1// SPDX-License-Identifier: GPL-2.0-only 2/****************************************************************************** 3 * 4 * Copyright(c) 2003 - 2014 Intel Corporation. All rights reserved. 5 * Copyright(c) 2015 Intel Deutschland GmbH 6 * Copyright(c) 2018 Intel Corporation 7 * 8 * Portions of this file are derived from the ipw3945 project, as well 9 * as portionhelp of the ieee80211 subsystem header files. 10 * 11 * Contact Information: 12 * Intel Linux Wireless <linuxwifi@intel.com> 13 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 14 * 15 *****************************************************************************/ 16 17#include <linux/etherdevice.h> 18#include <linux/slab.h> 19#include <linux/sched.h> 20#include <net/mac80211.h> 21#include <asm/unaligned.h> 22 23#include "iwl-trans.h" 24#include "iwl-io.h" 25#include "dev.h" 26#include "calib.h" 27#include "agn.h" 28 29/****************************************************************************** 30 * 31 * Generic RX handler implementations 32 * 33 ******************************************************************************/ 34 35static void iwlagn_rx_reply_error(struct iwl_priv *priv, 36 struct iwl_rx_cmd_buffer *rxb) 37{ 38 struct iwl_rx_packet *pkt = rxb_addr(rxb); 39 struct iwl_error_resp *err_resp = (void *)pkt->data; 40 41 IWL_ERR(priv, "Error Reply type 0x%08X cmd REPLY_ERROR (0x%02X) " 42 "seq 0x%04X ser 0x%08X\n", 43 le32_to_cpu(err_resp->error_type), 44 err_resp->cmd_id, 45 le16_to_cpu(err_resp->bad_cmd_seq_num), 46 le32_to_cpu(err_resp->error_info)); 47} 48 49static void iwlagn_rx_csa(struct iwl_priv *priv, struct iwl_rx_cmd_buffer *rxb) 50{ 51 struct iwl_rx_packet *pkt = rxb_addr(rxb); 52 struct iwl_csa_notification *csa = (void *)pkt->data; 53 /* 54 * MULTI-FIXME 55 * See iwlagn_mac_channel_switch. 56 */ 57 struct iwl_rxon_context *ctx = &priv->contexts[IWL_RXON_CTX_BSS]; 58 struct iwl_rxon_cmd *rxon = (void *)&ctx->active; 59 60 if (!test_bit(STATUS_CHANNEL_SWITCH_PENDING, &priv->status)) 61 return; 62 63 if (!le32_to_cpu(csa->status) && csa->channel == priv->switch_channel) { 64 rxon->channel = csa->channel; 65 ctx->staging.channel = csa->channel; 66 IWL_DEBUG_11H(priv, "CSA notif: channel %d\n", 67 le16_to_cpu(csa->channel)); 68 iwl_chswitch_done(priv, true); 69 } else { 70 IWL_ERR(priv, "CSA notif (fail) : channel %d\n", 71 le16_to_cpu(csa->channel)); 72 iwl_chswitch_done(priv, false); 73 } 74} 75 76 77static void iwlagn_rx_spectrum_measure_notif(struct iwl_priv *priv, 78 struct iwl_rx_cmd_buffer *rxb) 79{ 80 struct iwl_rx_packet *pkt = rxb_addr(rxb); 81 struct iwl_spectrum_notification *report = (void *)pkt->data; 82 83 if (!report->state) { 84 IWL_DEBUG_11H(priv, 85 "Spectrum Measure Notification: Start\n"); 86 return; 87 } 88 89 memcpy(&priv->measure_report, report, sizeof(*report)); 90 priv->measurement_status |= MEASUREMENT_READY; 91} 92 93static void iwlagn_rx_pm_sleep_notif(struct iwl_priv *priv, 94 struct iwl_rx_cmd_buffer *rxb) 95{ 96#ifdef CONFIG_IWLWIFI_DEBUG 97 struct iwl_rx_packet *pkt = rxb_addr(rxb); 98 struct iwl_sleep_notification *sleep = (void *)pkt->data; 99 IWL_DEBUG_RX(priv, "sleep mode: %d, src: %d\n", 100 sleep->pm_sleep_mode, sleep->pm_wakeup_src); 101#endif 102} 103 104static void iwlagn_rx_pm_debug_statistics_notif(struct iwl_priv *priv, 105 struct iwl_rx_cmd_buffer *rxb) 106{ 107 struct iwl_rx_packet *pkt = rxb_addr(rxb); 108 u32 __maybe_unused len = iwl_rx_packet_len(pkt); 109 IWL_DEBUG_RADIO(priv, "Dumping %d bytes of unhandled " 110 "notification for PM_DEBUG_STATISTIC_NOTIFIC:\n", len); 111 iwl_print_hex_dump(priv, IWL_DL_RADIO, pkt->data, len); 112} 113 114static void iwlagn_rx_beacon_notif(struct iwl_priv *priv, 115 struct iwl_rx_cmd_buffer *rxb) 116{ 117 struct iwl_rx_packet *pkt = rxb_addr(rxb); 118 struct iwlagn_beacon_notif *beacon = (void *)pkt->data; 119#ifdef CONFIG_IWLWIFI_DEBUG 120 u16 status = le16_to_cpu(beacon->beacon_notify_hdr.status.status); 121 u8 rate = iwl_hw_get_rate(beacon->beacon_notify_hdr.rate_n_flags); 122 123 IWL_DEBUG_RX(priv, "beacon status %#x, retries:%d ibssmgr:%d " 124 "tsf:0x%.8x%.8x rate:%d\n", 125 status & TX_STATUS_MSK, 126 beacon->beacon_notify_hdr.failure_frame, 127 le32_to_cpu(beacon->ibss_mgr_status), 128 le32_to_cpu(beacon->high_tsf), 129 le32_to_cpu(beacon->low_tsf), rate); 130#endif 131 132 priv->ibss_manager = le32_to_cpu(beacon->ibss_mgr_status); 133} 134 135/* 136 * iwl_good_plcp_health - checks for plcp error. 