1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * This file is part of wl1251
4 *
5 * Copyright (c) 1998-2007 Texas Instruments Incorporated
6 * Copyright (C) 2008 Nokia Corporation
7 */
8
9 #include <linux/kernel.h>
10 #include <linux/module.h>
11
12 #include "wl1251.h"
13 #include "reg.h"
14 #include "tx.h"
15 #include "ps.h"
16 #include "io.h"
17 #include "event.h"
18
wl1251_tx_double_buffer_busy(struct wl1251 * wl,u32 data_out_count)19 static bool wl1251_tx_double_buffer_busy(struct wl1251 *wl, u32 data_out_count)
20 {
21 int used, data_in_count;
22
23 data_in_count = wl->data_in_count;
24
25 if (data_in_count < data_out_count)
26 /* data_in_count has wrapped */
27 data_in_count += TX_STATUS_DATA_OUT_COUNT_MASK + 1;
28
29 used = data_in_count - data_out_count;
30
31 WARN_ON(used < 0);
32 WARN_ON(used > DP_TX_PACKET_RING_CHUNK_NUM);
33
34 if (used >= DP_TX_PACKET_RING_CHUNK_NUM)
35 return true;
36 else
37 return false;
38 }
39
wl1251_tx_path_status(struct wl1251 * wl)40 static int wl1251_tx_path_status(struct wl1251 *wl)
41 {
42 u32 status, addr, data_out_count;
43 bool busy;
44
45 addr = wl->data_path->tx_control_addr;
46 status = wl1251_mem_read32(wl, addr);
47 data_out_count = status & TX_STATUS_DATA_OUT_COUNT_MASK;
48 busy = wl1251_tx_double_buffer_busy(wl, data_out_count);
49
50 if (busy)
51 return -EBUSY;
52
53 return 0;
54 }
55
wl1251_tx_id(struct wl1251 * wl,struct sk_buff * skb)56 static int wl1251_tx_id(struct wl1251 *wl, struct sk_buff *skb)
57 {
58 int i;
59
60 for (i = 0; i < FW_TX_CMPLT_BLOCK_SIZE; i++)
61 if (wl->tx_frames[i] == NULL) {
62 wl->tx_frames[i] = skb;
63 return i;
64 }
65
66 return -EBUSY;
67 }
68
wl1251_tx_control(struct tx_double_buffer_desc * tx_hdr,struct ieee80211_tx_info * control,u16 fc)69 static void wl1251_tx_control(struct tx_double_buffer_desc *tx_hdr,
70 struct ieee80211_tx_info *control, u16 fc)
71 {
72 *(u16 *)&tx_hdr->control = 0;
73
74 tx_hdr->control.rate_policy = 0;
75
76 /* 802.11 packets */
77 tx_hdr->control.packet_type = 0;
78
79 /* Also disable retry and ACK policy for injected packets */
80 if ((control->flags & IEEE80211_TX_CTL_NO_ACK) ||
81 (control->flags & IEEE80211_TX_CTL_INJECTED)) {
82 tx_hdr->control.rate_policy = 1;
83 tx_hdr->control.ack_policy = 1;
84 }
85
86 tx_hdr->control.tx_complete = 1;
87
88 if ((fc & IEEE80211_FTYPE_DATA) &&
89 ((fc & IEEE80211_STYPE_QOS_DATA) ||
90 (fc & IEEE80211_STYPE_QOS_NULLFUNC)))
91 tx_hdr->control.qos = 1;
92 }
93
94 /* RSN + MIC = 8 + 8 = 16 bytes (worst case - AES). */
95 #define MAX_MSDU_SECURITY_LENGTH 16
96 #define MAX_MPDU_SECURITY_LENGTH 16
97 #define WLAN_QOS_HDR_LEN 26
98 #define MAX_MPDU_HEADER_AND_SECURITY (MAX_MPDU_SECURITY_LENGTH + \
99 WLAN_QOS_HDR_LEN)
100 #define HW_BLOCK_SIZE 252
wl1251_tx_frag_block_num(struct tx_double_buffer_desc * tx_hdr)101 static void wl1251_tx_frag_block_num(struct tx_double_buffer_desc *tx_hdr)
