1/* 2 * Intel Wireless Multicomm 3200 WiFi driver 3 * 4 * Copyright (C) 2009 Intel Corporation. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * * Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * * Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in 14 * the documentation and/or other materials provided with the 15 * distribution. 16 * * Neither the name of Intel Corporation nor the names of its 17 * contributors may be used to endorse or promote products derived 18 * from this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 23 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 24 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 * 32 * 33 * Intel Corporation <ilw@linux.intel.com> 34 * Samuel Ortiz <samuel.ortiz@intel.com> 35 * Zhu Yi <yi.zhu@intel.com> 36 * 37 */ 38 39#include <linux/kernel.h> 40#include <linux/netdevice.h> 41#include <linux/sched.h> 42#include <linux/etherdevice.h> 43#include <linux/wireless.h> 44#include <linux/ieee80211.h> 45#include <linux/if_arp.h> 46#include <linux/list.h> 47#include <linux/slab.h> 48#include <net/iw_handler.h> 49 50#include "iwm.h" 51#include "debug.h" 52#include "hal.h" 53#include "umac.h" 54#include "lmac.h" 55#include "commands.h" 56#include "rx.h" 57#include "cfg80211.h" 58#include "eeprom.h" 59 60static int iwm_rx_check_udma_hdr(struct iwm_udma_in_hdr *hdr) 61{ 62 if ((le32_to_cpu(hdr->cmd) == UMAC_PAD_TERMINAL) || 63 (le32_to_cpu(hdr->size) == UMAC_PAD_TERMINAL)) 64 return -EINVAL; 65 66 return 0; 67} 68 69static inline int iwm_rx_resp_size(struct iwm_udma_in_hdr *hdr) 70{ 71 return ALIGN(le32_to_cpu(hdr->size) + sizeof(struct iwm_udma_in_hdr), 72 16); 73} 74 75/* 76 * Notification handlers: 77 * 78 * For every possible notification we can receive from the 79 * target, we have a handler. 80 * When we get a target notification, and there is no one 81 * waiting for it, it's just processed through the rx code 82 * path: 83 * 84 * iwm_rx_handle() 85 * -> iwm_rx_handle_umac() 86 * -> iwm_rx_handle_wifi() 87 * -> iwm_rx_handle_resp() 88 * -> iwm_ntf_*() 89 * 90 * OR 91 * 92 * -> iwm_rx_handle_non_wifi() 93 * 94 * If there are processes waiting for this notification, then 95 * iwm_rx_handle_wifi() just wakes those processes up and they 96 * grab the pending notification. 97 */ 98static int iwm_ntf_error(struct iwm_priv *iwm, u8 *buf, 99 unsigned long buf_size, struct iwm_wifi_cmd *cmd) 100{ 101 struct iwm_umac_notif_error *error; 102 struct iwm_fw_error_hdr *fw_err; 103 104 error = (struct iwm_umac_notif_error *)buf; 105 fw_err = &error->err; 106 107 memcpy(iwm->last_fw_err, fw_err, sizeof(struct iwm_fw_error_hdr)); 108 109 IWM_ERR(iwm, "%cMAC FW ERROR:\n", 110 (le32_to_cpu(fw_err->category) == UMAC_SYS_ERR_CAT_LMAC) ? 'L' : 'U'); 111 IWM_ERR(iwm, "\tCategory: %d\n", le32_to_cpu(fw_err->category)); 112 IWM_ERR(iwm, "\tStatus: 0x%x\n", le32_to_cpu(fw_err->status)); 113 IWM_ERR(iwm, "\tPC: 0x%x\n", le32_to_cpu(fw_err->pc)); 114 IWM_ERR(iwm, "\tblink1: %d\n", le32_to_cpu(fw_err->blink1)); 115 IWM_ERR(iwm, "\tblink2: %d\n", le32_to_cpu(fw_err->blink2)); 116 IWM_ERR(iwm, "\tilink1: %d\n", le32_to_cpu(fw_err->ilink1)); 117 IWM_ERR(iwm, "\tilink2: %d\n", le32_to_cpu(fw_err->ilink2)); 118 IWM_ERR(iwm, "\tData1: 0x%x\n", le32_to_cpu(fw_err->data1)); 119 IWM_ERR(iwm, "\tData2: 0x%x\n", le32_to_cpu(fw_err->data2)); 120 IWM_ERR(iwm, "\tLine number: %d\n", le32_to_cpu(fw_err->line_num)); 121 IWM_ERR(iwm, "\tUMAC status: 0x%x\n", le32_to_cpu(fw_err->umac_status)); 122 IWM_ERR(iwm, "\tLMAC status: 0x%x\n", le32_to_cpu(fw_err->lmac_status)); 123 IWM_ERR(iwm, "\tSDIO status: 0x%x\n", le32_to_cpu(fw_err->sdio_status)); 124 125 iwm_resetting(iwm); 126 127 return 0; 128} 129 130static int iwm_ntf_umac_alive(struct iwm_priv *iwm, u8 *buf, 131 unsigned long buf_size, struct iwm_wifi_cmd *cmd) 132{ 133 struct iwm_umac_notif_alive *alive_resp = 134 (struct iwm_umac_notif_alive *)(buf); 135 u16 status = le16_to_cpu(alive_resp->status); 136 137 if (status == UMAC_NTFY_ALIVE_STATUS_ERR) { 138 IWM_ERR(iwm, "Receive error UMAC_ALIVE\n"); 139 return -EIO; 140 } 141 142 iwm_tx_credit_init_pools(iwm, alive_resp); 143 144 return 0; 145} 146 147static int iwm_ntf_init_complete(struct iwm_priv *iwm, u8 *buf, 148 unsigned long buf_size, 149 struct iwm_wifi_cmd *cmd) 150{ 151 struct wiphy *wiphy = iwm_to_wiphy(iwm); 152 struct iwm_umac_notif_init_complete *init_complete = 153 (struct iwm_umac_notif_init_complete *)(buf); 154 u16 status = le16_to_cpu(init_complete->status); 155 bool blocked = (status == UMAC_NTFY_INIT_COMPLETE_STATUS_ERR); 156 157 if (blocked) 158 IWM_DBG_NTF(iwm, DBG, "Hardware rf kill is on (radio off)\n"); 159 else 160 IWM_DBG_NTF(iwm, DBG, "Hardware rf kill is off (radio on)\n"); 161 162 wiphy_rfkill_set_hw_state(wiphy, blocked); 163 164 return 0; 165} 166 167static int iwm_ntf_tx_credit_update(struct iwm_priv *iwm, u8 *buf, 168 unsigned long buf_size, 169 struct iwm_wifi_cmd *cmd) 170{ 171 int pool_nr, total_freed_pages; 172 unsigned long pool_map; 173 int i, id; 174 struct iwm_umac_notif_page_dealloc *dealloc = 175 (struct iwm_umac_notif_page_dealloc *)buf; 176 177 pool_nr = GET_VAL32(dealloc->changes, UMAC_DEALLOC_NTFY_CHANGES_CNT); 178 pool_map = GET_VAL32(dealloc->changes, UMAC_DEALLOC_NTFY_CHANGES_MSK); 179 180 IWM_DBG_TX(iwm, DBG, "UMAC dealloc notification: pool nr %d, " 181 "update map 0x%lx\n", pool_nr, pool_map); 182 183 spin_lock(&iwm->tx_credit.lock); 184 185 for (i = 0; i < pool_nr; i++) { 186 id = GET_VAL32(dealloc->grp_info[i], 187 UMAC_DEALLOC_NTFY_GROUP_NUM); 188 if (test_bit(id, &pool_map)) { 189 total_freed_pages = GET_VAL32(dealloc->grp_info[i], 190 UMAC_DEALLOC_NTFY_PAGE_CNT); 191 iwm_tx_credit_inc(iwm, id, total_freed_pages); 192 } 193 } 194 195 spin_unlock(&iwm->tx_credit.lock); 196 197 return 0; 198} 199 200static int iwm_ntf_umac_reset(struct iwm_priv *iwm, u8 *buf, 201 unsigned long buf_size, struct iwm_wifi_cmd *cmd) 202{ 203 IWM_DBG_NTF(iwm, DBG, "UMAC RESET done\n"); 204 205 return 0; 206} 207 208static int iwm_ntf_lmac_version(struct iwm_priv *iwm, u8 *buf, 209 unsigned long buf_size, 210 struct iwm_wifi_cmd *cmd) 211{ 212 IWM_DBG_NTF(iwm, INFO, "LMAC Version: %x.