1 /*
2 * Copyright (C) 2018 Felix Fietkau <nbd@nbd.name>
3 *
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16 #include "mt76.h"
17
18 #define REORDER_TIMEOUT (HZ / 10)
19
20 static void
mt76_aggr_release(struct mt76_rx_tid * tid,struct sk_buff_head * frames,int idx)21 mt76_aggr_release(struct mt76_rx_tid *tid, struct sk_buff_head *frames, int idx)
22 {
23 struct sk_buff *skb;
24
25 tid->head = ieee80211_sn_inc(tid->head);
26
27 skb = tid->reorder_buf[idx];
28 if (!skb)
29 return;
30
31 tid->reorder_buf[idx] = NULL;
32 tid->nframes--;
33 __skb_queue_tail(frames, skb);
34 }
35
36 static void
mt76_rx_aggr_release_frames(struct mt76_rx_tid * tid,struct sk_buff_head * frames,u16 head)37 mt76_rx_aggr_release_frames(struct mt76_rx_tid *tid, struct sk_buff_head *frames,
38 u16 head)
39 {
40 int idx;
41
42 while (ieee80211_sn_less(tid->head, head)) {
43 idx = tid->head % tid->size;
44 mt76_aggr_release(tid, frames, idx);
45 }
46 }
47
48 static void
mt76_rx_aggr_release_head(struct mt76_rx_tid * tid,struct sk_buff_head * frames)49 mt76_rx_aggr_release_head(struct mt76_rx_tid *tid, struct sk_buff_head *frames)
50 {
51 int idx = tid->head % tid->size;
52
53 while (tid->reorder_buf[idx]) {
54 mt76_aggr_release(tid, frames, idx);
55 idx = tid->head % tid->size;
56 }
57 }
58
59 static void
mt76_rx_aggr_check_release(struct mt76_rx_tid * tid,struct sk_buff_head * frames)60 mt76_rx_aggr_check_release(struct mt76_rx_tid *tid, struct sk_buff_head *frames)
61 {
62 struct mt76_rx_status *status;
63 struct sk_buff *skb;
64 int start, idx, nframes;
65
66 if (!tid->nframes)
67 return;
68
69 mt76_rx_aggr_release_head(tid, frames);
70
71 start = tid->head % tid->size;
72 nframes = tid->nframes;
73
74 for (idx = (tid->head + 1) % tid->size;
75 idx != start && nframes;
76 idx = (idx + 1) % tid->size) {
77
78 skb = tid->reorder_buf[idx];
79 if (!skb)
80 continue;
81
82 nframes--;
83 status = (struct mt76_rx_status *) skb->cb;
84 if (!time_after(jiffies, status->reorder_time +
85 REORDER_TIMEOUT))
86 continue;
87
88 mt76_rx_aggr_release_frames(tid, frames, status->seqno);
89 }
90
91 mt76_rx_aggr_release_head(tid, frames);
92 }
93
94 static void
mt76_rx_aggr_reorder_work(struct work_struct * work)95 mt76_rx_aggr_reorder_work(struct work_struct *work)
96 {
97 struct mt76_rx_tid *tid = container_of(work, struct mt76_rx_tid,
98 reorder_work.work);
99 struct mt76_dev *dev = tid->dev;
100 struct sk_buff_head frames;
101 int nframes;
102
103 __skb_queue_head_init(&frames);
104
105 local_bh_disable();
106 rcu_read_lock();
107
108 spin_lock(&tid->lock);
109 mt76_rx_aggr_check_release(tid, &frames);
110 nframes = tid->nframes;
111 spin_unlock(&tid->lock);
112
113 if (nframes)
114 ieee80211_queue_delayed_work(tid->dev->hw, &tid->reorder_work,
115 REORDER_TIMEOUT);
116 mt76_rx_complete(dev, &frames, NULL);
117
118 rcu_read_unlock();
119 local_bh_enable();
120 }
121
122 static void
mt76_rx_aggr_check_ctl(struct sk_buff * skb,struct sk_buff_head * frames)123 mt76_rx_aggr_check_ctl(struct sk_buff *skb, struct sk_buff_head *frames)
124 {
125 struct mt76_rx_status *status = (struct mt76_rx_status *) skb->cb;
126 struct ieee80211_bar *bar = (struct ieee80211_bar *) skb->data;
127 struct mt76_wcid *wcid = status->wcid;
128 struct mt76_rx_tid *tid;
129 u16 seqno;
130
131 if (!ieee80211_is_ctl(bar->frame_control))
132 return;
133
134 if (!ieee80211_is_back_req(bar->frame_control))
135 return;
136
137 status->tid = le16_to_cpu(bar->control) >> 12;
138 seqno = le16_to_cpu(bar->start_seq_num) >> 4;
139 tid = rcu_dereference(wcid->aggr[status->tid]);
140 if (!tid)
141 return;
142
143 spin_lock_bh(&tid->lock);
144 mt76_rx_aggr_release_frames(tid, frames, seqno);
145 mt76_rx_aggr_release_head(tid, frames);
146 spin_unlock_bh(&tid->lock);
147 }
148
mt76_rx_aggr_reorder(struct sk_buff * skb,struct sk_buff_head * frames)149 void mt76_rx_aggr_reorder(struct sk_buff *skb, struct sk_buff_head *frames)
