1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * NXP Wireless LAN device driver: AP TX and RX data handling
4 *
5 * Copyright 2011-2020 NXP
6 */
7
8 #include "decl.h"
9 #include "ioctl.h"
10 #include "main.h"
11 #include "wmm.h"
12 #include "11n_aggr.h"
13 #include "11n_rxreorder.h"
14
15 /* This function checks if particular RA list has packets more than low bridge
16 * packet threshold and then deletes packet from this RA list.
17 * Function deletes packets from such RA list and returns true. If no such list
18 * is found, false is returned.
19 */
20 static bool
mwifiex_uap_del_tx_pkts_in_ralist(struct mwifiex_private * priv,struct list_head * ra_list_head,int tid)21 mwifiex_uap_del_tx_pkts_in_ralist(struct mwifiex_private *priv,
22 struct list_head *ra_list_head,
23 int tid)
24 {
25 struct mwifiex_ra_list_tbl *ra_list;
26 struct sk_buff *skb, *tmp;
27 bool pkt_deleted = false;
28 struct mwifiex_txinfo *tx_info;
29 struct mwifiex_adapter *adapter = priv->adapter;
30
31 list_for_each_entry(ra_list, ra_list_head, list) {
32 if (skb_queue_empty(&ra_list->skb_head))
33 continue;
34
35 skb_queue_walk_safe(&ra_list->skb_head, skb, tmp) {
36 tx_info = MWIFIEX_SKB_TXCB(skb);
37 if (tx_info->flags & MWIFIEX_BUF_FLAG_BRIDGED_PKT) {
38 __skb_unlink(skb, &ra_list->skb_head);
39 mwifiex_write_data_complete(adapter, skb, 0,
40 -1);
41 if (ra_list->tx_paused)
42 priv->wmm.pkts_paused[tid]--;
43 else
44 atomic_dec(&priv->wmm.tx_pkts_queued);
45 pkt_deleted = true;
46 }
47 if ((atomic_read(&adapter->pending_bridged_pkts) <=
48 MWIFIEX_BRIDGED_PKTS_THR_LOW))
49 break;
50 }
51 }
52
53 return pkt_deleted;
54 }
55
56 /* This function deletes packets from particular RA List. RA list index
57 * from which packets are deleted is preserved so that packets from next RA
58 * list are deleted upon subsequent call thus maintaining fairness.
59 */
mwifiex_uap_cleanup_tx_queues(struct mwifiex_private * priv)60 static void mwifiex_uap_cleanup_tx_queues(struct mwifiex_private *priv)
61 {
62 struct list_head *ra_list;
63 int i;
64
65 spin_lock_bh(&priv->wmm.ra_list_spinlock);
66
67 for (i = 0; i < MAX_NUM_TID; i++, priv->del_list_idx++) {
68 if (priv->del_list_idx == MAX_NUM_TID)
69 priv->del_list_idx = 0;
70 ra_list = &priv->wmm.tid_tbl_ptr[priv->del_list_idx].ra_list;
71 if (mwifiex_uap_del_tx_pkts_in_ralist(priv, ra_list, i)) {
72 priv->del_list_idx++;
73 break;
74 }
75 }
76
77 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
78 }
79
80
mwifiex_uap_queue_bridged_pkt(struct mwifiex_private * priv,struct sk_buff * skb)81 static void mwifiex_uap_queue_bridged_pkt(struct mwifiex_private *priv,
82 struct sk_buff *skb)
83 {
84 struct mwifiex_adapter *adapter = priv->adapter;
85 struct uap_rxpd *uap_rx_pd;
86 struct rx_packet_hdr *rx_pkt_hdr;
87 struct sk_buff *new_skb;
88 struct mwifiex_txinfo *tx_info;
89 int hdr_chop;
90 struct ethhdr *p_ethhdr;
91 struct mwifiex_sta_node *src_node;
92 int index;
93
94 uap_rx_pd = (struct uap_rxpd *)(skb->data);
95 rx_pkt_hdr = (void *)uap_rx_pd + le16_to_cpu(uap_rx_pd->rx_pkt_offset);
96
97 if ((atomic_read(&adapter->pending_bridged_pkts) >=
98 MWIFIEX_BRIDGED_PKTS_THR_HIGH)) {