137 * 138 * When the plcp error is exceeding the thresholds, reset the radio 139 * to improve the throughput. 140 */ 141static bool iwlagn_good_plcp_health(struct iwl_priv *priv, 142 struct statistics_rx_phy *cur_ofdm, 143 struct statistics_rx_ht_phy *cur_ofdm_ht, 144 unsigned int msecs) 145{ 146 int delta; 147 int threshold = priv->plcp_delta_threshold; 148 149 if (threshold == IWL_MAX_PLCP_ERR_THRESHOLD_DISABLE) { 150 IWL_DEBUG_RADIO(priv, "plcp_err check disabled\n"); 151 return true; 152 } 153 154 delta = le32_to_cpu(cur_ofdm->plcp_err) - 155 le32_to_cpu(priv->statistics.rx_ofdm.plcp_err) + 156 le32_to_cpu(cur_ofdm_ht->plcp_err) - 157 le32_to_cpu(priv->statistics.rx_ofdm_ht.plcp_err); 158 159 /* Can be negative if firmware reset statistics */ 160 if (delta <= 0) 161 return true; 162 163 if ((delta * 100 / msecs) > threshold) { 164 IWL_DEBUG_RADIO(priv, 165 "plcp health threshold %u delta %d msecs %u\n", 166 threshold, delta, msecs); 167 return false; 168 } 169 170 return true; 171} 172 173int iwl_force_rf_reset(struct iwl_priv *priv, bool external) 174{ 175 struct iwl_rf_reset *rf_reset; 176 177 if (test_bit(STATUS_EXIT_PENDING, &priv->status)) 178 return -EAGAIN; 179 180 if (!iwl_is_any_associated(priv)) { 181 IWL_DEBUG_SCAN(priv, "force reset rejected: not associated\n"); 182 return -ENOLINK; 183 } 184 185 rf_reset = &priv->rf_reset; 186 rf_reset->reset_request_count++; 187 if (!external && rf_reset->last_reset_jiffies && 188 time_after(rf_reset->last_reset_jiffies + 189 IWL_DELAY_NEXT_FORCE_RF_RESET, jiffies)) { 190 IWL_DEBUG_INFO(priv, "RF reset rejected\n"); 191 rf_reset->reset_reject_count++; 192 return -EAGAIN; 193 } 194 rf_reset->reset_success_count++; 195 rf_reset->last_reset_jiffies = jiffies; 196 197 /* 198 * There is no easy and better way to force reset the radio, 199 * the only known method is switching channel which will force to 200 * reset and tune the radio. 201 * Use internal short scan (single channel) operation to should 202 * achieve this objective. 203 * Driver should reset the radio when number of consecutive missed 204 * beacon, or any other uCode error condition detected. 205 */ 206 IWL_DEBUG_INFO(priv, "perform radio reset.\n"); 207 iwl_internal_short_hw_scan(priv); 208 return 0; 209} 210 211 212static void iwlagn_recover_from_statistics(struct iwl_priv *priv, 213 struct statistics_rx_phy *cur_ofdm, 214 struct statistics_rx_ht_phy *cur_ofdm_ht, 215 struct statistics_tx *tx, 216 unsigned long stamp) 217{ 218 unsigned int msecs; 219 220 if (test_bit(STATUS_EXIT_PENDING, &priv->status)) 221 return; 222 223 msecs = jiffies_to_msecs(stamp - priv->rx_statistics_jiffies); 224 225 /* Only gather statistics and update time stamp when not associated */ 226 if (!iwl_is_any_associated(priv)) 227 return; 228 229 /* Do not check/recover when do not have enough statistics data */ 230 if (msecs < 99) 231 return; 232 233 if (!iwlagn_good_plcp_health(priv, cur_ofdm, cur_ofdm_ht, msecs)) 234 iwl_force_rf_reset(priv, false); 235} 236 237/* Calculate noise level, based on measurements during network silence just 238 * before arriving beacon. This measurement can be done only if we know 239 * exactly when to expect beacons, therefore only when we're associated. */ 240static void iwlagn_rx_calc_noise(struct iwl_priv *priv) 241{ 242 struct statistics_rx_non_phy *rx_info; 243 int num_active_rx = 0; 244 int total_silence = 0; 245 int bcn_silence_a, bcn_silence_b, bcn_silence_c; 246 int last_rx_noise; 247 248 rx_info = &priv->statistics.rx_non_phy; 249 250 bcn_silence_a = 251 le32_to_cpu(rx_info->beacon_silence_rssi_a) & IN_BAND_FILTER; 252 bcn_silence_b = 253 le32_to_cpu(rx_info->beacon_silence_rssi_b) & IN_BAND_FILTER; 254 bcn_silence_c = 255 le32_to_cpu(rx_info->beacon_silence_rssi_c) & IN_BAND_FILTER; 256 257 if (bcn_silence_a) { 258 total_silence += bcn_silence_a; 259 num_active_rx++; 260 } 261 if (bcn_silence_b) { 