 continue;
691
8785955b 692 if (ra_list->tx_paused != tx_pause) {
f7669877
XH		 693 pkt_cnt += ra_list->total_pkt_count;
694 ra_list->tx_paused = tx_pause;
695 if (tx_pause)
696 priv->wmm.pkts_paused[i] +=
697 ra_list->total_pkt_count;
698 else
699 priv->wmm.pkts_paused[i] -=
700 ra_list->total_pkt_count;
701 }
702 }
703 }
704
4e6ee91b
AP		 705 if (pkt_cnt) {
706 tx_pkts_queued = atomic_read(&priv->wmm.tx_pkts_queued);
707 if (tx_pause)
708 tx_pkts_queued -= pkt_cnt;
709 else
710 tx_pkts_queued += pkt_cnt;
711
712 atomic_set(&priv->wmm.tx_pkts_queued, tx_pkts_queued);
713 atomic_set(&priv->wmm.highest_queued_prio, HIGH_PRIO_TID);
714 }
8a7f9fd8 715 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
4e6ee91b
AP		 716}
717
5e6e3a92
BZ		 718/*
719 * This function retrieves an RA list node for a given TID and
720 * RA address pair.
721 *
722 * If no such node is found, a new node is added first and then
723 * retrieved.
724 */
5f2caaf3 725struct mwifiex_ra_list_tbl *
3b3a0162
JB		 726mwifiex_wmm_get_queue_raptr(struct mwifiex_private *priv, u8 tid,
727 const u8 *ra_addr)
5e6e3a92
BZ		 728{
729 struct mwifiex_ra_list_tbl *ra_list;
730
731 ra_list = mwifiex_wmm_get_ralist_node(priv, tid, ra_addr);
732 if (ra_list)
733 return ra_list;
734 mwifiex_ralist_add(priv, ra_addr);
735
736 return mwifiex_wmm_get_ralist_node(priv, tid, ra_addr);
737}
738
9817fffb
AP		 739/*
740 * This function deletes RA list nodes for given mac for all TIDs.
741 * Function also decrements TX pending count accordingly.
742 */
743void
744mwifiex_wmm_del_peer_ra_list(struct mwifiex_private *priv, const u8 *ra_addr)
745{
746 struct mwifiex_ra_list_tbl *ra_list;
9817fffb
AP		 747 int i;
748
8a7f9fd8 749 spin_lock_bh(&priv->wmm.ra_list_spinlock);
9817fffb
AP		 750
751 for (i = 0; i < MAX_NUM_TID; ++i) {
752 ra_list = mwifiex_wmm_get_ralist_node(priv, i, ra_addr);
753
754 if (!ra_list)
755 continue;
756 mwifiex_wmm_del_pkts_in_ralist_node(priv, ra_list);
70c5ad7e
ZL		 757 if (ra_list->tx_paused)
758 priv->wmm.pkts_paused[i] -= ra_list->total_pkt_count;
759 else
760 atomic_sub(ra_list->total_pkt_count,
761 &priv->wmm.tx_pkts_queued);
9817fffb
AP		 762 list_del(&ra_list->list);
763 kfree(ra_list);
764 }
8a7f9fd8 765 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
9817fffb
AP		 766}
767
5e6e3a92
BZ		 768/*
769 * This function checks if a particular RA list node exists in a given TID
770 * table index.
771 */
772int
773mwifiex_is_ralist_valid(struct mwifiex_private *priv,
774 struct mwifiex_ra_list_tbl *ra_list, int ptr_index)
775{
776 struct mwifiex_ra_list_tbl *rlist;
777
778 list_for_each_entry(rlist, &priv->wmm.tid_tbl_ptr[ptr_index].ra_list,
779 list) {
780 if (rlist == ra_list)
781 return true;
782 }
783
784 return false;
785}
786
a1777327
AP		 787/*
788 * This function adds a packet to bypass TX queue.
789 * This is special TX queue for packets which can be sent even when port_open
790 * is false.
791 */
792void
793mwifiex_wmm_add_buf_bypass_txqueue(struct mwifiex_private *priv,
794 struct sk_buff *skb)
795{
796 skb_queue_tail(&priv->bypass_txq, skb);
797}
798
5e6e3a92
BZ		 799/*
800 * This function adds a packet to WMM queue.
801 *
802 * In disconnected state the packet is immediately dropped and the
803 * packet send completion callback is called with status failure.
804 *
805 * Otherwise, the correct RA list node is located and the packet
806 * is queued at the list tail.
