|  | /* | 
|  | * Atheros CARL9170 driver | 
|  | * | 
|  | * 802.11 & command trap routines | 
|  | * | 
|  | * Copyright 2008, Johannes Berg <[email protected]> | 
|  | * Copyright 2009, 2010, Christian Lamparter <[email protected]> | 
|  | * | 
|  | * This program is free software; you can redistribute it and/or modify | 
|  | * it under the terms of the GNU General Public License as published by | 
|  | * the Free Software Foundation; either version 2 of the License, or | 
|  | * (at your option) any later version. | 
|  | * | 
|  | * This program is distributed in the hope that it will be useful, | 
|  | * but WITHOUT ANY WARRANTY; without even the implied warranty of | 
|  | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | 
|  | * GNU General Public License for more details. | 
|  | * | 
|  | * You should have received a copy of the GNU General Public License | 
|  | * along with this program; see the file COPYING.  If not, see | 
|  | * http://www.gnu.org/licenses/. | 
|  | * | 
|  | * This file incorporates work covered by the following copyright and | 
|  | * permission notice: | 
|  | *    Copyright (c) 2007-2008 Atheros Communications, Inc. | 
|  | * | 
|  | *    Permission to use, copy, modify, and/or distribute this software for any | 
|  | *    purpose with or without fee is hereby granted, provided that the above | 
|  | *    copyright notice and this permission notice appear in all copies. | 
|  | * | 
|  | *    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | 
|  | *    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | 
|  | *    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | 
|  | *    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | 
|  | *    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | 
|  | *    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | 
|  | *    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 
|  | */ | 
|  |  | 
|  | #include <linux/slab.h> | 
|  | #include <linux/module.h> | 
|  | #include <linux/etherdevice.h> | 
|  | #include <linux/crc32.h> | 
|  | #include <net/mac80211.h> | 
|  | #include "carl9170.h" | 
|  | #include "hw.h" | 
|  | #include "cmd.h" | 
|  |  | 
|  | static void carl9170_dbg_message(struct ar9170 *ar, const char *buf, u32 len) | 
|  | { | 
|  | bool restart = false; | 
|  | enum carl9170_restart_reasons reason = CARL9170_RR_NO_REASON; | 
|  |  | 
|  | if (len > 3) { | 
|  | if (memcmp(buf, CARL9170_ERR_MAGIC, 3) == 0) { | 
|  | ar->fw.err_counter++; | 
|  | if (ar->fw.err_counter > 3) { | 
|  | restart = true; | 
|  | reason = CARL9170_RR_TOO_MANY_FIRMWARE_ERRORS; | 
|  | } | 
|  | } | 
|  |  | 
|  | if (memcmp(buf, CARL9170_BUG_MAGIC, 3) == 0) { | 
|  | ar->fw.bug_counter++; | 
|  | restart = true; | 
|  | reason = CARL9170_RR_FATAL_FIRMWARE_ERROR; | 
|  | } | 
|  | } | 
|  |  | 
|  | wiphy_info(ar->hw->wiphy, "FW: %.*s\n", len, buf); | 
|  |  | 
|  | if (restart) | 
|  | carl9170_restart(ar, reason); | 
|  | } | 
|  |  | 
|  | static void carl9170_handle_ps(struct ar9170 *ar, struct carl9170_rsp *rsp) | 
|  | { | 
|  | u32 ps; | 
|  | bool new_ps; | 
|  |  | 
|  | ps = le32_to_cpu(rsp->psm.state); | 
|  |  | 
|  | new_ps = (ps & CARL9170_PSM_COUNTER) != CARL9170_PSM_WAKE; | 
|  | if (ar->ps.state != new_ps) { | 
|  | if (!new_ps) { | 
|  | ar->ps.sleep_ms = jiffies_to_msecs(jiffies - | 
|  | ar->ps.last_action); | 
|  | } | 
|  |  | 
|  | ar->ps.last_action = jiffies; | 
|  |  | 
|  | ar->ps.state = new_ps; | 
|  | } | 
|  | } | 
|  |  | 
|  | static int carl9170_check_sequence(struct ar9170 *ar, unsigned int seq) | 
|  | { | 
|  | if (ar->cmd_seq < -1) | 
|  | return 0; | 
|  |  | 
|  | /* | 
|  | * Initialize Counter | 
|  | */ | 
|  | if (ar->cmd_seq < 0) | 
|  | ar->cmd_seq = seq; | 
|  |  | 
|  | /* | 
|  | * The sequence is strictly monotonic increasing and it never skips! | 
|  | * | 