%x\n", buf[9], buf[8]); 213 214 return 0; 215} 216 217static int iwm_ntf_tx(struct iwm_priv *iwm, u8 *buf, 218 unsigned long buf_size, struct iwm_wifi_cmd *cmd) 219{ 220 struct iwm_lmac_tx_resp *tx_resp; 221 struct iwm_umac_wifi_in_hdr *hdr; 222 223 tx_resp = (struct iwm_lmac_tx_resp *) 224 (buf + sizeof(struct iwm_umac_wifi_in_hdr)); 225 hdr = (struct iwm_umac_wifi_in_hdr *)buf; 226 227 IWM_DBG_TX(iwm, DBG, "REPLY_TX, buf size: %lu\n", buf_size); 228 229 IWM_DBG_TX(iwm, DBG, "Seqnum: %d\n", 230 le16_to_cpu(hdr->sw_hdr.cmd.seq_num)); 231 IWM_DBG_TX(iwm, DBG, "\tFrame cnt: %d\n", tx_resp->frame_cnt); 232 IWM_DBG_TX(iwm, DBG, "\tRetry cnt: %d\n", 233 le16_to_cpu(tx_resp->retry_cnt)); 234 IWM_DBG_TX(iwm, DBG, "\tSeq ctl: %d\n", le16_to_cpu(tx_resp->seq_ctl)); 235 IWM_DBG_TX(iwm, DBG, "\tByte cnt: %d\n", 236 le16_to_cpu(tx_resp->byte_cnt)); 237 IWM_DBG_TX(iwm, DBG, "\tStatus: 0x%x\n", le32_to_cpu(tx_resp->status)); 238 239 return 0; 240} 241 242 243static int iwm_ntf_calib_res(struct iwm_priv *iwm, u8 *buf, 244 unsigned long buf_size, struct iwm_wifi_cmd *cmd) 245{ 246 u8 opcode; 247 u8 *calib_buf; 248 struct iwm_lmac_calib_hdr *hdr = (struct iwm_lmac_calib_hdr *) 249 (buf + sizeof(struct iwm_umac_wifi_in_hdr)); 250 251 opcode = hdr->opcode; 252 253 BUG_ON(opcode >= CALIBRATION_CMD_NUM || 254 opcode < PHY_CALIBRATE_OPCODES_NUM); 255 256 IWM_DBG_NTF(iwm, DBG, "Store calibration result for opcode: %d\n", 257 opcode); 258 259 buf_size -= sizeof(struct iwm_umac_wifi_in_hdr); 260 calib_buf = iwm->calib_res[opcode].buf; 261 262 if (!calib_buf || (iwm->calib_res[opcode].size < buf_size)) { 263 kfree(calib_buf); 264 calib_buf = kzalloc(buf_size, GFP_KERNEL); 265 if (!calib_buf) { 266 IWM_ERR(iwm, "Memory allocation failed: calib_res\n"); 267 return -ENOMEM; 268 } 269 iwm->calib_res[opcode].buf = calib_buf; 270 iwm->calib_res[opcode].size = buf_size; 271 } 272 273 memcpy(calib_buf, hdr, buf_size); 274 set_bit(opcode - PHY_CALIBRATE_OPCODES_NUM, &iwm->calib_done_map); 275 276 return 0; 277} 278 279static int iwm_ntf_calib_complete(struct iwm_priv *iwm, u8 *buf, 280 unsigned long buf_size, 281 struct iwm_wifi_cmd *cmd) 282{ 283 IWM_DBG_NTF(iwm, DBG, "Calibration completed\n"); 284 285 return 0; 286} 287 288static int iwm_ntf_calib_cfg(struct iwm_priv *iwm, u8 *buf, 289 unsigned long buf_size, struct iwm_wifi_cmd *cmd) 290{ 291 struct iwm_lmac_cal_cfg_resp *cal_resp; 292 293 cal_resp = (struct iwm_lmac_cal_cfg_resp *) 294 (buf + sizeof(struct iwm_umac_wifi_in_hdr)); 295 296 IWM_DBG_NTF(iwm, DBG, "Calibration CFG command status: %d\n", 297 le32_to_cpu(cal_resp->status)); 298 299 return 0; 300} 301 302static int iwm_ntf_wifi_status(struct iwm_priv *iwm, u8 *buf, 303 unsigned long buf_size, struct iwm_wifi_cmd *cmd) 304{ 305 struct iwm_umac_notif_wifi_status *status = 306 (struct iwm_umac_notif_wifi_status *)buf; 307 308 iwm->core_enabled |= le16_to_cpu(status->status); 309 310 return 0; 311} 312 313static struct iwm_rx_ticket_node * 314iwm_rx_ticket_node_alloc(struct iwm_priv *iwm, struct iwm_rx_ticket *ticket) 315{ 316 struct iwm_rx_ticket_node *ticket_node; 317 318 ticket_node = kzalloc(sizeof(struct iwm_rx_ticket_node), GFP_KERNEL); 319 if (!ticket_node) { 320 IWM_ERR(iwm, "Couldn't allocate ticket node\n"); 321 return ERR_PTR(-ENOMEM); 322 } 323 324 ticket_node->ticket = kmemdup(ticket, sizeof(struct iwm_rx_ticket), 325 GFP_KERNEL); 326 if (!ticket_node->ticket) { 327 IWM_ERR(iwm, "Couldn't allocate RX ticket\n"); 328 kfree(ticket_node); 329 return ERR_PTR(-ENOMEM); 330 } 331 332 INIT_LIST_HEAD(&ticket_node->node); 333 334 return ticket_node; 335} 336 337static void iwm_rx_ticket_node_free(struct iwm_rx_ticket_node *ticket_node) 338{ 339 kfree(ticket_node->ticket); 340 kfree(ticket_node); 341} 342 343static struct iwm_rx_packet *iwm_rx_packet_get(struct iwm_priv *iwm, u16 id) 344{ 345 u8 id_hash = IWM_RX_ID_GET_HASH(id); 346 struct iwm_rx_packet *packet; 347 348 spin_lock(&iwm->packet_lock[id_hash]); 349 list_for_each_entry(packet, &iwm->rx_packets[id_hash], node) 350 if (packet->id == id) { 351 list_del(&packet->node); 352 spin_unlock(&iwm->packet_lock[id_hash]); 353 return packet; 354 } 355 356 spin_unlock(&iwm->packet_lock[id_hash]); 357 return NULL; 358} 359 360static struct iwm_rx_packet *iwm_rx_packet_alloc(struct iwm_priv *iwm, u8 *buf, 361 u32 size, u16 id) 362{ 363 struct iwm_rx_packet *packet; 364 365 packet = kzalloc(sizeof(struct iwm_rx_packet), GFP_KERNEL); 366 if (!packet) { 367 IWM_ERR(iwm, "Couldn't allocate packet\n"); 368 return ERR_PTR(-ENOMEM); 369 } 370 371 packet->skb = dev_alloc_skb(size); 372 if (!packet->skb) { 373 IWM_ERR(iwm, "Couldn't allocate packet SKB\n"); 374 kfree(packet); 375 return ERR_PTR(-ENOMEM); 376 } 377 378 packet->pkt_size = size; 379 380 skb_put(packet->skb, size); 381 memcpy(packet->skb->data, buf, size); 382 INIT_LIST_HEAD(&packet->node); 383 packet->id = id; 384 385 return packet; 386} 387 388void iwm_rx_free(struct iwm_priv *iwm) 389{ 390 struct iwm_rx_ticket_node *ticket, *nt; 391 struct iwm_rx_packet *packet, *np; 392 int i; 393 394 spin_lock(&iwm->ticket_lock); 395 list_for_each_entry_safe(ticket, nt, &iwm->rx_tickets, node) { 396 list_del(&ticket->node); 397 iwm_rx_ticket_node_free(ticket); 398 } 399 spin_unlock(&iwm->ticket_lock); 400 401 for (i = 0; i < IWM_RX_ID_HASH; i++) { 402 spin_lock(&iwm->packet_lock[i]); 403 list_for_each_entry_safe(packet, np, &iwm->rx_packets[i], 404 node) { 405 list_del(&packet->node); 406 kfree_skb(packet->skb); 407 kfree(packet); 408 } 409 spin_unlock(&iwm->packet_lock[i]); 410 } 411} 412 413static int iwm_ntf_rx_ticket(struct iwm_priv *iwm, u8 *buf, 414 unsigned long buf_size, struct iwm_wifi_cmd *cmd) 415{ 416 struct iwm_umac_notif_rx_ticket *ntf_rx_ticket = 417 (struct iwm_umac_notif_rx_ticket *)buf; 418 struct iwm_rx_ticket *ticket = 419 (struct iwm_rx_ticket *)ntf_rx_ticket->tickets; 420 int i, schedule_rx = 0; 421 422 for (i = 0; i < ntf_rx_ticket->num_tickets; i++) { 423 struct iwm_rx_ticket_node *ticket_node; 424 425 switch (le16_to_cpu(ticket->action)) { 426 case IWM_RX_TICKET_RELEASE: 427 case IWM_RX_TICKET_DROP: 428 /* We can push the packet to the stack */ 429 ticket_node = iwm_rx_ticket_node_alloc(iwm, ticket); 430 if (IS_ERR(ticket_node)) 431 return PTR_ERR(ticket_node); 432 433 IWM_DBG_RX(iwm, DBG, "TICKET %s(%d)\n", 434 __le16_to_cpu(ticket->action) == 435 IWM_RX_TICKET_RELEASE ? 436 "RELEASE" : "DROP", 437 ticket->id); 438 spin_lock(&iwm->ticket_lock); 439 list_add_tail(&ticket_node->node, &iwm->rx_tickets); 440 spin_unlock(&iwm->ticket_lock); 441 442 /* 443 * We received an Rx ticket, most likely there's 444 * a packet pending for it, it's not worth going 445 * through the packet hash list to double check. 446 * Let's just fire the rx worker.. 