1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
3 * Copyright (C) 2012-2014, 2018-2020 Intel Corporation
4 * Copyright (C) 2013-2015 Intel Mobile Communications GmbH
5 * Copyright (C) 2016-2017 Intel Deutschland GmbH
7 #include <linux/ieee80211.h>
8 #include <linux/etherdevice.h>
13 #include "iwl-trans.h"
14 #include "iwl-eeprom-parse.h"
19 iwl_mvm_bar_check_trigger(struct iwl_mvm *mvm, const u8 *addr,
22 struct iwl_fw_dbg_trigger_tlv *trig;
23 struct iwl_fw_dbg_trigger_ba *ba_trig;
25 trig = iwl_fw_dbg_trigger_on(&mvm->fwrt, NULL, FW_DBG_TRIGGER_BA);
29 ba_trig = (void *)trig->data;
31 if (!(le16_to_cpu(ba_trig->tx_bar) & BIT(tid)))
34 iwl_fw_dbg_collect_trig(&mvm->fwrt, trig,
35 "BAR sent to %pM, tid %d, ssn %d",
39 #define OPT_HDR(type, skb, off) \
40 (type *)(skb_network_header(skb) + (off))
42 static u16 iwl_mvm_tx_csum(struct iwl_mvm *mvm, struct sk_buff *skb,
43 struct ieee80211_hdr *hdr,
44 struct ieee80211_tx_info *info,
47 #if IS_ENABLED(CONFIG_INET)
48 u16 mh_len = ieee80211_hdrlen(hdr->frame_control);
51 /* Do not compute checksum if already computed */
52 if (skb->ip_summed != CHECKSUM_PARTIAL)
55 /* We do not expect to be requested to csum stuff we do not support */
56 if (WARN_ONCE(!(mvm->hw->netdev_features & IWL_TX_CSUM_NETIF_FLAGS) ||
57 (skb->protocol != htons(ETH_P_IP) &&
58 skb->protocol != htons(ETH_P_IPV6)),
59 "No support for requested checksum\n")) {
60 skb_checksum_help(skb);
64 if (skb->protocol == htons(ETH_P_IP)) {
65 protocol = ip_hdr(skb)->protocol;
67 #if IS_ENABLED(CONFIG_IPV6)
68 struct ipv6hdr *ipv6h =
69 (struct ipv6hdr *)skb_network_header(skb);
70 unsigned int off = sizeof(*ipv6h);
72 protocol = ipv6h->nexthdr;
73 while (protocol != NEXTHDR_NONE && ipv6_ext_hdr(protocol)) {
74 struct ipv6_opt_hdr *hp;
76 /* only supported extension headers */
77 if (protocol != NEXTHDR_ROUTING &&
78 protocol != NEXTHDR_HOP &&
79 protocol != NEXTHDR_DEST) {
80 skb_checksum_help(skb);
84 hp = OPT_HDR(struct ipv6_opt_hdr, skb, off);
85 protocol = hp->nexthdr;
86 off += ipv6_optlen(hp);
88 /* if we get here - protocol now should be TCP/UDP */
92 if (protocol != IPPROTO_TCP && protocol != IPPROTO_UDP) {
94 skb_checksum_help(skb);
99 offload_assist |= BIT(TX_CMD_OFFLD_L4_EN);
102 * Set offset to IP header (snap).
103 * We don't support tunneling so no need to take care of inner header.
106 offload_assist |= (4 << TX_CMD_OFFLD_IP_HDR);
108 /* Do IPv4 csum for AMSDU only (no IP csum for Ipv6) */
109 if (skb->protocol == htons(ETH_P_IP) &&
110 (offload_assist & BIT(TX_CMD_OFFLD_AMSDU))) {
111 ip_hdr(skb)->check = 0;
112 offload_assist |= BIT(TX_CMD_OFFLD_L3_EN);
115 /* reset UDP/TCP header csum */
116 if (protocol == IPPROTO_TCP)
117 tcp_hdr(skb)->check = 0;
119 udp_hdr(skb)->check = 0;
122 * mac header len should include IV, size is in words unless
123 * the IV is added by the firmware like in WEP.
124 * In new Tx API, the IV is always added by the firmware.
126 if (!iwl_mvm_has_new_tx_api(mvm) && info->control.hw_key &&
127 info->control.hw_key->cipher != WLAN_CIPHER_SUITE_WEP40 &&
128 info->control.hw_key->cipher != WLAN_CIPHER_SUITE_WEP104)
129 mh_len += info->control.hw_key->iv_len;
131 offload_assist |= mh_len << TX_CMD_OFFLD_MH_SIZE;
135 return offload_assist;
139 * Sets most of the Tx cmd's fields
141 void iwl_mvm_set_tx_cmd(struct iwl_mvm *mvm, struct sk_buff *skb,
142 struct iwl_tx_cmd *tx_cmd,
143 struct ieee80211_tx_info *info, u8 sta_id)
145 struct ieee80211_hdr *hdr = (void *)skb->data;
146 __le16 fc = hdr->frame_control;
147 u32 tx_flags = le32_to_cpu(tx_cmd->tx_flags);
148 u32 len = skb->len + FCS_LEN;
149 u16 offload_assist = 0;
152 if (!(info->flags & IEEE80211_TX_CTL_NO_ACK) ||
153 (ieee80211_is_probe_resp(fc) &&
154 !is_multicast_ether_addr(hdr->addr1)))
155 tx_flags |= TX_CMD_FLG_ACK;
157 tx_flags &= ~TX_CMD_FLG_ACK;
159 if (ieee80211_is_probe_resp(fc))
160 tx_flags |= TX_CMD_FLG_TSF;
162 if (ieee80211_has_morefrags(fc))
163 tx_flags |= TX_CMD_FLG_MORE_FRAG;
165 if (ieee80211_is_data_qos(fc)) {
166 u8 *qc = ieee80211_get_qos_ctl(hdr);
167 tx_cmd->tid_tspec = qc[0] & 0xf;
168 tx_flags &= ~TX_CMD_FLG_SEQ_CTL;
169 if (*qc & IEEE80211_QOS_CTL_A_MSDU_PRESENT)
170 offload_assist |= BIT(TX_CMD_OFFLD_AMSDU);
171 } else if (ieee80211_is_back_req(fc)) {
172 struct ieee80211_bar *bar = (void *)skb->data;
173 u16 control = le16_to_cpu(bar->control);
174 u16 ssn = le16_to_cpu(bar->start_seq_num);
176 tx_flags |= TX_CMD_FLG_ACK | TX_CMD_FLG_BAR;
177 tx_cmd->tid_tspec = (control &
178 IEEE80211_BAR_CTRL_TID_INFO_MASK) >>
179 IEEE80211_BAR_CTRL_TID_INFO_SHIFT;
180 WARN_ON_ONCE(tx_cmd->tid_tspec >= IWL_MAX_TID_COUNT);
181 iwl_mvm_bar_check_trigger(mvm, bar->ra, tx_cmd->tid_tspec,
184 if (ieee80211_is_data(fc))
185 tx_cmd->tid_tspec = IWL_TID_NON_QOS;
187 tx_cmd->tid_tspec = IWL_MAX_TID_COUNT;
189 if (info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ)
190 tx_flags |= TX_CMD_FLG_SEQ_CTL;
192 tx_flags &= ~TX_CMD_FLG_SEQ_CTL;
195 /* Default to 0 (BE) when tid_spec is set to IWL_MAX_TID_COUNT */
196 if (tx_cmd->tid_tspec < IWL_MAX_TID_COUNT)
197 ac = tid_to_mac80211_ac[tx_cmd->tid_tspec];
199 ac = tid_to_mac80211_ac[0];
201 tx_flags |= iwl_mvm_bt_coex_tx_prio(mvm, hdr, info, ac) <<
202 TX_CMD_FLG_BT_PRIO_POS;
204 if (ieee80211_is_mgmt(fc)) {
205 if (ieee80211_is_assoc_req(fc) || ieee80211_is_reassoc_req(fc))
206 tx_cmd->pm_frame_timeout = cpu_to_le16(PM_FRAME_ASSOC);
207 else if (ieee80211_is_action(fc))
208 tx_cmd->pm_frame_timeout = cpu_to_le16(PM_FRAME_NONE);
210 tx_cmd->pm_frame_timeout = cpu_to_le16(PM_FRAME_MGMT);
212 /* The spec allows Action frames in A-MPDU, we don't support
215 WARN_ON_ONCE(info->flags & IEEE80211_TX_CTL_AMPDU);
216 } else if (info->control.flags & IEEE80211_TX_CTRL_PORT_CTRL_PROTO) {
217 tx_cmd->pm_frame_timeout = cpu_to_le16(PM_FRAME_MGMT);
219 tx_cmd->pm_frame_timeout = cpu_to_le16(PM_FRAME_NONE);
222 if (ieee80211_is_data(fc) && len > mvm->rts_threshold &&
223 !is_multicast_ether_addr(hdr->addr1))
224 tx_flags |= TX_CMD_FLG_PROT_REQUIRE;
226 if (fw_has_capa(&mvm->fw->ucode_capa,
227 IWL_UCODE_TLV_CAPA_TXPOWER_INSERTION_SUPPORT) &&
228 ieee80211_action_contains_tpc(skb))
229 tx_flags |= TX_CMD_FLG_WRITE_TX_POWER;
231 tx_cmd->tx_flags = cpu_to_le32(tx_flags);
232 /* Total # bytes to be transmitted - PCIe code will adjust for A-MSDU */
233 tx_cmd->len = cpu_to_le16((u16)skb->len);
234 tx_cmd->life_time = cpu_to_le32(TX_CMD_LIFE_TIME_INFINITE);
235 tx_cmd->sta_id = sta_id;
237 /* padding is inserted later in transport */
238 if (ieee80211_hdrlen(fc) % 4 &&
239 !(offload_assist & BIT(TX_CMD_OFFLD_AMSDU)))
240 offload_assist |= BIT(TX_CMD_OFFLD_PAD);
242 tx_cmd->offload_assist |=
