1 /*
2 * Intel Wireless WiMAX Connection 2400m
3 * Handle incoming traffic and deliver it to the control or data planes
4 *
5 *
6 * Copyright (C) 2007-2008 Intel Corporation. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * * Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * * Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 * * Neither the name of Intel Corporation nor the names of its
19 * contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
27 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
28 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
32 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 *
34 *
35 * Intel Corporation <linux-wimax@intel.com>
36 * Yanir Lubetkin <yanirx.lubetkin@intel.com>
37 * - Initial implementation
38 * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
39 * - Use skb_clone(), break up processing in chunks
40 * - Split transport/device specific
41 * - Make buffer size dynamic to exert less memory pressure
42 * - RX reorder support
43 *
44 * This handles the RX path.
45 *
46 * We receive an RX message from the bus-specific driver, which
47 * contains one or more payloads that have potentially different
48 * destinataries (data or control paths).
49 *
50 * So we just take that payload from the transport specific code in
51 * the form of an skb, break it up in chunks (a cloned skb each in the
52 * case of network packets) and pass it to netdev or to the
53 * command/ack handler (and from there to the WiMAX stack).
54 *
55 * PROTOCOL FORMAT
56 *
57 * The format of the buffer is:
58 *
59 * HEADER (struct i2400m_msg_hdr)
60 * PAYLOAD DESCRIPTOR 0 (struct i2400m_pld)
61 * PAYLOAD DESCRIPTOR 1
62 * ...
63 * PAYLOAD DESCRIPTOR N
64 * PAYLOAD 0 (raw bytes)
65 * PAYLOAD 1
66 * ...
67 * PAYLOAD N
68 *
69 * See tx.c for a deeper description on alignment requirements and
70 * other fun facts of it.
71 *
72 * DATA PACKETS
73 *
74 * In firmwares <= v1.3, data packets have no header for RX, but they
75 * do for TX (currently unused).
76 *
77 * In firmware >= 1.4, RX packets have an extended header (16
78 * bytes). This header conveys information for management of host
79 * reordering of packets (the device offloads storage of the packets
80 * for reordering to the host). Read below for more information.
81 *
82 * The header is used as dummy space to emulate an ethernet header and
83 * thus be able to act as an ethernet device without having to reallocate.
84 *
85 * DATA RX REORDERING
86 *
87 * Starting in firmware v1.4, the device can deliver packets for
88 * delivery with special reordering information; this allows it to
89 * more effectively do packet management when some frames were lost in
90 * the radio traffic.
91 *
92 * Thus, for RX packets that come out of order, the device gives the
93 * driver enough information to queue them properly and then at some
94 * point, the signal to deliver the whole (or part) of the queued
95 * packets to the networking stack. There are 16 such queues.
96 *
97 * This only happens when a packet comes in with the "need reorder"
98 * flag set in the RX header. When such bit is set, the following
99 * operations might be indicated:
100 *
101 * - reset queue: send all queued packets to the OS
102 *
103 * - queue: queue a packet
104 *
105 * - update ws: update the queue's window start and deliver queued
106 * packets that meet the criteria
107 *
108 * - queue & update ws: queue a packet, update the window start and
109 * deliver queued packets that meet the criteria
110 *
111 * (delivery criteria: the packet's [normalized] sequence number is
112 * lower than the new [normalized] window start).
113 *
114 * See the i2400m_roq_*() functions for details.
115 *
116 * ROADMAP
117 *
118 * i2400m_rx
119 * i2400m_rx_msg_hdr_check
120 * i2400m_rx_pl_descr_check
121 * i2400m_rx_payload
122 * i2400m_net_rx
123 * i2400m_rx_edata
124 * i2400m_net_erx
125 * i2400m_roq_reset
126 * i2400m_net_erx
127 * i2400m_roq_queue
128 * __i2400m_roq_queue
129 * i2400m_roq_update_ws
130 * __i2400m_roq_update_ws
131 * i2400m_net_erx
132 * i2400m_roq_queue_update_ws
133 * __i2400m_roq_queue
134 * __i2400m_roq_update_ws
135 * i2400m_net_erx
136 * i2400m_rx_ctl
137 * i2400m_msg_size_check
138 * i2400m_report_hook_work [in a workqueue]
139 * i2400m_report_hook
140 * wimax_msg_to_user
141 * i2400m_rx_ctl_ack
142 * wimax_msg_to_user_alloc
143 * i2400m_rx_trace
144 * i2400m_msg_size_check
145 * wimax_msg
146 */
147 #include <linux/slab.h>
148 #include <linux/kernel.h>
149 #include <linux/if_arp.h>
150 #include <linux/netdevice.h>
151 #include <linux/workqueue.h>
152 #include <linux/export.h>
153 #include <linux/moduleparam.h>
154 #include "i2400m.h"
155
156
157 #define D_SUBMODULE rx
158 #include "debug-levels.h"
159
160 static int i2400m_rx_reorder_disabled; /* 0 (rx reorder enabled) by default */
161 module_param_named(rx_reorder_disabled, i2400m_rx_reorder_disabled, int, 0644);
162 MODULE_PARM_DESC(rx_reorder_disabled,
163 "If true, RX reordering will be disabled.");
164
165 struct i2400m_report_hook_args {
166 struct sk_buff *skb_rx;
167 const struct i2400m_l3l4_hdr *l3l4_hdr;
168 size_t size;
169 struct list_head list_node;
170 };
171
172
173 /*
174 * Execute i2400m_report_hook in a workqueue
175 *
176 * Goes over the list of queued reports in i2400m->rx_reports and
177 * processes them.
178 *
179 * NOTE: refcounts on i2400m are not needed because we flush the
180 * workqueue this runs on (i2400m->work_queue) before destroying
181 * i2400m.
