1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
3 * Copyright (C) 2012-2014, 2018-2023 Intel Corporation
4 * Copyright (C) 2013-2015 Intel Mobile Communications GmbH
5 * Copyright (C) 2016-2017 Intel Deutschland GmbH
7 #include <linux/ieee80211.h>
8 #include <linux/etherdevice.h>
14 #include "iwl-trans.h"
15 #include "iwl-eeprom-parse.h"
18 #include "time-sync.h"
21 iwl_mvm_bar_check_trigger(struct iwl_mvm *mvm, const u8 *addr,
24 struct iwl_fw_dbg_trigger_tlv *trig;
25 struct iwl_fw_dbg_trigger_ba *ba_trig;
27 trig = iwl_fw_dbg_trigger_on(&mvm->fwrt, NULL, FW_DBG_TRIGGER_BA);
31 ba_trig = (void *)trig->data;
33 if (!(le16_to_cpu(ba_trig->tx_bar) & BIT(tid)))
36 iwl_fw_dbg_collect_trig(&mvm->fwrt, trig,
37 "BAR sent to %pM, tid %d, ssn %d",
41 #define OPT_HDR(type, skb, off) \
42 (type *)(skb_network_header(skb) + (off))
44 static u32 iwl_mvm_tx_csum(struct iwl_mvm *mvm, struct sk_buff *skb,
45 struct ieee80211_tx_info *info,
48 struct ieee80211_hdr *hdr = (void *)skb->data;
49 u16 mh_len = ieee80211_hdrlen(hdr->frame_control);
50 u16 offload_assist = 0;
51 #if IS_ENABLED(CONFIG_INET)
54 /* Do not compute checksum if already computed */
55 if (skb->ip_summed != CHECKSUM_PARTIAL)
58 /* We do not expect to be requested to csum stuff we do not support */
59 if (WARN_ONCE(!(mvm->hw->netdev_features & IWL_TX_CSUM_NETIF_FLAGS) ||
60 (skb->protocol != htons(ETH_P_IP) &&
61 skb->protocol != htons(ETH_P_IPV6)),
62 "No support for requested checksum\n")) {
63 skb_checksum_help(skb);
67 if (skb->protocol == htons(ETH_P_IP)) {
68 protocol = ip_hdr(skb)->protocol;
70 #if IS_ENABLED(CONFIG_IPV6)
71 struct ipv6hdr *ipv6h =
72 (struct ipv6hdr *)skb_network_header(skb);
73 unsigned int off = sizeof(*ipv6h);
75 protocol = ipv6h->nexthdr;
76 while (protocol != NEXTHDR_NONE && ipv6_ext_hdr(protocol)) {
77 struct ipv6_opt_hdr *hp;
79 /* only supported extension headers */
80 if (protocol != NEXTHDR_ROUTING &&
81 protocol != NEXTHDR_HOP &&
82 protocol != NEXTHDR_DEST) {
83 skb_checksum_help(skb);
87 hp = OPT_HDR(struct ipv6_opt_hdr, skb, off);
88 protocol = hp->nexthdr;
89 off += ipv6_optlen(hp);
91 /* if we get here - protocol now should be TCP/UDP */
95 if (protocol != IPPROTO_TCP && protocol != IPPROTO_UDP) {
97 skb_checksum_help(skb);
102 offload_assist |= BIT(TX_CMD_OFFLD_L4_EN);
105 * Set offset to IP header (snap).
106 * We don't support tunneling so no need to take care of inner header.
109 offload_assist |= (4 << TX_CMD_OFFLD_IP_HDR);
111 /* Do IPv4 csum for AMSDU only (no IP csum for Ipv6) */
112 if (skb->protocol == htons(ETH_P_IP) && amsdu) {
113 ip_hdr(skb)->check = 0;
114 offload_assist |= BIT(TX_CMD_OFFLD_L3_EN);
117 /* reset UDP/TCP header csum */
118 if (protocol == IPPROTO_TCP)
119 tcp_hdr(skb)->check = 0;
121 udp_hdr(skb)->check = 0;
126 * mac header len should include IV, size is in words unless
127 * the IV is added by the firmware like in WEP.
128 * In new Tx API, the IV is always added by the firmware.
130 if (!iwl_mvm_has_new_tx_api(mvm) && info->control.hw_key &&
131 info->control.hw_key->cipher != WLAN_CIPHER_SUITE_WEP40 &&
132 info->control.hw_key->cipher != WLAN_CIPHER_SUITE_WEP104)
133 mh_len += info->control.hw_key->iv_len;
135 offload_assist |= mh_len << TX_CMD_OFFLD_MH_SIZE;
138 offload_assist |= BIT(TX_CMD_OFFLD_AMSDU);
139 else if (ieee80211_hdrlen(hdr->frame_control) % 4)
140 /* padding is inserted later in transport */
141 offload_assist |= BIT(TX_CMD_OFFLD_PAD);
143 return offload_assist;
147 * Sets most of the Tx cmd's fields
149 void iwl_mvm_set_tx_cmd(struct iwl_mvm *mvm, struct sk_buff *skb,
150 struct iwl_tx_cmd *tx_cmd,
151 struct ieee80211_tx_info *info, u8 sta_id)
153 struct ieee80211_hdr *hdr = (void *)skb->data;
154 __le16 fc = hdr->frame_control;
155 u32 tx_flags = le32_to_cpu(tx_cmd->tx_flags);
156 u32 len = skb->len + FCS_LEN;
160 if (!(info->flags & IEEE80211_TX_CTL_NO_ACK) ||
161 (ieee80211_is_probe_resp(fc) &&
162 !is_multicast_ether_addr(hdr->addr1)))
163 tx_flags |= TX_CMD_FLG_ACK;
165 tx_flags &= ~TX_CMD_FLG_ACK;
167 if (ieee80211_is_probe_resp(fc))
168 tx_flags |= TX_CMD_FLG_TSF;
170 if (ieee80211_has_morefrags(fc))
171 tx_flags |= TX_CMD_FLG_MORE_FRAG;
173 if (ieee80211_is_data_qos(fc)) {
174 u8 *qc = ieee80211_get_qos_ctl(hdr);
175 tx_cmd->tid_tspec = qc[0] & 0xf;
176 tx_flags &= ~TX_CMD_FLG_SEQ_CTL;
177 amsdu = *qc & IEEE80211_QOS_CTL_A_MSDU_PRESENT;
178 } else if (ieee80211_is_back_req(fc)) {
179 struct ieee80211_bar *bar = (void *)skb->data;
180 u16 control = le16_to_cpu(bar->control);
181 u16 ssn = le16_to_cpu(bar->start_seq_num);
183 tx_flags |= TX_CMD_FLG_ACK | TX_CMD_FLG_BAR;
184 tx_cmd->tid_tspec = (control &
185 IEEE80211_BAR_CTRL_TID_INFO_MASK) >>
186 IEEE80211_BAR_CTRL_TID_INFO_SHIFT;
187 WARN_ON_ONCE(tx_cmd->tid_tspec >= IWL_MAX_TID_COUNT);
188 iwl_mvm_bar_check_trigger(mvm, bar->ra, tx_cmd->tid_tspec,
191 if (ieee80211_is_data(fc))
192 tx_cmd->tid_tspec = IWL_TID_NON_QOS;
194 tx_cmd->tid_tspec = IWL_MAX_TID_COUNT;
196 if (info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ)
197 tx_flags |= TX_CMD_FLG_SEQ_CTL;
199 tx_flags &= ~TX_CMD_FLG_SEQ_CTL;
202 /* Default to 0 (BE) when tid_spec is set to IWL_MAX_TID_COUNT */
203 if (tx_cmd->tid_tspec < IWL_MAX_TID_COUNT)
204 ac = tid_to_mac80211_ac[tx_cmd->tid_tspec];
206 ac = tid_to_mac80211_ac[0];
208 tx_flags |= iwl_mvm_bt_coex_tx_prio(mvm, hdr, info, ac) <<
209 TX_CMD_FLG_BT_PRIO_POS;
211 if (ieee80211_is_mgmt(fc)) {
212 if (ieee80211_is_assoc_req(fc) || ieee80211_is_reassoc_req(fc))
213 tx_cmd->pm_frame_timeout = cpu_to_le16(PM_FRAME_ASSOC);
214 else if (ieee80211_is_action(fc))
215 tx_cmd->pm_frame_timeout = cpu_to_le16(PM_FRAME_NONE);
217 tx_cmd->pm_frame_timeout = cpu_to_le16(PM_FRAME_MGMT);
219 /* The spec allows Action frames in A-MPDU, we don't support
222 WARN_ON_ONCE(info->flags & IEEE80211_TX_CTL_AMPDU);
223 } else if (info->control.flags & IEEE80211_TX_CTRL_PORT_CTRL_PROTO) {
224 tx_cmd->pm_frame_timeout = cpu_to_le16(PM_FRAME_MGMT);
226 tx_cmd->pm_frame_timeout = cpu_to_le16(PM_FRAME_NONE);
229 if (ieee80211_is_data(fc) && len > mvm->rts_threshold &&
230 !is_multicast_ether_addr(hdr->addr1))
231 tx_flags |= TX_CMD_FLG_PROT_REQUIRE;
233 if (fw_has_capa(&mvm->fw->ucode_capa,
234 IWL_UCODE_TLV_CAPA_TXPOWER_INSERTION_SUPPORT) &&
235 ieee80211_action_contains_tpc(skb))
236 tx_flags |= TX_CMD_FLG_WRITE_TX_POWER;
238 tx_cmd->tx_flags = cpu_to_le32(tx_flags);
239 /* Total # bytes to be transmitted - PCIe code will adjust for A-MSDU */
240 tx_cmd->len = cpu_to_le16((u16)skb->len);
241 tx_cmd->life_time = cpu_to_le32(TX_CMD_LIFE_TIME_INFINITE);
242 tx_cmd->sta_id = sta_id;
244 tx_cmd->offload_assist =
245 cpu_to_le16(iwl_mvm_tx_csum(mvm, skb, info, amsdu));
248 static u32 iwl_mvm_get_tx_ant(struct iwl_mvm *mvm,
249 struct ieee80211_tx_info *info,
250 struct ieee80211_sta *sta, __le16 fc)
252 if (info->band == NL80211_BAND_2GHZ &&
253 !iwl_mvm_bt_coex_is_shared_ant_avail(mvm))
254 return mvm->cfg->non_shared_ant << RATE_MCS_ANT_POS;
256 if (sta && ieee80211_is_data(fc)) {
257 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
259 return BIT(mvmsta->tx_ant) << RATE_MCS_ANT_POS;
262 return BIT(mvm->mgmt_last_antenna_idx) << RATE_MCS_ANT_POS;
265 static u32 iwl_mvm_get_inject_tx_rate(struct iwl_mvm *mvm,
266 struct ieee80211_tx_info *info)
268 struct ieee80211_tx_rate *rate = &info->control.rates[0];
272 * we only care about legacy/HT/VHT so far, so we can
273 * build in v1 and use iwl_new_rate_from_v1()
276 if (rate->flags & IEEE80211_TX_RC_VHT_MCS) {
277 u8 mcs = ieee80211_rate_get_vht_mcs(rate);
278 u8 nss = ieee80211_rate_get_vht_nss(rate);
280 result = RATE_MCS_VHT_MSK_V1;