262 total_silence += bcn_silence_b; 263 num_active_rx++; 264 } 265 if (bcn_silence_c) { 266 total_silence += bcn_silence_c; 267 num_active_rx++; 268 } 269 270 /* Average among active antennas */ 271 if (num_active_rx) 272 last_rx_noise = (total_silence / num_active_rx) - 107; 273 else 274 last_rx_noise = IWL_NOISE_MEAS_NOT_AVAILABLE; 275 276 IWL_DEBUG_CALIB(priv, "inband silence a %u, b %u, c %u, dBm %d\n", 277 bcn_silence_a, bcn_silence_b, bcn_silence_c, 278 last_rx_noise); 279} 280 281#ifdef CONFIG_IWLWIFI_DEBUGFS 282/* 283 * based on the assumption of all statistics counter are in DWORD 284 * FIXME: This function is for debugging, do not deal with 285 * the case of counters roll-over. 286 */ 287static void accum_stats(__le32 *prev, __le32 *cur, __le32 *delta, 288 __le32 *max_delta, __le32 *accum, int size) 289{ 290 int i; 291 292 for (i = 0; 293 i < size / sizeof(__le32); 294 i++, prev++, cur++, delta++, max_delta++, accum++) { 295 if (le32_to_cpu(*cur) > le32_to_cpu(*prev)) { 296 *delta = cpu_to_le32( 297 le32_to_cpu(*cur) - le32_to_cpu(*prev)); 298 le32_add_cpu(accum, le32_to_cpu(*delta)); 299 if (le32_to_cpu(*delta) > le32_to_cpu(*max_delta)) 300 *max_delta = *delta; 301 } 302 } 303} 304 305static void 306iwlagn_accumulative_statistics(struct iwl_priv *priv, 307 struct statistics_general_common *common, 308 struct statistics_rx_non_phy *rx_non_phy, 309 struct statistics_rx_phy *rx_ofdm, 310 struct statistics_rx_ht_phy *rx_ofdm_ht, 311 struct statistics_rx_phy *rx_cck, 312 struct statistics_tx *tx, 313 struct statistics_bt_activity *bt_activity) 314{ 315#define ACCUM(_name) \ 316 accum_stats((__le32 *)&priv->statistics._name, \ 317 (__le32 *)_name, \ 318 (__le32 *)&priv->delta_stats._name, \ 319 (__le32 *)&priv->max_delta_stats._name, \ 320 (__le32 *)&priv->accum_stats._name, \ 321 sizeof(*_name)); 322 323 ACCUM(common); 324 ACCUM(rx_non_phy); 325 ACCUM(rx_ofdm); 326 ACCUM(rx_ofdm_ht); 327 ACCUM(rx_cck); 328 ACCUM(tx); 329 if (bt_activity) 330 ACCUM(bt_activity); 331#undef ACCUM 332} 333#else 334static inline void 335iwlagn_accumulative_statistics(struct iwl_priv *priv, 336 struct statistics_general_common *common, 337 struct statistics_rx_non_phy *rx_non_phy, 338 struct statistics_rx_phy *rx_ofdm, 339 struct statistics_rx_ht_phy *rx_ofdm_ht, 340 struct statistics_rx_phy *rx_cck, 341 struct statistics_tx *tx, 342 struct statistics_bt_activity *bt_activity) 343{ 344} 345#endif 346 347static void iwlagn_rx_statistics(struct iwl_priv *priv, 348 struct iwl_rx_cmd_buffer *rxb) 349{ 350 unsigned long stamp = jiffies; 351 const int reg_recalib_period = 60; 352 int change; 353 struct iwl_rx_packet *pkt = rxb_addr(rxb); 354 u32 len = iwl_rx_packet_payload_len(pkt); 355 __le32 *flag; 356 struct statistics_general_common *common; 357 struct statistics_rx_non_phy *rx_non_phy; 358 struct statistics_rx_phy *rx_ofdm; 359 struct statistics_rx_ht_phy *rx_ofdm_ht; 360 struct statistics_rx_phy *rx_cck; 361 struct statistics_tx *tx; 362 struct statistics_bt_activity *bt_activity; 363 364 IWL_DEBUG_RX(priv, "Statistics notification received (%d bytes).\n", 365 len); 366 367 spin_lock(&priv->statistics.lock); 368 369 if (len == sizeof(struct iwl_bt_notif_statistics)) { 370 struct iwl_bt_notif_statistics *stats; 371 stats = (void *)&pkt->data; 372 flag = &stats->flag; 373 common = &stats->general.common; 374 rx_non_phy = &stats->rx.general.common; 375 rx_ofdm = &stats->rx.ofdm; 376 rx_ofdm_ht = &stats->rx.ofdm_ht; 377 rx_cck = &stats->rx.cck; 378 tx = &stats->tx; 379 bt_activity = &stats->general.activity; 380 381#ifdef CONFIG_IWLWIFI_DEBUGFS 382 /* handle this exception directly */ 383 priv->statistics.num_bt_kills = stats->rx.general.num_bt_kills; 384 le32_add_cpu(&priv->statistics.accum_num_bt_kills, 385 le32_to_cpu(stats->rx.general.num_bt_kills)); 386#endif 387 } else if (len == sizeof(struct iwl_notif_statistics)) { 388 struct iwl_notif_statistics *stats; 389 stats = (void *)&pkt->data; 390 flag = &stats->flag; 391 common = &stats->general.common; 392 rx_non_phy = &stats->rx.general; 393 rx_ofdm = &stats->rx.ofdm; 394 rx_ofdm_ht = &stats->rx.ofdm_ht; 395 rx_cck = &stats->rx.cck; 396 tx = &stats->tx; 397 bt_activity = NULL; 398 } else { 399 WARN_ONCE(1, "len %d doesn't match BT (%zu) or normal (%zu)\n", 400 len, sizeof(struct iwl_bt_notif_statistics), 401 sizeof(struct iwl_notif_statistics)); 402 spin_unlock(&priv->statistics.lock); 403 return; 404 } 405 406 change = common->temperature != priv->statistics.common.temperature || 407 (*flag & STATISTICS_REPLY_FLG_HT40_MODE_MSK) != 408 (priv->statistics.flag & STATISTICS_REPLY_FLG_HT40_MODE_MSK); 409 410 iwlagn_accumulative_statistics(priv, common, rx_non_phy, rx_ofdm, 411 rx_ofdm_ht, rx_cck, tx, bt_activity); 412 413 iwlagn_recover_from_statistics(priv, rx_ofdm, rx_ofdm_ht, tx, stamp); 414 415 priv->statistics.flag = *flag; 416 memcpy(&priv->statistics.common, common, sizeof(*common)); 417 memcpy(&priv->statistics.rx_non_phy, rx_non_phy, sizeof(*rx_non_phy)); 418 memcpy(&priv->statistics.rx_ofdm, rx_ofdm, sizeof(*rx_ofdm)); 419 memcpy(&priv->statistics.rx_ofdm_ht, rx_ofdm_ht, sizeof(*rx_ofdm_ht)); 420 memcpy(&priv->statistics.rx_cck, rx_cck, sizeof(*rx_cck)); 421 memcpy(&priv->statistics.tx, tx, sizeof(*tx)); 422#ifdef CONFIG_IWLWIFI_DEBUGFS 423 if (bt_activity) 424 memcpy(&priv->statistics.bt_activity, bt_activity, 425 sizeof(*bt_activity)); 426#endif 427 428 priv->rx_statistics_jiffies = stamp; 429 430 set_bit(STATUS_STATISTICS, &priv->status); 431 432 /* Reschedule the statistics timer to occur in 433 * reg_recalib_period seconds to ensure we get a 434 * thermal update even if the uCode doesn't give 435 * us one */ 436 mod_timer(&priv->statistics_periodic, jiffies + 437 msecs_to_jiffies(reg_recalib_period * 1000)); 438 439 if (unlikely(!test_bit(STATUS_SCANNING, &priv->status)) && 440 (pkt->hdr.cmd == STATISTICS_NOTIFICATION)) { 441 iwlagn_rx_calc_noise(priv); 442 queue_work(priv->workqueue, &priv->run_time_calib_work); 443 } 444 if (priv->lib->temperature && change) 445 priv->lib->temperature(priv); 446 447 spin_unlock(&priv->statistics.lock); 448} 449 450static void iwlagn_rx_reply_statistics(struct iwl_priv *priv, 451 struct iwl_rx_cmd_buffer *rxb) 452{ 453 struct iwl_rx_packet *pkt = rxb_addr(rxb); 454 struct iwl_notif_statistics *stats = (void *)pkt->data; 455 456 if (le32_to_cpu(stats->flag) & UCODE_STATISTICS_CLEAR_MSK) { 457#ifdef CONFIG_IWLWIFI_DEBUGFS 458 memset(&priv->accum_stats, 0, 459 sizeof(priv->accum_stats)); 460 memset(&priv->delta_stats, 0, 461 sizeof(priv->delta_stats)); 462 memset(&priv->max_delta_stats, 0, 463 sizeof(priv->max_delta_stats)); 464#endif 465 IWL_DEBUG_RX(priv, "Statistics have been cleared\n"); 466 } 467 468 iwlagn_rx_statistics(priv, rxb); 469} 470 471/* Handle notification from uCode that card's power state is changing 472 * due to software, hardware, or critical temperature RFKILL */ 473static void iwlagn_rx_card_state_notif(struct iwl_priv *priv, 474 struct iwl_rx_cmd_buffer *rxb) 475{ 476 struct iwl_rx_packet *pkt = rxb_addr(rxb); 477 struct iwl_card_state_notif *card_state_notif = (void *)pkt->data; 478 u32 flags = le32_to_cpu(card_state_notif->flags); 479 unsigned long status = priv->status; 480 481 IWL_DEBUG_RF_KILL(priv, "Card state received: HW:%s SW:%s CT:%s\n", 482 (flags & HW_CARD_DISABLED) ? "Kill" : "On", 483 (flags & SW_CARD_DISABLED) ? "Kill" : "On", 484 (flags & CT_CARD_DISABLED) ? 485 "Reached" : "Not reached"); 486 487 if (flags & (SW_CARD_DISABLED | HW_CARD_DISABLED | 488 CT_CARD_DISABLED)) { 489 490 iwl_write32(priv->trans, CSR_UCODE_DRV_GP1_SET, 491 CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED); 492 493 iwl_write_direct32(priv->trans, HBUS_TARG_MBX_C, 494 HBUS_TARG_MBX_C_REG_BIT_CMD_BLOCKED); 495 496 if (!(flags & RXON_CARD_DISABLED)) { 497 iwl_write32(priv->trans, CSR_UCODE_DRV_GP1_CLR, 498 CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED); 499 iwl_write_direct32(priv->trans, HBUS_TARG_MBX_C, 500 HBUS_TARG_MBX_C_REG_BIT_CMD_BLOCKED); 501 } 502 if (flags & CT_CARD_DISABLED) 503 iwl_tt_enter_ct_kill(priv); 504 } 505 if (!(flags & CT_CARD_DISABLED)) 506 iwl_tt_exit_ct_kill(priv); 507 508 if (flags & HW_CARD_DISABLED) 509 set_bit(STATUS_RF_KILL_HW, &priv->status); 510 else 511 clear_bit(STATUS_RF_KILL_HW, &priv->status); 512 513 514 if (!