99 mwifiex_dbg(priv->adapter, ERROR,
100 "Tx: Bridge packet limit reached. Drop packet!\n");
101 kfree_skb(skb);
102 mwifiex_uap_cleanup_tx_queues(priv);
103 return;
104 }
105
106 if ((!memcmp(&rx_pkt_hdr->rfc1042_hdr, bridge_tunnel_header,
107 sizeof(bridge_tunnel_header))) ||
108 (!memcmp(&rx_pkt_hdr->rfc1042_hdr, rfc1042_header,
109 sizeof(rfc1042_header)) &&
110 ntohs(rx_pkt_hdr->rfc1042_hdr.snap_type) != ETH_P_AARP &&
111 ntohs(rx_pkt_hdr->rfc1042_hdr.snap_type) != ETH_P_IPX)) {
112 /* Replace the 803 header and rfc1042 header (llc/snap) with
113 * an Ethernet II header, keep the src/dst and snap_type
114 * (ethertype).
115 *
116 * The firmware only passes up SNAP frames converting all RX
117 * data from 802.11 to 802.2/LLC/SNAP frames.
118 *
119 * To create the Ethernet II, just move the src, dst address
120 * right before the snap_type.
121 */
122 p_ethhdr = (struct ethhdr *)
123 ((u8 *)(&rx_pkt_hdr->eth803_hdr)
124 + sizeof(rx_pkt_hdr->eth803_hdr)
125 + sizeof(rx_pkt_hdr->rfc1042_hdr)
126 - sizeof(rx_pkt_hdr->eth803_hdr.h_dest)
127 - sizeof(rx_pkt_hdr->eth803_hdr.h_source)
128 - sizeof(rx_pkt_hdr->rfc1042_hdr.snap_type));
129 memcpy(p_ethhdr->h_source, rx_pkt_hdr->eth803_hdr.h_source,
130 sizeof(p_ethhdr->h_source));
131 memcpy(p_ethhdr->h_dest, rx_pkt_hdr->eth803_hdr.h_dest,
132 sizeof(p_ethhdr->h_dest));
133 /* Chop off the rxpd + the excess memory from
134 * 802.2/llc/snap header that was removed.
135 */
136 hdr_chop = (u8 *)p_ethhdr - (u8 *)uap_rx_pd;
137 } else {
138 /* Chop off the rxpd */
139 hdr_chop = (u8 *)&rx_pkt_hdr->eth803_hdr - (u8 *)uap_rx_pd;
140 }
141
142 /* Chop off the leading header bytes so that it points
143 * to the start of either the reconstructed EthII frame
144 * or the 802.2/llc/snap frame.
145 */
146 skb_pull(skb, hdr_chop);
147
148 if (skb_headroom(skb) < MWIFIEX_MIN_DATA_HEADER_LEN) {
149 mwifiex_dbg(priv->adapter, ERROR,
150 "data: Tx: insufficient skb headroom %d\n",
151 skb_headroom(skb));
152 /* Insufficient skb headroom - allocate a new skb */
153 new_skb =
154 skb_realloc_headroom(skb, MWIFIEX_MIN_DATA_HEADER_LEN);
155 if (unlikely(!new_skb)) {
156 mwifiex_dbg(priv->adapter, ERROR,
157 "Tx: cannot allocate new_skb\n");
158 kfree_skb(skb);
159 priv->stats.tx_dropped++;
160 return;
161 }
162
163 kfree_skb(skb);
164 skb = new_skb;
165 mwifiex_dbg(priv->adapter, INFO,
166 "info: new skb headroom %d\n",
167 skb_headroom(skb));
168 }
169
170 tx_info = MWIFIEX_SKB_TXCB(skb);
171 memset(tx_info, 0, sizeof(*tx_info));
172 tx_info->bss_num = priv->bss_num;
173 tx_info->bss_type = priv->bss_type;
174 tx_info->flags |= MWIFIEX_BUF_FLAG_BRIDGED_PKT;
175
176 src_node = mwifiex_get_sta_entry(priv, rx_pkt_hdr->eth803_hdr.h_source);
177 if (src_node) {
178 src_node->stats.last_rx = jiffies;
179 src_node->stats.rx_bytes += skb->len;
180 src_node->stats.rx_packets++;
181 src_node->stats.last_tx_rate = uap_rx_pd->rx_rate;
182 src_node->stats.last_tx_htinfo = uap_rx_pd->ht_info;
183 }
184
185 if (is_unicast_ether_addr(rx_pkt_hdr->eth803_hdr.h_dest)) {
186 /* Update bridge packet statistics as the
187 * packet is not going to kernel/upper layer.