281 result |= u32_encode_bits(mcs, RATE_VHT_MCS_RATE_CODE_MSK);
282 result |= u32_encode_bits(nss, RATE_MCS_NSS_MSK);
283 if (rate->flags & IEEE80211_TX_RC_SHORT_GI)
284 result |= RATE_MCS_SGI_MSK_V1;
285 if (rate->flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
286 result |= u32_encode_bits(1, RATE_MCS_CHAN_WIDTH_MSK_V1);
287 else if (rate->flags & IEEE80211_TX_RC_80_MHZ_WIDTH)
288 result |= u32_encode_bits(2, RATE_MCS_CHAN_WIDTH_MSK_V1);
289 else if (rate->flags & IEEE80211_TX_RC_160_MHZ_WIDTH)
290 result |= u32_encode_bits(3, RATE_MCS_CHAN_WIDTH_MSK_V1);
291 } else if (rate->flags & IEEE80211_TX_RC_MCS) {
292 result = RATE_MCS_HT_MSK_V1;
293 result |= u32_encode_bits(rate->idx,
294 RATE_HT_MCS_RATE_CODE_MSK_V1 |
295 RATE_HT_MCS_NSS_MSK_V1);
296 if (rate->flags & IEEE80211_TX_RC_SHORT_GI)
297 result |= RATE_MCS_SGI_MSK_V1;
298 if (rate->flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
299 result |= u32_encode_bits(1, RATE_MCS_CHAN_WIDTH_MSK_V1);
300 if (info->flags & IEEE80211_TX_CTL_LDPC)
301 result |= RATE_MCS_LDPC_MSK_V1;
302 if (u32_get_bits(info->flags, IEEE80211_TX_CTL_STBC))
303 result |= RATE_MCS_STBC_MSK;
308 if (iwl_fw_lookup_notif_ver(mvm->fw, LONG_GROUP, TX_CMD, 0) > 6)
309 return iwl_new_rate_from_v1(result);
313 static u32 iwl_mvm_get_tx_rate(struct iwl_mvm *mvm,
314 struct ieee80211_tx_info *info,
315 struct ieee80211_sta *sta, __le16 fc)
322 if (unlikely(info->control.flags & IEEE80211_TX_CTRL_RATE_INJECT)) {
323 u32 result = iwl_mvm_get_inject_tx_rate(mvm, info);
327 rate_idx = info->control.rates[0].idx;
328 } else if (!ieee80211_hw_check(mvm->hw, HAS_RATE_CONTROL)) {
329 /* info->control is only relevant for non HW rate control */
331 /* HT rate doesn't make sense for a non data frame */
332 WARN_ONCE(info->control.rates[0].flags & IEEE80211_TX_RC_MCS &&
333 !ieee80211_is_data(fc),
334 "Got a HT rate (flags:0x%x/mcs:%d/fc:0x%x/state:%d) for a non data frame\n",
335 info->control.rates[0].flags,
336 info->control.rates[0].idx,
338 sta ? iwl_mvm_sta_from_mac80211(sta)->sta_state : -1);
340 rate_idx = info->control.rates[0].idx;
342 /* For non 2 GHZ band, remap mac80211 rate indices into driver
345 if (info->band != NL80211_BAND_2GHZ ||
346 (info->flags & IEEE80211_TX_CTL_NO_CCK_RATE))
347 rate_idx += IWL_FIRST_OFDM_RATE;
349 /* For 2.4 GHZ band, check that there is no need to remap */
350 BUILD_BUG_ON(IWL_FIRST_CCK_RATE != 0);
353 /* if the rate isn't a well known legacy rate, take the lowest one */
354 if (rate_idx < 0 || rate_idx >= IWL_RATE_COUNT_LEGACY)
355 rate_idx = iwl_mvm_mac_ctxt_get_lowest_rate(mvm,
359 /* Get PLCP rate for tx_cmd->rate_n_flags */
360 rate_plcp = iwl_mvm_mac80211_idx_to_hwrate(mvm->fw, rate_idx);
361 is_cck = (rate_idx >= IWL_FIRST_CCK_RATE) && (rate_idx <= IWL_LAST_CCK_RATE);
363 /* Set CCK or OFDM flag */
364 if (iwl_fw_lookup_cmd_ver(mvm->fw, TX_CMD, 0) > 8) {
366 rate_flags |= RATE_MCS_LEGACY_OFDM_MSK;
368 rate_flags |= RATE_MCS_CCK_MSK;
370 rate_flags |= RATE_MCS_CCK_MSK_V1;
373 return (u32)rate_plcp | rate_flags;
376 static u32 iwl_mvm_get_tx_rate_n_flags(struct iwl_mvm *mvm,
377 struct ieee80211_tx_info *info,
378 struct ieee80211_sta *sta, __le16 fc)
380 return iwl_mvm_get_tx_rate(mvm, info, sta, fc) |
381 iwl_mvm_get_tx_ant(mvm, info, sta, fc);
385 * Sets the fields in the Tx cmd that are rate related
387 void iwl_mvm_set_tx_cmd_rate(struct iwl_mvm *mvm, struct iwl_tx_cmd *tx_cmd,
388 struct ieee80211_tx_info *info,
389 struct ieee80211_sta *sta, __le16 fc)
391 /* Set retry limit on RTS packets */
392 tx_cmd->rts_retry_limit = IWL_RTS_DFAULT_RETRY_LIMIT;
394 /* Set retry limit on DATA packets and Probe Responses*/
395 if (ieee80211_is_probe_resp(fc)) {
396 tx_cmd->data_retry_limit = IWL_MGMT_DFAULT_RETRY_LIMIT;
397 tx_cmd->rts_retry_limit =
398 min(tx_cmd->data_retry_limit, tx_cmd->rts_retry_limit);
399 } else if (ieee80211_is_back_req(fc)) {
400 tx_cmd->data_retry_limit = IWL_BAR_DFAULT_RETRY_LIMIT;
402 tx_cmd->data_retry_limit = IWL_DEFAULT_TX_RETRY;
406 * for data packets, rate info comes from the table inside the fw. This
407 * table is controlled by LINK_QUALITY commands
410 if (likely(ieee80211_is_data(fc) && sta &&
411 !(info->control.flags & IEEE80211_TX_CTRL_RATE_INJECT))) {
412 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
414 if (mvmsta->sta_state >= IEEE80211_STA_AUTHORIZED) {
415 tx_cmd->initial_rate_index = 0;
416 tx_cmd->tx_flags |= cpu_to_le32(TX_CMD_FLG_STA_RATE);
419 } else if (ieee80211_is_back_req(fc)) {
421 cpu_to_le32(TX_CMD_FLG_ACK | TX_CMD_FLG_BAR);
424 /* Set the rate in the TX cmd */
425 tx_cmd->rate_n_flags =
426 cpu_to_le32(iwl_mvm_get_tx_rate_n_flags(mvm, info, sta, fc));
429 static inline void iwl_mvm_set_tx_cmd_pn(struct ieee80211_tx_info *info,
432 struct ieee80211_key_conf *keyconf = info->control.hw_key;
435 pn = atomic64_inc_return(&keyconf->tx_pn);
438 crypto_hdr[3] = 0x20 | (keyconf->keyidx << 6);
439 crypto_hdr[1] = pn >> 8;
440 crypto_hdr[4] = pn >> 16;
441 crypto_hdr[5] = pn >> 24;
442 crypto_hdr[6] = pn >> 32;
443 crypto_hdr[7] = pn >> 40;
447 * Sets the fields in the Tx cmd that are crypto related
449 static void iwl_mvm_set_tx_cmd_crypto(struct iwl_mvm *mvm,
450 struct ieee80211_tx_info *info,
451 struct iwl_tx_cmd *tx_cmd,
452 struct sk_buff *skb_frag,
455 struct ieee80211_key_conf *keyconf = info->control.hw_key;
456 u8 *crypto_hdr = skb_frag->data + hdrlen;
457 enum iwl_tx_cmd_sec_ctrl type = TX_CMD_SEC_CCM;
460 switch (keyconf->cipher) {
461 case WLAN_CIPHER_SUITE_CCMP:
462 iwl_mvm_set_tx_cmd_ccmp(info, tx_cmd);
463 iwl_mvm_set_tx_cmd_pn(info, crypto_hdr);
466 case WLAN_CIPHER_SUITE_TKIP:
467 tx_cmd->sec_ctl = TX_CMD_SEC_TKIP;
468 pn = atomic64_inc_return(&keyconf->tx_pn);
469 ieee80211_tkip_add_iv(crypto_hdr, keyconf, pn);
470 ieee80211_get_tkip_p2k(keyconf, skb_frag, tx_cmd->key);
473 case WLAN_CIPHER_SUITE_WEP104:
474 tx_cmd->sec_ctl |= TX_CMD_SEC_KEY128;
476 case WLAN_CIPHER_SUITE_WEP40:
477 tx_cmd->sec_ctl |= TX_CMD_SEC_WEP |
478 ((keyconf->keyidx << TX_CMD_SEC_WEP_KEY_IDX_POS) &
479 TX_CMD_SEC_WEP_KEY_IDX_MSK);
481 memcpy(&tx_cmd->key[3], keyconf->key, keyconf->keylen);
483 case WLAN_CIPHER_SUITE_GCMP:
484 case WLAN_CIPHER_SUITE_GCMP_256:
485 type = TX_CMD_SEC_GCMP;
487 case WLAN_CIPHER_SUITE_CCMP_256:
488 /* TODO: Taking the key from the table might introduce a race
489 * when PTK rekeying is done, having an old packets with a PN
490 * based on the old key but the message encrypted with a new
492 * Need to handle this.
494 tx_cmd->sec_ctl |= type | TX_CMD_SEC_KEY_FROM_TABLE;
495 tx_cmd->key[0] = keyconf->hw_key_idx;
496 iwl_mvm_set_tx_cmd_pn(info, crypto_hdr);
499 tx_cmd->sec_ctl |= TX_CMD_SEC_EXT;
504 * Allocates and sets the Tx cmd the driver data pointers in the skb
506 static struct iwl_device_tx_cmd *
507 iwl_mvm_set_tx_params(struct iwl_mvm *mvm, struct sk_buff *skb,
508 struct ieee80211_tx_info *info, int hdrlen,
509 struct ieee80211_sta *sta, u8 sta_id)
511 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
512 struct iwl_device_tx_cmd *dev_cmd;
513 struct iwl_tx_cmd *tx_cmd;
515 dev_cmd = iwl_trans_alloc_tx_cmd(mvm->trans);
517 if (unlikely(!dev_cmd))
520 dev_cmd->hdr.cmd = TX_CMD;
522 if (iwl_mvm_has_new_tx_api(mvm)) {
523 u32 rate_n_flags = 0;
525 struct iwl_mvm_sta *mvmsta = sta ?
526 iwl_mvm_sta_from_mac80211(sta) : NULL;
529 if (ieee80211_is_data_qos(hdr->frame_control)) {
530 u8 *qc = ieee80211_get_qos_ctl(hdr);
532 amsdu = *qc & IEEE80211_QOS_CTL_A_MSDU_PRESENT;
535 if (!info->control.hw_key)
536 flags |= IWL_TX_FLAGS_ENCRYPT_DIS;
539 * For data packets rate info comes from the fw. Only
540 * set rate/antenna during connection establishment or in case
541 * no station is given.
