/* * Atheros CARL9170 driver * * 802.11 & command trap routines * * Copyright 2008, Johannes Berg <johannes@sipsolutions.net> * Copyright 2009, 2010, Christian Lamparter <chunkeey@googlemail.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; see the file COPYING. If not, see * http://www.gnu.org/licenses/. * * This file incorporates work covered by the following copyright and * permission notice: * Copyright (c) 2007-2008 Atheros Communications, Inc. * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include <linux/slab.h> #include <linux/module.h> #include <linux/etherdevice.h> #include <linux/crc32.h> #include <net/mac80211.h> #include "carl9170.h" #include "hw.h" #include "cmd.h" static void carl9170_dbg_message(struct ar9170 *ar, const char *buf, u32 len) { bool restart = false; enum carl9170_restart_reasons reason = CARL9170_RR_NO_REASON; if (len > 3) { if (memcmp(buf, CARL9170_ERR_MAGIC, 3) == 0) { ar->fw.err_counter++; if (ar->fw.err_counter > 3) { restart = true; reason = CARL9170_RR_TOO_MANY_FIRMWARE_ERRORS; } } if (memcmp(buf, CARL9170_BUG_MAGIC, 3) == 0) { ar->fw.bug_counter++; restart = true; reason = CARL9170_RR_FATAL_FIRMWARE_ERROR; } } wiphy_info(ar->hw->wiphy, "FW: %.*s\n", len, buf); if (restart) carl9170_restart(ar, reason); } static void carl9170_handle_ps(struct ar9170 *ar, struct carl9170_rsp *rsp) { u32 ps; bool new_ps; ps = le32_to_cpu(rsp->psm.state); new_ps = (ps & CARL9170_PSM_COUNTER) != CARL9170_PSM_WAKE; if (ar->ps.state != new_ps) { if (!new_ps) { ar->ps.sleep_ms = jiffies_to_msecs(jiffies - ar->ps.last_action); } ar->ps.last_action = jiffies; ar->ps.state = new_ps; } } static int carl9170_check_sequence(struct ar9170 *ar, unsigned int seq) { if (ar->cmd_seq < -1) return 0; /* * Initialize Counter */ if (ar->cmd_seq < 0) ar->cmd_seq = seq; /* * The sequence is strictly monotonic increasing and it never skips! * * Therefore we can safely assume that whenever we received an * unexpected sequence we have lost some valuable data. */ if (seq != ar->cmd_seq) { int count; count = (seq - ar->cmd_seq) % ar->fw.cmd_bufs; wiphy_err(ar->hw->wiphy, "lost %d command responses/traps! " "w:%d g:%d\n", count, ar->cmd_seq, seq); carl9170_restart(ar, CARL9170_RR_LOST_RSP); return -EIO; } ar->cmd_seq = (ar->cmd_seq + 1) % ar->fw.cmd_bufs; return 0; } static void carl9170_cmd_callback(struct ar9170 *ar, u32 len, void *buffer) { /* * Some commands may have a variable response length * and we cannot predict the correct length in advance. * So we only check if we provided enough space for the data. */ if (unlikely(ar->readlen != (len - 4))) { dev_warn(&ar->udev->dev, "received invalid command response:" "got %d, instead of %d\n", len - 4, ar->readlen); print_hex_dump_bytes("carl9170 cmd:", DUMP_PREFIX_OFFSET, ar->cmd_buf, (ar->cmd.hdr.len + 4) & 0x3f); print_hex_dump_bytes("carl9170 rsp:", DUMP_PREFIX_OFFSET, buffer, len); /* * Do not complete. The command times out, * and we get a