447 */ 448 schedule_rx = 1; 449 450 break; 451 452 default: 453 IWM_ERR(iwm, "Invalid RX ticket action: 0x%x\n", 454 ticket->action); 455 } 456 457 ticket++; 458 } 459 460 if (schedule_rx) 461 queue_work(iwm->rx_wq, &iwm->rx_worker); 462 463 return 0; 464} 465 466static int iwm_ntf_rx_packet(struct iwm_priv *iwm, u8 *buf, 467 unsigned long buf_size, struct iwm_wifi_cmd *cmd) 468{ 469 struct iwm_umac_wifi_in_hdr *wifi_hdr; 470 struct iwm_rx_packet *packet; 471 u16 id, buf_offset; 472 u32 packet_size; 473 u8 id_hash; 474 475 IWM_DBG_RX(iwm, DBG, "\n"); 476 477 wifi_hdr = (struct iwm_umac_wifi_in_hdr *)buf; 478 id = le16_to_cpu(wifi_hdr->sw_hdr.cmd.seq_num); 479 buf_offset = sizeof(struct iwm_umac_wifi_in_hdr); 480 packet_size = buf_size - sizeof(struct iwm_umac_wifi_in_hdr); 481 482 IWM_DBG_RX(iwm, DBG, "CMD:0x%x, seqnum: %d, packet size: %d\n", 483 wifi_hdr->sw_hdr.cmd.cmd, id, packet_size); 484 IWM_DBG_RX(iwm, DBG, "Packet id: %d\n", id); 485 IWM_HEXDUMP(iwm, DBG, RX, "PACKET: ", buf + buf_offset, packet_size); 486 487 packet = iwm_rx_packet_alloc(iwm, buf + buf_offset, packet_size, id); 488 if (IS_ERR(packet)) 489 return PTR_ERR(packet); 490 491 id_hash = IWM_RX_ID_GET_HASH(id); 492 spin_lock(&iwm->packet_lock[id_hash]); 493 list_add_tail(&packet->node, &iwm->rx_packets[id_hash]); 494 spin_unlock(&iwm->packet_lock[id_hash]); 495 496 /* We might (unlikely) have received the packet _after_ the ticket */ 497 queue_work(iwm->rx_wq, &iwm->rx_worker); 498 499 return 0; 500} 501 502/* MLME handlers */ 503static int iwm_mlme_assoc_start(struct iwm_priv *iwm, u8 *buf, 504 unsigned long buf_size, 505 struct iwm_wifi_cmd *cmd) 506{ 507 struct iwm_umac_notif_assoc_start *start; 508 509 start = (struct iwm_umac_notif_assoc_start *)buf; 510 511 IWM_DBG_MLME(iwm, INFO, "Association with %pM Started, reason: %d\n", 512 start->bssid, le32_to_cpu(start->roam_reason)); 513 514 wake_up_interruptible(&iwm->mlme_queue); 515 516 return 0; 517} 518 519static u8 iwm_is_open_wep_profile(struct iwm_priv *iwm) 520{ 521 if ((iwm->umac_profile->sec.ucast_cipher == UMAC_CIPHER_TYPE_WEP_40 || 522 iwm->umac_profile->sec.ucast_cipher == UMAC_CIPHER_TYPE_WEP_104) && 523 (iwm->umac_profile->sec.ucast_cipher == 524 iwm->umac_profile->sec.mcast_cipher) && 525 (iwm->umac_profile->sec.auth_type == UMAC_AUTH_TYPE_OPEN)) 526 return 1; 527 528 return 0; 529} 530 531static int iwm_mlme_assoc_complete(struct iwm_priv *iwm, u8 *buf, 532 unsigned long buf_size, 533 struct iwm_wifi_cmd *cmd) 534{ 535 struct wiphy *wiphy = iwm_to_wiphy(iwm); 536 struct ieee80211_channel *chan; 537 struct iwm_umac_notif_assoc_complete *complete = 538 (struct iwm_umac_notif_assoc_complete *)buf; 539 540 IWM_DBG_MLME(iwm, INFO, "Association with %pM completed, status: %d\n", 541 complete->bssid, complete->status); 542 543 switch (le32_to_cpu(complete->status)) { 544 case UMAC_ASSOC_COMPLETE_SUCCESS: 545 chan = ieee80211_get_channel(wiphy, 546 ieee80211_channel_to_frequency(complete->channel, 547 complete->band == UMAC_BAND_2GHZ ? 548 IEEE80211_BAND_2GHZ : 549 IEEE80211_BAND_5GHZ)); 550 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) { 551 /* Associated to a unallowed channel, disassociate. */ 552 __iwm_invalidate_mlme_profile(iwm); 553 IWM_WARN(iwm, "Couldn't associate with %pM due to " 554 "channel %d is disabled. Check your local " 555 "regulatory setting.\n", 556 complete->bssid, complete->channel); 557 goto failure; 558 } 559 560 set_bit(IWM_STATUS_ASSOCIATED, &iwm->status); 561 memcpy(iwm->bssid, complete->bssid, ETH_ALEN); 562 iwm->channel = complete->channel; 563 564 /* Internal roaming state, avoid notifying SME. */ 565 if (!test_and_clear_bit(IWM_STATUS_SME_CONNECTING, &iwm->status) 566 && iwm->conf.mode == UMAC_MODE_BSS) { 567 cancel_delayed_work(&iwm->disconnect); 568 cfg80211_roamed(iwm_to_ndev(iwm), NULL, 569 complete->bssid, 570 iwm->req_ie, iwm->req_ie_len, 571 iwm->resp_ie, iwm->resp_ie_len, 572 GFP_KERNEL); 573 break; 574 } 575 576 iwm_link_on(iwm); 577 578 if (iwm->conf.mode == UMAC_MODE_IBSS) 579 goto ibss; 580 581 if (!test_bit(IWM_STATUS_RESETTING, &iwm->status)) 582 cfg80211_connect_result(iwm_to_ndev(iwm), 583 complete->bssid, 584 iwm->req_ie, iwm->req_ie_len, 585 iwm->resp_ie, iwm->resp_ie_len, 586 WLAN_STATUS_SUCCESS, 587 GFP_KERNEL); 588 else 589 cfg80211_roamed(iwm_to_ndev(iwm), NULL, 590 complete->bssid, 591 iwm->req_ie, iwm->req_ie_len, 592 iwm->resp_ie, iwm->resp_ie_len, 593 GFP_KERNEL); 594 break; 595 case UMAC_ASSOC_COMPLETE_FAILURE: 596 failure: 597 clear_bit(IWM_STATUS_ASSOCIATED, &iwm->status); 598 memset(iwm->bssid, 0, ETH_ALEN); 599 iwm->channel = 0; 600 601 /* Internal roaming state, avoid notifying SME. */ 602 if (!test_and_clear_bit(IWM_STATUS_SME_CONNECTING, &iwm->status) 603 && iwm->conf.mode == UMAC_MODE_BSS) { 604 cancel_delayed_work(&iwm->disconnect); 605 break; 606 } 607 608 iwm_link_off(iwm); 609 610 if (iwm->conf.mode == UMAC_MODE_IBSS) 611 goto ibss; 612 613 if (!test_bit(IWM_STATUS_RESETTING, &iwm->status)) 614 if (!iwm_is_open_wep_profile(iwm)) { 615 cfg80211_connect_result(iwm_to_ndev(iwm), 616 complete->bssid, 617 NULL, 0, NULL, 0, 618 WLAN_STATUS_UNSPECIFIED_FAILURE, 619 GFP_KERNEL); 620 } else { 621 /* Let's try shared WEP auth */ 622 IWM_ERR(iwm, "Trying WEP shared auth\n"); 623 schedule_work(&iwm->auth_retry_worker); 624 } 625 else 626 cfg80211_disconnected(iwm_to_ndev(iwm), 0, NULL, 0, 627 GFP_KERNEL); 628 break; 629 default: 630 break; 631 } 632 633 clear_bit(IWM_STATUS_RESETTING, &iwm->status); 634 return 0; 635 636 ibss: 637 cfg80211_ibss_joined(iwm_to_ndev(iwm), iwm->bssid, GFP_KERNEL); 638 clear_bit(IWM_STATUS_RESETTING, &iwm->status); 639 return 0; 640} 641 642static int iwm_mlme_profile_invalidate(struct iwm_priv *iwm, u8 *buf, 643 unsigned long buf_size, 644 struct iwm_wifi_cmd *cmd) 645{ 646 struct iwm_umac_notif_profile_invalidate *invalid; 647 u32 reason; 648 649 invalid = (struct iwm_umac_notif_profile_invalidate *)buf; 650 reason = le32_to_cpu(invalid->reason); 651 652 IWM_DBG_MLME(iwm, INFO, "Profile Invalidated. Reason: %d\n", reason); 653 654 if (reason != UMAC_PROFILE_INVALID_REQUEST && 655 test_bit(IWM_STATUS_SME_CONNECTING, &iwm->status)) 656 cfg80211_connect_result(iwm_to_ndev(iwm), NULL, NULL, 0, NULL, 657 0, WLAN_STATUS_UNSPECIFIED_FAILURE, 658 GFP_KERNEL); 659 660 clear_bit(IWM_STATUS_SME_CONNECTING, &iwm->status); 661 clear_bit(IWM_STATUS_ASSOCIATED, &iwm->status); 662 663 iwm->umac_profile_active = false; 664 memset(iwm->bssid, 0, ETH_ALEN); 665 iwm->channel = 0; 666 667 iwm_link_off(iwm); 668 669 wake_up_interruptible(&iwm->mlme_queue); 670 