dp_rx_defrag.c 58 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164
  1. /*
  2. * Copyright (c) 2017-2021 The Linux Foundation. All rights reserved.
  3. *
  4. * Permission to use, copy, modify, and/or distribute this software for
  5. * any purpose with or without fee is hereby granted, provided that the
  6. * above copyright notice and this permission notice appear in all
  7. * copies.
  8. *
  9. * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
  10. * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
  11. * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
  12. * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
  13. * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
  14. * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
  15. * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  16. * PERFORMANCE OF THIS SOFTWARE.
  17. */
  18. #include "hal_hw_headers.h"
  19. #include "dp_types.h"
  20. #include "dp_rx.h"
  21. #include "dp_peer.h"
  22. #include "hal_api.h"
  23. #include "qdf_trace.h"
  24. #include "qdf_nbuf.h"
  25. #include "dp_internal.h"
  26. #include "dp_rx_defrag.h"
  27. #include <enet.h> /* LLC_SNAP_HDR_LEN */
  28. #include "dp_rx_defrag.h"
  29. #include "dp_ipa.h"
  30. #include "dp_rx_buffer_pool.h"
  31. const struct dp_rx_defrag_cipher dp_f_ccmp = {
  32. "AES-CCM",
  33. IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + IEEE80211_WEP_EXTIVLEN,
  34. IEEE80211_WEP_MICLEN,
  35. 0,
  36. };
  37. const struct dp_rx_defrag_cipher dp_f_tkip = {
  38. "TKIP",
  39. IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + IEEE80211_WEP_EXTIVLEN,
  40. IEEE80211_WEP_CRCLEN,
  41. IEEE80211_WEP_MICLEN,
  42. };
  43. const struct dp_rx_defrag_cipher dp_f_wep = {
  44. "WEP",
  45. IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN,
  46. IEEE80211_WEP_CRCLEN,
  47. 0,
  48. };
  49. /*
  50. * The header and mic length are same for both
  51. * GCMP-128 and GCMP-256.
  52. */
  53. const struct dp_rx_defrag_cipher dp_f_gcmp = {
  54. "AES-GCMP",
  55. WLAN_IEEE80211_GCMP_HEADERLEN,
  56. WLAN_IEEE80211_GCMP_MICLEN,
  57. WLAN_IEEE80211_GCMP_MICLEN,
  58. };
  59. /*
  60. * dp_rx_defrag_frames_free(): Free fragment chain
  61. * @frames: Fragment chain
  62. *
  63. * Iterates through the fragment chain and frees them
  64. * Returns: None
  65. */
  66. static void dp_rx_defrag_frames_free(qdf_nbuf_t frames)
  67. {
  68. qdf_nbuf_t next, frag = frames;
  69. while (frag) {
  70. next = qdf_nbuf_next(frag);
  71. qdf_nbuf_free(frag);
  72. frag = next;
  73. }
  74. }
  75. /*
  76. * dp_rx_clear_saved_desc_info(): Clears descriptor info
  77. * @peer: Pointer to the peer data structure
  78. * @tid: Transmit ID (TID)
  79. *
  80. * Saves MPDU descriptor info and MSDU link pointer from REO
  81. * ring descriptor. The cache is created per peer, per TID
  82. *
  83. * Returns: None
  84. */
  85. static void dp_rx_clear_saved_desc_info(struct dp_peer *peer, unsigned tid)
  86. {
  87. if (peer->rx_tid[tid].dst_ring_desc)
  88. qdf_mem_free(peer->rx_tid[tid].dst_ring_desc);
  89. peer->rx_tid[tid].dst_ring_desc = NULL;
  90. peer->rx_tid[tid].head_frag_desc = NULL;
  91. }
  92. static void dp_rx_return_head_frag_desc(struct dp_peer *peer,
  93. unsigned int tid)
  94. {
  95. struct dp_soc *soc;
  96. struct dp_pdev *pdev;
  97. struct dp_srng *dp_rxdma_srng;
  98. struct rx_desc_pool *rx_desc_pool;
  99. union dp_rx_desc_list_elem_t *head = NULL;
  100. union dp_rx_desc_list_elem_t *tail = NULL;
  101. uint8_t pool_id;
  102. pdev = peer->vdev->pdev;
  103. soc = pdev->soc;
  104. if (peer->rx_tid[tid].head_frag_desc) {
  105. pool_id = peer->rx_tid[tid].head_frag_desc->pool_id;
  106. dp_rxdma_srng = &soc->rx_refill_buf_ring[pool_id];
  107. rx_desc_pool = &soc->rx_desc_buf[pool_id];
  108. dp_rx_add_to_free_desc_list(&head, &tail,
  109. peer->rx_tid[tid].head_frag_desc);
  110. dp_rx_buffers_replenish(soc, 0, dp_rxdma_srng, rx_desc_pool,
  111. 1, &head, &tail);
  112. }
  113. if (peer->rx_tid[tid].dst_ring_desc) {
  114. if (dp_rx_link_desc_return(soc,
  115. peer->rx_tid[tid].dst_ring_desc,
  116. HAL_BM_ACTION_PUT_IN_IDLE_LIST) !=
  117. QDF_STATUS_SUCCESS)
  118. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  119. "%s: Failed to return link desc", __func__);
  120. }
  121. }
  122. /*
  123. * dp_rx_reorder_flush_frag(): Flush the frag list
  124. * @peer: Pointer to the peer data structure
  125. * @tid: Transmit ID (TID)
  126. *
  127. * Flush the per-TID frag list
  128. *
  129. * Returns: None
  130. */
  131. void dp_rx_reorder_flush_frag(struct dp_peer *peer,
  132. unsigned int tid)
  133. {
  134. dp_info_rl("Flushing TID %d", tid);
  135. if (!peer) {
  136. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  137. "%s: NULL peer", __func__);
  138. return;
  139. }
  140. dp_rx_return_head_frag_desc(peer, tid);
  141. dp_rx_defrag_cleanup(peer, tid);
  142. }
  143. /*
  144. * dp_rx_defrag_waitlist_flush(): Flush SOC defrag wait list
  145. * @soc: DP SOC
  146. *
  147. * Flush fragments of all waitlisted TID's
  148. *
  149. * Returns: None
  150. */
  151. void dp_rx_defrag_waitlist_flush(struct dp_soc *soc)
  152. {
  153. struct dp_rx_tid *rx_reorder = NULL;
  154. struct dp_rx_tid *tmp;
  155. uint32_t now_ms = qdf_system_ticks_to_msecs(qdf_system_ticks());
  156. TAILQ_HEAD(, dp_rx_tid) temp_list;
  157. TAILQ_INIT(&temp_list);
  158. dp_debug("Current time %u", now_ms);
  159. qdf_spin_lock_bh(&soc->rx.defrag.defrag_lock);
  160. TAILQ_FOREACH_SAFE(rx_reorder, &soc->rx.defrag.waitlist,
  161. defrag_waitlist_elem, tmp) {
  162. uint32_t tid;
  163. if (rx_reorder->defrag_timeout_ms > now_ms)
  164. break;
  165. tid = rx_reorder->tid;
  166. if (tid >= DP_MAX_TIDS) {
  167. qdf_assert(0);
  168. continue;
  169. }
  170. TAILQ_REMOVE(&soc->rx.defrag.waitlist, rx_reorder,
  171. defrag_waitlist_elem);
  172. DP_STATS_DEC(soc, rx.rx_frag_wait, 1);
  173. /* Move to temp list and clean-up later */
  174. TAILQ_INSERT_TAIL(&temp_list, rx_reorder,
  175. defrag_waitlist_elem);
  176. }
  177. if (rx_reorder) {
  178. soc->rx.defrag.next_flush_ms =
  179. rx_reorder->defrag_timeout_ms;
  180. } else {
  181. soc->rx.defrag.next_flush_ms =
  182. now_ms + soc->rx.defrag.timeout_ms;
  183. }
  184. qdf_spin_unlock_bh(&soc->rx.defrag.defrag_lock);
  185. TAILQ_FOREACH_SAFE(rx_reorder, &temp_list,
  186. defrag_waitlist_elem, tmp) {
  187. struct dp_peer *peer, *temp_peer = NULL;
  188. qdf_spin_lock_bh(&rx_reorder->tid_lock);
  189. TAILQ_REMOVE(&temp_list, rx_reorder,
  190. defrag_waitlist_elem);
  191. /* get address of current peer */
  192. peer =
  193. container_of(rx_reorder, struct dp_peer,
  194. rx_tid[rx_reorder->tid]);
  195. qdf_spin_unlock_bh(&rx_reorder->tid_lock);
  196. temp_peer = dp_peer_get_ref_by_id(soc, peer->peer_id,
  197. DP_MOD_ID_RX_ERR);
  198. if (temp_peer == peer) {
  199. qdf_spin_lock_bh(&rx_reorder->tid_lock);
  200. dp_rx_reorder_flush_frag(peer, rx_reorder->tid);
  201. qdf_spin_unlock_bh(&rx_reorder->tid_lock);
  202. }
  203. if (temp_peer)
  204. dp_peer_unref_delete(temp_peer, DP_MOD_ID_RX_ERR);
  205. }
  206. }
  207. /*
  208. * dp_rx_defrag_waitlist_add(): Update per-PDEV defrag wait list
  209. * @peer: Pointer to the peer data structure
  210. * @tid: Transmit ID (TID)
  211. *
  212. * Appends per-tid fragments to global fragment wait list
  213. *
  214. * Returns: None
  215. */
  216. static void dp_rx_defrag_waitlist_add(struct dp_peer *peer, unsigned tid)
  217. {
  218. struct dp_soc *psoc = peer->vdev->pdev->soc;
  219. struct dp_rx_tid *rx_reorder = &peer->rx_tid[tid];
  220. dp_debug("Adding TID %u to waitlist for peer %pK at MAC address "QDF_MAC_ADDR_FMT,
  221. tid, peer, QDF_MAC_ADDR_REF(peer->mac_addr.raw));
  222. /* TODO: use LIST macros instead of TAIL macros */
  223. qdf_spin_lock_bh(&psoc->rx.defrag.defrag_lock);
  224. if (TAILQ_EMPTY(&psoc->rx.defrag.waitlist))
  225. psoc->rx.defrag.next_flush_ms = rx_reorder->defrag_timeout_ms;
  226. TAILQ_INSERT_TAIL(&psoc->rx.defrag.waitlist, rx_reorder,
  227. defrag_waitlist_elem);
  228. DP_STATS_INC(psoc, rx.rx_frag_wait, 1);
  229. qdf_spin_unlock_bh(&psoc->rx.defrag.defrag_lock);
  230. }
  231. /*
  232. * dp_rx_defrag_waitlist_remove(): Remove fragments from waitlist
  233. * @peer: Pointer to the peer data structure
  234. * @tid: Transmit ID (TID)
  235. *
  236. * Remove fragments from waitlist
  237. *
  238. * Returns: None
  239. */
  240. void dp_rx_defrag_waitlist_remove(struct dp_peer *peer, unsigned tid)
  241. {
  242. struct dp_pdev *pdev = peer->vdev->pdev;
  243. struct dp_soc *soc = pdev->soc;
  244. struct dp_rx_tid *rx_reorder;
  245. struct dp_rx_tid *tmp;
  246. dp_debug("Removing TID %u to waitlist for peer %pK at MAC address "QDF_MAC_ADDR_FMT,
  247. tid, peer, QDF_MAC_ADDR_REF(peer->mac_addr.raw));
  248. if (tid >= DP_MAX_TIDS) {
  249. dp_err("TID out of bounds: %d", tid);
  250. qdf_assert_always(0);
  251. }
  252. qdf_spin_lock_bh(&soc->rx.defrag.defrag_lock);
  253. TAILQ_FOREACH_SAFE(rx_reorder, &soc->rx.defrag.waitlist,
  254. defrag_waitlist_elem, tmp) {
  255. struct dp_peer *peer_on_waitlist;
  256. /* get address of current peer */
  257. peer_on_waitlist =
  258. container_of(rx_reorder, struct dp_peer,
  259. rx_tid[rx_reorder->tid]);
  260. /* Ensure it is TID for same peer */
  261. if (peer_on_waitlist == peer && rx_reorder->tid == tid) {
  262. TAILQ_REMOVE(&soc->rx.defrag.waitlist,
  263. rx_reorder, defrag_waitlist_elem);
  264. DP_STATS_DEC(soc, rx.rx_frag_wait, 1);
  265. }
  266. }
  267. qdf_spin_unlock_bh(&soc->rx.defrag.defrag_lock);
  268. }
  269. /*
  270. * dp_rx_defrag_fraglist_insert(): Create a per-sequence fragment list
  271. * @peer: Pointer to the peer data structure
  272. * @tid: Transmit ID (TID)
  273. * @head_addr: Pointer to head list
  274. * @tail_addr: Pointer to tail list
  275. * @frag: Incoming fragment
  276. * @all_frag_present: Flag to indicate whether all fragments are received
  277. *
  278. * Build a per-tid, per-sequence fragment list.