102 {
103 u16 payload_len, frag_threshold, mem_blocks;
104 u16 num_mpdus, mem_blocks_per_frag;
105
106 frag_threshold = IEEE80211_MAX_FRAG_THRESHOLD;
107 tx_hdr->frag_threshold = cpu_to_le16(frag_threshold);
108
109 payload_len = le16_to_cpu(tx_hdr->length) + MAX_MSDU_SECURITY_LENGTH;
110
111 if (payload_len > frag_threshold) {
112 mem_blocks_per_frag =
113 ((frag_threshold + MAX_MPDU_HEADER_AND_SECURITY) /
114 HW_BLOCK_SIZE) + 1;
115 num_mpdus = payload_len / frag_threshold;
116 mem_blocks = num_mpdus * mem_blocks_per_frag;
117 payload_len -= num_mpdus * frag_threshold;
118 num_mpdus++;
119
120 } else {
121 mem_blocks_per_frag = 0;
122 mem_blocks = 0;
123 num_mpdus = 1;
124 }
125
126 mem_blocks += (payload_len / HW_BLOCK_SIZE) + 1;
127
128 if (num_mpdus > 1)
129 mem_blocks += min(num_mpdus, mem_blocks_per_frag);
130
131 tx_hdr->num_mem_blocks = mem_blocks;
132 }
133
wl1251_tx_fill_hdr(struct wl1251 * wl,struct sk_buff * skb,struct ieee80211_tx_info * control)134 static int wl1251_tx_fill_hdr(struct wl1251 *wl, struct sk_buff *skb,
135 struct ieee80211_tx_info *control)
136 {
137 struct tx_double_buffer_desc *tx_hdr;
138 struct ieee80211_rate *rate;
139 int id;
140 u16 fc;
141
142 if (!skb)
143 return -EINVAL;
144
145 id = wl1251_tx_id(wl, skb);
146 if (id < 0)
147 return id;
148
149 fc = *(u16 *)skb->data;
150 tx_hdr = skb_push(skb, sizeof(*tx_hdr));
151
152 tx_hdr->length = cpu_to_le16(skb->len - sizeof(*tx_hdr));
153 rate = ieee80211_get_tx_rate(wl->hw, control);
154 tx_hdr->rate = cpu_to_le16(rate->hw_value);
155 tx_hdr->expiry_time = cpu_to_le32(1 << 16);
156 tx_hdr->id = id;
157
158 tx_hdr->xmit_queue = wl1251_tx_get_queue(skb_get_queue_mapping(skb));
159
160 wl1251_tx_control(tx_hdr, control, fc);
161 wl1251_tx_frag_block_num(tx_hdr);
162
163 return 0;
164 }
165
166 /* We copy the packet to the target */
wl1251_tx_send_packet(struct wl1251 * wl,struct sk_buff * skb,struct ieee80211_tx_info * control)167 static int wl1251_tx_send_packet(struct wl1251 *wl, struct sk_buff *skb,
168 struct ieee80211_tx_info *control)
169 {
170 struct tx_double_buffer_desc *tx_hdr;
171 int len;
172 u32 addr;
173
174 if (!skb)
175 return -EINVAL;
176
177 tx_hdr = (struct tx_double_buffer_desc *) skb->data;
178
179 if (control->control.hw_key &&
180 control->control.hw_key->cipher == WLAN_CIPHER_SUITE_TKIP) {
181 int hdrlen;
182 __le16 fc;
183 u16 length;
184 u8 *pos;
185
186 fc = *(__le16 *)(skb->data + sizeof(*tx_hdr));
187 length = le16_to_cpu(tx_hdr->length) + WL1251_TKIP_IV_SPACE;
188 tx_hdr->length = cpu_to_le16(length);
189
190 hdrlen = ieee80211_hdrlen(fc);
191
192 pos = skb_push(skb, WL1251_TKIP_IV_SPACE);
193 memmove(pos, pos + WL1251_TKIP_IV_SPACE,
194 sizeof(*tx_hdr) + hdrlen);
195 }
196
197 /* Revisit. This is a workaround for getting non-aligned packets.