|  | * Therefore we can safely assume that whenever we received an | 
|  | * unexpected sequence we have lost some valuable data. | 
|  | */ | 
|  | if (seq != ar->cmd_seq) { | 
|  | int count; | 
|  |  | 
|  | count = (seq - ar->cmd_seq) % ar->fw.cmd_bufs; | 
|  |  | 
|  | wiphy_err(ar->hw->wiphy, "lost %d command responses/traps! " | 
|  | "w:%d g:%d\n", count, ar->cmd_seq, seq); | 
|  |  | 
|  | carl9170_restart(ar, CARL9170_RR_LOST_RSP); | 
|  | return -EIO; | 
|  | } | 
|  |  | 
|  | ar->cmd_seq = (ar->cmd_seq + 1) % ar->fw.cmd_bufs; | 
|  | return 0; | 
|  | } | 
|  |  | 
|  | static void carl9170_cmd_callback(struct ar9170 *ar, u32 len, void *buffer) | 
|  | { | 
|  | /* | 
|  | * Some commands may have a variable response length | 
|  | * and we cannot predict the correct length in advance. | 
|  | * So we only check if we provided enough space for the data. | 
|  | */ | 
|  | if (unlikely(ar->readlen != (len - 4))) { | 
|  | dev_warn(&ar->udev->dev, "received invalid command response:" | 
|  | "got %d, instead of %d\n", len - 4, ar->readlen); | 
|  | print_hex_dump_bytes("carl9170 cmd:", DUMP_PREFIX_OFFSET, | 
|  | ar->cmd_buf, (ar->cmd.hdr.len + 4) & 0x3f); | 
|  | print_hex_dump_bytes("carl9170 rsp:", DUMP_PREFIX_OFFSET, | 
|  | buffer, len); | 
|  | /* | 
|  | * Do not complete. The command times out, | 
|  | * and we get a stack trace from there. | 
|  | */ | 
|  | carl9170_restart(ar, CARL9170_RR_INVALID_RSP); | 
|  | } | 
|  |  | 
|  | spin_lock(&ar->cmd_lock); | 
|  | if (ar->readbuf) { | 
|  | if (len >= 4) | 
|  | memcpy(ar->readbuf, buffer + 4, len - 4); | 
|  |  | 
|  | ar->readbuf = NULL; | 
|  | } | 
|  | complete(&ar->cmd_wait); | 
|  | spin_unlock(&ar->cmd_lock); | 
|  | } | 
|  |  | 
|  | void carl9170_handle_command_response(struct ar9170 *ar, void *buf, u32 len) | 
|  | { | 
|  | struct carl9170_rsp *cmd = buf; | 
|  | struct ieee80211_vif *vif; | 
|  |  | 
|  | if ((cmd->hdr.cmd & CARL9170_RSP_FLAG) != CARL9170_RSP_FLAG) { | 
|  | if (!(cmd->hdr.cmd & CARL9170_CMD_ASYNC_FLAG)) | 
|  | carl9170_cmd_callback(ar, len, buf); | 
|  |  | 
|  | return; | 
|  | } | 
|  |  | 
|  | if (unlikely(cmd->hdr.len != (len - 4))) { | 
|  | if (net_ratelimit()) { | 
|  | wiphy_err(ar->hw->wiphy, "FW: received over-/under" | 
|  | "sized event %x (%d, but should be %d).\n", | 
|  | cmd->hdr.cmd, cmd->hdr.len, len - 4); | 
|  |  | 
|  | print_hex_dump_bytes("dump:", DUMP_PREFIX_NONE, | 
|  | buf, len); | 
|  | } | 
|  |  | 
|  | return; | 
|  | } | 
|  |  | 
|  | /* hardware event handlers */ | 
|  | switch (cmd->hdr.cmd) { | 
|  | case CARL9170_RSP_PRETBTT: | 
|  | /* pre-TBTT event */ | 
|  | rcu_read_lock(); | 
|  | vif = carl9170_get_main_vif(ar); | 
|  |  | 
|  | if (!vif) { | 
|  | rcu_read_unlock(); | 
|  | break; | 
|  | } | 
|  |  | 
|  | switch (vif->type) { | 
|  | case NL80211_IFTYPE_STATION: | 
|  | carl9170_handle_ps(ar, cmd); | 
|  | break; | 
|  |  | 
|  | case NL80211_IFTYPE_AP: | 
|  | case NL80211_IFTYPE_ADHOC: | 
|  | case NL80211_IFTYPE_MESH_POINT: | 
|  | carl9170_update_beacon(ar, true); | 
|  | break; | 
|  |  | 
|  | default: | 
|  | break; | 
|  | } | 
|  | rcu_read_unlock(); | 
|  |  | 
|  | break; | 
|  |  | 
|  |  | 
|  | case CARL9170_RSP_TXCOMP: | 
|  | /* TX status notification */ | 
|  | carl9170_tx_process_status(ar, cmd); | 
|  | break; | 
|  |  | 
|  | case CARL9170_RSP_BEACON_CONFIG: | 
|  | /* | 
|  | * (IBSS) beacon send notification | 
|  | * bytes: 04 c2 XX YY B4 B3 B2 B1 | 
|  | * | 
|  | * XX always 80 | 
|  | * YY always 00 | 
|  | * B1-B4 "should" be the number of send out beacons. | 
|  | */ | 
|  | break; | 
|  |  | 
|  | case CARL9170_RSP_ATIM: | 
|  | /* End of Atim Window */ | 
|  | break; | 
|  |  | 
|  | case CARL9170_RSP_WATCHDOG: | 
|  | /* Watchdog Interrupt */ | 
|  | carl9170_restart(ar, CARL9170_RR_WATCHDOG); | 
|  | break; | 