(flags & RXON_CARD_DISABLED)) 515 iwl_scan_cancel(priv); 516 517 if ((test_bit(STATUS_RF_KILL_HW, &status) != 518 test_bit(STATUS_RF_KILL_HW, &priv->status))) 519 wiphy_rfkill_set_hw_state(priv->hw->wiphy, 520 test_bit(STATUS_RF_KILL_HW, &priv->status)); 521} 522 523static void iwlagn_rx_missed_beacon_notif(struct iwl_priv *priv, 524 struct iwl_rx_cmd_buffer *rxb) 525 526{ 527 struct iwl_rx_packet *pkt = rxb_addr(rxb); 528 struct iwl_missed_beacon_notif *missed_beacon = (void *)pkt->data; 529 530 if (le32_to_cpu(missed_beacon->consecutive_missed_beacons) > 531 priv->missed_beacon_threshold) { 532 IWL_DEBUG_CALIB(priv, 533 "missed bcn cnsq %d totl %d rcd %d expctd %d\n", 534 le32_to_cpu(missed_beacon->consecutive_missed_beacons), 535 le32_to_cpu(missed_beacon->total_missed_becons), 536 le32_to_cpu(missed_beacon->num_recvd_beacons), 537 le32_to_cpu(missed_beacon->num_expected_beacons)); 538 if (!test_bit(STATUS_SCANNING, &priv->status)) 539 iwl_init_sensitivity(priv); 540 } 541} 542 543/* Cache phy data (Rx signal strength, etc) for HT frame (REPLY_RX_PHY_CMD). 544 * This will be used later in iwl_rx_reply_rx() for REPLY_RX_MPDU_CMD. */ 545static void iwlagn_rx_reply_rx_phy(struct iwl_priv *priv, 546 struct iwl_rx_cmd_buffer *rxb) 547{ 548 struct iwl_rx_packet *pkt = rxb_addr(rxb); 549 550 priv->last_phy_res_valid = true; 551 priv->ampdu_ref++; 552 memcpy(&priv->last_phy_res, pkt->data, 553 sizeof(struct iwl_rx_phy_res)); 554} 555 556/* 557 * returns non-zero if packet should be dropped 558 */ 559static int iwlagn_set_decrypted_flag(struct iwl_priv *priv, 560 struct ieee80211_hdr *hdr, 561 u32 decrypt_res, 562 struct ieee80211_rx_status *stats) 563{ 564 u16 fc = le16_to_cpu(hdr->frame_control); 565 566 /* 567 * All contexts have the same setting here due to it being 568 * a module parameter, so OK to check any context. 569 */ 570 if (priv->contexts[IWL_RXON_CTX_BSS].active.filter_flags & 571 RXON_FILTER_DIS_DECRYPT_MSK) 572 return 0; 573 574 if (!(fc & IEEE80211_FCTL_PROTECTED)) 575 return 0; 576 577 IWL_DEBUG_RX(priv, "decrypt_res:0x%x\n", decrypt_res); 578 switch (decrypt_res & RX_RES_STATUS_SEC_TYPE_MSK) { 579 case RX_RES_STATUS_SEC_TYPE_TKIP: 580 /* The uCode has got a bad phase 1 Key, pushes the packet. 581 * Decryption will be done in SW. */ 582 if ((decrypt_res & RX_RES_STATUS_DECRYPT_TYPE_MSK) == 583 RX_RES_STATUS_BAD_KEY_TTAK) 584 break; 585 /* fall through */ 586 case RX_RES_STATUS_SEC_TYPE_WEP: 587 if ((decrypt_res & RX_RES_STATUS_DECRYPT_TYPE_MSK) == 588 RX_RES_STATUS_BAD_ICV_MIC) { 589 /* bad ICV, the packet is destroyed since the 590 * decryption is inplace, drop it */ 591 IWL_DEBUG_RX(priv, "Packet destroyed\n"); 592 return -1; 593 } 594 /* fall through */ 595 case RX_RES_STATUS_SEC_TYPE_CCMP: 596 if ((decrypt_res & RX_RES_STATUS_DECRYPT_TYPE_MSK) == 597 RX_RES_STATUS_DECRYPT_OK) { 598 IWL_DEBUG_RX(priv, "hw decrypt successfully!!!\n"); 599 stats->flag |= RX_FLAG_DECRYPTED; 600 } 601 break; 602 603 default: 604 break; 605 } 606 return 0; 607} 608 609static void iwlagn_pass_packet_to_mac80211(struct iwl_priv *priv, 610 struct ieee80211_hdr *hdr, 611 u16 len, 612 u32 ampdu_status, 613 struct iwl_rx_cmd_buffer *rxb, 614 struct ieee80211_rx_status *stats) 615{ 616 struct sk_buff *skb; 617 __le16 fc = hdr->frame_control; 618 struct iwl_rxon_context *ctx; 619 unsigned int hdrlen, fraglen; 620 621 /* We only process data packets if the interface is open */ 622 if (unlikely(!priv->is_open)) { 623 IWL_DEBUG_DROP_LIMIT(priv, 624 "Dropping packet while interface is not open.\n"); 625 return; 626 } 627 628 /* In case of HW accelerated crypto and bad decryption, drop */ 629 if (!iwlwifi_mod_params.swcrypto && 630 iwlagn_set_decrypted_flag(priv, hdr, ampdu_status, stats)) 631 return; 632 633 /* Dont use dev_alloc_skb(), we'll have enough headroom once 634 * ieee80211_hdr pulled. 635 */ 636 skb = alloc_skb(128, GFP_ATOMIC); 637 if (!skb) { 638 IWL_ERR(priv, "alloc_skb failed\n"); 639 return; 640 } 641 /* If frame is small enough to fit in skb->head, pull it completely. 642 * If not, only pull ieee80211_hdr so that splice() or TCP coalesce 643 * are more efficient. 