243 cpu_to_le16(iwl_mvm_tx_csum(mvm, skb, hdr, info,
247 static u32 iwl_mvm_get_tx_ant(struct iwl_mvm *mvm,
248 struct ieee80211_tx_info *info,
249 struct ieee80211_sta *sta, __le16 fc)
251 if (info->band == NL80211_BAND_2GHZ &&
252 !iwl_mvm_bt_coex_is_shared_ant_avail(mvm))
253 return mvm->cfg->non_shared_ant << RATE_MCS_ANT_POS;
255 if (sta && ieee80211_is_data(fc)) {
256 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
258 return BIT(mvmsta->tx_ant) << RATE_MCS_ANT_POS;
261 return BIT(mvm->mgmt_last_antenna_idx) << RATE_MCS_ANT_POS;
264 static u32 iwl_mvm_get_tx_rate(struct iwl_mvm *mvm,
265 struct ieee80211_tx_info *info,
266 struct ieee80211_sta *sta)
272 /* HT rate doesn't make sense for a non data frame */
273 WARN_ONCE(info->control.rates[0].flags & IEEE80211_TX_RC_MCS,
274 "Got an HT rate (flags:0x%x/mcs:%d) for a non data frame\n",
275 info->control.rates[0].flags,
276 info->control.rates[0].idx);
278 rate_idx = info->control.rates[0].idx;
279 /* if the rate isn't a well known legacy rate, take the lowest one */
280 if (rate_idx < 0 || rate_idx >= IWL_RATE_COUNT_LEGACY)
281 rate_idx = rate_lowest_index(
282 &mvm->nvm_data->bands[info->band], sta);
285 * For non 2 GHZ band, remap mac80211 rate
286 * indices into driver indices
288 if (info->band != NL80211_BAND_2GHZ)
289 rate_idx += IWL_FIRST_OFDM_RATE;
291 /* For 2.4 GHZ band, check that there is no need to remap */
292 BUILD_BUG_ON(IWL_FIRST_CCK_RATE != 0);
294 /* Get PLCP rate for tx_cmd->rate_n_flags */
295 rate_plcp = iwl_mvm_mac80211_idx_to_hwrate(rate_idx);
297 /* Set CCK flag as needed */
298 if ((rate_idx >= IWL_FIRST_CCK_RATE) && (rate_idx <= IWL_LAST_CCK_RATE))
299 rate_flags |= RATE_MCS_CCK_MSK;
301 return (u32)rate_plcp | rate_flags;
304 static u32 iwl_mvm_get_tx_rate_n_flags(struct iwl_mvm *mvm,
305 struct ieee80211_tx_info *info,
306 struct ieee80211_sta *sta, __le16 fc)
308 return iwl_mvm_get_tx_rate(mvm, info, sta) |
309 iwl_mvm_get_tx_ant(mvm, info, sta, fc);
313 * Sets the fields in the Tx cmd that are rate related
315 void iwl_mvm_set_tx_cmd_rate(struct iwl_mvm *mvm, struct iwl_tx_cmd *tx_cmd,
316 struct ieee80211_tx_info *info,
317 struct ieee80211_sta *sta, __le16 fc)
319 /* Set retry limit on RTS packets */
320 tx_cmd->rts_retry_limit = IWL_RTS_DFAULT_RETRY_LIMIT;
322 /* Set retry limit on DATA packets and Probe Responses*/
323 if (ieee80211_is_probe_resp(fc)) {
324 tx_cmd->data_retry_limit = IWL_MGMT_DFAULT_RETRY_LIMIT;
325 tx_cmd->rts_retry_limit =
326 min(tx_cmd->data_retry_limit, tx_cmd->rts_retry_limit);
327 } else if (ieee80211_is_back_req(fc)) {
328 tx_cmd->data_retry_limit = IWL_BAR_DFAULT_RETRY_LIMIT;
330 tx_cmd->data_retry_limit = IWL_DEFAULT_TX_RETRY;
334 * for data packets, rate info comes from the table inside the fw. This
335 * table is controlled by LINK_QUALITY commands
338 if (ieee80211_is_data(fc) && sta) {
339 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
341 if (mvmsta->sta_state >= IEEE80211_STA_AUTHORIZED) {
342 tx_cmd->initial_rate_index = 0;
343 tx_cmd->tx_flags |= cpu_to_le32(TX_CMD_FLG_STA_RATE);
346 } else if (ieee80211_is_back_req(fc)) {
348 cpu_to_le32(TX_CMD_FLG_ACK | TX_CMD_FLG_BAR);
351 /* Set the rate in the TX cmd */
352 tx_cmd->rate_n_flags =
353 cpu_to_le32(iwl_mvm_get_tx_rate_n_flags(mvm, info, sta, fc));
356 static inline void iwl_mvm_set_tx_cmd_pn(struct ieee80211_tx_info *info,
359 struct ieee80211_key_conf *keyconf = info->control.hw_key;
362 pn = atomic64_inc_return(&keyconf->tx_pn);
365 crypto_hdr[3] = 0x20 | (keyconf->keyidx << 6);
366 crypto_hdr[1] = pn >> 8;
367 crypto_hdr[4] = pn >> 16;
368 crypto_hdr[5] = pn >> 24;
369 crypto_hdr[6] = pn >> 32;
370 crypto_hdr[7] = pn >> 40;
374 * Sets the fields in the Tx cmd that are crypto related
376 static void iwl_mvm_set_tx_cmd_crypto(struct iwl_mvm *mvm,
377 struct ieee80211_tx_info *info,
378 struct iwl_tx_cmd *tx_cmd,
379 struct sk_buff *skb_frag,
382 struct ieee80211_key_conf *keyconf = info->control.hw_key;
383 u8 *crypto_hdr = skb_frag->data + hdrlen;
384 enum iwl_tx_cmd_sec_ctrl type = TX_CMD_SEC_CCM;
387 switch (keyconf->cipher) {
388 case WLAN_CIPHER_SUITE_CCMP:
389 iwl_mvm_set_tx_cmd_ccmp(info, tx_cmd);
390 iwl_mvm_set_tx_cmd_pn(info, crypto_hdr);
393 case WLAN_CIPHER_SUITE_TKIP:
394 tx_cmd->sec_ctl = TX_CMD_SEC_TKIP;
395 pn = atomic64_inc_return(&keyconf->tx_pn);
396 ieee80211_tkip_add_iv(crypto_hdr, keyconf, pn);
397 ieee80211_get_tkip_p2k(keyconf, skb_frag, tx_cmd->key);
400 case WLAN_CIPHER_SUITE_WEP104:
401 tx_cmd->sec_ctl |= TX_CMD_SEC_KEY128;
403 case WLAN_CIPHER_SUITE_WEP40:
404 tx_cmd->sec_ctl |= TX_CMD_SEC_WEP |
405 ((keyconf->keyidx << TX_CMD_SEC_WEP_KEY_IDX_POS) &
406 TX_CMD_SEC_WEP_KEY_IDX_MSK);
408 memcpy(&tx_cmd->key[3], keyconf->key, keyconf->keylen);
410 case WLAN_CIPHER_SUITE_GCMP:
411 case WLAN_CIPHER_SUITE_GCMP_256:
412 type = TX_CMD_SEC_GCMP;
414 case WLAN_CIPHER_SUITE_CCMP_256:
415 /* TODO: Taking the key from the table might introduce a race
416 * when PTK rekeying is done, having an old packets with a PN
417 * based on the old key but the message encrypted with a new
419 * Need to handle this.
421 tx_cmd->sec_ctl |= type | TX_CMD_SEC_KEY_FROM_TABLE;
422 tx_cmd->key[0] = keyconf->hw_key_idx;
423 iwl_mvm_set_tx_cmd_pn(info, crypto_hdr);
426 tx_cmd->sec_ctl |= TX_CMD_SEC_EXT;
431 * Allocates and sets the Tx cmd the driver data pointers in the skb
433 static struct iwl_device_tx_cmd *
434 iwl_mvm_set_tx_params(struct iwl_mvm *mvm, struct sk_buff *skb,
435 struct ieee80211_tx_info *info, int hdrlen,
436 struct ieee80211_sta *sta, u8 sta_id)
438 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
439 struct iwl_device_tx_cmd *dev_cmd;
440 struct iwl_tx_cmd *tx_cmd;
442 dev_cmd = iwl_trans_alloc_tx_cmd(mvm->trans);
444 if (unlikely(!dev_cmd))
447 dev_cmd->hdr.cmd = TX_CMD;
449 if (iwl_mvm_has_new_tx_api(mvm)) {
450 u16 offload_assist = 0;
451 u32 rate_n_flags = 0;
453 struct iwl_mvm_sta *mvmsta = sta ?
454 iwl_mvm_sta_from_mac80211(sta) : NULL;
456 if (ieee80211_is_data_qos(hdr->frame_control)) {
457 u8 *qc = ieee80211_get_qos_ctl(hdr);
459 if (*qc & IEEE80211_QOS_CTL_A_MSDU_PRESENT)
460 offload_assist |= BIT(TX_CMD_OFFLD_AMSDU);
463 offload_assist = iwl_mvm_tx_csum(mvm, skb, hdr, info,
466 /* padding is inserted later in transport */
467 if (ieee80211_hdrlen(hdr->frame_control) % 4 &&
468 !(offload_assist & BIT(TX_CMD_OFFLD_AMSDU)))
469 offload_assist |= BIT(TX_CMD_OFFLD_PAD);
471 if (!info->control.hw_key)
472 flags |= IWL_TX_FLAGS_ENCRYPT_DIS;
475 * For data packets rate info comes from the fw. Only
476 * set rate/antenna during connection establishment or in case
477 * no station is given.