stack trace from there. */ carl9170_restart(ar, CARL9170_RR_INVALID_RSP); } spin_lock(&ar->cmd_lock); if (ar->readbuf) { if (len >= 4) memcpy(ar->readbuf, buffer + 4, len - 4); ar->readbuf = NULL; } complete(&ar->cmd_wait); spin_unlock(&ar->cmd_lock); } void carl9170_handle_command_response(struct ar9170 *ar, void *buf, u32 len) { struct carl9170_rsp *cmd = buf; struct ieee80211_vif *vif; if ((cmd->hdr.cmd & CARL9170_RSP_FLAG) != CARL9170_RSP_FLAG) { if (!(cmd->hdr.cmd & CARL9170_CMD_ASYNC_FLAG)) carl9170_cmd_callback(ar, len, buf); return; } if (unlikely(cmd->hdr.len != (len - 4))) { if (net_ratelimit()) { wiphy_err(ar->hw->wiphy, "FW: received over-/under" "sized event %x (%d, but should be %d).\n", cmd->hdr.cmd, cmd->hdr.len, len - 4); print_hex_dump_bytes("dump:", DUMP_PREFIX_NONE, buf, len); } return; } /* hardware event handlers */ switch (cmd->hdr.cmd) { case CARL9170_RSP_PRETBTT: /* pre-TBTT event */ rcu_read_lock(); vif = carl9170_get_main_vif(ar); if (!vif) { rcu_read_unlock(); break; } switch (vif->type) { case NL80211_IFTYPE_STATION: carl9170_handle_ps(ar, cmd); break; case NL80211_IFTYPE_AP: case NL80211_IFTYPE_ADHOC: case NL80211_IFTYPE_MESH_POINT: carl9170_update_beacon(ar, true); break; default: break; } rcu_read_unlock(); break; case CARL9170_RSP_TXCOMP: /* TX status notification */ carl9170_tx_process_status(ar, cmd); break; case CARL9170_RSP_BEACON_CONFIG: /* * (IBSS) beacon send notification * bytes: 04 c2 XX YY B4 B3 B2 B1 * * XX always 80 * YY always 00 * B1-B4 "should" be the number of send out beacons. */ break; case CARL9170_RSP_ATIM: /* End of Atim Window */ break; case CARL9170_RSP_WATCHDOG: /* Watchdog Interrupt */ carl9170_restart(ar, CARL9170_RR_WATCHDOG); break; case CARL9170_RSP_TEXT: /* firmware debug */ carl9170_dbg_message(ar, (char *)buf + 4, len - 4); break; case CARL9170_RSP_HEXDUMP: wiphy_dbg(ar->hw->wiphy, "FW: HD %d\n", len - 4); print_hex_dump_bytes("FW:", DUMP_PREFIX_NONE, (char *)buf + 4, len - 4); break; case CARL9170_RSP_RADAR: if (!net_ratelimit()) break; wiphy_info(ar->hw->wiphy, "FW: RADAR! Please report this " "incident to linux-wireless@vger.kernel.org !\n"); break; case CARL9170_RSP_GPIO: #ifdef CONFIG_CARL9170_WPC if (ar->wps.pbc) { bool state = !!(cmd->gpio.gpio & cpu_to_le32( AR9170_GPIO_PORT_WPS_BUTTON_PRESSED)); if (state != ar->wps.pbc_state) { ar->wps.pbc_state = state; input_report_key(ar->wps.pbc, KEY_WPS_BUTTON, state); input_sync(ar->wps.pbc); } } #endif /* CONFIG_CARL9170_WPC */ break; case CARL9170_RSP_BOOT: complete(&ar->fw_boot_wait); break; default: wiphy_err(ar->hw->wiphy, "FW: received unhandled event %x\n", cmd->hdr.cmd); print_hex_dump_bytes("dump:", DUMP_PREFIX_NONE, buf, len); break; } } static int carl9170_rx_mac_status(struct ar9170 *ar, struct ar9170_rx_head *head, struct ar9170_rx_macstatus *mac, struct ieee80211_rx_status *status) { struct ieee80211_channel *chan; u8 error, decrypt; BUILD_BUG_ON(sizeof(struct ar9170_rx_head) != 12); BUILD_BUG_ON(sizeof(struct ar9170_rx_macstatus) != 4); error = mac->error; if (error & AR9170_RX_ERROR_WRONG_RA) { if (!ar->sniffer_enabled) return -EINVAL; } if (error & AR9170_RX_ERROR_PLCP) { if (!