|  |  | 
|  | case CARL9170_RSP_TEXT: | 
|  | /* firmware debug */ | 
|  | carl9170_dbg_message(ar, (char *)buf + 4, len - 4); | 
|  | break; | 
|  |  | 
|  | case CARL9170_RSP_HEXDUMP: | 
|  | wiphy_dbg(ar->hw->wiphy, "FW: HD %d\n", len - 4); | 
|  | print_hex_dump_bytes("FW:", DUMP_PREFIX_NONE, | 
|  | (char *)buf + 4, len - 4); | 
|  | break; | 
|  |  | 
|  | case CARL9170_RSP_RADAR: | 
|  | if (!net_ratelimit()) | 
|  | break; | 
|  |  | 
|  | wiphy_info(ar->hw->wiphy, "FW: RADAR! Please report this " | 
|  | "incident to [email protected] !\n"); | 
|  | break; | 
|  |  | 
|  | case CARL9170_RSP_GPIO: | 
|  | #ifdef CONFIG_CARL9170_WPC | 
|  | if (ar->wps.pbc) { | 
|  | bool state = !!(cmd->gpio.gpio & cpu_to_le32( | 
|  | AR9170_GPIO_PORT_WPS_BUTTON_PRESSED)); | 
|  |  | 
|  | if (state != ar->wps.pbc_state) { | 
|  | ar->wps.pbc_state = state; | 
|  | input_report_key(ar->wps.pbc, KEY_WPS_BUTTON, | 
|  | state); | 
|  | input_sync(ar->wps.pbc); | 
|  | } | 
|  | } | 
|  | #endif /* CONFIG_CARL9170_WPC */ | 
|  | break; | 
|  |  | 
|  | case CARL9170_RSP_BOOT: | 
|  | complete(&ar->fw_boot_wait); | 
|  | break; | 
|  |  | 
|  | default: | 
|  | wiphy_err(ar->hw->wiphy, "FW: received unhandled event %x\n", | 
|  | cmd->hdr.cmd); | 
|  | print_hex_dump_bytes("dump:", DUMP_PREFIX_NONE, buf, len); | 
|  | break; | 
|  | } | 
|  | } | 
|  |  | 
|  | static int carl9170_rx_mac_status(struct ar9170 *ar, | 
|  | struct ar9170_rx_head *head, struct ar9170_rx_macstatus *mac, | 
|  | struct ieee80211_rx_status *status) | 
|  | { | 
|  | struct ieee80211_channel *chan; | 
|  | u8 error, decrypt; | 
|  |  | 
|  | BUILD_BUG_ON(sizeof(struct ar9170_rx_head) != 12); | 
|  | BUILD_BUG_ON(sizeof(struct ar9170_rx_macstatus) != 4); | 
|  |  | 
|  | error = mac->error; | 
|  |  | 
|  | if (error & AR9170_RX_ERROR_WRONG_RA) { | 
|  | if (!ar->sniffer_enabled) | 
|  | return -EINVAL; | 
|  | } | 
|  |  | 
|  | if (error & AR9170_RX_ERROR_PLCP) { | 
|  | if (!(ar->filter_state & FIF_PLCPFAIL)) | 
|  | return -EINVAL; | 
|  |  | 
|  | status->flag |= RX_FLAG_FAILED_PLCP_CRC; | 
|  | } | 
|  |  | 
|  | if (error & AR9170_RX_ERROR_FCS) { | 
|  | ar->tx_fcs_errors++; | 
|  |  | 
|  | if (!(ar->filter_state & FIF_FCSFAIL)) | 
|  | return -EINVAL; | 
|  |  | 
|  | status->flag |= RX_FLAG_FAILED_FCS_CRC; | 
|  | } | 
|  |  | 
|  | decrypt = ar9170_get_decrypt_type(mac); | 
|  | if (!(decrypt & AR9170_RX_ENC_SOFTWARE) && | 
|  | decrypt != AR9170_ENC_ALG_NONE) { | 
|  | if ((decrypt == AR9170_ENC_ALG_TKIP) && | 
|  | (error & AR9170_RX_ERROR_MMIC)) | 
|  | status->flag |= RX_FLAG_MMIC_ERROR; | 
|  |  | 
|  | status->flag |= RX_FLAG_DECRYPTED; | 
|  | } | 
|  |  | 
|  | if (error & AR9170_RX_ERROR_DECRYPT && !ar->sniffer_enabled) | 
|  | return -ENODATA; | 
|  |  | 
|  | error &= ~(AR9170_RX_ERROR_MMIC | | 
|  | AR9170_RX_ERROR_FCS | | 
|  | AR9170_RX_ERROR_WRONG_RA | | 
|  | AR9170_RX_ERROR_DECRYPT | | 
|  | AR9170_RX_ERROR_PLCP); | 
|  |  | 
|  | /* drop any other error frames */ | 
|  | if (unlikely(error)) { | 
|  | /* TODO: update netdevice's RX dropped/errors statistics */ | 
|  |  | 
|  | if (net_ratelimit()) | 
|  | wiphy_dbg(ar->hw->wiphy, "received frame with " | 
|  | "suspicious error code (%#x).\n", error); | 
|  |  | 
|  | return -EINVAL; | 
|  | } | 
|  |  | 
|  | chan = ar->channel; | 
|  | if (chan) { | 
|  | status->band = chan->band; | 
|  | status->freq = chan->center_freq; | 
|  | } | 
|  |  | 
|  | switch (mac->status & AR9170_RX_STATUS_MODULATION) { | 
|  | case AR9170_RX_STATUS_MODULATION_CCK: | 
|  | if (mac->status & AR9170_RX_STATUS_SHORT_PREAMBLE) | 
|  | status->enc_flags |= RX_ENC_FLAG_SHORTPRE; | 
|  | switch (head->plcp[0]) { | 
|  | case AR9170_RX_PHY_RATE_CCK_1M: | 
|  | status->rate_idx = 0; | 
|  | break; | 
|  | case AR9170_RX_PHY_RATE_CCK_2M: | 
|  | status->rate_idx = 1; | 
|  | break; | 