182 */
i2400m_report_hook_work(struct work_struct * ws)183 void i2400m_report_hook_work(struct work_struct *ws)
184 {
185 struct i2400m *i2400m = container_of(ws, struct i2400m, rx_report_ws);
186 struct device *dev = i2400m_dev(i2400m);
187 struct i2400m_report_hook_args *args, *args_next;
188 LIST_HEAD(list);
189 unsigned long flags;
190
191 while (1) {
192 spin_lock_irqsave(&i2400m->rx_lock, flags);
193 list_splice_init(&i2400m->rx_reports, &list);
194 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
195 if (list_empty(&list))
196 break;
197 else
198 d_printf(1, dev, "processing queued reports\n");
199 list_for_each_entry_safe(args, args_next, &list, list_node) {
200 d_printf(2, dev, "processing queued report %p\n", args);
201 i2400m_report_hook(i2400m, args->l3l4_hdr, args->size);
202 kfree_skb(args->skb_rx);
203 list_del(&args->list_node);
204 kfree(args);
205 }
206 }
207 }
208
209
210 /*
211 * Flush the list of queued reports
212 */
213 static
i2400m_report_hook_flush(struct i2400m * i2400m)214 void i2400m_report_hook_flush(struct i2400m *i2400m)
215 {
216 struct device *dev = i2400m_dev(i2400m);
217 struct i2400m_report_hook_args *args, *args_next;
218 LIST_HEAD(list);
219 unsigned long flags;
220
221 d_printf(1, dev, "flushing queued reports\n");
222 spin_lock_irqsave(&i2400m->rx_lock, flags);
223 list_splice_init(&i2400m->rx_reports, &list);
224 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
225 list_for_each_entry_safe(args, args_next, &list, list_node) {
226 d_printf(2, dev, "flushing queued report %p\n", args);
227 kfree_skb(args->skb_rx);
228 list_del(&args->list_node);
229 kfree(args);
230 }
231 }
232
233
234 /*
235 * Queue a report for later processing
236 *
237 * @i2400m: device descriptor
238 * @skb_rx: skb that contains the payload (for reference counting)
239 * @l3l4_hdr: pointer to the control
240 * @size: size of the message
241 */
242 static
i2400m_report_hook_queue(struct i2400m * i2400m,struct sk_buff * skb_rx,const void * l3l4_hdr,size_t size)243 void i2400m_report_hook_queue(struct i2400m *i2400m, struct sk_buff *skb_rx,
244 const void *l3l4_hdr, size_t size)
245 {
246 struct device *dev = i2400m_dev(i2400m);
247 unsigned long flags;
248 struct i2400m_report_hook_args *args;
249
250 args = kzalloc(sizeof(*args), GFP_NOIO);
251 if (args) {
252 args->skb_rx = skb_get(skb_rx);
253 args->l3l4_hdr = l3l4_hdr;
254 args->size = size;
255 spin_lock_irqsave(&i2400m->rx_lock, flags);
256 list_add_tail(&args->list_node, &i2400m->rx_reports);
257 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
258 d_printf(2, dev, "queued report %p\n", args);
259 rmb(); /* see i2400m->ready's documentation */
260 if (likely(i2400m->ready)) /* only send if up */
261 queue_work(i2400m->work_queue, &i2400m->rx_report_ws);
262 } else {
263 if (printk_ratelimit())
264 dev_err(dev, "%s:%u: Can't allocate %zu B\n",
265 __func__, __LINE__, sizeof(*args));
266 }
267 }
268
269
270 /*
271 * Process an ack to a command
272 *
273 * @i2400m: device descriptor
274 * @payload: pointer to message
275 * @size: size of the message
276 *
277 * Pass the acknodledgment (in an skb) to the thread that is waiting
278 * for it in i2400m->msg_completion.
279 *
280 * We need to coordinate properly with the thread waiting for the
281 * ack. Check if it is waiting or if it is gone. We loose the spinlock
282 * to avoid allocating on atomic contexts (yeah, could use GFP_ATOMIC,
283 * but this is not so speed critical).
284 */
285 static
i2400m_rx_ctl_ack(struct i2400m * i2400m,const void * payload,size_t size)286 void i2400m_rx_ctl_ack(struct i2400m *i2400m,
287 const void *payload, size_t size)
288 {
289 struct device *dev = i2400m_dev(i2400m);
290 struct wimax_dev *wimax_dev = &i2400m->wimax_dev;
291 unsigned long flags;
292 struct sk_buff *ack_skb;
293
294 /* Anyone waiting for an answer? */
295 spin_lock_irqsave(&i2400m->rx_lock, flags);
296 if (i2400m->ack_skb != ERR_PTR(-EINPROGRESS)) {
297 dev_err(dev, "Huh? reply to command with no waiters\n");
298 goto error_no_waiter;
299 }
300 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
301
302 ack_skb = wimax_msg_alloc(wimax_dev, NULL, payload, size, GFP_KERNEL);
303
304 /* Check waiter didn't time out waiting for the answer... */
305 spin_lock_irqsave(&i2400m->rx_lock, flags);
306 if (i2400m->ack_skb != ERR_PTR(-EINPROGRESS)) {
307 d_printf(1, dev, "Huh? waiter for command reply cancelled\n");
308 goto error_waiter_cancelled;
309 }
310 if (IS_ERR(ack_skb))
311 dev_err(dev, "CMD/GET/SET ack: cannot allocate SKB\n");
312 i2400m->ack_skb = ack_skb;
313 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
314 complete(&i2400m->msg_completion);
315 return;
316
317 error_waiter_cancelled:
318 if (!IS_ERR(ack_skb))
319 kfree_skb(ack_skb);
320 error_no_waiter:
321 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
322 }
323
324
325 /*
326 * Receive and process a control payload
327 *
328 * @i2400m: device descriptor
329 * @skb_rx: skb that contains the payload (for reference counting)
330 * @payload: pointer to message
331 * @size: size of the message
332 *
333 * There are two types of control RX messages: reports (asynchronous,
334 * like your every day interrupts) and 'acks' (reponses to a command,
335 * get or set request).
336 *
337 * If it is a report, we run hooks on it (to extract information for
338 * things we need to do in the driver) and then pass it over to the
339 * WiMAX stack to send it to user space.
340 *
341 * NOTE: report processing is done in a workqueue specific to the
342 * generic driver, to avoid deadlocks in the system.
343 *
344 * If it is not a report, it is an ack to a previously executed
345 * command, set or get, so wake up whoever is waiting for it from
346 * i2400m_msg_to_dev(). i2400m_rx_ctl_ack() takes care of that.
347 *
348 * Note that the sizes we pass to other functions from here are the
349 * sizes of the _l3l4_hdr + payload, not full buffer sizes, as we have
350 * verified in _msg_size_check() that they are congruent.
351 *
352 * For reports: We can't clone the original skb where the data is
353 * because we need to send this up via netlink; netlink has to add
354 * headers and we can't overwrite what's preceding the payload...as
355 * it is another message. So we just dup them.
356 */
357 static
i2400m_rx_ctl(struct i2400m * i2400m,struct sk_buff * skb_rx,const void * payload,size_t size)358 void i2400m_rx_ctl(struct i2400m *i2400m, struct sk_buff *skb_rx,
359 const void *payload, size_t size)
360 {
361 int result;
362 struct device *dev = i2400m_dev(i2400m);
363 const struct i2400m_l3l4_hdr *l3l4_hdr = payload;
364 unsigned msg_type;
365
366 result = i2400m_msg_size_check(i2400m, l3l4_hdr, size);
367 if (result < 0) {
368 dev_err(dev, "HW BUG? device sent a bad message: %d\n",
369 result);
370 goto error_check;
371 }
372 msg_type = le16_to_cpu(l3l4_hdr->type);
373 d_printf(1, dev, "%s 0x%04x: %zu bytes\n",
374 msg_type & I2400M_MT_REPORT_MASK ? "REPORT" : "CMD/SET/GET",
375 msg_type, size);
376 d_dump(2, dev, l3l4_hdr, size);
377 if (msg_type & I2400M_MT_REPORT_MASK) {
378 /*
379 * Process each report
380 *
381 * - has to be ran serialized as well
382 *
383 * - the handling might force the execution of
384 * commands. That might cause reentrancy issues with
385 * bus-specific subdrivers and workqueues, so the we
386 * run it in a separate workqueue.
387 *
388 * - when the driver is not yet ready to handle them,
389 * they are queued and at some point the queue is
390 * restarted [NOTE: we can't queue SKBs directly, as
391 * this might be a piece of a SKB, not the whole
392 * thing, and this is cheaper than cloning the
393 * SKB].
394 *
395 * Note we don't do refcounting for the device
396 * structure; this is because before destroying
397 * 'i2400m', we make sure to flush the
398 * i2400m->work_queue, so there are no issues.
