1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * NXP Wireless LAN device driver: AP TX and RX data handling
4 *
5 * Copyright 2011-2020 NXP
6 */
7
8 #include "decl.h"
9 #include "ioctl.h"
10 #include "main.h"
11 #include "wmm.h"
12 #include "11n_aggr.h"
13 #include "11n_rxreorder.h"
14
15 /* This function checks if particular RA list has packets more than low bridge
16 * packet threshold and then deletes packet from this RA list.
17 * Function deletes packets from such RA list and returns true. If no such list
18 * is found, false is returned.
19 */
20 static bool
mwifiex_uap_del_tx_pkts_in_ralist(struct mwifiex_private * priv,struct list_head * ra_list_head,int tid)21 mwifiex_uap_del_tx_pkts_in_ralist(struct mwifiex_private *priv,
22 struct list_head *ra_list_head,
23 int tid)
24 {
25 struct mwifiex_ra_list_tbl *ra_list;
26 struct sk_buff *skb, *tmp;
27 bool pkt_deleted = false;
28 struct mwifiex_txinfo *tx_info;
29 struct mwifiex_adapter *adapter = priv->adapter;
30
31 list_for_each_entry(ra_list, ra_list_head, list) {
32 if (skb_queue_empty(&ra_list->skb_head))
33 continue;
34
35 skb_queue_walk_safe(&ra_list->skb_head, skb, tmp) {
36 tx_info = MWIFIEX_SKB_TXCB(skb);
37 if (tx_info->flags & MWIFIEX_BUF_FLAG_BRIDGED_PKT) {
38 __skb_unlink(skb, &ra_list->skb_head);
39 mwifiex_write_data_complete(adapter, skb, 0,
40 -1);
41 if (ra_list->tx_paused)
42 priv->wmm.pkts_paused[tid]--;
43 else
44 atomic_dec(&priv->wmm.tx_pkts_queued);
45 pkt_deleted = true;
46 }
47 if ((atomic_read(&adapter->pending_bridged_pkts) <=
48 MWIFIEX_BRIDGED_PKTS_THR_LOW))
49 break;
50 }
51 }
52
53 return pkt_deleted;
54 }
55
56 /* This function deletes packets from particular RA List. RA list index
57 * from which packets are deleted is preserved so that packets from next RA
58 * list are deleted upon subsequent call thus maintaining fairness.
59 */
mwifiex_uap_cleanup_tx_queues(struct mwifiex_private * priv)60 static void mwifiex_uap_cleanup_tx_queues(struct mwifiex_private *priv)
61 {
62 struct list_head *ra_list;
63 int i;
64
65 spin_lock_bh(&priv->wmm.ra_list_spinlock);
66
67 for (i = 0; i < MAX_NUM_TID; i++, priv->del_list_idx++) {
68 if (priv->del_list_idx == MAX_NUM_TID)
69 priv->del_list_idx = 0;
70 ra_list = &priv->wmm.tid_tbl_ptr[priv->del_list_idx].ra_list;
71 if (mwifiex_uap_del_tx_pkts_in_ralist(priv, ra_list, i)) {
72 priv->del_list_idx++;
73 break;
74 }
75 }
76
77 spin_unlock_bh(&priv->wmm.ra_list_spinlock);
78 }
79
80
mwifiex_uap_queue_bridged_pkt(struct mwifiex_private * priv,struct sk_buff * skb)81 static void mwifiex_uap_queue_bridged_pkt(struct mwifiex_private *priv,