479 if (!sta || !ieee80211_is_data(hdr->frame_control) ||
480 mvmsta->sta_state < IEEE80211_STA_AUTHORIZED) {
481 flags |= IWL_TX_FLAGS_CMD_RATE;
483 iwl_mvm_get_tx_rate_n_flags(mvm, info, sta,
487 if (mvm->trans->trans_cfg->device_family >=
488 IWL_DEVICE_FAMILY_AX210) {
489 struct iwl_tx_cmd_gen3 *cmd = (void *)dev_cmd->payload;
491 cmd->offload_assist |= cpu_to_le32(offload_assist);
493 /* Total # bytes to be transmitted */
494 cmd->len = cpu_to_le16((u16)skb->len);
496 /* Copy MAC header from skb into command buffer */
497 memcpy(cmd->hdr, hdr, hdrlen);
499 cmd->flags = cpu_to_le16(flags);
500 cmd->rate_n_flags = cpu_to_le32(rate_n_flags);
502 struct iwl_tx_cmd_gen2 *cmd = (void *)dev_cmd->payload;
504 cmd->offload_assist |= cpu_to_le16(offload_assist);
506 /* Total # bytes to be transmitted */
507 cmd->len = cpu_to_le16((u16)skb->len);
509 /* Copy MAC header from skb into command buffer */
510 memcpy(cmd->hdr, hdr, hdrlen);
512 cmd->flags = cpu_to_le32(flags);
513 cmd->rate_n_flags = cpu_to_le32(rate_n_flags);
518 tx_cmd = (struct iwl_tx_cmd *)dev_cmd->payload;
520 if (info->control.hw_key)
521 iwl_mvm_set_tx_cmd_crypto(mvm, info, tx_cmd, skb, hdrlen);
523 iwl_mvm_set_tx_cmd(mvm, skb, tx_cmd, info, sta_id);
525 iwl_mvm_set_tx_cmd_rate(mvm, tx_cmd, info, sta, hdr->frame_control);
527 /* Copy MAC header from skb into command buffer */
528 memcpy(tx_cmd->hdr, hdr, hdrlen);
534 static void iwl_mvm_skb_prepare_status(struct sk_buff *skb,
535 struct iwl_device_tx_cmd *cmd)
537 struct ieee80211_tx_info *skb_info = IEEE80211_SKB_CB(skb);
539 memset(&skb_info->status, 0, sizeof(skb_info->status));
540 memset(skb_info->driver_data, 0, sizeof(skb_info->driver_data));
542 skb_info->driver_data[1] = cmd;
545 static int iwl_mvm_get_ctrl_vif_queue(struct iwl_mvm *mvm,
546 struct ieee80211_tx_info *info,
547 struct ieee80211_hdr *hdr)
549 struct iwl_mvm_vif *mvmvif =
550 iwl_mvm_vif_from_mac80211(info->control.vif);
551 __le16 fc = hdr->frame_control;
553 switch (info->control.vif->type) {
554 case NL80211_IFTYPE_AP:
555 case NL80211_IFTYPE_ADHOC:
557 * Non-bufferable frames use the broadcast station, thus they
558 * use the probe queue.
559 * Also take care of the case where we send a deauth to a
560 * station that we don't have, or similarly an association
561 * response (with non-success status) for a station we can't
563 * Also, disassociate frames might happen, particular with
564 * reason 7 ("Class 3 frame received from nonassociated STA").
566 if (ieee80211_is_mgmt(fc) &&
567 (!ieee80211_is_bufferable_mmpdu(fc) ||
568 ieee80211_is_deauth(fc) || ieee80211_is_disassoc(fc)))
569 return mvm->probe_queue;
571 if (!ieee80211_has_order(fc) && !ieee80211_is_probe_req(fc) &&
572 is_multicast_ether_addr(hdr->addr1))
573 return mvmvif->cab_queue;
575 WARN_ONCE(info->control.vif->type != NL80211_IFTYPE_ADHOC,
576 "fc=0x%02x", le16_to_cpu(fc));
577 return mvm->probe_queue;
578 case NL80211_IFTYPE_P2P_DEVICE:
579 if (ieee80211_is_mgmt(fc))
580 return mvm->p2p_dev_queue;
583 return mvm->p2p_dev_queue;
585 WARN_ONCE(1, "Not a ctrl vif, no available queue\n");
590 static void iwl_mvm_probe_resp_set_noa(struct iwl_mvm *mvm,
593 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
594 struct iwl_mvm_vif *mvmvif =
595 iwl_mvm_vif_from_mac80211(info->control.vif);
596 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
597 int base_len = (u8 *)mgmt->u.probe_resp.variable - (u8 *)mgmt;
598 struct iwl_probe_resp_data *resp_data;
601 (WLAN_OUI_WFA >> 16) & 0xff,
602 (WLAN_OUI_WFA >> 8) & 0xff,
604 WLAN_OUI_TYPE_WFA_P2P,
609 resp_data = rcu_dereference(mvmvif->probe_resp_data);
613 if (!resp_data->notif.noa_active)
616 ie = (u8 *)cfg80211_find_ie_match(WLAN_EID_VENDOR_SPECIFIC,
617 mgmt->u.probe_resp.variable,
621 IWL_DEBUG_TX(mvm, "probe resp doesn't have P2P IE\n");
625 if (skb_tailroom(skb) < resp_data->noa_len) {
626 if (pskb_expand_head(skb, 0, resp_data->noa_len, GFP_ATOMIC)) {
628 "Failed to reallocate probe resp\n");
633 pos = skb_put(skb, resp_data->noa_len);
635 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
636 /* Set length of IE body (not including ID and length itself) */
637 *pos++ = resp_data->noa_len - 2;
638 *pos++ = (WLAN_OUI_WFA >> 16) & 0xff;
639 *pos++ = (WLAN_OUI_WFA >> 8) & 0xff;
640 *pos++ = WLAN_OUI_WFA & 0xff;
641 *pos++ = WLAN_OUI_TYPE_WFA_P2P;
643 memcpy(pos, &resp_data->notif.noa_attr,
644 resp_data->noa_len - sizeof(struct ieee80211_vendor_ie));
650 int iwl_mvm_tx_skb_non_sta(struct iwl_mvm *mvm, struct sk_buff *skb)
652 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
653 struct ieee80211_tx_info info;
654 struct iwl_device_tx_cmd *dev_cmd;
656 int hdrlen = ieee80211_hdrlen(hdr->frame_control);
657 __le16 fc = hdr->frame_control;
658 bool offchannel = IEEE80211_SKB_CB(skb)->flags &
659 IEEE80211_TX_CTL_TX_OFFCHAN;
662 if (IWL_MVM_NON_TRANSMITTING_AP && ieee80211_is_probe_resp(fc))
665 memcpy(&info, skb->cb, sizeof(info));
667 if (WARN_ON_ONCE(skb->len > IEEE80211_MAX_DATA_LEN + hdrlen))
670 if (WARN_ON_ONCE(info.flags & IEEE80211_TX_CTL_AMPDU))
673 if (info.control.vif) {
674 struct iwl_mvm_vif *mvmvif =
675 iwl_mvm_vif_from_mac80211(info.control.vif);
677 if (info.control.vif->type == NL80211_IFTYPE_P2P_DEVICE ||
678 info.control.vif->type == NL80211_IFTYPE_AP ||
679 info.control.vif->type == NL80211_IFTYPE_ADHOC) {
680 if (!ieee80211_is_data(hdr->frame_control))
681 sta_id = mvmvif->bcast_sta.sta_id;
683 sta_id = mvmvif->mcast_sta.sta_id;
685 queue = iwl_mvm_get_ctrl_vif_queue(mvm, &info, hdr);
686 } else if (info.control.vif->type == NL80211_IFTYPE_MONITOR) {
687 queue = mvm->snif_queue;
688 sta_id = mvm->snif_sta.sta_id;
689 } else if (info.control.vif->type == NL80211_IFTYPE_STATION &&
692 * IWL_MVM_OFFCHANNEL_QUEUE is used for ROC packets
693 * that can be used in 2 different types of vifs, P2P &
695 * P2P uses the offchannel queue.
696 * STATION (HS2.0) uses the auxiliary context of the FW,
697 * and hence needs to be sent on the aux queue.
699 sta_id = mvm->aux_sta.sta_id;
700 queue = mvm->aux_queue;
705 IWL_ERR(mvm, "No queue was found. Dropping TX\n");
709 if (unlikely(ieee80211_is_probe_resp(fc)))
710 iwl_mvm_probe_resp_set_noa(mvm, skb);
712 IWL_DEBUG_TX(mvm, "station Id %d, queue=%d\n", sta_id, queue);
714 dev_cmd = iwl_mvm_set_tx_params(mvm, skb, &info, hdrlen, NULL, sta_id);
718 /* From now on, we cannot access info->control */
719 iwl_mvm_skb_prepare_status(skb, dev_cmd);
721 if (iwl_trans_tx(mvm->trans, skb, dev_cmd, queue)) {
722 iwl_trans_free_tx_cmd(mvm->trans, dev_cmd);
729 unsigned int iwl_mvm_max_amsdu_size(struct iwl_mvm *mvm,
730 struct ieee80211_sta *sta, unsigned int tid)
732 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
733 enum nl80211_band band = mvmsta->vif->bss_conf.chandef.chan->band;
734 u8 ac = tid_to_mac80211_ac[tid];
736 int lmac = iwl_mvm_get_lmac_id(mvm->fw, band);
738 /* For HE redirect to trigger based fifos */
739 if (sta->he_cap.has_he && !WARN_ON(!iwl_mvm_has_new_tx_api(mvm)))
742 txf = iwl_mvm_mac_ac_to_tx_fifo(mvm, ac);
745 * Don't send an AMSDU that will be longer than the TXF.
746 * Add a security margin of 256 for the TX command + headers.
747 * We also want to have the start of the next packet inside the
748 * fifo to be able to send bursts.