671 return 0; 672} 673 674#define IWM_DISCONNECT_INTERVAL (5 * HZ) 675 676static int iwm_mlme_connection_terminated(struct iwm_priv *iwm, u8 *buf, 677 unsigned long buf_size, 678 struct iwm_wifi_cmd *cmd) 679{ 680 IWM_DBG_MLME(iwm, DBG, "Connection terminated\n"); 681 682 schedule_delayed_work(&iwm->disconnect, IWM_DISCONNECT_INTERVAL); 683 684 return 0; 685} 686 687static int iwm_mlme_scan_complete(struct iwm_priv *iwm, u8 *buf, 688 unsigned long buf_size, 689 struct iwm_wifi_cmd *cmd) 690{ 691 int ret; 692 struct iwm_umac_notif_scan_complete *scan_complete = 693 (struct iwm_umac_notif_scan_complete *)buf; 694 u32 result = le32_to_cpu(scan_complete->result); 695 696 IWM_DBG_MLME(iwm, INFO, "type:0x%x result:0x%x seq:%d\n", 697 le32_to_cpu(scan_complete->type), 698 le32_to_cpu(scan_complete->result), 699 scan_complete->seq_num); 700 701 if (!test_and_clear_bit(IWM_STATUS_SCANNING, &iwm->status)) { 702 IWM_ERR(iwm, "Scan complete while device not scanning\n"); 703 return -EIO; 704 } 705 if (!iwm->scan_request) 706 return 0; 707 708 ret = iwm_cfg80211_inform_bss(iwm); 709 710 cfg80211_scan_done(iwm->scan_request, 711 (result & UMAC_SCAN_RESULT_ABORTED) ? 1 : !!ret); 712 iwm->scan_request = NULL; 713 714 return ret; 715} 716 717static int iwm_mlme_update_sta_table(struct iwm_priv *iwm, u8 *buf, 718 unsigned long buf_size, 719 struct iwm_wifi_cmd *cmd) 720{ 721 struct iwm_umac_notif_sta_info *umac_sta = 722 (struct iwm_umac_notif_sta_info *)buf; 723 struct iwm_sta_info *sta; 724 int i; 725 726 switch (le32_to_cpu(umac_sta->opcode)) { 727 case UMAC_OPCODE_ADD_MODIFY: 728 sta = &iwm->sta_table[GET_VAL8(umac_sta->sta_id, LMAC_STA_ID)]; 729 730 IWM_DBG_MLME(iwm, INFO, "%s STA: ID = %d, Color = %d, " 731 "addr = %pM, qos = %d\n", 732 sta->valid ? "Modify" : "Add", 733 GET_VAL8(umac_sta->sta_id, LMAC_STA_ID), 734 GET_VAL8(umac_sta->sta_id, LMAC_STA_COLOR), 735 umac_sta->mac_addr, 736 umac_sta->flags & UMAC_STA_FLAG_QOS); 737 738 sta->valid = true; 739 sta->qos = umac_sta->flags & UMAC_STA_FLAG_QOS; 740 sta->color = GET_VAL8(umac_sta->sta_id, LMAC_STA_COLOR); 741 memcpy(sta->addr, umac_sta->mac_addr, ETH_ALEN); 742 break; 743 case UMAC_OPCODE_REMOVE: 744 IWM_DBG_MLME(iwm, INFO, "Remove STA: ID = %d, Color = %d, " 745 "addr = %pM\n", 746 GET_VAL8(umac_sta->sta_id, LMAC_STA_ID), 747 GET_VAL8(umac_sta->sta_id, LMAC_STA_COLOR), 748 umac_sta->mac_addr); 749 750 sta = &iwm->sta_table[GET_VAL8(umac_sta->sta_id, LMAC_STA_ID)]; 751 752 if (!memcmp(sta->addr, umac_sta->mac_addr, ETH_ALEN)) 753 sta->valid = false; 754 755 break; 756 case UMAC_OPCODE_CLEAR_ALL: 757 for (i = 0; i < IWM_STA_TABLE_NUM; i++) 758 iwm->sta_table[i].valid = false; 759 760 break; 761 default: 762 break; 763 } 764 765 return 0; 766} 767 768static int iwm_mlme_medium_lost(struct iwm_priv *iwm, u8 *buf, 769 unsigned long buf_size, 770 struct iwm_wifi_cmd *cmd) 771{ 772 struct wiphy *wiphy = iwm_to_wiphy(iwm); 773 774 IWM_DBG_NTF(iwm, DBG, "WiFi/WiMax coexistence radio is OFF\n"); 775 776 wiphy_rfkill_set_hw_state(wiphy, true); 777 778 return 0; 779} 780 781static int iwm_mlme_update_bss_table(struct iwm_priv *iwm, u8 *buf, 782 unsigned long buf_size, 783 struct iwm_wifi_cmd *cmd) 784{ 785 struct wiphy *wiphy = iwm_to_wiphy(iwm); 786 struct ieee80211_mgmt *mgmt; 787 struct iwm_umac_notif_bss_info *umac_bss = 788 (struct iwm_umac_notif_bss_info *)buf; 789 struct ieee80211_channel *channel; 790 struct ieee80211_supported_band *band; 791 struct iwm_bss_info *bss; 792 s32 signal; 793 int freq; 794 u16 frame_len = le16_to_cpu(umac_bss->frame_len); 795 size_t bss_len = sizeof(struct iwm_umac_notif_bss_info) + frame_len; 796 797 mgmt = (struct ieee80211_mgmt *)(umac_bss->frame_buf); 798 799 IWM_DBG_MLME(iwm, DBG, "New BSS info entry: %pM\n", mgmt->bssid); 800 IWM_DBG_MLME(iwm, DBG, "\tType: 0x%x\n", le32_to_cpu(umac_bss->type)); 801 IWM_DBG_MLME(iwm, DBG, "\tTimestamp: %d\n", 802 le32_to_cpu(umac_bss->timestamp)); 803 IWM_DBG_MLME(iwm, DBG, "\tTable Index: %d\n", 804 le16_to_cpu(umac_bss->table_idx)); 805 IWM_DBG_MLME(iwm, DBG, "\tBand: %d\n", umac_bss->band); 806 IWM_DBG_MLME(iwm, DBG, "\tChannel: %d\n", umac_bss->channel); 807 IWM_DBG_MLME(iwm, DBG, "\tRSSI: %d\n", umac_bss->rssi); 808 IWM_DBG_MLME(iwm, DBG, "\tFrame Length: %d\n", frame_len); 809 810 list_for_each_entry(bss, &iwm->bss_list, node) 811 if (bss->bss->table_idx == umac_bss->table_idx) 812 break; 813 814 if (&bss->node != &iwm->bss_list) { 815 /* Remove the old BSS entry, we will add it back later. */ 816 list_del(&bss->node); 817 kfree(bss->bss); 818 } else { 819 /* New BSS entry */ 820 821 bss = kzalloc(sizeof(struct iwm_bss_info), GFP_KERNEL); 822 if (!bss) { 823 IWM_ERR(iwm, "Couldn't allocate bss_info\n"); 824 return -ENOMEM; 825 } 826 } 827 828 bss->bss = kzalloc(bss_len, GFP_KERNEL); 829 if (!bss->bss) { 830 kfree(bss); 831 IWM_ERR(iwm, "Couldn't allocate bss\n"); 832 return -ENOMEM; 833 } 834 835 INIT_LIST_HEAD(&bss->node); 836 memcpy(bss->bss, umac_bss, bss_len); 837 838 if (umac_bss->band == UMAC_BAND_2GHZ) 839 band = wiphy->bands[IEEE80211_BAND_2GHZ]; 840 else if (umac_bss->band == UMAC_BAND_5GHZ) 841 band = wiphy->bands[IEEE80211_BAND_5GHZ]; 842 else { 843 IWM_ERR(iwm, "Invalid band: %d\n", umac_bss->band); 844 goto err; 845 } 846 847 freq = ieee80211_channel_to_frequency(umac_bss->channel, band->band); 848 channel = ieee80211_get_channel(wiphy, freq); 849 signal = umac_bss->rssi * 100; 850 851 bss->cfg_bss = cfg80211_inform_bss_frame(wiphy, channel, 852 mgmt, frame_len, 853 signal, GFP_KERNEL); 854 if (!bss->cfg_bss) 855 goto err; 856 857 list_add_tail(&bss->node, &iwm->bss_list); 858 859 return 0; 860 err: 861 kfree(bss->bss); 862 kfree(bss); 863 864 return -EINVAL; 865} 866 867static int iwm_mlme_remove_bss(struct iwm_priv *iwm, u8 *buf, 868 unsigned long buf_size, struct iwm_wifi_cmd *cmd) 869{ 870 struct iwm_umac_notif_bss_removed *bss_rm = 871 (struct iwm_umac_notif_bss_removed *)buf; 872 struct iwm_bss_info *bss, *next; 873 u16 table_idx; 874 int i; 875 876 for (i = 0; i < le32_to_cpu(bss_rm->count); i++) { 877 table_idx = le16_to_cpu(bss_rm->entries[i]) & 878 IWM_BSS_REMOVE_INDEX_MSK; 879 list_for_each_entry_safe(bss, next, &iwm->bss_list, node) 880 if (bss->bss->table_idx == cpu_to_le16(table_idx)) { 881 struct ieee80211_mgmt *mgmt; 882 883 mgmt = (struct ieee80211_mgmt *) 884 (bss->bss->frame_buf); 885 IWM_DBG_MLME(iwm, ERR, "BSS removed: %pM\n", 886 mgmt->bssid); 887 list_del(&bss->node); 888 kfree(bss->bss); 889 kfree(bss); 890 } 891 } 892 893 return 