82 struct sk_buff *skb)
83 {
84 struct mwifiex_adapter *adapter = priv->adapter;
85 struct uap_rxpd *uap_rx_pd;
86 struct rx_packet_hdr *rx_pkt_hdr;
87 struct sk_buff *new_skb;
88 struct mwifiex_txinfo *tx_info;
89 int hdr_chop;
90 struct ethhdr *p_ethhdr;
91 struct mwifiex_sta_node *src_node;
92 int index;
93
94 uap_rx_pd = (struct uap_rxpd *)(skb->data);
95 rx_pkt_hdr = (void *)uap_rx_pd + le16_to_cpu(uap_rx_pd->rx_pkt_offset);
96
97 if ((atomic_read(&adapter->pending_bridged_pkts) >=
98 MWIFIEX_BRIDGED_PKTS_THR_HIGH)) {
99 mwifiex_dbg(priv->adapter, ERROR,
100 "Tx: Bridge packet limit reached. Drop packet!\n");
101 kfree_skb(skb);
102 mwifiex_uap_cleanup_tx_queues(priv);
103 return;
104 }
105
106 if (sizeof(*rx_pkt_hdr) +
107 le16_to_cpu(uap_rx_pd->rx_pkt_offset) > skb->len) {
108 mwifiex_dbg(adapter, ERROR,
109 "wrong rx packet offset: len=%d,rx_pkt_offset=%d\n",
110 skb->len, le16_to_cpu(uap_rx_pd->rx_pkt_offset));
111 priv->stats.rx_dropped++;
112 dev_kfree_skb_any(skb);
113 return;
114 }
115
116 if ((!memcmp(&rx_pkt_hdr->rfc1042_hdr, bridge_tunnel_header,
117 sizeof(bridge_tunnel_header))) ||
118 (!memcmp(&rx_pkt_hdr->rfc1042_hdr, rfc1042_header,
119 sizeof(rfc1042_header)) &&
120 ntohs(rx_pkt_hdr->rfc1042_hdr.snap_type) != ETH_P_AARP &&
121 ntohs(rx_pkt_hdr->rfc1042_hdr.snap_type) != ETH_P_IPX)) {
122 /* Replace the 803 header and rfc1042 header (llc/snap) with
123 * an Ethernet II header, keep the src/dst and snap_type
124 * (ethertype).
125 *
126 * The firmware only passes up SNAP frames converting all RX
127 * data from 802.11 to 802.2/LLC/SNAP frames.
128 *
129 * To create the Ethernet II, just move the src, dst address
130 * right before the snap_type.
131 */
132 p_ethhdr = (struct ethhdr *)
133 ((u8 *)(&rx_pkt_hdr->eth803_hdr)
134 + sizeof(rx_pkt_hdr->eth803_hdr)
135 + sizeof(rx_pkt_hdr->rfc1042_hdr)
136 - sizeof(rx_pkt_hdr->eth803_hdr.h_dest)
137 - sizeof(rx_pkt_hdr->eth803_hdr.h_source)
138 - sizeof(rx_pkt_hdr->rfc1042_hdr.snap_type));
139 memcpy(p_ethhdr->h_source, rx_pkt_hdr->eth803_hdr.h_source,
140 sizeof(p_ethhdr->h_source));
141 memcpy(p_ethhdr->h_dest, rx_pkt_hdr->eth803_hdr.h_dest,
142 sizeof(p_ethhdr->h_dest));
143 /* Chop off the rxpd + the excess memory from
144 * 802.2/llc/snap header that was removed.
145 */
146 hdr_chop = (u8 *)p_ethhdr - (u8 *)uap_rx_pd;
147 } else {
148 /* Chop off the rxpd */
149 hdr_chop = (u8 *)&rx_pkt_hdr->eth803_hdr - (u8 *)uap_rx_pd;
150 }
151
152 /* Chop off the leading header bytes so that it points
153 * to the start of either the reconstructed EthII frame
154 * or the 802.2/llc/snap frame.