750 return min_t(unsigned int, mvmsta->max_amsdu_len,
751 mvm->fwrt.smem_cfg.lmac[lmac].txfifo_size[txf] - 256);
757 iwl_mvm_tx_tso_segment(struct sk_buff *skb, unsigned int num_subframes,
758 netdev_features_t netdev_flags,
759 struct sk_buff_head *mpdus_skb)
761 struct sk_buff *tmp, *next;
762 struct ieee80211_hdr *hdr = (void *)skb->data;
763 char cb[sizeof(skb->cb)];
765 unsigned int tcp_payload_len;
766 unsigned int mss = skb_shinfo(skb)->gso_size;
767 bool ipv4 = (skb->protocol == htons(ETH_P_IP));
768 bool qos = ieee80211_is_data_qos(hdr->frame_control);
769 u16 ip_base_id = ipv4 ? ntohs(ip_hdr(skb)->id) : 0;
771 skb_shinfo(skb)->gso_size = num_subframes * mss;
772 memcpy(cb, skb->cb, sizeof(cb));
774 next = skb_gso_segment(skb, netdev_flags);
775 skb_shinfo(skb)->gso_size = mss;
776 skb_shinfo(skb)->gso_type = ipv4 ? SKB_GSO_TCPV4 : SKB_GSO_TCPV6;
777 if (WARN_ON_ONCE(IS_ERR(next)))
782 skb_list_walk_safe(next, tmp, next) {
783 memcpy(tmp->cb, cb, sizeof(tmp->cb));
785 * Compute the length of all the data added for the A-MSDU.
786 * This will be used to compute the length to write in the TX
787 * command. We have: SNAP + IP + TCP for n -1 subframes and
788 * ETH header for n subframes.
790 tcp_payload_len = skb_tail_pointer(tmp) -
791 skb_transport_header(tmp) -
792 tcp_hdrlen(tmp) + tmp->data_len;
795 ip_hdr(tmp)->id = htons(ip_base_id + i * num_subframes);
797 if (tcp_payload_len > mss) {
798 skb_shinfo(tmp)->gso_size = mss;
799 skb_shinfo(tmp)->gso_type = ipv4 ? SKB_GSO_TCPV4 :
806 ip_send_check(ip_hdr(tmp));
808 qc = ieee80211_get_qos_ctl((void *)tmp->data);
809 *qc &= ~IEEE80211_QOS_CTL_A_MSDU_PRESENT;
811 skb_shinfo(tmp)->gso_size = 0;
814 skb_mark_not_on_list(tmp);
815 __skb_queue_tail(mpdus_skb, tmp);
822 static int iwl_mvm_tx_tso(struct iwl_mvm *mvm, struct sk_buff *skb,
823 struct ieee80211_tx_info *info,
824 struct ieee80211_sta *sta,
825 struct sk_buff_head *mpdus_skb)
827 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
828 struct ieee80211_hdr *hdr = (void *)skb->data;
829 unsigned int mss = skb_shinfo(skb)->gso_size;
830 unsigned int num_subframes, tcp_payload_len, subf_len, max_amsdu_len;
831 u16 snap_ip_tcp, pad;
832 netdev_features_t netdev_flags = NETIF_F_CSUM_MASK | NETIF_F_SG;
835 snap_ip_tcp = 8 + skb_transport_header(skb) - skb_network_header(skb) +
838 if (!mvmsta->max_amsdu_len ||
839 !ieee80211_is_data_qos(hdr->frame_control) ||
840 !mvmsta->amsdu_enabled)
841 return iwl_mvm_tx_tso_segment(skb, 1, netdev_flags, mpdus_skb);
844 * Do not build AMSDU for IPv6 with extension headers.
845 * ask stack to segment and checkum the generated MPDUs for us.
847 if (skb->protocol == htons(ETH_P_IPV6) &&
848 ((struct ipv6hdr *)skb_network_header(skb))->nexthdr !=
850 netdev_flags &= ~NETIF_F_CSUM_MASK;
851 return iwl_mvm_tx_tso_segment(skb, 1, netdev_flags, mpdus_skb);
854 tid = ieee80211_get_tid(hdr);
855 if (WARN_ON_ONCE(tid >= IWL_MAX_TID_COUNT))
859 * No need to lock amsdu_in_ampdu_allowed since it can't be modified
860 * during an BA session.
862 if ((info->flags & IEEE80211_TX_CTL_AMPDU &&
863 !mvmsta->tid_data[tid].amsdu_in_ampdu_allowed) ||
864 !(mvmsta->amsdu_enabled & BIT(tid)))
865 return iwl_mvm_tx_tso_segment(skb, 1, netdev_flags, mpdus_skb);
868 * Take the min of ieee80211 station and mvm station
871 min_t(unsigned int, sta->max_amsdu_len,
872 iwl_mvm_max_amsdu_size(mvm, sta, tid));
875 * Limit A-MSDU in A-MPDU to 4095 bytes when VHT is not
876 * supported. This is a spec requirement (IEEE 802.11-2015
877 * section 8.7.3 NOTE 3).
879 if (info->flags & IEEE80211_TX_CTL_AMPDU &&
880 !sta->vht_cap.vht_supported)
881 max_amsdu_len = min_t(unsigned int, max_amsdu_len, 4095);
883 /* Sub frame header + SNAP + IP header + TCP header + MSS */
884 subf_len = sizeof(struct ethhdr) + snap_ip_tcp + mss;
885 pad = (4 - subf_len) & 0x3;
888 * If we have N subframes in the A-MSDU, then the A-MSDU's size is
889 * N * subf_len + (N - 1) * pad.
891 num_subframes = (max_amsdu_len + pad) / (subf_len + pad);
893 if (sta->max_amsdu_subframes &&
894 num_subframes > sta->max_amsdu_subframes)
895 num_subframes = sta->max_amsdu_subframes;
897 tcp_payload_len = skb_tail_pointer(skb) - skb_transport_header(skb) -
898 tcp_hdrlen(skb) + skb->data_len;
901 * Make sure we have enough TBs for the A-MSDU:
902 * 2 for each subframe
903 * 1 more for each fragment
904 * 1 more for the potential data in the header
906 if ((num_subframes * 2 + skb_shinfo(skb)->nr_frags + 1) >
907 mvm->trans->max_skb_frags)
910 if (num_subframes > 1)
911 *ieee80211_get_qos_ctl(hdr) |= IEEE80211_QOS_CTL_A_MSDU_PRESENT;
913 /* This skb fits in one single A-MSDU */
914 if (num_subframes * mss >= tcp_payload_len) {
915 __skb_queue_tail(mpdus_skb, skb);
920 * Trick the segmentation function to make it
921 * create SKBs that can fit into one A-MSDU.
923 return iwl_mvm_tx_tso_segment(skb, num_subframes, netdev_flags,
926 #else /* CONFIG_INET */
927 static int iwl_mvm_tx_tso(struct iwl_mvm *mvm, struct sk_buff *skb,
928 struct ieee80211_tx_info *info,
929 struct ieee80211_sta *sta,
930 struct sk_buff_head *mpdus_skb)
932 /* Impossible to get TSO with CONFIG_INET */
939 /* Check if there are any timed-out TIDs on a given shared TXQ */
940 static bool iwl_mvm_txq_should_update(struct iwl_mvm *mvm, int txq_id)
942 unsigned long queue_tid_bitmap = mvm->queue_info[txq_id].tid_bitmap;
943 unsigned long now = jiffies;
946 if (WARN_ON(iwl_mvm_has_new_tx_api(mvm)))
949 for_each_set_bit(tid, &queue_tid_bitmap, IWL_MAX_TID_COUNT + 1) {
950 if (time_before(mvm->queue_info[txq_id].last_frame_time[tid] +
951 IWL_MVM_DQA_QUEUE_TIMEOUT, now))
958 static void iwl_mvm_tx_airtime(struct iwl_mvm *mvm,
959 struct iwl_mvm_sta *mvmsta,
962 int mac = mvmsta->mac_id_n_color & FW_CTXT_ID_MSK;
963 struct iwl_mvm_tcm_mac *mdata;
965 if (mac >= NUM_MAC_INDEX_DRIVER)
968 mdata = &mvm->tcm.data[mac];
973 if (time_after(jiffies, mvm->tcm.ts + MVM_TCM_PERIOD))
974 schedule_delayed_work(&mvm->tcm.work, 0);
976 mdata->tx.airtime += airtime;
979 static int iwl_mvm_tx_pkt_queued(struct iwl_mvm *mvm,
980 struct iwl_mvm_sta *mvmsta, int tid)
982 u32 ac = tid_to_mac80211_ac[tid];
983 int mac = mvmsta->mac_id_n_color & FW_CTXT_ID_MSK;
984 struct iwl_mvm_tcm_mac *mdata;
986 if (mac >= NUM_MAC_INDEX_DRIVER)
989 mdata = &mvm->tcm.data[mac];
991 mdata->tx.pkts[ac]++;
997 * Sets the fields in the Tx cmd that are crypto related.
999 * This function must be called with BHs disabled.