198 This happens at least with EAPOL packets from the user space.
199 Our DMA requires packets to be aligned on a 4-byte boundary.
200 */
201 if (unlikely((long)skb->data & 0x03)) {
202 int offset = (4 - (long)skb->data) & 0x03;
203 wl1251_debug(DEBUG_TX, "skb offset %d", offset);
204
205 /* check whether the current skb can be used */
206 if (skb_cloned(skb) || (skb_tailroom(skb) < offset)) {
207 struct sk_buff *newskb = skb_copy_expand(skb, 0, 3,
208 GFP_KERNEL);
209
210 if (unlikely(newskb == NULL))
211 return -EINVAL;
212
213 tx_hdr = (struct tx_double_buffer_desc *) newskb->data;
214
215 dev_kfree_skb_any(skb);
216 wl->tx_frames[tx_hdr->id] = skb = newskb;
217
218 offset = (4 - (long)skb->data) & 0x03;
219 wl1251_debug(DEBUG_TX, "new skb offset %d", offset);
220 }
221
222 /* align the buffer on a 4-byte boundary */
223 if (offset) {
224 unsigned char *src = skb->data;
225 skb_reserve(skb, offset);
226 memmove(skb->data, src, skb->len);
227 tx_hdr = (struct tx_double_buffer_desc *) skb->data;
228 }
229 }
230
231 /* Our skb->data at this point includes the HW header */
232 len = WL1251_TX_ALIGN(skb->len);
233
234 if (wl->data_in_count & 0x1)
235 addr = wl->data_path->tx_packet_ring_addr +
236 wl->data_path->tx_packet_ring_chunk_size;
237 else
238 addr = wl->data_path->tx_packet_ring_addr;
239
240 wl1251_mem_write(wl, addr, skb->data, len);
241
242 wl1251_debug(DEBUG_TX, "tx id %u skb 0x%p payload %u rate 0x%x "
243 "queue %d", tx_hdr->id, skb, tx_hdr->length,
244 tx_hdr->rate, tx_hdr->xmit_queue);
245
246 return 0;
247 }
248
wl1251_tx_trigger(struct wl1251 * wl)249 static void wl1251_tx_trigger(struct wl1251 *wl)
250 {
251 u32 data, addr;
252
253 if (wl->data_in_count & 0x1) {
254 addr = ACX_REG_INTERRUPT_TRIG_H;
255 data = INTR_TRIG_TX_PROC1;
256 } else {
257 addr = ACX_REG_INTERRUPT_TRIG;
258 data = INTR_TRIG_TX_PROC0;
259 }
260
261 wl1251_reg_write32(wl, addr, data);
262
263 /* Bumping data in */
264 wl->data_in_count = (wl->data_in_count + 1) &
265 TX_STATUS_DATA_OUT_COUNT_MASK;
266 }
267
enable_tx_for_packet_injection(struct wl1251 * wl)268 static void enable_tx_for_packet_injection(struct wl1251 *wl)
269 {
270 int ret;
271
272 ret = wl1251_cmd_join(wl, BSS_TYPE_STA_BSS, wl->channel,
273 wl->beacon_int, wl->dtim_period);
274 if (ret < 0) {
275 wl1251_warning("join failed");
276 return;
277 }
278
279 ret = wl1251_event_wait(wl, JOIN_EVENT_COMPLETE_ID, 100);
280 if (ret < 0) {
281 wl1251_warning("join timeout");
282 return;
283 }
284
285 wl->joined = true;
286 }
287
288 /* caller must hold wl->mutex */
wl1251_tx_frame(struct wl1251 * wl,struct sk_buff * skb)289 static int wl1251_tx_frame(struct wl1251 *wl, struct sk_buff *skb)
290 {
291 struct ieee80211_tx_info *info;
292 int ret = 0;
293 u8 idx;
294
295 info = IEEE80211_SKB_CB(skb);
296
297 if (info->control.hw_key) {
298 if (unlikely(wl->monitor_present))
299 return -EINVAL;
300
301 idx = info->control.hw_key->hw_key_idx;
302 if (unlikely(wl->default_key != idx)) {
303 ret = wl1251_acx_default_key(wl, idx);
304 if (ret < 0)
305 return ret;
306 }
307 }
308
309 /* Enable tx path in monitor mode for packet injection */
310 if ((wl->vif == NULL) && !wl->joined)
311 enable_tx_for_packet_injection(wl);
312
313 ret = wl1251_tx_path_status(wl);
314 if (ret < 0)
315 return ret;
316
317 ret = wl1251_tx_fill_hdr(wl, skb, info);
318 if (ret < 0)
319 return ret;
320
321 ret = wl1251_tx_send_packet(wl, skb, info);
322 if (ret < 0)
323 return ret;
