dp_rx_defrag.c 59 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168
  1. /*
  2. * Copyright (c) 2017-2021 The Linux Foundation. All rights reserved.
  3. * Copyright (c) 2021 Qualcomm Innovation Center, Inc. All rights reserved.
  4. *
  5. * Permission to use, copy, modify, and/or distribute this software for
  6. * any purpose with or without fee is hereby granted, provided that the
  7. * above copyright notice and this permission notice appear in all
  8. * copies.
  9. *
  10. * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
  11. * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
  12. * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
  13. * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
  14. * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
  15. * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
  16. * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  17. * PERFORMANCE OF THIS SOFTWARE.
  18. */
  19. #include "hal_hw_headers.h"
  20. #ifndef RX_DEFRAG_DO_NOT_REINJECT
  21. #ifndef DP_BE_WAR
  22. #include "li/hal_li_rx.h"
  23. #endif
  24. #endif
  25. #include "dp_types.h"
  26. #include "dp_rx.h"
  27. #include "dp_peer.h"
  28. #include "hal_api.h"
  29. #include "qdf_trace.h"
  30. #include "qdf_nbuf.h"
  31. #include "dp_internal.h"
  32. #include "dp_rx_defrag.h"
  33. #include <enet.h> /* LLC_SNAP_HDR_LEN */
  34. #include "dp_rx_defrag.h"
  35. #include "dp_ipa.h"
  36. #include "dp_rx_buffer_pool.h"
  37. const struct dp_rx_defrag_cipher dp_f_ccmp = {
  38. "AES-CCM",
  39. IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + IEEE80211_WEP_EXTIVLEN,
  40. IEEE80211_WEP_MICLEN,
  41. 0,
  42. };
  43. const struct dp_rx_defrag_cipher dp_f_tkip = {
  44. "TKIP",
  45. IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + IEEE80211_WEP_EXTIVLEN,
  46. IEEE80211_WEP_CRCLEN,
  47. IEEE80211_WEP_MICLEN,
  48. };
  49. const struct dp_rx_defrag_cipher dp_f_wep = {
  50. "WEP",
  51. IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN,
  52. IEEE80211_WEP_CRCLEN,
  53. 0,
  54. };
  55. /*
  56. * The header and mic length are same for both
  57. * GCMP-128 and GCMP-256.
  58. */
  59. const struct dp_rx_defrag_cipher dp_f_gcmp = {
  60. "AES-GCMP",
  61. WLAN_IEEE80211_GCMP_HEADERLEN,
  62. WLAN_IEEE80211_GCMP_MICLEN,
  63. WLAN_IEEE80211_GCMP_MICLEN,
  64. };
  65. /*
  66. * dp_rx_defrag_frames_free(): Free fragment chain
  67. * @frames: Fragment chain
  68. *
  69. * Iterates through the fragment chain and frees them
  70. * Returns: None
  71. */
  72. static void dp_rx_defrag_frames_free(qdf_nbuf_t frames)
  73. {
  74. qdf_nbuf_t next, frag = frames;
  75. while (frag) {
  76. next = qdf_nbuf_next(frag);
  77. qdf_nbuf_free(frag);
  78. frag = next;
  79. }
  80. }
  81. /*
  82. * dp_rx_clear_saved_desc_info(): Clears descriptor info
  83. * @peer: Pointer to the peer data structure
  84. * @tid: Transmit ID (TID)
  85. *
  86. * Saves MPDU descriptor info and MSDU link pointer from REO
  87. * ring descriptor. The cache is created per peer, per TID
  88. *
  89. * Returns: None
  90. */
  91. static void dp_rx_clear_saved_desc_info(struct dp_peer *peer, unsigned tid)
  92. {
  93. if (peer->rx_tid[tid].dst_ring_desc)
  94. qdf_mem_free(peer->rx_tid[tid].dst_ring_desc);
  95. peer->rx_tid[tid].dst_ring_desc = NULL;
  96. peer->rx_tid[tid].head_frag_desc = NULL;
  97. }
  98. static void dp_rx_return_head_frag_desc(struct dp_peer *peer,
  99. unsigned int tid)
  100. {
  101. struct dp_soc *soc;
  102. struct dp_pdev *pdev;
  103. struct dp_srng *dp_rxdma_srng;
  104. struct rx_desc_pool *rx_desc_pool;
  105. union dp_rx_desc_list_elem_t *head = NULL;
  106. union dp_rx_desc_list_elem_t *tail = NULL;
  107. uint8_t pool_id;
  108. pdev = peer->vdev->pdev;
  109. soc = pdev->soc;
  110. if (peer->rx_tid[tid].head_frag_desc) {
  111. pool_id = peer->rx_tid[tid].head_frag_desc->pool_id;
  112. dp_rxdma_srng = &soc->rx_refill_buf_ring[pool_id];
  113. rx_desc_pool = &soc->rx_desc_buf[pool_id];
  114. dp_rx_add_to_free_desc_list(&head, &tail,
  115. peer->rx_tid[tid].head_frag_desc);
  116. dp_rx_buffers_replenish(soc, 0, dp_rxdma_srng, rx_desc_pool,
  117. 1, &head, &tail);
  118. }
  119. if (peer->rx_tid[tid].dst_ring_desc) {
  120. if (dp_rx_link_desc_return(soc,
  121. peer->rx_tid[tid].dst_ring_desc,
  122. HAL_BM_ACTION_PUT_IN_IDLE_LIST) !=
  123. QDF_STATUS_SUCCESS)
  124. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  125. "%s: Failed to return link desc", __func__);
  126. }
  127. }
  128. /*
  129. * dp_rx_reorder_flush_frag(): Flush the frag list
  130. * @peer: Pointer to the peer data structure
  131. * @tid: Transmit ID (TID)
  132. *
  133. * Flush the per-TID frag list
  134. *
  135. * Returns: None
  136. */
  137. void dp_rx_reorder_flush_frag(struct dp_peer *peer,
  138. unsigned int tid)
  139. {
  140. dp_info_rl("Flushing TID %d", tid);
  141. if (!peer) {
  142. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  143. "%s: NULL peer", __func__);
  144. return;
  145. }
  146. dp_rx_return_head_frag_desc(peer, tid);
  147. dp_rx_defrag_cleanup(peer, tid);
  148. }
  149. /*
  150. * dp_rx_defrag_waitlist_flush(): Flush SOC defrag wait list
  151. * @soc: DP SOC
  152. *
  153. * Flush fragments of all waitlisted TID's
  154. *
  155. * Returns: None
  156. */
  157. void dp_rx_defrag_waitlist_flush(struct dp_soc *soc)
  158. {
  159. struct dp_rx_tid *rx_reorder = NULL;
  160. struct dp_rx_tid *tmp;
  161. uint32_t now_ms = qdf_system_ticks_to_msecs(qdf_system_ticks());
  162. TAILQ_HEAD(, dp_rx_tid) temp_list;
  163. TAILQ_INIT(&temp_list);
  164. dp_debug("Current time %u", now_ms);
  165. qdf_spin_lock_bh(&soc->rx.defrag.defrag_lock);
  166. TAILQ_FOREACH_SAFE(rx_reorder, &soc->rx.defrag.waitlist,
  167. defrag_waitlist_elem, tmp) {
  168. uint32_t tid;
  169. if (rx_reorder->defrag_timeout_ms > now_ms)
  170. break;
  171. tid = rx_reorder->tid;
  172. if (tid >= DP_MAX_TIDS) {
  173. qdf_assert(0);
  174. continue;
  175. }
  176. TAILQ_REMOVE(&soc->rx.defrag.waitlist, rx_reorder,
  177. defrag_waitlist_elem);
  178. DP_STATS_DEC(soc, rx.rx_frag_wait, 1);
  179. /* Move to temp list and clean-up later */
  180. TAILQ_INSERT_TAIL(&temp_list, rx_reorder,
  181. defrag_waitlist_elem);
  182. }
  183. if (rx_reorder) {
  184. soc->rx.defrag.next_flush_ms =
  185. rx_reorder->defrag_timeout_ms;
  186. } else {
  187. soc->rx.defrag.next_flush_ms =
  188. now_ms + soc->rx.defrag.timeout_ms;
  189. }
  190. qdf_spin_unlock_bh(&soc->rx.defrag.defrag_lock);
  191. TAILQ_FOREACH_SAFE(rx_reorder, &temp_list,
  192. defrag_waitlist_elem, tmp) {
  193. struct dp_peer *peer, *temp_peer = NULL;
  194. qdf_spin_lock_bh(&rx_reorder->tid_lock);
  195. TAILQ_REMOVE(&temp_list, rx_reorder,
  196. defrag_waitlist_elem);
  197. /* get address of current peer */
  198. peer = rx_reorder->defrag_peer;
  199. qdf_spin_unlock_bh(&rx_reorder->tid_lock);
  200. temp_peer = dp_peer_get_ref_by_id(soc, peer->peer_id,
  201. DP_MOD_ID_RX_ERR);
  202. if (temp_peer == peer) {
  203. qdf_spin_lock_bh(&rx_reorder->tid_lock);
  204. dp_rx_reorder_flush_frag(peer, rx_reorder->tid);
  205. qdf_spin_unlock_bh(&rx_reorder->tid_lock);
  206. }
  207. if (temp_peer)
  208. dp_peer_unref_delete(temp_peer, DP_MOD_ID_RX_ERR);
  209. }
  210. }
  211. /*
  212. * dp_rx_defrag_waitlist_add(): Update per-PDEV defrag wait list
  213. * @peer: Pointer to the peer data structure
  214. * @tid: Transmit ID (TID)
  215. *
  216. * Appends per-tid fragments to global fragment wait list
  217. *
  218. * Returns: None
  219. */
  220. static void dp_rx_defrag_waitlist_add(struct dp_peer *peer, unsigned tid)
  221. {
  222. struct dp_soc *psoc = peer->vdev->pdev->soc;
  223. struct dp_rx_tid *rx_reorder = &peer->rx_tid[tid];
  224. dp_debug("Adding TID %u to waitlist for peer %pK at MAC address "QDF_MAC_ADDR_FMT,
  225. tid, peer, QDF_MAC_ADDR_REF(peer->mac_addr.raw));
  226. /* TODO: use LIST macros instead of TAIL macros */
  227. qdf_spin_lock_bh(&psoc->rx.defrag.defrag_lock);
  228. if (TAILQ_EMPTY(&psoc->rx.defrag.waitlist))
  229. psoc->rx.defrag.next_flush_ms = rx_reorder->defrag_timeout_ms;
  230. TAILQ_INSERT_TAIL(&psoc->rx.defrag.waitlist, rx_reorder,
  231. defrag_waitlist_elem);
  232. DP_STATS_INC(psoc, rx.rx_frag_wait, 1);
  233. qdf_spin_unlock_bh(&psoc->rx.defrag.defrag_lock);
  234. }
  235. /*
  236. * dp_rx_defrag_waitlist_remove(): Remove fragments from waitlist
  237. * @peer: Pointer to the peer data structure
  238. * @tid: Transmit ID (TID)
  239. *
  240. * Remove fragments from waitlist
  241. *
  242. * Returns: None
  243. */
  244. void dp_rx_defrag_waitlist_remove(struct dp_peer *peer, unsigned tid)
  245. {
  246. struct dp_pdev *pdev = peer->vdev->pdev;
  247. struct dp_soc *soc = pdev->soc;
  248. struct dp_rx_tid *rx_reorder;
  249. struct dp_rx_tid *tmp;
  250. dp_debug("Removing TID %u to waitlist for peer %pK at MAC address "QDF_MAC_ADDR_FMT,
  251. tid, peer, QDF_MAC_ADDR_REF(peer->mac_addr.raw));
  252. if (tid >= DP_MAX_TIDS) {
  253. dp_err("TID out of bounds: %d", tid);
  254. qdf_assert_always(0);
  255. }
  256. qdf_spin_lock_bh(&soc->rx.defrag.defrag_lock);
  257. TAILQ_FOREACH_SAFE(rx_reorder, &soc->rx.defrag.waitlist,
  258. defrag_waitlist_elem, tmp) {
  259. struct dp_peer *peer_on_waitlist;
  260. /* get address of current peer */
  261. peer_on_waitlist = rx_reorder->defrag_peer;
  262. /* Ensure it is TID for same peer */
  263. if (peer_on_waitlist == peer && rx_reorder->tid == tid) {
  264. TAILQ_REMOVE(&soc->rx.defrag.waitlist,
  265. rx_reorder, defrag_waitlist_elem);
  266. DP_STATS_DEC(soc, rx.rx_frag_wait, 1);
  267. }
  268. }
  269. qdf_spin_unlock_bh(&soc->rx.defrag.defrag_lock);
  270. }
  271. /*
  272. * dp_rx_defrag_fraglist_insert(): Create a per-sequence fragment list
  273. * @peer: Pointer to the peer data structure
  274. * @tid: Transmit ID (TID)
  275. * @head_addr: Pointer to head list
  276. * @tail_addr: Pointer to tail list
  277. * @frag: Incoming fragment
  278. * @all_frag_present: Flag to indicate whether all fragments are received
  279. *
  280. * Build a per-tid, per-sequence fragment list.