1001 static int iwl_mvm_tx_mpdu(struct iwl_mvm *mvm, struct sk_buff *skb,
1002 struct ieee80211_tx_info *info,
1003 struct ieee80211_sta *sta)
1005 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1006 struct iwl_mvm_sta *mvmsta;
1007 struct iwl_device_tx_cmd *dev_cmd;
1010 u8 tid = IWL_MAX_TID_COUNT;
1012 bool is_ampdu = false;
1015 mvmsta = iwl_mvm_sta_from_mac80211(sta);
1016 fc = hdr->frame_control;
1017 hdrlen = ieee80211_hdrlen(fc);
1019 if (IWL_MVM_NON_TRANSMITTING_AP && ieee80211_is_probe_resp(fc))
1022 if (WARN_ON_ONCE(!mvmsta))
1025 if (WARN_ON_ONCE(mvmsta->sta_id == IWL_MVM_INVALID_STA))
1028 if (unlikely(ieee80211_is_probe_resp(fc)))
1029 iwl_mvm_probe_resp_set_noa(mvm, skb);
1031 dev_cmd = iwl_mvm_set_tx_params(mvm, skb, info, hdrlen,
1032 sta, mvmsta->sta_id);
1037 * we handle that entirely ourselves -- for uAPSD the firmware
1038 * will always send a notification, and for PS-Poll responses
1039 * we'll notify mac80211 when getting frame status
1041 info->flags &= ~IEEE80211_TX_STATUS_EOSP;
1043 spin_lock(&mvmsta->lock);
1045 /* nullfunc frames should go to the MGMT queue regardless of QOS,
1046 * the condition of !ieee80211_is_qos_nullfunc(fc) keeps the default
1047 * assignment of MGMT TID
1049 if (ieee80211_is_data_qos(fc) && !ieee80211_is_qos_nullfunc(fc)) {
1050 tid = ieee80211_get_tid(hdr);
1051 if (WARN_ONCE(tid >= IWL_MAX_TID_COUNT, "Invalid TID %d", tid))
1052 goto drop_unlock_sta;
1054 is_ampdu = info->flags & IEEE80211_TX_CTL_AMPDU;
1055 if (WARN_ONCE(is_ampdu &&
1056 mvmsta->tid_data[tid].state != IWL_AGG_ON,
1057 "Invalid internal agg state %d for TID %d",
1058 mvmsta->tid_data[tid].state, tid))
1059 goto drop_unlock_sta;
1061 seq_number = mvmsta->tid_data[tid].seq_number;
1062 seq_number &= IEEE80211_SCTL_SEQ;
1064 if (!iwl_mvm_has_new_tx_api(mvm)) {
1065 struct iwl_tx_cmd *tx_cmd = (void *)dev_cmd->payload;
1067 hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG);
1068 hdr->seq_ctrl |= cpu_to_le16(seq_number);
1069 /* update the tx_cmd hdr as it was already copied */
1070 tx_cmd->hdr->seq_ctrl = hdr->seq_ctrl;
1072 } else if (ieee80211_is_data(fc) && !ieee80211_is_data_qos(fc)) {
1073 tid = IWL_TID_NON_QOS;
1076 txq_id = mvmsta->tid_data[tid].txq_id;
1078 WARN_ON_ONCE(info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM);
1080 if (WARN_ONCE(txq_id == IWL_MVM_INVALID_QUEUE, "Invalid TXQ id")) {
1081 iwl_trans_free_tx_cmd(mvm->trans, dev_cmd);
1082 spin_unlock(&mvmsta->lock);
1086 if (!iwl_mvm_has_new_tx_api(mvm)) {
1087 /* Keep track of the time of the last frame for this RA/TID */
1088 mvm->queue_info[txq_id].last_frame_time[tid] = jiffies;
1091 * If we have timed-out TIDs - schedule the worker that will
1092 * reconfig the queues and update them
1094 * Note that the no lock is taken here in order to not serialize
1095 * the TX flow. This isn't dangerous because scheduling
1096 * mvm->add_stream_wk can't ruin the state, and if we DON'T
1097 * schedule it due to some race condition then next TX we get
1100 if (unlikely(mvm->queue_info[txq_id].status ==
1101 IWL_MVM_QUEUE_SHARED &&
1102 iwl_mvm_txq_should_update(mvm, txq_id)))
1103 schedule_work(&mvm->add_stream_wk);
1106 IWL_DEBUG_TX(mvm, "TX to [%d|%d] Q:%d - seq: 0x%x len %d\n",
1107 mvmsta->sta_id, tid, txq_id,
1108 IEEE80211_SEQ_TO_SN(seq_number), skb->len);
1110 /* From now on, we cannot access info->control */
1111 iwl_mvm_skb_prepare_status(skb, dev_cmd);
1113 if (iwl_trans_tx(mvm->trans, skb, dev_cmd, txq_id))
1114 goto drop_unlock_sta;
1116 if (tid < IWL_MAX_TID_COUNT && !ieee80211_has_morefrags(fc))
1117 mvmsta->tid_data[tid].seq_number = seq_number + 0x10;
1119 spin_unlock(&mvmsta->lock);
1121 if (iwl_mvm_tx_pkt_queued(mvm, mvmsta,
1122 tid == IWL_MAX_TID_COUNT ? 0 : tid))
1128 iwl_trans_free_tx_cmd(mvm->trans, dev_cmd);
1129 spin_unlock(&mvmsta->lock);
1131 IWL_DEBUG_TX(mvm, "TX to [%d|%d] dropped\n", mvmsta->sta_id, tid);
1135 int iwl_mvm_tx_skb_sta(struct iwl_mvm *mvm, struct sk_buff *skb,
1136 struct ieee80211_sta *sta)
1138 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
1139 struct ieee80211_tx_info info;
1140 struct sk_buff_head mpdus_skbs;
1141 unsigned int payload_len;
1144 if (WARN_ON_ONCE(!mvmsta))
1147 if (WARN_ON_ONCE(mvmsta->sta_id == IWL_MVM_INVALID_STA))
1150 memcpy(&info, skb->cb, sizeof(info));
1152 if (!skb_is_gso(skb))
1153 return iwl_mvm_tx_mpdu(mvm, skb, &info, sta);
1155 payload_len = skb_tail_pointer(skb) - skb_transport_header(skb) -
1156 tcp_hdrlen(skb) + skb->data_len;
1158 if (payload_len <= skb_shinfo(skb)->gso_size)
1159 return iwl_mvm_tx_mpdu(mvm, skb, &info, sta);
1161 __skb_queue_head_init(&mpdus_skbs);
1163 ret = iwl_mvm_tx_tso(mvm, skb, &info, sta, &mpdus_skbs);
1167 if (WARN_ON(skb_queue_empty(&mpdus_skbs)))
1170 while (!skb_queue_empty(&mpdus_skbs)) {
1171 skb = __skb_dequeue(&mpdus_skbs);
1173 ret = iwl_mvm_tx_mpdu(mvm, skb, &info, sta);
1175 __skb_queue_purge(&mpdus_skbs);
1183 static void iwl_mvm_check_ratid_empty(struct iwl_mvm *mvm,
1184 struct ieee80211_sta *sta, u8 tid)
1186 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
1187 struct iwl_mvm_tid_data *tid_data = &mvmsta->tid_data[tid];
1188 struct ieee80211_vif *vif = mvmsta->vif;
1191 lockdep_assert_held(&mvmsta->lock);
1193 if ((tid_data->state == IWL_AGG_ON ||
1194 tid_data->state == IWL_EMPTYING_HW_QUEUE_DELBA) &&
1195 iwl_mvm_tid_queued(mvm, tid_data) == 0) {
1197 * Now that this aggregation or DQA queue is empty tell
1198 * mac80211 so it knows we no longer have frames buffered for
1199 * the station on this TID (for the TIM bitmap calculation.)
1201 ieee80211_sta_set_buffered(sta, tid, false);
1205 * In 22000 HW, the next_reclaimed index is only 8 bit, so we'll need
1206 * to align the wrap around of ssn so we compare relevant values.
1208 normalized_ssn = tid_data->ssn;
1209 if (mvm->trans->trans_cfg->gen2)
1210 normalized_ssn &= 0xff;
1212 if (normalized_ssn != tid_data->next_reclaimed)
1215 switch (tid_data->state) {
1216 case IWL_EMPTYING_HW_QUEUE_ADDBA:
1217 IWL_DEBUG_TX_QUEUES(mvm,
1218 "Can continue addBA flow ssn = next_recl = %d\n",
1219 tid_data->next_reclaimed);
1220 tid_data->state = IWL_AGG_STARTING;
1221 ieee80211_start_tx_ba_cb_irqsafe(vif, sta->addr, tid);
1224 case IWL_EMPTYING_HW_QUEUE_DELBA:
1225 IWL_DEBUG_TX_QUEUES(mvm,
1226 "Can continue DELBA flow ssn = next_recl = %d\n",
1227 tid_data->next_reclaimed);
1228 tid_data->state = IWL_AGG_OFF;
1229 ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid);
1237 #ifdef CONFIG_IWLWIFI_DEBUG
1238 const char *iwl_mvm_get_tx_fail_reason(u32 status)
1240 #define TX_STATUS_FAIL(x) case TX_STATUS_FAIL_ ## x: return #x
1241 #define TX_STATUS_POSTPONE(x) case TX_STATUS_POSTPONE_ ## x: return #x
1243 switch (status & TX_STATUS_MSK) {
1244 case TX_STATUS_SUCCESS:
1246 TX_STATUS_POSTPONE(DELAY);
1247 TX_STATUS_POSTPONE(FEW_BYTES);
1248 TX_STATUS_POSTPONE(BT_PRIO);
1249 TX_STATUS_POSTPONE(QUIET_PERIOD);
1250 TX_STATUS_POSTPONE(CALC_TTAK);
1251 TX_STATUS_FAIL(INTERNAL_CROSSED_RETRY);
1252 TX_STATUS_FAIL(SHORT_LIMIT);
1253 TX_STATUS_FAIL(LONG_LIMIT);
1254 TX_STATUS_FAIL(UNDERRUN);
1255 TX_STATUS_FAIL(DRAIN_FLOW);
1256 TX_STATUS_FAIL(RFKILL_FLUSH);
1257 TX_STATUS_FAIL(LIFE_EXPIRE);
1258 TX_STATUS_FAIL(DEST_PS);
1259 TX_STATUS_FAIL(HOST_ABORTED);
1260 TX_STATUS_FAIL(BT_RETRY);
