1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * NXP Wireless LAN device driver: 802.11n
4  *
5  * Copyright 2011-2020 NXP
6  */
7 
8 #include "decl.h"
9 #include "ioctl.h"
10 #include "util.h"
11 #include "fw.h"
12 #include "main.h"
13 #include "wmm.h"
14 #include "11n.h"
15 
16 /*
17  * Fills HT capability information field, AMPDU Parameters field, HT extended
18  * capability field, and supported MCS set fields.
19  *
20  * HT capability information field, AMPDU Parameters field, supported MCS set
21  * fields are retrieved from cfg80211 stack
22  *
23  * RD responder bit to set to clear in the extended capability header.
24  */
mwifiex_fill_cap_info(struct mwifiex_private * priv,u8 radio_type,struct ieee80211_ht_cap * ht_cap)25 int mwifiex_fill_cap_info(struct mwifiex_private *priv, u8 radio_type,
26 			  struct ieee80211_ht_cap *ht_cap)
27 {
28 	uint16_t ht_ext_cap = le16_to_cpu(ht_cap->extended_ht_cap_info);
29 	struct ieee80211_supported_band *sband =
30 					priv->wdev.wiphy->bands[radio_type];
31 
32 	if (WARN_ON_ONCE(!sband)) {
33 		mwifiex_dbg(priv->adapter, ERROR, "Invalid radio type!\n");
34 		return -EINVAL;
35 	}
36 
37 	ht_cap->ampdu_params_info =
38 		(sband->ht_cap.ampdu_factor &
39 		 IEEE80211_HT_AMPDU_PARM_FACTOR) |
40 		((sband->ht_cap.ampdu_density <<
41 		 IEEE80211_HT_AMPDU_PARM_DENSITY_SHIFT) &
42 		 IEEE80211_HT_AMPDU_PARM_DENSITY);
43 
44 	memcpy((u8 *)&ht_cap->mcs, &sband->ht_cap.mcs,
45 	       sizeof(sband->ht_cap.mcs));
46 
47 	if (priv->bss_mode == NL80211_IFTYPE_STATION ||
48 	    (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40 &&
49 	     (priv->adapter->sec_chan_offset !=
50 					IEEE80211_HT_PARAM_CHA_SEC_NONE)))
51 		/* Set MCS32 for infra mode or ad-hoc mode with 40MHz support */
52 		SETHT_MCS32(ht_cap->mcs.rx_mask);
53 
54 	/* Clear RD responder bit */
55 	ht_ext_cap &= ~IEEE80211_HT_EXT_CAP_RD_RESPONDER;
56 
57 	ht_cap->cap_info = cpu_to_le16(sband->ht_cap.cap);
58 	ht_cap->extended_ht_cap_info = cpu_to_le16(ht_ext_cap);
59 
60 	if (ISSUPP_BEAMFORMING(priv->adapter->hw_dot_11n_dev_cap))
61 		ht_cap->tx_BF_cap_info = cpu_to_le32(MWIFIEX_DEF_11N_TX_BF_CAP);
62 
63 	return 0;
64 }
65 
66 /*
67  * This function returns the pointer to an entry in BA Stream
68  * table which matches the requested BA status.
69  */
70 static struct mwifiex_tx_ba_stream_tbl *
mwifiex_get_ba_status(struct mwifiex_private * priv,enum mwifiex_ba_status ba_status)71 mwifiex_get_ba_status(struct mwifiex_private *priv,
72 		      enum mwifiex_ba_status ba_status)
73 {
74 	struct mwifiex_tx_ba_stream_tbl *tx_ba_tsr_tbl;
75 
76 	spin_lock_bh(&priv->tx_ba_stream_tbl_lock);
77 	list_for_each_entry(tx_ba_tsr_tbl, &priv->tx_ba_stream_tbl_ptr, list) {
78 		if (tx_ba_tsr_tbl->ba_status == ba_status) {
79 			spin_unlock_bh(&priv->tx_ba_stream_tbl_lock);
80 			return tx_ba_tsr_tbl;
81 		}
82 	}
83 	spin_unlock_bh(&priv->tx_ba_stream_tbl_lock);
84 	return NULL;
85 }
86 
87 /*
88  * This function handles the command response of delete a block
89  * ack request.
90  *
91  * The function checks the response success status and takes action
92  * accordingly (send an add BA request in case of success, or recreate
93  * the deleted stream in case of failure, if the add BA was also
94  * initiated by us).
95  */
mwifiex_ret_11n_delba(struct mwifiex_private * priv,struct host_cmd_ds_command * resp)96 int mwifiex_ret_11n_delba(struct mwifiex_private *priv,
97 			  struct host_cmd_ds_command *resp)
98 {
99 	int tid;
100 	struct mwifiex_tx_ba_stream_tbl *tx_ba_tbl;
101 	struct host_cmd_ds_11n_delba *del_ba = &resp->params.del_ba;
102 	uint16_t del_ba_param_set = le16_to_cpu(del_ba->del_ba_param_set);
103 
104 	tid = del_ba_param_set >> DELBA_TID_POS;
105 	if (del_ba->del_result == BA_RESULT_SUCCESS) {
106 		mwifiex_del_ba_tbl(priv, tid, del_ba->peer_mac_addr,
107 				   TYPE_DELBA_SENT,
108 				   INITIATOR_BIT(del_ba_param_set));
109 
110 		tx_ba_tbl = mwifiex_get_ba_status(priv, BA_SETUP_INPROGRESS);
111 		if (tx_ba_tbl)
112 			mwifiex_send_addba(priv, tx_ba_tbl->tid,
113 					   tx_ba_tbl->ra);
114 	} else { /*
115 		  * In case of failure, recreate the deleted stream in case
116 		  * we initiated the DELBA
117 		  */
118 		if (!INITIATOR_BIT(del_ba_param_set))
119 			return 0;
120 
121 		mwifiex_create_ba_tbl(priv, del_ba->peer_mac_addr, tid,
122 				      BA_SETUP_INPROGRESS);
123 
124 		tx_ba_tbl = mwifiex_get_ba_status(priv, BA_SETUP_INPROGRESS);
125 
126 		if (tx_ba_tbl)
127 			mwifiex_del_ba_tbl(priv, tx_ba_tbl->tid, tx_ba_tbl->ra,
128 					   TYPE_DELBA_SENT, true);
129 	}
130 
131 	return 0;
132 }
133 
134 /*
135  * This function handles the command response of add a block
136  * ack request.