  279. *
  280. * Returns: Success, if inserted
  281. */
  282. static QDF_STATUS dp_rx_defrag_fraglist_insert(struct dp_peer *peer, unsigned tid,
  283. qdf_nbuf_t *head_addr, qdf_nbuf_t *tail_addr, qdf_nbuf_t frag,
  284. uint8_t *all_frag_present)
  285. {
  286. struct dp_soc *soc = peer->vdev->pdev->soc;
  287. qdf_nbuf_t next;
  288. qdf_nbuf_t prev = NULL;
  289. qdf_nbuf_t cur;
  290. uint16_t head_fragno, cur_fragno, next_fragno;
  291. uint8_t last_morefrag = 1, count = 0;
  292. struct dp_rx_tid *rx_tid = &peer->rx_tid[tid];
  293. uint8_t *rx_desc_info;
  294. qdf_assert(frag);
  295. qdf_assert(head_addr);
  296. qdf_assert(tail_addr);
  297. *all_frag_present = 0;
  298. rx_desc_info = qdf_nbuf_data(frag);
  299. cur_fragno = dp_rx_frag_get_mpdu_frag_number(soc, rx_desc_info);
  300. dp_debug("cur_fragno %d\n", cur_fragno);
  301. /* If this is the first fragment */
  302. if (!(*head_addr)) {
  303. *head_addr = *tail_addr = frag;
  304. qdf_nbuf_set_next(*tail_addr, NULL);
  305. rx_tid->curr_frag_num = cur_fragno;
  306. goto insert_done;
  307. }
  308. /* In sequence fragment */
  309. if (cur_fragno > rx_tid->curr_frag_num) {
  310. qdf_nbuf_set_next(*tail_addr, frag);
  311. *tail_addr = frag;
  312. qdf_nbuf_set_next(*tail_addr, NULL);
  313. rx_tid->curr_frag_num = cur_fragno;
  314. } else {
  315. /* Out of sequence fragment */
  316. cur = *head_addr;
  317. rx_desc_info = qdf_nbuf_data(cur);
  318. head_fragno = dp_rx_frag_get_mpdu_frag_number(soc,
  319. rx_desc_info);
  320. if (cur_fragno == head_fragno) {
  321. qdf_nbuf_free(frag);
  322. goto insert_fail;
  323. } else if (head_fragno > cur_fragno) {
  324. qdf_nbuf_set_next(frag, cur);
  325. cur = frag;
  326. *head_addr = frag; /* head pointer to be updated */
  327. } else {
  328. while ((cur_fragno > head_fragno) && cur) {
  329. prev = cur;
  330. cur = qdf_nbuf_next(cur);
  331. if (cur) {
  332. rx_desc_info = qdf_nbuf_data(cur);
  333. head_fragno =
  334. dp_rx_frag_get_mpdu_frag_number(
  335. soc,
  336. rx_desc_info);
  337. }
  338. }
  339. if (cur_fragno == head_fragno) {
  340. qdf_nbuf_free(frag);
  341. goto insert_fail;
  342. }
  343. qdf_nbuf_set_next(prev, frag);
  344. qdf_nbuf_set_next(frag, cur);
  345. }
  346. }
  347. next = qdf_nbuf_next(*head_addr);
  348. rx_desc_info = qdf_nbuf_data(*tail_addr);
  349. last_morefrag = dp_rx_frag_get_more_frag_bit(soc, rx_desc_info);
  350. /* TODO: optimize the loop */
  351. if (!last_morefrag) {
  352. /* Check if all fragments are present */
  353. do {
  354. rx_desc_info = qdf_nbuf_data(next);
  355. next_fragno =
  356. dp_rx_frag_get_mpdu_frag_number(soc,
  357. rx_desc_info);
  358. count++;
  359. if (next_fragno != count)
  360. break;
  361. next = qdf_nbuf_next(next);
  362. } while (next);
  363. if (!next) {
  364. *all_frag_present = 1;
  365. return QDF_STATUS_SUCCESS;
  366. } else {
  367. /* revisit */
  368. }
  369. }
  370. insert_done:
  371. return QDF_STATUS_SUCCESS;
  372. insert_fail:
  373. return QDF_STATUS_E_FAILURE;
  374. }
  375. /*
  376. * dp_rx_defrag_tkip_decap(): decap tkip encrypted fragment
  377. * @msdu: Pointer to the fragment
  378. * @hdrlen: 802.11 header length (mostly useful in 4 addr frames)
  379. *
  380. * decap tkip encrypted fragment
  381. *
  382. * Returns: QDF_STATUS
  383. */
  384. static QDF_STATUS
  385. dp_rx_defrag_tkip_decap(struct dp_soc *soc,
  386. qdf_nbuf_t msdu, uint16_t hdrlen)
  387. {
  388. uint8_t *ivp, *orig_hdr;
  389. int rx_desc_len = soc->rx_pkt_tlv_size;
  390. /* start of 802.11 header info */
  391. orig_hdr = (uint8_t *)(qdf_nbuf_data(msdu) + rx_desc_len);
  392. /* TKIP header is located post 802.11 header */
  393. ivp = orig_hdr + hdrlen;
  394. if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) {
  395. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  396. "IEEE80211_WEP_EXTIV is missing in TKIP fragment");
  397. return QDF_STATUS_E_DEFRAG_ERROR;
  398. }
  399. qdf_nbuf_trim_tail(msdu, dp_f_tkip.ic_trailer);
  400. return QDF_STATUS_SUCCESS;
  401. }
  402. /*
  403. * dp_rx_defrag_ccmp_demic(): Remove MIC information from CCMP fragment
  404. * @nbuf: Pointer to the fragment buffer
  405. * @hdrlen: 802.11 header length (mostly useful in 4 addr frames)
  406. *
  407. * Remove MIC information from CCMP fragment
  408. *
  409. * Returns: QDF_STATUS
  410. */
  411. static QDF_STATUS
  412. dp_rx_defrag_ccmp_demic(struct dp_soc *soc, qdf_nbuf_t nbuf, uint16_t hdrlen)
  413. {
  414. uint8_t *ivp, *orig_hdr;
  415. int rx_desc_len = soc->rx_pkt_tlv_size;
  416. /* start of the 802.11 header */
  417. orig_hdr = (uint8_t *)(qdf_nbuf_data(nbuf) + rx_desc_len);
  418. /* CCMP header is located after 802.11 header */
  419. ivp = orig_hdr + hdrlen;
  420. if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV))
  421. return QDF_STATUS_E_DEFRAG_ERROR;
  422. qdf_nbuf_trim_tail(nbuf, dp_f_ccmp.ic_trailer);
  423. return QDF_STATUS_SUCCESS;
  424. }
  425. /*
  426. * dp_rx_defrag_ccmp_decap(): decap CCMP encrypted fragment
  427. * @nbuf: Pointer to the fragment
  428. * @hdrlen: length of the header information
  429. *
  430. * decap CCMP encrypted fragment
  431. *
  432. * Returns: QDF_STATUS
  433. */
  434. static QDF_STATUS
  435. dp_rx_defrag_ccmp_decap(struct dp_soc *soc, qdf_nbuf_t nbuf, uint16_t hdrlen)
  436. {
  437. uint8_t *ivp, *origHdr;
  438. int rx_desc_len = soc->rx_pkt_tlv_size;
  439. origHdr = (uint8_t *) (qdf_nbuf_data(nbuf) + rx_desc_len);
  440. ivp = origHdr + hdrlen;
  441. if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV))
  442. return QDF_STATUS_E_DEFRAG_ERROR;
  443. /* Let's pull the header later */
  444. return QDF_STATUS_SUCCESS;
  445. }
  446. /*
  447. * dp_rx_defrag_wep_decap(): decap WEP encrypted fragment
  448. * @msdu: Pointer to the fragment
  449. * @hdrlen: length of the header information
  450. *
  451. * decap WEP encrypted fragment
  452. *
  453. * Returns: QDF_STATUS
  454. */
  455. static QDF_STATUS
  456. dp_rx_defrag_wep_decap(struct dp_soc *soc, qdf_nbuf_t msdu, uint16_t hdrlen)
  457. {
  458. uint8_t *origHdr;
  459. int rx_desc_len = soc->rx_pkt_tlv_size;
  460. origHdr = (uint8_t *) (qdf_nbuf_data(msdu) + rx_desc_len);
  461. qdf_mem_move(origHdr + dp_f_wep.ic_header, origHdr, hdrlen);
  462. qdf_nbuf_trim_tail(msdu, dp_f_wep.ic_trailer);
  463. return QDF_STATUS_SUCCESS;
  464. }
  465. /*
  466. * dp_rx_defrag_hdrsize(): Calculate the header size of the received fragment
  467. * @soc: soc handle
  468. * @nbuf: Pointer to the fragment
  469. *
  470. * Calculate the header size of the received fragment
  471. *
  472. * Returns: header size (uint16_t)
  473. */
  474. static uint16_t dp_rx_defrag_hdrsize(struct dp_soc *soc, qdf_nbuf_t nbuf)
  475. {
  476. uint8_t *rx_tlv_hdr = qdf_nbuf_data(nbuf);
  477. uint16_t size = sizeof(struct ieee80211_frame);
  478. uint16_t fc = 0;
  479. uint32_t to_ds, fr_ds;
  480. uint8_t frm_ctrl_valid;
  481. uint16_t frm_ctrl_field;
  482. to_ds = hal_rx_mpdu_get_to_ds(soc->hal_soc, rx_tlv_hdr);
  483. fr_ds = hal_rx_mpdu_get_fr_ds(soc->hal_soc, rx_tlv_hdr);
  484. frm_ctrl_valid =
  485. hal_rx_get_mpdu_frame_control_valid(soc->hal_soc,
  486. rx_tlv_hdr);
  487. frm_ctrl_field = hal_rx_get_frame_ctrl_field(soc->hal_soc, rx_tlv_hdr);
  488. if (to_ds && fr_ds)
  489. size += QDF_MAC_ADDR_SIZE;
  490. if (frm_ctrl_valid) {
  491. fc = frm_ctrl_field;
  492. /* use 1-st byte for validation */
  493. if (DP_RX_DEFRAG_IEEE80211_QOS_HAS_SEQ(fc & 0xff)) {
  494. size += sizeof(uint16_t);
  495. /* use 2-nd byte for validation */
  496. if (((fc & 0xff00) >> 8) & IEEE80211_FC1_ORDER)
  497. size += sizeof(struct ieee80211_htc);
  498. }
  499. }
  500. return size;
  501. }
  502. /*
  503. * dp_rx_defrag_michdr(): Calculate a pseudo MIC header
  504. * @wh0: Pointer to the wireless header of the fragment
  505. * @hdr: Array to hold the pseudo header
  506. *
  507. * Calculate a pseudo MIC header
  508. *
  509. * Returns: None
  510. */
  511. static void dp_rx_defrag_michdr(const struct ieee80211_frame *wh0,
  512. uint8_t hdr[])
  513. {
  514. const struct ieee80211_frame_addr4 *wh =
  515. (const struct ieee80211_frame_addr4 *)wh0;
  516. switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) {
  517. case IEEE80211_FC1_DIR_NODS:
  518. DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr1); /* DA */
  519. DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + QDF_MAC_ADDR_SIZE,
  520. wh->i_addr2);
  521. break;
  522. case IEEE80211_FC1_DIR_TODS:
  523. DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr3); /* DA */
  524. DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + QDF_MAC_ADDR_SIZE,
  525. wh->i_addr2);
  526. break;
  527. case IEEE80211_FC1_DIR_FROMDS:
  528. DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr1); /* DA */
  529. DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + QDF_MAC_ADDR_SIZE,
  530. wh->i_addr3);
  531. break;
  532. case IEEE80211_FC1_DIR_DSTODS:
  533. DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr3); /* DA */
  534. DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + QDF_MAC_ADDR_SIZE,
  535. wh->i_addr4);
  536. break;
  537. }
  538. /*
  539. * Bit 7 is QDF_IEEE80211_FC0_SUBTYPE_QOS for data frame, but
  540. * it could also be set for deauth, disassoc, action, etc. for
  541. * a mgt type frame. It comes into picture for MFP.