188 */
189 priv->stats.rx_bytes += skb->len;
190 priv->stats.rx_packets++;
191
192 /* Sending bridge packet to TX queue, so save the packet
193 * length in TXCB to update statistics in TX complete.
194 */
195 tx_info->pkt_len = skb->len;
196 }
197
198 __net_timestamp(skb);
199
200 index = mwifiex_1d_to_wmm_queue[skb->priority];
201 atomic_inc(&priv->wmm_tx_pending[index]);
202 mwifiex_wmm_add_buf_txqueue(priv, skb);
203 atomic_inc(&adapter->tx_pending);
204 atomic_inc(&adapter->pending_bridged_pkts);
205
206 mwifiex_queue_main_work(priv->adapter);
207
208 return;
209 }
210
211 /*
212 * This function contains logic for AP packet forwarding.
213 *
214 * If a packet is multicast/broadcast, it is sent to kernel/upper layer
215 * as well as queued back to AP TX queue so that it can be sent to other
216 * associated stations.
217 * If a packet is unicast and RA is present in associated station list,
218 * it is again requeued into AP TX queue.
219 * If a packet is unicast and RA is not in associated station list,
220 * packet is forwarded to kernel to handle routing logic.
221 */
mwifiex_handle_uap_rx_forward(struct mwifiex_private * priv,struct sk_buff * skb)222 int mwifiex_handle_uap_rx_forward(struct mwifiex_private *priv,
223 struct sk_buff *skb)
224 {
225 struct mwifiex_adapter *adapter = priv->adapter;
226 struct uap_rxpd *uap_rx_pd;
227 struct rx_packet_hdr *rx_pkt_hdr;
228 u8 ra[ETH_ALEN];
229 struct sk_buff *skb_uap;
230
231 uap_rx_pd = (struct uap_rxpd *)(skb->data);
232 rx_pkt_hdr = (void *)uap_rx_pd + le16_to_cpu(uap_rx_pd->rx_pkt_offset);
233
234 /* don't do packet forwarding in disconnected state */
235 if (!priv->media_connected) {
236 mwifiex_dbg(adapter, ERROR,
237 "drop packet in disconnected state.\n");
238 dev_kfree_skb_any(skb);
239 return 0;
240 }
241
242 memcpy(ra, rx_pkt_hdr->eth803_hdr.h_dest, ETH_ALEN);
243
244 if (is_multicast_ether_addr(ra)) {
245 skb_uap = skb_copy(skb, GFP_ATOMIC);
246 mwifiex_uap_queue_bridged_pkt(priv, skb_uap);
247 } else {
248 if (mwifiex_get_sta_entry(priv, ra)) {
249 /* Requeue Intra-BSS packet */
250 mwifiex_uap_queue_bridged_pkt(priv, skb);
251 return 0;
252 }
253 }
254
255 /* Forward unicat/Inter-BSS packets to kernel. */
256 return mwifiex_process_rx_packet(priv, skb);
257 }
258
mwifiex_uap_recv_packet(struct mwifiex_private * priv,struct sk_buff * skb)259 int mwifiex_uap_recv_packet(struct mwifiex_private *priv,
260 struct sk_buff *skb)
261 {
262 struct mwifiex_adapter *adapter = priv->adapter;
263 struct mwifiex_sta_node *src_node;
264 struct ethhdr *p_ethhdr;
265 struct sk_buff *skb_uap;
266 struct mwifiex_txinfo *tx_info;
267
268 if (!skb)
269 return -1;
270
271 p_ethhdr = (void *)skb->data;
272 src_node = mwifiex_get_sta_entry(priv, p_ethhdr->h_source);