137  *
138  * Handling includes changing the header fields to CPU formats, checking
139  * the response success status and taking actions accordingly (delete the
140  * BA stream table in case of failure).
141  */
mwifiex_ret_11n_addba_req(struct mwifiex_private * priv,struct host_cmd_ds_command * resp)142 int mwifiex_ret_11n_addba_req(struct mwifiex_private *priv,
143 			      struct host_cmd_ds_command *resp)
144 {
145 	int tid, tid_down;
146 	struct host_cmd_ds_11n_addba_rsp *add_ba_rsp = &resp->params.add_ba_rsp;
147 	struct mwifiex_tx_ba_stream_tbl *tx_ba_tbl;
148 	struct mwifiex_ra_list_tbl *ra_list;
149 	u16 block_ack_param_set = le16_to_cpu(add_ba_rsp->block_ack_param_set);
150 
151 	add_ba_rsp->ssn = cpu_to_le16((le16_to_cpu(add_ba_rsp->ssn))
152 			& SSN_MASK);
153 
154 	tid = (block_ack_param_set & IEEE80211_ADDBA_PARAM_TID_MASK)
155 	       >> BLOCKACKPARAM_TID_POS;
156 
157 	tid_down = mwifiex_wmm_downgrade_tid(priv, tid);
158 	ra_list = mwifiex_wmm_get_ralist_node(priv, tid_down, add_ba_rsp->
159 		peer_mac_addr);
160 	if (le16_to_cpu(add_ba_rsp->status_code) != BA_RESULT_SUCCESS) {
161 		if (ra_list) {
162 			ra_list->ba_status = BA_SETUP_NONE;
163 			ra_list->amsdu_in_ampdu = false;
164 		}
165 		mwifiex_del_ba_tbl(priv, tid, add_ba_rsp->peer_mac_addr,
166 				   TYPE_DELBA_SENT, true);
167 		if (add_ba_rsp->add_rsp_result != BA_RESULT_TIMEOUT)
168 			priv->aggr_prio_tbl[tid].ampdu_ap =
169 				BA_STREAM_NOT_ALLOWED;
170 		return 0;
171 	}
172 
173 	tx_ba_tbl = mwifiex_get_ba_tbl(priv, tid, add_ba_rsp->peer_mac_addr);
174 	if (tx_ba_tbl) {
175 		mwifiex_dbg(priv->adapter, EVENT, "info: BA stream complete\n");
176 		tx_ba_tbl->ba_status = BA_SETUP_COMPLETE;
177 		if ((block_ack_param_set & BLOCKACKPARAM_AMSDU_SUPP_MASK) &&
178 		    priv->add_ba_param.tx_amsdu &&
179 		    (priv->aggr_prio_tbl[tid].amsdu != BA_STREAM_NOT_ALLOWED))
180 			tx_ba_tbl->amsdu = true;
181 		else
182 			tx_ba_tbl->amsdu = false;
183 		if (ra_list) {
184 			ra_list->amsdu_in_ampdu = tx_ba_tbl->amsdu;
185 			ra_list->ba_status = BA_SETUP_COMPLETE;
186 		}
187 	} else {
188 		mwifiex_dbg(priv->adapter, ERROR, "BA stream not created\n");
189 	}
190 
191 	return 0;
192 }
193 
194 /*
195  * This function prepares command of reconfigure Tx buffer.
196  *
197  * Preparation includes -
198  *      - Setting command ID, action and proper size
199  *      - Setting Tx buffer size (for SET only)
200  *      - Ensuring correct endian-ness
201  */
mwifiex_cmd_recfg_tx_buf(struct mwifiex_private * priv,struct host_cmd_ds_command * cmd,int cmd_action,u16 * buf_size)202 int mwifiex_cmd_recfg_tx_buf(struct mwifiex_private *priv,
203 			     struct host_cmd_ds_command *cmd, int cmd_action,
204 			     u16 *buf_size)
205 {
206 	struct host_cmd_ds_txbuf_cfg *tx_buf = &cmd->params.tx_buf;
207 	u16 action = (u16) cmd_action;
208 
209 	cmd->command = cpu_to_le16(HostCmd_CMD_RECONFIGURE_TX_BUFF);
210 	cmd->size =
211 		cpu_to_le16(sizeof(struct host_cmd_ds_txbuf_cfg) + S_DS_GEN);
212 	tx_buf->action = cpu_to_le16(action);
213 	switch (action) {
214 	case HostCmd_ACT_GEN_SET:
215 		mwifiex_dbg(priv->adapter, CMD,
216 			    "cmd: set tx_buf=%d\n", *buf_size);
217 		tx_buf->buff_size = cpu_to_le16(*buf_size);
218 		break;
219 	case HostCmd_ACT_GEN_GET:
220 	default:
221 		tx_buf->buff_size = 0;
222 		break;
223 	}
224 	return 0;
225 }
226 
227 /*
228  * This function prepares command of AMSDU aggregation control.