399 */
400 i2400m_report_hook_queue(i2400m, skb_rx, l3l4_hdr, size);
401 if (unlikely(i2400m->trace_msg_from_user))
402 wimax_msg(&i2400m->wimax_dev, "echo",
403 l3l4_hdr, size, GFP_KERNEL);
404 result = wimax_msg(&i2400m->wimax_dev, NULL, l3l4_hdr, size,
405 GFP_KERNEL);
406 if (result < 0)
407 dev_err(dev, "error sending report to userspace: %d\n",
408 result);
409 } else /* an ack to a CMD, GET or SET */
410 i2400m_rx_ctl_ack(i2400m, payload, size);
411 error_check:
412 return;
413 }
414
415
416 /*
417 * Receive and send up a trace
418 *
419 * @i2400m: device descriptor
420 * @skb_rx: skb that contains the trace (for reference counting)
421 * @payload: pointer to trace message inside the skb
422 * @size: size of the message
423 *
424 * THe i2400m might produce trace information (diagnostics) and we
425 * send them through a different kernel-to-user pipe (to avoid
426 * clogging it).
427 *
428 * As in i2400m_rx_ctl(), we can't clone the original skb where the
429 * data is because we need to send this up via netlink; netlink has to
430 * add headers and we can't overwrite what's preceding the
431 * payload...as it is another message. So we just dup them.
432 */
433 static
i2400m_rx_trace(struct i2400m * i2400m,const void * payload,size_t size)434 void i2400m_rx_trace(struct i2400m *i2400m,
435 const void *payload, size_t size)
436 {
437 int result;
438 struct device *dev = i2400m_dev(i2400m);
439 struct wimax_dev *wimax_dev = &i2400m->wimax_dev;
440 const struct i2400m_l3l4_hdr *l3l4_hdr = payload;
441 unsigned msg_type;
442
443 result = i2400m_msg_size_check(i2400m, l3l4_hdr, size);
444 if (result < 0) {
445 dev_err(dev, "HW BUG? device sent a bad trace message: %d\n",
446 result);
447 goto error_check;
448 }
449 msg_type = le16_to_cpu(l3l4_hdr->type);
450 d_printf(1, dev, "Trace %s 0x%04x: %zu bytes\n",
451 msg_type & I2400M_MT_REPORT_MASK ? "REPORT" : "CMD/SET/GET",
452 msg_type, size);
453 d_dump(2, dev, l3l4_hdr, size);
454 result = wimax_msg(wimax_dev, "trace", l3l4_hdr, size, GFP_KERNEL);
455 if (result < 0)
456 dev_err(dev, "error sending trace to userspace: %d\n",
457 result);
458 error_check:
459 return;
460 }
461
462
463 /*
464 * Reorder queue data stored on skb->cb while the skb is queued in the
465 * reorder queues.
466 */
467 struct i2400m_roq_data {
468 unsigned sn; /* Serial number for the skb */
469 enum i2400m_cs cs; /* packet type for the skb */
470 };
471
472
473 /*
474 * ReOrder Queue
475 *
476 * @ws: Window Start; sequence number where the current window start
477 * is for this queue
478 * @queue: the skb queue itself
479 * @log: circular ring buffer used to log information about the
480 * reorder process in this queue that can be displayed in case of
481 * error to help diagnose it.
482 *
483 * This is the head for a list of skbs. In the skb->cb member of the
484 * skb when queued here contains a 'struct i2400m_roq_data' were we
485 * store the sequence number (sn) and the cs (packet type) coming from
486 * the RX payload header from the device.
487 */
488 struct i2400m_roq
489 {
490 unsigned ws;
491 struct sk_buff_head queue;
492 struct i2400m_roq_log *log;
493 };
494
495
496 static
__i2400m_roq_init(struct i2400m_roq * roq)497 void __i2400m_roq_init(struct i2400m_roq *roq)
498 {
499 roq->ws = 0;
500 skb_queue_head_init(&roq->queue);
501 }
502
503
504 static
__i2400m_roq_index(struct i2400m * i2400m,struct i2400m_roq * roq)505 unsigned __i2400m_roq_index(struct i2400m *i2400m, struct i2400m_roq *roq)
506 {
507 return ((unsigned long) roq - (unsigned long) i2400m->rx_roq)
508 / sizeof(*roq);
509 }
510
511
512 /*
513 * Normalize a sequence number based on the queue's window start
514 *
515 * nsn = (sn - ws) % 2048
516 *
517 * Note that if @sn < @roq->ws, we still need a positive number; %'s
518 * sign is implementation specific, so we normalize it by adding 2048
519 * to bring it to be positive.
520 */
521 static
__i2400m_roq_nsn(struct i2400m_roq * roq,unsigned sn)522 unsigned __i2400m_roq_nsn(struct i2400m_roq *roq, unsigned sn)
523 {
524 int r;
525 r = ((int) sn - (int) roq->ws) % 2048;
526 if (r < 0)
527 r += 2048;
528 return r;
529 }
530
531
532 /*
533 * Circular buffer to keep the last N reorder operations
534 *
535 * In case something fails, dumb then to try to come up with what
536 * happened.
537 */
538 enum {
539 I2400M_ROQ_LOG_LENGTH = 32,
540 };
541
542 struct i2400m_roq_log {
543 struct i2400m_roq_log_entry {
544 enum i2400m_ro_type type;
545 unsigned ws, count, sn, nsn, new_ws;
546 } entry[I2400M_ROQ_LOG_LENGTH];
547 unsigned in, out;
548 };
549
550
551 /* Print a log entry */
552 static
i2400m_roq_log_entry_print(struct i2400m * i2400m,unsigned index,unsigned e_index,struct i2400m_roq_log_entry * e)553 void i2400m_roq_log_entry_print(struct i2400m *i2400m, unsigned index,
554 unsigned e_index,
555 struct i2400m_roq_log_entry *e)
556 {
557 struct device *dev = i2400m_dev(i2400m);
558
559 switch(e->type) {
560 case I2400M_RO_TYPE_RESET:
561 dev_err(dev, "q#%d reset ws %u cnt %u sn %u/%u"
562 " - new nws %u\n",
563 index, e->ws, e->count, e->sn, e->nsn, e->new_ws);
564 break;
565 case I2400M_RO_TYPE_PACKET:
566 dev_err(dev, "q#%d queue ws %u cnt %u sn %u/%u\n",
567 index, e->ws, e->count, e->sn, e->nsn);
568 break;
569 case I2400M_RO_TYPE_WS:
570 dev_err(dev, "q#%d update_ws ws %u cnt %u sn %u/%u"
571 " - new nws %u\n",
572 index, e->ws, e->count, e->sn, e->nsn, e->new_ws);
573 break;
574 case I2400M_RO_TYPE_PACKET_WS:
575 dev_err(dev, "q#%d queue_update_ws ws %u cnt %u sn %u/%u"
576 " - new nws %u\n",
577 index, e->ws, e->count, e->sn, e->nsn, e->new_ws);
578 break;
579 default:
580 dev_err(dev, "q#%d BUG? entry %u - unknown type %u\n",
581 index, e_index, e->type);
582 break;
583 }
584 }
585
586
587 static
i2400m_roq_log_add(struct i2400m * i2400m,struct i2400m_roq * roq,enum i2400m_ro_type type,unsigned ws,unsigned count,unsigned sn,unsigned nsn,unsigned new_ws)588 void i2400m_roq_log_add(struct i2400m *i2400m,
589 struct i2400m_roq *roq, enum i2400m_ro_type type,
590 unsigned ws, unsigned count, unsigned sn,
591 unsigned nsn, unsigned new_ws)
592 {
593 struct i2400m_roq_log_entry *e;
594 unsigned cnt_idx;
595 int index = __i2400m_roq_index(i2400m, roq);
596
597 /* if we run out of space, we eat from the end */
598 if (roq->log->in - roq->log->out == I2400M_ROQ_LOG_LENGTH)
599 roq->log->out++;
600 cnt_idx = roq->log->in++ % I2400M_ROQ_LOG_LENGTH;
601 e = &roq->log->entry[cnt_idx];
602
603 e->type = type;
604 e->ws = ws;
605 e->count = count;
606 e->sn = sn;
607 e->nsn = nsn;
608 e->new_ws = new_ws;
609
610 if (d_test(1))
611 i2400m_roq_log_entry_print(i2400m, index, cnt_idx, e);
612 }
613
614
615 /* Dump all the entries in the FIFO and reinitialize it */
616 static
i2400m_roq_log_dump(struct i2400m * i2400m,struct i2400m_roq * roq)617 void i2400m_roq_log_dump(struct i2400m *i2400m, struct i2400m_roq *roq)
618 {
619 unsigned cnt, cnt_idx;
620 struct i2400m_roq_log_entry *e;
621 int index = __i2400m_roq_index(i2400m, roq);
622
623 BUG_ON(roq->log->out > roq->log->in);
624 for (cnt = roq->log->out; cnt < roq->log->in; cnt++) {
625 cnt_idx = cnt % I2400M_ROQ_LOG_LENGTH;
626 e = &roq->log->entry[cnt_idx];
627 i2400m_roq_log_entry_print(i2400m, index, cnt_idx, e);
628 memset(e, 0, sizeof(*e));
629 }
630 roq->log->in = roq->log->out = 0;
631 }
632
633
634 /*
635 * Backbone for the queuing of an skb (by normalized sequence number)
636 *
637 * @i2400m: device descriptor
638 * @roq: reorder queue where to add
639 * @skb: the skb to add
640 * @sn: the sequence number of the skb
641 * @nsn: the normalized sequence number of the skb (pre-computed by the
642 * caller from the @sn and @roq->ws).