543 if (!sta || !ieee80211_is_data(hdr->frame_control) ||
544 mvmsta->sta_state < IEEE80211_STA_AUTHORIZED) {
545 flags |= IWL_TX_FLAGS_CMD_RATE;
547 iwl_mvm_get_tx_rate_n_flags(mvm, info, sta,
551 if (mvm->trans->trans_cfg->device_family >=
552 IWL_DEVICE_FAMILY_AX210) {
553 struct iwl_tx_cmd_gen3 *cmd = (void *)dev_cmd->payload;
554 u32 offload_assist = iwl_mvm_tx_csum(mvm, skb,
557 cmd->offload_assist = cpu_to_le32(offload_assist);
559 /* Total # bytes to be transmitted */
560 cmd->len = cpu_to_le16((u16)skb->len);
562 /* Copy MAC header from skb into command buffer */
563 memcpy(cmd->hdr, hdr, hdrlen);
565 cmd->flags = cpu_to_le16(flags);
566 cmd->rate_n_flags = cpu_to_le32(rate_n_flags);
568 struct iwl_tx_cmd_gen2 *cmd = (void *)dev_cmd->payload;
569 u16 offload_assist = iwl_mvm_tx_csum(mvm, skb,
572 cmd->offload_assist = cpu_to_le16(offload_assist);
574 /* Total # bytes to be transmitted */
575 cmd->len = cpu_to_le16((u16)skb->len);
577 /* Copy MAC header from skb into command buffer */
578 memcpy(cmd->hdr, hdr, hdrlen);
580 cmd->flags = cpu_to_le32(flags);
581 cmd->rate_n_flags = cpu_to_le32(rate_n_flags);
586 tx_cmd = (struct iwl_tx_cmd *)dev_cmd->payload;
588 if (info->control.hw_key)
589 iwl_mvm_set_tx_cmd_crypto(mvm, info, tx_cmd, skb, hdrlen);
591 iwl_mvm_set_tx_cmd(mvm, skb, tx_cmd, info, sta_id);
593 iwl_mvm_set_tx_cmd_rate(mvm, tx_cmd, info, sta, hdr->frame_control);
595 /* Copy MAC header from skb into command buffer */
596 memcpy(tx_cmd->hdr, hdr, hdrlen);
602 static void iwl_mvm_skb_prepare_status(struct sk_buff *skb,
603 struct iwl_device_tx_cmd *cmd)
605 struct ieee80211_tx_info *skb_info = IEEE80211_SKB_CB(skb);
607 memset(&skb_info->status, 0, sizeof(skb_info->status));
608 memset(skb_info->driver_data, 0, sizeof(skb_info->driver_data));
610 skb_info->driver_data[1] = cmd;
613 static int iwl_mvm_get_ctrl_vif_queue(struct iwl_mvm *mvm,
614 struct iwl_mvm_vif_link_info *link,
615 struct ieee80211_tx_info *info,
618 struct ieee80211_hdr *hdr = (void *)skb->data;
619 __le16 fc = hdr->frame_control;
621 switch (info->control.vif->type) {
622 case NL80211_IFTYPE_AP:
623 case NL80211_IFTYPE_ADHOC:
625 * Non-bufferable frames use the broadcast station, thus they
626 * use the probe queue.
627 * Also take care of the case where we send a deauth to a
628 * station that we don't have, or similarly an association
629 * response (with non-success status) for a station we can't
631 * Also, disassociate frames might happen, particular with
632 * reason 7 ("Class 3 frame received from nonassociated STA").
634 if (ieee80211_is_mgmt(fc) &&
635 (!ieee80211_is_bufferable_mmpdu(skb) ||
636 ieee80211_is_deauth(fc) || ieee80211_is_disassoc(fc)))
637 return link->mgmt_queue;
639 if (!ieee80211_has_order(fc) && !ieee80211_is_probe_req(fc) &&
640 is_multicast_ether_addr(hdr->addr1))
641 return link->cab_queue;
643 WARN_ONCE(info->control.vif->type != NL80211_IFTYPE_ADHOC,
644 "fc=0x%02x", le16_to_cpu(fc));
645 return link->mgmt_queue;
646 case NL80211_IFTYPE_P2P_DEVICE:
647 if (ieee80211_is_mgmt(fc))
648 return mvm->p2p_dev_queue;
651 return mvm->p2p_dev_queue;
653 WARN_ONCE(1, "Not a ctrl vif, no available queue\n");
658 static void iwl_mvm_probe_resp_set_noa(struct iwl_mvm *mvm,
661 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
662 struct iwl_mvm_vif *mvmvif =
663 iwl_mvm_vif_from_mac80211(info->control.vif);
664 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
665 int base_len = (u8 *)mgmt->u.probe_resp.variable - (u8 *)mgmt;
666 struct iwl_probe_resp_data *resp_data;
670 (WLAN_OUI_WFA >> 16) & 0xff,
671 (WLAN_OUI_WFA >> 8) & 0xff,
673 WLAN_OUI_TYPE_WFA_P2P,
678 resp_data = rcu_dereference(mvmvif->deflink.probe_resp_data);
682 if (!resp_data->notif.noa_active)
685 ie = cfg80211_find_ie_match(WLAN_EID_VENDOR_SPECIFIC,
686 mgmt->u.probe_resp.variable,
690 IWL_DEBUG_TX(mvm, "probe resp doesn't have P2P IE\n");
694 if (skb_tailroom(skb) < resp_data->noa_len) {
695 if (pskb_expand_head(skb, 0, resp_data->noa_len, GFP_ATOMIC)) {
697 "Failed to reallocate probe resp\n");
702 pos = skb_put(skb, resp_data->noa_len);
704 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
705 /* Set length of IE body (not including ID and length itself) */
706 *pos++ = resp_data->noa_len - 2;
707 *pos++ = (WLAN_OUI_WFA >> 16) & 0xff;
708 *pos++ = (WLAN_OUI_WFA >> 8) & 0xff;
709 *pos++ = WLAN_OUI_WFA & 0xff;
710 *pos++ = WLAN_OUI_TYPE_WFA_P2P;
712 memcpy(pos, &resp_data->notif.noa_attr,
713 resp_data->noa_len - sizeof(struct ieee80211_vendor_ie));
719 int iwl_mvm_tx_skb_non_sta(struct iwl_mvm *mvm, struct sk_buff *skb)
721 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
722 struct ieee80211_tx_info info;
723 struct iwl_device_tx_cmd *dev_cmd;
725 int hdrlen = ieee80211_hdrlen(hdr->frame_control);
726 __le16 fc = hdr->frame_control;
727 bool offchannel = IEEE80211_SKB_CB(skb)->flags &
728 IEEE80211_TX_CTL_TX_OFFCHAN;
731 if (IWL_MVM_NON_TRANSMITTING_AP && ieee80211_is_probe_resp(fc))
734 memcpy(&info, skb->cb, sizeof(info));
736 if (WARN_ON_ONCE(skb->len > IEEE80211_MAX_DATA_LEN + hdrlen))
739 if (WARN_ON_ONCE(info.flags & IEEE80211_TX_CTL_AMPDU))
742 if (info.control.vif) {
743 struct iwl_mvm_vif *mvmvif =
744 iwl_mvm_vif_from_mac80211(info.control.vif);
746 if (info.control.vif->type == NL80211_IFTYPE_P2P_DEVICE ||
747 info.control.vif->type == NL80211_IFTYPE_AP ||
748 info.control.vif->type == NL80211_IFTYPE_ADHOC) {
749 u32 link_id = u32_get_bits(info.control.flags,
750 IEEE80211_TX_CTRL_MLO_LINK);
751 struct iwl_mvm_vif_link_info *link;
753 if (link_id == IEEE80211_LINK_UNSPECIFIED) {
754 if (info.control.vif->active_links)
755 link_id = ffs(info.control.vif->active_links) - 1;
760 link = mvmvif->link[link_id];
764 if (!ieee80211_is_data(hdr->frame_control))
765 sta_id = link->bcast_sta.sta_id;
767 sta_id = link->mcast_sta.sta_id;
769 queue = iwl_mvm_get_ctrl_vif_queue(mvm, link, &info,
771 } else if (info.control.vif->type == NL80211_IFTYPE_MONITOR) {
772 queue = mvm->snif_queue;
773 sta_id = mvm->snif_sta.sta_id;
774 } else if (info.control.vif->type == NL80211_IFTYPE_STATION &&
777 * IWL_MVM_OFFCHANNEL_QUEUE is used for ROC packets
778 * that can be used in 2 different types of vifs, P2P &
780 * P2P uses the offchannel queue.
781 * STATION (HS2.0) uses the auxiliary context of the FW,
782 * and hence needs to be sent on the aux queue.
784 sta_id = mvm->aux_sta.sta_id;
785 queue = mvm->aux_queue;
790 IWL_ERR(mvm, "No queue was found. Dropping TX\n");
794 if (unlikely(ieee80211_is_probe_resp(fc)))
795 iwl_mvm_probe_resp_set_noa(mvm, skb);
797 IWL_DEBUG_TX(mvm, "station Id %d, queue=%d\n", sta_id, queue);
799 dev_cmd = iwl_mvm_set_tx_params(mvm, skb, &info, hdrlen, NULL, sta_id);
803 /* From now on, we cannot access info->control */
804 iwl_mvm_skb_prepare_status(skb, dev_cmd);
806 if (iwl_trans_tx(mvm->trans, skb, dev_cmd, queue)) {
807 iwl_trans_free_tx_cmd(mvm->trans, dev_cmd);
814 unsigned int iwl_mvm_max_amsdu_size(struct iwl_mvm *mvm,
815 struct ieee80211_sta *sta, unsigned int tid)
817 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
818 u8 ac = tid_to_mac80211_ac[tid];
819 enum nl80211_band band;
824 /* For HE redirect to trigger based fifos */
825 if (sta->deflink.he_cap.has_he && !WARN_ON(!iwl_mvm_has_new_tx_api(mvm)))
828 txf = iwl_mvm_mac_ac_to_tx_fifo(mvm, ac);
831 * Don't send an AMSDU that will be longer than the TXF.
832 * Add a security margin of 256 for the TX command + headers.
833 * We also want to have the start of the next packet inside the
834 * fifo to be able to send bursts.