229  *
230  * Preparation includes -
231  *      - Setting command ID, action and proper size
232  *      - Setting AMSDU control parameters (for SET only)
233  *      - Ensuring correct endian-ness
234  */
mwifiex_cmd_amsdu_aggr_ctrl(struct host_cmd_ds_command * cmd,int cmd_action,struct mwifiex_ds_11n_amsdu_aggr_ctrl * aa_ctrl)235 int mwifiex_cmd_amsdu_aggr_ctrl(struct host_cmd_ds_command *cmd,
236 				int cmd_action,
237 				struct mwifiex_ds_11n_amsdu_aggr_ctrl *aa_ctrl)
238 {
239 	struct host_cmd_ds_amsdu_aggr_ctrl *amsdu_ctrl =
240 		&cmd->params.amsdu_aggr_ctrl;
241 	u16 action = (u16) cmd_action;
242 
243 	cmd->command = cpu_to_le16(HostCmd_CMD_AMSDU_AGGR_CTRL);
244 	cmd->size = cpu_to_le16(sizeof(struct host_cmd_ds_amsdu_aggr_ctrl)
245 				+ S_DS_GEN);
246 	amsdu_ctrl->action = cpu_to_le16(action);
247 	switch (action) {
248 	case HostCmd_ACT_GEN_SET:
249 		amsdu_ctrl->enable = cpu_to_le16(aa_ctrl->enable);
250 		amsdu_ctrl->curr_buf_size = 0;
251 		break;
252 	case HostCmd_ACT_GEN_GET:
253 	default:
254 		amsdu_ctrl->curr_buf_size = 0;
255 		break;
256 	}
257 	return 0;
258 }
259 
260 /*
261  * This function prepares 11n configuration command.
262  *
263  * Preparation includes -
264  *      - Setting command ID, action and proper size
265  *      - Setting HT Tx capability and HT Tx information fields
266  *      - Ensuring correct endian-ness
267  */
mwifiex_cmd_11n_cfg(struct mwifiex_private * priv,struct host_cmd_ds_command * cmd,u16 cmd_action,struct mwifiex_ds_11n_tx_cfg * txcfg)268 int mwifiex_cmd_11n_cfg(struct mwifiex_private *priv,
269 			struct host_cmd_ds_command *cmd, u16 cmd_action,
270 			struct mwifiex_ds_11n_tx_cfg *txcfg)
271 {
272 	struct host_cmd_ds_11n_cfg *htcfg = &cmd->params.htcfg;
273 
274 	cmd->command = cpu_to_le16(HostCmd_CMD_11N_CFG);
275 	cmd->size = cpu_to_le16(sizeof(struct host_cmd_ds_11n_cfg) + S_DS_GEN);
276 	htcfg->action = cpu_to_le16(cmd_action);
277 	htcfg->ht_tx_cap = cpu_to_le16(txcfg->tx_htcap);
278 	htcfg->ht_tx_info = cpu_to_le16(txcfg->tx_htinfo);
279 
280 	if (priv->adapter->is_hw_11ac_capable)
281 		htcfg->misc_config = cpu_to_le16(txcfg->misc_config);
282 
283 	return 0;
284 }
285 
286 /*
287  * This function appends an 11n TLV to a buffer.
288  *
289  * Buffer allocation is responsibility of the calling
290  * function. No size validation is made here.
291  *
292  * The function fills up the following sections, if applicable -
293  *      - HT capability IE
294  *      - HT information IE (with channel list)
295  *      - 20/40 BSS Coexistence IE
296  *      - HT Extended Capabilities IE
297  */
298 int
mwifiex_cmd_append_11n_tlv(struct mwifiex_private * priv,struct mwifiex_bssdescriptor * bss_desc,u8 ** buffer)299 mwifiex_cmd_append_11n_tlv(struct mwifiex_private *priv,
300 			   struct mwifiex_bssdescriptor *bss_desc,
301 			   u8 **buffer)
302 {
303 	struct mwifiex_ie_types_htcap *ht_cap;
304 	struct mwifiex_ie_types_htinfo *ht_info;
305 	struct mwifiex_ie_types_chan_list_param_set *chan_list;
306 	struct mwifiex_ie_types_2040bssco *bss_co_2040;
307 	struct mwifiex_ie_types_extcap *ext_cap;
308 	int ret_len = 0;
309 	struct ieee80211_supported_band *sband;
310 	struct ieee_types_header *hdr;
311 	u8 radio_type;
312 
313 	if (!buffer || !*buffer)
314 		return ret_len;
315 
316 	radio_type = mwifiex_band_to_radio_type((u8) bss_desc->bss_band);
317 	sband = priv->wdev.wiphy->bands[radio_type];
318 
319 	if (bss_desc->bcn_ht_cap) {
320 		ht_cap = (struct mwifiex_ie_types_htcap *) *buffer;
321 		memset(ht_cap, 0, sizeof(struct mwifiex_ie_types_htcap));
322 		ht_cap->header.type = cpu_to_le16(WLAN_EID_HT_CAPABILITY);
323 		ht_cap->header.len =
324 				cpu_to_le16(sizeof(struct ieee80211_ht_cap));
325 		memcpy((u8 *) ht_cap + sizeof(struct mwifiex_ie_types_header),
326 		       (u8 *)bss_desc->bcn_ht_cap,
327 		       le16_to_cpu(ht_cap->header.len));
328 
329 		mwifiex_fill_cap_info(priv, radio_type, &ht_cap->ht_cap);
330 		/* Update HT40 capability from current channel information */
331 		if (bss_desc->bcn_ht_oper) {
332 			u8 ht_param = bss_desc->bcn_ht_oper->ht_param;
333 			u8 radio =
334 			mwifiex_band_to_radio_type(bss_desc->bss_band);
335 			int freq =
336 			ieee80211_channel_to_frequency(bss_desc->channel,
337 						       radio);
338 			struct ieee80211_channel *chan =
339 			ieee80211_get_channel(priv->adapter->wiphy, freq);
340 
341 			switch (ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