643 *
644 * We try first a couple of quick cases:
645 *
646 * - the queue is empty
647 * - the skb would be appended to the queue
648 *
649 * These will be the most common operations.
650 *
651 * If these fail, then we have to do a sorted insertion in the queue,
652 * which is the slowest path.
653 *
654 * We don't have to acquire a reference count as we are going to own it.
655 */
656 static
__i2400m_roq_queue(struct i2400m * i2400m,struct i2400m_roq * roq,struct sk_buff * skb,unsigned sn,unsigned nsn)657 void __i2400m_roq_queue(struct i2400m *i2400m, struct i2400m_roq *roq,
658 struct sk_buff *skb, unsigned sn, unsigned nsn)
659 {
660 struct device *dev = i2400m_dev(i2400m);
661 struct sk_buff *skb_itr;
662 struct i2400m_roq_data *roq_data_itr, *roq_data;
663 unsigned nsn_itr;
664
665 d_fnstart(4, dev, "(i2400m %p roq %p skb %p sn %u nsn %u)\n",
666 i2400m, roq, skb, sn, nsn);
667
668 roq_data = (struct i2400m_roq_data *) &skb->cb;
669 BUILD_BUG_ON(sizeof(*roq_data) > sizeof(skb->cb));
670 roq_data->sn = sn;
671 d_printf(3, dev, "ERX: roq %p [ws %u] nsn %d sn %u\n",
672 roq, roq->ws, nsn, roq_data->sn);
673
674 /* Queues will be empty on not-so-bad environments, so try
675 * that first */
676 if (skb_queue_empty(&roq->queue)) {
677 d_printf(2, dev, "ERX: roq %p - first one\n", roq);
678 __skb_queue_head(&roq->queue, skb);
679 goto out;
680 }
681 /* Now try append, as most of the operations will be that */
682 skb_itr = skb_peek_tail(&roq->queue);
683 roq_data_itr = (struct i2400m_roq_data *) &skb_itr->cb;
684 nsn_itr = __i2400m_roq_nsn(roq, roq_data_itr->sn);
685 /* NSN bounds assumed correct (checked when it was queued) */
686 if (nsn >= nsn_itr) {
687 d_printf(2, dev, "ERX: roq %p - appended after %p (nsn %d sn %u)\n",
688 roq, skb_itr, nsn_itr, roq_data_itr->sn);
689 __skb_queue_tail(&roq->queue, skb);
690 goto out;
691 }
692 /* None of the fast paths option worked. Iterate to find the
693 * right spot where to insert the packet; we know the queue is
694 * not empty, so we are not the first ones; we also know we
695 * are not going to be the last ones. The list is sorted, so
696 * we have to insert before the the first guy with an nsn_itr
697 * greater that our nsn. */
698 skb_queue_walk(&roq->queue, skb_itr) {
699 roq_data_itr = (struct i2400m_roq_data *) &skb_itr->cb;
700 nsn_itr = __i2400m_roq_nsn(roq, roq_data_itr->sn);
701 /* NSN bounds assumed correct (checked when it was queued) */
702 if (nsn_itr > nsn) {
703 d_printf(2, dev, "ERX: roq %p - queued before %p "
704 "(nsn %d sn %u)\n", roq, skb_itr, nsn_itr,
705 roq_data_itr->sn);
706 __skb_queue_before(&roq->queue, skb_itr, skb);
707 goto out;
708 }
709 }
710 /* If we get here, that is VERY bad -- print info to help
711 * diagnose and crash it */
712 dev_err(dev, "SW BUG? failed to insert packet\n");
713 dev_err(dev, "ERX: roq %p [ws %u] skb %p nsn %d sn %u\n",
714 roq, roq->ws, skb, nsn, roq_data->sn);
715 skb_queue_walk(&roq->queue, skb_itr) {
716 roq_data_itr = (struct i2400m_roq_data *) &skb_itr->cb;
717 nsn_itr = __i2400m_roq_nsn(roq, roq_data_itr->sn);
718 /* NSN bounds assumed correct (checked when it was queued) */
719 dev_err(dev, "ERX: roq %p skb_itr %p nsn %d sn %u\n",
720 roq, skb_itr, nsn_itr, roq_data_itr->sn);
721 }
722 BUG();
723 out:
724 d_fnend(4, dev, "(i2400m %p roq %p skb %p sn %u nsn %d) = void\n",
725 i2400m, roq, skb, sn, nsn);
726 }
727
728
729 /*
730 * Backbone for the update window start operation
731 *
732 * @i2400m: device descriptor
733 * @roq: Reorder queue
734 * @sn: New sequence number
735 *
736 * Updates the window start of a queue; when doing so, it must deliver
737 * to the networking stack all the queued skb's whose normalized
738 * sequence number is lower than the new normalized window start.
739 */
740 static
__i2400m_roq_update_ws(struct i2400m * i2400m,struct i2400m_roq * roq,unsigned sn)741 unsigned __i2400m_roq_update_ws(struct i2400m *i2400m, struct i2400m_roq *roq,
742 unsigned sn)
743 {
744 struct device *dev = i2400m_dev(i2400m);
745 struct sk_buff *skb_itr, *tmp_itr;
746 struct i2400m_roq_data *roq_data_itr;
747 unsigned new_nws, nsn_itr;
748
749 new_nws = __i2400m_roq_nsn(roq, sn);
750 /*
751 * For type 2(update_window_start) rx messages, there is no
752 * need to check if the normalized sequence number is greater 1023.
753 * Simply insert and deliver all packets to the host up to the
754 * window start.