644 */ 645 hdrlen = (len <= skb_tailroom(skb)) ? len : sizeof(*hdr); 646 647 skb_put_data(skb, hdr, hdrlen); 648 fraglen = len - hdrlen; 649 650 if (fraglen) { 651 int offset = (void *)hdr + hdrlen - 652 rxb_addr(rxb) + rxb_offset(rxb); 653 654 skb_add_rx_frag(skb, 0, rxb_steal_page(rxb), offset, 655 fraglen, rxb->truesize); 656 } 657 658 /* 659 * Wake any queues that were stopped due to a passive channel tx 660 * failure. This can happen because the regulatory enforcement in 661 * the device waits for a beacon before allowing transmission, 662 * sometimes even after already having transmitted frames for the 663 * association because the new RXON may reset the information. 664 */ 665 if (unlikely(ieee80211_is_beacon(fc) && priv->passive_no_rx)) { 666 for_each_context(priv, ctx) { 667 if (!ether_addr_equal(hdr->addr3, 668 ctx->active.bssid_addr)) 669 continue; 670 iwlagn_lift_passive_no_rx(priv); 671 } 672 } 673 674 memcpy(IEEE80211_SKB_RXCB(skb), stats, sizeof(*stats)); 675 676 ieee80211_rx_napi(priv->hw, NULL, skb, priv->napi); 677} 678 679static u32 iwlagn_translate_rx_status(struct iwl_priv *priv, u32 decrypt_in) 680{ 681 u32 decrypt_out = 0; 682 683 if ((decrypt_in & RX_RES_STATUS_STATION_FOUND) == 684 RX_RES_STATUS_STATION_FOUND) 685 decrypt_out |= (RX_RES_STATUS_STATION_FOUND | 686 RX_RES_STATUS_NO_STATION_INFO_MISMATCH); 687 688 decrypt_out |= (decrypt_in & RX_RES_STATUS_SEC_TYPE_MSK); 689 690 /* packet was not encrypted */ 691 if ((decrypt_in & RX_RES_STATUS_SEC_TYPE_MSK) == 692 RX_RES_STATUS_SEC_TYPE_NONE) 693 return decrypt_out; 694 695 /* packet was encrypted with unknown alg */ 696 if ((decrypt_in & RX_RES_STATUS_SEC_TYPE_MSK) == 697 RX_RES_STATUS_SEC_TYPE_ERR) 698 return decrypt_out; 699 700 /* decryption was not done in HW */ 701 if ((decrypt_in & RX_MPDU_RES_STATUS_DEC_DONE_MSK) != 702 RX_MPDU_RES_STATUS_DEC_DONE_MSK) 703 return decrypt_out; 704 705 switch (decrypt_in & RX_RES_STATUS_SEC_TYPE_MSK) { 706 707 case RX_RES_STATUS_SEC_TYPE_CCMP: 708 /* alg is CCM: check MIC only */ 709 if (!(decrypt_in & RX_MPDU_RES_STATUS_MIC_OK)) 710 /* Bad MIC */ 711 decrypt_out |= RX_RES_STATUS_BAD_ICV_MIC; 712 else 713 decrypt_out |= RX_RES_STATUS_DECRYPT_OK; 714 715 break; 716 717 case RX_RES_STATUS_SEC_TYPE_TKIP: 718 if (!(decrypt_in & RX_MPDU_RES_STATUS_TTAK_OK)) { 719 /* Bad TTAK */ 720 decrypt_out |= RX_RES_STATUS_BAD_KEY_TTAK; 721 break; 722 } 723 /* fall through */ 724 default: 725 if (!(decrypt_in & RX_MPDU_RES_STATUS_ICV_OK)) 726 decrypt_out |= RX_RES_STATUS_BAD_ICV_MIC; 727 else 728 decrypt_out |= RX_RES_STATUS_DECRYPT_OK; 729 break; 730 } 731 732 IWL_DEBUG_RX(priv, "decrypt_in:0x%x decrypt_out = 0x%x\n", 733 decrypt_in, decrypt_out); 734 735 return decrypt_out; 736} 737 738/* Calc max signal level (dBm) among 3 possible receivers */ 739static int iwlagn_calc_rssi(struct iwl_priv *priv, 740 struct iwl_rx_phy_res *rx_resp) 741{ 742 /* data from PHY/DSP regarding signal strength, etc., 743 * contents are always there, not configurable by host 744 */ 745 struct iwlagn_non_cfg_phy *ncphy = 746 (struct iwlagn_non_cfg_phy *)rx_resp->non_cfg_phy_buf; 747 u32 val, rssi_a, rssi_b, rssi_c, max_rssi; 748 u8 agc; 749 750 val = le32_to_cpu(ncphy->non_cfg_phy[IWLAGN_RX_RES_AGC_IDX]); 751 agc = (val & IWLAGN_OFDM_AGC_MSK) >> IWLAGN_OFDM_AGC_BIT_POS; 752 753 /* Find max rssi among 3 possible receivers. 754 * These values are measured by the digital signal processor (DSP). 755 * They should stay fairly constant even as the signal strength varies, 756 * if the radio's automatic gain control (AGC) is working right. 757 * AGC value (see below) will provide the "interesting" info. 758 */ 759 val = le32_to_cpu(ncphy->non_cfg_phy[IWLAGN_RX_RES_RSSI_AB_IDX]); 760 rssi_a = (val & IWLAGN_OFDM_RSSI_INBAND_A_BITMSK) >> 761 IWLAGN_OFDM_RSSI_A_BIT_POS; 762 rssi_b = (val & IWLAGN_OFDM_RSSI_INBAND_B_BITMSK) >> 763 IWLAGN_OFDM_RSSI_B_BIT_POS; 764 val = le32_to_cpu(ncphy->non_cfg_phy[IWLAGN_RX_RES_RSSI_C_IDX]); 765 rssi_c = (val & IWLAGN_OFDM_RSSI_INBAND_C_BITMSK) >> 766 IWLAGN_OFDM_RSSI_C_BIT_POS; 767 768 max_rssi = max_t(u32, rssi_a, rssi_b); 769 max_rssi = max_t(u32, max_rssi, rssi_c); 770 771 IWL_DEBUG_STATS(priv, "Rssi In A %d B %d C %d Max %d AGC dB %d\n", 772 rssi_a, rssi_b, rssi_c, max_rssi, agc); 773 774 /* dBm = max_rssi dB - agc dB - constant. 