|  | case AR9170_RX_PHY_RATE_CCK_5M: | 
|  | status->rate_idx = 2; | 
|  | break; | 
|  | case AR9170_RX_PHY_RATE_CCK_11M: | 
|  | status->rate_idx = 3; | 
|  | break; | 
|  | default: | 
|  | if (net_ratelimit()) { | 
|  | wiphy_err(ar->hw->wiphy, "invalid plcp cck " | 
|  | "rate (%x).\n", head->plcp[0]); | 
|  | } | 
|  |  | 
|  | return -EINVAL; | 
|  | } | 
|  | break; | 
|  |  | 
|  | case AR9170_RX_STATUS_MODULATION_DUPOFDM: | 
|  | case AR9170_RX_STATUS_MODULATION_OFDM: | 
|  | switch (head->plcp[0] & 0xf) { | 
|  | case AR9170_TXRX_PHY_RATE_OFDM_6M: | 
|  | status->rate_idx = 0; | 
|  | break; | 
|  | case AR9170_TXRX_PHY_RATE_OFDM_9M: | 
|  | status->rate_idx = 1; | 
|  | break; | 
|  | case AR9170_TXRX_PHY_RATE_OFDM_12M: | 
|  | status->rate_idx = 2; | 
|  | break; | 
|  | case AR9170_TXRX_PHY_RATE_OFDM_18M: | 
|  | status->rate_idx = 3; | 
|  | break; | 
|  | case AR9170_TXRX_PHY_RATE_OFDM_24M: | 
|  | status->rate_idx = 4; | 
|  | break; | 
|  | case AR9170_TXRX_PHY_RATE_OFDM_36M: | 
|  | status->rate_idx = 5; | 
|  | break; | 
|  | case AR9170_TXRX_PHY_RATE_OFDM_48M: | 
|  | status->rate_idx = 6; | 
|  | break; | 
|  | case AR9170_TXRX_PHY_RATE_OFDM_54M: | 
|  | status->rate_idx = 7; | 
|  | break; | 
|  | default: | 
|  | if (net_ratelimit()) { | 
|  | wiphy_err(ar->hw->wiphy, "invalid plcp ofdm " | 
|  | "rate (%x).\n", head->plcp[0]); | 
|  | } | 
|  |  | 
|  | return -EINVAL; | 
|  | } | 
|  | if (status->band == NL80211_BAND_2GHZ) | 
|  | status->rate_idx += 4; | 
|  | break; | 
|  |  | 
|  | case AR9170_RX_STATUS_MODULATION_HT: | 
|  | if (head->plcp[3] & 0x80) | 
|  | status->bw = RATE_INFO_BW_40; | 
|  | if (head->plcp[6] & 0x80) | 
|  | status->enc_flags |= RX_ENC_FLAG_SHORT_GI; | 
|  |  | 
|  | status->rate_idx = clamp(head->plcp[3] & 0x7f, 0, 75); | 
|  | status->encoding = RX_ENC_HT; | 
|  | break; | 
|  |  | 
|  | default: | 
|  | BUG(); | 
|  | return -ENOSYS; | 
|  | } | 
|  |  | 
|  | return 0; | 
|  | } | 
|  |  | 
|  | static void carl9170_rx_phy_status(struct ar9170 *ar, | 
|  | struct ar9170_rx_phystatus *phy, struct ieee80211_rx_status *status) | 
|  | { | 
|  | int i; | 
|  |  | 
|  | BUILD_BUG_ON(sizeof(struct ar9170_rx_phystatus) != 20); | 
|  |  | 
|  | for (i = 0; i < 3; i++) | 
|  | if (phy->rssi[i] != 0x80) | 
|  | status->antenna |= BIT(i); | 
|  |  | 
|  | /* post-process RSSI */ | 
|  | for (i = 0; i < 7; i++) | 
|  | if (phy->rssi[i] & 0x80) | 
|  | phy->rssi[i] = ((~phy->rssi[i] & 0x7f) + 1) & 0x7f; | 
|  |  | 
|  | /* TODO: we could do something with phy_errors */ | 
|  | status->signal = ar->noise[0] + phy->rssi_combined; | 
|  | } | 
|  |  | 
|  | static struct sk_buff *carl9170_rx_copy_data(u8 *buf, int len) | 
|  | { | 
|  | struct sk_buff *skb; | 
|  | int reserved = 0; | 
|  | struct ieee80211_hdr *hdr = (void *) buf; | 
|  |  | 
|  | if (ieee80211_is_data_qos(hdr->frame_control)) { | 
|  | u8 *qc = ieee80211_get_qos_ctl(hdr); | 
|  | reserved += NET_IP_ALIGN; | 
|  |  | 
|  | if (*qc & IEEE80211_QOS_CTL_A_MSDU_PRESENT) | 
|  | reserved += NET_IP_ALIGN; | 
|  | } | 
|  |  | 
|  | if (ieee80211_has_a4(hdr->frame_control)) | 
|  | reserved += NET_IP_ALIGN; | 
|  |  | 
|  | reserved = 32 + (reserved & NET_IP_ALIGN); | 
|  |  | 
|  | skb = dev_alloc_skb(len + reserved); | 
|  | if (likely(skb)) { | 
|  | skb_reserve(skb, reserved); | 
|  | skb_put_data(skb, buf, len); | 
|  | } | 
|  |  | 
|  | return skb; | 
|  | } | 
|  |  | 
|  | static u8 *carl9170_find_ie(u8 *data, unsigned int len, u8 ie) | 
|  | { | 
|  | struct ieee80211_mgmt *mgmt = (void *)data; | 
|  | u8 *pos, *end; | 
|  |  | 
|  | pos = (u8 *)mgmt->u.beacon.variable; | 
|  | end = data + len; | 
|  | while (pos < end) { | 
|  | if (pos + 2 + pos[1] > end) | 
|  | return NULL; | 
|  |  | 
|  | if (pos[0] == ie) | 
|  | return pos; | 
|  |  | 
|  | pos += 2 + pos[1]; | 
|  | } | 