755 */
756 skb_queue_walk_safe(&roq->queue, skb_itr, tmp_itr) {
757 roq_data_itr = (struct i2400m_roq_data *) &skb_itr->cb;
758 nsn_itr = __i2400m_roq_nsn(roq, roq_data_itr->sn);
759 /* NSN bounds assumed correct (checked when it was queued) */
760 if (nsn_itr < new_nws) {
761 d_printf(2, dev, "ERX: roq %p - release skb %p "
762 "(nsn %u/%u new nws %u)\n",
763 roq, skb_itr, nsn_itr, roq_data_itr->sn,
764 new_nws);
765 __skb_unlink(skb_itr, &roq->queue);
766 i2400m_net_erx(i2400m, skb_itr, roq_data_itr->cs);
767 }
768 else
769 break; /* rest of packets all nsn_itr > nws */
770 }
771 roq->ws = sn;
772 return new_nws;
773 }
774
775
776 /*
777 * Reset a queue
778 *
779 * @i2400m: device descriptor
780 * @cin: Queue Index
781 *
782 * Deliver all the packets and reset the window-start to zero. Name is
783 * kind of misleading.
784 */
785 static
i2400m_roq_reset(struct i2400m * i2400m,struct i2400m_roq * roq)786 void i2400m_roq_reset(struct i2400m *i2400m, struct i2400m_roq *roq)
787 {
788 struct device *dev = i2400m_dev(i2400m);
789 struct sk_buff *skb_itr, *tmp_itr;
790 struct i2400m_roq_data *roq_data_itr;
791
792 d_fnstart(2, dev, "(i2400m %p roq %p)\n", i2400m, roq);
793 i2400m_roq_log_add(i2400m, roq, I2400M_RO_TYPE_RESET,
794 roq->ws, skb_queue_len(&roq->queue),
795 ~0, ~0, 0);
796 skb_queue_walk_safe(&roq->queue, skb_itr, tmp_itr) {
797 roq_data_itr = (struct i2400m_roq_data *) &skb_itr->cb;
798 d_printf(2, dev, "ERX: roq %p - release skb %p (sn %u)\n",
799 roq, skb_itr, roq_data_itr->sn);
800 __skb_unlink(skb_itr, &roq->queue);
801 i2400m_net_erx(i2400m, skb_itr, roq_data_itr->cs);
802 }
803 roq->ws = 0;
804 d_fnend(2, dev, "(i2400m %p roq %p) = void\n", i2400m, roq);
805 }
806
807
808 /*
809 * Queue a packet
810 *
811 * @i2400m: device descriptor
812 * @cin: Queue Index
813 * @skb: containing the packet data
814 * @fbn: First block number of the packet in @skb
815 * @lbn: Last block number of the packet in @skb
816 *
817 * The hardware is asking the driver to queue a packet for later
818 * delivery to the networking stack.
819 */
820 static
i2400m_roq_queue(struct i2400m * i2400m,struct i2400m_roq * roq,struct sk_buff * skb,unsigned lbn)821 void i2400m_roq_queue(struct i2400m *i2400m, struct i2400m_roq *roq,
822 struct sk_buff * skb, unsigned lbn)
823 {
824 struct device *dev = i2400m_dev(i2400m);
825 unsigned nsn, len;
826
827 d_fnstart(2, dev, "(i2400m %p roq %p skb %p lbn %u) = void\n",
828 i2400m, roq, skb, lbn);
829 len = skb_queue_len(&roq->queue);
830 nsn = __i2400m_roq_nsn(roq, lbn);
831 if (unlikely(nsn >= 1024)) {
832 dev_err(dev, "SW BUG? queue nsn %d (lbn %u ws %u)\n",
833 nsn, lbn, roq->ws);
834 i2400m_roq_log_dump(i2400m, roq);
835 i2400m_reset(i2400m, I2400M_RT_WARM);
836 } else {
837 __i2400m_roq_queue(i2400m, roq, skb, lbn, nsn);
838 i2400m_roq_log_add(i2400m, roq, I2400M_RO_TYPE_PACKET,
839 roq->ws, len, lbn, nsn, ~0);
840 }
841 d_fnend(2, dev, "(i2400m %p roq %p skb %p lbn %u) = void\n",
842 i2400m, roq, skb, lbn);
843 }
844
845
846 /*
847 * Update the window start in a reorder queue and deliver all skbs
848 * with a lower window start
849 *
850 * @i2400m: device descriptor
851 * @roq: Reorder queue
852 * @sn: New sequence number
853 */
854 static
i2400m_roq_update_ws(struct i2400m * i2400m,struct i2400m_roq * roq,unsigned sn)855 void i2400m_roq_update_ws(struct i2400m *i2400m, struct i2400m_roq *roq,
856 unsigned sn)
857 {
858 struct device *dev = i2400m_dev(i2400m);
859 unsigned old_ws, nsn, len;
860
861 d_fnstart(2, dev, "(i2400m %p roq %p sn %u)\n", i2400m, roq, sn);
862 old_ws = roq->ws;
863 len = skb_queue_len(&roq->queue);
864 nsn = __i2400m_roq_update_ws(i2400m, roq, sn);
865 i2400m_roq_log_add(i2400m, roq, I2400M_RO_TYPE_WS,
866 old_ws, len, sn, nsn, roq->ws);
867 d_fnstart(2, dev, "(i2400m %p roq %p sn %u) = void\n", i2400m, roq, sn);
868 }
869
870
871 /*
872 * Queue a packet and update the window start
873 *
874 * @i2400m: device descriptor
875 * @cin: Queue Index
876 * @skb: containing the packet data
877 * @fbn: First block number of the packet in @skb
878 * @sn: Last block number of the packet in @skb
879 *
880 * Note that unlike i2400m_roq_update_ws(), which sets the new window
881 * start to @sn, in here we'll set it to @sn + 1.
882 */
883 static
i2400m_roq_queue_update_ws(struct i2400m * i2400m,struct i2400m_roq * roq,struct sk_buff * skb,unsigned sn)884 void i2400m_roq_queue_update_ws(struct i2400m *i2400m, struct i2400m_roq *roq,
885 struct sk_buff * skb, unsigned sn)
886 {
887 struct device *dev = i2400m_dev(i2400m);
888 unsigned nsn, old_ws, len;
889
890 d_fnstart(2, dev, "(i2400m %p roq %p skb %p sn %u)\n",
891 i2400m, roq, skb, sn);
892 len = skb_queue_len(&roq->queue);
893 nsn = __i2400m_roq_nsn(roq, sn);
894 /*
895 * For type 3(queue_update_window_start) rx messages, there is no
896 * need to check if the normalized sequence number is greater 1023.
897 * Simply insert and deliver all packets to the host up to the
898 * window start.
899 */
900 old_ws = roq->ws;
901 /* If the queue is empty, don't bother as we'd queue
902 * it and immediately unqueue it -- just deliver it.
903 */
904 if (len == 0) {
905 struct i2400m_roq_data *roq_data;
906 roq_data = (struct i2400m_roq_data *) &skb->cb;
907 i2400m_net_erx(i2400m, skb, roq_data->cs);
908 } else
909 __i2400m_roq_queue(i2400m, roq, skb, sn, nsn);
910
911 __i2400m_roq_update_ws(i2400m, roq, sn + 1);
912 i2400m_roq_log_add(i2400m, roq, I2400M_RO_TYPE_PACKET_WS,
913 old_ws, len, sn, nsn, roq->ws);
914
915 d_fnend(2, dev, "(i2400m %p roq %p skb %p sn %u) = void\n",
916 i2400m, roq, skb, sn);
917 }
918
919
920 /*
921 * This routine destroys the memory allocated for rx_roq, when no
922 * other thread is accessing it. Access to rx_roq is refcounted by
923 * rx_roq_refcount, hence memory allocated must be destroyed when
924 * rx_roq_refcount becomes zero. This routine gets executed when
925 * rx_roq_refcount becomes zero.