  281. *
  282. * Returns: Success, if inserted
  283. */
  284. static QDF_STATUS dp_rx_defrag_fraglist_insert(struct dp_peer *peer, unsigned tid,
  285. qdf_nbuf_t *head_addr, qdf_nbuf_t *tail_addr, qdf_nbuf_t frag,
  286. uint8_t *all_frag_present)
  287. {
  288. struct dp_soc *soc = peer->vdev->pdev->soc;
  289. qdf_nbuf_t next;
  290. qdf_nbuf_t prev = NULL;
  291. qdf_nbuf_t cur;
  292. uint16_t head_fragno, cur_fragno, next_fragno;
  293. uint8_t last_morefrag = 1, count = 0;
  294. struct dp_rx_tid *rx_tid = &peer->rx_tid[tid];
  295. uint8_t *rx_desc_info;
  296. qdf_assert(frag);
  297. qdf_assert(head_addr);
  298. qdf_assert(tail_addr);
  299. *all_frag_present = 0;
  300. rx_desc_info = qdf_nbuf_data(frag);
  301. cur_fragno = dp_rx_frag_get_mpdu_frag_number(soc, rx_desc_info);
  302. dp_debug("cur_fragno %d\n", cur_fragno);
  303. /* If this is the first fragment */
  304. if (!(*head_addr)) {
  305. *head_addr = *tail_addr = frag;
  306. qdf_nbuf_set_next(*tail_addr, NULL);
  307. rx_tid->curr_frag_num = cur_fragno;
  308. goto insert_done;
  309. }
  310. /* In sequence fragment */
  311. if (cur_fragno > rx_tid->curr_frag_num) {
  312. qdf_nbuf_set_next(*tail_addr, frag);
  313. *tail_addr = frag;
  314. qdf_nbuf_set_next(*tail_addr, NULL);
  315. rx_tid->curr_frag_num = cur_fragno;
  316. } else {
  317. /* Out of sequence fragment */
  318. cur = *head_addr;
  319. rx_desc_info = qdf_nbuf_data(cur);
  320. head_fragno = dp_rx_frag_get_mpdu_frag_number(soc,
  321. rx_desc_info);
  322. if (cur_fragno == head_fragno) {
  323. qdf_nbuf_free(frag);
  324. goto insert_fail;
  325. } else if (head_fragno > cur_fragno) {
  326. qdf_nbuf_set_next(frag, cur);
  327. cur = frag;
  328. *head_addr = frag; /* head pointer to be updated */
  329. } else {
  330. while ((cur_fragno > head_fragno) && cur) {
  331. prev = cur;
  332. cur = qdf_nbuf_next(cur);
  333. if (cur) {
  334. rx_desc_info = qdf_nbuf_data(cur);
  335. head_fragno =
  336. dp_rx_frag_get_mpdu_frag_number(
  337. soc,
  338. rx_desc_info);
  339. }
  340. }
  341. if (cur_fragno == head_fragno) {
  342. qdf_nbuf_free(frag);
  343. goto insert_fail;
  344. }
  345. qdf_nbuf_set_next(prev, frag);
  346. qdf_nbuf_set_next(frag, cur);
  347. }
  348. }
  349. next = qdf_nbuf_next(*head_addr);
  350. rx_desc_info = qdf_nbuf_data(*tail_addr);
  351. last_morefrag = dp_rx_frag_get_more_frag_bit(soc, rx_desc_info);
  352. /* TODO: optimize the loop */
  353. if (!last_morefrag) {
  354. /* Check if all fragments are present */
  355. do {
  356. rx_desc_info = qdf_nbuf_data(next);
  357. next_fragno =
  358. dp_rx_frag_get_mpdu_frag_number(soc,
  359. rx_desc_info);
  360. count++;
  361. if (next_fragno != count)
  362. break;
  363. next = qdf_nbuf_next(next);
  364. } while (next);
  365. if (!next) {
  366. *all_frag_present = 1;
  367. return QDF_STATUS_SUCCESS;
  368. } else {
  369. /* revisit */
  370. }
  371. }
  372. insert_done:
  373. return QDF_STATUS_SUCCESS;
  374. insert_fail:
  375. return QDF_STATUS_E_FAILURE;
  376. }
  377. /*
  378. * dp_rx_defrag_tkip_decap(): decap tkip encrypted fragment
  379. * @msdu: Pointer to the fragment
  380. * @hdrlen: 802.11 header length (mostly useful in 4 addr frames)
  381. *
  382. * decap tkip encrypted fragment
  383. *
  384. * Returns: QDF_STATUS
  385. */
  386. static QDF_STATUS
  387. dp_rx_defrag_tkip_decap(struct dp_soc *soc,
  388. qdf_nbuf_t msdu, uint16_t hdrlen)
  389. {
  390. uint8_t *ivp, *orig_hdr;
  391. int rx_desc_len = soc->rx_pkt_tlv_size;
  392. /* start of 802.11 header info */
  393. orig_hdr = (uint8_t *)(qdf_nbuf_data(msdu) + rx_desc_len);
  394. /* TKIP header is located post 802.11 header */
  395. ivp = orig_hdr + hdrlen;
  396. if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV)) {
  397. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  398. "IEEE80211_WEP_EXTIV is missing in TKIP fragment");
  399. return QDF_STATUS_E_DEFRAG_ERROR;
  400. }
  401. qdf_nbuf_trim_tail(msdu, dp_f_tkip.ic_trailer);
  402. return QDF_STATUS_SUCCESS;
  403. }
  404. /*
  405. * dp_rx_defrag_ccmp_demic(): Remove MIC information from CCMP fragment
  406. * @nbuf: Pointer to the fragment buffer
  407. * @hdrlen: 802.11 header length (mostly useful in 4 addr frames)
  408. *
  409. * Remove MIC information from CCMP fragment
  410. *
  411. * Returns: QDF_STATUS
  412. */
  413. static QDF_STATUS
  414. dp_rx_defrag_ccmp_demic(struct dp_soc *soc, qdf_nbuf_t nbuf, uint16_t hdrlen)
  415. {
  416. uint8_t *ivp, *orig_hdr;
  417. int rx_desc_len = soc->rx_pkt_tlv_size;
  418. /* start of the 802.11 header */
  419. orig_hdr = (uint8_t *)(qdf_nbuf_data(nbuf) + rx_desc_len);
  420. /* CCMP header is located after 802.11 header */
  421. ivp = orig_hdr + hdrlen;
  422. if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV))
  423. return QDF_STATUS_E_DEFRAG_ERROR;
  424. qdf_nbuf_trim_tail(nbuf, dp_f_ccmp.ic_trailer);
  425. return QDF_STATUS_SUCCESS;
  426. }
  427. /*
  428. * dp_rx_defrag_ccmp_decap(): decap CCMP encrypted fragment
  429. * @nbuf: Pointer to the fragment
  430. * @hdrlen: length of the header information
  431. *
  432. * decap CCMP encrypted fragment
  433. *
  434. * Returns: QDF_STATUS
  435. */
  436. static QDF_STATUS
  437. dp_rx_defrag_ccmp_decap(struct dp_soc *soc, qdf_nbuf_t nbuf, uint16_t hdrlen)
  438. {
  439. uint8_t *ivp, *origHdr;
  440. int rx_desc_len = soc->rx_pkt_tlv_size;
  441. origHdr = (uint8_t *) (qdf_nbuf_data(nbuf) + rx_desc_len);
  442. ivp = origHdr + hdrlen;
  443. if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV))
  444. return QDF_STATUS_E_DEFRAG_ERROR;
  445. /* Let's pull the header later */
  446. return QDF_STATUS_SUCCESS;
  447. }
  448. /*
  449. * dp_rx_defrag_wep_decap(): decap WEP encrypted fragment
  450. * @msdu: Pointer to the fragment
  451. * @hdrlen: length of the header information
  452. *
  453. * decap WEP encrypted fragment
  454. *
  455. * Returns: QDF_STATUS
  456. */
  457. static QDF_STATUS
  458. dp_rx_defrag_wep_decap(struct dp_soc *soc, qdf_nbuf_t msdu, uint16_t hdrlen)
  459. {
  460. uint8_t *origHdr;
  461. int rx_desc_len = soc->rx_pkt_tlv_size;
  462. origHdr = (uint8_t *) (qdf_nbuf_data(msdu) + rx_desc_len);
  463. qdf_mem_move(origHdr + dp_f_wep.ic_header, origHdr, hdrlen);
  464. qdf_nbuf_trim_tail(msdu, dp_f_wep.ic_trailer);
  465. return QDF_STATUS_SUCCESS;
  466. }
  467. /*
  468. * dp_rx_defrag_hdrsize(): Calculate the header size of the received fragment
  469. * @soc: soc handle
  470. * @nbuf: Pointer to the fragment
  471. *
  472. * Calculate the header size of the received fragment
  473. *
  474. * Returns: header size (uint16_t)
  475. */
  476. static uint16_t dp_rx_defrag_hdrsize(struct dp_soc *soc, qdf_nbuf_t nbuf)
  477. {
  478. uint8_t *rx_tlv_hdr = qdf_nbuf_data(nbuf);
  479. uint16_t size = sizeof(struct ieee80211_frame);
  480. uint16_t fc = 0;
  481. uint32_t to_ds, fr_ds;
  482. uint8_t frm_ctrl_valid;
  483. uint16_t frm_ctrl_field;
  484. to_ds = hal_rx_mpdu_get_to_ds(soc->hal_soc, rx_tlv_hdr);
  485. fr_ds = hal_rx_mpdu_get_fr_ds(soc->hal_soc, rx_tlv_hdr);
  486. frm_ctrl_valid =
  487. hal_rx_get_mpdu_frame_control_valid(soc->hal_soc,
  488. rx_tlv_hdr);
  489. frm_ctrl_field = hal_rx_get_frame_ctrl_field(soc->hal_soc, rx_tlv_hdr);
  490. if (to_ds && fr_ds)
  491. size += QDF_MAC_ADDR_SIZE;
  492. if (frm_ctrl_valid) {
  493. fc = frm_ctrl_field;
  494. /* use 1-st byte for validation */
  495. if (DP_RX_DEFRAG_IEEE80211_QOS_HAS_SEQ(fc & 0xff)) {
  496. size += sizeof(uint16_t);
  497. /* use 2-nd byte for validation */
  498. if (((fc & 0xff00) >> 8) & IEEE80211_FC1_ORDER)
  499. size += sizeof(struct ieee80211_htc);
  500. }
  501. }
  502. return size;
  503. }
  504. /*
  505. * dp_rx_defrag_michdr(): Calculate a pseudo MIC header
  506. * @wh0: Pointer to the wireless header of the fragment
  507. * @hdr: Array to hold the pseudo header
  508. *
  509. * Calculate a pseudo MIC header
  510. *
  511. * Returns: None
  512. */
  513. static void dp_rx_defrag_michdr(const struct ieee80211_frame *wh0,
  514. uint8_t hdr[])
  515. {
  516. const struct ieee80211_frame_addr4 *wh =
  517. (const struct ieee80211_frame_addr4 *)wh0;
  518. switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) {
  519. case IEEE80211_FC1_DIR_NODS:
  520. DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr1); /* DA */
  521. DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + QDF_MAC_ADDR_SIZE,
  522. wh->i_addr2);
  523. break;
  524. case IEEE80211_FC1_DIR_TODS:
  525. DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr3); /* DA */
  526. DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + QDF_MAC_ADDR_SIZE,
  527. wh->i_addr2);
  528. break;
  529. case IEEE80211_FC1_DIR_FROMDS:
  530. DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr1); /* DA */
  531. DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + QDF_MAC_ADDR_SIZE,
  532. wh->i_addr3);
  533. break;
  534. case IEEE80211_FC1_DIR_DSTODS:
  535. DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr, wh->i_addr3); /* DA */
  536. DP_RX_DEFRAG_IEEE80211_ADDR_COPY(hdr + QDF_MAC_ADDR_SIZE,
  537. wh->i_addr4);
  538. break;
  539. }
  540. /*
  541. * Bit 7 is QDF_IEEE80211_FC0_SUBTYPE_QOS for data frame, but
  542. * it could also be set for deauth, disassoc, action, etc. for
  543. * a mgt type frame. It comes into picture for MFP.