836 val = mvmsta->max_amsdu_len;
838 if (hweight16(sta->valid_links) <= 1) {
839 if (sta->valid_links) {
840 struct ieee80211_bss_conf *link_conf;
841 unsigned int link = ffs(sta->valid_links) - 1;
844 link_conf = rcu_dereference(mvmsta->vif->link_conf[link]);
845 if (WARN_ON(!link_conf))
846 band = NL80211_BAND_2GHZ;
848 band = link_conf->chandef.chan->band;
851 band = mvmsta->vif->bss_conf.chandef.chan->band;
854 lmac = iwl_mvm_get_lmac_id(mvm, band);
855 } else if (fw_has_capa(&mvm->fw->ucode_capa,
856 IWL_UCODE_TLV_CAPA_CDB_SUPPORT)) {
857 /* for real MLO restrict to both LMACs if they exist */
858 lmac = IWL_LMAC_5G_INDEX;
859 val = min_t(unsigned int, val,
860 mvm->fwrt.smem_cfg.lmac[lmac].txfifo_size[txf] - 256);
861 lmac = IWL_LMAC_24G_INDEX;
863 lmac = IWL_LMAC_24G_INDEX;
866 return min_t(unsigned int, val,
867 mvm->fwrt.smem_cfg.lmac[lmac].txfifo_size[txf] - 256);
873 iwl_mvm_tx_tso_segment(struct sk_buff *skb, unsigned int num_subframes,
874 netdev_features_t netdev_flags,
875 struct sk_buff_head *mpdus_skb)
877 struct sk_buff *tmp, *next;
878 struct ieee80211_hdr *hdr = (void *)skb->data;
879 char cb[sizeof(skb->cb)];
881 unsigned int tcp_payload_len;
882 unsigned int mss = skb_shinfo(skb)->gso_size;
883 bool ipv4 = (skb->protocol == htons(ETH_P_IP));
884 bool qos = ieee80211_is_data_qos(hdr->frame_control);
885 u16 ip_base_id = ipv4 ? ntohs(ip_hdr(skb)->id) : 0;
887 skb_shinfo(skb)->gso_size = num_subframes * mss;
888 memcpy(cb, skb->cb, sizeof(cb));
890 next = skb_gso_segment(skb, netdev_flags);
891 skb_shinfo(skb)->gso_size = mss;
892 skb_shinfo(skb)->gso_type = ipv4 ? SKB_GSO_TCPV4 : SKB_GSO_TCPV6;
893 if (WARN_ON_ONCE(IS_ERR(next)))
898 skb_list_walk_safe(next, tmp, next) {
899 memcpy(tmp->cb, cb, sizeof(tmp->cb));
901 * Compute the length of all the data added for the A-MSDU.
902 * This will be used to compute the length to write in the TX
903 * command. We have: SNAP + IP + TCP for n -1 subframes and
904 * ETH header for n subframes.
906 tcp_payload_len = skb_tail_pointer(tmp) -
907 skb_transport_header(tmp) -
908 tcp_hdrlen(tmp) + tmp->data_len;
911 ip_hdr(tmp)->id = htons(ip_base_id + i * num_subframes);
913 if (tcp_payload_len > mss) {
914 skb_shinfo(tmp)->gso_size = mss;
915 skb_shinfo(tmp)->gso_type = ipv4 ? SKB_GSO_TCPV4 :
922 ip_send_check(ip_hdr(tmp));
924 qc = ieee80211_get_qos_ctl((void *)tmp->data);
925 *qc &= ~IEEE80211_QOS_CTL_A_MSDU_PRESENT;
927 skb_shinfo(tmp)->gso_size = 0;
930 skb_mark_not_on_list(tmp);
931 __skb_queue_tail(mpdus_skb, tmp);
938 static int iwl_mvm_tx_tso(struct iwl_mvm *mvm, struct sk_buff *skb,
939 struct ieee80211_tx_info *info,
940 struct ieee80211_sta *sta,
941 struct sk_buff_head *mpdus_skb)
943 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
944 struct ieee80211_hdr *hdr = (void *)skb->data;
945 unsigned int mss = skb_shinfo(skb)->gso_size;
946 unsigned int num_subframes, tcp_payload_len, subf_len, max_amsdu_len;
947 u16 snap_ip_tcp, pad;
948 netdev_features_t netdev_flags = NETIF_F_CSUM_MASK | NETIF_F_SG;
951 snap_ip_tcp = 8 + skb_transport_header(skb) - skb_network_header(skb) +
954 if (!mvmsta->max_amsdu_len ||
955 !ieee80211_is_data_qos(hdr->frame_control) ||
956 !mvmsta->amsdu_enabled)
957 return iwl_mvm_tx_tso_segment(skb, 1, netdev_flags, mpdus_skb);
960 * Do not build AMSDU for IPv6 with extension headers.
961 * ask stack to segment and checkum the generated MPDUs for us.
963 if (skb->protocol == htons(ETH_P_IPV6) &&
964 ((struct ipv6hdr *)skb_network_header(skb))->nexthdr !=
966 netdev_flags &= ~NETIF_F_CSUM_MASK;
967 return iwl_mvm_tx_tso_segment(skb, 1, netdev_flags, mpdus_skb);
970 tid = ieee80211_get_tid(hdr);
971 if (WARN_ON_ONCE(tid >= IWL_MAX_TID_COUNT))
975 * No need to lock amsdu_in_ampdu_allowed since it can't be modified
976 * during an BA session.
978 if ((info->flags & IEEE80211_TX_CTL_AMPDU &&
979 !mvmsta->tid_data[tid].amsdu_in_ampdu_allowed) ||
980 !(mvmsta->amsdu_enabled & BIT(tid)))
981 return iwl_mvm_tx_tso_segment(skb, 1, netdev_flags, mpdus_skb);
984 * Take the min of ieee80211 station and mvm station
987 min_t(unsigned int, sta->cur->max_amsdu_len,
988 iwl_mvm_max_amsdu_size(mvm, sta, tid));
991 * Limit A-MSDU in A-MPDU to 4095 bytes when VHT is not
992 * supported. This is a spec requirement (IEEE 802.11-2015
993 * section 8.7.3 NOTE 3).
995 if (info->flags & IEEE80211_TX_CTL_AMPDU &&
996 !sta->deflink.vht_cap.vht_supported)
997 max_amsdu_len = min_t(unsigned int, max_amsdu_len, 4095);
999 /* Sub frame header + SNAP + IP header + TCP header + MSS */
1000 subf_len = sizeof(struct ethhdr) + snap_ip_tcp + mss;
1001 pad = (4 - subf_len) & 0x3;
1004 * If we have N subframes in the A-MSDU, then the A-MSDU's size is
1005 * N * subf_len + (N - 1) * pad.
1007 num_subframes = (max_amsdu_len + pad) / (subf_len + pad);
1009 if (sta->max_amsdu_subframes &&
1010 num_subframes > sta->max_amsdu_subframes)
1011 num_subframes = sta->max_amsdu_subframes;
1013 tcp_payload_len = skb_tail_pointer(skb) - skb_transport_header(skb) -
1014 tcp_hdrlen(skb) + skb->data_len;
1017 * Make sure we have enough TBs for the A-MSDU:
1018 * 2 for each subframe
1019 * 1 more for each fragment
1020 * 1 more for the potential data in the header
1022 if ((num_subframes * 2 + skb_shinfo(skb)->nr_frags + 1) >
1023 mvm->trans->max_skb_frags)
1026 if (num_subframes > 1)
1027 *ieee80211_get_qos_ctl(hdr) |= IEEE80211_QOS_CTL_A_MSDU_PRESENT;
1029 /* This skb fits in one single A-MSDU */
1030 if (num_subframes * mss >= tcp_payload_len) {
1031 __skb_queue_tail(mpdus_skb, skb);
1036 * Trick the segmentation function to make it
1037 * create SKBs that can fit into one A-MSDU.
1039 return iwl_mvm_tx_tso_segment(skb, num_subframes, netdev_flags,
1042 #else /* CONFIG_INET */
1043 static int iwl_mvm_tx_tso(struct iwl_mvm *mvm, struct sk_buff *skb,
1044 struct ieee80211_tx_info *info,
1045 struct ieee80211_sta *sta,
1046 struct sk_buff_head *mpdus_skb)
1048 /* Impossible to get TSO with CONFIG_INET */
1055 /* Check if there are any timed-out TIDs on a given shared TXQ */
1056 static bool iwl_mvm_txq_should_update(struct iwl_mvm *mvm, int txq_id)
1058 unsigned long queue_tid_bitmap = mvm->queue_info[txq_id].tid_bitmap;
1059 unsigned long now = jiffies;
1062 if (WARN_ON(iwl_mvm_has_new_tx_api(mvm)))
1065 for_each_set_bit(tid, &queue_tid_bitmap, IWL_MAX_TID_COUNT + 1) {
1066 if (time_before(mvm->queue_info[txq_id].last_frame_time[tid] +
1067 IWL_MVM_DQA_QUEUE_TIMEOUT, now))
1074 static void iwl_mvm_tx_airtime(struct iwl_mvm *mvm,
1075 struct iwl_mvm_sta *mvmsta,
1078 int mac = mvmsta->mac_id_n_color & FW_CTXT_ID_MSK;
1079 struct iwl_mvm_tcm_mac *mdata;
1081 if (mac >= NUM_MAC_INDEX_DRIVER)
1084 mdata = &mvm->tcm.data[mac];
1086 if (mvm->tcm.paused)
1089 if (time_after(jiffies, mvm->tcm.ts + MVM_TCM_PERIOD))
1090 schedule_delayed_work(&mvm->tcm.work, 0);
1092 mdata->tx.airtime += airtime;
1095 static int iwl_mvm_tx_pkt_queued(struct iwl_mvm *mvm,
1096 struct iwl_mvm_sta *mvmsta, int tid)
1098 u32 ac = tid_to_mac80211_ac[tid];
1099 int mac = mvmsta->mac_id_n_color & FW_CTXT_ID_MSK;
1100 struct iwl_mvm_tcm_mac *mdata;
1102 if (mac >= NUM_MAC_INDEX_DRIVER)
1105 mdata = &mvm->tcm.data[mac];
1107 mdata->tx.pkts[ac]++;
1113 * Sets the fields in the Tx cmd that are crypto related.
1115 * This function must be called with BHs disabled.