342 			case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
343 				if (chan->flags & IEEE80211_CHAN_NO_HT40PLUS) {
344 					ht_cap->ht_cap.cap_info &=
345 					cpu_to_le16
346 					(~IEEE80211_HT_CAP_SUP_WIDTH_20_40);
347 					ht_cap->ht_cap.cap_info &=
348 					cpu_to_le16(~IEEE80211_HT_CAP_SGI_40);
349 				}
350 				break;
351 			case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
352 				if (chan->flags & IEEE80211_CHAN_NO_HT40MINUS) {
353 					ht_cap->ht_cap.cap_info &=
354 					cpu_to_le16
355 					(~IEEE80211_HT_CAP_SUP_WIDTH_20_40);
356 					ht_cap->ht_cap.cap_info &=
357 					cpu_to_le16(~IEEE80211_HT_CAP_SGI_40);
358 				}
359 				break;
360 			}
361 		}
362 
363 		*buffer += sizeof(struct mwifiex_ie_types_htcap);
364 		ret_len += sizeof(struct mwifiex_ie_types_htcap);
365 	}
366 
367 	if (bss_desc->bcn_ht_oper) {
368 		if (priv->bss_mode == NL80211_IFTYPE_ADHOC) {
369 			ht_info = (struct mwifiex_ie_types_htinfo *) *buffer;
370 			memset(ht_info, 0,
371 			       sizeof(struct mwifiex_ie_types_htinfo));
372 			ht_info->header.type =
373 					cpu_to_le16(WLAN_EID_HT_OPERATION);
374 			ht_info->header.len =
375 				cpu_to_le16(
376 					sizeof(struct ieee80211_ht_operation));
377 
378 			memcpy((u8 *) ht_info +
379 			       sizeof(struct mwifiex_ie_types_header),
380 			       (u8 *)bss_desc->bcn_ht_oper,
381 			       le16_to_cpu(ht_info->header.len));
382 
383 			if (!(sband->ht_cap.cap &
384 					IEEE80211_HT_CAP_SUP_WIDTH_20_40))
385 				ht_info->ht_oper.ht_param &=
386 					~(IEEE80211_HT_PARAM_CHAN_WIDTH_ANY |
387 					IEEE80211_HT_PARAM_CHA_SEC_OFFSET);
388 
389 			*buffer += sizeof(struct mwifiex_ie_types_htinfo);
390 			ret_len += sizeof(struct mwifiex_ie_types_htinfo);
391 		}
392 
393 		chan_list =
394 			(struct mwifiex_ie_types_chan_list_param_set *) *buffer;
395 		memset(chan_list, 0,
396 		       sizeof(struct mwifiex_ie_types_chan_list_param_set));
397 		chan_list->header.type = cpu_to_le16(TLV_TYPE_CHANLIST);
398 		chan_list->header.len = cpu_to_le16(
399 			sizeof(struct mwifiex_ie_types_chan_list_param_set) -
400 			sizeof(struct mwifiex_ie_types_header));
401 		chan_list->chan_scan_param[0].chan_number =
402 			bss_desc->bcn_ht_oper->primary_chan;
403 		chan_list->chan_scan_param[0].radio_type =
404 			mwifiex_band_to_radio_type((u8) bss_desc->bss_band);
405 
406 		if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40 &&
407 		    bss_desc->bcn_ht_oper->ht_param &
408 		    IEEE80211_HT_PARAM_CHAN_WIDTH_ANY)
409 			SET_SECONDARYCHAN(chan_list->chan_scan_param[0].
410 					  radio_type,
411 					  (bss_desc->bcn_ht_oper->ht_param &
412 					  IEEE80211_HT_PARAM_CHA_SEC_OFFSET));
413 
414 		*buffer += sizeof(struct mwifiex_ie_types_chan_list_param_set);
415 		ret_len += sizeof(struct mwifiex_ie_types_chan_list_param_set);
416 	}
417 
418 	if (bss_desc->bcn_bss_co_2040) {
419 		bss_co_2040 = (struct mwifiex_ie_types_2040bssco *) *buffer;
420 		memset(bss_co_2040, 0,
421 		       sizeof(struct mwifiex_ie_types_2040bssco));
422 		bss_co_2040->header.type = cpu_to_le16(WLAN_EID_BSS_COEX_2040);
423 		bss_co_2040->header.len =
424 		       cpu_to_le16(sizeof(bss_co_2040->bss_co_2040));
425 
426 		memcpy((u8 *) bss_co_2040 +
427 		       sizeof(struct mwifiex_ie_types_header),
428 		       bss_desc->bcn_bss_co_2040 +
429 		       sizeof(struct ieee_types_header),
430 		       le16_to_cpu(bss_co_2040->header.len));
431 
432 		*buffer += sizeof(struct mwifiex_ie_types_2040bssco);
433 		ret_len += sizeof(struct mwifiex_ie_types_2040bssco);
434 	}
435 
436 	if (bss_desc->bcn_ext_cap) {
437 		hdr = (void *)bss_desc->bcn_ext_cap;
438 		ext_cap = (struct mwifiex_ie_types_extcap *) *buffer;
439 		memset(ext_cap, 0, sizeof(struct mwifiex_ie_types_extcap));
440 		ext_cap->header.type = cpu_to_le16(WLAN_EID_EXT_CAPABILITY);
441 		ext_cap->header.len = cpu_to_le16(hdr->len);
442 
443 		memcpy((u8 *)ext_cap->ext_capab,
444 		       bss_desc->bcn_ext_cap + sizeof(struct ieee_types_header),
445 		       le16_to_cpu(ext_cap->header.len));
446 
447 		if (hdr->len > 3 &&
448 		    ext_cap->ext_capab[3] & WLAN_EXT_CAPA4_INTERWORKING_ENABLED)
449 			priv->hs2_enabled = true;
450 		else
451 			priv->hs2_enabled = false;
452 
453 		*buffer += sizeof(struct mwifiex_ie_types_extcap) + hdr->len;
454 		ret_len += sizeof(struct mwifiex_ie_types_extcap) + hdr->len;
455 	}
456 
457 	return ret_len;
458 }
459 
460 /*
461  * This function checks if the given pointer is valid entry of
462  * Tx BA Stream table.