273 if (src_node) {
274 src_node->stats.last_rx = jiffies;
275 src_node->stats.rx_bytes += skb->len;
276 src_node->stats.rx_packets++;
277 }
278
279 if (is_multicast_ether_addr(p_ethhdr->h_dest) ||
280 mwifiex_get_sta_entry(priv, p_ethhdr->h_dest)) {
281 if (skb_headroom(skb) < MWIFIEX_MIN_DATA_HEADER_LEN)
282 skb_uap =
283 skb_realloc_headroom(skb, MWIFIEX_MIN_DATA_HEADER_LEN);
284 else
285 skb_uap = skb_copy(skb, GFP_ATOMIC);
286
287 if (likely(skb_uap)) {
288 tx_info = MWIFIEX_SKB_TXCB(skb_uap);
289 memset(tx_info, 0, sizeof(*tx_info));
290 tx_info->bss_num = priv->bss_num;
291 tx_info->bss_type = priv->bss_type;
292 tx_info->flags |= MWIFIEX_BUF_FLAG_BRIDGED_PKT;
293 __net_timestamp(skb_uap);
294 mwifiex_wmm_add_buf_txqueue(priv, skb_uap);
295 atomic_inc(&adapter->tx_pending);
296 atomic_inc(&adapter->pending_bridged_pkts);
297 if ((atomic_read(&adapter->pending_bridged_pkts) >=
298 MWIFIEX_BRIDGED_PKTS_THR_HIGH)) {
299 mwifiex_dbg(adapter, ERROR,
300 "Tx: Bridge packet limit reached. Drop packet!\n");
301 mwifiex_uap_cleanup_tx_queues(priv);
302 }
303
304 } else {
305 mwifiex_dbg(adapter, ERROR, "failed to allocate skb_uap");
306 }
307
308 mwifiex_queue_main_work(adapter);
309 /* Don't forward Intra-BSS unicast packet to upper layer*/
310 if (mwifiex_get_sta_entry(priv, p_ethhdr->h_dest))
311 return 0;
312 }
313
314 skb->dev = priv->netdev;
315 skb->protocol = eth_type_trans(skb, priv->netdev);
316 skb->ip_summed = CHECKSUM_NONE;
317
318 /* This is required only in case of 11n and USB/PCIE as we alloc
319 * a buffer of 4K only if its 11N (to be able to receive 4K
320 * AMSDU packets). In case of SD we allocate buffers based
321 * on the size of packet and hence this is not needed.
322 *
323 * Modifying the truesize here as our allocation for each
324 * skb is 4K but we only receive 2K packets and this cause
325 * the kernel to start dropping packets in case where
326 * application has allocated buffer based on 2K size i.e.
327 * if there a 64K packet received (in IP fragments and
328 * application allocates 64K to receive this packet but
329 * this packet would almost double up because we allocate
330 * each 1.5K fragment in 4K and pass it up. As soon as the
331 * 64K limit hits kernel will start to drop rest of the
332 * fragments. Currently we fail the Filesndl-ht.scr script
333 * for UDP, hence this fix
334 */
335 if ((adapter->iface_type == MWIFIEX_USB ||
336 adapter->iface_type == MWIFIEX_PCIE) &&
337 skb->truesize > MWIFIEX_RX_DATA_BUF_SIZE)
338 skb->truesize += (skb->len - MWIFIEX_RX_DATA_BUF_SIZE);
339
340 /* Forward multicast/broadcast packet to upper layer*/
341 netif_rx(skb);
342 return 0;
343 }
344
345 /*
346 * This function processes the packet received on AP interface.