|  | return NULL; | 
|  | } | 
|  |  | 
|  | /* | 
|  | * NOTE: | 
|  | * | 
|  | * The firmware is in charge of waking up the device just before | 
|  | * the AP is expected to transmit the next beacon. | 
|  | * | 
|  | * This leaves the driver with the important task of deciding when | 
|  | * to set the PHY back to bed again. | 
|  | */ | 
|  | static void carl9170_ps_beacon(struct ar9170 *ar, void *data, unsigned int len) | 
|  | { | 
|  | struct ieee80211_hdr *hdr = data; | 
|  | struct ieee80211_tim_ie *tim_ie; | 
|  | struct ath_common *common = &ar->common; | 
|  | u8 *tim; | 
|  | u8 tim_len; | 
|  | bool cam; | 
|  |  | 
|  | if (likely(!(ar->hw->conf.flags & IEEE80211_CONF_PS))) | 
|  | return; | 
|  |  | 
|  | /* min. beacon length + FCS_LEN */ | 
|  | if (len <= 40 + FCS_LEN) | 
|  | return; | 
|  |  | 
|  | /* check if this really is a beacon */ | 
|  | /* and only beacons from the associated BSSID, please */ | 
|  | if (!ath_is_mybeacon(common, hdr) || !common->curaid) | 
|  | return; | 
|  |  | 
|  | ar->ps.last_beacon = jiffies; | 
|  |  | 
|  | tim = carl9170_find_ie(data, len - FCS_LEN, WLAN_EID_TIM); | 
|  | if (!tim) | 
|  | return; | 
|  |  | 
|  | if (tim[1] < sizeof(*tim_ie)) | 
|  | return; | 
|  |  | 
|  | tim_len = tim[1]; | 
|  | tim_ie = (struct ieee80211_tim_ie *) &tim[2]; | 
|  |  | 
|  | if (!WARN_ON_ONCE(!ar->hw->conf.ps_dtim_period)) | 
|  | ar->ps.dtim_counter = (tim_ie->dtim_count - 1) % | 
|  | ar->hw->conf.ps_dtim_period; | 
|  |  | 
|  | /* Check whenever the PHY can be turned off again. */ | 
|  |  | 
|  | /* 1. What about buffered unicast traffic for our AID? */ | 
|  | cam = ieee80211_check_tim(tim_ie, tim_len, ar->common.curaid); | 
|  |  | 
|  | /* 2. Maybe the AP wants to send multicast/broadcast data? */ | 
|  | cam |= !!(tim_ie->bitmap_ctrl & 0x01); | 
|  |  | 
|  | if (!cam) { | 
|  | /* back to low-power land. */ | 
|  | ar->ps.off_override &= ~PS_OFF_BCN; | 
|  | carl9170_ps_check(ar); | 
|  | } else { | 
|  | /* force CAM */ | 
|  | ar->ps.off_override |= PS_OFF_BCN; | 
|  | } | 
|  | } | 
|  |  | 
|  | static void carl9170_ba_check(struct ar9170 *ar, void *data, unsigned int len) | 
|  | { | 
|  | struct ieee80211_bar *bar = data; | 
|  | struct carl9170_bar_list_entry *entry; | 
|  | unsigned int queue; | 
|  |  | 
|  | if (likely(!ieee80211_is_back(bar->frame_control))) | 
|  | return; | 
|  |  | 
|  | if (len <= sizeof(*bar) + FCS_LEN) | 
|  | return; | 
|  |  | 
|  | queue = TID_TO_WME_AC(((le16_to_cpu(bar->control) & | 
|  | IEEE80211_BAR_CTRL_TID_INFO_MASK) >> | 
|  | IEEE80211_BAR_CTRL_TID_INFO_SHIFT) & 7); | 
|  |  | 
|  | rcu_read_lock(); | 
|  | list_for_each_entry_rcu(entry, &ar->bar_list[queue], list) { | 
|  | struct sk_buff *entry_skb = entry->skb; | 
|  | struct _carl9170_tx_superframe *super = (void *)entry_skb->data; | 
|  | struct ieee80211_bar *entry_bar = (void *)super->frame_data; | 
|  |  | 
|  | #define TID_CHECK(a, b) (						\ | 
|  | ((a) & cpu_to_le16(IEEE80211_BAR_CTRL_TID_INFO_MASK)) ==	\ | 
|  | ((b) & cpu_to_le16(IEEE80211_BAR_CTRL_TID_INFO_MASK)))		\ | 
|  |  | 
|  | if (bar->start_seq_num == entry_bar->start_seq_num && | 
|  | TID_CHECK(bar->control, entry_bar->control) && | 
|  | ether_addr_equal_64bits(bar->ra, entry_bar->ta) && | 
|  | ether_addr_equal_64bits(bar->ta, entry_bar->ra)) { | 
|  | struct ieee80211_tx_info *tx_info; | 
|  |  | 
|  | tx_info = IEEE80211_SKB_CB(entry_skb); | 
|  | tx_info->flags |= IEEE80211_TX_STAT_ACK; | 
|  |  | 
|  | spin_lock_bh(&ar->bar_list_lock[queue]); | 
|  | list_del_rcu(&entry->list); | 
|  | spin_unlock_bh(&ar->bar_list_lock[queue]); | 
|  | kfree_rcu(entry, head); | 
|  | break; | 
|  | } | 
|  | } | 
|  | rcu_read_unlock(); | 
|  |  | 
|  | #undef TID_CHECK | 
|  | } | 
|  |  | 
|  | static bool carl9170_ampdu_check(struct ar9170 *ar, u8 *buf, u8 ms, | 