1261 TX_STATUS_FAIL(STA_INVALID);
1262 TX_STATUS_FAIL(FRAG_DROPPED);
1263 TX_STATUS_FAIL(TID_DISABLE);
1264 TX_STATUS_FAIL(FIFO_FLUSHED);
1265 TX_STATUS_FAIL(SMALL_CF_POLL);
1266 TX_STATUS_FAIL(FW_DROP);
1267 TX_STATUS_FAIL(STA_COLOR_MISMATCH);
1272 #undef TX_STATUS_FAIL
1273 #undef TX_STATUS_POSTPONE
1275 #endif /* CONFIG_IWLWIFI_DEBUG */
1277 void iwl_mvm_hwrate_to_tx_rate(u32 rate_n_flags,
1278 enum nl80211_band band,
1279 struct ieee80211_tx_rate *r)
1281 if (rate_n_flags & RATE_HT_MCS_GF_MSK)
1282 r->flags |= IEEE80211_TX_RC_GREEN_FIELD;
1283 switch (rate_n_flags & RATE_MCS_CHAN_WIDTH_MSK) {
1284 case RATE_MCS_CHAN_WIDTH_20:
1286 case RATE_MCS_CHAN_WIDTH_40:
1287 r->flags |= IEEE80211_TX_RC_40_MHZ_WIDTH;
1289 case RATE_MCS_CHAN_WIDTH_80:
1290 r->flags |= IEEE80211_TX_RC_80_MHZ_WIDTH;
1292 case RATE_MCS_CHAN_WIDTH_160:
1293 r->flags |= IEEE80211_TX_RC_160_MHZ_WIDTH;
1296 if (rate_n_flags & RATE_MCS_SGI_MSK)
1297 r->flags |= IEEE80211_TX_RC_SHORT_GI;
1298 if (rate_n_flags & RATE_MCS_HT_MSK) {
1299 r->flags |= IEEE80211_TX_RC_MCS;
1300 r->idx = rate_n_flags & RATE_HT_MCS_INDEX_MSK;
1301 } else if (rate_n_flags & RATE_MCS_VHT_MSK) {
1302 ieee80211_rate_set_vht(
1303 r, rate_n_flags & RATE_VHT_MCS_RATE_CODE_MSK,
1304 ((rate_n_flags & RATE_VHT_MCS_NSS_MSK) >>
1305 RATE_VHT_MCS_NSS_POS) + 1);
1306 r->flags |= IEEE80211_TX_RC_VHT_MCS;
1308 r->idx = iwl_mvm_legacy_rate_to_mac80211_idx(rate_n_flags,
1314 * translate ucode response to mac80211 tx status control values
1316 static void iwl_mvm_hwrate_to_tx_status(u32 rate_n_flags,
1317 struct ieee80211_tx_info *info)
1319 struct ieee80211_tx_rate *r = &info->status.rates[0];
1321 info->status.antenna =
1322 ((rate_n_flags & RATE_MCS_ANT_ABC_MSK) >> RATE_MCS_ANT_POS);
1323 iwl_mvm_hwrate_to_tx_rate(rate_n_flags, info->band, r);
1326 static void iwl_mvm_tx_status_check_trigger(struct iwl_mvm *mvm,
1329 struct iwl_fw_dbg_trigger_tlv *trig;
1330 struct iwl_fw_dbg_trigger_tx_status *status_trig;
1333 trig = iwl_fw_dbg_trigger_on(&mvm->fwrt, NULL,
1334 FW_DBG_TRIGGER_TX_STATUS);
1338 status_trig = (void *)trig->data;
1340 for (i = 0; i < ARRAY_SIZE(status_trig->statuses); i++) {
1341 /* don't collect on status 0 */
1342 if (!status_trig->statuses[i].status)
1345 if (status_trig->statuses[i].status != (status & TX_STATUS_MSK))
1348 iwl_fw_dbg_collect_trig(&mvm->fwrt, trig,
1349 "Tx status %d was received",
1350 status & TX_STATUS_MSK);
1356 * iwl_mvm_get_scd_ssn - returns the SSN of the SCD
1357 * @tx_resp: the Tx response from the fw (agg or non-agg)
1359 * When the fw sends an AMPDU, it fetches the MPDUs one after the other. Since
1360 * it can't know that everything will go well until the end of the AMPDU, it
1361 * can't know in advance the number of MPDUs that will be sent in the current
1362 * batch. This is why it writes the agg Tx response while it fetches the MPDUs.
1363 * Hence, it can't know in advance what the SSN of the SCD will be at the end
1364 * of the batch. This is why the SSN of the SCD is written at the end of the
1365 * whole struct at a variable offset. This function knows how to cope with the
1366 * variable offset and returns the SSN of the SCD.
1368 static inline u32 iwl_mvm_get_scd_ssn(struct iwl_mvm *mvm,
1369 struct iwl_mvm_tx_resp *tx_resp)
1371 return le32_to_cpup((__le32 *)iwl_mvm_get_agg_status(mvm, tx_resp) +
1372 tx_resp->frame_count) & 0xfff;
1375 static void iwl_mvm_rx_tx_cmd_single(struct iwl_mvm *mvm,
1376 struct iwl_rx_packet *pkt)
1378 struct ieee80211_sta *sta;
1379 u16 sequence = le16_to_cpu(pkt->hdr.sequence);
1380 int txq_id = SEQ_TO_QUEUE(sequence);
1381 /* struct iwl_mvm_tx_resp_v3 is almost the same */
1382 struct iwl_mvm_tx_resp *tx_resp = (void *)pkt->data;
1383 int sta_id = IWL_MVM_TX_RES_GET_RA(tx_resp->ra_tid);
1384 int tid = IWL_MVM_TX_RES_GET_TID(tx_resp->ra_tid);
1385 struct agg_tx_status *agg_status =
1386 iwl_mvm_get_agg_status(mvm, tx_resp);
1387 u32 status = le16_to_cpu(agg_status->status);
1388 u16 ssn = iwl_mvm_get_scd_ssn(mvm, tx_resp);
1389 struct sk_buff_head skbs;
1392 u16 next_reclaimed, seq_ctl;
1393 bool is_ndp = false;
1395 __skb_queue_head_init(&skbs);
1397 if (iwl_mvm_has_new_tx_api(mvm))
1398 txq_id = le16_to_cpu(tx_resp->tx_queue);
1400 seq_ctl = le16_to_cpu(tx_resp->seq_ctl);
1402 /* we can free until ssn % q.n_bd not inclusive */
1403 iwl_trans_reclaim(mvm->trans, txq_id, ssn, &skbs);
1405 while (!skb_queue_empty(&skbs)) {
1406 struct sk_buff *skb = __skb_dequeue(&skbs);
1407 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1408 struct ieee80211_hdr *hdr = (void *)skb->data;
1409 bool flushed = false;
1413 iwl_trans_free_tx_cmd(mvm->trans, info->driver_data[1]);
1415 memset(&info->status, 0, sizeof(info->status));
1417 /* inform mac80211 about what happened with the frame */
1418 switch (status & TX_STATUS_MSK) {
1419 case TX_STATUS_SUCCESS:
1420 case TX_STATUS_DIRECT_DONE:
1421 info->flags |= IEEE80211_TX_STAT_ACK;
1423 case TX_STATUS_FAIL_FIFO_FLUSHED:
1424 case TX_STATUS_FAIL_DRAIN_FLOW:
1427 case TX_STATUS_FAIL_DEST_PS:
1428 /* the FW should have stopped the queue and not
1429 * return this status
1432 info->flags |= IEEE80211_TX_STAT_TX_FILTERED;
1438 if ((status & TX_STATUS_MSK) != TX_STATUS_SUCCESS &&
1439 ieee80211_is_mgmt(hdr->frame_control))
1440 iwl_mvm_toggle_tx_ant(mvm, &mvm->mgmt_last_antenna_idx);
1443 * If we are freeing multiple frames, mark all the frames
1444 * but the first one as acked, since they were acknowledged
1448 info->flags |= IEEE80211_TX_STAT_ACK;
1450 iwl_mvm_tx_status_check_trigger(mvm, status);
1452 info->status.rates[0].count = tx_resp->failure_frame + 1;
1453 iwl_mvm_hwrate_to_tx_status(le32_to_cpu(tx_resp->initial_rate),
1455 info->status.status_driver_data[1] =
1456 (void *)(uintptr_t)le32_to_cpu(tx_resp->initial_rate);
1458 /* Single frame failure in an AMPDU queue => send BAR */
1459 if (info->flags & IEEE80211_TX_CTL_AMPDU &&
1460 !(info->flags & IEEE80211_TX_STAT_ACK) &&
1461 !(info->flags & IEEE80211_TX_STAT_TX_FILTERED) && !flushed)
1462 info->flags |= IEEE80211_TX_STAT_AMPDU_NO_BACK;
1463 info->flags &= ~IEEE80211_TX_CTL_AMPDU;
1465 /* W/A FW bug: seq_ctl is wrong upon failure / BAR frame */
1466 if (ieee80211_is_back_req(hdr->frame_control))
1468 else if (status != TX_STATUS_SUCCESS)
1469 seq_ctl = le16_to_cpu(hdr->seq_ctrl);
1471 if (unlikely(!seq_ctl)) {
1472 struct ieee80211_hdr *hdr = (void *)skb->data;
1475 * If it is an NDP, we can't update next_reclaim since
1476 * its sequence control is 0. Note that for that same
1477 * reason, NDPs are never sent to A-MPDU'able queues
1478 * so that we can never have more than one freed frame
1479 * for a single Tx resonse (see WARN_ON below).
1481 if (ieee80211_is_qos_nullfunc(hdr->frame_control))
1486 * TODO: this is not accurate if we are freeing more than one
1489 info->status.tx_time =
1490 le16_to_cpu(tx_resp->wireless_media_time);
1491 BUILD_BUG_ON(ARRAY_SIZE(info->status.status_driver_data) < 1);
1492 lq_color = TX_RES_RATE_TABLE_COL_GET(tx_resp->tlc_info);
1493 info->status.status_driver_data[0] =
1494 RS_DRV_DATA_PACK(lq_color, tx_resp->reduced_tpc);
1496 ieee80211_tx_status(mvm->hw, skb);
1499 /* This is an aggregation queue or might become one, so we use
1500 * the ssn since: ssn = wifi seq_num % 256.