155 */
156 skb_pull(skb, hdr_chop);
157
158 if (skb_headroom(skb) < MWIFIEX_MIN_DATA_HEADER_LEN) {
159 mwifiex_dbg(priv->adapter, ERROR,
160 "data: Tx: insufficient skb headroom %d\n",
161 skb_headroom(skb));
162 /* Insufficient skb headroom - allocate a new skb */
163 new_skb =
164 skb_realloc_headroom(skb, MWIFIEX_MIN_DATA_HEADER_LEN);
165 if (unlikely(!new_skb)) {
166 mwifiex_dbg(priv->adapter, ERROR,
167 "Tx: cannot allocate new_skb\n");
168 kfree_skb(skb);
169 priv->stats.tx_dropped++;
170 return;
171 }
172
173 kfree_skb(skb);
174 skb = new_skb;
175 mwifiex_dbg(priv->adapter, INFO,
176 "info: new skb headroom %d\n",
177 skb_headroom(skb));
178 }
179
180 tx_info = MWIFIEX_SKB_TXCB(skb);
181 memset(tx_info, 0, sizeof(*tx_info));
182 tx_info->bss_num = priv->bss_num;
183 tx_info->bss_type = priv->bss_type;
184 tx_info->flags |= MWIFIEX_BUF_FLAG_BRIDGED_PKT;
185
186 src_node = mwifiex_get_sta_entry(priv, rx_pkt_hdr->eth803_hdr.h_source);
187 if (src_node) {
188 src_node->stats.last_rx = jiffies;
189 src_node->stats.rx_bytes += skb->len;
190 src_node->stats.rx_packets++;
191 src_node->stats.last_tx_rate = uap_rx_pd->rx_rate;
192 src_node->stats.last_tx_htinfo = uap_rx_pd->ht_info;
193 }
194
195 if (is_unicast_ether_addr(rx_pkt_hdr->eth803_hdr.h_dest)) {
196 /* Update bridge packet statistics as the
197 * packet is not going to kernel/upper layer.
198 */
199 priv->stats.rx_bytes += skb->len;
200 priv->stats.rx_packets++;
201
202 /* Sending bridge packet to TX queue, so save the packet
203 * length in TXCB to update statistics in TX complete.
204 */
205 tx_info->pkt_len = skb->len;
206 }
207
208 __net_timestamp(skb);
209
210 index = mwifiex_1d_to_wmm_queue[skb->priority];
211 atomic_inc(&priv->wmm_tx_pending[index]);
212 mwifiex_wmm_add_buf_txqueue(priv, skb);
213 atomic_inc(&adapter->tx_pending);
214 atomic_inc(&adapter->pending_bridged_pkts);
215
216 mwifiex_queue_main_work(priv->adapter);
217
218 return;
219 }
220
221 /*
222 * This function contains logic for AP packet forwarding.
223 *
224 * If a packet is multicast/broadcast, it is sent to kernel/upper layer
225 * as well as queued back to AP TX queue so that it can be sent to other
226 * associated stations.
227 * If a packet is unicast and RA is present in associated station list,
228 * it is again requeued into AP TX queue.
229 * If a packet is unicast and RA is not in associated station list,
230 * packet is forwarded to kernel to handle routing logic.
231 */
mwifiex_handle_uap_rx_forward(struct mwifiex_private * priv,struct sk_buff * skb)232 int mwifiex_handle_uap_rx_forward(struct mwifiex_private *priv,
233 struct sk_buff *skb)
234 {
235 struct mwifiex_adapter *adapter = priv->adapter;
236 struct uap_rxpd *uap_rx_pd;
237 struct rx_packet_hdr *rx_pkt_hdr;
238 u8 ra[ETH_ALEN];
239 struct sk_buff *skb_uap;
240
241 uap_rx_pd = (struct uap_rxpd *)(skb->data);
242 rx_pkt_hdr = (void *)uap_rx_pd + le16_to_cpu(uap_rx_pd->rx_pkt_offset);
243
244 /* don't do packet forwarding in disconnected state */
245 if (!priv->media_connected) {
246 mwifiex_dbg(adapter, ERROR,
247 "drop packet in disconnected state.\n");
248 dev_kfree_skb_any(skb);
249 return 0;
250 }
251
252 memcpy(ra, rx_pkt_hdr->eth803_hdr.h_dest, ETH_ALEN);
253
254 if (is_multicast_ether_addr(ra)) {
255 skb_uap = skb_copy(skb, GFP_ATOMIC);
256 if (likely(skb_uap)) {
257 mwifiex_uap_queue_bridged_pkt(priv, skb_uap);
258 } else {
259 mwifiex_dbg(adapter, ERROR,
260 "failed to copy skb for uAP\n");
261 priv->stats.rx_dropped++;
262 dev_kfree_skb_any(skb);