  542. */
  543. if (wh->i_fc[0] & QDF_IEEE80211_FC0_SUBTYPE_QOS) {
  544. if ((wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) ==
  545. IEEE80211_FC1_DIR_DSTODS) {
  546. const struct ieee80211_qosframe_addr4 *qwh =
  547. (const struct ieee80211_qosframe_addr4 *)wh;
  548. hdr[12] = qwh->i_qos[0] & IEEE80211_QOS_TID;
  549. } else {
  550. const struct ieee80211_qosframe *qwh =
  551. (const struct ieee80211_qosframe *)wh;
  552. hdr[12] = qwh->i_qos[0] & IEEE80211_QOS_TID;
  553. }
  554. } else {
  555. hdr[12] = 0;
  556. }
  557. hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
  558. }
  559. /*
  560. * dp_rx_defrag_mic(): Calculate MIC header
  561. * @key: Pointer to the key
  562. * @wbuf: fragment buffer
  563. * @off: Offset
  564. * @data_len: Data length
  565. * @mic: Array to hold MIC
  566. *
  567. * Calculate a pseudo MIC header
  568. *
  569. * Returns: QDF_STATUS
  570. */
  571. static QDF_STATUS dp_rx_defrag_mic(struct dp_soc *soc, const uint8_t *key,
  572. qdf_nbuf_t wbuf, uint16_t off,
  573. uint16_t data_len, uint8_t mic[])
  574. {
  575. uint8_t hdr[16] = { 0, };
  576. uint32_t l, r;
  577. const uint8_t *data;
  578. uint32_t space;
  579. int rx_desc_len = soc->rx_pkt_tlv_size;
  580. dp_rx_defrag_michdr((struct ieee80211_frame *)(qdf_nbuf_data(wbuf)
  581. + rx_desc_len), hdr);
  582. l = dp_rx_get_le32(key);
  583. r = dp_rx_get_le32(key + 4);
  584. /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
  585. l ^= dp_rx_get_le32(hdr);
  586. dp_rx_michael_block(l, r);
  587. l ^= dp_rx_get_le32(&hdr[4]);
  588. dp_rx_michael_block(l, r);
  589. l ^= dp_rx_get_le32(&hdr[8]);
  590. dp_rx_michael_block(l, r);
  591. l ^= dp_rx_get_le32(&hdr[12]);
  592. dp_rx_michael_block(l, r);
  593. /* first buffer has special handling */
  594. data = (uint8_t *)qdf_nbuf_data(wbuf) + off;
  595. space = qdf_nbuf_len(wbuf) - off;
  596. for (;; ) {
  597. if (space > data_len)
  598. space = data_len;
  599. /* collect 32-bit blocks from current buffer */
  600. while (space >= sizeof(uint32_t)) {
  601. l ^= dp_rx_get_le32(data);
  602. dp_rx_michael_block(l, r);
  603. data += sizeof(uint32_t);
  604. space -= sizeof(uint32_t);
  605. data_len -= sizeof(uint32_t);
  606. }
  607. if (data_len < sizeof(uint32_t))
  608. break;
  609. wbuf = qdf_nbuf_next(wbuf);
  610. if (!wbuf)
  611. return QDF_STATUS_E_DEFRAG_ERROR;
  612. if (space != 0) {
  613. const uint8_t *data_next;
  614. /*
  615. * Block straddles buffers, split references.
  616. */
  617. data_next =
  618. (uint8_t *)qdf_nbuf_data(wbuf) + off;
  619. if ((qdf_nbuf_len(wbuf)) <
  620. sizeof(uint32_t) - space) {
  621. return QDF_STATUS_E_DEFRAG_ERROR;
  622. }
  623. switch (space) {
  624. case 1:
  625. l ^= dp_rx_get_le32_split(data[0],
  626. data_next[0], data_next[1],
  627. data_next[2]);
  628. data = data_next + 3;
  629. space = (qdf_nbuf_len(wbuf) - off) - 3;
  630. break;
  631. case 2:
  632. l ^= dp_rx_get_le32_split(data[0], data[1],
  633. data_next[0], data_next[1]);
  634. data = data_next + 2;
  635. space = (qdf_nbuf_len(wbuf) - off) - 2;
  636. break;
  637. case 3:
  638. l ^= dp_rx_get_le32_split(data[0], data[1],
  639. data[2], data_next[0]);
  640. data = data_next + 1;
  641. space = (qdf_nbuf_len(wbuf) - off) - 1;
  642. break;
  643. }
  644. dp_rx_michael_block(l, r);
  645. data_len -= sizeof(uint32_t);
  646. } else {
  647. /*
  648. * Setup for next buffer.
  649. */
  650. data = (uint8_t *)qdf_nbuf_data(wbuf) + off;
  651. space = qdf_nbuf_len(wbuf) - off;
  652. }
  653. }
  654. /* Last block and padding (0x5a, 4..7 x 0) */
  655. switch (data_len) {
  656. case 0:
  657. l ^= dp_rx_get_le32_split(0x5a, 0, 0, 0);
  658. break;
  659. case 1:
  660. l ^= dp_rx_get_le32_split(data[0], 0x5a, 0, 0);
  661. break;
  662. case 2:
  663. l ^= dp_rx_get_le32_split(data[0], data[1], 0x5a, 0);
  664. break;
  665. case 3:
  666. l ^= dp_rx_get_le32_split(data[0], data[1], data[2], 0x5a);
  667. break;
  668. }
  669. dp_rx_michael_block(l, r);
  670. dp_rx_michael_block(l, r);
  671. dp_rx_put_le32(mic, l);
  672. dp_rx_put_le32(mic + 4, r);
  673. return QDF_STATUS_SUCCESS;
  674. }
  675. /*
  676. * dp_rx_defrag_tkip_demic(): Remove MIC header from the TKIP frame
  677. * @key: Pointer to the key
  678. * @msdu: fragment buffer
  679. * @hdrlen: Length of the header information
  680. *
  681. * Remove MIC information from the TKIP frame
  682. *
  683. * Returns: QDF_STATUS
  684. */
  685. static QDF_STATUS dp_rx_defrag_tkip_demic(struct dp_soc *soc,
  686. const uint8_t *key,
  687. qdf_nbuf_t msdu, uint16_t hdrlen)
  688. {
  689. QDF_STATUS status;
  690. uint32_t pktlen = 0, prev_data_len;
  691. uint8_t mic[IEEE80211_WEP_MICLEN];
  692. uint8_t mic0[IEEE80211_WEP_MICLEN];
  693. qdf_nbuf_t prev = NULL, prev0, next;
  694. uint8_t len0 = 0;
  695. next = msdu;
  696. prev0 = msdu;
  697. while (next) {
  698. pktlen += (qdf_nbuf_len(next) - hdrlen);
  699. prev = next;
  700. dp_debug("pktlen %u",
  701. (uint32_t)(qdf_nbuf_len(next) - hdrlen));
  702. next = qdf_nbuf_next(next);
  703. if (next && !qdf_nbuf_next(next))
  704. prev0 = prev;
  705. }
  706. if (!prev) {
  707. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  708. "%s Defrag chaining failed !\n", __func__);
  709. return QDF_STATUS_E_DEFRAG_ERROR;
  710. }
  711. prev_data_len = qdf_nbuf_len(prev) - hdrlen;
  712. if (prev_data_len < dp_f_tkip.ic_miclen) {
  713. if (prev0 == prev) {
  714. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  715. "%s Fragments don't have MIC header !\n", __func__);
  716. return QDF_STATUS_E_DEFRAG_ERROR;
  717. }
  718. len0 = dp_f_tkip.ic_miclen - (uint8_t)prev_data_len;
  719. qdf_nbuf_copy_bits(prev0, qdf_nbuf_len(prev0) - len0, len0,
  720. (caddr_t)mic0);
  721. qdf_nbuf_trim_tail(prev0, len0);
  722. }
  723. qdf_nbuf_copy_bits(prev, (qdf_nbuf_len(prev) -
  724. (dp_f_tkip.ic_miclen - len0)),
  725. (dp_f_tkip.ic_miclen - len0),
  726. (caddr_t)(&mic0[len0]));
  727. qdf_nbuf_trim_tail(prev, (dp_f_tkip.ic_miclen - len0));
  728. pktlen -= dp_f_tkip.ic_miclen;
  729. if (((qdf_nbuf_len(prev) - hdrlen) == 0) && prev != msdu) {
  730. qdf_nbuf_free(prev);
  731. qdf_nbuf_set_next(prev0, NULL);
  732. }
  733. status = dp_rx_defrag_mic(soc, key, msdu, hdrlen,
  734. pktlen, mic);
  735. if (QDF_IS_STATUS_ERROR(status))
  736. return status;
  737. if (qdf_mem_cmp(mic, mic0, dp_f_tkip.ic_miclen))
  738. return QDF_STATUS_E_DEFRAG_ERROR;
  739. return QDF_STATUS_SUCCESS;
  740. }
  741. /*
  742. * dp_rx_frag_pull_hdr(): Pulls the RXTLV & the 802.11 headers
  743. * @nbuf: buffer pointer
  744. * @hdrsize: size of the header to be pulled
  745. *
  746. * Pull the RXTLV & the 802.11 headers
  747. *
  748. * Returns: None
  749. */
  750. static void dp_rx_frag_pull_hdr(struct dp_soc *soc,
  751. qdf_nbuf_t nbuf, uint16_t hdrsize)
  752. {
  753. hal_rx_print_pn(soc->hal_soc, qdf_nbuf_data(nbuf));
  754. qdf_nbuf_pull_head(nbuf, soc->rx_pkt_tlv_size + hdrsize);
  755. dp_debug("final pktlen %d .11len %d",
  756. (uint32_t)qdf_nbuf_len(nbuf), hdrsize);
  757. }
  758. /*
  759. * dp_rx_defrag_pn_check(): Check the PN of current fragmented with prev PN
  760. * @msdu: msdu to get the current PN
  761. * @cur_pn128: PN extracted from current msdu
  762. * @prev_pn128: Prev PN
  763. *
  764. * Returns: 0 on success, non zero on failure
  765. */
  766. static int dp_rx_defrag_pn_check(struct dp_soc *soc, qdf_nbuf_t msdu,
  767. uint64_t *cur_pn128, uint64_t *prev_pn128)
  768. {
  769. int out_of_order = 0;
  770. hal_rx_tlv_get_pn_num(soc->hal_soc, qdf_nbuf_data(msdu), cur_pn128);
  771. if (cur_pn128[1] == prev_pn128[1])
  772. out_of_order = (cur_pn128[0] - prev_pn128[0] != 1);
  773. else
  774. out_of_order = (cur_pn128[1] - prev_pn128[1] != 1);