0; 894} 895 896static int iwm_mlme_mgt_frame(struct iwm_priv *iwm, u8 *buf, 897 unsigned long buf_size, struct iwm_wifi_cmd *cmd) 898{ 899 struct iwm_umac_notif_mgt_frame *mgt_frame = 900 (struct iwm_umac_notif_mgt_frame *)buf; 901 struct ieee80211_mgmt *mgt = (struct ieee80211_mgmt *)mgt_frame->frame; 902 903 IWM_HEXDUMP(iwm, DBG, MLME, "MGT: ", mgt_frame->frame, 904 le16_to_cpu(mgt_frame->len)); 905 906 if (ieee80211_is_assoc_req(mgt->frame_control)) { 907 iwm->req_ie_len = le16_to_cpu(mgt_frame->len) 908 - offsetof(struct ieee80211_mgmt, 909 u.assoc_req.variable); 910 kfree(iwm->req_ie); 911 iwm->req_ie = kmemdup(mgt->u.assoc_req.variable, 912 iwm->req_ie_len, GFP_KERNEL); 913 } else if (ieee80211_is_reassoc_req(mgt->frame_control)) { 914 iwm->req_ie_len = le16_to_cpu(mgt_frame->len) 915 - offsetof(struct ieee80211_mgmt, 916 u.reassoc_req.variable); 917 kfree(iwm->req_ie); 918 iwm->req_ie = kmemdup(mgt->u.reassoc_req.variable, 919 iwm->req_ie_len, GFP_KERNEL); 920 } else if (ieee80211_is_assoc_resp(mgt->frame_control)) { 921 iwm->resp_ie_len = le16_to_cpu(mgt_frame->len) 922 - offsetof(struct ieee80211_mgmt, 923 u.assoc_resp.variable); 924 kfree(iwm->resp_ie); 925 iwm->resp_ie = kmemdup(mgt->u.assoc_resp.variable, 926 iwm->resp_ie_len, GFP_KERNEL); 927 } else if (ieee80211_is_reassoc_resp(mgt->frame_control)) { 928 iwm->resp_ie_len = le16_to_cpu(mgt_frame->len) 929 - offsetof(struct ieee80211_mgmt, 930 u.reassoc_resp.variable); 931 kfree(iwm->resp_ie); 932 iwm->resp_ie = kmemdup(mgt->u.reassoc_resp.variable, 933 iwm->resp_ie_len, GFP_KERNEL); 934 } else { 935 IWM_ERR(iwm, "Unsupported management frame: 0x%x", 936 le16_to_cpu(mgt->frame_control)); 937 return 0; 938 } 939 940 return 0; 941} 942 943static int iwm_ntf_mlme(struct iwm_priv *iwm, u8 *buf, 944 unsigned long buf_size, struct iwm_wifi_cmd *cmd) 945{ 946 struct iwm_umac_notif_wifi_if *notif = 947 (struct iwm_umac_notif_wifi_if *)buf; 948 949 switch (notif->status) { 950 case WIFI_IF_NTFY_ASSOC_START: 951 return iwm_mlme_assoc_start(iwm, buf, buf_size, cmd); 952 case WIFI_IF_NTFY_ASSOC_COMPLETE: 953 return iwm_mlme_assoc_complete(iwm, buf, buf_size, cmd); 954 case WIFI_IF_NTFY_PROFILE_INVALIDATE_COMPLETE: 955 return iwm_mlme_profile_invalidate(iwm, buf, buf_size, cmd); 956 case WIFI_IF_NTFY_CONNECTION_TERMINATED: 957 return iwm_mlme_connection_terminated(iwm, buf, buf_size, cmd); 958 case WIFI_IF_NTFY_SCAN_COMPLETE: 959 return iwm_mlme_scan_complete(iwm, buf, buf_size, cmd); 960 case WIFI_IF_NTFY_STA_TABLE_CHANGE: 961 return iwm_mlme_update_sta_table(iwm, buf, buf_size, cmd); 962 case WIFI_IF_NTFY_EXTENDED_IE_REQUIRED: 963 IWM_DBG_MLME(iwm, DBG, "Extended IE required\n"); 964 break; 965 case WIFI_IF_NTFY_RADIO_PREEMPTION: 966 return iwm_mlme_medium_lost(iwm, buf, buf_size, cmd); 967 case WIFI_IF_NTFY_BSS_TRK_TABLE_CHANGED: 968 return iwm_mlme_update_bss_table(iwm, buf, buf_size, cmd); 969 case WIFI_IF_NTFY_BSS_TRK_ENTRIES_REMOVED: 970 return iwm_mlme_remove_bss(iwm, buf, buf_size, cmd); 971 break; 972 case WIFI_IF_NTFY_MGMT_FRAME: 973 return iwm_mlme_mgt_frame(iwm, buf, buf_size, cmd); 974 case WIFI_DBG_IF_NTFY_SCAN_SUPER_JOB_START: 975 case WIFI_DBG_IF_NTFY_SCAN_SUPER_JOB_COMPLETE: 976 case WIFI_DBG_IF_NTFY_SCAN_CHANNEL_START: 977 case WIFI_DBG_IF_NTFY_SCAN_CHANNEL_RESULT: 978 case WIFI_DBG_IF_NTFY_SCAN_MINI_JOB_START: 979 case WIFI_DBG_IF_NTFY_SCAN_MINI_JOB_COMPLETE: 980 case WIFI_DBG_IF_NTFY_CNCT_ATC_START: 981 case WIFI_DBG_IF_NTFY_COEX_NOTIFICATION: 982 case WIFI_DBG_IF_NTFY_COEX_HANDLE_ENVELOP: 983 case WIFI_DBG_IF_NTFY_COEX_HANDLE_RELEASE_ENVELOP: 984 IWM_DBG_MLME(iwm, DBG, "MLME debug notification: 0x%x\n", 985 notif->status); 986 break; 987 default: 988 IWM_ERR(iwm, "Unhandled notification: 0x%x\n", notif->status); 989 break; 990 } 991 992 return 0; 993} 994 995#define IWM_STATS_UPDATE_INTERVAL (2 * HZ) 996 997static int iwm_ntf_statistics(struct iwm_priv *iwm, u8 *buf, 998 unsigned long buf_size, struct iwm_wifi_cmd *cmd) 999{ 1000 struct iwm_umac_notif_stats *stats = (struct iwm_umac_notif_stats *)buf; 1001 struct iw_statistics *wstats = &iwm->wstats; 1002 u16 max_rate = 0; 1003 int i; 1004 1005 IWM_DBG_MLME(iwm, DBG, "Statistics notification received\n"); 1006 1007 if (test_bit(IWM_STATUS_ASSOCIATED, &iwm->status)) { 1008 for (i = 0; i < UMAC_NTF_RATE_SAMPLE_NR; i++) { 1009 max_rate = max_t(u16, max_rate, 1010 max(le16_to_cpu(stats->tx_rate[i]), 1011 le16_to_cpu(stats->rx_rate[i]))); 1012 } 1013 /* UMAC passes rate info multiplies by 2 */ 1014 iwm->rate = max_rate >> 1; 1015 } 1016 iwm->txpower = le32_to_cpu(stats->tx_power); 1017 1018 wstats->status = 0; 1019 1020 wstats->discard.nwid = le32_to_cpu(stats->rx_drop_other_bssid); 1021 wstats->discard.code = le32_to_cpu(stats->rx_drop_decode); 1022 wstats->discard.fragment = le32_to_cpu(stats->rx_drop_reassembly); 1023 wstats->discard.retries = le32_to_cpu(stats->tx_drop_max_retry); 1024 1025 wstats->miss.beacon = le32_to_cpu(stats->missed_beacons); 1026 1027 /* according to cfg80211 */ 1028 if (stats->rssi_dbm < -110) 1029 wstats->qual.qual = 0; 1030 else if (stats->rssi_dbm > -40) 1031 wstats->qual.qual = 70; 1032 else 1033 wstats->qual.qual = stats->rssi_dbm + 110; 1034 1035 wstats->qual.level = stats->rssi_dbm; 1036 wstats->qual.noise = stats->noise_dbm; 1037 wstats->qual.updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM; 1038 1039 schedule_delayed_work(&iwm->stats_request, IWM_STATS_UPDATE_INTERVAL); 1040 1041 mod_timer(&iwm->watchdog, round_jiffies(jiffies + IWM_WATCHDOG_PERIOD)); 1042 1043 return 0; 1044} 1045 1046static int iwm_ntf_eeprom_proxy(struct iwm_priv *iwm, u8 *buf, 1047 unsigned long buf_size, 1048 struct iwm_wifi_cmd *cmd) 1049{ 1050 struct iwm_umac_cmd_eeprom_proxy *eeprom_proxy = 1051 (struct iwm_umac_cmd_eeprom_proxy *) 1052 (buf + sizeof(struct iwm_umac_wifi_in_hdr)); 1053 struct iwm_umac_cmd_eeprom_proxy_hdr *hdr = &eeprom_proxy->hdr; 1054 u32 hdr_offset = le32_to_cpu(hdr->offset); 1055 u32 hdr_len = le32_to_cpu(hdr->len); 1056 u32 hdr_type = le32_to_cpu(hdr->type); 1057 1058 IWM_DBG_NTF(iwm, DBG, "type: 0x%x, len: %d, offset: 0x%x\n", 1059 hdr_type, hdr_len, hdr_offset); 1060 1061 if ((hdr_offset + hdr_len) > IWM_EEPROM_LEN) 1062 return -EINVAL; 1063 1064 switch (hdr_type) { 1065 case IWM_UMAC_CMD_EEPROM_TYPE_READ: 1066 memcpy(iwm->eeprom + hdr_offset, eeprom_proxy->buf, hdr_len); 1067 break; 1068 case IWM_UMAC_CMD_EEPROM_TYPE_WRITE: 1069 default: 1070 return -ENOTSUPP; 1071 } 1072 1073 return 0; 1074} 1075 1076static int