463  */
mwifiex_is_tx_ba_stream_ptr_valid(struct mwifiex_private * priv,struct mwifiex_tx_ba_stream_tbl * tx_tbl_ptr)464 static int mwifiex_is_tx_ba_stream_ptr_valid(struct mwifiex_private *priv,
465 				struct mwifiex_tx_ba_stream_tbl *tx_tbl_ptr)
466 {
467 	struct mwifiex_tx_ba_stream_tbl *tx_ba_tsr_tbl;
468 
469 	list_for_each_entry(tx_ba_tsr_tbl, &priv->tx_ba_stream_tbl_ptr, list) {
470 		if (tx_ba_tsr_tbl == tx_tbl_ptr)
471 			return true;
472 	}
473 
474 	return false;
475 }
476 
477 /*
478  * This function deletes the given entry in Tx BA Stream table.
479  *
480  * The function also performs a validity check on the supplied
481  * pointer before trying to delete.
482  */
mwifiex_11n_delete_tx_ba_stream_tbl_entry(struct mwifiex_private * priv,struct mwifiex_tx_ba_stream_tbl * tx_ba_tsr_tbl)483 void mwifiex_11n_delete_tx_ba_stream_tbl_entry(struct mwifiex_private *priv,
484 				struct mwifiex_tx_ba_stream_tbl *tx_ba_tsr_tbl)
485 {
486 	if (!tx_ba_tsr_tbl &&
487 	    mwifiex_is_tx_ba_stream_ptr_valid(priv, tx_ba_tsr_tbl))
488 		return;
489 
490 	mwifiex_dbg(priv->adapter, INFO,
491 		    "info: tx_ba_tsr_tbl %p\n", tx_ba_tsr_tbl);
492 
493 	list_del(&tx_ba_tsr_tbl->list);
494 
495 	kfree(tx_ba_tsr_tbl);
496 }
497 
498 /*
499  * This function deletes all the entries in Tx BA Stream table.
500  */
mwifiex_11n_delete_all_tx_ba_stream_tbl(struct mwifiex_private * priv)501 void mwifiex_11n_delete_all_tx_ba_stream_tbl(struct mwifiex_private *priv)
502 {
503 	int i;
504 	struct mwifiex_tx_ba_stream_tbl *del_tbl_ptr, *tmp_node;
505 
506 	spin_lock_bh(&priv->tx_ba_stream_tbl_lock);
507 	list_for_each_entry_safe(del_tbl_ptr, tmp_node,
508 				 &priv->tx_ba_stream_tbl_ptr, list)
509 		mwifiex_11n_delete_tx_ba_stream_tbl_entry(priv, del_tbl_ptr);
510 	spin_unlock_bh(&priv->tx_ba_stream_tbl_lock);
511 
512 	INIT_LIST_HEAD(&priv->tx_ba_stream_tbl_ptr);
513 
514 	for (i = 0; i < MAX_NUM_TID; ++i)
515 		priv->aggr_prio_tbl[i].ampdu_ap =
516 			priv->aggr_prio_tbl[i].ampdu_user;
517 }
518 
519 /*
520  * This function returns the pointer to an entry in BA Stream
521  * table which matches the given RA/TID pair.
522  */
523 struct mwifiex_tx_ba_stream_tbl *
mwifiex_get_ba_tbl(struct mwifiex_private * priv,int tid,u8 * ra)524 mwifiex_get_ba_tbl(struct mwifiex_private *priv, int tid, u8 *ra)
525 {
526 	struct mwifiex_tx_ba_stream_tbl *tx_ba_tsr_tbl;
527 
528 	spin_lock_bh(&priv->tx_ba_stream_tbl_lock);
529 	list_for_each_entry(tx_ba_tsr_tbl, &priv->tx_ba_stream_tbl_ptr, list) {
530 		if (ether_addr_equal_unaligned(tx_ba_tsr_tbl->ra, ra) &&
531 		    tx_ba_tsr_tbl->tid == tid) {
532 			spin_unlock_bh(&priv->tx_ba_stream_tbl_lock);
533 			return tx_ba_tsr_tbl;
534 		}
535 	}
536 	spin_unlock_bh(&priv->tx_ba_stream_tbl_lock);
537 	return NULL;
538 }
539 
540 /*
541  * This function creates an entry in Tx BA stream table for the
542  * given RA/TID pair.