  775. return out_of_order;
  776. }
  777. /*
  778. * dp_rx_construct_fraglist(): Construct a nbuf fraglist
  779. * @peer: Pointer to the peer
  780. * @head: Pointer to list of fragments
  781. * @hdrsize: Size of the header to be pulled
  782. *
  783. * Construct a nbuf fraglist
  784. *
  785. * Returns: None
  786. */
  787. static int
  788. dp_rx_construct_fraglist(struct dp_peer *peer, int tid, qdf_nbuf_t head,
  789. uint16_t hdrsize)
  790. {
  791. struct dp_soc *soc = peer->vdev->pdev->soc;
  792. qdf_nbuf_t msdu = qdf_nbuf_next(head);
  793. qdf_nbuf_t rx_nbuf = msdu;
  794. struct dp_rx_tid *rx_tid = &peer->rx_tid[tid];
  795. uint32_t len = 0;
  796. uint64_t cur_pn128[2] = {0, 0}, prev_pn128[2];
  797. int out_of_order = 0;
  798. int index;
  799. int needs_pn_check = 0;
  800. prev_pn128[0] = rx_tid->pn128[0];
  801. prev_pn128[1] = rx_tid->pn128[1];
  802. index = hal_rx_msdu_is_wlan_mcast(soc->hal_soc, msdu) ? dp_sec_mcast :
  803. dp_sec_ucast;
  804. if (qdf_likely(peer->security[index].sec_type != cdp_sec_type_none))
  805. needs_pn_check = 1;
  806. while (msdu) {
  807. if (qdf_likely(needs_pn_check))
  808. out_of_order = dp_rx_defrag_pn_check(soc, msdu,
  809. &cur_pn128[0],
  810. &prev_pn128[0]);
  811. if (qdf_unlikely(out_of_order)) {
  812. dp_info_rl("cur_pn128[0] 0x%llx cur_pn128[1] 0x%llx prev_pn128[0] 0x%llx prev_pn128[1] 0x%llx",
  813. cur_pn128[0], cur_pn128[1],
  814. prev_pn128[0], prev_pn128[1]);
  815. return QDF_STATUS_E_FAILURE;
  816. }
  817. prev_pn128[0] = cur_pn128[0];
  818. prev_pn128[1] = cur_pn128[1];
  819. /*
  820. * Broadcast and multicast frames should never be fragmented.
  821. * Iterating through all msdus and dropping fragments if even
  822. * one of them has mcast/bcast destination address.
  823. */
  824. if (hal_rx_msdu_is_wlan_mcast(soc->hal_soc, msdu)) {
  825. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  826. "Dropping multicast/broadcast fragments");
  827. return QDF_STATUS_E_FAILURE;
  828. }
  829. dp_rx_frag_pull_hdr(soc, msdu, hdrsize);
  830. len += qdf_nbuf_len(msdu);
  831. msdu = qdf_nbuf_next(msdu);
  832. }
  833. qdf_nbuf_append_ext_list(head, rx_nbuf, len);
  834. qdf_nbuf_set_next(head, NULL);
  835. qdf_nbuf_set_is_frag(head, 1);
  836. dp_debug("head len %d ext len %d data len %d ",
  837. (uint32_t)qdf_nbuf_len(head),
  838. (uint32_t)qdf_nbuf_len(rx_nbuf),
  839. (uint32_t)(head->data_len));
  840. return QDF_STATUS_SUCCESS;
  841. }
  842. /**
  843. * dp_rx_defrag_err() - rx err handler
  844. * @pdev: handle to pdev object
  845. * @vdev_id: vdev id
  846. * @peer_mac_addr: peer mac address
  847. * @tid: TID
  848. * @tsf32: TSF
  849. * @err_type: error type
  850. * @rx_frame: rx frame
  851. * @pn: PN Number
  852. * @key_id: key id
  853. *
  854. * This function handles rx error and send MIC error notification
  855. *
  856. * Return: None
  857. */
  858. static void dp_rx_defrag_err(struct dp_vdev *vdev, qdf_nbuf_t nbuf)
  859. {
  860. struct ol_if_ops *tops = NULL;
  861. struct dp_pdev *pdev = vdev->pdev;
  862. int rx_desc_len = pdev->soc->rx_pkt_tlv_size;
  863. uint8_t *orig_hdr;
  864. struct ieee80211_frame *wh;
  865. struct cdp_rx_mic_err_info mic_failure_info;
  866. orig_hdr = (uint8_t *)(qdf_nbuf_data(nbuf) + rx_desc_len);
  867. wh = (struct ieee80211_frame *)orig_hdr;
  868. qdf_copy_macaddr((struct qdf_mac_addr *)&mic_failure_info.da_mac_addr,
  869. (struct qdf_mac_addr *)&wh->i_addr1);
  870. qdf_copy_macaddr((struct qdf_mac_addr *)&mic_failure_info.ta_mac_addr,
  871. (struct qdf_mac_addr *)&wh->i_addr2);
  872. mic_failure_info.key_id = 0;
  873. mic_failure_info.multicast =
  874. IEEE80211_IS_MULTICAST(wh->i_addr1);
  875. qdf_mem_zero(mic_failure_info.tsc, MIC_SEQ_CTR_SIZE);
  876. mic_failure_info.frame_type = cdp_rx_frame_type_802_11;
  877. mic_failure_info.data = (uint8_t *)wh;
  878. mic_failure_info.vdev_id = vdev->vdev_id;
  879. tops = pdev->soc->cdp_soc.ol_ops;
  880. if (tops->rx_mic_error)
  881. tops->rx_mic_error(pdev->soc->ctrl_psoc, pdev->pdev_id,
  882. &mic_failure_info);
  883. }
  884. /*
  885. * dp_rx_defrag_nwifi_to_8023(): Transcap 802.11 to 802.3
  886. * @soc: dp soc handle
  887. * @nbuf: Pointer to the fragment buffer
  888. * @hdrsize: Size of headers
  889. *
  890. * Transcap the fragment from 802.11 to 802.3
  891. *
  892. * Returns: None
  893. */
  894. static void
  895. dp_rx_defrag_nwifi_to_8023(struct dp_soc *soc, struct dp_peer *peer, int tid,
  896. qdf_nbuf_t nbuf, uint16_t hdrsize)
  897. {
  898. struct llc_snap_hdr_t *llchdr;
  899. struct ethernet_hdr_t *eth_hdr;
  900. uint8_t ether_type[2];
  901. uint16_t fc = 0;
  902. union dp_align_mac_addr mac_addr;
  903. uint8_t *rx_desc_info = qdf_mem_malloc(soc->rx_pkt_tlv_size);
  904. struct dp_rx_tid *rx_tid = &peer->rx_tid[tid];
  905. hal_rx_tlv_get_pn_num(soc->hal_soc, qdf_nbuf_data(nbuf), rx_tid->pn128);
  906. hal_rx_print_pn(soc->hal_soc, qdf_nbuf_data(nbuf));
  907. if (!rx_desc_info) {
  908. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  909. "%s: Memory alloc failed ! ", __func__);
  910. QDF_ASSERT(0);
  911. return;
  912. }
  913. qdf_mem_copy(rx_desc_info, qdf_nbuf_data(nbuf), soc->rx_pkt_tlv_size);
  914. llchdr = (struct llc_snap_hdr_t *)(qdf_nbuf_data(nbuf) +
  915. soc->rx_pkt_tlv_size + hdrsize);
  916. qdf_mem_copy(ether_type, llchdr->ethertype, 2);
  917. qdf_nbuf_pull_head(nbuf, (soc->rx_pkt_tlv_size + hdrsize +
  918. sizeof(struct llc_snap_hdr_t) -
  919. sizeof(struct ethernet_hdr_t)));
  920. eth_hdr = (struct ethernet_hdr_t *)(qdf_nbuf_data(nbuf));
  921. if (hal_rx_get_mpdu_frame_control_valid(soc->hal_soc,
  922. rx_desc_info))
  923. fc = hal_rx_get_frame_ctrl_field(soc->hal_soc, rx_desc_info);
  924. dp_debug("Frame control type: 0x%x", fc);
  925. switch (((fc & 0xff00) >> 8) & IEEE80211_FC1_DIR_MASK) {
  926. case IEEE80211_FC1_DIR_NODS:
  927. hal_rx_mpdu_get_addr1(soc->hal_soc, rx_desc_info,
  928. &mac_addr.raw[0]);
  929. qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0],
  930. QDF_MAC_ADDR_SIZE);
  931. hal_rx_mpdu_get_addr2(soc->hal_soc, rx_desc_info,
  932. &mac_addr.raw[0]);
  933. qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0],
  934. QDF_MAC_ADDR_SIZE);
  935. break;
  936. case IEEE80211_FC1_DIR_TODS:
  937. hal_rx_mpdu_get_addr3(soc->hal_soc, rx_desc_info,
  938. &mac_addr.raw[0]);
  939. qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0],
  940. QDF_MAC_ADDR_SIZE);
  941. hal_rx_mpdu_get_addr2(soc->hal_soc, rx_desc_info,
  942. &mac_addr.raw[0]);
  943. qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0],
  944. QDF_MAC_ADDR_SIZE);
  945. break;
  946. case IEEE80211_FC1_DIR_FROMDS:
  947. hal_rx_mpdu_get_addr1(soc->hal_soc, rx_desc_info,
  948. &mac_addr.raw[0]);
  949. qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0],
  950. QDF_MAC_ADDR_SIZE);
  951. hal_rx_mpdu_get_addr3(soc->hal_soc, rx_desc_info,
  952. &mac_addr.raw[0]);
  953. qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0],
  954. QDF_MAC_ADDR_SIZE);
  955. break;
  956. case IEEE80211_FC1_DIR_DSTODS:
  957. hal_rx_mpdu_get_addr3(soc->hal_soc, rx_desc_info,
  958. &mac_addr.raw[0]);
  959. qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0],
  960. QDF_MAC_ADDR_SIZE);
  961. hal_rx_mpdu_get_addr4(soc->hal_soc, rx_desc_info,
  962. &mac_addr.raw[0]);
  963. qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0],
  964. QDF_MAC_ADDR_SIZE);
  965. break;
  966. default:
  967. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  968. "%s: Unknown frame control type: 0x%x", __func__, fc);
  969. }
  970. qdf_mem_copy(eth_hdr->ethertype, ether_type,
  971. sizeof(ether_type));
  972. qdf_nbuf_push_head(nbuf, soc->rx_pkt_tlv_size);