1117 static int iwl_mvm_tx_mpdu(struct iwl_mvm *mvm, struct sk_buff *skb,
1118 struct ieee80211_tx_info *info,
1119 struct ieee80211_sta *sta)
1121 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1122 struct iwl_mvm_sta *mvmsta;
1123 struct iwl_device_tx_cmd *dev_cmd;
1126 u8 tid = IWL_MAX_TID_COUNT;
1128 bool is_ampdu = false;
1131 mvmsta = iwl_mvm_sta_from_mac80211(sta);
1132 fc = hdr->frame_control;
1133 hdrlen = ieee80211_hdrlen(fc);
1135 if (IWL_MVM_NON_TRANSMITTING_AP && ieee80211_is_probe_resp(fc))
1138 if (WARN_ON_ONCE(!mvmsta))
1141 if (WARN_ON_ONCE(mvmsta->deflink.sta_id == IWL_MVM_INVALID_STA))
1144 if (unlikely(ieee80211_is_any_nullfunc(fc)) && sta->deflink.he_cap.has_he)
1147 if (unlikely(ieee80211_is_probe_resp(fc)))
1148 iwl_mvm_probe_resp_set_noa(mvm, skb);
1150 dev_cmd = iwl_mvm_set_tx_params(mvm, skb, info, hdrlen,
1151 sta, mvmsta->deflink.sta_id);
1156 * we handle that entirely ourselves -- for uAPSD the firmware
1157 * will always send a notification, and for PS-Poll responses
1158 * we'll notify mac80211 when getting frame status
1160 info->flags &= ~IEEE80211_TX_STATUS_EOSP;
1162 spin_lock(&mvmsta->lock);
1164 /* nullfunc frames should go to the MGMT queue regardless of QOS,
1165 * the conditions of !ieee80211_is_qos_nullfunc(fc) and
1166 * !ieee80211_is_data_qos(fc) keep the default assignment of MGMT TID
1168 if (ieee80211_is_data_qos(fc) && !ieee80211_is_qos_nullfunc(fc)) {
1169 tid = ieee80211_get_tid(hdr);
1170 if (WARN_ONCE(tid >= IWL_MAX_TID_COUNT, "Invalid TID %d", tid))
1171 goto drop_unlock_sta;
1173 is_ampdu = info->flags & IEEE80211_TX_CTL_AMPDU;
1174 if (WARN_ONCE(is_ampdu &&
1175 mvmsta->tid_data[tid].state != IWL_AGG_ON,
1176 "Invalid internal agg state %d for TID %d",
1177 mvmsta->tid_data[tid].state, tid))
1178 goto drop_unlock_sta;
1180 seq_number = mvmsta->tid_data[tid].seq_number;
1181 seq_number &= IEEE80211_SCTL_SEQ;
1183 if (!iwl_mvm_has_new_tx_api(mvm)) {
1184 struct iwl_tx_cmd *tx_cmd = (void *)dev_cmd->payload;
1186 hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG);
1187 hdr->seq_ctrl |= cpu_to_le16(seq_number);
1188 /* update the tx_cmd hdr as it was already copied */
1189 tx_cmd->hdr->seq_ctrl = hdr->seq_ctrl;
1191 } else if (ieee80211_is_data(fc) && !ieee80211_is_data_qos(fc) &&
1192 !ieee80211_is_nullfunc(fc)) {
1193 tid = IWL_TID_NON_QOS;
1196 txq_id = mvmsta->tid_data[tid].txq_id;
1198 WARN_ON_ONCE(info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM);
1200 if (WARN_ONCE(txq_id == IWL_MVM_INVALID_QUEUE, "Invalid TXQ id")) {
1201 iwl_trans_free_tx_cmd(mvm->trans, dev_cmd);
1202 spin_unlock(&mvmsta->lock);
1206 if (!iwl_mvm_has_new_tx_api(mvm)) {
1207 /* Keep track of the time of the last frame for this RA/TID */
1208 mvm->queue_info[txq_id].last_frame_time[tid] = jiffies;
1211 * If we have timed-out TIDs - schedule the worker that will
1212 * reconfig the queues and update them
1214 * Note that the no lock is taken here in order to not serialize
1215 * the TX flow. This isn't dangerous because scheduling
1216 * mvm->add_stream_wk can't ruin the state, and if we DON'T
1217 * schedule it due to some race condition then next TX we get
1220 if (unlikely(mvm->queue_info[txq_id].status ==
1221 IWL_MVM_QUEUE_SHARED &&
1222 iwl_mvm_txq_should_update(mvm, txq_id)))
1223 schedule_work(&mvm->add_stream_wk);
1226 IWL_DEBUG_TX(mvm, "TX to [%d|%d] Q:%d - seq: 0x%x len %d\n",
1227 mvmsta->deflink.sta_id, tid, txq_id,
1228 IEEE80211_SEQ_TO_SN(seq_number), skb->len);
1230 /* From now on, we cannot access info->control */
1231 iwl_mvm_skb_prepare_status(skb, dev_cmd);
1234 * The IV is introduced by the HW for new tx api, and it is not present
1235 * in the skb, hence, don't tell iwl_mvm_mei_tx_copy_to_csme about the
1236 * IV for those devices.
1238 if (ieee80211_is_data(fc))
1239 iwl_mvm_mei_tx_copy_to_csme(mvm, skb,
1240 info->control.hw_key &&
1241 !iwl_mvm_has_new_tx_api(mvm) ?
1242 info->control.hw_key->iv_len : 0);
1244 if (iwl_trans_tx(mvm->trans, skb, dev_cmd, txq_id))
1245 goto drop_unlock_sta;
1247 if (tid < IWL_MAX_TID_COUNT && !ieee80211_has_morefrags(fc))
1248 mvmsta->tid_data[tid].seq_number = seq_number + 0x10;
1250 spin_unlock(&mvmsta->lock);
1252 if (iwl_mvm_tx_pkt_queued(mvm, mvmsta,
1253 tid == IWL_MAX_TID_COUNT ? 0 : tid))
1259 iwl_trans_free_tx_cmd(mvm->trans, dev_cmd);
1260 spin_unlock(&mvmsta->lock);
1262 IWL_DEBUG_TX(mvm, "TX to [%d|%d] dropped\n", mvmsta->deflink.sta_id,
1267 int iwl_mvm_tx_skb_sta(struct iwl_mvm *mvm, struct sk_buff *skb,
1268 struct ieee80211_sta *sta)
1270 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
1271 struct ieee80211_tx_info info;
1272 struct sk_buff_head mpdus_skbs;
1273 unsigned int payload_len;
1275 struct sk_buff *orig_skb = skb;
1277 if (WARN_ON_ONCE(!mvmsta))
1280 if (WARN_ON_ONCE(mvmsta->deflink.sta_id == IWL_MVM_INVALID_STA))
1283 memcpy(&info, skb->cb, sizeof(info));
1285 if (!skb_is_gso(skb))
1286 return iwl_mvm_tx_mpdu(mvm, skb, &info, sta);
1288 payload_len = skb_tail_pointer(skb) - skb_transport_header(skb) -
1289 tcp_hdrlen(skb) + skb->data_len;
1291 if (payload_len <= skb_shinfo(skb)->gso_size)
1292 return iwl_mvm_tx_mpdu(mvm, skb, &info, sta);
1294 __skb_queue_head_init(&mpdus_skbs);
1296 ret = iwl_mvm_tx_tso(mvm, skb, &info, sta, &mpdus_skbs);
1300 WARN_ON(skb_queue_empty(&mpdus_skbs));
1302 while (!skb_queue_empty(&mpdus_skbs)) {
1303 skb = __skb_dequeue(&mpdus_skbs);
1305 ret = iwl_mvm_tx_mpdu(mvm, skb, &info, sta);
1307 /* Free skbs created as part of TSO logic that have not yet been dequeued */
1308 __skb_queue_purge(&mpdus_skbs);
1309 /* skb here is not necessarily same as skb that entered this method,
1310 * so free it explicitly.
1312 if (skb == orig_skb)
1313 ieee80211_free_txskb(mvm->hw, skb);
1316 /* there was error, but we consumed skb one way or another, so return 0 */
1324 static void iwl_mvm_check_ratid_empty(struct iwl_mvm *mvm,
1325 struct ieee80211_sta *sta, u8 tid)
1327 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
1328 struct iwl_mvm_tid_data *tid_data = &mvmsta->tid_data[tid];
1329 struct ieee80211_vif *vif = mvmsta->vif;
1332 lockdep_assert_held(&mvmsta->lock);
1334 if ((tid_data->state == IWL_AGG_ON ||
1335 tid_data->state == IWL_EMPTYING_HW_QUEUE_DELBA) &&
1336 iwl_mvm_tid_queued(mvm, tid_data) == 0) {
1338 * Now that this aggregation or DQA queue is empty tell
1339 * mac80211 so it knows we no longer have frames buffered for
1340 * the station on this TID (for the TIM bitmap calculation.)
1342 ieee80211_sta_set_buffered(sta, tid, false);
1346 * In 22000 HW, the next_reclaimed index is only 8 bit, so we'll need
1347 * to align the wrap around of ssn so we compare relevant values.
1349 normalized_ssn = tid_data->ssn;
1350 if (mvm->trans->trans_cfg->gen2)
1351 normalized_ssn &= 0xff;
1353 if (normalized_ssn != tid_data->next_reclaimed)
1356 switch (tid_data->state) {
1357 case IWL_EMPTYING_HW_QUEUE_ADDBA:
1358 IWL_DEBUG_TX_QUEUES(mvm,
1359 "Can continue addBA flow ssn = next_recl = %d\n",
1360 tid_data->next_reclaimed);
1361 tid_data->state = IWL_AGG_STARTING;
1362 ieee80211_start_tx_ba_cb_irqsafe(vif, sta->addr, tid);
1365 case IWL_EMPTYING_HW_QUEUE_DELBA:
1366 IWL_DEBUG_TX_QUEUES(mvm,
1367 "Can continue DELBA flow ssn = next_recl = %d\n",
1368 tid_data->next_reclaimed);
1369 tid_data->state = IWL_AGG_OFF;
1370 ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid);
1378 #ifdef CONFIG_IWLWIFI_DEBUG
1379 const char *iwl_mvm_get_tx_fail_reason(u32 status)
1381 #define TX_STATUS_FAIL(x) case TX_STATUS_FAIL_ ## x: return #x
1382 #define TX_STATUS_POSTPONE(x) case TX_STATUS_POSTPONE_ ## x: return #x
1384 switch (status & TX_STATUS_MSK) {
1385 case TX_STATUS_SUCCESS:
1387 TX_STATUS_POSTPONE(DELAY);
1388 TX_STATUS_POSTPONE(FEW_BYTES);
1389 TX_STATUS_POSTPONE(BT_PRIO);
1390 TX_STATUS_POSTPONE(QUIET_PERIOD);
1391 TX_STATUS_POSTPONE(CALC_TTAK);
1392 TX_STATUS_FAIL(INTERNAL_CROSSED_RETRY);
1393 TX_STATUS_FAIL(SHORT_LIMIT);
1394 TX_STATUS_FAIL(LONG_LIMIT);
1395 TX_STATUS_FAIL(UNDERRUN);
1396 TX_STATUS_FAIL(DRAIN_FLOW);
1397 TX_STATUS_FAIL(RFKILL_FLUSH);
1398 TX_STATUS_FAIL(LIFE_EXPIRE);
1399 TX_STATUS_FAIL(DEST_PS);
1400 TX_STATUS_FAIL(HOST_ABORTED);
1401 TX_STATUS_FAIL(BT_RETRY);
1402 TX_STATUS_FAIL(STA_INVALID);
1403 TX_STATUS_FAIL(FRAG_DROPPED);
1404 TX_STATUS_FAIL(TID_DISABLE);
1405 TX_STATUS_FAIL(FIFO_FLUSHED);
1406 TX_STATUS_FAIL(SMALL_CF_POLL);
1407 TX_STATUS_FAIL(FW_DROP);
1408 TX_STATUS_FAIL(STA_COLOR_MISMATCH);
1413 #undef TX_STATUS_FAIL
1414 #undef TX_STATUS_POSTPONE
1416 #endif /* CONFIG_IWLWIFI_DEBUG */
1418 static int iwl_mvm_get_hwrate_chan_width(u32 chan_width)
1420 switch (chan_width) {
1421 case RATE_MCS_CHAN_WIDTH_20:
1423 case RATE_MCS_CHAN_WIDTH_40:
1424 return IEEE80211_TX_RC_40_MHZ_WIDTH;
1425 case RATE_MCS_CHAN_WIDTH_80:
1426 return IEEE80211_TX_RC_80_MHZ_WIDTH;
1427 case RATE_MCS_CHAN_WIDTH_160:
1428 return IEEE80211_TX_RC_160_MHZ_WIDTH;
1434 void iwl_mvm_hwrate_to_tx_rate(u32 rate_n_flags,
1435 enum nl80211_band band,
1436 struct ieee80211_tx_rate *r)
1438 u32 format = rate_n_flags & RATE_MCS_MOD_TYPE_MSK;
1439 u32 rate = format == RATE_MCS_HT_MSK ?