  544. */
  545. if (wh->i_fc[0] & QDF_IEEE80211_FC0_SUBTYPE_QOS) {
  546. if ((wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) ==
  547. IEEE80211_FC1_DIR_DSTODS) {
  548. const struct ieee80211_qosframe_addr4 *qwh =
  549. (const struct ieee80211_qosframe_addr4 *)wh;
  550. hdr[12] = qwh->i_qos[0] & IEEE80211_QOS_TID;
  551. } else {
  552. const struct ieee80211_qosframe *qwh =
  553. (const struct ieee80211_qosframe *)wh;
  554. hdr[12] = qwh->i_qos[0] & IEEE80211_QOS_TID;
  555. }
  556. } else {
  557. hdr[12] = 0;
  558. }
  559. hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
  560. }
  561. /*
  562. * dp_rx_defrag_mic(): Calculate MIC header
  563. * @key: Pointer to the key
  564. * @wbuf: fragment buffer
  565. * @off: Offset
  566. * @data_len: Data length
  567. * @mic: Array to hold MIC
  568. *
  569. * Calculate a pseudo MIC header
  570. *
  571. * Returns: QDF_STATUS
  572. */
  573. static QDF_STATUS dp_rx_defrag_mic(struct dp_soc *soc, const uint8_t *key,
  574. qdf_nbuf_t wbuf, uint16_t off,
  575. uint16_t data_len, uint8_t mic[])
  576. {
  577. uint8_t hdr[16] = { 0, };
  578. uint32_t l, r;
  579. const uint8_t *data;
  580. uint32_t space;
  581. int rx_desc_len = soc->rx_pkt_tlv_size;
  582. dp_rx_defrag_michdr((struct ieee80211_frame *)(qdf_nbuf_data(wbuf)
  583. + rx_desc_len), hdr);
  584. l = dp_rx_get_le32(key);
  585. r = dp_rx_get_le32(key + 4);
  586. /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
  587. l ^= dp_rx_get_le32(hdr);
  588. dp_rx_michael_block(l, r);
  589. l ^= dp_rx_get_le32(&hdr[4]);
  590. dp_rx_michael_block(l, r);
  591. l ^= dp_rx_get_le32(&hdr[8]);
  592. dp_rx_michael_block(l, r);
  593. l ^= dp_rx_get_le32(&hdr[12]);
  594. dp_rx_michael_block(l, r);
  595. /* first buffer has special handling */
  596. data = (uint8_t *)qdf_nbuf_data(wbuf) + off;
  597. space = qdf_nbuf_len(wbuf) - off;
  598. for (;; ) {
  599. if (space > data_len)
  600. space = data_len;
  601. /* collect 32-bit blocks from current buffer */
  602. while (space >= sizeof(uint32_t)) {
  603. l ^= dp_rx_get_le32(data);
  604. dp_rx_michael_block(l, r);
  605. data += sizeof(uint32_t);
  606. space -= sizeof(uint32_t);
  607. data_len -= sizeof(uint32_t);
  608. }
  609. if (data_len < sizeof(uint32_t))
  610. break;
  611. wbuf = qdf_nbuf_next(wbuf);
  612. if (!wbuf)
  613. return QDF_STATUS_E_DEFRAG_ERROR;
  614. if (space != 0) {
  615. const uint8_t *data_next;
  616. /*
  617. * Block straddles buffers, split references.
  618. */
  619. data_next =
  620. (uint8_t *)qdf_nbuf_data(wbuf) + off;
  621. if ((qdf_nbuf_len(wbuf)) <
  622. sizeof(uint32_t) - space) {
  623. return QDF_STATUS_E_DEFRAG_ERROR;
  624. }
  625. switch (space) {
  626. case 1:
  627. l ^= dp_rx_get_le32_split(data[0],
  628. data_next[0], data_next[1],
  629. data_next[2]);
  630. data = data_next + 3;
  631. space = (qdf_nbuf_len(wbuf) - off) - 3;
  632. break;
  633. case 2:
  634. l ^= dp_rx_get_le32_split(data[0], data[1],
  635. data_next[0], data_next[1]);
  636. data = data_next + 2;
  637. space = (qdf_nbuf_len(wbuf) - off) - 2;
  638. break;
  639. case 3:
  640. l ^= dp_rx_get_le32_split(data[0], data[1],
  641. data[2], data_next[0]);
  642. data = data_next + 1;
  643. space = (qdf_nbuf_len(wbuf) - off) - 1;
  644. break;
  645. }
  646. dp_rx_michael_block(l, r);
  647. data_len -= sizeof(uint32_t);
  648. } else {
  649. /*
  650. * Setup for next buffer.
  651. */
  652. data = (uint8_t *)qdf_nbuf_data(wbuf) + off;
  653. space = qdf_nbuf_len(wbuf) - off;
  654. }
  655. }
  656. /* Last block and padding (0x5a, 4..7 x 0) */
  657. switch (data_len) {
  658. case 0:
  659. l ^= dp_rx_get_le32_split(0x5a, 0, 0, 0);
  660. break;
  661. case 1:
  662. l ^= dp_rx_get_le32_split(data[0], 0x5a, 0, 0);
  663. break;
  664. case 2:
  665. l ^= dp_rx_get_le32_split(data[0], data[1], 0x5a, 0);
  666. break;
  667. case 3:
  668. l ^= dp_rx_get_le32_split(data[0], data[1], data[2], 0x5a);
  669. break;
  670. }
  671. dp_rx_michael_block(l, r);
  672. dp_rx_michael_block(l, r);
  673. dp_rx_put_le32(mic, l);
  674. dp_rx_put_le32(mic + 4, r);
  675. return QDF_STATUS_SUCCESS;
  676. }
  677. /*
  678. * dp_rx_defrag_tkip_demic(): Remove MIC header from the TKIP frame
  679. * @key: Pointer to the key
  680. * @msdu: fragment buffer
  681. * @hdrlen: Length of the header information
  682. *
  683. * Remove MIC information from the TKIP frame
  684. *
  685. * Returns: QDF_STATUS
  686. */
  687. static QDF_STATUS dp_rx_defrag_tkip_demic(struct dp_soc *soc,
  688. const uint8_t *key,
  689. qdf_nbuf_t msdu, uint16_t hdrlen)
  690. {
  691. QDF_STATUS status;
  692. uint32_t pktlen = 0, prev_data_len;
  693. uint8_t mic[IEEE80211_WEP_MICLEN];
  694. uint8_t mic0[IEEE80211_WEP_MICLEN];
  695. qdf_nbuf_t prev = NULL, prev0, next;
  696. uint8_t len0 = 0;
  697. next = msdu;
  698. prev0 = msdu;
  699. while (next) {
  700. pktlen += (qdf_nbuf_len(next) - hdrlen);
  701. prev = next;
  702. dp_debug("pktlen %u",
  703. (uint32_t)(qdf_nbuf_len(next) - hdrlen));
  704. next = qdf_nbuf_next(next);
  705. if (next && !qdf_nbuf_next(next))
  706. prev0 = prev;
  707. }
  708. if (!prev) {
  709. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  710. "%s Defrag chaining failed !\n", __func__);
  711. return QDF_STATUS_E_DEFRAG_ERROR;
  712. }
  713. prev_data_len = qdf_nbuf_len(prev) - hdrlen;
  714. if (prev_data_len < dp_f_tkip.ic_miclen) {
  715. if (prev0 == prev) {
  716. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  717. "%s Fragments don't have MIC header !\n", __func__);
  718. return QDF_STATUS_E_DEFRAG_ERROR;
  719. }
  720. len0 = dp_f_tkip.ic_miclen - (uint8_t)prev_data_len;
  721. qdf_nbuf_copy_bits(prev0, qdf_nbuf_len(prev0) - len0, len0,
  722. (caddr_t)mic0);
  723. qdf_nbuf_trim_tail(prev0, len0);
  724. }
  725. qdf_nbuf_copy_bits(prev, (qdf_nbuf_len(prev) -
  726. (dp_f_tkip.ic_miclen - len0)),
  727. (dp_f_tkip.ic_miclen - len0),
  728. (caddr_t)(&mic0[len0]));
  729. qdf_nbuf_trim_tail(prev, (dp_f_tkip.ic_miclen - len0));
  730. pktlen -= dp_f_tkip.ic_miclen;
  731. if (((qdf_nbuf_len(prev) - hdrlen) == 0) && prev != msdu) {
  732. qdf_nbuf_free(prev);
  733. qdf_nbuf_set_next(prev0, NULL);
  734. }
  735. status = dp_rx_defrag_mic(soc, key, msdu, hdrlen,
  736. pktlen, mic);
  737. if (QDF_IS_STATUS_ERROR(status))
  738. return status;
  739. if (qdf_mem_cmp(mic, mic0, dp_f_tkip.ic_miclen))
  740. return QDF_STATUS_E_DEFRAG_ERROR;
  741. return QDF_STATUS_SUCCESS;
  742. }
  743. /*
  744. * dp_rx_frag_pull_hdr(): Pulls the RXTLV & the 802.11 headers
  745. * @nbuf: buffer pointer
  746. * @hdrsize: size of the header to be pulled
  747. *
  748. * Pull the RXTLV & the 802.11 headers
  749. *
  750. * Returns: None
  751. */
  752. static void dp_rx_frag_pull_hdr(struct dp_soc *soc,
  753. qdf_nbuf_t nbuf, uint16_t hdrsize)
  754. {
  755. hal_rx_print_pn(soc->hal_soc, qdf_nbuf_data(nbuf));
  756. qdf_nbuf_pull_head(nbuf, soc->rx_pkt_tlv_size + hdrsize);
  757. dp_debug("final pktlen %d .11len %d",
  758. (uint32_t)qdf_nbuf_len(nbuf), hdrsize);
  759. }
  760. /*
  761. * dp_rx_defrag_pn_check(): Check the PN of current fragmented with prev PN
  762. * @msdu: msdu to get the current PN
  763. * @cur_pn128: PN extracted from current msdu
  764. * @prev_pn128: Prev PN
  765. *
  766. * Returns: 0 on success, non zero on failure
  767. */
  768. static int dp_rx_defrag_pn_check(struct dp_soc *soc, qdf_nbuf_t msdu,
  769. uint64_t *cur_pn128, uint64_t *prev_pn128)
  770. {
  771. int out_of_order = 0;
  772. hal_rx_tlv_get_pn_num(soc->hal_soc, qdf_nbuf_data(msdu), cur_pn128);
  773. if (cur_pn128[1] == prev_pn128[1])