|  | struct ieee80211_rx_status *rx_status) | 
|  | { | 
|  | __le16 fc; | 
|  |  | 
|  | if ((ms & AR9170_RX_STATUS_MPDU) == AR9170_RX_STATUS_MPDU_SINGLE) { | 
|  | /* | 
|  | * This frame is not part of an aMPDU. | 
|  | * Therefore it is not subjected to any | 
|  | * of the following content restrictions. | 
|  | */ | 
|  | return true; | 
|  | } | 
|  |  | 
|  | rx_status->flag |= RX_FLAG_AMPDU_DETAILS | RX_FLAG_AMPDU_LAST_KNOWN; | 
|  | rx_status->ampdu_reference = ar->ampdu_ref; | 
|  |  | 
|  | /* | 
|  | * "802.11n - 7.4a.3 A-MPDU contents" describes in which contexts | 
|  | * certain frame types can be part of an aMPDU. | 
|  | * | 
|  | * In order to keep the processing cost down, I opted for a | 
|  | * stateless filter solely based on the frame control field. | 
|  | */ | 
|  |  | 
|  | fc = ((struct ieee80211_hdr *)buf)->frame_control; | 
|  | if (ieee80211_is_data_qos(fc) && ieee80211_is_data_present(fc)) | 
|  | return true; | 
|  |  | 
|  | if (ieee80211_is_ack(fc) || ieee80211_is_back(fc) || | 
|  | ieee80211_is_back_req(fc)) | 
|  | return true; | 
|  |  | 
|  | if (ieee80211_is_action(fc)) | 
|  | return true; | 
|  |  | 
|  | return false; | 
|  | } | 
|  |  | 
|  | static int carl9170_handle_mpdu(struct ar9170 *ar, u8 *buf, int len, | 
|  | struct ieee80211_rx_status *status) | 
|  | { | 
|  | struct sk_buff *skb; | 
|  |  | 
|  | /* (driver) frame trap handler | 
|  | * | 
|  | * Because power-saving mode handing has to be implemented by | 
|  | * the driver/firmware. We have to check each incoming beacon | 
|  | * from the associated AP, if there's new data for us (either | 
|  | * broadcast/multicast or unicast) we have to react quickly. | 
|  | * | 
|  | * So, if you have you want to add additional frame trap | 
|  | * handlers, this would be the perfect place! | 
|  | */ | 
|  |  | 
|  | carl9170_ps_beacon(ar, buf, len); | 
|  |  | 
|  | carl9170_ba_check(ar, buf, len); | 
|  |  | 
|  | skb = carl9170_rx_copy_data(buf, len); | 
|  | if (!skb) | 
|  | return -ENOMEM; | 
|  |  | 
|  | memcpy(IEEE80211_SKB_RXCB(skb), status, sizeof(*status)); | 
|  | ieee80211_rx(ar->hw, skb); | 
|  | return 0; | 
|  | } | 
|  |  | 
|  | /* | 
|  | * If the frame alignment is right (or the kernel has | 
|  | * CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS), and there | 
|  | * is only a single MPDU in the USB frame, then we could | 
|  | * submit to mac80211 the SKB directly. However, since | 
|  | * there may be multiple packets in one SKB in stream | 
|  | * mode, and we need to observe the proper ordering, | 
|  | * this is non-trivial. | 
|  | */ | 
|  | static void carl9170_rx_untie_data(struct ar9170 *ar, u8 *buf, int len) | 
|  | { | 
|  | struct ar9170_rx_head *head; | 
|  | struct ar9170_rx_macstatus *mac; | 
|  | struct ar9170_rx_phystatus *phy = NULL; | 
|  | struct ieee80211_rx_status status; | 
|  | int mpdu_len; | 
|  | u8 mac_status; | 
|  |  | 
|  | if (!IS_STARTED(ar)) | 
|  | return; | 
|  |  | 
|  | if (unlikely(len < sizeof(*mac))) | 
|  | goto drop; | 
|  |  | 
|  | memset(&status, 0, sizeof(status)); | 
|  |  | 
|  | mpdu_len = len - sizeof(*mac); | 
|  |  | 
|  | mac = (void *)(buf + mpdu_len); | 
|  | mac_status = mac->status; | 
|  | switch (mac_status & AR9170_RX_STATUS_MPDU) { | 
|  | case AR9170_RX_STATUS_MPDU_FIRST: | 
|  | ar->ampdu_ref++; | 
|  | /* Aggregated MPDUs start with an PLCP header */ | 
|  | if (likely(mpdu_len >= sizeof(struct ar9170_rx_head))) { | 
|  | head = (void *) buf; | 
|  |  | 
|  | /* | 
|  | * The PLCP header needs to be cached for the | 
|  | * following MIDDLE + LAST A-MPDU packets. | 
|  | * | 
|  | * So, if you are wondering why all frames seem | 
|  | * to share a common RX status information, | 
|  | * then you have the answer right here... | 
|  | */ | 
|  | memcpy(&ar->rx_plcp, (void *) buf, | 
|  | sizeof(struct ar9170_rx_head)); | 