1440 RATE_HT_MCS_INDEX(rate_n_flags) :
1441 rate_n_flags & RATE_MCS_CODE_MSK;
1444 iwl_mvm_get_hwrate_chan_width(rate_n_flags &
1445 RATE_MCS_CHAN_WIDTH_MSK);
1447 if (rate_n_flags & RATE_MCS_SGI_MSK)
1448 r->flags |= IEEE80211_TX_RC_SHORT_GI;
1449 if (format == RATE_MCS_HT_MSK) {
1450 r->flags |= IEEE80211_TX_RC_MCS;
1452 } else if (format == RATE_MCS_VHT_MSK) {
1453 ieee80211_rate_set_vht(r, rate,
1454 FIELD_GET(RATE_MCS_NSS_MSK,
1456 r->flags |= IEEE80211_TX_RC_VHT_MCS;
1457 } else if (format == RATE_MCS_HE_MSK) {
1458 /* mac80211 cannot do this without ieee80211_tx_status_ext()
1459 * but it only matters for radiotap */
1462 r->idx = iwl_mvm_legacy_hw_idx_to_mac80211_idx(rate_n_flags,
1467 void iwl_mvm_hwrate_to_tx_rate_v1(u32 rate_n_flags,
1468 enum nl80211_band band,
1469 struct ieee80211_tx_rate *r)
1471 if (rate_n_flags & RATE_HT_MCS_GF_MSK)
1472 r->flags |= IEEE80211_TX_RC_GREEN_FIELD;
1475 iwl_mvm_get_hwrate_chan_width(rate_n_flags &
1476 RATE_MCS_CHAN_WIDTH_MSK_V1);
1478 if (rate_n_flags & RATE_MCS_SGI_MSK_V1)
1479 r->flags |= IEEE80211_TX_RC_SHORT_GI;
1480 if (rate_n_flags & RATE_MCS_HT_MSK_V1) {
1481 r->flags |= IEEE80211_TX_RC_MCS;
1482 r->idx = rate_n_flags & RATE_HT_MCS_INDEX_MSK_V1;
1483 } else if (rate_n_flags & RATE_MCS_VHT_MSK_V1) {
1484 ieee80211_rate_set_vht(
1485 r, rate_n_flags & RATE_VHT_MCS_RATE_CODE_MSK,
1486 FIELD_GET(RATE_MCS_NSS_MSK, rate_n_flags) + 1);
1487 r->flags |= IEEE80211_TX_RC_VHT_MCS;
1489 r->idx = iwl_mvm_legacy_rate_to_mac80211_idx(rate_n_flags,
1495 * translate ucode response to mac80211 tx status control values
1497 static void iwl_mvm_hwrate_to_tx_status(const struct iwl_fw *fw,
1499 struct ieee80211_tx_info *info)
1501 struct ieee80211_tx_rate *r = &info->status.rates[0];
1503 if (iwl_fw_lookup_notif_ver(fw, LONG_GROUP,
1505 rate_n_flags = iwl_new_rate_from_v1(rate_n_flags);
1507 info->status.antenna =
1508 ((rate_n_flags & RATE_MCS_ANT_AB_MSK) >> RATE_MCS_ANT_POS);
1509 iwl_mvm_hwrate_to_tx_rate(rate_n_flags,
1513 static void iwl_mvm_tx_status_check_trigger(struct iwl_mvm *mvm,
1514 u32 status, __le16 frame_control)
1516 struct iwl_fw_dbg_trigger_tlv *trig;
1517 struct iwl_fw_dbg_trigger_tx_status *status_trig;
1520 if ((status & TX_STATUS_MSK) != TX_STATUS_SUCCESS) {
1521 enum iwl_fw_ini_time_point tp =
1522 IWL_FW_INI_TIME_POINT_TX_FAILED;
1524 if (ieee80211_is_action(frame_control))
1525 tp = IWL_FW_INI_TIME_POINT_TX_WFD_ACTION_FRAME_FAILED;
1527 iwl_dbg_tlv_time_point(&mvm->fwrt,
1532 trig = iwl_fw_dbg_trigger_on(&mvm->fwrt, NULL,
1533 FW_DBG_TRIGGER_TX_STATUS);
1537 status_trig = (void *)trig->data;
1539 for (i = 0; i < ARRAY_SIZE(status_trig->statuses); i++) {
1540 /* don't collect on status 0 */
1541 if (!status_trig->statuses[i].status)
1544 if (status_trig->statuses[i].status != (status & TX_STATUS_MSK))
1547 iwl_fw_dbg_collect_trig(&mvm->fwrt, trig,
1548 "Tx status %d was received",
1549 status & TX_STATUS_MSK);
1555 * iwl_mvm_get_scd_ssn - returns the SSN of the SCD
1556 * @tx_resp: the Tx response from the fw (agg or non-agg)
1558 * When the fw sends an AMPDU, it fetches the MPDUs one after the other. Since
1559 * it can't know that everything will go well until the end of the AMPDU, it
1560 * can't know in advance the number of MPDUs that will be sent in the current
1561 * batch. This is why it writes the agg Tx response while it fetches the MPDUs.
1562 * Hence, it can't know in advance what the SSN of the SCD will be at the end
1563 * of the batch. This is why the SSN of the SCD is written at the end of the
1564 * whole struct at a variable offset. This function knows how to cope with the
1565 * variable offset and returns the SSN of the SCD.
1567 static inline u32 iwl_mvm_get_scd_ssn(struct iwl_mvm *mvm,
1568 struct iwl_mvm_tx_resp *tx_resp)
1570 return le32_to_cpup((__le32 *)iwl_mvm_get_agg_status(mvm, tx_resp) +
1571 tx_resp->frame_count) & 0xfff;
1574 static void iwl_mvm_rx_tx_cmd_single(struct iwl_mvm *mvm,
1575 struct iwl_rx_packet *pkt)
1577 struct ieee80211_sta *sta;
1578 u16 sequence = le16_to_cpu(pkt->hdr.sequence);
1579 int txq_id = SEQ_TO_QUEUE(sequence);
1580 /* struct iwl_mvm_tx_resp_v3 is almost the same */
1581 struct iwl_mvm_tx_resp *tx_resp = (void *)pkt->data;
1582 int sta_id = IWL_MVM_TX_RES_GET_RA(tx_resp->ra_tid);
1583 int tid = IWL_MVM_TX_RES_GET_TID(tx_resp->ra_tid);
1584 struct agg_tx_status *agg_status =
1585 iwl_mvm_get_agg_status(mvm, tx_resp);
1586 u32 status = le16_to_cpu(agg_status->status);
1587 u16 ssn = iwl_mvm_get_scd_ssn(mvm, tx_resp);
1588 struct sk_buff_head skbs;
1591 u16 next_reclaimed, seq_ctl;
1592 bool is_ndp = false;
1594 __skb_queue_head_init(&skbs);
1596 if (iwl_mvm_has_new_tx_api(mvm))
1597 txq_id = le16_to_cpu(tx_resp->tx_queue);
1599 seq_ctl = le16_to_cpu(tx_resp->seq_ctl);
1601 /* we can free until ssn % q.n_bd not inclusive */
1602 iwl_trans_reclaim(mvm->trans, txq_id, ssn, &skbs);
1604 while (!skb_queue_empty(&skbs)) {
1605 struct sk_buff *skb = __skb_dequeue(&skbs);
1606 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1607 struct ieee80211_hdr *hdr = (void *)skb->data;
1608 bool flushed = false;
1612 iwl_trans_free_tx_cmd(mvm->trans, info->driver_data[1]);
1614 memset(&info->status, 0, sizeof(info->status));
1616 /* inform mac80211 about what happened with the frame */
1617 switch (status & TX_STATUS_MSK) {
1618 case TX_STATUS_SUCCESS:
1619 case TX_STATUS_DIRECT_DONE:
1620 info->flags |= IEEE80211_TX_STAT_ACK;
1622 case TX_STATUS_FAIL_FIFO_FLUSHED:
1623 case TX_STATUS_FAIL_DRAIN_FLOW:
1626 case TX_STATUS_FAIL_DEST_PS:
1627 /* the FW should have stopped the queue and not
1628 * return this status
1631 "FW reported TX filtered, status=0x%x, FC=0x%x\n",
1632 status, le16_to_cpu(hdr->frame_control));
1633 info->flags |= IEEE80211_TX_STAT_TX_FILTERED;
1639 if ((status & TX_STATUS_MSK) != TX_STATUS_SUCCESS &&
1640 ieee80211_is_mgmt(hdr->frame_control))
1641 iwl_mvm_toggle_tx_ant(mvm, &mvm->mgmt_last_antenna_idx);
1644 * If we are freeing multiple frames, mark all the frames
1645 * but the first one as acked, since they were acknowledged
1649 info->flags |= IEEE80211_TX_STAT_ACK;
1651 iwl_mvm_tx_status_check_trigger(mvm, status, hdr->frame_control);
1653 info->status.rates[0].count = tx_resp->failure_frame + 1;
1655 iwl_mvm_hwrate_to_tx_status(mvm->fw,
1656 le32_to_cpu(tx_resp->initial_rate),
1659 /* Don't assign the converted initial_rate, because driver
1660 * TLC uses this and doesn't support the new FW rate
1662 info->status.status_driver_data[1] =
1663 (void *)(uintptr_t)le32_to_cpu(tx_resp->initial_rate);
1665 /* Single frame failure in an AMPDU queue => send BAR */
1666 if (info->flags & IEEE80211_TX_CTL_AMPDU &&
1667 !(info->flags & IEEE80211_TX_STAT_ACK) &&
1668 !(info->flags & IEEE80211_TX_STAT_TX_FILTERED) && !flushed)
1669 info->flags |= IEEE80211_TX_STAT_AMPDU_NO_BACK;
1670 info->flags &= ~IEEE80211_TX_CTL_AMPDU;
1672 /* W/A FW bug: seq_ctl is wrong upon failure / BAR frame */
1673 if (ieee80211_is_back_req(hdr->frame_control))
1675 else if (status != TX_STATUS_SUCCESS)
1676 seq_ctl = le16_to_cpu(hdr->seq_ctrl);
1678 if (unlikely(!seq_ctl)) {
1680 * If it is an NDP, we can't update next_reclaim since
1681 * its sequence control is 0. Note that for that same
1682 * reason, NDPs are never sent to A-MPDU'able queues
1683 * so that we can never have more than one freed frame
1684 * for a single Tx resonse (see WARN_ON below).
1686 if (ieee80211_is_qos_nullfunc(hdr->frame_control))
1691 * TODO: this is not accurate if we are freeing more than one
1694 info->status.tx_time =
1695 le16_to_cpu(tx_resp->wireless_media_time);
1696 BUILD_BUG_ON(ARRAY_SIZE(info->status.status_driver_data) < 1);
1697 lq_color = TX_RES_RATE_TABLE_COL_GET(tx_resp->tlc_info);
1698 info->status.status_driver_data[0] =
1699 RS_DRV_DATA_PACK(lq_color, tx_resp->reduced_tpc);
1701 if (likely(!iwl_mvm_time_sync_frame(mvm, skb, hdr->addr1)))
1702 ieee80211_tx_status(mvm->hw, skb);
1705 /* This is an aggregation queue or might become one, so we use
1706 * the ssn since: ssn = wifi seq_num % 256.
1707 * The seq_ctl is the sequence control of the packet to which
1708 * this Tx response relates. But if there is a hole in the
1709 * bitmap of the BA we received, this Tx response may allow to
1710 * reclaim the hole and all the subsequent packets that were
1711 * already acked. In that case, seq_ctl != ssn, and the next
1712 * packet to be reclaimed will be ssn and not seq_ctl. In that
1713 * case, several packets will be reclaimed even if
1716 * The ssn is the index (% 256) of the latest packet that has
1717 * treated (acked / dropped) + 1.