324
325 wl1251_tx_trigger(wl);
326
327 return ret;
328 }
329
wl1251_tx_work(struct work_struct * work)330 void wl1251_tx_work(struct work_struct *work)
331 {
332 struct wl1251 *wl = container_of(work, struct wl1251, tx_work);
333 struct sk_buff *skb;
334 bool woken_up = false;
335 int ret;
336
337 mutex_lock(&wl->mutex);
338
339 if (unlikely(wl->state == WL1251_STATE_OFF))
340 goto out;
341
342 while ((skb = skb_dequeue(&wl->tx_queue))) {
343 if (!woken_up) {
344 ret = wl1251_ps_elp_wakeup(wl);
345 if (ret < 0) {
346 skb_queue_head(&wl->tx_queue, skb);
347 goto out;
348 }
349 woken_up = true;
350 }
351
352 ret = wl1251_tx_frame(wl, skb);
353 if (ret == -EBUSY) {
354 skb_queue_head(&wl->tx_queue, skb);
355 goto out;
356 } else if (ret < 0) {
357 dev_kfree_skb(skb);
358 goto out;
359 }
360 }
361
362 out:
363 if (woken_up)
364 wl1251_ps_elp_sleep(wl);
365
366 mutex_unlock(&wl->mutex);
367 }
368
wl1251_tx_parse_status(u8 status)369 static const char *wl1251_tx_parse_status(u8 status)
370 {
371 /* 8 bit status field, one character per bit plus null */
372 static char buf[9];
373 int i = 0;
374
375 memset(buf, 0, sizeof(buf));
376
377 if (status & TX_DMA_ERROR)
378 buf[i++] = 'm';
379 if (status & TX_DISABLED)
380 buf[i++] = 'd';
381 if (status & TX_RETRY_EXCEEDED)
382 buf[i++] = 'r';
383 if (status & TX_TIMEOUT)
384 buf[i++] = 't';
385 if (status & TX_KEY_NOT_FOUND)
386 buf[i++] = 'k';
387 if (status & TX_ENCRYPT_FAIL)
388 buf[i++] = 'e';
389 if (status & TX_UNAVAILABLE_PRIORITY)
390 buf[i++] = 'p';
391
392 /* bit 0 is unused apparently */
393
394 return buf;
395 }
396
wl1251_tx_packet_cb(struct wl1251 * wl,struct tx_result * result)397 static void wl1251_tx_packet_cb(struct wl1251 *wl,
398 struct tx_result *result)
399 {
400 struct ieee80211_tx_info *info;
401 struct sk_buff *skb;
402 int hdrlen;
403 u8 *frame;
404
405 skb = wl->tx_frames[result->id];
406 if (skb == NULL) {
407 wl1251_error("SKB for packet %d is NULL", result->id);
408 return;
409 }
410
411 info = IEEE80211_SKB_CB(skb);
412
413 if (!(info->flags & IEEE80211_TX_CTL_NO_ACK) &&
414 !(info->flags & IEEE80211_TX_CTL_INJECTED) &&
415 (result->status == TX_SUCCESS))
416 info->flags |= IEEE80211_TX_STAT_ACK;
417
418 info->status.rates[0].count = result->ack_failures + 1;
419 wl->stats.retry_count += result->ack_failures;
420
421 /*
422 * We have to remove our private TX header before pushing
423 * the skb back to mac80211.
424 */
425 frame = skb_pull(skb, sizeof(struct tx_double_buffer_desc));
426 if (info->control.hw_key &&
427 info->control.hw_key->cipher == WLAN_CIPHER_SUITE_TKIP) {
428 hdrlen = ieee80211_get_hdrlen_from_skb(skb);
429 memmove(frame + WL1251_TKIP_IV_SPACE, frame, hdrlen);
430 skb_pull(skb, WL1251_TKIP_IV_SPACE);
431 }
432
433 wl1251_debug(DEBUG_TX, "tx status id %u skb 0x%p failures %u rate 0x%x"
434 " status 0x%x (%s)",
435 result->id, skb, result->ack_failures, result->rate,
436 result->status, wl1251_tx_parse_status(result->status));
437
438
439 ieee80211_tx_status_skb(wl->hw, skb);
440
441 wl->tx_frames[result->id] = NULL;
442 }
443
444 /* Called upon reception of a TX complete interrupt */
wl1251_tx_complete(struct wl1251 * wl)445 void wl1251_tx_complete(struct wl1251 *wl)
446 {
447 int i, result_index, num_complete = 0, queue_len;
448 struct tx_result *result, *result_ptr;
449 unsigned long flags;
450
451 if (unlikely(wl->state != WL1251_STATE_ON))
452 return;
453
454 result = kmalloc_array(FW_TX_CMPLT_BLOCK_SIZE, sizeof(*result), GFP_KERNEL);