807 */
808void
2690e1bb 809mwifiex_wmm_add_buf_txqueue(struct mwifiex_private *priv,
5e6e3a92
BZ		 810 struct sk_buff *skb)
811{
2690e1bb 812 struct mwifiex_adapter *adapter = priv->adapter;
5e6e3a92
BZ		 813 u32 tid;
814 struct mwifiex_ra_list_tbl *ra_list;
815 u8 ra[ETH_ALEN], tid_down;
d63bf5e5
AP		 816 struct list_head list_head;
817 int tdls_status = TDLS_NOT_SETUP;
818 struct ethhdr *eth_hdr = (struct ethhdr *)skb->data;
819 struct mwifiex_txinfo *tx_info = MWIFIEX_SKB_TXCB(skb);
820
821 memcpy(ra, eth_hdr->h_dest, ETH_ALEN);
822
823 if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA &&
824 ISSUPP_TDLS_ENABLED(adapter->fw_cap_info)) {
825 if (ntohs(eth_hdr->h_proto) == ETH_P_TDLS)
acebe8c1
ZL		 826 mwifiex_dbg(adapter, DATA,
827 "TDLS setup packet for %pM.\t"
828 "Don't block\n", ra);
16e8552a 829 else if (memcmp(priv->cfg_bssid, ra, ETH_ALEN))
d63bf5e5
AP		 830 tdls_status = mwifiex_get_tdls_link_status(priv, ra);
831 }
5e6e3a92 832
e39faa73 833 if (!priv->media_connected && !mwifiex_is_skb_mgmt_frame(skb)) {
acebe8c1 834 mwifiex_dbg(adapter, DATA, "data: drop packet in disconnect\n");
47411a06 835 mwifiex_write_data_complete(adapter, skb, 0, -1);
5e6e3a92
BZ		 836 return;
837 }
838
839 tid = skb->priority;
840
8a7f9fd8 841 spin_lock_bh(&priv->wmm.ra_list_spinlock);
5e6e3a92
BZ		 842
843 tid_down = mwifiex_wmm_downgrade_tid(priv, tid);
844
845 /* In case of infra as we have already created the list during
846 association we just don't have to call get_queue_raptr, we will
847 have only 1 raptr for a tid in case of infra */
e39faa73
SP		 848 if (!mwifiex_queuing_ra_based(priv) &&
849 !mwifiex_is_skb_mgmt_frame(skb)) {
d63bf5e5
AP		 850 switch (tdls_status) {
851 case TDLS_SETUP_COMPLETE:
55a2c077
XH		 852 case TDLS_CHAN_SWITCHING:
853 case TDLS_IN_BASE_CHAN:
854 case TDLS_IN_OFF_CHAN:
d63bf5e5
AP		 855 ra_list = mwifiex_wmm_get_queue_raptr(priv, tid_down,
856 ra);
857 tx_info->flags |= MWIFIEX_BUF_FLAG_TDLS_PKT;
858 break;
859 case TDLS_SETUP_INPROGRESS:
860 skb_queue_tail(&priv->tdls_txq, skb);
8a7f9fd8 861 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
d63bf5e5
AP		 862 return;
863 default:
864 list_head = priv->wmm.tid_tbl_ptr[tid_down].ra_list;
01926202
SL		 865 ra_list = list_first_entry_or_null(&list_head,
866 struct mwifiex_ra_list_tbl, list);
d63bf5e5
AP		 867 break;
868 }
5e6e3a92
BZ		 869 } else {
870 memcpy(ra, skb->data, ETH_ALEN);
e39faa73 871 if (ra[0] & 0x01 || mwifiex_is_skb_mgmt_frame(skb))
93803b33 872 eth_broadcast_addr(ra);
5e6e3a92
BZ		 873 ra_list = mwifiex_wmm_get_queue_raptr(priv, tid_down, ra);
874 }
875
876 if (!ra_list) {
8a7f9fd8 877 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
47411a06 878 mwifiex_write_data_complete(adapter, skb, 0, -1);
5e6e3a92
BZ		 879 return;
880 }
881
882 skb_queue_tail(&ra_list->skb_head, skb);
883
f0cb84f8 884 ra_list->ba_pkt_count++;
c7d9ed9e 885 ra_list->total_pkt_count++;
5e6e3a92 886
49729ff6 887 if (atomic_read(&priv->wmm.highest_queued_prio) <
41a24a29 888 priv->tos_to_tid_inv[tid_down])
49729ff6 889 atomic_set(&priv->wmm.highest_queued_prio,
41a24a29 890 priv->tos_to_tid_inv[tid_down]);
49729ff6 891
9186a1f3
XH		 892 if (ra_list->tx_paused)
893 priv->wmm.pkts_paused[tid_down]++;
894 else
895 atomic_inc(&priv->wmm.tx_pkts_queued);
2716fd7d 896
8a7f9fd8 897 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
5e6e3a92
BZ		 898}
899
900/*
901 * This function processes the get WMM status command response from firmware.
902 *
903 * The response may contain multiple TLVs -
904 * - AC Queue status TLVs
905 * - Current WMM Parameter IE TLV
906 * - Admission Control action frame TLVs
907 *
908 * This function parses the TLVs and then calls further specific functions
909 * to process any changes in the queue prioritize or state.