1719 next_reclaimed = ssn;
1721 IWL_DEBUG_TX_REPLY(mvm,
1722 "TXQ %d status %s (0x%08x)\n",
1723 txq_id, iwl_mvm_get_tx_fail_reason(status), status);
1725 IWL_DEBUG_TX_REPLY(mvm,
1726 "\t\t\t\tinitial_rate 0x%x retries %d, idx=%d ssn=%d next_reclaimed=0x%x seq_ctl=0x%x\n",
1727 le32_to_cpu(tx_resp->initial_rate),
1728 tx_resp->failure_frame, SEQ_TO_INDEX(sequence),
1729 ssn, next_reclaimed, seq_ctl);
1733 sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]);
1735 * sta can't be NULL otherwise it'd mean that the sta has been freed in
1736 * the firmware while we still have packets for it in the Tx queues.
1738 if (WARN_ON_ONCE(!sta))
1742 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
1744 iwl_mvm_tx_airtime(mvm, mvmsta,
1745 le16_to_cpu(tx_resp->wireless_media_time));
1747 if ((status & TX_STATUS_MSK) != TX_STATUS_SUCCESS &&
1748 mvmsta->sta_state < IEEE80211_STA_AUTHORIZED)
1749 iwl_mvm_toggle_tx_ant(mvm, &mvmsta->tx_ant);
1751 if (sta->wme && tid != IWL_MGMT_TID) {
1752 struct iwl_mvm_tid_data *tid_data =
1753 &mvmsta->tid_data[tid];
1754 bool send_eosp_ndp = false;
1756 spin_lock_bh(&mvmsta->lock);
1759 tid_data->next_reclaimed = next_reclaimed;
1760 IWL_DEBUG_TX_REPLY(mvm,
1761 "Next reclaimed packet:%d\n",
1764 IWL_DEBUG_TX_REPLY(mvm,
1765 "NDP - don't update next_reclaimed\n");
1768 iwl_mvm_check_ratid_empty(mvm, sta, tid);
1770 if (mvmsta->sleep_tx_count) {
1771 mvmsta->sleep_tx_count--;
1772 if (mvmsta->sleep_tx_count &&
1773 !iwl_mvm_tid_queued(mvm, tid_data)) {
1775 * The number of frames in the queue
1776 * dropped to 0 even if we sent less
1777 * frames than we thought we had on the
1779 * This means we had holes in the BA
1780 * window that we just filled, ask
1781 * mac80211 to send EOSP since the
1782 * firmware won't know how to do that.
1783 * Send NDP and the firmware will send
1784 * EOSP notification that will trigger
1785 * a call to ieee80211_sta_eosp().
1787 send_eosp_ndp = true;
1791 spin_unlock_bh(&mvmsta->lock);
1792 if (send_eosp_ndp) {
1793 iwl_mvm_sta_modify_sleep_tx_count(mvm, sta,
1794 IEEE80211_FRAME_RELEASE_UAPSD,
1795 1, tid, false, false);
1796 mvmsta->sleep_tx_count = 0;
1797 ieee80211_send_eosp_nullfunc(sta, tid);
1801 if (mvmsta->next_status_eosp) {
1802 mvmsta->next_status_eosp = false;
1803 ieee80211_sta_eosp(sta);
1810 #ifdef CONFIG_IWLWIFI_DEBUG
1811 #define AGG_TX_STATE_(x) case AGG_TX_STATE_ ## x: return #x
1812 static const char *iwl_get_agg_tx_status(u16 status)
1814 switch (status & AGG_TX_STATE_STATUS_MSK) {
1815 AGG_TX_STATE_(TRANSMITTED);
1816 AGG_TX_STATE_(UNDERRUN);
1817 AGG_TX_STATE_(BT_PRIO);
1818 AGG_TX_STATE_(FEW_BYTES);
1819 AGG_TX_STATE_(ABORT);
1820 AGG_TX_STATE_(TX_ON_AIR_DROP);
1821 AGG_TX_STATE_(LAST_SENT_TRY_CNT);
1822 AGG_TX_STATE_(LAST_SENT_BT_KILL);
1823 AGG_TX_STATE_(SCD_QUERY);
1824 AGG_TX_STATE_(TEST_BAD_CRC32);
1825 AGG_TX_STATE_(RESPONSE);
1826 AGG_TX_STATE_(DUMP_TX);
1827 AGG_TX_STATE_(DELAY_TX);
1833 static void iwl_mvm_rx_tx_cmd_agg_dbg(struct iwl_mvm *mvm,
1834 struct iwl_rx_packet *pkt)
1836 struct iwl_mvm_tx_resp *tx_resp = (void *)pkt->data;
1837 struct agg_tx_status *frame_status =
1838 iwl_mvm_get_agg_status(mvm, tx_resp);
1840 bool tirgger_timepoint = false;
1842 for (i = 0; i < tx_resp->frame_count; i++) {
1843 u16 fstatus = le16_to_cpu(frame_status[i].status);
1844 /* In case one frame wasn't transmitted trigger time point */
1845 tirgger_timepoint |= ((fstatus & AGG_TX_STATE_STATUS_MSK) !=
1846 AGG_TX_STATE_TRANSMITTED);
1847 IWL_DEBUG_TX_REPLY(mvm,
1848 "status %s (0x%04x), try-count (%d) seq (0x%x)\n",
1849 iwl_get_agg_tx_status(fstatus),
1850 fstatus & AGG_TX_STATE_STATUS_MSK,
1851 (fstatus & AGG_TX_STATE_TRY_CNT_MSK) >>
1852 AGG_TX_STATE_TRY_CNT_POS,
1853 le16_to_cpu(frame_status[i].sequence));
1856 if (tirgger_timepoint)
1857 iwl_dbg_tlv_time_point(&mvm->fwrt,
1858 IWL_FW_INI_TIME_POINT_TX_FAILED, NULL);
1862 static void iwl_mvm_rx_tx_cmd_agg_dbg(struct iwl_mvm *mvm,
1863 struct iwl_rx_packet *pkt)
1865 #endif /* CONFIG_IWLWIFI_DEBUG */
1867 static void iwl_mvm_rx_tx_cmd_agg(struct iwl_mvm *mvm,
1868 struct iwl_rx_packet *pkt)
1870 struct iwl_mvm_tx_resp *tx_resp = (void *)pkt->data;
1871 int sta_id = IWL_MVM_TX_RES_GET_RA(tx_resp->ra_tid);
1872 int tid = IWL_MVM_TX_RES_GET_TID(tx_resp->ra_tid);
1873 u16 sequence = le16_to_cpu(pkt->hdr.sequence);
1874 struct iwl_mvm_sta *mvmsta;
1875 int queue = SEQ_TO_QUEUE(sequence);
1876 struct ieee80211_sta *sta;
1878 if (WARN_ON_ONCE(queue < IWL_MVM_DQA_MIN_DATA_QUEUE &&
1879 (queue != IWL_MVM_DQA_BSS_CLIENT_QUEUE)))
1882 iwl_mvm_rx_tx_cmd_agg_dbg(mvm, pkt);
1886 mvmsta = iwl_mvm_sta_from_staid_rcu(mvm, sta_id);
1888 sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]);
1889 if (WARN_ON_ONCE(IS_ERR_OR_NULL(sta) || !sta->wme)) {
1894 if (!WARN_ON_ONCE(!mvmsta)) {
1895 mvmsta->tid_data[tid].rate_n_flags =
1896 le32_to_cpu(tx_resp->initial_rate);
1897 mvmsta->tid_data[tid].tx_time =
1898 le16_to_cpu(tx_resp->wireless_media_time);
1899 mvmsta->tid_data[tid].lq_color =
1900 TX_RES_RATE_TABLE_COL_GET(tx_resp->tlc_info);
1901 iwl_mvm_tx_airtime(mvm, mvmsta,
1902 le16_to_cpu(tx_resp->wireless_media_time));
1908 void iwl_mvm_rx_tx_cmd(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb)
1910 struct iwl_rx_packet *pkt = rxb_addr(rxb);
1911 struct iwl_mvm_tx_resp *tx_resp = (void *)pkt->data;
1913 if (tx_resp->frame_count == 1)
1914 iwl_mvm_rx_tx_cmd_single(mvm, pkt);
1916 iwl_mvm_rx_tx_cmd_agg(mvm, pkt);
1919 static void iwl_mvm_tx_reclaim(struct iwl_mvm *mvm, int sta_id, int tid,
1921 struct ieee80211_tx_info *tx_info, u32 rate,
1924 struct sk_buff_head reclaimed_skbs;
1925 struct iwl_mvm_tid_data *tid_data = NULL;
1926 struct ieee80211_sta *sta;
1927 struct iwl_mvm_sta *mvmsta = NULL;
1928 struct sk_buff *skb;
1931 if (WARN_ONCE(sta_id >= mvm->fw->ucode_capa.num_stations ||
1932 tid > IWL_MAX_TID_COUNT,
1933 "sta_id %d tid %d", sta_id, tid))
1938 sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]);
1940 /* Reclaiming frames for a station that has been deleted ? */
1941 if (WARN_ON_ONCE(!sta)) {
1946 __skb_queue_head_init(&reclaimed_skbs);
1949 * Release all TFDs before the SSN, i.e. all TFDs in front of
1950 * block-ack window (we assume that they've been successfully
1951 * transmitted ... if not, it's too late anyway).
1953 iwl_trans_reclaim(mvm->trans, txq, index, &reclaimed_skbs);
1955 skb_queue_walk(&reclaimed_skbs, skb) {
1956 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1958 iwl_trans_free_tx_cmd(mvm->trans, info->driver_data[1]);
1960 memset(&info->status, 0, sizeof(info->status));
1961 /* Packet was transmitted successfully, failures come as single
1962 * frames because before failing a frame the firmware transmits
1963 * it without aggregation at least once.
1966 info->flags |= IEEE80211_TX_STAT_ACK;
1970 * It's possible to get a BA response after invalidating the rcu (rcu is
1971 * invalidated in order to prevent new Tx from being sent, but there may
1972 * be some frames already in-flight).
1973 * In this case we just want to reclaim, and could skip all the
1974 * sta-dependent stuff since it's in the middle of being removed
1980 mvmsta = iwl_mvm_sta_from_mac80211(sta);
1981 tid_data = &mvmsta->tid_data[tid];
1983 if (tid_data->txq_id != txq) {
1985 "invalid reclaim request: Q %d, tid %d\n",
1986 tid_data->txq_id, tid);
1991 spin_lock_bh(&mvmsta->lock);
1993 tid_data->next_reclaimed = index;
1995 iwl_mvm_check_ratid_empty(mvm, sta, tid);
1999 /* pack lq color from tid_data along the reduced txp */
2000 tx_info->status.status_driver_data[0] =
2001 RS_DRV_DATA_PACK(tid_data->lq_color,
2002 tx_info->status.status_driver_data[0]);
2003 tx_info->status.status_driver_data[1] = (void *)(uintptr_t)rate;
2005 skb_queue_walk(&reclaimed_skbs, skb) {
2006 struct ieee80211_hdr *hdr = (void *)skb->data;
2007 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2010 if (ieee80211_is_data_qos(hdr->frame_control))
2013 WARN_ON_ONCE(tid != IWL_MAX_TID_COUNT);
2016 /* this is the first skb we deliver in this batch */
2017 /* put the rate scaling data there */
2019 info->flags |= IEEE80211_TX_STAT_AMPDU;
2020 memcpy(&info->status, &tx_info->status,
2021 sizeof(tx_info->status));
2022 iwl_mvm_hwrate_to_tx_status(mvm->fw, rate, info);
2026 spin_unlock_bh(&mvmsta->lock);
2028 /* We got a BA notif with 0 acked or scd_ssn didn't progress which is
2029 * possible (i.e. first MPDU in the aggregation wasn't acked)
2030 * Still it's important to update RS about sent vs. acked.