  973. qdf_mem_copy(qdf_nbuf_data(nbuf), rx_desc_info, soc->rx_pkt_tlv_size);
  974. qdf_mem_free(rx_desc_info);
  975. }
  976. #ifdef RX_DEFRAG_DO_NOT_REINJECT
  977. /*
  978. * dp_rx_defrag_deliver(): Deliver defrag packet to stack
  979. * @peer: Pointer to the peer
  980. * @tid: Transmit Identifier
  981. * @head: Nbuf to be delivered
  982. *
  983. * Returns: None
  984. */
  985. static inline void dp_rx_defrag_deliver(struct dp_peer *peer,
  986. unsigned int tid,
  987. qdf_nbuf_t head)
  988. {
  989. struct dp_vdev *vdev = peer->vdev;
  990. struct dp_soc *soc = vdev->pdev->soc;
  991. qdf_nbuf_t deliver_list_head = NULL;
  992. qdf_nbuf_t deliver_list_tail = NULL;
  993. uint8_t *rx_tlv_hdr;
  994. rx_tlv_hdr = qdf_nbuf_data(head);
  995. QDF_NBUF_CB_RX_VDEV_ID(head) = vdev->vdev_id;
  996. qdf_nbuf_set_tid_val(head, tid);
  997. qdf_nbuf_pull_head(head, soc->rx_pkt_tlv_size);
  998. DP_RX_LIST_APPEND(deliver_list_head, deliver_list_tail,
  999. head);
  1000. dp_rx_deliver_to_stack(soc, vdev, peer, deliver_list_head,
  1001. deliver_list_tail);
  1002. }
  1003. /*
  1004. * dp_rx_defrag_reo_reinject(): Reinject the fragment chain back into REO
  1005. * @peer: Pointer to the peer
  1006. * @tid: Transmit Identifier
  1007. * @head: Buffer to be reinjected back
  1008. *
  1009. * Reinject the fragment chain back into REO
  1010. *
  1011. * Returns: QDF_STATUS
  1012. */
  1013. static QDF_STATUS dp_rx_defrag_reo_reinject(struct dp_peer *peer,
  1014. unsigned int tid, qdf_nbuf_t head)
  1015. {
  1016. struct dp_rx_reorder_array_elem *rx_reorder_array_elem;
  1017. rx_reorder_array_elem = peer->rx_tid[tid].array;
  1018. dp_rx_defrag_deliver(peer, tid, head);
  1019. rx_reorder_array_elem->head = NULL;
  1020. rx_reorder_array_elem->tail = NULL;
  1021. dp_rx_return_head_frag_desc(peer, tid);
  1022. return QDF_STATUS_SUCCESS;
  1023. }
  1024. #else
  1025. #ifdef WLAN_FEATURE_DP_RX_RING_HISTORY
  1026. /**
  1027. * dp_rx_reinject_ring_record_entry() - Record reinject ring history
  1028. * @soc: Datapath soc structure
  1029. * @paddr: paddr of the buffer reinjected to SW2REO ring
  1030. * @sw_cookie: SW cookie of the buffer reinjected to SW2REO ring
  1031. * @rbm: Return buffer manager of the buffer reinjected to SW2REO ring
  1032. *
  1033. * Returns: None
  1034. */
  1035. static inline void
  1036. dp_rx_reinject_ring_record_entry(struct dp_soc *soc, uint64_t paddr,
  1037. uint32_t sw_cookie, uint8_t rbm)
  1038. {
  1039. struct dp_buf_info_record *record;
  1040. uint32_t idx;
  1041. if (qdf_unlikely(!soc->rx_reinject_ring_history))
  1042. return;
  1043. idx = dp_history_get_next_index(&soc->rx_reinject_ring_history->index,
  1044. DP_RX_REINJECT_HIST_MAX);
  1045. /* No NULL check needed for record since its an array */
  1046. record = &soc->rx_reinject_ring_history->entry[idx];
  1047. record->timestamp = qdf_get_log_timestamp();
  1048. record->hbi.paddr = paddr;
  1049. record->hbi.sw_cookie = sw_cookie;
  1050. record->hbi.rbm = rbm;
  1051. }
  1052. #else
  1053. static inline void
  1054. dp_rx_reinject_ring_record_entry(struct dp_soc *soc, uint64_t paddr,
  1055. uint32_t sw_cookie, uint8_t rbm)
  1056. {
  1057. }
  1058. #endif
  1059. /*
  1060. * dp_rx_defrag_reo_reinject(): Reinject the fragment chain back into REO
  1061. * @peer: Pointer to the peer
  1062. * @tid: Transmit Identifier
  1063. * @head: Buffer to be reinjected back
  1064. *
  1065. * Reinject the fragment chain back into REO
  1066. *
  1067. * Returns: QDF_STATUS
  1068. */
  1069. static QDF_STATUS dp_rx_defrag_reo_reinject(struct dp_peer *peer,
  1070. unsigned int tid, qdf_nbuf_t head)
  1071. {
  1072. struct dp_pdev *pdev = peer->vdev->pdev;
  1073. struct dp_soc *soc = pdev->soc;
  1074. struct hal_buf_info buf_info;
  1075. void *link_desc_va;
  1076. void *msdu0, *msdu_desc_info;
  1077. void *ent_ring_desc, *ent_mpdu_desc_info, *ent_qdesc_addr;
  1078. void *dst_mpdu_desc_info, *dst_qdesc_addr;
  1079. qdf_dma_addr_t paddr;
  1080. uint32_t nbuf_len, seq_no, dst_ind;
  1081. uint32_t *mpdu_wrd;
  1082. uint32_t ret, cookie;
  1083. hal_ring_desc_t dst_ring_desc =
  1084. peer->rx_tid[tid].dst_ring_desc;
  1085. hal_ring_handle_t hal_srng = soc->reo_reinject_ring.hal_srng;
  1086. struct dp_rx_desc *rx_desc = peer->rx_tid[tid].head_frag_desc;
  1087. struct dp_rx_reorder_array_elem *rx_reorder_array_elem =
  1088. peer->rx_tid[tid].array;
  1089. qdf_nbuf_t nbuf_head;
  1090. struct rx_desc_pool *rx_desc_pool = NULL;
  1091. void *buf_addr_info = HAL_RX_REO_BUF_ADDR_INFO_GET(dst_ring_desc);
  1092. /* do duplicate link desc address check */
  1093. dp_rx_link_desc_refill_duplicate_check(
  1094. soc,
  1095. &soc->last_op_info.reo_reinject_link_desc,
  1096. buf_addr_info);
  1097. nbuf_head = dp_ipa_handle_rx_reo_reinject(soc, head);
  1098. if (qdf_unlikely(!nbuf_head)) {
  1099. dp_err_rl("IPA RX REO reinject failed");
  1100. return QDF_STATUS_E_FAILURE;
  1101. }
  1102. /* update new allocated skb in case IPA is enabled */
  1103. if (nbuf_head != head) {
  1104. head = nbuf_head;
  1105. rx_desc->nbuf = head;
  1106. rx_reorder_array_elem->head = head;
  1107. }
  1108. ent_ring_desc = hal_srng_src_get_next(soc->hal_soc, hal_srng);
  1109. if (!ent_ring_desc) {
  1110. dp_err_rl("HAL src ring next entry NULL");
  1111. return QDF_STATUS_E_FAILURE;
  1112. }
  1113. hal_rx_reo_buf_paddr_get(dst_ring_desc, &buf_info);
  1114. /* buffer_addr_info is the first element of ring_desc */
  1115. hal_rx_buf_cookie_rbm_get(soc->hal_soc, (uint32_t *)dst_ring_desc,
  1116. &buf_info);
  1117. link_desc_va = dp_rx_cookie_2_link_desc_va(soc, &buf_info);
  1118. qdf_assert_always(link_desc_va);
  1119. msdu0 = hal_rx_msdu0_buffer_addr_lsb(soc->hal_soc, link_desc_va);
  1120. nbuf_len = qdf_nbuf_len(head) - soc->rx_pkt_tlv_size;
  1121. HAL_RX_UNIFORM_HDR_SET(link_desc_va, OWNER, UNI_DESC_OWNER_SW);
  1122. HAL_RX_UNIFORM_HDR_SET(link_desc_va, BUFFER_TYPE,
  1123. UNI_DESC_BUF_TYPE_RX_MSDU_LINK);
  1124. /* msdu reconfig */
  1125. msdu_desc_info = hal_rx_msdu_desc_info_ptr_get(soc->hal_soc, msdu0);
  1126. dst_ind = hal_rx_msdu_reo_dst_ind_get(soc->hal_soc, link_desc_va);
  1127. qdf_mem_zero(msdu_desc_info, sizeof(struct rx_msdu_desc_info));
  1128. HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info,
  1129. FIRST_MSDU_IN_MPDU_FLAG, 1);
  1130. HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info,
  1131. LAST_MSDU_IN_MPDU_FLAG, 1);
  1132. HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info,
  1133. MSDU_CONTINUATION, 0x0);
  1134. HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info,
  1135. REO_DESTINATION_INDICATION, dst_ind);
  1136. HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info,
  1137. MSDU_LENGTH, nbuf_len);
  1138. HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info,
  1139. SA_IS_VALID, 1);
  1140. HAL_RX_MSDU_DESC_INFO_SET(msdu_desc_info,
  1141. DA_IS_VALID, 1);
  1142. /* change RX TLV's */
  1143. hal_rx_tlv_msdu_len_set(soc->hal_soc, qdf_nbuf_data(head), nbuf_len);
  1144. cookie = HAL_RX_BUF_COOKIE_GET(msdu0);
  1145. rx_desc_pool = &soc->rx_desc_buf[pdev->lmac_id];
  1146. /* map the nbuf before reinject it into HW */
  1147. ret = qdf_nbuf_map_nbytes_single(soc->osdev, head,
  1148. QDF_DMA_FROM_DEVICE,
  1149. rx_desc_pool->buf_size);
  1150. if (qdf_unlikely(ret == QDF_STATUS_E_FAILURE)) {
  1151. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  1152. "%s: nbuf map failed !", __func__);
  1153. return QDF_STATUS_E_FAILURE;
  1154. }
  1155. dp_ipa_handle_rx_buf_smmu_mapping(soc, head,
  1156. rx_desc_pool->buf_size,
  1157. true);
  1158. /*
  1159. * As part of rx frag handler bufffer was unmapped and rx desc
  1160. * unmapped is set to 1. So again for defrag reinject frame reset
  1161. * it back to 0.