910 */
911int mwifiex_ret_wmm_get_status(struct mwifiex_private *priv,
912 const struct host_cmd_ds_command *resp)
913{
914 u8 *curr = (u8 *) &resp->params.get_wmm_status;
915 uint16_t resp_len = le16_to_cpu(resp->size), tlv_len;
acebe8c1 916 int mask = IEEE80211_WMM_IE_AP_QOSINFO_PARAM_SET_CNT_MASK;
c856197d 917 bool valid = true;
5e6e3a92
BZ		 918
919 struct mwifiex_ie_types_data *tlv_hdr;
920 struct mwifiex_ie_types_wmm_queue_status *tlv_wmm_qstatus;
921 struct ieee_types_wmm_parameter *wmm_param_ie = NULL;
922 struct mwifiex_wmm_ac_status *ac_status;
923
acebe8c1
ZL		 924 mwifiex_dbg(priv->adapter, INFO,
925 "info: WMM: WMM_GET_STATUS cmdresp received: %d\n",
926 resp_len);
5e6e3a92
BZ		 927
928 while ((resp_len >= sizeof(tlv_hdr->header)) && valid) {
929 tlv_hdr = (struct mwifiex_ie_types_data *) curr;
930 tlv_len = le16_to_cpu(tlv_hdr->header.len);
931
95edbc30
DC		 932 if (resp_len < tlv_len + sizeof(tlv_hdr->header))
933 break;
934
5e6e3a92
BZ		 935 switch (le16_to_cpu(tlv_hdr->header.type)) {
936 case TLV_TYPE_WMMQSTATUS:
937 tlv_wmm_qstatus =
938 (struct mwifiex_ie_types_wmm_queue_status *)
939 tlv_hdr;
acebe8c1
ZL		 940 mwifiex_dbg(priv->adapter, CMD,
941 "info: CMD_RESP: WMM_GET_STATUS:\t"
942 "QSTATUS TLV: %d, %d, %d\n",
943 tlv_wmm_qstatus->queue_index,
944 tlv_wmm_qstatus->flow_required,
945 tlv_wmm_qstatus->disabled);
5e6e3a92
BZ		 946
947 ac_status = &priv->wmm.ac_status[tlv_wmm_qstatus->
948 queue_index];
949 ac_status->disabled = tlv_wmm_qstatus->disabled;
950 ac_status->flow_required =
c65a30f3 951 tlv_wmm_qstatus->flow_required;
5e6e3a92
BZ		 952 ac_status->flow_created = tlv_wmm_qstatus->flow_created;
953 break;
954
955 case WLAN_EID_VENDOR_SPECIFIC:
956 /*
957 * Point the regular IEEE IE 2 bytes into the Marvell IE
958 * and setup the IEEE IE type and length byte fields
959 */
960
961 wmm_param_ie =
962 (struct ieee_types_wmm_parameter *) (curr +
963 2);
964 wmm_param_ie->vend_hdr.len = (u8) tlv_len;
965 wmm_param_ie->vend_hdr.element_id =
966 WLAN_EID_VENDOR_SPECIFIC;
967
acebe8c1
ZL		 968 mwifiex_dbg(priv->adapter, CMD,
969 "info: CMD_RESP: WMM_GET_STATUS:\t"
970 "WMM Parameter Set Count: %d\n",
971 wmm_param_ie->qos_info_bitmap & mask);
5e6e3a92 972
3a9b153c
QX		 973 if (wmm_param_ie->vend_hdr.len + 2 >
974 sizeof(struct ieee_types_wmm_parameter))
975 break;
976
5e6e3a92
BZ		 977 memcpy((u8 *) &priv->curr_bss_params.bss_descriptor.
978 wmm_ie, wmm_param_ie,
979 wmm_param_ie->vend_hdr.len + 2);
980
981 break;
982
983 default:
984 valid = false;
985 break;
986 }
987
988 curr += (tlv_len + sizeof(tlv_hdr->header));
989 resp_len -= (tlv_len + sizeof(tlv_hdr->header));
990 }
991
992 mwifiex_wmm_setup_queue_priorities(priv, wmm_param_ie);
993 mwifiex_wmm_setup_ac_downgrade(priv);
994
995 return 0;
996}
997
998/*
999 * Callback handler from the command module to allow insertion of a WMM TLV.
1000 *
1001 * If the BSS we are associating to supports WMM, this function adds the
1002 * required WMM Information IE to the association request command buffer in
1003 * the form of a Marvell extended IEEE IE.