|  |  | 
|  | mpdu_len -= sizeof(struct ar9170_rx_head); | 
|  | buf += sizeof(struct ar9170_rx_head); | 
|  |  | 
|  | ar->rx_has_plcp = true; | 
|  | } else { | 
|  | if (net_ratelimit()) { | 
|  | wiphy_err(ar->hw->wiphy, "plcp info " | 
|  | "is clipped.\n"); | 
|  | } | 
|  |  | 
|  | goto drop; | 
|  | } | 
|  | break; | 
|  |  | 
|  | case AR9170_RX_STATUS_MPDU_LAST: | 
|  | status.flag |= RX_FLAG_AMPDU_IS_LAST; | 
|  |  | 
|  | /* | 
|  | * The last frame of an A-MPDU has an extra tail | 
|  | * which does contain the phy status of the whole | 
|  | * aggregate. | 
|  | */ | 
|  | if (likely(mpdu_len >= sizeof(struct ar9170_rx_phystatus))) { | 
|  | mpdu_len -= sizeof(struct ar9170_rx_phystatus); | 
|  | phy = (void *)(buf + mpdu_len); | 
|  | } else { | 
|  | if (net_ratelimit()) { | 
|  | wiphy_err(ar->hw->wiphy, "frame tail " | 
|  | "is clipped.\n"); | 
|  | } | 
|  |  | 
|  | goto drop; | 
|  | } | 
|  | fallthrough; | 
|  |  | 
|  | case AR9170_RX_STATUS_MPDU_MIDDLE: | 
|  | /*  These are just data + mac status */ | 
|  | if (unlikely(!ar->rx_has_plcp)) { | 
|  | if (!net_ratelimit()) | 
|  | return; | 
|  |  | 
|  | wiphy_err(ar->hw->wiphy, "rx stream does not start " | 
|  | "with a first_mpdu frame tag.\n"); | 
|  |  | 
|  | goto drop; | 
|  | } | 
|  |  | 
|  | head = &ar->rx_plcp; | 
|  | break; | 
|  |  | 
|  | case AR9170_RX_STATUS_MPDU_SINGLE: | 
|  | /* single mpdu has both: plcp (head) and phy status (tail) */ | 
|  | head = (void *) buf; | 
|  |  | 
|  | mpdu_len -= sizeof(struct ar9170_rx_head); | 
|  | mpdu_len -= sizeof(struct ar9170_rx_phystatus); | 
|  |  | 
|  | buf += sizeof(struct ar9170_rx_head); | 
|  | phy = (void *)(buf + mpdu_len); | 
|  | break; | 
|  |  | 
|  | default: | 
|  | BUG(); | 
|  | break; | 
|  | } | 
|  |  | 
|  | /* FC + DU + RA + FCS */ | 
|  | if (unlikely(mpdu_len < (2 + 2 + ETH_ALEN + FCS_LEN))) | 
|  | goto drop; | 
|  |  | 
|  | if (unlikely(carl9170_rx_mac_status(ar, head, mac, &status))) | 
|  | goto drop; | 
|  |  | 
|  | if (!carl9170_ampdu_check(ar, buf, mac_status, &status)) | 
|  | goto drop; | 
|  |  | 
|  | if (phy) | 
|  | carl9170_rx_phy_status(ar, phy, &status); | 
|  | else | 
|  | status.flag |= RX_FLAG_NO_SIGNAL_VAL; | 
|  |  | 
|  | if (carl9170_handle_mpdu(ar, buf, mpdu_len, &status)) | 
|  | goto drop; | 
|  |  | 
|  | return; | 
|  | drop: | 
|  | ar->rx_dropped++; | 
|  | } | 
|  |  | 
|  | static void carl9170_rx_untie_cmds(struct ar9170 *ar, const u8 *respbuf, | 
|  | const unsigned int resplen) | 
|  | { | 
|  | struct carl9170_rsp *cmd; | 
|  | int i = 0; | 
|  |  | 
|  | while (i < resplen) { | 
|  | cmd = (void *) &respbuf[i]; | 
|  |  | 
|  | i += cmd->hdr.len + 4; | 
|  | if (unlikely(i > resplen)) | 
|  | break; | 
|  |  | 
|  | if (carl9170_check_sequence(ar, cmd->hdr.seq)) | 
|  | break; | 
|  |  | 
|  | carl9170_handle_command_response(ar, cmd, cmd->hdr.len + 4); | 
|  | } | 
|  |  | 
|  | if (unlikely(i != resplen)) { | 
|  | if (!net_ratelimit()) | 
|  | return; | 
|  |  | 
|  | wiphy_err(ar->hw->wiphy, "malformed firmware trap:\n"); | 
|  | print_hex_dump_bytes("rxcmd:", DUMP_PREFIX_OFFSET, | 
|  | respbuf, resplen); | 
|  | } | 
|  | } | 
|  |  | 
|  | static void __carl9170_rx(struct ar9170 *ar, u8 *buf, unsigned int len) | 
|  | { | 
|  | unsigned int i = 0; | 
|  |  | 
|  | /* weird thing, but this is the same in the original driver */ | 
|  | while (len > 2 && i < 12 && buf[0] == 0xff && buf[1] == 0xff) { | 
|  | i += 2; | 
|  | len -= 2; | 
|  | buf += 2; | 
|  | } | 
|  |  | 
|  | if (unlikely(len < 4)) | 
|  | return; | 
|  |  | 
|  | /* found the 6 * 0xffff marker? */ | 
|  | if (i == 12) | 
|  | carl9170_rx_untie_cmds(ar, buf, len); | 
|  | else | 
|  | carl9170_rx_untie_data(ar, buf, len); | 
|  | } | 
|  |  | 
|  | static void carl9170_rx_stream(struct ar9170 *ar, void *buf, unsigned int len) | 