263 return -1;
264 }
265 } else {
266 if (mwifiex_get_sta_entry(priv, ra)) {
267 /* Requeue Intra-BSS packet */
268 mwifiex_uap_queue_bridged_pkt(priv, skb);
269 return 0;
270 }
271 }
272
273 /* Forward unicat/Inter-BSS packets to kernel. */
274 return mwifiex_process_rx_packet(priv, skb);
275 }
276
mwifiex_uap_recv_packet(struct mwifiex_private * priv,struct sk_buff * skb)277 int mwifiex_uap_recv_packet(struct mwifiex_private *priv,
278 struct sk_buff *skb)
279 {
280 struct mwifiex_adapter *adapter = priv->adapter;
281 struct mwifiex_sta_node *src_node;
282 struct ethhdr *p_ethhdr;
283 struct sk_buff *skb_uap;
284 struct mwifiex_txinfo *tx_info;
285
286 if (!skb)
287 return -1;
288
289 p_ethhdr = (void *)skb->data;
290 src_node = mwifiex_get_sta_entry(priv, p_ethhdr->h_source);
291 if (src_node) {
292 src_node->stats.last_rx = jiffies;
293 src_node->stats.rx_bytes += skb->len;
294 src_node->stats.rx_packets++;
295 }
296
297 if (is_multicast_ether_addr(p_ethhdr->h_dest) ||
298 mwifiex_get_sta_entry(priv, p_ethhdr->h_dest)) {
299 if (skb_headroom(skb) < MWIFIEX_MIN_DATA_HEADER_LEN)
300 skb_uap =
301 skb_realloc_headroom(skb, MWIFIEX_MIN_DATA_HEADER_LEN);
302 else
303 skb_uap = skb_copy(skb, GFP_ATOMIC);
304
305 if (likely(skb_uap)) {
306 tx_info = MWIFIEX_SKB_TXCB(skb_uap);
307 memset(tx_info, 0, sizeof(*tx_info));
308 tx_info->bss_num = priv->bss_num;
309 tx_info->bss_type = priv->bss_type;
310 tx_info->flags |= MWIFIEX_BUF_FLAG_BRIDGED_PKT;
311 __net_timestamp(skb_uap);
312 mwifiex_wmm_add_buf_txqueue(priv, skb_uap);
313 atomic_inc(&adapter->tx_pending);
314 atomic_inc(&adapter->pending_bridged_pkts);
315 if ((atomic_read(&adapter->pending_bridged_pkts) >=
316 MWIFIEX_BRIDGED_PKTS_THR_HIGH)) {
317 mwifiex_dbg(adapter, ERROR,
318 "Tx: Bridge packet limit reached. Drop packet!\n");
319 mwifiex_uap_cleanup_tx_queues(priv);
320 }
321
322 } else {
323 mwifiex_dbg(adapter, ERROR, "failed to allocate skb_uap");
324 }
325
326 mwifiex_queue_main_work(adapter);
327 /* Don't forward Intra-BSS unicast packet to upper layer*/
328 if (mwifiex_get_sta_entry(priv, p_ethhdr->h_dest))
329 return 0;
330 }
331
332 skb->dev = priv->netdev;
333 skb->protocol = eth_type_trans(skb, priv->netdev);
334 skb->ip_summed = CHECKSUM_NONE;
335
336 /* This is required only in case of 11n and USB/PCIE as we alloc
337 * a buffer of 4K only if its 11N (to be able to receive 4K
338 * AMSDU packets). In case of SD we allocate buffers based
339 * on the size of packet and hence this is not needed.
340 *
341 * Modifying the truesize here as our allocation for each
342 * skb is 4K but we only receive 2K packets and this cause
343 * the kernel to start dropping packets in case where
344 * application has allocated buffer based on 2K size i.e.
345 * if there a 64K packet received (in IP fragments and
346 * application allocates 64K to receive this packet but
347 * this packet would almost double up because we allocate
348 * each 1.5K fragment in 4K and pass it up. As soon as the
349 * 64K limit hits kernel will start to drop rest of the
350 * fragments. Currently we fail the Filesndl-ht.scr script
351 * for UDP, hence this fix
352 */
353 if ((adapter->iface_type == MWIFIEX_USB ||
354 adapter->iface_type == MWIFIEX_PCIE) &&
355 skb->truesize > MWIFIEX_RX_DATA_BUF_SIZE)
356 skb->truesize += (skb->len - MWIFIEX_RX_DATA_BUF_SIZE);
357
358 /* Forward multicast/broadcast packet to upper layer*/
359 netif_rx(skb);
360 return 0;
361 }
362
363 /*
364 * This function processes the packet received on AP interface.