1004 */
1005u32
1006mwifiex_wmm_process_association_req(struct mwifiex_private *priv,
1007 u8 **assoc_buf,
1008 struct ieee_types_wmm_parameter *wmm_ie,
1009 struct ieee80211_ht_cap *ht_cap)
1010{
1011 struct mwifiex_ie_types_wmm_param_set *wmm_tlv;
1012 u32 ret_len = 0;
1013
1014 /* Null checks */
1015 if (!assoc_buf)
1016 return 0;
1017 if (!(*assoc_buf))
1018 return 0;
1019
1020 if (!wmm_ie)
1021 return 0;
1022
acebe8c1
ZL		 1023 mwifiex_dbg(priv->adapter, INFO,
1024 "info: WMM: process assoc req: bss->wmm_ie=%#x\n",
1025 wmm_ie->vend_hdr.element_id);
5e6e3a92 1026
c65a30f3
YAP		 1027 if ((priv->wmm_required ||
1028 (ht_cap && (priv->adapter->config_bands & BAND_GN ||
1029 priv->adapter->config_bands & BAND_AN))) &&
1030 wmm_ie->vend_hdr.element_id == WLAN_EID_VENDOR_SPECIFIC) {
5e6e3a92
BZ		 1031 wmm_tlv = (struct mwifiex_ie_types_wmm_param_set *) *assoc_buf;
1032 wmm_tlv->header.type = cpu_to_le16((u16) wmm_info_ie[0]);
1033 wmm_tlv->header.len = cpu_to_le16((u16) wmm_info_ie[1]);
1034 memcpy(wmm_tlv->wmm_ie, &wmm_info_ie[2],
c65a30f3 1035 le16_to_cpu(wmm_tlv->header.len));
5e6e3a92
BZ		 1036 if (wmm_ie->qos_info_bitmap & IEEE80211_WMM_IE_AP_QOSINFO_UAPSD)
1037 memcpy((u8 *) (wmm_tlv->wmm_ie
c65a30f3
YAP		 1038 + le16_to_cpu(wmm_tlv->header.len)
1039 - sizeof(priv->wmm_qosinfo)),
1040 &priv->wmm_qosinfo, sizeof(priv->wmm_qosinfo));
5e6e3a92
BZ		 1041
1042 ret_len = sizeof(wmm_tlv->header)
c65a30f3 1043 + le16_to_cpu(wmm_tlv->header.len);
5e6e3a92
BZ		 1044
1045 *assoc_buf += ret_len;
1046 }
1047
1048 return ret_len;
1049}
1050
1051/*
1052 * This function computes the time delay in the driver queues for a
1053 * given packet.
1054 *
1055 * When the packet is received at the OS/Driver interface, the current
1056 * time is set in the packet structure. The difference between the present
1057 * time and that received time is computed in this function and limited
1058 * based on pre-compiled limits in the driver.
1059 */
1060u8
1061mwifiex_wmm_compute_drv_pkt_delay(struct mwifiex_private *priv,
c65a30f3 1062 const struct sk_buff *skb)
5e6e3a92 1063{
c64800e7 1064 u32 queue_delay = ktime_to_ms(net_timedelta(skb->tstamp));
270e58e8 1065 u8 ret_val;
5e6e3a92
BZ		 1066
1067 /*
1068 * Queue delay is passed as a uint8 in units of 2ms (ms shifted
1069 * by 1). Min value (other than 0) is therefore 2ms, max is 510ms.
1070 *
1071 * Pass max value if queue_delay is beyond the uint8 range
1072 */
1073 ret_val = (u8) (min(queue_delay, priv->wmm.drv_pkt_delay_max) >> 1);
1074
acebe8c1
ZL		 1075 mwifiex_dbg(priv->adapter, DATA, "data: WMM: Pkt Delay: %d ms,\t"
1076 "%d ms sent to FW\n", queue_delay, ret_val);
5e6e3a92
BZ		 1077
1078 return ret_val;
1079}
1080
1081/*
1082 * This function retrieves the highest priority RA list table pointer.
1083 */
1084static struct mwifiex_ra_list_tbl *
1085mwifiex_wmm_get_highest_priolist_ptr(struct mwifiex_adapter *adapter,
1086 struct mwifiex_private **priv, int *tid)
1087{
1088 struct mwifiex_private *priv_tmp;
2e237319 1089 struct mwifiex_ra_list_tbl *ptr;
5e6e3a92 1090 struct mwifiex_tid_tbl *tid_ptr;
bb7de2ba 1091 atomic_t *hqp;
5e6e3a92
BZ		 1092 int i, j;
1093
b006ed54 1094 /* check the BSS with highest priority first */
5e6e3a92 1095 for (j = adapter->priv_num - 1; j >= 0; --j) {
b006ed54
AF		 1096 /* iterate over BSS with the equal priority */
1097 list_for_each_entry(adapter->bss_prio_tbl[j].bss_prio_cur,
1098 &adapter->bss_prio_tbl[j].bss_prio_head,
1099 list) {
16051b0e 1100
49abe5c8 1101try_again:
b006ed54 1102 priv_tmp = adapter->bss_prio_tbl[j].bss_prio_cur->priv;
5e6e3a92 1103
dc386ce7 1104 if (((priv_tmp->bss_mode != NL80211_IFTYPE_ADHOC) &&
1105 !priv_tmp->port_open) ||
5c894633 1106 (atomic_read(&priv_tmp->wmm.tx_pkts_queued) == 0))
b006ed54 1107 continue;
333f6b22 1108
735ab6bf
ZL		 1109 if (adapter->if_ops.is_port_ready &&
1110 !adapter->if_ops.is_port_ready(priv_tmp))
1111 continue;
1112
333f6b22
AF		 1113 /* iterate over the WMM queues of the BSS */
1114 hqp = &priv_tmp->wmm.highest_queued_prio;
49729ff6 1115 for (i = atomic_read(hqp); i >= LOW_PRIO_TID; --i) {
5e6e3a92 1116
8a7f9fd8 1117 spin_lock_bh(&priv_tmp->wmm.ra_list_spinlock);
2716fd7d 1118
5e6e3a92
BZ		 1119 tid_ptr = &(priv_tmp)->wmm.