347 *
348 * The function looks into the RxPD and performs sanity tests on the
349 * received buffer to ensure its a valid packet before processing it
350 * further. If the packet is determined to be aggregated, it is
351 * de-aggregated accordingly. Then skb is passed to AP packet forwarding logic.
352 *
353 * The completion callback is called after processing is complete.
354 */
mwifiex_process_uap_rx_packet(struct mwifiex_private * priv,struct sk_buff * skb)355 int mwifiex_process_uap_rx_packet(struct mwifiex_private *priv,
356 struct sk_buff *skb)
357 {
358 struct mwifiex_adapter *adapter = priv->adapter;
359 int ret;
360 struct uap_rxpd *uap_rx_pd;
361 struct rx_packet_hdr *rx_pkt_hdr;
362 u16 rx_pkt_type;
363 u8 ta[ETH_ALEN], pkt_type;
364 struct mwifiex_sta_node *node;
365
366 uap_rx_pd = (struct uap_rxpd *)(skb->data);
367 rx_pkt_type = le16_to_cpu(uap_rx_pd->rx_pkt_type);
368 rx_pkt_hdr = (void *)uap_rx_pd + le16_to_cpu(uap_rx_pd->rx_pkt_offset);
369
370 ether_addr_copy(ta, rx_pkt_hdr->eth803_hdr.h_source);
371
372 if ((le16_to_cpu(uap_rx_pd->rx_pkt_offset) +
373 le16_to_cpu(uap_rx_pd->rx_pkt_length)) > (u16) skb->len) {
374 mwifiex_dbg(adapter, ERROR,
375 "wrong rx packet: len=%d, offset=%d, length=%d\n",
376 skb->len, le16_to_cpu(uap_rx_pd->rx_pkt_offset),
377 le16_to_cpu(uap_rx_pd->rx_pkt_length));
378 priv->stats.rx_dropped++;
379
380 node = mwifiex_get_sta_entry(priv, ta);
381 if (node)
382 node->stats.tx_failed++;
383
384 dev_kfree_skb_any(skb);
385 return 0;
386 }
387
388 if (rx_pkt_type == PKT_TYPE_MGMT) {
389 ret = mwifiex_process_mgmt_packet(priv, skb);
390 if (ret)
391 mwifiex_dbg(adapter, DATA, "Rx of mgmt packet failed");
392 dev_kfree_skb_any(skb);
393 return ret;
394 }
395
396
397 if (rx_pkt_type != PKT_TYPE_BAR && uap_rx_pd->priority < MAX_NUM_TID) {
398 spin_lock_bh(&priv->sta_list_spinlock);
399 node = mwifiex_get_sta_entry(priv, ta);
400 if (node)
401 node->rx_seq[uap_rx_pd->priority] =
402 le16_to_cpu(uap_rx_pd->seq_num);
403 spin_unlock_bh(&priv->sta_list_spinlock);
404 }
405
406 if (!priv->ap_11n_enabled ||
407 (!mwifiex_11n_get_rx_reorder_tbl(priv, uap_rx_pd->priority, ta) &&
408 (le16_to_cpu(uap_rx_pd->rx_pkt_type) != PKT_TYPE_AMSDU))) {
409 ret = mwifiex_handle_uap_rx_forward(priv, skb);
410 return ret;
411 }
412
413 /* Reorder and send to kernel */
414 pkt_type = (u8)le16_to_cpu(uap_rx_pd->rx_pkt_type);
415 ret = mwifiex_11n_rx_reorder_pkt(priv, le16_to_cpu(uap_rx_pd->seq_num),
416 uap_rx_pd->priority, ta, pkt_type,
417 skb);
418
419 if (ret || (rx_pkt_type == PKT_TYPE_BAR))
420 dev_kfree_skb_any(skb);
421
422 if (ret)
423 priv->stats.rx_dropped++;
424
425 return ret;
426 }
427
428 /*
429 * This function fills the TxPD for AP tx packets.