455 if (!result) {
456 wl1251_error("can not allocate result buffer");
457 return;
458 }
459
460 /* First we read the result */
461 wl1251_mem_read(wl, wl->data_path->tx_complete_addr, result,
462 FW_TX_CMPLT_BLOCK_SIZE * sizeof(*result));
463
464 result_index = wl->next_tx_complete;
465
466 for (i = 0; i < FW_TX_CMPLT_BLOCK_SIZE; i++) {
467 result_ptr = &result[result_index];
468
469 if (result_ptr->done_1 == 1 &&
470 result_ptr->done_2 == 1) {
471 wl1251_tx_packet_cb(wl, result_ptr);
472
473 result_ptr->done_1 = 0;
474 result_ptr->done_2 = 0;
475
476 result_index = (result_index + 1) &
477 (FW_TX_CMPLT_BLOCK_SIZE - 1);
478 num_complete++;
479 } else {
480 break;
481 }
482 }
483
484 queue_len = skb_queue_len(&wl->tx_queue);
485
486 if ((num_complete > 0) && (queue_len > 0)) {
487 /* firmware buffer has space, reschedule tx_work */
488 wl1251_debug(DEBUG_TX, "tx_complete: reschedule tx_work");
489 ieee80211_queue_work(wl->hw, &wl->tx_work);
490 }
491
492 if (wl->tx_queue_stopped &&
493 queue_len <= WL1251_TX_QUEUE_LOW_WATERMARK) {
494 /* tx_queue has space, restart queues */
495 wl1251_debug(DEBUG_TX, "tx_complete: waking queues");
496 spin_lock_irqsave(&wl->wl_lock, flags);
497 ieee80211_wake_queues(wl->hw);
498 wl->tx_queue_stopped = false;
499 spin_unlock_irqrestore(&wl->wl_lock, flags);
500 }
501
502 /* Every completed frame needs to be acknowledged */
503 if (num_complete) {
504 /*
505 * If we've wrapped, we have to clear
506 * the results in 2 steps.
507 */
508 if (result_index > wl->next_tx_complete) {
509 /* Only 1 write is needed */
510 wl1251_mem_write(wl,
511 wl->data_path->tx_complete_addr +
512 (wl->next_tx_complete *
513 sizeof(struct tx_result)),
514 &result[wl->next_tx_complete],
515 num_complete *
516 sizeof(struct tx_result));
517
518
519 } else if (result_index < wl->next_tx_complete) {
520 /* 2 writes are needed */
521 wl1251_mem_write(wl,
522 wl->data_path->tx_complete_addr +
523 (wl->next_tx_complete *
524 sizeof(struct tx_result)),
525 &result[wl->next_tx_complete],
526 (FW_TX_CMPLT_BLOCK_SIZE -
527 wl->next_tx_complete) *
528 sizeof(struct tx_result));
529
530 wl1251_mem_write(wl,
531 wl->data_path->tx_complete_addr,
532 result,
533 (num_complete -
534 FW_TX_CMPLT_BLOCK_SIZE +
535 wl->next_tx_complete) *
536 sizeof(struct tx_result));
537
538 } else {
539 /* We have to write the whole array */
540 wl1251_mem_write(wl,
541 wl->data_path->tx_complete_addr,
542 result,
543 FW_TX_CMPLT_BLOCK_SIZE *
544 sizeof(struct tx_result));
545 }
546
547 }
548
549 kfree(result);
550 wl->next_tx_complete = result_index;
551 }
552
553 /* caller must hold wl->mutex */
wl1251_tx_flush(struct wl1251 * wl)554 void wl1251_tx_flush(struct wl1251 *wl)
555 {
556 int i;
557 struct sk_buff *skb;
558 struct ieee80211_tx_info *info;
559
560 /* TX failure */
561 /* control->flags = 0; FIXME */
562
563 while ((skb = skb_dequeue(&wl->tx_queue))) {
564 info = IEEE80211_SKB_CB(skb);
565
566 wl1251_debug(DEBUG_TX, "flushing skb 0x%p", skb);
567
568 if (!(info->flags & IEEE80211_TX_CTL_REQ_TX_STATUS))
569 continue;
570
571 ieee80211_tx_status_skb(wl->hw, skb);
572 }
573
574 for (i = 0; i < FW_TX_CMPLT_BLOCK_SIZE; i++)
575 if (wl->tx_frames[i] != NULL) {
576 skb = wl->tx_frames[i];
577 info = IEEE80211_SKB_CB(skb);
578
579 if (!(info->flags & IEEE80211_TX_CTL_REQ_TX_STATUS))
580 continue;
581
582 ieee80211_tx_status_skb(wl->hw, skb);
583 wl->tx_frames[i] = NULL;
584 }
585 }
586