1120 tid_tbl_ptr[tos_to_tid[i]];
1121
2e237319
AF		 1122 /* iterate over receiver addresses */
1123 list_for_each_entry(ptr, &tid_ptr->ra_list,
1124 list) {
5e6e3a92 1125
b5b0f272
XH		 1126 if (!ptr->tx_paused &&
1127 !skb_queue_empty(&ptr->skb_head))
2716fd7d 1128 /* holds both locks */
bb7de2ba 1129 goto found;
2e237319 1130 }
bb7de2ba 1131
8a7f9fd8 1132 spin_unlock_bh(&priv_tmp->wmm.ra_list_spinlock);
5e6e3a92
BZ		 1133 }
1134
49abe5c8
XH		 1135 if (atomic_read(&priv_tmp->wmm.tx_pkts_queued) != 0) {
1136 atomic_set(&priv_tmp->wmm.highest_queued_prio,
1137 HIGH_PRIO_TID);
1138 /* Iterate current private once more, since
1139 * there still exist packets in data queue
1140 */
1141 goto try_again;
1142 } else
1143 atomic_set(&priv_tmp->wmm.highest_queued_prio,
1144 NO_PKT_PRIO_TID);
1145 }
5e6e3a92 1146 }
2716fd7d 1147
5e6e3a92 1148 return NULL;
bb7de2ba
YAP		 1149
1150found:
690e792c 1151 /* holds ra_list_spinlock */
bb7de2ba
YAP		 1152 if (atomic_read(hqp) > i)
1153 atomic_set(hqp, i);
8a7f9fd8 1154 spin_unlock_bh(&priv_tmp->wmm.ra_list_spinlock);
bb7de2ba
YAP		 1155
1156 *priv = priv_tmp;
1157 *tid = tos_to_tid[i];
1158
1159 return ptr;
5e6e3a92
BZ		 1160}
1161
b006ed54 1162/* This functions rotates ra and bss lists so packets are picked round robin.
2e237319
AF		 1163 *
1164 * After a packet is successfully transmitted, rotate the ra list, so the ra
1165 * next to the one transmitted, will come first in the list. This way we pick
b006ed54
AF		 1166 * the ra' in a round robin fashion. Same applies to bss nodes of equal
1167 * priority.
2e237319
AF		 1168 *
1169 * Function also increments wmm.packets_out counter.
1170 */
1171void mwifiex_rotate_priolists(struct mwifiex_private *priv,
1172 struct mwifiex_ra_list_tbl *ra,
1173 int tid)
1174{
b006ed54
AF		 1175 struct mwifiex_adapter *adapter = priv->adapter;
1176 struct mwifiex_bss_prio_tbl *tbl = adapter->bss_prio_tbl;
2e237319 1177 struct mwifiex_tid_tbl *tid_ptr = &priv->wmm.tid_tbl_ptr[tid];
2e237319 1178
8a7f9fd8 1179 spin_lock_bh(&tbl[priv->bss_priority].bss_prio_lock);
b006ed54
AF		 1180 /*
1181 * dirty trick: we remove 'head' temporarily and reinsert it after
1182 * curr bss node. imagine list to stay fixed while head is moved
1183 */
1184 list_move(&tbl[priv->bss_priority].bss_prio_head,
1185 &tbl[priv->bss_priority].bss_prio_cur->list);
8a7f9fd8 1186 spin_unlock_bh(&tbl[priv->bss_priority].bss_prio_lock);
b006ed54 1187
8a7f9fd8 1188 spin_lock_bh(&priv->wmm.ra_list_spinlock);
2e237319
AF		 1189 if (mwifiex_is_ralist_valid(priv, ra, tid)) {
1190 priv->wmm.packets_out[tid]++;
b006ed54 1191 /* same as above */
2e237319
AF		 1192 list_move(&tid_ptr->ra_list, &ra->list);
1193 }
8a7f9fd8 1194 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
2e237319
AF		 1195}
1196
d85c5fe4
AK		 1197/*
1198 * This function checks if 11n aggregation is possible.
1199 */
1200static int
1201mwifiex_is_11n_aggragation_possible(struct mwifiex_private *priv,
1202 struct mwifiex_ra_list_tbl *ptr,
1203 int max_buf_size)
1204{
1205 int count = 0, total_size = 0;
1206 struct sk_buff *skb, *tmp;
5a009adf
AP		 1207 int max_amsdu_size;
1208
1209 if (priv->bss_role == MWIFIEX_BSS_ROLE_UAP && priv->ap_11n_enabled &&
1210 ptr->is_11n_enabled)
1211 max_amsdu_size = min_t(int, ptr->max_amsdu, max_buf_size);
1212 else
1213 max_amsdu_size = max_buf_size;
d85c5fe4
AK		 1214
1215 skb_queue_walk_safe(&ptr->skb_head, skb, tmp) {
1216 total_size += skb->len;
5a009adf 1217 if (total_size >= max_amsdu_size)
d85c5fe4
AK		 1218 break;
1219 if (++count >= MIN_NUM_AMSDU)
1220 return true;
1221 }
1222
1223 return false;
1224}
1225
5e6e3a92
BZ		 1226/*
1227 * This function sends a single packet to firmware for transmission.