926 */
i2400m_rx_roq_destroy(struct kref * ref)927 static void i2400m_rx_roq_destroy(struct kref *ref)
928 {
929 unsigned itr;
930 struct i2400m *i2400m
931 = container_of(ref, struct i2400m, rx_roq_refcount);
932 for (itr = 0; itr < I2400M_RO_CIN + 1; itr++)
933 __skb_queue_purge(&i2400m->rx_roq[itr].queue);
934 kfree(i2400m->rx_roq[0].log);
935 kfree(i2400m->rx_roq);
936 i2400m->rx_roq = NULL;
937 }
938
939 /*
940 * Receive and send up an extended data packet
941 *
942 * @i2400m: device descriptor
943 * @skb_rx: skb that contains the extended data packet
944 * @single_last: 1 if the payload is the only one or the last one of
945 * the skb.
946 * @payload: pointer to the packet's data inside the skb
947 * @size: size of the payload
948 *
949 * Starting in v1.4 of the i2400m's firmware, the device can send data
950 * packets to the host in an extended format that; this incudes a 16
951 * byte header (struct i2400m_pl_edata_hdr). Using this header's space
952 * we can fake ethernet headers for ethernet device emulation without
953 * having to copy packets around.
954 *
955 * This function handles said path.
956 *
957 *
958 * Receive and send up an extended data packet that requires no reordering
959 *
960 * @i2400m: device descriptor
961 * @skb_rx: skb that contains the extended data packet
962 * @single_last: 1 if the payload is the only one or the last one of
963 * the skb.
964 * @payload: pointer to the packet's data (past the actual extended
965 * data payload header).
966 * @size: size of the payload
967 *
968 * Pass over to the networking stack a data packet that might have
969 * reordering requirements.
970 *
971 * This needs to the decide if the skb in which the packet is
972 * contained can be reused or if it needs to be cloned. Then it has to
973 * be trimmed in the edges so that the beginning is the space for eth
974 * header and then pass it to i2400m_net_erx() for the stack
975 *
976 * Assumes the caller has verified the sanity of the payload (size,
977 * etc) already.
978 */
979 static
i2400m_rx_edata(struct i2400m * i2400m,struct sk_buff * skb_rx,unsigned single_last,const void * payload,size_t size)980 void i2400m_rx_edata(struct i2400m *i2400m, struct sk_buff *skb_rx,
981 unsigned single_last, const void *payload, size_t size)
982 {
983 struct device *dev = i2400m_dev(i2400m);
984 const struct i2400m_pl_edata_hdr *hdr = payload;
985 struct net_device *net_dev = i2400m->wimax_dev.net_dev;
986 struct sk_buff *skb;
987 enum i2400m_cs cs;
988 u32 reorder;
989 unsigned ro_needed, ro_type, ro_cin, ro_sn;
990 struct i2400m_roq *roq;
991 struct i2400m_roq_data *roq_data;
992 unsigned long flags;
993
994 BUILD_BUG_ON(ETH_HLEN > sizeof(*hdr));
995
996 d_fnstart(2, dev, "(i2400m %p skb_rx %p single %u payload %p "
997 "size %zu)\n", i2400m, skb_rx, single_last, payload, size);
998 if (size < sizeof(*hdr)) {
999 dev_err(dev, "ERX: HW BUG? message with short header (%zu "
1000 "vs %zu bytes expected)\n", size, sizeof(*hdr));
1001 goto error;
1002 }
1003
1004 if (single_last) {
1005 skb = skb_get(skb_rx);
1006 d_printf(3, dev, "ERX: skb %p reusing\n", skb);
1007 } else {
1008 skb = skb_clone(skb_rx, GFP_KERNEL);
1009 if (skb == NULL) {
1010 dev_err(dev, "ERX: no memory to clone skb\n");
1011 net_dev->stats.rx_dropped++;
1012 goto error_skb_clone;
1013 }
1014 d_printf(3, dev, "ERX: skb %p cloned from %p\n", skb, skb_rx);
1015 }
1016 /* now we have to pull and trim so that the skb points to the
1017 * beginning of the IP packet; the netdev part will add the
1018 * ethernet header as needed - we know there is enough space
1019 * because we checked in i2400m_rx_edata(). */
1020 skb_pull(skb, payload + sizeof(*hdr) - (void *) skb->data);
1021 skb_trim(skb, (void *) skb_end_pointer(skb) - payload - sizeof(*hdr));
1022
1023 reorder = le32_to_cpu(hdr->reorder);
1024 ro_needed = reorder & I2400M_RO_NEEDED;
1025 cs = hdr->cs;
1026 if (ro_needed) {
1027 ro_type = (reorder >> I2400M_RO_TYPE_SHIFT) & I2400M_RO_TYPE;
1028 ro_cin = (reorder >> I2400M_RO_CIN_SHIFT) & I2400M_RO_CIN;
1029 ro_sn = (reorder >> I2400M_RO_SN_SHIFT) & I2400M_RO_SN;
1030
1031 spin_lock_irqsave(&i2400m->rx_lock, flags);
1032 if (i2400m->rx_roq == NULL) {
1033 kfree_skb(skb); /* rx_roq is already destroyed */
1034 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
1035 goto error;
1036 }
1037 roq = &i2400m->rx_roq[ro_cin];
1038 kref_get(&i2400m->rx_roq_refcount);
1039 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
1040
1041 roq_data = (struct i2400m_roq_data *) &skb->cb;
1042 roq_data->sn = ro_sn;
1043 roq_data->cs = cs;
1044 d_printf(2, dev, "ERX: reorder needed: "
1045 "type %u cin %u [ws %u] sn %u/%u len %zuB\n",
1046 ro_type, ro_cin, roq->ws, ro_sn,
1047 __i2400m_roq_nsn(roq, ro_sn), size);
1048 d_dump(2, dev, payload, size);
1049 switch(ro_type) {
1050 case I2400M_RO_TYPE_RESET:
1051 i2400m_roq_reset(i2400m, roq);
1052 kfree_skb(skb); /* no data here */
1053 break;
1054 case I2400M_RO_TYPE_PACKET:
1055 i2400m_roq_queue(i2400m, roq, skb, ro_sn);
1056 break;
1057 case I2400M_RO_TYPE_WS:
1058 i2400m_roq_update_ws(i2400m, roq, ro_sn);
1059 kfree_skb(skb); /* no data here */
1060 break;
1061 case I2400M_RO_TYPE_PACKET_WS:
1062 i2400m_roq_queue_update_ws(i2400m, roq, skb, ro_sn);
1063 break;
1064 default:
1065 dev_err(dev, "HW BUG? unknown reorder type %u\n", ro_type);
1066 }
1067
1068 spin_lock_irqsave(&i2400m->rx_lock, flags);
1069 kref_put(&i2400m->rx_roq_refcount, i2400m_rx_roq_destroy);
1070 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
1071 }
1072 else
1073 i2400m_net_erx(i2400m, skb, cs);
1074 error_skb_clone:
1075 error:
1076 d_fnend(2, dev, "(i2400m %p skb_rx %p single %u payload %p "
1077 "size %zu) = void\n", i2400m, skb_rx, single_last, payload, size);
1078 }
1079
1080
1081 /*
1082 * Act on a received payload
1083 *
1084 * @i2400m: device instance
1085 * @skb_rx: skb where the transaction was received
1086 * @single_last: 1 this is the only payload or the last one (so the
1087 * skb can be reused instead of cloned).