  774. out_of_order = (cur_pn128[0] - prev_pn128[0] != 1);
  775. else
  776. out_of_order = (cur_pn128[1] - prev_pn128[1] != 1);
  777. return out_of_order;
  778. }
  779. /*
  780. * dp_rx_construct_fraglist(): Construct a nbuf fraglist
  781. * @peer: Pointer to the peer
  782. * @head: Pointer to list of fragments
  783. * @hdrsize: Size of the header to be pulled
  784. *
  785. * Construct a nbuf fraglist
  786. *
  787. * Returns: None
  788. */
  789. static int
  790. dp_rx_construct_fraglist(struct dp_peer *peer, int tid, qdf_nbuf_t head,
  791. uint16_t hdrsize)
  792. {
  793. struct dp_soc *soc = peer->vdev->pdev->soc;
  794. qdf_nbuf_t msdu = qdf_nbuf_next(head);
  795. qdf_nbuf_t rx_nbuf = msdu;
  796. struct dp_rx_tid *rx_tid = &peer->rx_tid[tid];
  797. uint32_t len = 0;
  798. uint64_t cur_pn128[2] = {0, 0}, prev_pn128[2];
  799. int out_of_order = 0;
  800. int index;
  801. int needs_pn_check = 0;
  802. enum cdp_sec_type sec_type;
  803. prev_pn128[0] = rx_tid->pn128[0];
  804. prev_pn128[1] = rx_tid->pn128[1];
  805. index = hal_rx_msdu_is_wlan_mcast(soc->hal_soc, msdu) ? dp_sec_mcast :
  806. dp_sec_ucast;
  807. sec_type = peer->security[index].sec_type;
  808. if (!(sec_type == cdp_sec_type_none || sec_type == cdp_sec_type_wep128 ||
  809. sec_type == cdp_sec_type_wep104 || sec_type == cdp_sec_type_wep40))
  810. needs_pn_check = 1;
  811. while (msdu) {
  812. if (qdf_likely(needs_pn_check))
  813. out_of_order = dp_rx_defrag_pn_check(soc, msdu,
  814. &cur_pn128[0],
  815. &prev_pn128[0]);
  816. if (qdf_unlikely(out_of_order)) {
  817. dp_info_rl("cur_pn128[0] 0x%llx cur_pn128[1] 0x%llx prev_pn128[0] 0x%llx prev_pn128[1] 0x%llx",
  818. cur_pn128[0], cur_pn128[1],
  819. prev_pn128[0], prev_pn128[1]);
  820. return QDF_STATUS_E_FAILURE;
  821. }
  822. prev_pn128[0] = cur_pn128[0];
  823. prev_pn128[1] = cur_pn128[1];
  824. /*
  825. * Broadcast and multicast frames should never be fragmented.
  826. * Iterating through all msdus and dropping fragments if even
  827. * one of them has mcast/bcast destination address.
  828. */
  829. if (hal_rx_msdu_is_wlan_mcast(soc->hal_soc, msdu)) {
  830. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  831. "Dropping multicast/broadcast fragments");
  832. return QDF_STATUS_E_FAILURE;
  833. }
  834. dp_rx_frag_pull_hdr(soc, msdu, hdrsize);
  835. len += qdf_nbuf_len(msdu);
  836. msdu = qdf_nbuf_next(msdu);
  837. }
  838. qdf_nbuf_append_ext_list(head, rx_nbuf, len);
  839. qdf_nbuf_set_next(head, NULL);
  840. qdf_nbuf_set_is_frag(head, 1);
  841. dp_debug("head len %d ext len %d data len %d ",
  842. (uint32_t)qdf_nbuf_len(head),
  843. (uint32_t)qdf_nbuf_len(rx_nbuf),
  844. (uint32_t)(head->data_len));
  845. return QDF_STATUS_SUCCESS;
  846. }
  847. /**
  848. * dp_rx_defrag_err() - rx err handler
  849. * @pdev: handle to pdev object
  850. * @vdev_id: vdev id
  851. * @peer_mac_addr: peer mac address
  852. * @tid: TID
  853. * @tsf32: TSF
  854. * @err_type: error type
  855. * @rx_frame: rx frame
  856. * @pn: PN Number
  857. * @key_id: key id
  858. *
  859. * This function handles rx error and send MIC error notification
  860. *
  861. * Return: None
  862. */
  863. static void dp_rx_defrag_err(struct dp_vdev *vdev, qdf_nbuf_t nbuf)
  864. {
  865. struct ol_if_ops *tops = NULL;
  866. struct dp_pdev *pdev = vdev->pdev;
  867. int rx_desc_len = pdev->soc->rx_pkt_tlv_size;
  868. uint8_t *orig_hdr;
  869. struct ieee80211_frame *wh;
  870. struct cdp_rx_mic_err_info mic_failure_info;
  871. orig_hdr = (uint8_t *)(qdf_nbuf_data(nbuf) + rx_desc_len);
  872. wh = (struct ieee80211_frame *)orig_hdr;
  873. qdf_copy_macaddr((struct qdf_mac_addr *)&mic_failure_info.da_mac_addr,
  874. (struct qdf_mac_addr *)&wh->i_addr1);
  875. qdf_copy_macaddr((struct qdf_mac_addr *)&mic_failure_info.ta_mac_addr,
  876. (struct qdf_mac_addr *)&wh->i_addr2);
  877. mic_failure_info.key_id = 0;
  878. mic_failure_info.multicast =
  879. IEEE80211_IS_MULTICAST(wh->i_addr1);
  880. qdf_mem_zero(mic_failure_info.tsc, MIC_SEQ_CTR_SIZE);
  881. mic_failure_info.frame_type = cdp_rx_frame_type_802_11;
  882. mic_failure_info.data = (uint8_t *)wh;
  883. mic_failure_info.vdev_id = vdev->vdev_id;
  884. tops = pdev->soc->cdp_soc.ol_ops;
  885. if (tops->rx_mic_error)
  886. tops->rx_mic_error(pdev->soc->ctrl_psoc, pdev->pdev_id,
  887. &mic_failure_info);
  888. }
  889. /*
  890. * dp_rx_defrag_nwifi_to_8023(): Transcap 802.11 to 802.3
  891. * @soc: dp soc handle
  892. * @nbuf: Pointer to the fragment buffer
  893. * @hdrsize: Size of headers
  894. *
  895. * Transcap the fragment from 802.11 to 802.3
  896. *
  897. * Returns: None
  898. */
  899. static void
  900. dp_rx_defrag_nwifi_to_8023(struct dp_soc *soc, struct dp_peer *peer, int tid,
  901. qdf_nbuf_t nbuf, uint16_t hdrsize)
  902. {
  903. struct llc_snap_hdr_t *llchdr;
  904. struct ethernet_hdr_t *eth_hdr;
  905. uint8_t ether_type[2];
  906. uint16_t fc = 0;
  907. union dp_align_mac_addr mac_addr;
  908. uint8_t *rx_desc_info = qdf_mem_malloc(soc->rx_pkt_tlv_size);
  909. struct dp_rx_tid *rx_tid = &peer->rx_tid[tid];
  910. hal_rx_tlv_get_pn_num(soc->hal_soc, qdf_nbuf_data(nbuf), rx_tid->pn128);
  911. hal_rx_print_pn(soc->hal_soc, qdf_nbuf_data(nbuf));
  912. if (!rx_desc_info) {
  913. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  914. "%s: Memory alloc failed ! ", __func__);
  915. QDF_ASSERT(0);
  916. return;
  917. }
  918. qdf_mem_copy(rx_desc_info, qdf_nbuf_data(nbuf), soc->rx_pkt_tlv_size);
  919. llchdr = (struct llc_snap_hdr_t *)(qdf_nbuf_data(nbuf) +
  920. soc->rx_pkt_tlv_size + hdrsize);
  921. qdf_mem_copy(ether_type, llchdr->ethertype, 2);
  922. qdf_nbuf_pull_head(nbuf, (soc->rx_pkt_tlv_size + hdrsize +
  923. sizeof(struct llc_snap_hdr_t) -
  924. sizeof(struct ethernet_hdr_t)));
  925. eth_hdr = (struct ethernet_hdr_t *)(qdf_nbuf_data(nbuf));
  926. if (hal_rx_get_mpdu_frame_control_valid(soc->hal_soc,
  927. rx_desc_info))
  928. fc = hal_rx_get_frame_ctrl_field(soc->hal_soc, rx_desc_info);
  929. dp_debug("Frame control type: 0x%x", fc);
  930. switch (((fc & 0xff00) >> 8) & IEEE80211_FC1_DIR_MASK) {
  931. case IEEE80211_FC1_DIR_NODS:
  932. hal_rx_mpdu_get_addr1(soc->hal_soc, rx_desc_info,
  933. &mac_addr.raw[0]);
  934. qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0],
  935. QDF_MAC_ADDR_SIZE);
  936. hal_rx_mpdu_get_addr2(soc->hal_soc, rx_desc_info,
  937. &mac_addr.raw[0]);
  938. qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0],
  939. QDF_MAC_ADDR_SIZE);
  940. break;
  941. case IEEE80211_FC1_DIR_TODS:
  942. hal_rx_mpdu_get_addr3(soc->hal_soc, rx_desc_info,
  943. &mac_addr.raw[0]);
  944. qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0],
  945. QDF_MAC_ADDR_SIZE);
  946. hal_rx_mpdu_get_addr2(soc->hal_soc, rx_desc_info,
  947. &mac_addr.raw[0]);
  948. qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0],
  949. QDF_MAC_ADDR_SIZE);
  950. break;
  951. case IEEE80211_FC1_DIR_FROMDS:
  952. hal_rx_mpdu_get_addr1(soc->hal_soc, rx_desc_info,
  953. &mac_addr.raw[0]);
  954. qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0],
  955. QDF_MAC_ADDR_SIZE);
  956. hal_rx_mpdu_get_addr3(soc->hal_soc, rx_desc_info,
  957. &mac_addr.raw[0]);
  958. qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0],
  959. QDF_MAC_ADDR_SIZE);
  960. break;
  961. case IEEE80211_FC1_DIR_DSTODS:
  962. hal_rx_mpdu_get_addr3(soc->hal_soc, rx_desc_info,
  963. &mac_addr.raw[0]);
  964. qdf_mem_copy(eth_hdr->dest_addr, &mac_addr.raw[0],
  965. QDF_MAC_ADDR_SIZE);
  966. hal_rx_mpdu_get_addr4(soc->hal_soc, rx_desc_info,
  967. &mac_addr.raw[0]);
  968. qdf_mem_copy(eth_hdr->src_addr, &mac_addr.raw[0],
  969. QDF_MAC_ADDR_SIZE);
  970. break;