1228 */
1229static void
1230mwifiex_send_single_packet(struct mwifiex_private *priv,
8a7f9fd8 1231 struct mwifiex_ra_list_tbl *ptr, int ptr_index)
5e6e3a92
BZ		 1232 __releases(&priv->wmm.ra_list_spinlock)
1233{
1234 struct sk_buff *skb, *skb_next;
1235 struct mwifiex_tx_param tx_param;
1236 struct mwifiex_adapter *adapter = priv->adapter;
5e6e3a92
BZ		 1237 struct mwifiex_txinfo *tx_info;
1238
1239 if (skb_queue_empty(&ptr->skb_head)) {
8a7f9fd8 1240 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
acebe8c1 1241 mwifiex_dbg(adapter, DATA, "data: nothing to send\n");
5e6e3a92
BZ		 1242 return;
1243 }
1244
1245 skb = skb_dequeue(&ptr->skb_head);
1246
1247 tx_info = MWIFIEX_SKB_TXCB(skb);
acebe8c1
ZL		 1248 mwifiex_dbg(adapter, DATA,
1249 "data: dequeuing the packet %p %p\n", ptr, skb);
5e6e3a92 1250
c7d9ed9e 1251 ptr->total_pkt_count--;
5e6e3a92
BZ		 1252
1253 if (!skb_queue_empty(&ptr->skb_head))
1254 skb_next = skb_peek(&ptr->skb_head);
1255 else
1256 skb_next = NULL;
1257
8a7f9fd8 1258 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
5e6e3a92
BZ		 1259
1260 tx_param.next_pkt_len = ((skb_next) ? skb_next->len +
1261 sizeof(struct txpd) : 0);
1262
636c4598 1263 if (mwifiex_process_tx(priv, skb, &tx_param) == -EBUSY) {
5e6e3a92 1264 /* Queue the packet back at the head */
8a7f9fd8 1265 spin_lock_bh(&priv->wmm.ra_list_spinlock);
5e6e3a92
BZ		 1266
1267 if (!mwifiex_is_ralist_valid(priv, ptr, ptr_index)) {
8a7f9fd8 1268 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
47411a06 1269 mwifiex_write_data_complete(adapter, skb, 0, -1);
5e6e3a92
BZ		 1270 return;
1271 }
1272
1273 skb_queue_tail(&ptr->skb_head, skb);
1274
c7d9ed9e 1275 ptr->total_pkt_count++;
f0cb84f8 1276 ptr->ba_pkt_count++;
5e6e3a92 1277 tx_info->flags |= MWIFIEX_BUF_FLAG_REQUEUED_PKT;
8a7f9fd8 1278 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
5e6e3a92 1279 } else {
2e237319 1280 mwifiex_rotate_priolists(priv, ptr, ptr_index);
f699254c 1281 atomic_dec(&priv->wmm.tx_pkts_queued);
5e6e3a92
BZ		 1282 }
1283}
1284
1285/*
1286 * This function checks if the first packet in the given RA list
1287 * is already processed or not.
1288 */
1289static int
1290mwifiex_is_ptr_processed(struct mwifiex_private *priv,
1291 struct mwifiex_ra_list_tbl *ptr)
1292{
1293 struct sk_buff *skb;
1294 struct mwifiex_txinfo *tx_info;
1295
1296 if (skb_queue_empty(&ptr->skb_head))
1297 return false;
1298
1299 skb = skb_peek(&ptr->skb_head);
1300
1301 tx_info = MWIFIEX_SKB_TXCB(skb);
1302 if (tx_info->flags & MWIFIEX_BUF_FLAG_REQUEUED_PKT)
1303 return true;
1304
1305 return false;
1306}
1307
1308/*
1309 * This function sends a single processed packet to firmware for
1310 * transmission.