iwm_ntf_channel_info_list(struct iwm_priv *iwm, u8 *buf, 1077 unsigned long buf_size, 1078 struct iwm_wifi_cmd *cmd) 1079{ 1080 struct iwm_umac_cmd_get_channel_list *ch_list = 1081 (struct iwm_umac_cmd_get_channel_list *) 1082 (buf + sizeof(struct iwm_umac_wifi_in_hdr)); 1083 struct wiphy *wiphy = iwm_to_wiphy(iwm); 1084 struct ieee80211_supported_band *band; 1085 int i; 1086 1087 band = wiphy->bands[IEEE80211_BAND_2GHZ]; 1088 1089 for (i = 0; i < band->n_channels; i++) { 1090 unsigned long ch_mask_0 = 1091 le32_to_cpu(ch_list->ch[0].channels_mask); 1092 unsigned long ch_mask_2 = 1093 le32_to_cpu(ch_list->ch[2].channels_mask); 1094 1095 if (!test_bit(i, &ch_mask_0)) 1096 band->channels[i].flags |= IEEE80211_CHAN_DISABLED; 1097 1098 if (!test_bit(i, &ch_mask_2)) 1099 band->channels[i].flags |= IEEE80211_CHAN_NO_IBSS; 1100 } 1101 1102 band = wiphy->bands[IEEE80211_BAND_5GHZ]; 1103 1104 for (i = 0; i < min(band->n_channels, 32); i++) { 1105 unsigned long ch_mask_1 = 1106 le32_to_cpu(ch_list->ch[1].channels_mask); 1107 unsigned long ch_mask_3 = 1108 le32_to_cpu(ch_list->ch[3].channels_mask); 1109 1110 if (!test_bit(i, &ch_mask_1)) 1111 band->channels[i].flags |= IEEE80211_CHAN_DISABLED; 1112 1113 if (!test_bit(i, &ch_mask_3)) 1114 band->channels[i].flags |= IEEE80211_CHAN_NO_IBSS; 1115 } 1116 1117 return 0; 1118} 1119 1120static int iwm_ntf_stop_resume_tx(struct iwm_priv *iwm, u8 *buf, 1121 unsigned long buf_size, 1122 struct iwm_wifi_cmd *cmd) 1123{ 1124 struct iwm_umac_notif_stop_resume_tx *stp_res_tx = 1125 (struct iwm_umac_notif_stop_resume_tx *)buf; 1126 struct iwm_sta_info *sta_info; 1127 struct iwm_tid_info *tid_info; 1128 u8 sta_id = STA_ID_N_COLOR_ID(stp_res_tx->sta_id); 1129 u16 tid_msk = le16_to_cpu(stp_res_tx->stop_resume_tid_msk); 1130 int bit, ret = 0; 1131 bool stop = false; 1132 1133 IWM_DBG_NTF(iwm, DBG, "stop/resume notification:\n" 1134 "\tflags: 0x%x\n" 1135 "\tSTA id: %d\n" 1136 "\tTID bitmask: 0x%x\n", 1137 stp_res_tx->flags, stp_res_tx->sta_id, 1138 stp_res_tx->stop_resume_tid_msk); 1139 1140 if (stp_res_tx->flags & UMAC_STOP_TX_FLAG) 1141 stop = true; 1142 1143 sta_info = &iwm->sta_table[sta_id]; 1144 if (!sta_info->valid) { 1145 IWM_ERR(iwm, "Stoping an invalid STA: %d %d\n", 1146 sta_id, stp_res_tx->sta_id); 1147 return -EINVAL; 1148 } 1149 1150 for_each_set_bit(bit, (unsigned long *)&tid_msk, IWM_UMAC_TID_NR) { 1151 tid_info = &sta_info->tid_info[bit]; 1152 1153 mutex_lock(&tid_info->mutex); 1154 tid_info->stopped = stop; 1155 mutex_unlock(&tid_info->mutex); 1156 1157 if (!stop) { 1158 struct iwm_tx_queue *txq; 1159 int queue = iwm_tid_to_queue(bit); 1160 1161 if (queue < 0) 1162 continue; 1163 1164 txq = &iwm->txq[queue]; 1165 /* 1166 * If we resume, we have to move our SKBs 1167 * back to the tx queue and queue some work. 1168 */ 1169 spin_lock_bh(&txq->lock); 1170 skb_queue_splice_init(&txq->queue, &txq->stopped_queue); 1171 spin_unlock_bh(&txq->lock); 1172 1173 queue_work(txq->wq, &txq->worker); 1174 } 1175 1176 } 1177 1178 /* We send an ACK only for the stop case */ 1179 if (stop) 1180 ret = iwm_send_umac_stop_resume_tx(iwm, stp_res_tx); 1181 1182 return ret; 1183} 1184 1185static int iwm_ntf_wifi_if_wrapper(struct iwm_priv *iwm, u8 *buf, 1186 unsigned long buf_size, 1187 struct iwm_wifi_cmd *cmd) 1188{ 1189 struct iwm_umac_wifi_if *hdr; 1190 1191 if (cmd == NULL) { 1192 IWM_ERR(iwm, "Couldn't find expected wifi command\n"); 1193 return -EINVAL; 1194 } 1195 1196 hdr = (struct iwm_umac_wifi_if *)cmd->buf.payload; 1197 1198 IWM_DBG_NTF(iwm, DBG, "WIFI_IF_WRAPPER cmd is delivered to UMAC: " 1199 "oid is 0x%x\n", hdr->oid); 1200 1201 set_bit(hdr->oid, &iwm->wifi_ntfy[0]); 1202 wake_up_interruptible(&iwm->wifi_ntfy_queue); 1203 1204 switch (hdr->oid) { 1205 case UMAC_WIFI_IF_CMD_SET_PROFILE: 1206 iwm->umac_profile_active = true; 1207 break; 1208 default: 1209 break; 1210 } 1211 1212 return 0; 1213} 1214 1215#define CT_KILL_DELAY (30 * HZ) 1216static int iwm_ntf_card_state(struct iwm_priv *iwm, u8 *buf, 1217 unsigned long buf_size, struct iwm_wifi_cmd *cmd) 1218{ 1219 struct wiphy *wiphy = iwm_to_wiphy(iwm); 1220 struct iwm_lmac_card_state *state = (struct iwm_lmac_card_state *) 1221 (buf + sizeof(struct iwm_umac_wifi_in_hdr)); 1222 u32 flags = le32_to_cpu(state->flags); 1223 1224 IWM_INFO(iwm, "HW RF Kill %s, CT Kill %s\n", 1225 flags & IWM_CARD_STATE_HW_DISABLED ? "ON" : "OFF", 1226 flags & IWM_CARD_STATE_CTKILL_DISABLED ? "ON" : "OFF"); 1227 1228 if (flags & IWM_CARD_STATE_CTKILL_DISABLED) { 1229 /* 1230 * We got a CTKILL event: We bring the interface down in 1231 * oder to cool the device down, and try to bring it up 1232 * 30 seconds later. If it's still too hot, we'll go through 1233 * this code path again. 1234 */ 1235 cancel_delayed_work_sync(&iwm->ct_kill_delay); 1236 schedule_delayed_work(&iwm->ct_kill_delay, CT_KILL_DELAY); 1237 } 1238 1239 wiphy_rfkill_set_hw_state(wiphy, flags & 1240 (IWM_CARD_STATE_HW_DISABLED | 1241 IWM_CARD_STATE_CTKILL_DISABLED)); 1242 1243 return 0; 1244} 1245 1246static int iwm_rx_handle_wifi(struct iwm_priv *iwm, u8 *buf, 1247 unsigned long buf_size) 1248{ 1249 struct iwm_umac_wifi_in_hdr *wifi_hdr; 1250 struct iwm_wifi_cmd *cmd; 1251 u8 source, cmd_id; 1252 u16 seq_num; 1253 u32 count; 1254 1255 wifi_hdr = (struct iwm_umac_wifi_in_hdr *)buf; 1256 cmd_id = wifi_hdr->sw_hdr.cmd.cmd; 1257 source = GET_VAL32(wifi_hdr->hw_hdr.cmd, UMAC_HDI_IN_CMD_SOURCE); 1258 if (source >= IWM_SRC_NUM) { 1259 IWM_CRIT(iwm, "invalid source %d\n", source); 1260 return -EINVAL; 1261 } 1262 1263 if (cmd_id == REPLY_RX_MPDU_CMD) 1264 trace_iwm_rx_packet(iwm, buf, buf_size); 1265 else if ((cmd_id == UMAC_NOTIFY_OPCODE_RX_TICKET) && 1266 (source == UMAC_HDI_IN_SOURCE_FW)) 1267 trace_iwm_rx_ticket(iwm, buf, buf_size); 1268 else 1269 trace_iwm_rx_wifi_cmd(iwm, wifi_hdr); 1270 1271 count = GET_VAL32(wifi_hdr->sw_hdr.meta_data, UMAC_FW_CMD_BYTE_COUNT); 1272 count += sizeof(struct iwm_umac_wifi_in_hdr) - 1273 sizeof(struct iwm_dev_cmd_hdr); 1274 if (count > buf_size) { 1275 IWM_CRIT(iwm, "count %d, buf size:%ld\n", count, buf_size); 1276 return -EINVAL; 1277 } 1278 1279 seq_num = le16_to_cpu(wifi_hdr->sw_hdr.cmd.seq_num); 1280 1281 IWM_DBG_RX(iwm, DBG, "CMD:0x%x, source: 0x%x, seqnum: %d\n", 1282 cmd_id, source, seq_num); 1283 1284 /* 1285 * If this is a response to a previously sent command, there must 1286 * be a pending command for this sequence number. 