(ar->filter_state & FIF_PLCPFAIL)) return -EINVAL; status->flag |= RX_FLAG_FAILED_PLCP_CRC; } if (error & AR9170_RX_ERROR_FCS) { ar->tx_fcs_errors++; if (!(ar->filter_state & FIF_FCSFAIL)) return -EINVAL; status->flag |= RX_FLAG_FAILED_FCS_CRC; } decrypt = ar9170_get_decrypt_type(mac); if (!(decrypt & AR9170_RX_ENC_SOFTWARE) && decrypt != AR9170_ENC_ALG_NONE) { if ((decrypt == AR9170_ENC_ALG_TKIP) && (error & AR9170_RX_ERROR_MMIC)) status->flag |= RX_FLAG_MMIC_ERROR; status->flag |= RX_FLAG_DECRYPTED; } if (error & AR9170_RX_ERROR_DECRYPT && !ar->sniffer_enabled) return -ENODATA; error &= ~(AR9170_RX_ERROR_MMIC | AR9170_RX_ERROR_FCS | AR9170_RX_ERROR_WRONG_RA | AR9170_RX_ERROR_DECRYPT | AR9170_RX_ERROR_PLCP); /* drop any other error frames */ if (unlikely(error)) { /* TODO: update netdevice's RX dropped/errors statistics */ if (net_ratelimit()) wiphy_dbg(ar->hw->wiphy, "received frame with " "suspicious error code (%#x).\n", error); return -EINVAL; } chan = ar->channel; if (chan) { status->band = chan->band; status->freq = chan->center_freq; } switch (mac->status & AR9170_RX_STATUS_MODULATION) { case AR9170_RX_STATUS_MODULATION_CCK: if (mac->status & AR9170_RX_STATUS_SHORT_PREAMBLE) status->flag |= RX_FLAG_SHORTPRE; switch (head->plcp[0]) { case AR9170_RX_PHY_RATE_CCK_1M: status->rate_idx = 0; break; case AR9170_RX_PHY_RATE_CCK_2M: status->rate_idx = 1; break; case AR9170_RX_PHY_RATE_CCK_5M: status->rate_idx = 2; break; case AR9170_RX_PHY_RATE_CCK_11M: status->rate_idx = 3; break; default: if (net_ratelimit()) { wiphy_err(ar->hw->wiphy, "invalid plcp cck " "rate (%x).\n", head->plcp[0]); } return -EINVAL; } break; case AR9170_RX_STATUS_MODULATION_DUPOFDM: case AR9170_RX_STATUS_MODULATION_OFDM: switch (head->plcp[0] & 0xf) { case AR9170_TXRX_PHY_RATE_OFDM_6M: status->rate_idx = 0; break; case AR9170_TXRX_PHY_RATE_OFDM_9M: status->rate_idx = 1; break; case AR9170_TXRX_PHY_RATE_OFDM_12M: status->rate_idx = 2; break; case AR9170_TXRX_PHY_RATE_OFDM_18M: status->rate_idx = 3; break; case AR9170_TXRX_PHY_RATE_OFDM_24M: status->rate_idx = 4; break; case AR9170_TXRX_PHY_RATE_OFDM_36M: status->rate_idx = 5; break; case AR9170_TXRX_PHY_RATE_OFDM_48M: status->rate_idx = 6; break; case AR9170_TXRX_PHY_RATE_OFDM_54M: status->rate_idx = 7; break; default: if (net_ratelimit()) { wiphy_err(ar->hw->wiphy, "invalid plcp ofdm " "rate (%x).