  1162. */
  1163. rx_desc->unmapped = 0;
  1164. paddr = qdf_nbuf_get_frag_paddr(head, 0);
  1165. ret = dp_check_paddr(soc, &head, &paddr, rx_desc_pool);
  1166. if (ret == QDF_STATUS_E_FAILURE) {
  1167. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  1168. "%s: x86 check failed !", __func__);
  1169. return QDF_STATUS_E_FAILURE;
  1170. }
  1171. hal_rxdma_buff_addr_info_set(soc->hal_osc, msdu0, paddr, cookie,
  1172. DP_DEFRAG_RBM);
  1173. /* Lets fill entrance ring now !!! */
  1174. if (qdf_unlikely(hal_srng_access_start(soc->hal_soc, hal_srng))) {
  1175. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  1176. "HAL RING Access For REO entrance SRNG Failed: %pK",
  1177. hal_srng);
  1178. return QDF_STATUS_E_FAILURE;
  1179. }
  1180. dp_rx_reinject_ring_record_entry(soc, paddr, cookie, DP_DEFRAG_RBM);
  1181. paddr = (uint64_t)buf_info.paddr;
  1182. /* buf addr */
  1183. hal_rxdma_buff_addr_info_set(soc->hal_soc, ent_ring_desc, paddr,
  1184. buf_info.sw_cookie,
  1185. HAL_RX_BUF_RBM_WBM_IDLE_DESC_LIST);
  1186. /* mpdu desc info */
  1187. ent_mpdu_desc_info = hal_ent_mpdu_desc_info(soc->hal_soc,
  1188. ent_ring_desc);
  1189. dst_mpdu_desc_info = hal_dst_mpdu_desc_info(soc->hal_soc,
  1190. dst_ring_desc);
  1191. qdf_mem_copy(ent_mpdu_desc_info, dst_mpdu_desc_info,
  1192. sizeof(struct rx_mpdu_desc_info));
  1193. qdf_mem_zero(ent_mpdu_desc_info, sizeof(uint32_t));
  1194. mpdu_wrd = (uint32_t *)dst_mpdu_desc_info;
  1195. seq_no = HAL_RX_MPDU_SEQUENCE_NUMBER_GET(mpdu_wrd);
  1196. HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info,
  1197. MSDU_COUNT, 0x1);
  1198. HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info,
  1199. MPDU_SEQUENCE_NUMBER, seq_no);
  1200. /* unset frag bit */
  1201. HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info,
  1202. FRAGMENT_FLAG, 0x0);
  1203. /* set sa/da valid bits */
  1204. HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info,
  1205. SA_IS_VALID, 0x1);
  1206. HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info,
  1207. DA_IS_VALID, 0x1);
  1208. HAL_RX_MPDU_DESC_INFO_SET(ent_mpdu_desc_info,
  1209. RAW_MPDU, 0x0);
  1210. /* qdesc addr */
  1211. ent_qdesc_addr = (uint8_t *)ent_ring_desc +
  1212. REO_ENTRANCE_RING_4_RX_REO_QUEUE_DESC_ADDR_31_0_OFFSET;
  1213. dst_qdesc_addr = (uint8_t *)dst_ring_desc +
  1214. REO_DESTINATION_RING_6_RX_REO_QUEUE_DESC_ADDR_31_0_OFFSET;
  1215. qdf_mem_copy(ent_qdesc_addr, dst_qdesc_addr, 8);
  1216. HAL_RX_FLD_SET(ent_ring_desc, REO_ENTRANCE_RING_5,
  1217. REO_DESTINATION_INDICATION, dst_ind);
  1218. hal_srng_access_end(soc->hal_soc, hal_srng);
  1219. DP_STATS_INC(soc, rx.reo_reinject, 1);
  1220. dp_debug("reinjection done !");
  1221. return QDF_STATUS_SUCCESS;
  1222. }
  1223. #endif
  1224. /*
  1225. * dp_rx_defrag_gcmp_demic(): Remove MIC information from GCMP fragment
  1226. * @soc: Datapath soc structure
  1227. * @nbuf: Pointer to the fragment buffer
  1228. * @hdrlen: 802.11 header length
  1229. *
  1230. * Remove MIC information from GCMP fragment
  1231. *
  1232. * Returns: QDF_STATUS
  1233. */
  1234. static QDF_STATUS dp_rx_defrag_gcmp_demic(struct dp_soc *soc, qdf_nbuf_t nbuf,
  1235. uint16_t hdrlen)
  1236. {
  1237. uint8_t *ivp, *orig_hdr;
  1238. int rx_desc_len = soc->rx_pkt_tlv_size;
  1239. /* start of the 802.11 header */
  1240. orig_hdr = (uint8_t *)(qdf_nbuf_data(nbuf) + rx_desc_len);
  1241. /*
  1242. * GCMP header is located after 802.11 header and EXTIV
  1243. * field should always be set to 1 for GCMP protocol.
  1244. */
  1245. ivp = orig_hdr + hdrlen;
  1246. if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV))
  1247. return QDF_STATUS_E_DEFRAG_ERROR;
  1248. qdf_nbuf_trim_tail(nbuf, dp_f_gcmp.ic_trailer);
  1249. return QDF_STATUS_SUCCESS;
  1250. }
  1251. /*
  1252. * dp_rx_defrag(): Defragment the fragment chain
  1253. * @peer: Pointer to the peer
  1254. * @tid: Transmit Identifier
  1255. * @frag_list_head: Pointer to head list
  1256. * @frag_list_tail: Pointer to tail list
  1257. *
  1258. * Defragment the fragment chain
  1259. *
  1260. * Returns: QDF_STATUS
  1261. */
  1262. static QDF_STATUS dp_rx_defrag(struct dp_peer *peer, unsigned tid,
  1263. qdf_nbuf_t frag_list_head, qdf_nbuf_t frag_list_tail)
  1264. {
  1265. qdf_nbuf_t tmp_next, prev;
  1266. qdf_nbuf_t cur = frag_list_head, msdu;
  1267. uint32_t index, tkip_demic = 0;
  1268. uint16_t hdr_space;
  1269. uint8_t key[DEFRAG_IEEE80211_KEY_LEN];
  1270. struct dp_vdev *vdev = peer->vdev;
  1271. struct dp_soc *soc = vdev->pdev->soc;
  1272. uint8_t status = 0;
  1273. hdr_space = dp_rx_defrag_hdrsize(soc, cur);
  1274. index = hal_rx_msdu_is_wlan_mcast(soc->hal_soc, cur) ?
  1275. dp_sec_mcast : dp_sec_ucast;
  1276. /* Remove FCS from all fragments */
  1277. while (cur) {
  1278. tmp_next = qdf_nbuf_next(cur);
  1279. qdf_nbuf_set_next(cur, NULL);
  1280. qdf_nbuf_trim_tail(cur, DEFRAG_IEEE80211_FCS_LEN);
  1281. prev = cur;
  1282. qdf_nbuf_set_next(cur, tmp_next);
  1283. cur = tmp_next;
  1284. }
  1285. cur = frag_list_head;
  1286. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_DEBUG,
  1287. "%s: index %d Security type: %d", __func__,
  1288. index, peer->security[index].sec_type);
  1289. switch (peer->security[index].sec_type) {
  1290. case cdp_sec_type_tkip:
  1291. tkip_demic = 1;
  1292. case cdp_sec_type_tkip_nomic:
  1293. while (cur) {
  1294. tmp_next = qdf_nbuf_next(cur);
  1295. if (dp_rx_defrag_tkip_decap(soc, cur, hdr_space)) {
  1296. QDF_TRACE(QDF_MODULE_ID_TXRX,
  1297. QDF_TRACE_LEVEL_ERROR,
  1298. "dp_rx_defrag: TKIP decap failed");
  1299. return QDF_STATUS_E_DEFRAG_ERROR;
  1300. }
  1301. cur = tmp_next;
  1302. }
  1303. /* If success, increment header to be stripped later */
  1304. hdr_space += dp_f_tkip.ic_header;
  1305. break;
  1306. case cdp_sec_type_aes_ccmp:
  1307. while (cur) {
  1308. tmp_next = qdf_nbuf_next(cur);
  1309. if (dp_rx_defrag_ccmp_demic(soc, cur, hdr_space)) {
  1310. QDF_TRACE(QDF_MODULE_ID_TXRX,
  1311. QDF_TRACE_LEVEL_ERROR,
  1312. "dp_rx_defrag: CCMP demic failed");
  1313. return QDF_STATUS_E_DEFRAG_ERROR;
  1314. }
  1315. if (dp_rx_defrag_ccmp_decap(soc, cur, hdr_space)) {
  1316. QDF_TRACE(QDF_MODULE_ID_TXRX,
  1317. QDF_TRACE_LEVEL_ERROR,
  1318. "dp_rx_defrag: CCMP decap failed");
  1319. return QDF_STATUS_E_DEFRAG_ERROR;
  1320. }
  1321. cur = tmp_next;
  1322. }
  1323. /* If success, increment header to be stripped later */
  1324. hdr_space += dp_f_ccmp.ic_header;
  1325. break;
  1326. case cdp_sec_type_wep40:
  1327. case cdp_sec_type_wep104:
  1328. case cdp_sec_type_wep128:
  1329. while (cur) {
  1330. tmp_next = qdf_nbuf_next(cur);
  1331. if (dp_rx_defrag_wep_decap(soc, cur, hdr_space)) {
  1332. QDF_TRACE(QDF_MODULE_ID_TXRX,
  1333. QDF_TRACE_LEVEL_ERROR,
  1334. "dp_rx_defrag: WEP decap failed");
  1335. return QDF_STATUS_E_DEFRAG_ERROR;
  1336. }
  1337. cur = tmp_next;
  1338. }
  1339. /* If success, increment header to be stripped later */
  1340. hdr_space += dp_f_wep.ic_header;
  1341. break;
  1342. case cdp_sec_type_aes_gcmp:
  1343. case cdp_sec_type_aes_gcmp_256:
  1344. while (cur) {
  1345. tmp_next = qdf_nbuf_next(cur);
  1346. if (dp_rx_defrag_gcmp_demic(soc, cur, hdr_space)) {
  1347. QDF_TRACE(QDF_MODULE_ID_TXRX,
  1348. QDF_TRACE_LEVEL_ERROR,
  1349. "dp_rx_defrag: GCMP demic failed");
  1350. return QDF_STATUS_E_DEFRAG_ERROR;
  1351. }
  1352. cur = tmp_next;
  1353. }
  1354. hdr_space += dp_f_gcmp.ic_header;
  1355. break;
  1356. default:
  1357. break;
  1358. }
  1359. if (tkip_demic) {
  1360. msdu = frag_list_head;
  1361. qdf_mem_copy(key,
  1362. &peer->security[index].michael_key[0],
  1363. IEEE80211_WEP_MICLEN);
  1364. status = dp_rx_defrag_tkip_demic(soc, key, msdu,
  1365. soc->rx_pkt_tlv_size +
  1366. hdr_space);
  1367. if (status) {
  1368. dp_rx_defrag_err(vdev, frag_list_head);
  1369. QDF_TRACE(QDF_MODULE_ID_TXRX,
  1370. QDF_TRACE_LEVEL_ERROR,
  1371. "%s: TKIP demic failed status %d",
  1372. __func__, status);
  1373. return QDF_STATUS_E_DEFRAG_ERROR;
  1374. }
  1375. }
  1376. /* Convert the header to 802.3 header */
  1377. dp_rx_defrag_nwifi_to_8023(soc, peer, tid, frag_list_head, hdr_space);
  1378. if (qdf_nbuf_next(frag_list_head)) {
  1379. if (dp_rx_construct_fraglist(peer, tid, frag_list_head, hdr_space))
  1380. return QDF_STATUS_E_DEFRAG_ERROR;