365 *
366 * The function looks into the RxPD and performs sanity tests on the
367 * received buffer to ensure its a valid packet before processing it
368 * further. If the packet is determined to be aggregated, it is
369 * de-aggregated accordingly. Then skb is passed to AP packet forwarding logic.
370 *
371 * The completion callback is called after processing is complete.
372 */
mwifiex_process_uap_rx_packet(struct mwifiex_private * priv,struct sk_buff * skb)373 int mwifiex_process_uap_rx_packet(struct mwifiex_private *priv,
374 struct sk_buff *skb)
375 {
376 struct mwifiex_adapter *adapter = priv->adapter;
377 int ret;
378 struct uap_rxpd *uap_rx_pd;
379 struct rx_packet_hdr *rx_pkt_hdr;
380 u16 rx_pkt_type;
381 u8 ta[ETH_ALEN], pkt_type;
382 struct mwifiex_sta_node *node;
383
384 uap_rx_pd = (struct uap_rxpd *)(skb->data);
385 rx_pkt_type = le16_to_cpu(uap_rx_pd->rx_pkt_type);
386 rx_pkt_hdr = (void *)uap_rx_pd + le16_to_cpu(uap_rx_pd->rx_pkt_offset);
387
388 if (le16_to_cpu(uap_rx_pd->rx_pkt_offset) +
389 sizeof(rx_pkt_hdr->eth803_hdr) > skb->len) {
390 mwifiex_dbg(adapter, ERROR,
391 "wrong rx packet for struct ethhdr: len=%d, offset=%d\n",
392 skb->len, le16_to_cpu(uap_rx_pd->rx_pkt_offset));
393 priv->stats.rx_dropped++;
394 dev_kfree_skb_any(skb);
395 return 0;
396 }
397
398 ether_addr_copy(ta, rx_pkt_hdr->eth803_hdr.h_source);
399
400 if ((le16_to_cpu(uap_rx_pd->rx_pkt_offset) +
401 le16_to_cpu(uap_rx_pd->rx_pkt_length)) > (u16) skb->len) {
402 mwifiex_dbg(adapter, ERROR,
403 "wrong rx packet: len=%d, offset=%d, length=%d\n",
404 skb->len, le16_to_cpu(uap_rx_pd->rx_pkt_offset),
405 le16_to_cpu(uap_rx_pd->rx_pkt_length));
406 priv->stats.rx_dropped++;
407
408 node = mwifiex_get_sta_entry(priv, ta);
409 if (node)
410 node->stats.tx_failed++;
411
412 dev_kfree_skb_any(skb);
413 return 0;
414 }
415
416 if (rx_pkt_type == PKT_TYPE_MGMT) {
417 ret = mwifiex_process_mgmt_packet(priv, skb);
418 if (ret)
419 mwifiex_dbg(adapter, DATA, "Rx of mgmt packet failed");
420 dev_kfree_skb_any(skb);
421 return ret;
422 }
423
424
425 if (rx_pkt_type != PKT_TYPE_BAR && uap_rx_pd->priority < MAX_NUM_TID) {
426 spin_lock_bh(&priv->sta_list_spinlock);
427 node = mwifiex_get_sta_entry(priv, ta);
428 if (node)
429 node->rx_seq[uap_rx_pd->priority] =
430 le16_to_cpu(uap_rx_pd->seq_num);
431 spin_unlock_bh(&priv->sta_list_spinlock);
432 }
433
434 if (!priv->ap_11n_enabled ||
435 (!mwifiex_11n_get_rx_reorder_tbl(priv, uap_rx_pd->priority, ta) &&
436 (le16_to_cpu(uap_rx_pd->rx_pkt_type) != PKT_TYPE_AMSDU))) {
437 ret = mwifiex_handle_uap_rx_forward(priv, skb);
438 return ret;
439 }
440
441 /* Reorder and send to kernel */
442 pkt_type = (u8)le16_to_cpu(uap_rx_pd->rx_pkt_type);
443 ret = mwifiex_11n_rx_reorder_pkt(priv, le16_to_cpu(uap_rx_pd->seq_num),
444 uap_rx_pd->priority, ta, pkt_type,
445 skb);
446
447 if (ret || (rx_pkt_type == PKT_TYPE_BAR))
448 dev_kfree_skb_any(skb);
449
450 if (ret)
451 priv->stats.rx_dropped++;
452
453 return ret;
454 }
455
456 /*
457 * This function fills the TxPD for AP tx packets.