1287 */ 1288 cmd = iwm_get_pending_wifi_cmd(iwm, seq_num); 1289 1290 /* Notify the caller only for sync commands. */ 1291 switch (source) { 1292 case UMAC_HDI_IN_SOURCE_FHRX: 1293 if (iwm->lmac_handlers[cmd_id] && 1294 test_bit(cmd_id, &iwm->lmac_handler_map[0])) 1295 return iwm_notif_send(iwm, cmd, cmd_id, source, 1296 buf, count); 1297 break; 1298 case UMAC_HDI_IN_SOURCE_FW: 1299 if (iwm->umac_handlers[cmd_id] && 1300 test_bit(cmd_id, &iwm->umac_handler_map[0])) 1301 return iwm_notif_send(iwm, cmd, cmd_id, source, 1302 buf, count); 1303 break; 1304 case UMAC_HDI_IN_SOURCE_UDMA: 1305 break; 1306 } 1307 1308 return iwm_rx_handle_resp(iwm, buf, count, cmd); 1309} 1310 1311int iwm_rx_handle_resp(struct iwm_priv *iwm, u8 *buf, unsigned long buf_size, 1312 struct iwm_wifi_cmd *cmd) 1313{ 1314 u8 source, cmd_id; 1315 struct iwm_umac_wifi_in_hdr *wifi_hdr; 1316 int ret = 0; 1317 1318 wifi_hdr = (struct iwm_umac_wifi_in_hdr *)buf; 1319 cmd_id = wifi_hdr->sw_hdr.cmd.cmd; 1320 1321 source = GET_VAL32(wifi_hdr->hw_hdr.cmd, UMAC_HDI_IN_CMD_SOURCE); 1322 1323 IWM_DBG_RX(iwm, DBG, "CMD:0x%x, source: 0x%x\n", cmd_id, source); 1324 1325 switch (source) { 1326 case UMAC_HDI_IN_SOURCE_FHRX: 1327 if (iwm->lmac_handlers[cmd_id]) 1328 ret = iwm->lmac_handlers[cmd_id] 1329 (iwm, buf, buf_size, cmd); 1330 break; 1331 case UMAC_HDI_IN_SOURCE_FW: 1332 if (iwm->umac_handlers[cmd_id]) 1333 ret = iwm->umac_handlers[cmd_id] 1334 (iwm, buf, buf_size, cmd); 1335 break; 1336 case UMAC_HDI_IN_SOURCE_UDMA: 1337 ret = -EINVAL; 1338 break; 1339 } 1340 1341 kfree(cmd); 1342 1343 return ret; 1344} 1345 1346static int iwm_rx_handle_nonwifi(struct iwm_priv *iwm, u8 *buf, 1347 unsigned long buf_size) 1348{ 1349 u8 seq_num; 1350 struct iwm_udma_in_hdr *hdr = (struct iwm_udma_in_hdr *)buf; 1351 struct iwm_nonwifi_cmd *cmd; 1352 1353 trace_iwm_rx_nonwifi_cmd(iwm, buf, buf_size); 1354 seq_num = GET_VAL32(hdr->cmd, UDMA_HDI_IN_CMD_NON_WIFI_HW_SEQ_NUM); 1355 1356 /* 1357 * We received a non wifi answer. 1358 * Let's check if there's a pending command for it, and if so 1359 * replace the command payload with the buffer, and then wake the 1360 * callers up. 1361 * That means we only support synchronised non wifi command response 1362 * schemes. 1363 */ 1364 list_for_each_entry(cmd, &iwm->nonwifi_pending_cmd, pending) 1365 if (cmd->seq_num == seq_num) { 1366 cmd->resp_received = true; 1367 cmd->buf.len = buf_size; 1368 memcpy(cmd->buf.hdr, buf, buf_size); 1369 wake_up_interruptible(&iwm->nonwifi_queue); 1370 } 1371 1372 return 0; 1373} 1374 1375static int iwm_rx_handle_umac(struct iwm_priv *iwm, u8 *buf, 1376 unsigned long buf_size) 1377{ 1378 int ret = 0; 1379 u8 op_code; 1380 unsigned long buf_offset = 0; 1381 struct iwm_udma_in_hdr *hdr; 1382 1383 /* 1384 * To allow for a more efficient bus usage, UMAC 1385 * messages are encapsulated into UDMA ones. This 1386 * way we can have several UMAC messages in one bus 1387 * transfer. 1388 * A UDMA frame size is always aligned on 16 bytes, 1389 * and a UDMA frame must not start with a UMAC_PAD_TERMINAL 1390 * word. This is how we parse a bus frame into several 1391 * UDMA ones. 1392 */ 1393 while (buf_offset < buf_size) { 1394 1395 hdr = (struct iwm_udma_in_hdr *)(buf + buf_offset); 1396 1397 if (iwm_rx_check_udma_hdr(hdr) < 0) { 1398 IWM_DBG_RX(iwm, DBG, "End of frame\n"); 1399 break; 1400 } 1401 1402 op_code = GET_VAL32(hdr->cmd, UMAC_HDI_IN_CMD_OPCODE); 1403 1404 IWM_DBG_RX(iwm, DBG, "Op code: 0x%x\n", op_code); 1405 1406 if (op_code == UMAC_HDI_IN_OPCODE_WIFI) { 1407 ret |= iwm_rx_handle_wifi(iwm, buf + buf_offset, 1408 buf_size - buf_offset); 1409 } else if (op_code < UMAC_HDI_IN_OPCODE_NONWIFI_MAX) { 1410 if (GET_VAL32(hdr->cmd, 1411 UDMA_HDI_IN_CMD_NON_WIFI_HW_SIG) != 1412 UDMA_HDI_IN_CMD_NON_WIFI_HW_SIG) { 1413 IWM_ERR(iwm, "Incorrect hw signature\n"); 1414 return -EINVAL; 1415 } 1416 ret |= iwm_rx_handle_nonwifi(iwm, buf + buf_offset, 1417 buf_size - buf_offset); 1418 } else { 1419 IWM_ERR(iwm, "Invalid RX opcode: 0x%x\n", op_code); 1420 ret |= -EINVAL; 1421 } 1422 1423 buf_offset += iwm_rx_resp_size(hdr); 1424 } 1425 1426 return ret; 1427} 1428 1429int iwm_rx_handle(struct iwm_priv *iwm, u8 *buf, unsigned long buf_size) 1430{ 1431 struct iwm_udma_in_hdr *hdr; 1432 1433 hdr = (struct iwm_udma_in_hdr *)buf; 1434 1435 switch (le32_to_cpu(hdr->cmd)) { 1436 case UMAC_REBOOT_BARKER: 1437 if (test_bit(IWM_STATUS_READY, &iwm->status)) { 1438 IWM_ERR(iwm, "Unexpected BARKER\n"); 1439 1440 schedule_work(&iwm->reset_worker); 1441 1442 return 0; 1443 } 1444 1445 return iwm_notif_send(iwm, NULL, IWM_BARKER_REBOOT_NOTIFICATION, 1446 IWM_SRC_UDMA, buf, buf_size); 1447 case UMAC_ACK_BARKER: 1448 return iwm_notif_send(iwm, NULL, IWM_ACK_BARKER_NOTIFICATION, 1449 IWM_SRC_UDMA, NULL, 0); 1450 default: 1451 IWM_DBG_RX(iwm, DBG, "Received cmd: 0x%x\n", hdr->cmd); 1452 return iwm_rx_handle_umac(iwm, buf, buf_size); 1453 } 1454 1455 return 0; 1456} 1457 1458static const iwm_handler iwm_umac_handlers[] = 1459{ 1460 [UMAC_NOTIFY_OPCODE_ERROR] = iwm_ntf_error, 1461 [UMAC_NOTIFY_OPCODE_ALIVE] = iwm_ntf_umac_alive, 1462 [UMAC_NOTIFY_OPCODE_INIT_COMPLETE] = iwm_ntf_init_complete, 1463 [UMAC_NOTIFY_OPCODE_WIFI_CORE_STATUS] = iwm_ntf_wifi_status, 1464 [UMAC_NOTIFY_OPCODE_WIFI_IF_WRAPPER] = iwm_ntf_mlme, 1465 [UMAC_NOTIFY_OPCODE_PAGE_DEALLOC] = iwm_ntf_tx_credit_update, 1466 [UMAC_NOTIFY_OPCODE_RX_TICKET] = iwm_ntf_rx_ticket, 1467 [UMAC_CMD_OPCODE_RESET] = iwm_ntf_umac_reset, 1468 [UMAC_NOTIFY_OPCODE_STATS] = iwm_ntf_statistics, 1469 [UMAC_CMD_OPCODE_EEPROM_PROXY] = iwm_ntf_eeprom_proxy, 1470 [UMAC_CMD_OPCODE_GET_CHAN_INFO_LIST] = iwm_ntf_channel_info_list, 1471 [UMAC_CMD_OPCODE_STOP_RESUME_STA_TX] = iwm_ntf_stop_resume_tx, 1472 [REPLY_RX_MPDU_CMD] = iwm_ntf_rx_packet, 1473 [UMAC_CMD_OPCODE_WIFI_IF_WRAPPER] = iwm_ntf_wifi_if_wrapper, 1474}; 1475 1476static const iwm_handler iwm_lmac_handlers[] = 1477{ 1478 [REPLY_TX] = iwm_ntf_tx, 1479 [REPLY_ALIVE] = iwm_ntf_lmac_version, 1480 [CALIBRATION_RES_NOTIFICATION] = iwm_ntf_calib_res, 1481 [CALIBRATION_COMPLETE_NOTIFICATION] = iwm_ntf_calib_complete, 1482 [CALIBRATION_CFG_CMD] = iwm_ntf_calib_cfg, 1483 [REPLY_RX_MPDU_CMD] = iwm_ntf_rx_packet, 1484 [CARD_STATE_NOTIFICATION] = iwm_ntf_card_state, 1485}; 1486 1487void iwm_rx_setup_handlers(struct iwm_priv *iwm) 1488{ 1489 iwm->umac_handlers = (iwm_handler *) iwm_umac_handlers; 1490 iwm->lmac_handlers = (iwm_handler *) iwm_lmac_handlers; 1491} 1492 1493static void iwm_remove_iv(struct sk_buff *skb, u32 hdr_total_len) 1494{ 1495 struct ieee80211_hdr *hdr; 1496 unsigned int hdr_len; 1497 1498 hdr = (struct