  1381. }
  1382. return QDF_STATUS_SUCCESS;
  1383. }
  1384. /*
  1385. * dp_rx_defrag_cleanup(): Clean up activities
  1386. * @peer: Pointer to the peer
  1387. * @tid: Transmit Identifier
  1388. *
  1389. * Returns: None
  1390. */
  1391. void dp_rx_defrag_cleanup(struct dp_peer *peer, unsigned tid)
  1392. {
  1393. struct dp_rx_reorder_array_elem *rx_reorder_array_elem =
  1394. peer->rx_tid[tid].array;
  1395. if (rx_reorder_array_elem) {
  1396. /* Free up nbufs */
  1397. dp_rx_defrag_frames_free(rx_reorder_array_elem->head);
  1398. rx_reorder_array_elem->head = NULL;
  1399. rx_reorder_array_elem->tail = NULL;
  1400. } else {
  1401. dp_info("Cleanup self peer %pK and TID %u at MAC address "QDF_MAC_ADDR_FMT,
  1402. peer, tid, QDF_MAC_ADDR_REF(peer->mac_addr.raw));
  1403. }
  1404. /* Free up saved ring descriptors */
  1405. dp_rx_clear_saved_desc_info(peer, tid);
  1406. peer->rx_tid[tid].defrag_timeout_ms = 0;
  1407. peer->rx_tid[tid].curr_frag_num = 0;
  1408. peer->rx_tid[tid].curr_seq_num = 0;
  1409. }
  1410. /*
  1411. * dp_rx_defrag_save_info_from_ring_desc(): Save info from REO ring descriptor
  1412. * @ring_desc: Pointer to the dst ring descriptor
  1413. * @peer: Pointer to the peer
  1414. * @tid: Transmit Identifier
  1415. *
  1416. * Returns: None
  1417. */
  1418. static QDF_STATUS
  1419. dp_rx_defrag_save_info_from_ring_desc(hal_ring_desc_t ring_desc,
  1420. struct dp_rx_desc *rx_desc,
  1421. struct dp_peer *peer,
  1422. unsigned int tid)
  1423. {
  1424. void *dst_ring_desc = qdf_mem_malloc(
  1425. sizeof(struct reo_destination_ring));
  1426. if (!dst_ring_desc) {
  1427. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  1428. "%s: Memory alloc failed !", __func__);
  1429. QDF_ASSERT(0);
  1430. return QDF_STATUS_E_NOMEM;
  1431. }
  1432. qdf_mem_copy(dst_ring_desc, ring_desc,
  1433. sizeof(struct reo_destination_ring));
  1434. peer->rx_tid[tid].dst_ring_desc = dst_ring_desc;
  1435. peer->rx_tid[tid].head_frag_desc = rx_desc;
  1436. return QDF_STATUS_SUCCESS;
  1437. }
  1438. /*
  1439. * dp_rx_defrag_store_fragment(): Store incoming fragments
  1440. * @soc: Pointer to the SOC data structure
  1441. * @ring_desc: Pointer to the ring descriptor
  1442. * @mpdu_desc_info: MPDU descriptor info
  1443. * @tid: Traffic Identifier
  1444. * @rx_desc: Pointer to rx descriptor
  1445. * @rx_bfs: Number of bfs consumed
  1446. *
  1447. * Returns: QDF_STATUS
  1448. */
  1449. static QDF_STATUS
  1450. dp_rx_defrag_store_fragment(struct dp_soc *soc,
  1451. hal_ring_desc_t ring_desc,
  1452. union dp_rx_desc_list_elem_t **head,
  1453. union dp_rx_desc_list_elem_t **tail,
  1454. struct hal_rx_mpdu_desc_info *mpdu_desc_info,
  1455. unsigned int tid, struct dp_rx_desc *rx_desc,
  1456. uint32_t *rx_bfs)
  1457. {
  1458. struct dp_rx_reorder_array_elem *rx_reorder_array_elem;
  1459. struct dp_pdev *pdev;
  1460. struct dp_peer *peer = NULL;
  1461. uint16_t peer_id;
  1462. uint8_t fragno, more_frag, all_frag_present = 0;
  1463. uint16_t rxseq = mpdu_desc_info->mpdu_seq;
  1464. QDF_STATUS status;
  1465. struct dp_rx_tid *rx_tid;
  1466. uint8_t mpdu_sequence_control_valid;
  1467. uint8_t mpdu_frame_control_valid;
  1468. qdf_nbuf_t frag = rx_desc->nbuf;
  1469. uint32_t msdu_len;
  1470. if (qdf_nbuf_len(frag) > 0) {
  1471. dp_info("Dropping unexpected packet with skb_len: %d,"
  1472. "data len: %d, cookie: %d",
  1473. (uint32_t)qdf_nbuf_len(frag), frag->data_len,
  1474. rx_desc->cookie);
  1475. DP_STATS_INC(soc, rx.rx_frag_err_len_error, 1);
  1476. goto discard_frag;
  1477. }
  1478. if (dp_rx_buffer_pool_refill(soc, frag, rx_desc->pool_id)) {
  1479. /* fragment queued back to the pool, free the link desc */
  1480. goto err_free_desc;
  1481. }
  1482. msdu_len = hal_rx_msdu_start_msdu_len_get(soc->hal_soc,
  1483. rx_desc->rx_buf_start);
  1484. qdf_nbuf_set_pktlen(frag, (msdu_len + soc->rx_pkt_tlv_size));
  1485. qdf_nbuf_append_ext_list(frag, NULL, 0);
  1486. /* Check if the packet is from a valid peer */
  1487. peer_id = DP_PEER_METADATA_PEER_ID_GET(
  1488. mpdu_desc_info->peer_meta_data);
  1489. peer = dp_peer_get_ref_by_id(soc, peer_id, DP_MOD_ID_RX_ERR);
  1490. if (!peer) {
  1491. /* We should not receive anything from unknown peer
  1492. * however, that might happen while we are in the monitor mode.
  1493. * We don't need to handle that here
  1494. */
  1495. dp_info_rl("Unknown peer with peer_id %d, dropping fragment",
  1496. peer_id);
  1497. DP_STATS_INC(soc, rx.rx_frag_err_no_peer, 1);
  1498. goto discard_frag;
  1499. }
  1500. if (tid >= DP_MAX_TIDS) {
  1501. dp_info("TID out of bounds: %d", tid);
  1502. qdf_assert_always(0);
  1503. goto discard_frag;
  1504. }
  1505. pdev = peer->vdev->pdev;
  1506. rx_tid = &peer->rx_tid[tid];
  1507. mpdu_sequence_control_valid =
  1508. hal_rx_get_mpdu_sequence_control_valid(soc->hal_soc,
  1509. rx_desc->rx_buf_start);
  1510. /* Invalid MPDU sequence control field, MPDU is of no use */
  1511. if (!mpdu_sequence_control_valid) {
  1512. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  1513. "Invalid MPDU seq control field, dropping MPDU");
  1514. qdf_assert(0);
  1515. goto discard_frag;
  1516. }
  1517. mpdu_frame_control_valid =
  1518. hal_rx_get_mpdu_frame_control_valid(soc->hal_soc,
  1519. rx_desc->rx_buf_start);
  1520. /* Invalid frame control field */
  1521. if (!mpdu_frame_control_valid) {
  1522. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  1523. "Invalid frame control field, dropping MPDU");
  1524. qdf_assert(0);
  1525. goto discard_frag;
  1526. }
  1527. /* Current mpdu sequence */
  1528. more_frag = dp_rx_frag_get_more_frag_bit(soc, rx_desc->rx_buf_start);
  1529. /* HW does not populate the fragment number as of now
  1530. * need to get from the 802.11 header
  1531. */
  1532. fragno = dp_rx_frag_get_mpdu_frag_number(soc, rx_desc->rx_buf_start);
  1533. rx_reorder_array_elem = peer->rx_tid[tid].array;
  1534. if (!rx_reorder_array_elem) {
  1535. dp_err_rl("Rcvd Fragmented pkt before tid setup for peer %pK",
  1536. peer);
  1537. goto discard_frag;
  1538. }
  1539. /*
  1540. * !more_frag: no more fragments to be delivered
  1541. * !frag_no: packet is not fragmented
  1542. * !rx_reorder_array_elem->head: no saved fragments so far
  1543. */
  1544. if ((!more_frag) && (!fragno) && (!rx_reorder_array_elem->head)) {
  1545. /* We should not get into this situation here.
  1546. * It means an unfragmented packet with fragment flag
  1547. * is delivered over the REO exception ring.
  1548. * Typically it follows normal rx path.
  1549. */
  1550. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  1551. "Rcvd unfragmented pkt on REO Err srng, dropping");
  1552. qdf_assert(0);
  1553. goto discard_frag;
  1554. }
  1555. /* Check if the fragment is for the same sequence or a different one */
  1556. dp_debug("rx_tid %d", tid);
  1557. if (rx_reorder_array_elem->head) {
  1558. dp_debug("rxseq %d\n", rxseq);
  1559. if (rxseq != rx_tid->curr_seq_num) {
  1560. dp_debug("mismatch cur_seq %d rxseq %d\n",
  1561. rx_tid->curr_seq_num, rxseq);
  1562. /* Drop stored fragments if out of sequence
  1563. * fragment is received
  1564. */
  1565. dp_rx_reorder_flush_frag(peer, tid);
  1566. DP_STATS_INC(soc, rx.rx_frag_oor, 1);
  1567. dp_debug("cur rxseq %d\n", rxseq);
  1568. /*
  1569. * The sequence number for this fragment becomes the
  1570. * new sequence number to be processed
  1571. */
  1572. rx_tid->curr_seq_num = rxseq;
  1573. }
  1574. } else {
  1575. dp_debug("cur rxseq %d\n", rxseq);
  1576. /* Start of a new sequence */
  1577. dp_rx_defrag_cleanup(peer, tid);
  1578. rx_tid->curr_seq_num = rxseq;
  1579. /* store PN number also */
  1580. }
  1581. /*
  1582. * If the earlier sequence was dropped, this will be the fresh start.
  1583. * Else, continue with next fragment in a given sequence
  1584. */
  1585. status = dp_rx_defrag_fraglist_insert(peer, tid, &rx_reorder_array_elem->head,
  1586. &rx_reorder_array_elem->tail, frag,
  1587. &all_frag_present);
  1588. /*
  1589. * Currently, we can have only 6 MSDUs per-MPDU, if the current
  1590. * packet sequence has more than 6 MSDUs for some reason, we will
  1591. * have to use the next MSDU link descriptor and chain them together
  1592. * before reinjection.
  1593. * ring_desc is validated in dp_rx_err_process.