430 *
431 * The Tx buffer received by this function should already have the
432 * header space allocated for TxPD.
433 *
434 * This function inserts the TxPD in between interface header and actual
435 * data and adjusts the buffer pointers accordingly.
436 *
437 * The following TxPD fields are set by this function, as required -
438 * - BSS number
439 * - Tx packet length and offset
440 * - Priority
441 * - Packet delay
442 * - Priority specific Tx control
443 * - Flags
444 */
mwifiex_process_uap_txpd(struct mwifiex_private * priv,struct sk_buff * skb)445 void *mwifiex_process_uap_txpd(struct mwifiex_private *priv,
446 struct sk_buff *skb)
447 {
448 struct mwifiex_adapter *adapter = priv->adapter;
449 struct uap_txpd *txpd;
450 struct mwifiex_txinfo *tx_info = MWIFIEX_SKB_TXCB(skb);
451 int pad;
452 u16 pkt_type, pkt_offset;
453 int hroom = adapter->intf_hdr_len;
454
455 if (!skb->len) {
456 mwifiex_dbg(adapter, ERROR,
457 "Tx: bad packet length: %d\n", skb->len);
458 tx_info->status_code = -1;
459 return skb->data;
460 }
461
462 BUG_ON(skb_headroom(skb) < MWIFIEX_MIN_DATA_HEADER_LEN);
463
464 pkt_type = mwifiex_is_skb_mgmt_frame(skb) ? PKT_TYPE_MGMT : 0;
465
466 pad = ((uintptr_t)skb->data - (sizeof(*txpd) + hroom)) &
467 (MWIFIEX_DMA_ALIGN_SZ - 1);
468
469 skb_push(skb, sizeof(*txpd) + pad);
470
471 txpd = (struct uap_txpd *)skb->data;
472 memset(txpd, 0, sizeof(*txpd));
473 txpd->bss_num = priv->bss_num;
474 txpd->bss_type = priv->bss_type;
475 txpd->tx_pkt_length = cpu_to_le16((u16)(skb->len - (sizeof(*txpd) +
476 pad)));
477 txpd->priority = (u8)skb->priority;
478
479 txpd->pkt_delay_2ms = mwifiex_wmm_compute_drv_pkt_delay(priv, skb);
480
481 if (tx_info->flags & MWIFIEX_BUF_FLAG_EAPOL_TX_STATUS ||
482 tx_info->flags & MWIFIEX_BUF_FLAG_ACTION_TX_STATUS) {
483 txpd->tx_token_id = tx_info->ack_frame_id;
484 txpd->flags |= MWIFIEX_TXPD_FLAGS_REQ_TX_STATUS;
485 }
486
487 if (txpd->priority < ARRAY_SIZE(priv->wmm.user_pri_pkt_tx_ctrl))
488 /*
489 * Set the priority specific tx_control field, setting of 0 will
490 * cause the default value to be used later in this function.
491 */
492 txpd->tx_control =
493 cpu_to_le32(priv->wmm.user_pri_pkt_tx_ctrl[txpd->priority]);
494
495 /* Offset of actual data */
496 pkt_offset = sizeof(*txpd) + pad;
497 if (pkt_type == PKT_TYPE_MGMT) {
498 /* Set the packet type and add header for management frame */
499 txpd->tx_pkt_type = cpu_to_le16(pkt_type);
500 pkt_offset += MWIFIEX_MGMT_FRAME_HEADER_SIZE;
501 }
502
503 txpd->tx_pkt_offset = cpu_to_le16(pkt_offset);
504
505 /* make space for adapter->intf_hdr_len */
506 skb_push(skb, hroom);
507
508 if (!txpd->tx_control)
509 /* TxCtrl set by user or default */
510 txpd->tx_control = cpu_to_le32(priv->pkt_tx_ctrl);
511
512 return skb->data;
513 }
514