1311 */
1312static void
1313mwifiex_send_processed_packet(struct mwifiex_private *priv,
8a7f9fd8 1314 struct mwifiex_ra_list_tbl *ptr, int ptr_index)
5e6e3a92
BZ		 1315 __releases(&priv->wmm.ra_list_spinlock)
1316{
1317 struct mwifiex_tx_param tx_param;
1318 struct mwifiex_adapter *adapter = priv->adapter;
1319 int ret = -1;
1320 struct sk_buff *skb, *skb_next;
1321 struct mwifiex_txinfo *tx_info;
1322
1323 if (skb_queue_empty(&ptr->skb_head)) {
8a7f9fd8 1324 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
5e6e3a92
BZ		 1325 return;
1326 }
1327
1328 skb = skb_dequeue(&ptr->skb_head);
1329
e35000ea 1330 if (adapter->data_sent || adapter->tx_lock_flag) {
77f486c8 1331 ptr->total_pkt_count--;
8a7f9fd8 1332 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
e35000ea 1333 skb_queue_tail(&adapter->tx_data_q, skb);
77f486c8 1334 atomic_dec(&priv->wmm.tx_pkts_queued);
e35000ea
ZL		 1335 atomic_inc(&adapter->tx_queued);
1336 return;
1337 }
1338
5e6e3a92
BZ		 1339 if (!skb_queue_empty(&ptr->skb_head))
1340 skb_next = skb_peek(&ptr->skb_head);
1341 else
1342 skb_next = NULL;
1343
1344 tx_info = MWIFIEX_SKB_TXCB(skb);
1345
8a7f9fd8 1346 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
4daffe35 1347
822446d4
XH		 1348 tx_param.next_pkt_len =
1349 ((skb_next) ? skb_next->len +
1350 sizeof(struct txpd) : 0);
4daffe35 1351 if (adapter->iface_type == MWIFIEX_USB) {
735ab6bf 1352 ret = adapter->if_ops.host_to_card(adapter, priv->usb_port,
822446d4 1353 skb, &tx_param);
4daffe35 1354 } else {
4daffe35
AK		 1355 ret = adapter->if_ops.host_to_card(adapter, MWIFIEX_TYPE_DATA,
1356 skb, &tx_param);
1357 }
1358
5e6e3a92
BZ		 1359 switch (ret) {
1360 case -EBUSY:
acebe8c1 1361 mwifiex_dbg(adapter, ERROR, "data: -EBUSY is returned\n");
8a7f9fd8 1362 spin_lock_bh(&priv->wmm.ra_list_spinlock);
5e6e3a92
BZ		 1363
1364 if (!mwifiex_is_ralist_valid(priv, ptr, ptr_index)) {
8a7f9fd8 1365 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
47411a06 1366 mwifiex_write_data_complete(adapter, skb, 0, -1);
5e6e3a92
BZ		 1367 return;
1368 }
1369
1370 skb_queue_tail(&ptr->skb_head, skb);
1371
1372 tx_info->flags |= MWIFIEX_BUF_FLAG_REQUEUED_PKT;
8a7f9fd8 1373 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
5e6e3a92
BZ		 1374 break;
1375 case -1:
acebe8c1 1376 mwifiex_dbg(adapter, ERROR, "host_to_card failed: %#x\n", ret);
5e6e3a92 1377 adapter->dbg.num_tx_host_to_card_failure++;
47411a06 1378 mwifiex_write_data_complete(adapter, skb, 0, ret);
5e6e3a92
BZ		 1379 break;
1380 case -EINPROGRESS:
7a1f4e61
AK		 1381 break;
1382 case 0:
1383 mwifiex_write_data_complete(adapter, skb, 0, ret);
5e6e3a92
BZ		 1384 default:
1385 break;
1386 }
1387 if (ret != -EBUSY) {
2e237319 1388 mwifiex_rotate_priolists(priv, ptr, ptr_index);
f699254c 1389 atomic_dec(&priv->wmm.tx_pkts_queued);
8a7f9fd8 1390 spin_lock_bh(&priv->wmm.ra_list_spinlock);
77f486c8 1391 ptr->total_pkt_count--;
8a7f9fd8 1392 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
5e6e3a92
BZ		 1393 }
1394}
1395
1396/*
1397 * This function dequeues a packet from the highest priority list
1398 * and transmits it.
1399 */
1400static int
1401mwifiex_dequeue_tx_packet(struct mwifiex_adapter *adapter)
1402{
1403 struct mwifiex_ra_list_tbl *ptr;
1404 struct mwifiex_private *priv = NULL;
1405 int ptr_index = 0;
1406 u8 ra[ETH_ALEN];
1407 int tid_del = 0, tid = 0;
5e6e3a92
BZ		 1408
1409 ptr = mwifiex_wmm_get_highest_priolist_ptr(adapter, &priv, &ptr_index);
1410 if (!ptr)
1411 return -1;
1412
572e8f3e 1413 tid = mwifiex_get_tid(ptr);
5e6e3a92 1414
acebe8c1 1415 mwifiex_dbg(adapter, DATA, "data: tid=%d\n", tid);
5e6e3a92 1416
8a7f9fd8 1417 spin_lock_bh(&priv->wmm.ra_list_spinlock);
5e6e3a92 1418 if (!mwifiex_is_ralist_valid(priv, ptr, ptr_index)) {
8a7f9fd8 1419 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