  1594. */
  1595. if ((fragno == 0) && (status == QDF_STATUS_SUCCESS) &&
  1596. (rx_reorder_array_elem->head == frag)) {
  1597. status = dp_rx_defrag_save_info_from_ring_desc(ring_desc,
  1598. rx_desc, peer, tid);
  1599. if (status != QDF_STATUS_SUCCESS) {
  1600. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  1601. "%s: Unable to store ring desc !", __func__);
  1602. goto discard_frag;
  1603. }
  1604. } else {
  1605. dp_rx_add_to_free_desc_list(head, tail, rx_desc);
  1606. (*rx_bfs)++;
  1607. /* Return the non-head link desc */
  1608. if (dp_rx_link_desc_return(soc, ring_desc,
  1609. HAL_BM_ACTION_PUT_IN_IDLE_LIST) !=
  1610. QDF_STATUS_SUCCESS)
  1611. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  1612. "%s: Failed to return link desc", __func__);
  1613. }
  1614. if (pdev->soc->rx.flags.defrag_timeout_check)
  1615. dp_rx_defrag_waitlist_remove(peer, tid);
  1616. /* Yet to receive more fragments for this sequence number */
  1617. if (!all_frag_present) {
  1618. uint32_t now_ms =
  1619. qdf_system_ticks_to_msecs(qdf_system_ticks());
  1620. peer->rx_tid[tid].defrag_timeout_ms =
  1621. now_ms + pdev->soc->rx.defrag.timeout_ms;
  1622. dp_rx_defrag_waitlist_add(peer, tid);
  1623. dp_peer_unref_delete(peer, DP_MOD_ID_RX_ERR);
  1624. return QDF_STATUS_SUCCESS;
  1625. }
  1626. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_DEBUG,
  1627. "All fragments received for sequence: %d", rxseq);
  1628. /* Process the fragments */
  1629. status = dp_rx_defrag(peer, tid, rx_reorder_array_elem->head,
  1630. rx_reorder_array_elem->tail);
  1631. if (QDF_IS_STATUS_ERROR(status)) {
  1632. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  1633. "Fragment processing failed");
  1634. dp_rx_add_to_free_desc_list(head, tail,
  1635. peer->rx_tid[tid].head_frag_desc);
  1636. (*rx_bfs)++;
  1637. if (dp_rx_link_desc_return(soc,
  1638. peer->rx_tid[tid].dst_ring_desc,
  1639. HAL_BM_ACTION_PUT_IN_IDLE_LIST) !=
  1640. QDF_STATUS_SUCCESS)
  1641. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  1642. "%s: Failed to return link desc",
  1643. __func__);
  1644. dp_rx_defrag_cleanup(peer, tid);
  1645. goto end;
  1646. }
  1647. /* Re-inject the fragments back to REO for further processing */
  1648. status = dp_rx_defrag_reo_reinject(peer, tid,
  1649. rx_reorder_array_elem->head);
  1650. if (QDF_IS_STATUS_SUCCESS(status)) {
  1651. rx_reorder_array_elem->head = NULL;
  1652. rx_reorder_array_elem->tail = NULL;
  1653. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_DEBUG,
  1654. "Fragmented sequence successfully reinjected");
  1655. } else {
  1656. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  1657. "Fragmented sequence reinjection failed");
  1658. dp_rx_return_head_frag_desc(peer, tid);
  1659. }
  1660. dp_rx_defrag_cleanup(peer, tid);
  1661. dp_peer_unref_delete(peer, DP_MOD_ID_RX_ERR);
  1662. return QDF_STATUS_SUCCESS;
  1663. discard_frag:
  1664. qdf_nbuf_free(frag);
  1665. err_free_desc:
  1666. dp_rx_add_to_free_desc_list(head, tail, rx_desc);
  1667. if (dp_rx_link_desc_return(soc, ring_desc,
  1668. HAL_BM_ACTION_PUT_IN_IDLE_LIST) !=
  1669. QDF_STATUS_SUCCESS)
  1670. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  1671. "%s: Failed to return link desc", __func__);
  1672. (*rx_bfs)++;
  1673. end:
  1674. if (peer)
  1675. dp_peer_unref_delete(peer, DP_MOD_ID_RX_ERR);
  1676. DP_STATS_INC(soc, rx.rx_frag_err, 1);
  1677. return QDF_STATUS_E_DEFRAG_ERROR;
  1678. }
  1679. /**
  1680. * dp_rx_frag_handle() - Handles fragmented Rx frames
  1681. *
  1682. * @soc: core txrx main context
  1683. * @ring_desc: opaque pointer to the REO error ring descriptor
  1684. * @mpdu_desc_info: MPDU descriptor information from ring descriptor
  1685. * @head: head of the local descriptor free-list
  1686. * @tail: tail of the local descriptor free-list
  1687. * @quota: No. of units (packets) that can be serviced in one shot.
  1688. *
  1689. * This function implements RX 802.11 fragmentation handling
  1690. * The handling is mostly same as legacy fragmentation handling.
  1691. * If required, this function can re-inject the frames back to
  1692. * REO ring (with proper setting to by-pass fragmentation check
  1693. * but use duplicate detection / re-ordering and routing these frames
  1694. * to a different core.
  1695. *
  1696. * Return: uint32_t: No. of elements processed
  1697. */
  1698. uint32_t dp_rx_frag_handle(struct dp_soc *soc, hal_ring_desc_t ring_desc,
  1699. struct hal_rx_mpdu_desc_info *mpdu_desc_info,
  1700. struct dp_rx_desc *rx_desc,
  1701. uint8_t *mac_id,
  1702. uint32_t quota)
  1703. {
  1704. uint32_t rx_bufs_used = 0;
  1705. qdf_nbuf_t msdu = NULL;
  1706. uint32_t tid;
  1707. uint32_t rx_bfs = 0;
  1708. struct dp_pdev *pdev;
  1709. QDF_STATUS status = QDF_STATUS_SUCCESS;
  1710. struct rx_desc_pool *rx_desc_pool;
  1711. qdf_assert(soc);
  1712. qdf_assert(mpdu_desc_info);
  1713. qdf_assert(rx_desc);
  1714. dp_debug("Number of MSDUs to process, num_msdus: %d",
  1715. mpdu_desc_info->msdu_count);
  1716. if (qdf_unlikely(mpdu_desc_info->msdu_count == 0)) {
  1717. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  1718. "Not sufficient MSDUs to process");
  1719. return rx_bufs_used;
  1720. }
  1721. /* all buffers in MSDU link belong to same pdev */
  1722. pdev = dp_get_pdev_for_lmac_id(soc, rx_desc->pool_id);
  1723. if (!pdev) {
  1724. dp_nofl_debug("pdev is null for pool_id = %d",
  1725. rx_desc->pool_id);
  1726. return rx_bufs_used;
  1727. }
  1728. *mac_id = rx_desc->pool_id;
  1729. msdu = rx_desc->nbuf;
  1730. rx_desc_pool = &soc->rx_desc_buf[rx_desc->pool_id];
  1731. if (rx_desc->unmapped)
  1732. return rx_bufs_used;
  1733. dp_ipa_rx_buf_smmu_mapping_lock(soc);
  1734. dp_ipa_handle_rx_buf_smmu_mapping(soc, rx_desc->nbuf,
  1735. rx_desc_pool->buf_size,
  1736. false);
  1737. qdf_nbuf_unmap_nbytes_single(soc->osdev, rx_desc->nbuf,
  1738. QDF_DMA_FROM_DEVICE,
  1739. rx_desc_pool->buf_size);
  1740. rx_desc->unmapped = 1;
  1741. dp_ipa_rx_buf_smmu_mapping_unlock(soc);
  1742. rx_desc->rx_buf_start = qdf_nbuf_data(msdu);
  1743. tid = hal_rx_mpdu_start_tid_get(soc->hal_soc, rx_desc->rx_buf_start);
  1744. /* Process fragment-by-fragment */
  1745. status = dp_rx_defrag_store_fragment(soc, ring_desc,
  1746. &pdev->free_list_head,
  1747. &pdev->free_list_tail,
  1748. mpdu_desc_info,
  1749. tid, rx_desc, &rx_bfs);
  1750. if (rx_bfs)
  1751. rx_bufs_used += rx_bfs;
  1752. if (!QDF_IS_STATUS_SUCCESS(status))
  1753. dp_info_rl("Rx Defrag err seq#:0x%x msdu_count:%d flags:%d",
  1754. mpdu_desc_info->mpdu_seq,
  1755. mpdu_desc_info->msdu_count,
  1756. mpdu_desc_info->mpdu_flags);
  1757. return rx_bufs_used;
  1758. }
  1759. QDF_STATUS dp_rx_defrag_add_last_frag(struct dp_soc *soc,
  1760. struct dp_peer *peer, uint16_t tid,
  1761. uint16_t rxseq, qdf_nbuf_t nbuf)
  1762. {
  1763. struct dp_rx_tid *rx_tid = &peer->rx_tid[tid];
  1764. struct dp_rx_reorder_array_elem *rx_reorder_array_elem;
  1765. uint8_t all_frag_present;
  1766. uint32_t msdu_len;
  1767. QDF_STATUS status;
  1768. rx_reorder_array_elem = peer->rx_tid[tid].array;
  1769. /*
  1770. * HW may fill in unexpected peer_id in RX PKT TLV,
  1771. * if this peer_id related peer is valid by coincidence,
  1772. * but actually this peer won't do dp_peer_rx_init(like SAP vdev
  1773. * self peer), then invalid access to rx_reorder_array_elem happened.
  1774. */
  1775. if (!rx_reorder_array_elem) {
  1776. dp_verbose_debug(
  1777. "peer id:%d mac: "QDF_MAC_ADDR_FMT" drop rx frame!",
  1778. peer->peer_id,
  1779. QDF_MAC_ADDR_REF(peer->mac_addr.raw));
  1780. DP_STATS_INC(soc, rx.err.defrag_peer_uninit, 1);
  1781. qdf_nbuf_free(nbuf);
  1782. goto fail;
  1783. }
  1784. if (rx_reorder_array_elem->head &&
  1785. rxseq != rx_tid->curr_seq_num) {
  1786. /* Drop stored fragments if out of sequence
  1787. * fragment is received
  1788. */
  1789. dp_rx_reorder_flush_frag(peer, tid);
  1790. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  1791. "%s: No list found for TID %d Seq# %d",
  1792. __func__, tid, rxseq);
  1793. qdf_nbuf_free(nbuf);
  1794. goto fail;
  1795. }
  1796. msdu_len = hal_rx_msdu_start_msdu_len_get(soc->hal_soc,
  1797. qdf_nbuf_data(nbuf));
  1798. qdf_nbuf_set_pktlen(nbuf, (msdu_len + soc->rx_pkt_tlv_size));
  1799. status = dp_rx_defrag_fraglist_insert(peer, tid,
  1800. &rx_reorder_array_elem->head,
  1801. &rx_reorder_array_elem->tail, nbuf,
  1802. &all_frag_present);
  1803. if (QDF_IS_STATUS_ERROR(status)) {
  1804. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  1805. "%s Fragment insert failed", __func__);
  1806. goto fail;
  1807. }
  1808. if (soc->rx.flags.defrag_timeout_check)
  1809. dp_rx_defrag_waitlist_remove(peer, tid);
  1810. if (!all_frag_present) {
  1811. uint32_t now_ms =
  1812. qdf_system_ticks_to_msecs(qdf_system_ticks());
  1813. peer->rx_tid[tid].defrag_timeout_ms =
  1814. now_ms + soc->rx.defrag.timeout_ms;
  1815. dp_rx_defrag_waitlist_add(peer, tid);
  1816. return QDF_STATUS_SUCCESS;
  1817. }
  1818. status = dp_rx_defrag(peer, tid, rx_reorder_array_elem->head,
  1819. rx_reorder_array_elem->tail);
  1820. if (QDF_IS_STATUS_ERROR(status)) {
  1821. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  1822. "%s Fragment processing failed", __func__);
  1823. dp_rx_return_head_frag_desc(peer, tid);
  1824. dp_rx_defrag_cleanup(peer, tid);
  1825. goto fail;
  1826. }
  1827. /* Re-inject the fragments back to REO for further processing */
  1828. status = dp_rx_defrag_reo_reinject(peer, tid,
  1829. rx_reorder_array_elem->head);
  1830. if (QDF_IS_STATUS_SUCCESS(status)) {
  1831. rx_reorder_array_elem->head = NULL;
  1832. rx_reorder_array_elem->tail = NULL;
  1833. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_INFO,
  1834. "%s: Frag seq successfully reinjected",
  1835. __func__);
  1836. } else {
  1837. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  1838. "%s: Frag seq reinjection failed", __func__);
  1839. dp_rx_return_head_frag_desc(peer, tid);
  1840. }
  1841. dp_rx_defrag_cleanup(peer, tid);
  1842. return QDF_STATUS_SUCCESS;
  1843. fail:
  1844. return QDF_STATUS_E_DEFRAG_ERROR;
  1845. }