1088 * @pld: payload descriptor
1089 * @payload: payload data
1090 *
1091 * Upon reception of a payload, look at its guts in the payload
1092 * descriptor and decide what to do with it. If it is a single payload
1093 * skb or if the last skb is a data packet, the skb will be referenced
1094 * and modified (so it doesn't have to be cloned).
1095 */
1096 static
i2400m_rx_payload(struct i2400m * i2400m,struct sk_buff * skb_rx,unsigned single_last,const struct i2400m_pld * pld,const void * payload)1097 void i2400m_rx_payload(struct i2400m *i2400m, struct sk_buff *skb_rx,
1098 unsigned single_last, const struct i2400m_pld *pld,
1099 const void *payload)
1100 {
1101 struct device *dev = i2400m_dev(i2400m);
1102 size_t pl_size = i2400m_pld_size(pld);
1103 enum i2400m_pt pl_type = i2400m_pld_type(pld);
1104
1105 d_printf(7, dev, "RX: received payload type %u, %zu bytes\n",
1106 pl_type, pl_size);
1107 d_dump(8, dev, payload, pl_size);
1108
1109 switch (pl_type) {
1110 case I2400M_PT_DATA:
1111 d_printf(3, dev, "RX: data payload %zu bytes\n", pl_size);
1112 i2400m_net_rx(i2400m, skb_rx, single_last, payload, pl_size);
1113 break;
1114 case I2400M_PT_CTRL:
1115 i2400m_rx_ctl(i2400m, skb_rx, payload, pl_size);
1116 break;
1117 case I2400M_PT_TRACE:
1118 i2400m_rx_trace(i2400m, payload, pl_size);
1119 break;
1120 case I2400M_PT_EDATA:
1121 d_printf(3, dev, "ERX: data payload %zu bytes\n", pl_size);
1122 i2400m_rx_edata(i2400m, skb_rx, single_last, payload, pl_size);
1123 break;
1124 default: /* Anything else shouldn't come to the host */
1125 if (printk_ratelimit())
1126 dev_err(dev, "RX: HW BUG? unexpected payload type %u\n",
1127 pl_type);
1128 }
1129 }
1130
1131
1132 /*
1133 * Check a received transaction's message header
1134 *
1135 * @i2400m: device descriptor
1136 * @msg_hdr: message header
1137 * @buf_size: size of the received buffer
1138 *
1139 * Check that the declarations done by a RX buffer message header are
1140 * sane and consistent with the amount of data that was received.
1141 */
1142 static
i2400m_rx_msg_hdr_check(struct i2400m * i2400m,const struct i2400m_msg_hdr * msg_hdr,size_t buf_size)1143 int i2400m_rx_msg_hdr_check(struct i2400m *i2400m,
1144 const struct i2400m_msg_hdr *msg_hdr,
1145 size_t buf_size)
1146 {
1147 int result = -EIO;
1148 struct device *dev = i2400m_dev(i2400m);
1149 if (buf_size < sizeof(*msg_hdr)) {
1150 dev_err(dev, "RX: HW BUG? message with short header (%zu "
1151 "vs %zu bytes expected)\n", buf_size, sizeof(*msg_hdr));
1152 goto error;
1153 }
1154 if (msg_hdr->barker != cpu_to_le32(I2400M_D2H_MSG_BARKER)) {
1155 dev_err(dev, "RX: HW BUG? message received with unknown "
1156 "barker 0x%08x (buf_size %zu bytes)\n",
1157 le32_to_cpu(msg_hdr->barker), buf_size);
1158 goto error;
1159 }
1160 if (msg_hdr->num_pls == 0) {
1161 dev_err(dev, "RX: HW BUG? zero payload packets in message\n");
1162 goto error;
1163 }
1164 if (le16_to_cpu(msg_hdr->num_pls) > I2400M_MAX_PLS_IN_MSG) {
1165 dev_err(dev, "RX: HW BUG? message contains more payload "
1166 "than maximum; ignoring.\n");
1167 goto error;
1168 }
1169 result = 0;
1170 error:
1171 return result;
1172 }
1173
1174
1175 /*
1176 * Check a payload descriptor against the received data
1177 *
1178 * @i2400m: device descriptor
1179 * @pld: payload descriptor
1180 * @pl_itr: offset (in bytes) in the received buffer the payload is
1181 * located
1182 * @buf_size: size of the received buffer
1183 *
1184 * Given a payload descriptor (part of a RX buffer), check it is sane
1185 * and that the data it declares fits in the buffer.
1186 */
1187 static
i2400m_rx_pl_descr_check(struct i2400m * i2400m,const struct i2400m_pld * pld,size_t pl_itr,size_t buf_size)1188 int i2400m_rx_pl_descr_check(struct i2400m *i2400m,
1189 const struct i2400m_pld *pld,
1190 size_t pl_itr, size_t buf_size)
1191 {
1192 int result = -EIO;
1193 struct device *dev = i2400m_dev(i2400m);
1194 size_t pl_size = i2400m_pld_size(pld);
1195 enum i2400m_pt pl_type = i2400m_pld_type(pld);
1196
1197 if (pl_size > i2400m->bus_pl_size_max) {
1198 dev_err(dev, "RX: HW BUG? payload @%zu: size %zu is "
1199 "bigger than maximum %zu; ignoring message\n",
1200 pl_itr, pl_size, i2400m->bus_pl_size_max);
1201 goto error;
1202 }
1203 if (pl_itr + pl_size > buf_size) { /* enough? */
1204 dev_err(dev, "RX: HW BUG? payload @%zu: size %zu "
1205 "goes beyond the received buffer "
1206 "size (%zu bytes); ignoring message\n",
1207 pl_itr, pl_size, buf_size);
1208 goto error;
1209 }
1210 if (pl_type >= I2400M_PT_ILLEGAL) {
1211 dev_err(dev, "RX: HW BUG? illegal payload type %u; "
1212 "ignoring message\n", pl_type);
1213 goto error;
1214 }
1215 result = 0;
1216 error:
1217 return result;
1218 }
1219
1220
1221 /**
1222 * i2400m_rx - Receive a buffer of data from the device
1223 *
1224 * @i2400m: device descriptor
1225 * @skb: skbuff where the data has been received
1226 *
1227 * Parse in a buffer of data that contains an RX message sent from the
1228 * device. See the file header for the format. Run all checks on the
1229 * buffer header, then run over each payload's descriptors, verify
1230 * their consistency and act on each payload's contents. If
1231 * everything is successful, update the device's statistics.
1232 *
1233 * Note: You need to set the skb to contain only the length of the
1234 * received buffer; for that, use skb_trim(skb, RECEIVED_SIZE).
1235 *
1236 * Returns:
1237 *
1238 * 0 if ok, < 0 errno on error
1239 *
1240 * If ok, this function owns now the skb and the caller DOESN'T have
1241 * to run kfree_skb() on it. However, on error, the caller still owns
1242 * the skb and it is responsible for releasing it.