2032 if (!is_flush && skb_queue_empty(&reclaimed_skbs) &&
2033 !iwl_mvm_has_tlc_offload(mvm)) {
2034 struct ieee80211_chanctx_conf *chanctx_conf = NULL;
2036 /* no TLC offload, so non-MLD mode */
2039 rcu_dereference(mvmsta->vif->bss_conf.chanctx_conf);
2041 if (WARN_ON_ONCE(!chanctx_conf))
2044 tx_info->band = chanctx_conf->def.chan->band;
2045 iwl_mvm_hwrate_to_tx_status(mvm->fw, rate, tx_info);
2047 IWL_DEBUG_TX_REPLY(mvm, "No reclaim. Update rs directly\n");
2048 iwl_mvm_rs_tx_status(mvm, sta, tid, tx_info, false);
2054 while (!skb_queue_empty(&reclaimed_skbs)) {
2055 skb = __skb_dequeue(&reclaimed_skbs);
2056 ieee80211_tx_status(mvm->hw, skb);
2060 void iwl_mvm_rx_ba_notif(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb)
2062 struct iwl_rx_packet *pkt = rxb_addr(rxb);
2063 unsigned int pkt_len = iwl_rx_packet_payload_len(pkt);
2064 int sta_id, tid, txq, index;
2065 struct ieee80211_tx_info ba_info = {};
2066 struct iwl_mvm_ba_notif *ba_notif;
2067 struct iwl_mvm_tid_data *tid_data;
2068 struct iwl_mvm_sta *mvmsta;
2070 ba_info.flags = IEEE80211_TX_STAT_AMPDU;
2072 if (iwl_mvm_has_new_tx_api(mvm)) {
2073 struct iwl_mvm_compressed_ba_notif *ba_res =
2075 u8 lq_color = TX_RES_RATE_TABLE_COL_GET(ba_res->tlc_rate_info);
2079 if (IWL_FW_CHECK(mvm, sizeof(*ba_res) > pkt_len,
2080 "short BA notification (%d)\n", pkt_len))
2083 sta_id = ba_res->sta_id;
2084 ba_info.status.ampdu_ack_len = (u8)le16_to_cpu(ba_res->done);
2085 ba_info.status.ampdu_len = (u8)le16_to_cpu(ba_res->txed);
2086 ba_info.status.tx_time =
2087 (u16)le32_to_cpu(ba_res->wireless_time);
2088 ba_info.status.status_driver_data[0] =
2089 (void *)(uintptr_t)ba_res->reduced_txp;
2091 tfd_cnt = le16_to_cpu(ba_res->tfd_cnt);
2095 if (IWL_FW_CHECK(mvm,
2096 struct_size(ba_res, tfd, tfd_cnt) > pkt_len,
2097 "short BA notification (tfds:%d, size:%d)\n",
2103 mvmsta = iwl_mvm_sta_from_staid_rcu(mvm, sta_id);
2105 * It's possible to get a BA response after invalidating the rcu
2106 * (rcu is invalidated in order to prevent new Tx from being
2107 * sent, but there may be some frames already in-flight).
2108 * In this case we just want to reclaim, and could skip all the
2109 * sta-dependent stuff since it's in the middle of being removed
2114 for (i = 0; i < tfd_cnt; i++) {
2115 struct iwl_mvm_compressed_ba_tfd *ba_tfd =
2119 if (tid == IWL_MGMT_TID)
2120 tid = IWL_MAX_TID_COUNT;
2123 mvmsta->tid_data[i].lq_color = lq_color;
2125 iwl_mvm_tx_reclaim(mvm, sta_id, tid,
2126 (int)(le16_to_cpu(ba_tfd->q_num)),
2127 le16_to_cpu(ba_tfd->tfd_index),
2129 le32_to_cpu(ba_res->tx_rate), false);
2133 iwl_mvm_tx_airtime(mvm, mvmsta,
2134 le32_to_cpu(ba_res->wireless_time));
2137 IWL_DEBUG_TX_REPLY(mvm,
2138 "BA_NOTIFICATION Received from sta_id = %d, flags %x, sent:%d, acked:%d\n",
2139 sta_id, le32_to_cpu(ba_res->flags),
2140 le16_to_cpu(ba_res->txed),
2141 le16_to_cpu(ba_res->done));
2145 ba_notif = (void *)pkt->data;
2146 sta_id = ba_notif->sta_id;
2147 tid = ba_notif->tid;
2148 /* "flow" corresponds to Tx queue */
2149 txq = le16_to_cpu(ba_notif->scd_flow);
2150 /* "ssn" is start of block-ack Tx window, corresponds to index
2151 * (in Tx queue's circular buffer) of first TFD/frame in window */
2152 index = le16_to_cpu(ba_notif->scd_ssn);
2155 mvmsta = iwl_mvm_sta_from_staid_rcu(mvm, sta_id);
2156 if (IWL_FW_CHECK(mvm, !mvmsta,
2157 "invalid STA ID %d in BA notif\n",
2163 tid_data = &mvmsta->tid_data[tid];
2165 ba_info.status.ampdu_ack_len = ba_notif->txed_2_done;
2166 ba_info.status.ampdu_len = ba_notif->txed;
2167 ba_info.status.tx_time = tid_data->tx_time;
2168 ba_info.status.status_driver_data[0] =
2169 (void *)(uintptr_t)ba_notif->reduced_txp;
2173 iwl_mvm_tx_reclaim(mvm, sta_id, tid, txq, index, &ba_info,
2174 tid_data->rate_n_flags, false);
2176 IWL_DEBUG_TX_REPLY(mvm,
2177 "BA_NOTIFICATION Received from %pM, sta_id = %d\n",
2178 ba_notif->sta_addr, ba_notif->sta_id);
2180 IWL_DEBUG_TX_REPLY(mvm,
2181 "TID = %d, SeqCtl = %d, bitmap = 0x%llx, scd_flow = %d, scd_ssn = %d sent:%d, acked:%d\n",
2182 ba_notif->tid, le16_to_cpu(ba_notif->seq_ctl),
2183 le64_to_cpu(ba_notif->bitmap), txq, index,
2184 ba_notif->txed, ba_notif->txed_2_done);
2186 IWL_DEBUG_TX_REPLY(mvm, "reduced txp from ba notif %d\n",
2187 ba_notif->reduced_txp);
2191 * Note that there are transports that buffer frames before they reach
2192 * the firmware. This means that after flush_tx_path is called, the
2193 * queue might not be empty. The race-free way to handle this is to:
2194 * 1) set the station as draining
2195 * 2) flush the Tx path
2196 * 3) wait for the transport queues to be empty
2198 int iwl_mvm_flush_tx_path(struct iwl_mvm *mvm, u32 tfd_msk)
2201 struct iwl_tx_path_flush_cmd_v1 flush_cmd = {
2202 .queues_ctl = cpu_to_le32(tfd_msk),
2203 .flush_ctl = cpu_to_le16(DUMP_TX_FIFO_FLUSH),
2206 WARN_ON(iwl_mvm_has_new_tx_api(mvm));
2207 ret = iwl_mvm_send_cmd_pdu(mvm, TXPATH_FLUSH, 0,
2208 sizeof(flush_cmd), &flush_cmd);
2210 IWL_ERR(mvm, "Failed to send flush command (%d)\n", ret);
2214 int iwl_mvm_flush_sta_tids(struct iwl_mvm *mvm, u32 sta_id, u16 tids)
2217 struct iwl_tx_path_flush_cmd_rsp *rsp;
2218 struct iwl_tx_path_flush_cmd flush_cmd = {
2219 .sta_id = cpu_to_le32(sta_id),
2220 .tid_mask = cpu_to_le16(tids),
2223 struct iwl_host_cmd cmd = {
2225 .len = { sizeof(flush_cmd), },
2226 .data = { &flush_cmd, },
2229 WARN_ON(!iwl_mvm_has_new_tx_api(mvm));
2231 if (iwl_fw_lookup_notif_ver(mvm->fw, LONG_GROUP, TXPATH_FLUSH, 0) > 0)
2232 cmd.flags |= CMD_WANT_SKB;
2234 IWL_DEBUG_TX_QUEUES(mvm, "flush for sta id %d tid mask 0x%x\n",
2237 ret = iwl_mvm_send_cmd(mvm, &cmd);
2240 IWL_ERR(mvm, "Failed to send flush command (%d)\n", ret);
2244 if (cmd.flags & CMD_WANT_SKB) {
2246 int num_flushed_queues;
2248 if (WARN_ON_ONCE(iwl_rx_packet_payload_len(cmd.resp_pkt) != sizeof(*rsp))) {
2253 rsp = (void *)cmd.resp_pkt->data;
2255 if (WARN_ONCE(le16_to_cpu(rsp->sta_id) != sta_id,
2256 "sta_id %d != rsp_sta_id %d",
2257 sta_id, le16_to_cpu(rsp->sta_id))) {
2262 num_flushed_queues = le16_to_cpu(rsp->num_flushed_queues);
2263 if (WARN_ONCE(num_flushed_queues > IWL_TX_FLUSH_QUEUE_RSP,
2264 "num_flushed_queues %d", num_flushed_queues)) {
2269 for (i = 0; i < num_flushed_queues; i++) {
2270 struct ieee80211_tx_info tx_info = {};
2271 struct iwl_flush_queue_info *queue_info = &rsp->queues[i];
2272 int tid = le16_to_cpu(queue_info->tid);
2273 int read_before = le16_to_cpu(queue_info->read_before_flush);
2274 int read_after = le16_to_cpu(queue_info->read_after_flush);
2275 int queue_num = le16_to_cpu(queue_info->queue_num);
2277 if (tid == IWL_MGMT_TID)
2278 tid = IWL_MAX_TID_COUNT;
2280 IWL_DEBUG_TX_QUEUES(mvm,
2281 "tid %d queue_id %d read-before %d read-after %d\n",
2282 tid, queue_num, read_before, read_after);
2284 iwl_mvm_tx_reclaim(mvm, sta_id, tid, queue_num, read_after,
2288 iwl_free_resp(&cmd);
2293 int iwl_mvm_flush_sta(struct iwl_mvm *mvm, void *sta, bool internal)
2295 u32 sta_id, tfd_queue_msk;
2298 struct iwl_mvm_int_sta *int_sta = sta;
2300 sta_id = int_sta->sta_id;
2301 tfd_queue_msk = int_sta->tfd_queue_msk;
2303 struct iwl_mvm_sta *mvm_sta = sta;
2305 sta_id = mvm_sta->deflink.sta_id;
2306 tfd_queue_msk = mvm_sta->tfd_queue_msk;
2309 if (iwl_mvm_has_new_tx_api(mvm))
2310 return iwl_mvm_flush_sta_tids(mvm, sta_id, 0xffff);
2312 return iwl_mvm_flush_tx_path(mvm, tfd_queue_msk);
projects / platform / kernel / linux-starfive.git / blob