1501 * The seq_ctl is the sequence control of the packet to which
1502 * this Tx response relates. But if there is a hole in the
1503 * bitmap of the BA we received, this Tx response may allow to
1504 * reclaim the hole and all the subsequent packets that were
1505 * already acked. In that case, seq_ctl != ssn, and the next
1506 * packet to be reclaimed will be ssn and not seq_ctl. In that
1507 * case, several packets will be reclaimed even if
1510 * The ssn is the index (% 256) of the latest packet that has
1511 * treated (acked / dropped) + 1.
1513 next_reclaimed = ssn;
1515 IWL_DEBUG_TX_REPLY(mvm,
1516 "TXQ %d status %s (0x%08x)\n",
1517 txq_id, iwl_mvm_get_tx_fail_reason(status), status);
1519 IWL_DEBUG_TX_REPLY(mvm,
1520 "\t\t\t\tinitial_rate 0x%x retries %d, idx=%d ssn=%d next_reclaimed=0x%x seq_ctl=0x%x\n",
1521 le32_to_cpu(tx_resp->initial_rate),
1522 tx_resp->failure_frame, SEQ_TO_INDEX(sequence),
1523 ssn, next_reclaimed, seq_ctl);
1527 sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]);
1529 * sta can't be NULL otherwise it'd mean that the sta has been freed in
1530 * the firmware while we still have packets for it in the Tx queues.
1532 if (WARN_ON_ONCE(!sta))
1536 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
1538 iwl_mvm_tx_airtime(mvm, mvmsta,
1539 le16_to_cpu(tx_resp->wireless_media_time));
1541 if ((status & TX_STATUS_MSK) != TX_STATUS_SUCCESS &&
1542 mvmsta->sta_state < IEEE80211_STA_AUTHORIZED)
1543 iwl_mvm_toggle_tx_ant(mvm, &mvmsta->tx_ant);
1545 if (sta->wme && tid != IWL_MGMT_TID) {
1546 struct iwl_mvm_tid_data *tid_data =
1547 &mvmsta->tid_data[tid];
1548 bool send_eosp_ndp = false;
1550 spin_lock_bh(&mvmsta->lock);
1553 tid_data->next_reclaimed = next_reclaimed;
1554 IWL_DEBUG_TX_REPLY(mvm,
1555 "Next reclaimed packet:%d\n",
1558 IWL_DEBUG_TX_REPLY(mvm,
1559 "NDP - don't update next_reclaimed\n");
1562 iwl_mvm_check_ratid_empty(mvm, sta, tid);
1564 if (mvmsta->sleep_tx_count) {
1565 mvmsta->sleep_tx_count--;
1566 if (mvmsta->sleep_tx_count &&
1567 !iwl_mvm_tid_queued(mvm, tid_data)) {
1569 * The number of frames in the queue
1570 * dropped to 0 even if we sent less
1571 * frames than we thought we had on the
1573 * This means we had holes in the BA
1574 * window that we just filled, ask
1575 * mac80211 to send EOSP since the
1576 * firmware won't know how to do that.
1577 * Send NDP and the firmware will send
1578 * EOSP notification that will trigger
1579 * a call to ieee80211_sta_eosp().
1581 send_eosp_ndp = true;
1585 spin_unlock_bh(&mvmsta->lock);
1586 if (send_eosp_ndp) {
1587 iwl_mvm_sta_modify_sleep_tx_count(mvm, sta,
1588 IEEE80211_FRAME_RELEASE_UAPSD,
1589 1, tid, false, false);
1590 mvmsta->sleep_tx_count = 0;
1591 ieee80211_send_eosp_nullfunc(sta, tid);
1595 if (mvmsta->next_status_eosp) {
1596 mvmsta->next_status_eosp = false;
1597 ieee80211_sta_eosp(sta);
1604 #ifdef CONFIG_IWLWIFI_DEBUG
1605 #define AGG_TX_STATE_(x) case AGG_TX_STATE_ ## x: return #x
1606 static const char *iwl_get_agg_tx_status(u16 status)
1608 switch (status & AGG_TX_STATE_STATUS_MSK) {
1609 AGG_TX_STATE_(TRANSMITTED);
1610 AGG_TX_STATE_(UNDERRUN);
1611 AGG_TX_STATE_(BT_PRIO);
1612 AGG_TX_STATE_(FEW_BYTES);
1613 AGG_TX_STATE_(ABORT);
1614 AGG_TX_STATE_(TX_ON_AIR_DROP);
1615 AGG_TX_STATE_(LAST_SENT_TRY_CNT);
1616 AGG_TX_STATE_(LAST_SENT_BT_KILL);
1617 AGG_TX_STATE_(SCD_QUERY);
1618 AGG_TX_STATE_(TEST_BAD_CRC32);
1619 AGG_TX_STATE_(RESPONSE);
1620 AGG_TX_STATE_(DUMP_TX);
1621 AGG_TX_STATE_(DELAY_TX);
1627 static void iwl_mvm_rx_tx_cmd_agg_dbg(struct iwl_mvm *mvm,
1628 struct iwl_rx_packet *pkt)
1630 struct iwl_mvm_tx_resp *tx_resp = (void *)pkt->data;
1631 struct agg_tx_status *frame_status =
1632 iwl_mvm_get_agg_status(mvm, tx_resp);
1635 for (i = 0; i < tx_resp->frame_count; i++) {
1636 u16 fstatus = le16_to_cpu(frame_status[i].status);
1638 IWL_DEBUG_TX_REPLY(mvm,
1639 "status %s (0x%04x), try-count (%d) seq (0x%x)\n",
1640 iwl_get_agg_tx_status(fstatus),
1641 fstatus & AGG_TX_STATE_STATUS_MSK,
1642 (fstatus & AGG_TX_STATE_TRY_CNT_MSK) >>
1643 AGG_TX_STATE_TRY_CNT_POS,
1644 le16_to_cpu(frame_status[i].sequence));
1648 static void iwl_mvm_rx_tx_cmd_agg_dbg(struct iwl_mvm *mvm,
1649 struct iwl_rx_packet *pkt)
1651 #endif /* CONFIG_IWLWIFI_DEBUG */
1653 static void iwl_mvm_rx_tx_cmd_agg(struct iwl_mvm *mvm,
1654 struct iwl_rx_packet *pkt)
1656 struct iwl_mvm_tx_resp *tx_resp = (void *)pkt->data;
1657 int sta_id = IWL_MVM_TX_RES_GET_RA(tx_resp->ra_tid);
1658 int tid = IWL_MVM_TX_RES_GET_TID(tx_resp->ra_tid);
1659 u16 sequence = le16_to_cpu(pkt->hdr.sequence);
1660 struct iwl_mvm_sta *mvmsta;
1661 int queue = SEQ_TO_QUEUE(sequence);
1662 struct ieee80211_sta *sta;
1664 if (WARN_ON_ONCE(queue < IWL_MVM_DQA_MIN_DATA_QUEUE &&
1665 (queue != IWL_MVM_DQA_BSS_CLIENT_QUEUE)))
1668 iwl_mvm_rx_tx_cmd_agg_dbg(mvm, pkt);
1672 mvmsta = iwl_mvm_sta_from_staid_rcu(mvm, sta_id);
1674 sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]);
1675 if (WARN_ON_ONCE(!sta || !sta->wme)) {
1680 if (!WARN_ON_ONCE(!mvmsta)) {
1681 mvmsta->tid_data[tid].rate_n_flags =
1682 le32_to_cpu(tx_resp->initial_rate);
1683 mvmsta->tid_data[tid].tx_time =
1684 le16_to_cpu(tx_resp->wireless_media_time);
1685 mvmsta->tid_data[tid].lq_color =
1686 TX_RES_RATE_TABLE_COL_GET(tx_resp->tlc_info);
1687 iwl_mvm_tx_airtime(mvm, mvmsta,
1688 le16_to_cpu(tx_resp->wireless_media_time));
1694 void iwl_mvm_rx_tx_cmd(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb)
1696 struct iwl_rx_packet *pkt = rxb_addr(rxb);
1697 struct iwl_mvm_tx_resp *tx_resp = (void *)pkt->data;
1699 if (tx_resp->frame_count == 1)
1700 iwl_mvm_rx_tx_cmd_single(mvm, pkt);
1702 iwl_mvm_rx_tx_cmd_agg(mvm, pkt);
1705 static void iwl_mvm_tx_reclaim(struct iwl_mvm *mvm, int sta_id, int tid,
1707 struct ieee80211_tx_info *ba_info, u32 rate)
1709 struct sk_buff_head reclaimed_skbs;
1710 struct iwl_mvm_tid_data *tid_data = NULL;
1711 struct ieee80211_sta *sta;
1712 struct iwl_mvm_sta *mvmsta = NULL;
1713 struct sk_buff *skb;
1716 if (WARN_ONCE(sta_id >= mvm->fw->ucode_capa.num_stations ||
1717 tid > IWL_MAX_TID_COUNT,
1718 "sta_id %d tid %d", sta_id, tid))
1723 sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]);
1725 /* Reclaiming frames for a station that has been deleted ? */
1726 if (WARN_ON_ONCE(!sta)) {
1731 __skb_queue_head_init(&reclaimed_skbs);
1734 * Release all TFDs before the SSN, i.e. all TFDs in front of
1735 * block-ack window (we assume that they've been successfully
1736 * transmitted ... if not, it's too late anyway).
1738 iwl_trans_reclaim(mvm->trans, txq, index, &reclaimed_skbs);
1740 skb_queue_walk(&reclaimed_skbs, skb) {
1741 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1743 iwl_trans_free_tx_cmd(mvm->trans, info->driver_data[1]);
1745 memset(&info->status, 0, sizeof(info->status));
1746 /* Packet was transmitted successfully, failures come as single
1747 * frames because before failing a frame the firmware transmits
1748 * it without aggregation at least once.
1750 info->flags |= IEEE80211_TX_STAT_ACK;
1754 * It's possible to get a BA response after invalidating the rcu (rcu is
1755 * invalidated in order to prevent new Tx from being sent, but there may
1756 * be some frames already in-flight).