150 {
151 struct mt76_rx_status *status = (struct mt76_rx_status *) skb->cb;
152 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
153 struct mt76_wcid *wcid = status->wcid;
154 struct ieee80211_sta *sta;
155 struct mt76_rx_tid *tid;
156 bool sn_less;
157 u16 seqno, head, size;
158 u8 ackp, idx;
159
160 __skb_queue_tail(frames, skb);
161
162 sta = wcid_to_sta(wcid);
163 if (!sta)
164 return;
165
166 if (!status->aggr) {
167 mt76_rx_aggr_check_ctl(skb, frames);
168 return;
169 }
170
171 /* not part of a BA session */
172 ackp = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_ACK_POLICY_MASK;
173 if (ackp != IEEE80211_QOS_CTL_ACK_POLICY_BLOCKACK &&
174 ackp != IEEE80211_QOS_CTL_ACK_POLICY_NORMAL)
175 return;
176
177 tid = rcu_dereference(wcid->aggr[status->tid]);
178 if (!tid)
179 return;
180
181 status->flag |= RX_FLAG_DUP_VALIDATED;
182 spin_lock_bh(&tid->lock);
183
184 if (tid->stopped)
185 goto out;
186
187 head = tid->head;
188 seqno = status->seqno;
189 size = tid->size;
190 sn_less = ieee80211_sn_less(seqno, head);
191
192 if (!tid->started) {
193 if (sn_less)
194 goto out;
195
196 tid->started = true;
197 }
198
199 if (sn_less) {
200 __skb_unlink(skb, frames);
201 dev_kfree_skb(skb);
202 goto out;
203 }
204
205 if (seqno == head) {
206 tid->head = ieee80211_sn_inc(head);
207 if (tid->nframes)
208 mt76_rx_aggr_release_head(tid, frames);
209 goto out;
210 }
211
212 __skb_unlink(skb, frames);
213
214 /*
215 * Frame sequence number exceeds buffering window, free up some space
216 * by releasing previous frames
217 */
218 if (!ieee80211_sn_less(seqno, head + size)) {
219 head = ieee80211_sn_inc(ieee80211_sn_sub(seqno, size));
220 mt76_rx_aggr_release_frames(tid, frames, head);
221 }
222
223 idx = seqno % size;
224
225 /* Discard if the current slot is already in use */
226 if (tid->reorder_buf[idx]) {
227 dev_kfree_skb(skb);
228 goto out;
229 }
230
231 status->reorder_time = jiffies;
232 tid->reorder_buf[idx] = skb;
233 tid->nframes++;
234 mt76_rx_aggr_release_head(tid, frames);
235
236 ieee80211_queue_delayed_work(tid->dev->hw, &tid->reorder_work, REORDER_TIMEOUT);
237
238 out:
239 spin_unlock_bh(&tid->lock);
240 }
241
mt76_rx_aggr_start(struct mt76_dev * dev,struct mt76_wcid * wcid,u8 tidno,u16 ssn,u8 size)242 int mt76_rx_aggr_start(struct mt76_dev *dev, struct mt76_wcid *wcid, u8 tidno,
243 u16 ssn, u8 size)
244 {
245 struct mt76_rx_tid *tid;
246
247 mt76_rx_aggr_stop(dev, wcid, tidno);
248
249 tid = kzalloc(struct_size(tid, reorder_buf, size), GFP_KERNEL);
250 if (!tid)
251 return -ENOMEM;
252
253 tid->dev = dev;
254 tid->head = ssn;
255 tid->size = size;
256 INIT_DELAYED_WORK(&tid->reorder_work, mt76_rx_aggr_reorder_work);
257 spin_lock_init(&tid->lock);
258
259 rcu_assign_pointer(wcid->aggr[tidno], tid);
260
261 return 0;
262 }
263 EXPORT_SYMBOL_GPL(mt76_rx_aggr_start);
264
mt76_rx_aggr_shutdown(struct mt76_dev * dev,struct mt76_rx_tid * tid)265 static void mt76_rx_aggr_shutdown(struct mt76_dev *dev, struct mt76_rx_tid *tid)
266 {
267 u8 size = tid->size;
268 int i;
269
270 cancel_delayed_work(&tid->reorder_work);
271
272 spin_lock_bh(&tid->lock);
273
274 tid->stopped = true;
275 for (i = 0; tid->nframes && i < size; i++) {
276 struct sk_buff *skb = tid->reorder_buf[i];
277
278 if (!skb)
279 continue;
280
281 tid->nframes--;
282 dev_kfree_skb(skb);
283 }
284
285 spin_unlock_bh(&tid->lock);
286 }
287
mt76_rx_aggr_stop(struct mt76_dev * dev,struct mt76_wcid * wcid,u8 tidno)288 void mt76_rx_aggr_stop(struct mt76_dev *dev, struct mt76_wcid *wcid, u8 tidno)
289 {
290 struct mt76_rx_tid *tid;
291
292 rcu_read_lock();
293
294 tid = rcu_dereference(wcid->aggr[tidno]);
295 if (tid) {
296 rcu_assign_pointer(wcid->aggr[tidno], NULL);
297 mt76_rx_aggr_shutdown(dev, tid);
298 kfree_rcu(tid, rcu_head);
299 }
300
301 rcu_read_unlock();
302 }
303 EXPORT_SYMBOL_GPL(mt76_rx_aggr_stop);
304