543  */
mwifiex_create_ba_tbl(struct mwifiex_private * priv,u8 * ra,int tid,enum mwifiex_ba_status ba_status)544 void mwifiex_create_ba_tbl(struct mwifiex_private *priv, u8 *ra, int tid,
545 			   enum mwifiex_ba_status ba_status)
546 {
547 	struct mwifiex_tx_ba_stream_tbl *new_node;
548 	struct mwifiex_ra_list_tbl *ra_list;
549 	int tid_down;
550 
551 	if (!mwifiex_get_ba_tbl(priv, tid, ra)) {
552 		new_node = kzalloc(sizeof(struct mwifiex_tx_ba_stream_tbl),
553 				   GFP_ATOMIC);
554 		if (!new_node)
555 			return;
556 
557 		tid_down = mwifiex_wmm_downgrade_tid(priv, tid);
558 		ra_list = mwifiex_wmm_get_ralist_node(priv, tid_down, ra);
559 		if (ra_list) {
560 			ra_list->ba_status = ba_status;
561 			ra_list->amsdu_in_ampdu = false;
562 		}
563 		INIT_LIST_HEAD(&new_node->list);
564 
565 		new_node->tid = tid;
566 		new_node->ba_status = ba_status;
567 		memcpy(new_node->ra, ra, ETH_ALEN);
568 
569 		spin_lock_bh(&priv->tx_ba_stream_tbl_lock);
570 		list_add_tail(&new_node->list, &priv->tx_ba_stream_tbl_ptr);
571 		spin_unlock_bh(&priv->tx_ba_stream_tbl_lock);
572 	}
573 }
574 
575 /*
576  * This function sends an add BA request to the given TID/RA pair.
577  */
mwifiex_send_addba(struct mwifiex_private * priv,int tid,u8 * peer_mac)578 int mwifiex_send_addba(struct mwifiex_private *priv, int tid, u8 *peer_mac)
579 {
580 	struct host_cmd_ds_11n_addba_req add_ba_req;
581 	u32 tx_win_size = priv->add_ba_param.tx_win_size;
582 	static u8 dialog_tok;
583 	int ret;
584 	u16 block_ack_param_set;
585 
586 	mwifiex_dbg(priv->adapter, CMD, "cmd: %s: tid %d\n", __func__, tid);
587 
588 	memset(&add_ba_req, 0, sizeof(add_ba_req));
589 
590 	if ((GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA) &&
591 	    ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) &&
592 	    priv->adapter->is_hw_11ac_capable &&
593 	    memcmp(priv->cfg_bssid, peer_mac, ETH_ALEN)) {
594 		struct mwifiex_sta_node *sta_ptr;
595 
596 		spin_lock_bh(&priv->sta_list_spinlock);
597 		sta_ptr = mwifiex_get_sta_entry(priv, peer_mac);
598 		if (!sta_ptr) {
599 			spin_unlock_bh(&priv->sta_list_spinlock);
600 			mwifiex_dbg(priv->adapter, ERROR,
601 				    "BA setup with unknown TDLS peer %pM!\n",
602 				    peer_mac);
603 			return -1;
604 		}
605 		if (sta_ptr->is_11ac_enabled)
606 			tx_win_size = MWIFIEX_11AC_STA_AMPDU_DEF_TXWINSIZE;
607 		spin_unlock_bh(&priv->sta_list_spinlock);
608 	}
609 
610 	block_ack_param_set = (u16)((tid << BLOCKACKPARAM_TID_POS) |
611 				    tx_win_size << BLOCKACKPARAM_WINSIZE_POS |
612 				    IMMEDIATE_BLOCK_ACK);
613 
614 	/* enable AMSDU inside AMPDU */
615 	if (priv->add_ba_param.tx_amsdu &&
616 	    (priv->aggr_prio_tbl[tid].amsdu != BA_STREAM_NOT_ALLOWED))
617 		block_ack_param_set |= BLOCKACKPARAM_AMSDU_SUPP_MASK;
618 
619 	add_ba_req.block_ack_param_set = cpu_to_le16(block_ack_param_set);
620 	add_ba_req.block_ack_tmo = cpu_to_le16((u16)priv->add_ba_param.timeout);
621 
622 	++dialog_tok;
623 
624 	if (dialog_tok == 0)
625 		dialog_tok = 1;
626 
627 	add_ba_req.dialog_token = dialog_tok;
628 	memcpy(&add_ba_req.peer_mac_addr, peer_mac, ETH_ALEN);
629 
630 	/* We don't wait for the response of this command */
631 	ret = mwifiex_send_cmd(priv, HostCmd_CMD_11N_ADDBA_REQ,
632 			       0, 0, &add_ba_req, false);
633 
634 	return ret;
635 }
636 
637 /*
638  * This function sends a delete BA request to the given TID/RA pair.
639  */
mwifiex_send_delba(struct mwifiex_private * priv,int tid,u8 * peer_mac,int initiator)640 int mwifiex_send_delba(struct mwifiex_private *priv, int tid, u8 *peer_mac,
641 		       int initiator)
642 {
643 	struct host_cmd_ds_11n_delba delba;
644 	int ret;
645 	uint16_t del_ba_param_set;
646 
647 	memset(&delba, 0, sizeof(delba));
648 
649 	del_ba_param_set = tid << DELBA_TID_POS;
650 
651 	if (initiator)
652 		del_ba_param_set |= IEEE80211_DELBA_PARAM_INITIATOR_MASK;
653 	else
654 		del_ba_param_set &= ~IEEE80211_DELBA_PARAM_INITIATOR_MASK;
655 
656 	delba.del_ba_param_set = cpu_to_le16(del_ba_param_set);
657 	memcpy(&delba.peer_mac_addr, peer_mac, ETH_ALEN);
658 
659 	/* We don't wait for the response of this command */
660 	ret = mwifiex_send_cmd(priv, HostCmd_CMD_11N_DELBA,
661 			       HostCmd_ACT_GEN_SET, 0, &delba, false);
662 
663 	return ret;
664 }
665 
666 /*
667  * This function sends delba to specific tid
668  */
mwifiex_11n_delba(struct mwifiex_private * priv,int tid)669 void mwifiex_11n_delba(struct mwifiex_private *priv, int tid)
670 {
671 	struct mwifiex_rx_reorder_tbl *rx_reor_tbl_ptr;
672 
673 	spin_lock_bh(&priv->rx_reorder_tbl_lock);
674 	list_for_each_entry(rx_reor_tbl_ptr, &priv->rx_reorder_tbl_ptr, list) {
675 		if (rx_reor_tbl_ptr->tid == tid) {
676 			dev_dbg(priv->adapter->dev,
677 				"Send delba to tid=%d, %pM\n",
678 				tid, rx_reor_tbl_ptr->ta);
679 			mwifiex_send_delba(priv, tid, rx_reor_tbl_ptr->ta, 0);
680 			goto exit;
681 		}
682 	}
683 exit:
684 	spin_unlock_bh(&priv->rx_reorder_tbl_lock);
685 }
686 
687 /*
688  * This function handles the command response of a delete BA request.