1757 * In this case we just want to reclaim, and could skip all the
1758 * sta-dependent stuff since it's in the middle of being removed
1764 mvmsta = iwl_mvm_sta_from_mac80211(sta);
1765 tid_data = &mvmsta->tid_data[tid];
1767 if (tid_data->txq_id != txq) {
1769 "invalid BA notification: Q %d, tid %d\n",
1770 tid_data->txq_id, tid);
1775 spin_lock_bh(&mvmsta->lock);
1777 tid_data->next_reclaimed = index;
1779 iwl_mvm_check_ratid_empty(mvm, sta, tid);
1783 /* pack lq color from tid_data along the reduced txp */
1784 ba_info->status.status_driver_data[0] =
1785 RS_DRV_DATA_PACK(tid_data->lq_color,
1786 ba_info->status.status_driver_data[0]);
1787 ba_info->status.status_driver_data[1] = (void *)(uintptr_t)rate;
1789 skb_queue_walk(&reclaimed_skbs, skb) {
1790 struct ieee80211_hdr *hdr = (void *)skb->data;
1791 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1793 if (ieee80211_is_data_qos(hdr->frame_control))
1796 WARN_ON_ONCE(tid != IWL_MAX_TID_COUNT);
1798 /* this is the first skb we deliver in this batch */
1799 /* put the rate scaling data there */
1801 info->flags |= IEEE80211_TX_STAT_AMPDU;
1802 memcpy(&info->status, &ba_info->status,
1803 sizeof(ba_info->status));
1804 iwl_mvm_hwrate_to_tx_status(rate, info);
1808 spin_unlock_bh(&mvmsta->lock);
1810 /* We got a BA notif with 0 acked or scd_ssn didn't progress which is
1811 * possible (i.e. first MPDU in the aggregation wasn't acked)
1812 * Still it's important to update RS about sent vs. acked.
1814 if (skb_queue_empty(&reclaimed_skbs)) {
1815 struct ieee80211_chanctx_conf *chanctx_conf = NULL;
1819 rcu_dereference(mvmsta->vif->chanctx_conf);
1821 if (WARN_ON_ONCE(!chanctx_conf))
1824 ba_info->band = chanctx_conf->def.chan->band;
1825 iwl_mvm_hwrate_to_tx_status(rate, ba_info);
1827 if (!iwl_mvm_has_tlc_offload(mvm)) {
1828 IWL_DEBUG_TX_REPLY(mvm,
1829 "No reclaim. Update rs directly\n");
1830 iwl_mvm_rs_tx_status(mvm, sta, tid, ba_info, false);
1837 while (!skb_queue_empty(&reclaimed_skbs)) {
1838 skb = __skb_dequeue(&reclaimed_skbs);
1839 ieee80211_tx_status(mvm->hw, skb);
1843 void iwl_mvm_rx_ba_notif(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb)
1845 struct iwl_rx_packet *pkt = rxb_addr(rxb);
1846 int sta_id, tid, txq, index;
1847 struct ieee80211_tx_info ba_info = {};
1848 struct iwl_mvm_ba_notif *ba_notif;
1849 struct iwl_mvm_tid_data *tid_data;
1850 struct iwl_mvm_sta *mvmsta;
1852 ba_info.flags = IEEE80211_TX_STAT_AMPDU;
1854 if (iwl_mvm_has_new_tx_api(mvm)) {
1855 struct iwl_mvm_compressed_ba_notif *ba_res =
1857 u8 lq_color = TX_RES_RATE_TABLE_COL_GET(ba_res->tlc_rate_info);
1860 sta_id = ba_res->sta_id;
1861 ba_info.status.ampdu_ack_len = (u8)le16_to_cpu(ba_res->done);
1862 ba_info.status.ampdu_len = (u8)le16_to_cpu(ba_res->txed);
1863 ba_info.status.tx_time =
1864 (u16)le32_to_cpu(ba_res->wireless_time);
1865 ba_info.status.status_driver_data[0] =
1866 (void *)(uintptr_t)ba_res->reduced_txp;
1868 if (!le16_to_cpu(ba_res->tfd_cnt))
1873 mvmsta = iwl_mvm_sta_from_staid_rcu(mvm, sta_id);
1875 * It's possible to get a BA response after invalidating the rcu
1876 * (rcu is invalidated in order to prevent new Tx from being
1877 * sent, but there may be some frames already in-flight).
1878 * In this case we just want to reclaim, and could skip all the
1879 * sta-dependent stuff since it's in the middle of being removed
1884 for (i = 0; i < le16_to_cpu(ba_res->tfd_cnt); i++) {
1885 struct iwl_mvm_compressed_ba_tfd *ba_tfd =
1889 if (tid == IWL_MGMT_TID)
1890 tid = IWL_MAX_TID_COUNT;
1893 mvmsta->tid_data[i].lq_color = lq_color;
1895 iwl_mvm_tx_reclaim(mvm, sta_id, tid,
1896 (int)(le16_to_cpu(ba_tfd->q_num)),
1897 le16_to_cpu(ba_tfd->tfd_index),
1899 le32_to_cpu(ba_res->tx_rate));
1903 iwl_mvm_tx_airtime(mvm, mvmsta,
1904 le32_to_cpu(ba_res->wireless_time));
1907 IWL_DEBUG_TX_REPLY(mvm,
1908 "BA_NOTIFICATION Received from sta_id = %d, flags %x, sent:%d, acked:%d\n",
1909 sta_id, le32_to_cpu(ba_res->flags),
1910 le16_to_cpu(ba_res->txed),
1911 le16_to_cpu(ba_res->done));
1915 ba_notif = (void *)pkt->data;
1916 sta_id = ba_notif->sta_id;
1917 tid = ba_notif->tid;
1918 /* "flow" corresponds to Tx queue */
1919 txq = le16_to_cpu(ba_notif->scd_flow);
1920 /* "ssn" is start of block-ack Tx window, corresponds to index
1921 * (in Tx queue's circular buffer) of first TFD/frame in window */
1922 index = le16_to_cpu(ba_notif->scd_ssn);
1925 mvmsta = iwl_mvm_sta_from_staid_rcu(mvm, sta_id);
1926 if (WARN_ON_ONCE(!mvmsta)) {
1931 tid_data = &mvmsta->tid_data[tid];
1933 ba_info.status.ampdu_ack_len = ba_notif->txed_2_done;
1934 ba_info.status.ampdu_len = ba_notif->txed;
1935 ba_info.status.tx_time = tid_data->tx_time;
1936 ba_info.status.status_driver_data[0] =
1937 (void *)(uintptr_t)ba_notif->reduced_txp;
1941 iwl_mvm_tx_reclaim(mvm, sta_id, tid, txq, index, &ba_info,
1942 tid_data->rate_n_flags);
1944 IWL_DEBUG_TX_REPLY(mvm,
1945 "BA_NOTIFICATION Received from %pM, sta_id = %d\n",
1946 ba_notif->sta_addr, ba_notif->sta_id);
1948 IWL_DEBUG_TX_REPLY(mvm,
1949 "TID = %d, SeqCtl = %d, bitmap = 0x%llx, scd_flow = %d, scd_ssn = %d sent:%d, acked:%d\n",
1950 ba_notif->tid, le16_to_cpu(ba_notif->seq_ctl),
1951 le64_to_cpu(ba_notif->bitmap), txq, index,
1952 ba_notif->txed, ba_notif->txed_2_done);
1954 IWL_DEBUG_TX_REPLY(mvm, "reduced txp from ba notif %d\n",
1955 ba_notif->reduced_txp);
1959 * Note that there are transports that buffer frames before they reach
1960 * the firmware. This means that after flush_tx_path is called, the
1961 * queue might not be empty. The race-free way to handle this is to:
1962 * 1) set the station as draining
1963 * 2) flush the Tx path
1964 * 3) wait for the transport queues to be empty
1966 int iwl_mvm_flush_tx_path(struct iwl_mvm *mvm, u32 tfd_msk, u32 flags)
1969 struct iwl_tx_path_flush_cmd_v1 flush_cmd = {
1970 .queues_ctl = cpu_to_le32(tfd_msk),
1971 .flush_ctl = cpu_to_le16(DUMP_TX_FIFO_FLUSH),
1974 WARN_ON(iwl_mvm_has_new_tx_api(mvm));
1976 ret = iwl_mvm_send_cmd_pdu(mvm, TXPATH_FLUSH, flags,
1977 sizeof(flush_cmd), &flush_cmd);
1979 IWL_ERR(mvm, "Failed to send flush command (%d)\n", ret);
1983 int iwl_mvm_flush_sta_tids(struct iwl_mvm *mvm, u32 sta_id,
1984 u16 tids, u32 flags)
1987 struct iwl_tx_path_flush_cmd flush_cmd = {
1988 .sta_id = cpu_to_le32(sta_id),
1989 .tid_mask = cpu_to_le16(tids),
1992 WARN_ON(!iwl_mvm_has_new_tx_api(mvm));
1994 ret = iwl_mvm_send_cmd_pdu(mvm, TXPATH_FLUSH, flags,
1995 sizeof(flush_cmd), &flush_cmd);
1997 IWL_ERR(mvm, "Failed to send flush command (%d)\n", ret);
2001 int iwl_mvm_flush_sta(struct iwl_mvm *mvm, void *sta, bool internal)
2003 struct iwl_mvm_int_sta *int_sta = sta;
2004 struct iwl_mvm_sta *mvm_sta = sta;
2006 BUILD_BUG_ON(offsetof(struct iwl_mvm_int_sta, sta_id) !=
2007 offsetof(struct iwl_mvm_sta, sta_id));
2009 if (iwl_mvm_has_new_tx_api(mvm))
2010 return iwl_mvm_flush_sta_tids(mvm, mvm_sta->sta_id, 0xffff, 0);
2013 return iwl_mvm_flush_tx_path(mvm, int_sta->tfd_queue_msk, 0);
2015 return iwl_mvm_flush_tx_path(mvm, mvm_sta->tfd_queue_msk, 0);
projects / linux-2.6-microblaze.git / blob