  971. default:
  972. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  973. "%s: Unknown frame control type: 0x%x", __func__, fc);
  974. }
  975. qdf_mem_copy(eth_hdr->ethertype, ether_type,
  976. sizeof(ether_type));
  977. qdf_nbuf_push_head(nbuf, soc->rx_pkt_tlv_size);
  978. qdf_mem_copy(qdf_nbuf_data(nbuf), rx_desc_info, soc->rx_pkt_tlv_size);
  979. qdf_mem_free(rx_desc_info);
  980. }
  981. #ifdef RX_DEFRAG_DO_NOT_REINJECT
  982. /*
  983. * dp_rx_defrag_deliver(): Deliver defrag packet to stack
  984. * @peer: Pointer to the peer
  985. * @tid: Transmit Identifier
  986. * @head: Nbuf to be delivered
  987. *
  988. * Returns: None
  989. */
  990. static inline void dp_rx_defrag_deliver(struct dp_peer *peer,
  991. unsigned int tid,
  992. qdf_nbuf_t head)
  993. {
  994. struct dp_vdev *vdev = peer->vdev;
  995. struct dp_soc *soc = vdev->pdev->soc;
  996. qdf_nbuf_t deliver_list_head = NULL;
  997. qdf_nbuf_t deliver_list_tail = NULL;
  998. uint8_t *rx_tlv_hdr;
  999. rx_tlv_hdr = qdf_nbuf_data(head);
  1000. QDF_NBUF_CB_RX_VDEV_ID(head) = vdev->vdev_id;
  1001. qdf_nbuf_set_tid_val(head, tid);
  1002. qdf_nbuf_pull_head(head, soc->rx_pkt_tlv_size);
  1003. DP_RX_LIST_APPEND(deliver_list_head, deliver_list_tail,
  1004. head);
  1005. dp_rx_deliver_to_stack(soc, vdev, peer, deliver_list_head,
  1006. deliver_list_tail);
  1007. }
  1008. /*
  1009. * dp_rx_defrag_reo_reinject(): Reinject the fragment chain back into REO
  1010. * @peer: Pointer to the peer
  1011. * @tid: Transmit Identifier
  1012. * @head: Buffer to be reinjected back
  1013. *
  1014. * Reinject the fragment chain back into REO
  1015. *
  1016. * Returns: QDF_STATUS
  1017. */
  1018. static QDF_STATUS dp_rx_defrag_reo_reinject(struct dp_peer *peer,
  1019. unsigned int tid, qdf_nbuf_t head)
  1020. {
  1021. struct dp_rx_reorder_array_elem *rx_reorder_array_elem;
  1022. rx_reorder_array_elem = peer->rx_tid[tid].array;
  1023. dp_rx_defrag_deliver(peer, tid, head);
  1024. rx_reorder_array_elem->head = NULL;
  1025. rx_reorder_array_elem->tail = NULL;
  1026. dp_rx_return_head_frag_desc(peer, tid);
  1027. return QDF_STATUS_SUCCESS;
  1028. }
  1029. #else
  1030. #ifdef WLAN_FEATURE_DP_RX_RING_HISTORY
  1031. /**
  1032. * dp_rx_reinject_ring_record_entry() - Record reinject ring history
  1033. * @soc: Datapath soc structure
  1034. * @paddr: paddr of the buffer reinjected to SW2REO ring
  1035. * @sw_cookie: SW cookie of the buffer reinjected to SW2REO ring
  1036. * @rbm: Return buffer manager of the buffer reinjected to SW2REO ring
  1037. *
  1038. * Returns: None
  1039. */
  1040. static inline void
  1041. dp_rx_reinject_ring_record_entry(struct dp_soc *soc, uint64_t paddr,
  1042. uint32_t sw_cookie, uint8_t rbm)
  1043. {
  1044. struct dp_buf_info_record *record;
  1045. uint32_t idx;
  1046. if (qdf_unlikely(!soc->rx_reinject_ring_history))
  1047. return;
  1048. idx = dp_history_get_next_index(&soc->rx_reinject_ring_history->index,
  1049. DP_RX_REINJECT_HIST_MAX);
  1050. /* No NULL check needed for record since its an array */
  1051. record = &soc->rx_reinject_ring_history->entry[idx];
  1052. record->timestamp = qdf_get_log_timestamp();
  1053. record->hbi.paddr = paddr;
  1054. record->hbi.sw_cookie = sw_cookie;
  1055. record->hbi.rbm = rbm;
  1056. }
  1057. #else
  1058. static inline void
  1059. dp_rx_reinject_ring_record_entry(struct dp_soc *soc, uint64_t paddr,
  1060. uint32_t sw_cookie, uint8_t rbm)
  1061. {
  1062. }
  1063. #endif
  1064. /*
  1065. * dp_rx_defrag_reo_reinject(): Reinject the fragment chain back into REO
  1066. * @peer: Pointer to the peer
  1067. * @tid: Transmit Identifier
  1068. * @head: Buffer to be reinjected back
  1069. *
  1070. * Reinject the fragment chain back into REO
  1071. *
  1072. * Returns: QDF_STATUS
  1073. */
  1074. static QDF_STATUS dp_rx_defrag_reo_reinject(struct dp_peer *peer,
  1075. unsigned int tid, qdf_nbuf_t head)
  1076. {
  1077. struct dp_pdev *pdev = peer->vdev->pdev;
  1078. struct dp_soc *soc = pdev->soc;
  1079. struct hal_buf_info buf_info;
  1080. struct hal_buf_info temp_buf_info;
  1081. void *link_desc_va;
  1082. void *msdu0, *msdu_desc_info;
  1083. void *ent_ring_desc, *ent_mpdu_desc_info, *ent_qdesc_addr;
  1084. void *dst_mpdu_desc_info;
  1085. uint64_t dst_qdesc_addr;
  1086. qdf_dma_addr_t paddr;
  1087. uint32_t nbuf_len, seq_no, dst_ind;
  1088. uint32_t *mpdu_wrd;
  1089. uint32_t ret, cookie;
  1090. hal_ring_desc_t dst_ring_desc =
  1091. peer->rx_tid[tid].dst_ring_desc;
  1092. hal_ring_handle_t hal_srng = soc->reo_reinject_ring.hal_srng;
  1093. struct dp_rx_desc *rx_desc = peer->rx_tid[tid].head_frag_desc;
  1094. struct dp_rx_reorder_array_elem *rx_reorder_array_elem =
  1095. peer->rx_tid[tid].array;
  1096. qdf_nbuf_t nbuf_head;
  1097. struct rx_desc_pool *rx_desc_pool = NULL;
  1098. void *buf_addr_info = HAL_RX_REO_BUF_ADDR_INFO_GET(dst_ring_desc);
  1099. uint8_t rx_defrag_rbm_id = dp_rx_get_defrag_bm_id(soc);
  1100. /* do duplicate link desc address check */
  1101. dp_rx_link_desc_refill_duplicate_check(
  1102. soc,
  1103. &soc->last_op_info.reo_reinject_link_desc,
  1104. buf_addr_info);
  1105. nbuf_head = dp_ipa_handle_rx_reo_reinject(soc, head);
  1106. if (qdf_unlikely(!nbuf_head)) {
  1107. dp_err_rl("IPA RX REO reinject failed");
  1108. return QDF_STATUS_E_FAILURE;
  1109. }
  1110. /* update new allocated skb in case IPA is enabled */
  1111. if (nbuf_head != head) {
  1112. head = nbuf_head;
  1113. rx_desc->nbuf = head;
  1114. rx_reorder_array_elem->head = head;
  1115. }
  1116. ent_ring_desc = hal_srng_src_get_next(soc->hal_soc, hal_srng);
  1117. if (!ent_ring_desc) {
  1118. dp_err_rl("HAL src ring next entry NULL");
  1119. return QDF_STATUS_E_FAILURE;
  1120. }
  1121. hal_rx_reo_buf_paddr_get(soc->hal_soc, dst_ring_desc, &buf_info);
  1122. /* buffer_addr_info is the first element of ring_desc */
  1123. hal_rx_buf_cookie_rbm_get(soc->hal_soc, (uint32_t *)dst_ring_desc,
  1124. &buf_info);
  1125. link_desc_va = dp_rx_cookie_2_link_desc_va(soc, &buf_info);
  1126. qdf_assert_always(link_desc_va);
  1127. msdu0 = hal_rx_msdu0_buffer_addr_lsb(soc->hal_soc, link_desc_va);
  1128. nbuf_len = qdf_nbuf_len(head) - soc->rx_pkt_tlv_size;
  1129. HAL_RX_UNIFORM_HDR_SET(link_desc_va, OWNER, UNI_DESC_OWNER_SW);
  1130. HAL_RX_UNIFORM_HDR_SET(link_desc_va, BUFFER_TYPE,
  1131. UNI_DESC_BUF_TYPE_RX_MSDU_LINK);
  1132. /* msdu reconfig */
  1133. msdu_desc_info = hal_rx_msdu_desc_info_ptr_get(soc->hal_soc, msdu0);
  1134. dst_ind = hal_rx_msdu_reo_dst_ind_get(soc->hal_soc, link_desc_va);
  1135. qdf_mem_zero(msdu_desc_info, sizeof(struct rx_msdu_desc_info));
  1136. hal_msdu_desc_info_set(soc->hal_soc, msdu_desc_info, dst_ind, nbuf_len);
  1137. /* change RX TLV's */
  1138. hal_rx_tlv_msdu_len_set(soc->hal_soc, qdf_nbuf_data(head), nbuf_len);
  1139. hal_rx_buf_cookie_rbm_get(soc->hal_soc, (uint32_t *)msdu0,
  1140. &temp_buf_info);
  1141. cookie = temp_buf_info.sw_cookie;
  1142. rx_desc_pool = &soc->rx_desc_buf[pdev->lmac_id];
  1143. /* map the nbuf before reinject it into HW */
  1144. ret = qdf_nbuf_map_nbytes_single(soc->osdev, head,
  1145. QDF_DMA_FROM_DEVICE,
  1146. rx_desc_pool->buf_size);
  1147. if (qdf_unlikely(ret == QDF_STATUS_E_FAILURE)) {
  1148. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  1149. "%s: nbuf map failed !", __func__);
  1150. return QDF_STATUS_E_FAILURE;
  1151. }
  1152. dp_ipa_handle_rx_buf_smmu_mapping(soc, head,
  1153. rx_desc_pool->buf_size,
  1154. true);
  1155. /*
  1156. * As part of rx frag handler bufffer was unmapped and rx desc
  1157. * unmapped is set to 1. So again for defrag reinject frame reset
  1158. * it back to 0.