689  */
mwifiex_11n_delete_ba_stream(struct mwifiex_private * priv,u8 * del_ba)690 void mwifiex_11n_delete_ba_stream(struct mwifiex_private *priv, u8 *del_ba)
691 {
692 	struct host_cmd_ds_11n_delba *cmd_del_ba =
693 		(struct host_cmd_ds_11n_delba *) del_ba;
694 	uint16_t del_ba_param_set = le16_to_cpu(cmd_del_ba->del_ba_param_set);
695 	int tid;
696 
697 	tid = del_ba_param_set >> DELBA_TID_POS;
698 
699 	mwifiex_del_ba_tbl(priv, tid, cmd_del_ba->peer_mac_addr,
700 			   TYPE_DELBA_RECEIVE, INITIATOR_BIT(del_ba_param_set));
701 }
702 
703 /*
704  * This function retrieves the Rx reordering table.
705  */
mwifiex_get_rx_reorder_tbl(struct mwifiex_private * priv,struct mwifiex_ds_rx_reorder_tbl * buf)706 int mwifiex_get_rx_reorder_tbl(struct mwifiex_private *priv,
707 			       struct mwifiex_ds_rx_reorder_tbl *buf)
708 {
709 	int i;
710 	struct mwifiex_ds_rx_reorder_tbl *rx_reo_tbl = buf;
711 	struct mwifiex_rx_reorder_tbl *rx_reorder_tbl_ptr;
712 	int count = 0;
713 
714 	spin_lock_bh(&priv->rx_reorder_tbl_lock);
715 	list_for_each_entry(rx_reorder_tbl_ptr, &priv->rx_reorder_tbl_ptr,
716 			    list) {
717 		rx_reo_tbl->tid = (u16) rx_reorder_tbl_ptr->tid;
718 		memcpy(rx_reo_tbl->ta, rx_reorder_tbl_ptr->ta, ETH_ALEN);
719 		rx_reo_tbl->start_win = rx_reorder_tbl_ptr->start_win;
720 		rx_reo_tbl->win_size = rx_reorder_tbl_ptr->win_size;
721 		for (i = 0; i < rx_reorder_tbl_ptr->win_size; ++i) {
722 			if (rx_reorder_tbl_ptr->rx_reorder_ptr[i])
723 				rx_reo_tbl->buffer[i] = true;
724 			else
725 				rx_reo_tbl->buffer[i] = false;
726 		}
727 		rx_reo_tbl++;
728 		count++;
729 
730 		if (count >= MWIFIEX_MAX_RX_BASTREAM_SUPPORTED)
731 			break;
732 	}
733 	spin_unlock_bh(&priv->rx_reorder_tbl_lock);
734 
735 	return count;
736 }
737 
738 /*
739  * This function retrieves the Tx BA stream table.
740  */
mwifiex_get_tx_ba_stream_tbl(struct mwifiex_private * priv,struct mwifiex_ds_tx_ba_stream_tbl * buf)741 int mwifiex_get_tx_ba_stream_tbl(struct mwifiex_private *priv,
742 				 struct mwifiex_ds_tx_ba_stream_tbl *buf)
743 {
744 	struct mwifiex_tx_ba_stream_tbl *tx_ba_tsr_tbl;
745 	struct mwifiex_ds_tx_ba_stream_tbl *rx_reo_tbl = buf;
746 	int count = 0;
747 
748 	spin_lock_bh(&priv->tx_ba_stream_tbl_lock);
749 	list_for_each_entry(tx_ba_tsr_tbl, &priv->tx_ba_stream_tbl_ptr, list) {
750 		rx_reo_tbl->tid = (u16) tx_ba_tsr_tbl->tid;
751 		mwifiex_dbg(priv->adapter, DATA, "data: %s tid=%d\n",
752 			    __func__, rx_reo_tbl->tid);
753 		memcpy(rx_reo_tbl->ra, tx_ba_tsr_tbl->ra, ETH_ALEN);
754 		rx_reo_tbl->amsdu = tx_ba_tsr_tbl->amsdu;
755 		rx_reo_tbl++;
756 		count++;
757 		if (count >= MWIFIEX_MAX_TX_BASTREAM_SUPPORTED)
758 			break;
759 	}
760 	spin_unlock_bh(&priv->tx_ba_stream_tbl_lock);
761 
762 	return count;
763 }
764 
765 /*
766  * This function retrieves the entry for specific tx BA stream table by RA and
767  * deletes it.
768  */
mwifiex_del_tx_ba_stream_tbl_by_ra(struct mwifiex_private * priv,u8 * ra)769 void mwifiex_del_tx_ba_stream_tbl_by_ra(struct mwifiex_private *priv, u8 *ra)
770 {
771 	struct mwifiex_tx_ba_stream_tbl *tbl, *tmp;
772 
773 	if (!ra)
774 		return;
775 
776 	spin_lock_bh(&priv->tx_ba_stream_tbl_lock);
777 	list_for_each_entry_safe(tbl, tmp, &priv->tx_ba_stream_tbl_ptr, list)
778 		if (!memcmp(tbl->ra, ra, ETH_ALEN))
779 			mwifiex_11n_delete_tx_ba_stream_tbl_entry(priv, tbl);
780 	spin_unlock_bh(&priv->tx_ba_stream_tbl_lock);
781 
782 	return;
783 }
784 
785 /* This function initializes the BlockACK setup information for given
786  * mwifiex_private structure.