775 * Higher AGC (higher radio gain) means lower signal. */ 776 return max_rssi - agc - IWLAGN_RSSI_OFFSET; 777} 778 779/* Called for REPLY_RX_MPDU_CMD */ 780static void iwlagn_rx_reply_rx(struct iwl_priv *priv, 781 struct iwl_rx_cmd_buffer *rxb) 782{ 783 struct ieee80211_hdr *header; 784 struct ieee80211_rx_status rx_status = {}; 785 struct iwl_rx_packet *pkt = rxb_addr(rxb); 786 struct iwl_rx_phy_res *phy_res; 787 __le32 rx_pkt_status; 788 struct iwl_rx_mpdu_res_start *amsdu; 789 u32 len; 790 u32 ampdu_status; 791 u32 rate_n_flags; 792 793 if (!priv->last_phy_res_valid) { 794 IWL_ERR(priv, "MPDU frame without cached PHY data\n"); 795 return; 796 } 797 phy_res = &priv->last_phy_res; 798 amsdu = (struct iwl_rx_mpdu_res_start *)pkt->data; 799 header = (struct ieee80211_hdr *)(pkt->data + sizeof(*amsdu)); 800 len = le16_to_cpu(amsdu->byte_count); 801 rx_pkt_status = *(__le32 *)(pkt->data + sizeof(*amsdu) + len); 802 ampdu_status = iwlagn_translate_rx_status(priv, 803 le32_to_cpu(rx_pkt_status)); 804 805 if ((unlikely(phy_res->cfg_phy_cnt > 20))) { 806 IWL_DEBUG_DROP(priv, "dsp size out of range [0,20]: %d\n", 807 phy_res->cfg_phy_cnt); 808 return; 809 } 810 811 if (!(rx_pkt_status & RX_RES_STATUS_NO_CRC32_ERROR) || 812 !(rx_pkt_status & RX_RES_STATUS_NO_RXE_OVERFLOW)) { 813 IWL_DEBUG_RX(priv, "Bad CRC or FIFO: 0x%08X.\n", 814 le32_to_cpu(rx_pkt_status)); 815 return; 816 } 817 818 /* This will be used in several places later */ 819 rate_n_flags = le32_to_cpu(phy_res->rate_n_flags); 820 821 /* rx_status carries information about the packet to mac80211 */ 822 rx_status.mactime = le64_to_cpu(phy_res->timestamp); 823 rx_status.band = (phy_res->phy_flags & RX_RES_PHY_FLAGS_BAND_24_MSK) ? 824 NL80211_BAND_2GHZ : NL80211_BAND_5GHZ; 825 rx_status.freq = 826 ieee80211_channel_to_frequency(le16_to_cpu(phy_res->channel), 827 rx_status.band); 828 rx_status.rate_idx = 829 iwlagn_hwrate_to_mac80211_idx(rate_n_flags, rx_status.band); 830 rx_status.flag = 0; 831 832 /* TSF isn't reliable. In order to allow smooth user experience, 833 * this W/A doesn't propagate it to the mac80211 */ 834 /*rx_status.flag |= RX_FLAG_MACTIME_START;*/ 835 836 priv->ucode_beacon_time = le32_to_cpu(phy_res->beacon_time_stamp); 837 838 /* Find max signal strength (dBm) among 3 antenna/receiver chains */ 839 rx_status.signal = iwlagn_calc_rssi(priv, phy_res); 840 841 IWL_DEBUG_STATS_LIMIT(priv, "Rssi %d, TSF %llu\n", 842 rx_status.signal, (unsigned long long)rx_status.mactime); 843 844 /* 845 * "antenna number" 846 * 847 * It seems that the antenna field in the phy flags value 848 * is actually a bit field. This is undefined by radiotap, 849 * it wants an actual antenna number but I always get "7" 850 * for most legacy frames I receive indicating that the 851 * same frame was received on all three RX chains. 852 * 853 * I think this field should be removed in favor of a 854 * new 802.11n radiotap field "RX chains" that is defined 855 * as a bitmask. 856 */ 857 rx_status.antenna = 858 (le16_to_cpu(phy_res->phy_flags) & RX_RES_PHY_FLAGS_ANTENNA_MSK) 859 >> RX_RES_PHY_FLAGS_ANTENNA_POS; 860 861 /* set the preamble flag if appropriate */ 862 if (phy_res->phy_flags & RX_RES_PHY_FLAGS_SHORT_PREAMBLE_MSK) 863 rx_status.enc_flags |= RX_ENC_FLAG_SHORTPRE; 864 865 if (phy_res->phy_flags & RX_RES_PHY_FLAGS_AGG_MSK) { 866 /* 867 * We know which subframes of an A-MPDU belong 868 * together since we get a single PHY response 869 * from the firmware for all of them 870 */ 871 rx_status.flag |= RX_FLAG_AMPDU_DETAILS; 872 rx_status.ampdu_reference = priv->ampdu_ref; 873 } 874 875 /* Set up the HT phy flags */ 876 if (rate_n_flags & RATE_MCS_HT_MSK) 877 rx_status.encoding = RX_ENC_HT; 878 if (rate_n_flags & RATE_MCS_HT40_MSK) 879 rx_status.bw = RATE_INFO_BW_40; 880 else 881 rx_status.bw = RATE_INFO_BW_20; 882 if (rate_n_flags & RATE_MCS_SGI_MSK) 883 rx_status.enc_flags |= RX_ENC_FLAG_SHORT_GI; 884 if (rate_n_flags & RATE_MCS_GF_MSK) 885 rx_status.enc_flags |= RX_ENC_FLAG_HT_GF; 886 887 iwlagn_pass_packet_to_mac80211(priv, header, len, ampdu_status, 888 rxb, &rx_status); 889} 890 891static void iwlagn_rx_noa_notification(struct