  1159. */
  1160. rx_desc->unmapped = 0;
  1161. paddr = qdf_nbuf_get_frag_paddr(head, 0);
  1162. ret = dp_check_paddr(soc, &head, &paddr, rx_desc_pool);
  1163. if (ret == QDF_STATUS_E_FAILURE) {
  1164. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  1165. "%s: x86 check failed !", __func__);
  1166. return QDF_STATUS_E_FAILURE;
  1167. }
  1168. hal_rxdma_buff_addr_info_set(soc->hal_soc, msdu0, paddr, cookie,
  1169. rx_defrag_rbm_id);
  1170. /* Lets fill entrance ring now !!! */
  1171. if (qdf_unlikely(hal_srng_access_start(soc->hal_soc, hal_srng))) {
  1172. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  1173. "HAL RING Access For REO entrance SRNG Failed: %pK",
  1174. hal_srng);
  1175. return QDF_STATUS_E_FAILURE;
  1176. }
  1177. dp_rx_reinject_ring_record_entry(soc, paddr, cookie,
  1178. rx_defrag_rbm_id);
  1179. paddr = (uint64_t)buf_info.paddr;
  1180. /* buf addr */
  1181. hal_rxdma_buff_addr_info_set(soc->hal_soc, ent_ring_desc, paddr,
  1182. buf_info.sw_cookie,
  1183. soc->idle_link_bm_id);
  1184. /* mpdu desc info */
  1185. ent_mpdu_desc_info = hal_ent_mpdu_desc_info(soc->hal_soc,
  1186. ent_ring_desc);
  1187. dst_mpdu_desc_info = hal_dst_mpdu_desc_info(soc->hal_soc,
  1188. dst_ring_desc);
  1189. qdf_mem_copy(ent_mpdu_desc_info, dst_mpdu_desc_info,
  1190. sizeof(struct rx_mpdu_desc_info));
  1191. qdf_mem_zero(ent_mpdu_desc_info, sizeof(uint32_t));
  1192. mpdu_wrd = (uint32_t *)dst_mpdu_desc_info;
  1193. seq_no = hal_rx_get_rx_sequence(soc->hal_soc, qdf_nbuf_data(head));
  1194. hal_mpdu_desc_info_set(soc->hal_soc, ent_mpdu_desc_info, seq_no);
  1195. /* qdesc addr */
  1196. ent_qdesc_addr = hal_get_reo_ent_desc_qdesc_addr(soc->hal_soc,
  1197. (uint8_t *)ent_ring_desc);
  1198. dst_qdesc_addr = hal_rx_get_qdesc_addr(soc->hal_soc,
  1199. (uint8_t *)dst_ring_desc,
  1200. qdf_nbuf_data(head));
  1201. qdf_mem_copy(ent_qdesc_addr, &dst_qdesc_addr, 5);
  1202. hal_set_reo_ent_desc_reo_dest_ind(soc->hal_soc,
  1203. (uint8_t *)ent_ring_desc, dst_ind);
  1204. hal_srng_access_end(soc->hal_soc, hal_srng);
  1205. DP_STATS_INC(soc, rx.reo_reinject, 1);
  1206. dp_debug("reinjection done !");
  1207. return QDF_STATUS_SUCCESS;
  1208. }
  1209. #endif
  1210. /*
  1211. * dp_rx_defrag_gcmp_demic(): Remove MIC information from GCMP fragment
  1212. * @soc: Datapath soc structure
  1213. * @nbuf: Pointer to the fragment buffer
  1214. * @hdrlen: 802.11 header length
  1215. *
  1216. * Remove MIC information from GCMP fragment
  1217. *
  1218. * Returns: QDF_STATUS
  1219. */
  1220. static QDF_STATUS dp_rx_defrag_gcmp_demic(struct dp_soc *soc, qdf_nbuf_t nbuf,
  1221. uint16_t hdrlen)
  1222. {
  1223. uint8_t *ivp, *orig_hdr;
  1224. int rx_desc_len = soc->rx_pkt_tlv_size;
  1225. /* start of the 802.11 header */
  1226. orig_hdr = (uint8_t *)(qdf_nbuf_data(nbuf) + rx_desc_len);
  1227. /*
  1228. * GCMP header is located after 802.11 header and EXTIV
  1229. * field should always be set to 1 for GCMP protocol.
  1230. */
  1231. ivp = orig_hdr + hdrlen;
  1232. if (!(ivp[IEEE80211_WEP_IVLEN] & IEEE80211_WEP_EXTIV))
  1233. return QDF_STATUS_E_DEFRAG_ERROR;
  1234. qdf_nbuf_trim_tail(nbuf, dp_f_gcmp.ic_trailer);
  1235. return QDF_STATUS_SUCCESS;
  1236. }
  1237. /*
  1238. * dp_rx_defrag(): Defragment the fragment chain
  1239. * @peer: Pointer to the peer
  1240. * @tid: Transmit Identifier
  1241. * @frag_list_head: Pointer to head list
  1242. * @frag_list_tail: Pointer to tail list
  1243. *
  1244. * Defragment the fragment chain
  1245. *
  1246. * Returns: QDF_STATUS
  1247. */
  1248. static QDF_STATUS dp_rx_defrag(struct dp_peer *peer, unsigned tid,
  1249. qdf_nbuf_t frag_list_head, qdf_nbuf_t frag_list_tail)
  1250. {
  1251. qdf_nbuf_t tmp_next, prev;
  1252. qdf_nbuf_t cur = frag_list_head, msdu;
  1253. uint32_t index, tkip_demic = 0;
  1254. uint16_t hdr_space;
  1255. uint8_t key[DEFRAG_IEEE80211_KEY_LEN];
  1256. struct dp_vdev *vdev = peer->vdev;
  1257. struct dp_soc *soc = vdev->pdev->soc;
  1258. uint8_t status = 0;
  1259. if (!cur)
  1260. return QDF_STATUS_E_DEFRAG_ERROR;
  1261. hdr_space = dp_rx_defrag_hdrsize(soc, cur);
  1262. index = hal_rx_msdu_is_wlan_mcast(soc->hal_soc, cur) ?
  1263. dp_sec_mcast : dp_sec_ucast;
  1264. /* Remove FCS from all fragments */
  1265. while (cur) {
  1266. tmp_next = qdf_nbuf_next(cur);
  1267. qdf_nbuf_set_next(cur, NULL);
  1268. qdf_nbuf_trim_tail(cur, DEFRAG_IEEE80211_FCS_LEN);
  1269. prev = cur;
  1270. qdf_nbuf_set_next(cur, tmp_next);
  1271. cur = tmp_next;
  1272. }
  1273. cur = frag_list_head;
  1274. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_DEBUG,
  1275. "%s: index %d Security type: %d", __func__,
  1276. index, peer->security[index].sec_type);
  1277. switch (peer->security[index].sec_type) {
  1278. case cdp_sec_type_tkip:
  1279. tkip_demic = 1;
  1280. case cdp_sec_type_tkip_nomic:
  1281. while (cur) {
  1282. tmp_next = qdf_nbuf_next(cur);
  1283. if (dp_rx_defrag_tkip_decap(soc, cur, hdr_space)) {
  1284. QDF_TRACE(QDF_MODULE_ID_TXRX,
  1285. QDF_TRACE_LEVEL_ERROR,
  1286. "dp_rx_defrag: TKIP decap failed");
  1287. return QDF_STATUS_E_DEFRAG_ERROR;
  1288. }
  1289. cur = tmp_next;
  1290. }
  1291. /* If success, increment header to be stripped later */
  1292. hdr_space += dp_f_tkip.ic_header;
  1293. break;
  1294. case cdp_sec_type_aes_ccmp:
  1295. while (cur) {
  1296. tmp_next = qdf_nbuf_next(cur);
  1297. if (dp_rx_defrag_ccmp_demic(soc, cur, hdr_space)) {
  1298. QDF_TRACE(QDF_MODULE_ID_TXRX,
  1299. QDF_TRACE_LEVEL_ERROR,
  1300. "dp_rx_defrag: CCMP demic failed");
  1301. return QDF_STATUS_E_DEFRAG_ERROR;
  1302. }
  1303. if (dp_rx_defrag_ccmp_decap(soc, cur, hdr_space)) {
  1304. QDF_TRACE(QDF_MODULE_ID_TXRX,
  1305. QDF_TRACE_LEVEL_ERROR,
  1306. "dp_rx_defrag: CCMP decap failed");
  1307. return QDF_STATUS_E_DEFRAG_ERROR;
  1308. }
  1309. cur = tmp_next;
  1310. }
  1311. /* If success, increment header to be stripped later */
  1312. hdr_space += dp_f_ccmp.ic_header;
  1313. break;
  1314. case cdp_sec_type_wep40:
  1315. case cdp_sec_type_wep104:
  1316. case cdp_sec_type_wep128:
  1317. while (cur) {
  1318. tmp_next = qdf_nbuf_next(cur);
  1319. if (dp_rx_defrag_wep_decap(soc, cur, hdr_space)) {
  1320. QDF_TRACE(QDF_MODULE_ID_TXRX,
  1321. QDF_TRACE_LEVEL_ERROR,
  1322. "dp_rx_defrag: WEP decap failed");
  1323. return QDF_STATUS_E_DEFRAG_ERROR;
  1324. }
  1325. cur = tmp_next;
  1326. }
  1327. /* If success, increment header to be stripped later */
  1328. hdr_space += dp_f_wep.ic_header;
  1329. break;
  1330. case cdp_sec_type_aes_gcmp:
  1331. case cdp_sec_type_aes_gcmp_256:
  1332. while (cur) {
  1333. tmp_next = qdf_nbuf_next(cur);
  1334. if (dp_rx_defrag_gcmp_demic(soc, cur, hdr_space)) {
  1335. QDF_TRACE(QDF_MODULE_ID_TXRX,
  1336. QDF_TRACE_LEVEL_ERROR,
  1337. "dp_rx_defrag: GCMP demic failed");
  1338. return QDF_STATUS_E_DEFRAG_ERROR;
  1339. }
  1340. cur = tmp_next;
  1341. }
  1342. hdr_space += dp_f_gcmp.ic_header;
  1343. break;
  1344. default:
  1345. break;
  1346. }
  1347. if (tkip_demic) {
  1348. msdu = frag_list_head;
  1349. qdf_mem_copy(key,
  1350. &peer->security[index].michael_key[0],
  1351. IEEE80211_WEP_MICLEN);
  1352. status = dp_rx_defrag_tkip_demic(soc, key, msdu,
  1353. soc->rx_pkt_tlv_size +
  1354. hdr_space);
  1355. if (status) {
  1356. dp_rx_defrag_err(vdev, frag_list_head);
  1357. QDF_TRACE(QDF_MODULE_ID_TXRX,
  1358. QDF_TRACE_LEVEL_ERROR,
  1359. "%s: TKIP demic failed status %d",
  1360. __func__, status);
  1361. return QDF_STATUS_E_DEFRAG_ERROR;
  1362. }
  1363. }
  1364. /* Convert the header to 802.3 header */
  1365. dp_rx_defrag_nwifi_to_8023(soc, peer, tid, frag_list_head, hdr_space);
  1366. if (qdf_nbuf_next(frag_list_head)) {
  1367. if (dp_rx_construct_fraglist(peer, tid, frag_list_head, hdr_space))
  1368. return QDF_STATUS_E_DEFRAG_ERROR;
  1369. }
  1370. return QDF_STATUS_SUCCESS;
  1371. }
  1372. /*
  1373. * dp_rx_defrag_cleanup(): Clean up activities
  1374. * @peer: Pointer to the peer
  1375. * @tid: Transmit Identifier
  1376. *
  1377. * Returns: None
  1378. */
  1379. void dp_rx_defrag_cleanup(struct dp_peer *peer, unsigned tid)
  1380. {
  1381. struct dp_rx_reorder_array_elem *rx_reorder_array_elem =
  1382. peer->rx_tid[tid].array;