458 *
459 * The Tx buffer received by this function should already have the
460 * header space allocated for TxPD.
461 *
462 * This function inserts the TxPD in between interface header and actual
463 * data and adjusts the buffer pointers accordingly.
464 *
465 * The following TxPD fields are set by this function, as required -
466 * - BSS number
467 * - Tx packet length and offset
468 * - Priority
469 * - Packet delay
470 * - Priority specific Tx control
471 * - Flags
472 */
mwifiex_process_uap_txpd(struct mwifiex_private * priv,struct sk_buff * skb)473 void mwifiex_process_uap_txpd(struct mwifiex_private *priv,
474 struct sk_buff *skb)
475 {
476 struct mwifiex_adapter *adapter = priv->adapter;
477 struct uap_txpd *txpd;
478 struct mwifiex_txinfo *tx_info = MWIFIEX_SKB_TXCB(skb);
479 int pad;
480 u16 pkt_type, pkt_offset;
481 int hroom = adapter->intf_hdr_len;
482
483 pkt_type = mwifiex_is_skb_mgmt_frame(skb) ? PKT_TYPE_MGMT : 0;
484
485 pad = ((uintptr_t)skb->data - (sizeof(*txpd) + hroom)) &
486 (MWIFIEX_DMA_ALIGN_SZ - 1);
487
488 skb_push(skb, sizeof(*txpd) + pad);
489
490 txpd = (struct uap_txpd *)skb->data;
491 memset(txpd, 0, sizeof(*txpd));
492 txpd->bss_num = priv->bss_num;
493 txpd->bss_type = priv->bss_type;
494 txpd->tx_pkt_length = cpu_to_le16((u16)(skb->len - (sizeof(*txpd) +
495 pad)));
496 txpd->priority = (u8)skb->priority;
497
498 txpd->pkt_delay_2ms = mwifiex_wmm_compute_drv_pkt_delay(priv, skb);
499
500 if (tx_info->flags & MWIFIEX_BUF_FLAG_EAPOL_TX_STATUS ||
501 tx_info->flags & MWIFIEX_BUF_FLAG_ACTION_TX_STATUS) {
502 txpd->tx_token_id = tx_info->ack_frame_id;
503 txpd->flags |= MWIFIEX_TXPD_FLAGS_REQ_TX_STATUS;
504 }
505
506 if (txpd->priority < ARRAY_SIZE(priv->wmm.user_pri_pkt_tx_ctrl))
507 /*
508 * Set the priority specific tx_control field, setting of 0 will
509 * cause the default value to be used later in this function.
510 */
511 txpd->tx_control =
512 cpu_to_le32(priv->wmm.user_pri_pkt_tx_ctrl[txpd->priority]);
513
514 /* Offset of actual data */
515 pkt_offset = sizeof(*txpd) + pad;
516 if (pkt_type == PKT_TYPE_MGMT) {
517 /* Set the packet type and add header for management frame */
518 txpd->tx_pkt_type = cpu_to_le16(pkt_type);
519 pkt_offset += MWIFIEX_MGMT_FRAME_HEADER_SIZE;
520 }
521
522 txpd->tx_pkt_offset = cpu_to_le16(pkt_offset);
523
524 /* make space for adapter->intf_hdr_len */
525 skb_push(skb, hroom);
526
527 if (!txpd->tx_control)
528 /* TxCtrl set by user or default */
529 txpd->tx_control = cpu_to_le32(priv->pkt_tx_ctrl);
530 }
531