iwl_priv *priv, 892 struct iwl_rx_cmd_buffer *rxb) 893{ 894 struct iwl_wipan_noa_data *new_data, *old_data; 895 struct iwl_rx_packet *pkt = rxb_addr(rxb); 896 struct iwl_wipan_noa_notification *noa_notif = (void *)pkt->data; 897 898 /* no condition -- we're in softirq */ 899 old_data = rcu_dereference_protected(priv->noa_data, true); 900 901 if (noa_notif->noa_active) { 902 u32 len = le16_to_cpu(noa_notif->noa_attribute.length); 903 u32 copylen = len; 904 905 /* EID, len, OUI, subtype */ 906 len += 1 + 1 + 3 + 1; 907 /* P2P id, P2P length */ 908 len += 1 + 2; 909 copylen += 1 + 2; 910 911 new_data = kmalloc(sizeof(*new_data) + len, GFP_ATOMIC); 912 if (new_data) { 913 new_data->length = len; 914 new_data->data[0] = WLAN_EID_VENDOR_SPECIFIC; 915 new_data->data[1] = len - 2; /* not counting EID, len */ 916 new_data->data[2] = (WLAN_OUI_WFA >> 16) & 0xff; 917 new_data->data[3] = (WLAN_OUI_WFA >> 8) & 0xff; 918 new_data->data[4] = (WLAN_OUI_WFA >> 0) & 0xff; 919 new_data->data[5] = WLAN_OUI_TYPE_WFA_P2P; 920 memcpy(&new_data->data[6], &noa_notif->noa_attribute, 921 copylen); 922 } 923 } else 924 new_data = NULL; 925 926 rcu_assign_pointer(priv->noa_data, new_data); 927 928 if (old_data) 929 kfree_rcu(old_data, rcu_head); 930} 931 932/* 933 * iwl_setup_rx_handlers - Initialize Rx handler callbacks 934 * 935 * Setup the RX handlers for each of the reply types sent from the uCode 936 * to the host. 937 */ 938void iwl_setup_rx_handlers(struct iwl_priv *priv) 939{ 940 void (**handlers)(struct iwl_priv *priv, struct iwl_rx_cmd_buffer *rxb); 941 942 handlers = priv->rx_handlers; 943 944 handlers[REPLY_ERROR] = iwlagn_rx_reply_error; 945 handlers[CHANNEL_SWITCH_NOTIFICATION] = iwlagn_rx_csa; 946 handlers[SPECTRUM_MEASURE_NOTIFICATION] = 947 iwlagn_rx_spectrum_measure_notif; 948 handlers[PM_SLEEP_NOTIFICATION] = iwlagn_rx_pm_sleep_notif; 949 handlers[PM_DEBUG_STATISTIC_NOTIFIC] = 950 iwlagn_rx_pm_debug_statistics_notif; 951 handlers[BEACON_NOTIFICATION] = iwlagn_rx_beacon_notif; 952 handlers[REPLY_ADD_STA] = iwl_add_sta_callback; 953 954 handlers[REPLY_WIPAN_NOA_NOTIFICATION] = iwlagn_rx_noa_notification; 955 956 /* 957 * The same handler is used for both the REPLY to a discrete 958 * statistics request from the host as well as for the periodic 959 * statistics notifications (after received beacons) from the uCode. 960 */ 961 handlers[REPLY_STATISTICS_CMD] = iwlagn_rx_reply_statistics; 962 handlers[STATISTICS_NOTIFICATION] = iwlagn_rx_statistics; 963 964 iwl_setup_rx_scan_handlers(priv); 965 966 handlers[CARD_STATE_NOTIFICATION] = iwlagn_rx_card_state_notif; 967 handlers[MISSED_BEACONS_NOTIFICATION] = 968 iwlagn_rx_missed_beacon_notif; 969 970 /* Rx handlers */ 971 handlers[REPLY_RX_PHY_CMD] = iwlagn_rx_reply_rx_phy; 972 handlers[REPLY_RX_MPDU_CMD] = iwlagn_rx_reply_rx; 973 974 /* block ack */ 975 handlers[REPLY_COMPRESSED_BA] = 976 iwlagn_rx_reply_compressed_ba; 977 978 priv->rx_handlers[REPLY_TX] = iwlagn_rx_reply_tx; 979 980 /* set up notification wait support */ 981 iwl_notification_wait_init(&priv->notif_wait); 982 983 /* Set up BT Rx handlers */ 984 if (priv->lib->bt_params) 985 iwlagn_bt_rx_handler_setup(priv); 986} 987 988void iwl_rx_dispatch(struct iwl_op_mode *op_mode, struct napi_struct *napi, 989 struct iwl_rx_cmd_buffer *rxb) 990{ 991 struct iwl_rx_packet *pkt = rxb_addr(rxb); 992 struct iwl_priv *priv = IWL_OP_MODE_GET_DVM(op_mode); 993 994 /* 995 * Do the notification wait before RX handlers so 996 * even if the RX handler consumes the RXB we have 997 * access to it in the notification wait entry. 998 */ 999 iwl_notification_wait_notify(&priv->notif_wait, pkt); 1000 1001 /* Based on type of command response or notification, 1002 * handle those that need handling via function in 1003 * rx_handlers table. See iwl_setup_rx_handlers() */ 1004 if (priv->rx_handlers[pkt->hdr.cmd]) { 1005 priv->rx_handlers_stats[pkt->hdr.cmd]++; 1006 priv->rx_handlers[pkt->hdr.cmd](priv, rxb); 1007 } else { 1008 /* No handling needed */ 1009 IWL_DEBUG_RX(priv, "No handler needed for %s, 0x%02x\n", 1010 iwl_get_cmd_string(priv->trans, 1011 iwl_cmd_id(pkt->hdr.cmd, 1012 0, 0)), 1013 pkt->hdr.cmd); 1014 } 1015} 1016