  1383. if (rx_reorder_array_elem) {
  1384. /* Free up nbufs */
  1385. dp_rx_defrag_frames_free(rx_reorder_array_elem->head);
  1386. rx_reorder_array_elem->head = NULL;
  1387. rx_reorder_array_elem->tail = NULL;
  1388. } else {
  1389. dp_info("Cleanup self peer %pK and TID %u at MAC address "QDF_MAC_ADDR_FMT,
  1390. peer, tid, QDF_MAC_ADDR_REF(peer->mac_addr.raw));
  1391. }
  1392. /* Free up saved ring descriptors */
  1393. dp_rx_clear_saved_desc_info(peer, tid);
  1394. peer->rx_tid[tid].defrag_timeout_ms = 0;
  1395. peer->rx_tid[tid].curr_frag_num = 0;
  1396. peer->rx_tid[tid].curr_seq_num = 0;
  1397. }
  1398. /*
  1399. * dp_rx_defrag_save_info_from_ring_desc(): Save info from REO ring descriptor
  1400. * @ring_desc: Pointer to the dst ring descriptor
  1401. * @peer: Pointer to the peer
  1402. * @tid: Transmit Identifier
  1403. *
  1404. * Returns: None
  1405. */
  1406. static QDF_STATUS
  1407. dp_rx_defrag_save_info_from_ring_desc(hal_ring_desc_t ring_desc,
  1408. struct dp_rx_desc *rx_desc,
  1409. struct dp_peer *peer,
  1410. unsigned int tid)
  1411. {
  1412. void *dst_ring_desc = qdf_mem_malloc(
  1413. sizeof(struct reo_destination_ring));
  1414. if (!dst_ring_desc) {
  1415. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  1416. "%s: Memory alloc failed !", __func__);
  1417. QDF_ASSERT(0);
  1418. return QDF_STATUS_E_NOMEM;
  1419. }
  1420. qdf_mem_copy(dst_ring_desc, ring_desc,
  1421. sizeof(struct reo_destination_ring));
  1422. peer->rx_tid[tid].dst_ring_desc = dst_ring_desc;
  1423. peer->rx_tid[tid].head_frag_desc = rx_desc;
  1424. return QDF_STATUS_SUCCESS;
  1425. }
  1426. /*
  1427. * dp_rx_defrag_store_fragment(): Store incoming fragments
  1428. * @soc: Pointer to the SOC data structure
  1429. * @ring_desc: Pointer to the ring descriptor
  1430. * @mpdu_desc_info: MPDU descriptor info
  1431. * @tid: Traffic Identifier
  1432. * @rx_desc: Pointer to rx descriptor
  1433. * @rx_bfs: Number of bfs consumed
  1434. *
  1435. * Returns: QDF_STATUS
  1436. */
  1437. static QDF_STATUS
  1438. dp_rx_defrag_store_fragment(struct dp_soc *soc,
  1439. hal_ring_desc_t ring_desc,
  1440. union dp_rx_desc_list_elem_t **head,
  1441. union dp_rx_desc_list_elem_t **tail,
  1442. struct hal_rx_mpdu_desc_info *mpdu_desc_info,
  1443. unsigned int tid, struct dp_rx_desc *rx_desc,
  1444. uint32_t *rx_bfs)
  1445. {
  1446. struct dp_rx_reorder_array_elem *rx_reorder_array_elem;
  1447. struct dp_pdev *pdev;
  1448. struct dp_peer *peer = NULL;
  1449. uint16_t peer_id;
  1450. uint8_t fragno, more_frag, all_frag_present = 0;
  1451. uint16_t rxseq = mpdu_desc_info->mpdu_seq;
  1452. QDF_STATUS status;
  1453. struct dp_rx_tid *rx_tid;
  1454. uint8_t mpdu_sequence_control_valid;
  1455. uint8_t mpdu_frame_control_valid;
  1456. qdf_nbuf_t frag = rx_desc->nbuf;
  1457. uint32_t msdu_len;
  1458. if (qdf_nbuf_len(frag) > 0) {
  1459. dp_info("Dropping unexpected packet with skb_len: %d,"
  1460. "data len: %d, cookie: %d",
  1461. (uint32_t)qdf_nbuf_len(frag), frag->data_len,
  1462. rx_desc->cookie);
  1463. DP_STATS_INC(soc, rx.rx_frag_err_len_error, 1);
  1464. goto discard_frag;
  1465. }
  1466. if (dp_rx_buffer_pool_refill(soc, frag, rx_desc->pool_id)) {
  1467. /* fragment queued back to the pool, free the link desc */
  1468. goto err_free_desc;
  1469. }
  1470. msdu_len = hal_rx_msdu_start_msdu_len_get(soc->hal_soc,
  1471. rx_desc->rx_buf_start);
  1472. qdf_nbuf_set_pktlen(frag, (msdu_len + soc->rx_pkt_tlv_size));
  1473. qdf_nbuf_append_ext_list(frag, NULL, 0);
  1474. /* Check if the packet is from a valid peer */
  1475. peer_id = dp_rx_peer_metadata_peer_id_get(soc,
  1476. mpdu_desc_info->peer_meta_data);
  1477. peer = dp_peer_get_ref_by_id(soc, peer_id, DP_MOD_ID_RX_ERR);
  1478. if (!peer) {
  1479. /* We should not receive anything from unknown peer
  1480. * however, that might happen while we are in the monitor mode.
  1481. * We don't need to handle that here
  1482. */
  1483. dp_info_rl("Unknown peer with peer_id %d, dropping fragment",
  1484. peer_id);
  1485. DP_STATS_INC(soc, rx.rx_frag_err_no_peer, 1);
  1486. goto discard_frag;
  1487. }
  1488. if (tid >= DP_MAX_TIDS) {
  1489. dp_info("TID out of bounds: %d", tid);
  1490. qdf_assert_always(0);
  1491. goto discard_frag;
  1492. }
  1493. mpdu_sequence_control_valid =
  1494. hal_rx_get_mpdu_sequence_control_valid(soc->hal_soc,
  1495. rx_desc->rx_buf_start);
  1496. /* Invalid MPDU sequence control field, MPDU is of no use */
  1497. if (!mpdu_sequence_control_valid) {
  1498. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  1499. "Invalid MPDU seq control field, dropping MPDU");
  1500. qdf_assert(0);
  1501. goto discard_frag;
  1502. }
  1503. mpdu_frame_control_valid =
  1504. hal_rx_get_mpdu_frame_control_valid(soc->hal_soc,
  1505. rx_desc->rx_buf_start);
  1506. /* Invalid frame control field */
  1507. if (!mpdu_frame_control_valid) {
  1508. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  1509. "Invalid frame control field, dropping MPDU");
  1510. qdf_assert(0);
  1511. goto discard_frag;
  1512. }
  1513. /* Current mpdu sequence */
  1514. more_frag = dp_rx_frag_get_more_frag_bit(soc, rx_desc->rx_buf_start);
  1515. /* HW does not populate the fragment number as of now
  1516. * need to get from the 802.11 header
  1517. */
  1518. fragno = dp_rx_frag_get_mpdu_frag_number(soc, rx_desc->rx_buf_start);
  1519. pdev = peer->vdev->pdev;
  1520. rx_tid = &peer->rx_tid[tid];
  1521. qdf_spin_lock_bh(&rx_tid->tid_lock);
  1522. rx_reorder_array_elem = peer->rx_tid[tid].array;
  1523. if (!rx_reorder_array_elem) {
  1524. dp_err_rl("Rcvd Fragmented pkt before tid setup for peer %pK",
  1525. peer);
  1526. qdf_spin_unlock_bh(&rx_tid->tid_lock);
  1527. goto discard_frag;
  1528. }
  1529. /*
  1530. * !more_frag: no more fragments to be delivered
  1531. * !frag_no: packet is not fragmented
  1532. * !rx_reorder_array_elem->head: no saved fragments so far
  1533. */
  1534. if ((!more_frag) && (!fragno) && (!rx_reorder_array_elem->head)) {
  1535. /* We should not get into this situation here.
  1536. * It means an unfragmented packet with fragment flag
  1537. * is delivered over the REO exception ring.
  1538. * Typically it follows normal rx path.
  1539. */
  1540. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  1541. "Rcvd unfragmented pkt on REO Err srng, dropping");
  1542. qdf_spin_unlock_bh(&rx_tid->tid_lock);
  1543. qdf_assert(0);
  1544. goto discard_frag;
  1545. }
  1546. /* Check if the fragment is for the same sequence or a different one */
  1547. dp_debug("rx_tid %d", tid);
  1548. if (rx_reorder_array_elem->head) {
  1549. dp_debug("rxseq %d\n", rxseq);
  1550. if (rxseq != rx_tid->curr_seq_num) {
  1551. dp_debug("mismatch cur_seq %d rxseq %d\n",
  1552. rx_tid->curr_seq_num, rxseq);
  1553. /* Drop stored fragments if out of sequence
  1554. * fragment is received
  1555. */
  1556. dp_rx_reorder_flush_frag(peer, tid);
  1557. DP_STATS_INC(soc, rx.rx_frag_oor, 1);
  1558. dp_debug("cur rxseq %d\n", rxseq);
  1559. /*
  1560. * The sequence number for this fragment becomes the
  1561. * new sequence number to be processed
  1562. */
  1563. rx_tid->curr_seq_num = rxseq;
  1564. }
  1565. } else {
  1566. /* Check if we are processing first fragment if it is
  1567. * not first fragment discard fragment.
  1568. */
  1569. if (fragno) {
  1570. qdf_spin_unlock_bh(&rx_tid->tid_lock);
  1571. goto discard_frag;
  1572. }
  1573. dp_debug("cur rxseq %d\n", rxseq);
  1574. /* Start of a new sequence */
  1575. dp_rx_defrag_cleanup(peer, tid);
  1576. rx_tid->curr_seq_num = rxseq;
  1577. /* store PN number also */
  1578. }
  1579. /*
  1580. * If the earlier sequence was dropped, this will be the fresh start.
  1581. * Else, continue with next fragment in a given sequence
  1582. */
  1583. status = dp_rx_defrag_fraglist_insert(peer, tid, &rx_reorder_array_elem->head,
  1584. &rx_reorder_array_elem->tail, frag,
  1585. &all_frag_present);
  1586. /*
  1587. * Currently, we can have only 6 MSDUs per-MPDU, if the current
  1588. * packet sequence has more than 6 MSDUs for some reason, we will
  1589. * have to use the next MSDU link descriptor and chain them together
  1590. * before reinjection.
  1591. * ring_desc is validated in dp_rx_err_process.