|  | { | 
|  | unsigned int tlen, wlen = 0, clen = 0; | 
|  | struct ar9170_stream *rx_stream; | 
|  | u8 *tbuf; | 
|  |  | 
|  | tbuf = buf; | 
|  | tlen = len; | 
|  |  | 
|  | while (tlen >= 4) { | 
|  | rx_stream = (void *) tbuf; | 
|  | clen = le16_to_cpu(rx_stream->length); | 
|  | wlen = ALIGN(clen, 4); | 
|  |  | 
|  | /* check if this is stream has a valid tag.*/ | 
|  | if (rx_stream->tag != cpu_to_le16(AR9170_RX_STREAM_TAG)) { | 
|  | /* | 
|  | * TODO: handle the highly unlikely event that the | 
|  | * corrupted stream has the TAG at the right position. | 
|  | */ | 
|  |  | 
|  | /* check if the frame can be repaired. */ | 
|  | if (!ar->rx_failover_missing) { | 
|  |  | 
|  | /* this is not "short read". */ | 
|  | if (net_ratelimit()) { | 
|  | wiphy_err(ar->hw->wiphy, | 
|  | "missing tag!\n"); | 
|  | } | 
|  |  | 
|  | __carl9170_rx(ar, tbuf, tlen); | 
|  | return; | 
|  | } | 
|  |  | 
|  | if (ar->rx_failover_missing > tlen) { | 
|  | if (net_ratelimit()) { | 
|  | wiphy_err(ar->hw->wiphy, | 
|  | "possible multi " | 
|  | "stream corruption!\n"); | 
|  | goto err_telluser; | 
|  | } else { | 
|  | goto err_silent; | 
|  | } | 
|  | } | 
|  |  | 
|  | skb_put_data(ar->rx_failover, tbuf, tlen); | 
|  | ar->rx_failover_missing -= tlen; | 
|  |  | 
|  | if (ar->rx_failover_missing <= 0) { | 
|  | /* | 
|  | * nested carl9170_rx_stream call! | 
|  | * | 
|  | * termination is guaranteed, even when the | 
|  | * combined frame also have an element with | 
|  | * a bad tag. | 
|  | */ | 
|  |  | 
|  | ar->rx_failover_missing = 0; | 
|  | carl9170_rx_stream(ar, ar->rx_failover->data, | 
|  | ar->rx_failover->len); | 
|  |  | 
|  | skb_reset_tail_pointer(ar->rx_failover); | 
|  | skb_trim(ar->rx_failover, 0); | 
|  | } | 
|  |  | 
|  | return; | 
|  | } | 
|  |  | 
|  | /* check if stream is clipped */ | 
|  | if (wlen > tlen - 4) { | 
|  | if (ar->rx_failover_missing) { | 
|  | /* TODO: handle double stream corruption. */ | 
|  | if (net_ratelimit()) { | 
|  | wiphy_err(ar->hw->wiphy, "double rx " | 
|  | "stream corruption!\n"); | 
|  | goto err_telluser; | 
|  | } else { | 
|  | goto err_silent; | 
|  | } | 
|  | } | 
|  |  | 
|  | /* | 
|  | * save incomplete data set. | 
|  | * the firmware will resend the missing bits when | 
|  | * the rx - descriptor comes round again. | 
|  | */ | 
|  |  | 
|  | skb_put_data(ar->rx_failover, tbuf, tlen); | 
|  | ar->rx_failover_missing = clen - tlen; | 
|  | return; | 
|  | } | 
|  | __carl9170_rx(ar, rx_stream->payload, clen); | 
|  |  | 
|  | tbuf += wlen + 4; | 
|  | tlen -= wlen + 4; | 
|  | } | 
|  |  | 
|  | if (tlen) { | 
|  | if (net_ratelimit()) { | 
|  | wiphy_err(ar->hw->wiphy, "%d bytes of unprocessed " | 
|  | "data left in rx stream!\n", tlen); | 
|  | } | 
|  |  | 
|  | goto err_telluser; | 
|  | } | 
|  |  | 
|  | return; | 
|  |  | 
|  | err_telluser: | 
|  | wiphy_err(ar->hw->wiphy, "damaged RX stream data [want:%d, " | 
|  | "data:%d, rx:%d, pending:%d ]\n", clen, wlen, tlen, | 
|  | ar->rx_failover_missing); | 
|  |  | 
|  | if (ar->rx_failover_missing) | 
|  | print_hex_dump_bytes("rxbuf:", DUMP_PREFIX_OFFSET, | 
|  | ar->rx_failover->data, | 
|  | ar->rx_failover->len); | 
|  |  | 
|  | print_hex_dump_bytes("stream:", DUMP_PREFIX_OFFSET, | 
|  | buf, len); | 
|  |  | 
|  | wiphy_err(ar->hw->wiphy, "please check your hardware and cables, if " | 
|  | "you see this message frequently.\n"); | 
|  |  | 
|  | err_silent: | 
|  | if (ar->rx_failover_missing) { | 
|  | skb_reset_tail_pointer(ar->rx_failover); | 
|  | skb_trim(ar->rx_failover, 0); | 
|  | ar->rx_failover_missing = 0; | 
|  | } | 
|  | } | 
|  |  | 
|  | void carl9170_rx(struct ar9170 *ar, void *buf, unsigned int len) | 
|  | { | 
|  | if (ar->fw.rx_stream) | 
|  | carl9170_rx_stream(ar, buf, len); | 
|  | else | 
|  | __carl9170_rx(ar, buf, len); | 
|  | } |