\n", head->plcp[0]); } return -EINVAL; } if (status->band == IEEE80211_BAND_2GHZ) status->rate_idx += 4; break; case AR9170_RX_STATUS_MODULATION_HT: if (head->plcp[3] & 0x80) status->flag |= RX_FLAG_40MHZ; if (head->plcp[6] & 0x80) status->flag |= RX_FLAG_SHORT_GI; status->rate_idx = clamp(0, 75, head->plcp[3] & 0x7f); status->flag |= RX_FLAG_HT; break; default: BUG(); return -ENOSYS; } return 0; } static void carl9170_rx_phy_status(struct ar9170 *ar, struct ar9170_rx_phystatus *phy, struct ieee80211_rx_status *status) { int i; BUILD_BUG_ON(sizeof(struct ar9170_rx_phystatus) != 20); for (i = 0; i < 3; i++) if (phy->rssi[i] != 0x80) status->antenna |= BIT(i); /* post-process RSSI */ for (i = 0; i < 7; i++) if (phy->rssi[i] & 0x80) phy->rssi[i] = ((~phy->rssi[i] & 0x7f) + 1) & 0x7f; /* TODO: we could do something with phy_errors */ status->signal = ar->noise[0] + phy->rssi_combined; } static struct sk_buff *carl9170_rx_copy_data(u8 *buf, int len) { struct sk_buff *skb; int reserved = 0; struct ieee80211_hdr *hdr = (void *) buf; if (ieee80211_is_data_qos(hdr->frame_control)) { u8 *qc = ieee80211_get_qos_ctl(hdr); reserved += NET_IP_ALIGN; if (*qc & IEEE80211_QOS_CTL_A_MSDU_PRESENT) reserved += NET_IP_ALIGN; } if (ieee80211_has_a4(hdr->frame_control)) reserved += NET_IP_ALIGN; reserved = 32 + (reserved & NET_IP_ALIGN); skb = dev_alloc_skb(len + reserved); if (likely(skb)) { skb_reserve(skb, reserved); memcpy(skb_put(skb, len), buf, len); } return skb; } static u8 *carl9170_find_ie(u8 *data, unsigned int len, u8 ie) { struct ieee80211_mgmt *mgmt = (void *)data; u8 *pos, *end; pos = (u8 *)mgmt->u.beacon.variable; end = data + len; while (pos < end) { if (pos + 2 + pos[1] > end) return NULL; if (pos[0] == ie) return pos; pos += 2 + pos[1]; } return NULL; } /* * NOTE: * * The firmware is in charge of waking up the device just before * the AP is expected to transmit the next beacon. * * This leaves the driver with the important task of deciding when * to set the PHY back to bed again. */ static void carl9170_ps_beacon(struct ar9170 *ar, void *data, unsigned int len) { struct ieee80211_hdr *hdr = data; struct ieee80211_tim_ie *tim_ie; struct ath_common *common = &ar->common; u8 *tim; u8 tim_len; bool cam; if (likely(!(ar->hw->conf.flags & IEEE80211_CONF_PS))) return; /* min. beacon length + FCS_LEN */ if (len <= 40 + FCS_LEN) return; /* check if this really is a beacon */ /* and only beacons from the associated BSSID, please */ if (!ath_is_mybeacon(common, hdr) || !common->curaid) return; ar->ps.last_beacon = jiffies; tim = carl9170_find_ie(data, len - FCS_LEN, WLAN_EID_TIM); if (!tim) return; if (tim[1] < sizeof(*tim_ie)) return; tim_len = tim[1]; tim_ie = (struct ieee80211_tim_ie *) &tim[2]; if (!WARN_ON_ONCE(!ar->hw->conf.ps_dtim_period)) ar->ps.dtim_counter = (tim_ie->dtim_count - 1) % ar->hw->conf.ps_dtim_period; /* Check whenever the PHY can be turned off again. */ /* 1. What about buffered unicast traffic for our AID? */ cam = ieee80211_check_tim(tim_ie, tim_len, ar->common.curaid); /* 2. Maybe the AP wants to send multicast/broadcast data? */ cam |= !!