5e6e3a92
BZ		 1420 return -1;
1421 }
1422
1423 if (mwifiex_is_ptr_processed(priv, ptr)) {
8a7f9fd8 1424 mwifiex_send_processed_packet(priv, ptr, ptr_index);
5e6e3a92
BZ		 1425 /* ra_list_spinlock has been freed in
1426 mwifiex_send_processed_packet() */
1427 return 0;
1428 }
1429
c65a30f3 1430 if (!ptr->is_11n_enabled ||
39df5e82
ZL		 1431 ptr->ba_status ||
1432 priv->wps.session_enable) {
4c9f9fb2 1433 if (ptr->is_11n_enabled &&
39df5e82
ZL		 1434 ptr->ba_status &&
1435 ptr->amsdu_in_ampdu &&
1436 mwifiex_is_amsdu_allowed(priv, tid) &&
1437 mwifiex_is_11n_aggragation_possible(priv, ptr,
4c9f9fb2 1438 adapter->tx_buf_size))
8a7f9fd8 1439 mwifiex_11n_aggregate_pkt(priv, ptr, ptr_index);
4c9f9fb2
AK		 1440 /* ra_list_spinlock has been freed in
1441 * mwifiex_11n_aggregate_pkt()
1442 */
1443 else
8a7f9fd8 1444 mwifiex_send_single_packet(priv, ptr, ptr_index);
4c9f9fb2
AK		 1445 /* ra_list_spinlock has been freed in
1446 * mwifiex_send_single_packet()
1447 */
5e6e3a92 1448 } else {
eac43227 1449 if (mwifiex_is_ampdu_allowed(priv, ptr, tid) &&
f0cb84f8 1450 ptr->ba_pkt_count > ptr->ba_packet_thr) {
53d7938e 1451 if (mwifiex_space_avail_for_new_ba_stream(adapter)) {
3e822635
YAP		 1452 mwifiex_create_ba_tbl(priv, ptr->ra, tid,
1453 BA_SETUP_INPROGRESS);
5e6e3a92
BZ		 1454 mwifiex_send_addba(priv, tid, ptr->ra);
1455 } else if (mwifiex_find_stream_to_delete
572e8f3e 1456 (priv, tid, &tid_del, ra)) {
3e822635
YAP		 1457 mwifiex_create_ba_tbl(priv, ptr->ra, tid,
1458 BA_SETUP_INPROGRESS);
5e6e3a92
BZ		 1459 mwifiex_send_delba(priv, tid_del, ra, 1);
1460 }
1461 }
4c9f9fb2 1462 if (mwifiex_is_amsdu_allowed(priv, tid) &&
d85c5fe4
AK		 1463 mwifiex_is_11n_aggragation_possible(priv, ptr,
1464 adapter->tx_buf_size))
8a7f9fd8 1465 mwifiex_11n_aggregate_pkt(priv, ptr, ptr_index);
5e6e3a92
BZ		 1466 /* ra_list_spinlock has been freed in
1467 mwifiex_11n_aggregate_pkt() */
1468 else
8a7f9fd8 1469 mwifiex_send_single_packet(priv, ptr, ptr_index);
5e6e3a92
BZ		 1470 /* ra_list_spinlock has been freed in
1471 mwifiex_send_single_packet() */
1472 }
1473 return 0;
1474}
1475
a1777327
AP		 1476void mwifiex_process_bypass_tx(struct mwifiex_adapter *adapter)
1477{
1478 struct mwifiex_tx_param tx_param;
1479 struct sk_buff *skb;
1480 struct mwifiex_txinfo *tx_info;
1481 struct mwifiex_private *priv;
1482 int i;
1483
1484 if (adapter->data_sent || adapter->tx_lock_flag)
1485 return;
1486
1487 for (i = 0; i < adapter->priv_num; ++i) {
1488 priv = adapter->priv[i];
1489
735ab6bf
ZL		 1490 if (!priv)
1491 continue;
1492
1493 if (adapter->if_ops.is_port_ready &&
1494 !adapter->if_ops.is_port_ready(priv))
1495 continue;
1496
a1777327
AP		 1497 if (skb_queue_empty(&priv->bypass_txq))
1498 continue;
1499
1500 skb = skb_dequeue(&priv->bypass_txq);
1501 tx_info = MWIFIEX_SKB_TXCB(skb);
1502
1503 /* no aggregation for bypass packets */
1504 tx_param.next_pkt_len = 0;
1505
1506 if (mwifiex_process_tx(priv, skb, &tx_param) == -EBUSY) {
1507 skb_queue_head(&priv->bypass_txq, skb);
1508 tx_info->flags |= MWIFIEX_BUF_FLAG_REQUEUED_PKT;
1509 } else {
1510 atomic_dec(&adapter->bypass_tx_pending);
1511 }
1512 }
1513}
1514
5e6e3a92
BZ		 1515/*
1516 * This function transmits the highest priority packet awaiting in the
1517 * WMM Queues.
1518 */
1519void
1520mwifiex_wmm_process_tx(struct mwifiex_adapter *adapter)
1521{
1522 do {
5e6e3a92
BZ		 1523 if (mwifiex_dequeue_tx_packet(adapter))
1524 break;
e35000ea
ZL		 1525 if (adapter->iface_type != MWIFIEX_SDIO) {
1526 if (adapter->data_sent ||
1527 adapter->tx_lock_flag)
1528 break;
1529 } else {
1530 if (atomic_read(&adapter->tx_queued) >=
1531 MWIFIEX_MAX_PKTS_TXQ)
1532 break;
1533 }
93968147 1534 } while (!mwifiex_wmm_lists_empty(adapter));
5e6e3a92 1535}
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git