  1592. */
  1593. if ((fragno == 0) && (status == QDF_STATUS_SUCCESS) &&
  1594. (rx_reorder_array_elem->head == frag)) {
  1595. status = dp_rx_defrag_save_info_from_ring_desc(ring_desc,
  1596. rx_desc, peer, tid);
  1597. if (status != QDF_STATUS_SUCCESS) {
  1598. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  1599. "%s: Unable to store ring desc !", __func__);
  1600. qdf_spin_unlock_bh(&rx_tid->tid_lock);
  1601. goto discard_frag;
  1602. }
  1603. } else {
  1604. dp_rx_add_to_free_desc_list(head, tail, rx_desc);
  1605. (*rx_bfs)++;
  1606. /* Return the non-head link desc */
  1607. if (dp_rx_link_desc_return(soc, ring_desc,
  1608. HAL_BM_ACTION_PUT_IN_IDLE_LIST) !=
  1609. QDF_STATUS_SUCCESS)
  1610. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  1611. "%s: Failed to return link desc", __func__);
  1612. }
  1613. if (pdev->soc->rx.flags.defrag_timeout_check)
  1614. dp_rx_defrag_waitlist_remove(peer, tid);
  1615. /* Yet to receive more fragments for this sequence number */
  1616. if (!all_frag_present) {
  1617. uint32_t now_ms =
  1618. qdf_system_ticks_to_msecs(qdf_system_ticks());
  1619. peer->rx_tid[tid].defrag_timeout_ms =
  1620. now_ms + pdev->soc->rx.defrag.timeout_ms;
  1621. dp_rx_defrag_waitlist_add(peer, tid);
  1622. dp_peer_unref_delete(peer, DP_MOD_ID_RX_ERR);
  1623. qdf_spin_unlock_bh(&rx_tid->tid_lock);
  1624. return QDF_STATUS_SUCCESS;
  1625. }
  1626. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_DEBUG,
  1627. "All fragments received for sequence: %d", rxseq);
  1628. /* Process the fragments */
  1629. status = dp_rx_defrag(peer, tid, rx_reorder_array_elem->head,
  1630. rx_reorder_array_elem->tail);
  1631. if (QDF_IS_STATUS_ERROR(status)) {
  1632. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  1633. "Fragment processing failed");
  1634. dp_rx_add_to_free_desc_list(head, tail,
  1635. peer->rx_tid[tid].head_frag_desc);
  1636. (*rx_bfs)++;
  1637. if (dp_rx_link_desc_return(soc,
  1638. peer->rx_tid[tid].dst_ring_desc,
  1639. HAL_BM_ACTION_PUT_IN_IDLE_LIST) !=
  1640. QDF_STATUS_SUCCESS)
  1641. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  1642. "%s: Failed to return link desc",
  1643. __func__);
  1644. dp_rx_defrag_cleanup(peer, tid);
  1645. qdf_spin_unlock_bh(&rx_tid->tid_lock);
  1646. goto end;
  1647. }
  1648. /* Re-inject the fragments back to REO for further processing */
  1649. status = dp_rx_defrag_reo_reinject(peer, tid,
  1650. rx_reorder_array_elem->head);
  1651. if (QDF_IS_STATUS_SUCCESS(status)) {
  1652. rx_reorder_array_elem->head = NULL;
  1653. rx_reorder_array_elem->tail = NULL;
  1654. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_DEBUG,
  1655. "Fragmented sequence successfully reinjected");
  1656. } else {
  1657. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  1658. "Fragmented sequence reinjection failed");
  1659. dp_rx_return_head_frag_desc(peer, tid);
  1660. }
  1661. dp_rx_defrag_cleanup(peer, tid);
  1662. qdf_spin_unlock_bh(&rx_tid->tid_lock);
  1663. dp_peer_unref_delete(peer, DP_MOD_ID_RX_ERR);
  1664. return QDF_STATUS_SUCCESS;
  1665. discard_frag:
  1666. qdf_nbuf_free(frag);
  1667. err_free_desc:
  1668. dp_rx_add_to_free_desc_list(head, tail, rx_desc);
  1669. if (dp_rx_link_desc_return(soc, ring_desc,
  1670. HAL_BM_ACTION_PUT_IN_IDLE_LIST) !=
  1671. QDF_STATUS_SUCCESS)
  1672. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  1673. "%s: Failed to return link desc", __func__);
  1674. (*rx_bfs)++;
  1675. end:
  1676. if (peer)
  1677. dp_peer_unref_delete(peer, DP_MOD_ID_RX_ERR);
  1678. DP_STATS_INC(soc, rx.rx_frag_err, 1);
  1679. return QDF_STATUS_E_DEFRAG_ERROR;
  1680. }
  1681. /**
  1682. * dp_rx_frag_handle() - Handles fragmented Rx frames
  1683. *
  1684. * @soc: core txrx main context
  1685. * @ring_desc: opaque pointer to the REO error ring descriptor
  1686. * @mpdu_desc_info: MPDU descriptor information from ring descriptor
  1687. * @head: head of the local descriptor free-list
  1688. * @tail: tail of the local descriptor free-list
  1689. * @quota: No. of units (packets) that can be serviced in one shot.
  1690. *
  1691. * This function implements RX 802.11 fragmentation handling
  1692. * The handling is mostly same as legacy fragmentation handling.
  1693. * If required, this function can re-inject the frames back to
  1694. * REO ring (with proper setting to by-pass fragmentation check
  1695. * but use duplicate detection / re-ordering and routing these frames
  1696. * to a different core.
  1697. *
  1698. * Return: uint32_t: No. of elements processed
  1699. */
  1700. uint32_t dp_rx_frag_handle(struct dp_soc *soc, hal_ring_desc_t ring_desc,
  1701. struct hal_rx_mpdu_desc_info *mpdu_desc_info,
  1702. struct dp_rx_desc *rx_desc,
  1703. uint8_t *mac_id,
  1704. uint32_t quota)
  1705. {
  1706. uint32_t rx_bufs_used = 0;
  1707. qdf_nbuf_t msdu = NULL;
  1708. uint32_t tid;
  1709. uint32_t rx_bfs = 0;
  1710. struct dp_pdev *pdev;
  1711. QDF_STATUS status = QDF_STATUS_SUCCESS;
  1712. struct rx_desc_pool *rx_desc_pool;
  1713. qdf_assert(soc);
  1714. qdf_assert(mpdu_desc_info);
  1715. qdf_assert(rx_desc);
  1716. dp_debug("Number of MSDUs to process, num_msdus: %d",
  1717. mpdu_desc_info->msdu_count);
  1718. if (qdf_unlikely(mpdu_desc_info->msdu_count == 0)) {
  1719. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  1720. "Not sufficient MSDUs to process");
  1721. return rx_bufs_used;
  1722. }
  1723. /* all buffers in MSDU link belong to same pdev */
  1724. pdev = dp_get_pdev_for_lmac_id(soc, rx_desc->pool_id);
  1725. if (!pdev) {
  1726. dp_nofl_debug("pdev is null for pool_id = %d",
  1727. rx_desc->pool_id);
  1728. return rx_bufs_used;
  1729. }
  1730. *mac_id = rx_desc->pool_id;
  1731. msdu = rx_desc->nbuf;
  1732. rx_desc_pool = &soc->rx_desc_buf[rx_desc->pool_id];
  1733. if (rx_desc->unmapped)
  1734. return rx_bufs_used;
  1735. dp_ipa_rx_buf_smmu_mapping_lock(soc);
  1736. dp_ipa_handle_rx_buf_smmu_mapping(soc, rx_desc->nbuf,
  1737. rx_desc_pool->buf_size,
  1738. false);
  1739. qdf_nbuf_unmap_nbytes_single(soc->osdev, rx_desc->nbuf,
  1740. QDF_DMA_FROM_DEVICE,
  1741. rx_desc_pool->buf_size);
  1742. rx_desc->unmapped = 1;
  1743. dp_ipa_rx_buf_smmu_mapping_unlock(soc);
  1744. rx_desc->rx_buf_start = qdf_nbuf_data(msdu);
  1745. tid = hal_rx_mpdu_start_tid_get(soc->hal_soc, rx_desc->rx_buf_start);
  1746. /* Process fragment-by-fragment */
  1747. status = dp_rx_defrag_store_fragment(soc, ring_desc,
  1748. &pdev->free_list_head,
  1749. &pdev->free_list_tail,
  1750. mpdu_desc_info,
  1751. tid, rx_desc, &rx_bfs);
  1752. if (rx_bfs)
  1753. rx_bufs_used += rx_bfs;
  1754. if (!QDF_IS_STATUS_SUCCESS(status))
  1755. dp_info_rl("Rx Defrag err seq#:0x%x msdu_count:%d flags:%d",
  1756. mpdu_desc_info->mpdu_seq,
  1757. mpdu_desc_info->msdu_count,
  1758. mpdu_desc_info->mpdu_flags);
  1759. return rx_bufs_used;
  1760. }
  1761. QDF_STATUS dp_rx_defrag_add_last_frag(struct dp_soc *soc,
  1762. struct dp_peer *peer, uint16_t tid,
  1763. uint16_t rxseq, qdf_nbuf_t nbuf)
  1764. {
  1765. struct dp_rx_tid *rx_tid = &peer->rx_tid[tid];
  1766. struct dp_rx_reorder_array_elem *rx_reorder_array_elem;
  1767. uint8_t all_frag_present;
  1768. uint32_t msdu_len;
  1769. QDF_STATUS status;
  1770. rx_reorder_array_elem = peer->rx_tid[tid].array;
  1771. /*
  1772. * HW may fill in unexpected peer_id in RX PKT TLV,
  1773. * if this peer_id related peer is valid by coincidence,
  1774. * but actually this peer won't do dp_peer_rx_init(like SAP vdev
  1775. * self peer), then invalid access to rx_reorder_array_elem happened.
  1776. */
  1777. if (!rx_reorder_array_elem) {
  1778. dp_verbose_debug(
  1779. "peer id:%d mac: "QDF_MAC_ADDR_FMT" drop rx frame!",
  1780. peer->peer_id,
  1781. QDF_MAC_ADDR_REF(peer->mac_addr.raw));
  1782. DP_STATS_INC(soc, rx.err.defrag_peer_uninit, 1);
  1783. qdf_nbuf_free(nbuf);
  1784. goto fail;
  1785. }
  1786. if (rx_reorder_array_elem->head &&
  1787. rxseq != rx_tid->curr_seq_num) {
  1788. /* Drop stored fragments if out of sequence
  1789. * fragment is received
  1790. */
  1791. dp_rx_reorder_flush_frag(peer, tid);
  1792. QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
  1793. "%s: No list found for TID %d Seq# %d",
  1794. __func__, tid, rxseq);
  1795. qdf_nbuf_free(nbuf);
  1796. goto fail;
  1797. }
  1798. msdu_len = hal_rx_msdu_start_msdu_len_get(soc->hal_soc,
  1799. qdf_nbuf_data(nbuf));
  1800. qdf_nbuf_set_pktlen(nbuf, (msdu_len + soc->rx_pkt_tlv_size));
  1801. status = dp_rx_defrag_fraglist_insert(peer, tid,
  1802. &rx_reorder_array_elem->head,
  1803. &rx_reorder_array_elem->tail, nbuf,
  1804. &all_frag_present);
  1805. if (QDF_IS_STATUS_ERROR(status)) {
  1806. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  1807. "%s Fragment insert failed", __func__);
  1808. goto fail;
  1809. }
  1810. if (soc->rx.flags.defrag_timeout_check)
  1811. dp_rx_defrag_waitlist_remove(peer, tid);
  1812. if (!all_frag_present) {
  1813. uint32_t now_ms =
  1814. qdf_system_ticks_to_msecs(qdf_system_ticks());
  1815. peer->rx_tid[tid].defrag_timeout_ms =
  1816. now_ms + soc->rx.defrag.timeout_ms;
  1817. dp_rx_defrag_waitlist_add(peer, tid);
  1818. return QDF_STATUS_SUCCESS;
  1819. }
  1820. status = dp_rx_defrag(peer, tid, rx_reorder_array_elem->head,
  1821. rx_reorder_array_elem->tail);
  1822. if (QDF_IS_STATUS_ERROR(status)) {
  1823. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  1824. "%s Fragment processing failed", __func__);
  1825. dp_rx_return_head_frag_desc(peer, tid);
  1826. dp_rx_defrag_cleanup(peer, tid);
  1827. goto fail;
  1828. }
  1829. /* Re-inject the fragments back to REO for further processing */
  1830. status = dp_rx_defrag_reo_reinject(peer, tid,
  1831. rx_reorder_array_elem->head);
  1832. if (QDF_IS_STATUS_SUCCESS(status)) {
  1833. rx_reorder_array_elem->head = NULL;
  1834. rx_reorder_array_elem->tail = NULL;
  1835. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_INFO,
  1836. "%s: Frag seq successfully reinjected",
  1837. __func__);
  1838. } else {
  1839. QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
  1840. "%s: Frag seq reinjection failed", __func__);
  1841. dp_rx_return_head_frag_desc(peer, tid);
  1842. }
  1843. dp_rx_defrag_cleanup(peer, tid);
  1844. return QDF_STATUS_SUCCESS;
  1845. fail:
  1846. return QDF_STATUS_E_DEFRAG_ERROR;
  1847. }