(tim_ie->bitmap_ctrl & 0x01); if (!cam) { /* back to low-power land. */ ar->ps.off_override &= ~PS_OFF_BCN; carl9170_ps_check(ar); } else { /* force CAM */ ar->ps.off_override |= PS_OFF_BCN; } } static void carl9170_ba_check(struct ar9170 *ar, void *data, unsigned int len) { struct ieee80211_bar *bar = data; struct carl9170_bar_list_entry *entry; unsigned int queue; if (likely(!ieee80211_is_back(bar->frame_control))) return; if (len <= sizeof(*bar) + FCS_LEN) return; queue = TID_TO_WME_AC(((le16_to_cpu(bar->control) & IEEE80211_BAR_CTRL_TID_INFO_MASK) >> IEEE80211_BAR_CTRL_TID_INFO_SHIFT) & 7); rcu_read_lock(); list_for_each_entry_rcu(entry, &ar->bar_list[queue], list) { struct sk_buff *entry_skb = entry->skb; struct _carl9170_tx_superframe *super = (void *)entry_skb->data; struct ieee80211_bar *entry_bar = (void *)super->frame_data; #define TID_CHECK(a, b) ( \ ((a) & cpu_to_le16(IEEE80211_BAR_CTRL_TID_INFO_MASK)) == \ ((b) & cpu_to_le16(IEEE80211_BAR_CTRL_TID_INFO_MASK))) \ if (bar->start_seq_num == entry_bar->start_seq_num && TID_CHECK(bar->control, entry_bar->control) && ether_addr_equal_64bits(bar->ra, entry_bar->ta) && ether_addr_equal_64bits(bar->ta, entry_bar->ra)) { struct ieee80211_tx_info *tx_info; tx_info = IEEE80211_SKB_CB(entry_skb); tx_info->flags |= IEEE80211_TX_STAT_ACK; spin_lock_bh(&ar->bar_list_lock[queue]); list_del_rcu(&entry->list); spin_unlock_bh(&ar->bar_list_lock[queue]); kfree_rcu(entry, head); break; } } rcu_read_unlock(); #undef TID_CHECK } static bool carl9170_ampdu_check(struct ar9170 *ar, u8 *buf, u8 ms, struct ieee80211_rx_status *rx_status) { __le16 fc; if ((ms & AR9170_RX_STATUS_MPDU) == AR9170_RX_STATUS_MPDU_SINGLE) { /* * This frame is not part of an aMPDU. * Therefore it is not subjected to any * of the following content restrictions. */ return true; } rx_status->flag |= RX_FLAG_AMPDU_DETAILS | RX_FLAG_AMPDU_LAST_KNOWN; rx_status->ampdu_reference = ar->ampdu_ref; /* * "802.11n - 7.4a.3 A-MPDU contents" describes in which contexts * certain frame types can be part of an aMPDU. * * In order to keep the processing cost down, I opted for a * stateless filter solely based on the frame control field. */ fc = ((struct ieee80211_hdr *)buf)->frame_control; if (ieee80211_is_data_qos(fc) && ieee80211_is_data_present(fc)) return true; if (ieee80211_is_ack(fc) || ieee80211_is_back(fc) || ieee80211_is_back_req(fc)) return true; if (ieee80211_is_action(fc)) return true; return false; } static int carl9170_handle_mpdu(struct ar9170 *ar, u8 *buf, int len, struct ieee80211_rx_status *status) { struct sk_buff *skb; /* (driver) frame trap handler * * Because power-saving mode handing has to be implemented by * the driver/firmware. We have to check each incoming beacon * from the associated AP, if there's new data for us (either * broadcast/multicast or unicast) we have to react quickly. * * So, if you have you want to add additional frame trap * handlers, this would be the perfect place! */ carl9170_ps_beacon(ar, buf, len); carl9170_ba_check(ar, buf, len); skb = carl9170_rx_copy_data(buf, len); if (!skb) return -ENOMEM; memcpy(IEEE80211_SKB_RXCB(skb), status, sizeof(*status)); ieee80211_rx(ar->hw, skb); return 