1243 */
i2400m_rx(struct i2400m * i2400m,struct sk_buff * skb)1244 int i2400m_rx(struct i2400m *i2400m, struct sk_buff *skb)
1245 {
1246 int i, result;
1247 struct device *dev = i2400m_dev(i2400m);
1248 const struct i2400m_msg_hdr *msg_hdr;
1249 size_t pl_itr, pl_size;
1250 unsigned long flags;
1251 unsigned num_pls, single_last, skb_len;
1252
1253 skb_len = skb->len;
1254 d_fnstart(4, dev, "(i2400m %p skb %p [size %u])\n",
1255 i2400m, skb, skb_len);
1256 result = -EIO;
1257 msg_hdr = (void *) skb->data;
1258 result = i2400m_rx_msg_hdr_check(i2400m, msg_hdr, skb_len);
1259 if (result < 0)
1260 goto error_msg_hdr_check;
1261 result = -EIO;
1262 num_pls = le16_to_cpu(msg_hdr->num_pls);
1263 pl_itr = sizeof(*msg_hdr) + /* Check payload descriptor(s) */
1264 num_pls * sizeof(msg_hdr->pld[0]);
1265 pl_itr = ALIGN(pl_itr, I2400M_PL_ALIGN);
1266 if (pl_itr > skb_len) { /* got all the payload descriptors? */
1267 dev_err(dev, "RX: HW BUG? message too short (%u bytes) for "
1268 "%u payload descriptors (%zu each, total %zu)\n",
1269 skb_len, num_pls, sizeof(msg_hdr->pld[0]), pl_itr);
1270 goto error_pl_descr_short;
1271 }
1272 /* Walk each payload payload--check we really got it */
1273 for (i = 0; i < num_pls; i++) {
1274 /* work around old gcc warnings */
1275 pl_size = i2400m_pld_size(&msg_hdr->pld[i]);
1276 result = i2400m_rx_pl_descr_check(i2400m, &msg_hdr->pld[i],
1277 pl_itr, skb_len);
1278 if (result < 0)
1279 goto error_pl_descr_check;
1280 single_last = num_pls == 1 || i == num_pls - 1;
1281 i2400m_rx_payload(i2400m, skb, single_last, &msg_hdr->pld[i],
1282 skb->data + pl_itr);
1283 pl_itr += ALIGN(pl_size, I2400M_PL_ALIGN);
1284 cond_resched(); /* Don't monopolize */
1285 }
1286 kfree_skb(skb);
1287 /* Update device statistics */
1288 spin_lock_irqsave(&i2400m->rx_lock, flags);
1289 i2400m->rx_pl_num += i;
1290 if (i > i2400m->rx_pl_max)
1291 i2400m->rx_pl_max = i;
1292 if (i < i2400m->rx_pl_min)
1293 i2400m->rx_pl_min = i;
1294 i2400m->rx_num++;
1295 i2400m->rx_size_acc += skb_len;
1296 if (skb_len < i2400m->rx_size_min)
1297 i2400m->rx_size_min = skb_len;
1298 if (skb_len > i2400m->rx_size_max)
1299 i2400m->rx_size_max = skb_len;
1300 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
1301 error_pl_descr_check:
1302 error_pl_descr_short:
1303 error_msg_hdr_check:
1304 d_fnend(4, dev, "(i2400m %p skb %p [size %u]) = %d\n",
1305 i2400m, skb, skb_len, result);
1306 return result;
1307 }
1308 EXPORT_SYMBOL_GPL(i2400m_rx);
1309
1310
i2400m_unknown_barker(struct i2400m * i2400m,const void * buf,size_t size)1311 void i2400m_unknown_barker(struct i2400m *i2400m,
1312 const void *buf, size_t size)
1313 {
1314 struct device *dev = i2400m_dev(i2400m);
1315 char prefix[64];
1316 const __le32 *barker = buf;
1317 dev_err(dev, "RX: HW BUG? unknown barker %08x, "
1318 "dropping %zu bytes\n", le32_to_cpu(*barker), size);
1319 snprintf(prefix, sizeof(prefix), "%s %s: ",
1320 dev_driver_string(dev), dev_name(dev));
1321 if (size > 64) {
1322 print_hex_dump(KERN_ERR, prefix, DUMP_PREFIX_OFFSET,
1323 8, 4, buf, 64, 0);
1324 printk(KERN_ERR "%s... (only first 64 bytes "
1325 "dumped)\n", prefix);
1326 } else
1327 print_hex_dump(KERN_ERR, prefix, DUMP_PREFIX_OFFSET,
1328 8, 4, buf, size, 0);
1329 }
1330 EXPORT_SYMBOL(i2400m_unknown_barker);
1331
1332
1333 /*
1334 * Initialize the RX queue and infrastructure
1335 *
1336 * This sets up all the RX reordering infrastructures, which will not
1337 * be used if reordering is not enabled or if the firmware does not
1338 * support it. The device is told to do reordering in
1339 * i2400m_dev_initialize(), where it also looks at the value of the
1340 * i2400m->rx_reorder switch before taking a decission.
1341 *
1342 * Note we allocate the roq queues in one chunk and the actual logging
1343 * support for it (logging) in another one and then we setup the
1344 * pointers from the first to the last.
1345 */
i2400m_rx_setup(struct i2400m * i2400m)1346 int i2400m_rx_setup(struct i2400m *i2400m)
1347 {
1348 int result = 0;
1349 struct device *dev = i2400m_dev(i2400m);
1350
1351 i2400m->rx_reorder = i2400m_rx_reorder_disabled? 0 : 1;
1352 if (i2400m->rx_reorder) {
1353 unsigned itr;
1354 size_t size;
1355 struct i2400m_roq_log *rd;
1356
1357 result = -ENOMEM;
1358
1359 size = sizeof(i2400m->rx_roq[0]) * (I2400M_RO_CIN + 1);
1360 i2400m->rx_roq = kzalloc(size, GFP_KERNEL);
1361 if (i2400m->rx_roq == NULL) {
1362 dev_err(dev, "RX: cannot allocate %zu bytes for "
1363 "reorder queues\n", size);
1364 goto error_roq_alloc;
1365 }
1366
1367 size = sizeof(*i2400m->rx_roq[0].log) * (I2400M_RO_CIN + 1);
1368 rd = kzalloc(size, GFP_KERNEL);
1369 if (rd == NULL) {
1370 dev_err(dev, "RX: cannot allocate %zu bytes for "
1371 "reorder queues log areas\n", size);
1372 result = -ENOMEM;
1373 goto error_roq_log_alloc;
1374 }
1375
1376 for(itr = 0; itr < I2400M_RO_CIN + 1; itr++) {
1377 __i2400m_roq_init(&i2400m->rx_roq[itr]);
1378 i2400m->rx_roq[itr].log = &rd[itr];
1379 }
1380 kref_init(&i2400m->rx_roq_refcount);
1381 }
1382 return 0;
1383
1384 error_roq_log_alloc:
1385 kfree(i2400m->rx_roq);
1386 error_roq_alloc:
1387 return result;
1388 }
1389
1390
1391 /* Tear down the RX queue and infrastructure */
i2400m_rx_release(struct i2400m * i2400m)1392 void i2400m_rx_release(struct i2400m *i2400m)
1393 {
1394 unsigned long flags;
1395
1396 if (i2400m->rx_reorder) {
1397 spin_lock_irqsave(&i2400m->rx_lock, flags);
1398 kref_put(&i2400m->rx_roq_refcount, i2400m_rx_roq_destroy);
1399 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
1400 }
1401 /* at this point, nothing can be received... */
1402 i2400m_report_hook_flush(i2400m);
1403 }
1404