787  */
mwifiex_set_ba_params(struct mwifiex_private * priv)788 void mwifiex_set_ba_params(struct mwifiex_private *priv)
789 {
790 	priv->add_ba_param.timeout = MWIFIEX_DEFAULT_BLOCK_ACK_TIMEOUT;
791 
792 	if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_UAP) {
793 		priv->add_ba_param.tx_win_size =
794 						MWIFIEX_UAP_AMPDU_DEF_TXWINSIZE;
795 		priv->add_ba_param.rx_win_size =
796 						MWIFIEX_UAP_AMPDU_DEF_RXWINSIZE;
797 	} else {
798 		priv->add_ba_param.tx_win_size =
799 						MWIFIEX_STA_AMPDU_DEF_TXWINSIZE;
800 		priv->add_ba_param.rx_win_size =
801 						MWIFIEX_STA_AMPDU_DEF_RXWINSIZE;
802 	}
803 
804 	priv->add_ba_param.tx_amsdu = true;
805 	priv->add_ba_param.rx_amsdu = true;
806 
807 	return;
808 }
809 
mwifiex_get_sec_chan_offset(int chan)810 u8 mwifiex_get_sec_chan_offset(int chan)
811 {
812 	u8 sec_offset;
813 
814 	switch (chan) {
815 	case 36:
816 	case 44:
817 	case 52:
818 	case 60:
819 	case 100:
820 	case 108:
821 	case 116:
822 	case 124:
823 	case 132:
824 	case 140:
825 	case 149:
826 	case 157:
827 		sec_offset = IEEE80211_HT_PARAM_CHA_SEC_ABOVE;
828 		break;
829 	case 40:
830 	case 48:
831 	case 56:
832 	case 64:
833 	case 104:
834 	case 112:
835 	case 120:
836 	case 128:
837 	case 136:
838 	case 144:
839 	case 153:
840 	case 161:
841 		sec_offset = IEEE80211_HT_PARAM_CHA_SEC_BELOW;
842 		break;
843 	case 165:
844 	default:
845 		sec_offset = IEEE80211_HT_PARAM_CHA_SEC_NONE;
846 		break;
847 	}
848 
849 	return sec_offset;
850 }
851 
852 /* This function will send DELBA to entries in the priv's
853  * Tx BA stream table
854  */
855 static void
mwifiex_send_delba_txbastream_tbl(struct mwifiex_private * priv,u8 tid)856 mwifiex_send_delba_txbastream_tbl(struct mwifiex_private *priv, u8 tid)
857 {
858 	struct mwifiex_adapter *adapter = priv->adapter;
859 	struct mwifiex_tx_ba_stream_tbl *tx_ba_stream_tbl_ptr;
860 
861 	list_for_each_entry(tx_ba_stream_tbl_ptr,
862 			    &priv->tx_ba_stream_tbl_ptr, list) {
863 		if (tx_ba_stream_tbl_ptr->ba_status == BA_SETUP_COMPLETE) {
864 			if (tid == tx_ba_stream_tbl_ptr->tid) {
865 				dev_dbg(adapter->dev,
866 					"Tx:Send delba to tid=%d, %pM\n", tid,
867 					tx_ba_stream_tbl_ptr->ra);
868 				mwifiex_send_delba(priv,
869 						   tx_ba_stream_tbl_ptr->tid,
870 						   tx_ba_stream_tbl_ptr->ra, 1);
871 				return;
872 			}
873 		}
874 	}
875 }
876 
877 /* This function updates all the tx_win_size
878  */
mwifiex_update_ampdu_txwinsize(struct mwifiex_adapter * adapter)879 void mwifiex_update_ampdu_txwinsize(struct mwifiex_adapter *adapter)
880 {
881 	u8 i;
882 	u32 tx_win_size;
883 	struct mwifiex_private *priv;
884 
885 	for (i = 0; i < adapter->priv_num; i++) {
886 		if (!adapter->priv[i])
887 			continue;
888 		priv = adapter->priv[i];
889 		tx_win_size = priv->add_ba_param.tx_win_size;
890 
891 		if (priv->bss_type == MWIFIEX_BSS_TYPE_STA)
892 			priv->add_ba_param.tx_win_size =
893 				MWIFIEX_STA_AMPDU_DEF_TXWINSIZE;
894 
895 		if (priv->bss_type == MWIFIEX_BSS_TYPE_P2P)
896 			priv->add_ba_param.tx_win_size =
897 				MWIFIEX_STA_AMPDU_DEF_TXWINSIZE;
898 
899 		if (priv->bss_type == MWIFIEX_BSS_TYPE_UAP)
900 			priv->add_ba_param.tx_win_size =
901 				MWIFIEX_UAP_AMPDU_DEF_TXWINSIZE;
902 
903 		if (adapter->coex_win_size) {
904 			if (adapter->coex_tx_win_size)
905 				priv->add_ba_param.tx_win_size =
906 					adapter->coex_tx_win_size;
907 		}
908 
909 		if (tx_win_size != priv->add_ba_param.tx_win_size) {
910 			if (!priv->media_connected)
911 				continue;
912 			for (i = 0; i < MAX_NUM_TID; i++)
913 				mwifiex_send_delba_txbastream_tbl(priv, i);
914 		}
915 	}
916 }
917