ieee80211_hdr *)skb->data; 1499 1500 if (!ieee80211_has_protected(hdr->frame_control)) 1501 return; 1502 1503 hdr_len = ieee80211_hdrlen(hdr->frame_control); 1504 if (hdr_total_len <= hdr_len) 1505 return; 1506 1507 memmove(skb->data + (hdr_total_len - hdr_len), skb->data, hdr_len); 1508 skb_pull(skb, (hdr_total_len - hdr_len)); 1509} 1510 1511static void iwm_rx_adjust_packet(struct iwm_priv *iwm, 1512 struct iwm_rx_packet *packet, 1513 struct iwm_rx_ticket_node *ticket_node) 1514{ 1515 u32 payload_offset = 0, payload_len; 1516 struct iwm_rx_ticket *ticket = ticket_node->ticket; 1517 struct iwm_rx_mpdu_hdr *mpdu_hdr; 1518 struct ieee80211_hdr *hdr; 1519 1520 mpdu_hdr = (struct iwm_rx_mpdu_hdr *)packet->skb->data; 1521 payload_offset += sizeof(struct iwm_rx_mpdu_hdr); 1522 /* Padding is 0 or 2 bytes */ 1523 payload_len = le16_to_cpu(mpdu_hdr->len) + 1524 (le16_to_cpu(ticket->flags) & IWM_RX_TICKET_PAD_SIZE_MSK); 1525 payload_len -= ticket->tail_len; 1526 1527 IWM_DBG_RX(iwm, DBG, "Packet adjusted, len:%d, offset:%d, " 1528 "ticket offset:%d ticket tail len:%d\n", 1529 payload_len, payload_offset, ticket->payload_offset, 1530 ticket->tail_len); 1531 1532 IWM_HEXDUMP(iwm, DBG, RX, "RAW: ", packet->skb->data, packet->skb->len); 1533 1534 skb_pull(packet->skb, payload_offset); 1535 skb_trim(packet->skb, payload_len); 1536 1537 iwm_remove_iv(packet->skb, ticket->payload_offset); 1538 1539 hdr = (struct ieee80211_hdr *) packet->skb->data; 1540 if (ieee80211_is_data_qos(hdr->frame_control)) { 1541 /* UMAC handed QOS_DATA frame with 2 padding bytes appended 1542 * to the qos_ctl field in IEEE 802.11 headers. */ 1543 memmove(packet->skb->data + IEEE80211_QOS_CTL_LEN + 2, 1544 packet->skb->data, 1545 ieee80211_hdrlen(hdr->frame_control) - 1546 IEEE80211_QOS_CTL_LEN); 1547 hdr = (struct ieee80211_hdr *) skb_pull(packet->skb, 1548 IEEE80211_QOS_CTL_LEN + 2); 1549 hdr->frame_control &= ~cpu_to_le16(IEEE80211_STYPE_QOS_DATA); 1550 } 1551 1552 IWM_HEXDUMP(iwm, DBG, RX, "ADJUSTED: ", 1553 packet->skb->data, packet->skb->len); 1554} 1555 1556static void classify8023(struct sk_buff *skb) 1557{ 1558 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1559 1560 if (ieee80211_is_data_qos(hdr->frame_control)) { 1561 u8 *qc = ieee80211_get_qos_ctl(hdr); 1562 /* frame has qos control */ 1563 skb->priority = *qc & IEEE80211_QOS_CTL_TID_MASK; 1564 } else { 1565 skb->priority = 0; 1566 } 1567} 1568 1569static void iwm_rx_process_amsdu(struct iwm_priv *iwm, struct sk_buff *skb) 1570{ 1571 struct wireless_dev *wdev = iwm_to_wdev(iwm); 1572 struct net_device *ndev = iwm_to_ndev(iwm); 1573 struct sk_buff_head list; 1574 struct sk_buff *frame; 1575 1576 IWM_HEXDUMP(iwm, DBG, RX, "A-MSDU: ", skb->data, skb->len); 1577 1578 __skb_queue_head_init(&list); 1579 ieee80211_amsdu_to_8023s(skb, &list, ndev->dev_addr, wdev->iftype, 0, 1580 true); 1581 1582 while ((frame = __skb_dequeue(&list))) { 1583 ndev->stats.rx_packets++; 1584 ndev->stats.rx_bytes += frame->len; 1585 1586 frame->protocol = eth_type_trans(frame, ndev); 1587 frame->ip_summed = CHECKSUM_NONE; 1588 memset(frame->cb, 0, sizeof(frame->cb)); 1589 1590 if (netif_rx_ni(frame) == NET_RX_DROP) { 1591 IWM_ERR(iwm, "Packet dropped\n"); 1592 ndev->stats.rx_dropped++; 1593 } 1594 } 1595} 1596 1597static void iwm_rx_process_packet(struct iwm_priv *iwm, 1598 struct iwm_rx_packet *packet, 1599 struct iwm_rx_ticket_node *ticket_node) 1600{ 1601 int ret; 1602 struct sk_buff *skb = packet->skb; 1603 struct wireless_dev *wdev = iwm_to_wdev(iwm); 1604 struct net_device *ndev = iwm_to_ndev(iwm); 1605 1606 IWM_DBG_RX(iwm, DBG, "Processing packet ID %d\n", packet->id); 1607 1608 switch (le16_to_cpu(ticket_node->ticket->action)) { 1609 case IWM_RX_TICKET_RELEASE: 1610 IWM_DBG_RX(iwm, DBG, "RELEASE packet\n"); 1611 1612 iwm_rx_adjust_packet(iwm, packet, ticket_node); 1613 skb->dev = iwm_to_ndev(iwm); 1614 classify8023(skb); 1615 1616 if (le16_to_cpu(ticket_node->ticket->flags) & 1617 IWM_RX_TICKET_AMSDU_MSK) { 1618 iwm_rx_process_amsdu(iwm, skb); 1619 break; 1620 } 1621 1622 ret = ieee80211_data_to_8023(skb, ndev->dev_addr, wdev->iftype); 1623 if (ret < 0) { 1624 IWM_DBG_RX(iwm, DBG, "Couldn't convert 802.11 header - " 1625 "%d\n", ret); 1626 kfree_skb(packet->skb); 1627 break; 1628 } 1629 1630 IWM_HEXDUMP(iwm, DBG, RX, "802.3: ", skb->data, skb->len); 1631 1632 ndev->stats.rx_packets++; 1633 ndev->stats.rx_bytes += skb->len; 1634 1635 skb->protocol = eth_type_trans(skb, ndev); 1636 skb->ip_summed = CHECKSUM_NONE; 1637 memset(skb->cb, 0, sizeof(skb->cb)); 1638 1639 if (netif_rx_ni(skb) == NET_RX_DROP) { 1640 IWM_ERR(iwm, "Packet dropped\n"); 1641 ndev->stats.rx_dropped++; 1642 } 1643 break; 1644 case IWM_RX_TICKET_DROP: 1645 IWM_DBG_RX(iwm, DBG, "DROP packet: 0x%x\n", 1646 le16_to_cpu(ticket_node->ticket->flags)); 1647 kfree_skb(packet->skb); 1648 break; 1649 default: 1650 IWM_ERR(iwm, "Unknown ticket action: %d\n", 1651 le16_to_cpu(ticket_node->ticket->action)); 1652 kfree_skb(packet->skb); 1653 } 1654 1655 kfree(packet); 1656 iwm_rx_ticket_node_free(ticket_node); 1657} 1658 1659/* 1660 * Rx data processing: 1661 * 1662 * We're receiving Rx packet from the LMAC, and Rx ticket from 1663 * the UMAC. 1664 * To forward a target data packet upstream (i.e. to the 1665 * kernel network stack), we must have received an Rx ticket 1666 * that tells us we're allowed to release this packet (ticket 1667 * action is IWM_RX_TICKET_RELEASE). The Rx ticket also indicates, 1668 * among other things, where valid data actually starts in the Rx 1669 * packet. 1670 */ 1671void iwm_rx_worker(struct work_struct *work) 1672{ 1673 struct iwm_priv *iwm; 1674 struct iwm_rx_ticket_node *ticket, *next; 1675 1676 iwm = container_of(work, struct iwm_priv, rx_worker); 1677 1678 /* 1679 * We go through the tickets list and if there is a pending 1680 * packet for it, we push it upstream. 1681 * We stop whenever a ticket is missing its packet, as we're 1682 * supposed to send the packets in order. 1683 */ 1684 spin_lock(&iwm->ticket_lock); 1685 list_for_each_entry_safe(ticket, next, &iwm->rx_tickets, node) { 1686 struct iwm_rx_packet *packet = 1687 iwm_rx_packet_get(iwm, le16_to_cpu(ticket->ticket->id)); 1688 1689 if (!packet) { 1690 IWM_DBG_RX(iwm, DBG, "Skip rx_work: Wait for ticket %d " 1691 "to be handled first\n", 1692 le16_to_cpu(ticket->ticket->id)); 1693 break; 1694 } 1695 1696 list_del(&ticket->node); 1697 iwm_rx_process_packet(iwm, packet, ticket); 1698 } 1699 spin_unlock(&iwm->ticket_lock); 1700} 1701 1702