0; } /* * If the frame alignment is right (or the kernel has * CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS), and there * is only a single MPDU in the USB frame, then we could * submit to mac80211 the SKB directly. However, since * there may be multiple packets in one SKB in stream * mode, and we need to observe the proper ordering, * this is non-trivial. */ static void carl9170_rx_untie_data(struct ar9170 *ar, u8 *buf, int len) { struct ar9170_rx_head *head; struct ar9170_rx_macstatus *mac; struct ar9170_rx_phystatus *phy = NULL; struct ieee80211_rx_status status; int mpdu_len; u8 mac_status; if (!IS_STARTED(ar)) return; if (unlikely(len < sizeof(*mac))) goto drop; memset(&status, 0, sizeof(status)); mpdu_len = len - sizeof(*mac); mac = (void *)(buf + mpdu_len); mac_status = mac->status; switch (mac_status & AR9170_RX_STATUS_MPDU) { case AR9170_RX_STATUS_MPDU_FIRST: ar->ampdu_ref++; /* Aggregated MPDUs start with an PLCP header */ if (likely(mpdu_len >= sizeof(struct ar9170_rx_head))) { head = (void *) buf; /* * The PLCP header needs to be cached for the * following MIDDLE + LAST A-MPDU packets. * * So, if you are wondering why all frames seem * to share a common RX status information, * then you have the answer right here... */ memcpy(&ar->rx_plcp, (void *) buf, sizeof(struct ar9170_rx_head)); mpdu_len -= sizeof(struct ar9170_rx_head); buf += sizeof(struct ar9170_rx_head); ar->rx_has_plcp = true; } else { if (net_ratelimit()) { wiphy_err(ar->hw->wiphy, "plcp info " "is clipped.\n"); } goto drop; } break; case AR9170_RX_STATUS_MPDU_LAST: status.flag |= RX_FLAG_AMPDU_IS_LAST; /* * The last frame of an A-MPDU has an extra tail * which does contain the phy status of the whole * aggregate. */ if (likely(mpdu_len >= sizeof(struct ar9170_rx_phystatus))) { mpdu_len -= sizeof(struct ar9170_rx_phystatus); phy = (void *)(buf + mpdu_len); } else { if (net_ratelimit()) { wiphy_err(ar->hw->wiphy, "frame tail " "is clipped.\n"); } goto drop; } case AR9170_RX_STATUS_MPDU_MIDDLE: /* These are just data + mac status */ if (unlikely(!ar->rx_has_plcp)) { if (!net_ratelimit()) return; wiphy_err(ar->hw->wiphy, "rx stream does not start " "with a first_mpdu frame tag.\n"); goto drop; } head = &ar->rx_plcp; break; case AR9170_RX_STATUS_MPDU_SINGLE: /* single mpdu has both: plcp (head) and phy status (tail) */ head = (void *) buf; mpdu_len -= sizeof(struct ar9170_rx_head); mpdu_len -= sizeof(struct ar9170_rx_phystatus); buf += sizeof(struct ar9170_rx_head); phy = (void *)(buf + mpdu_len); break; default: BUG_ON(1); break; } /* FC + DU + RA + FCS */ if (unlikely(mpdu_len < (2 + 2 + ETH_ALEN + FCS_LEN))) goto drop; if (unlikely(carl9170_rx_mac_status(ar, head, mac, &status))) goto drop; if (!carl9170_ampdu_check(ar, buf, mac_status, &status)) goto drop; if (phy) carl9170_rx_phy_status(ar, phy, &status); else status.flag |= RX_FLAG_NO_SIGNAL_VAL; if (carl9170_handle_mpdu(ar, buf, mpdu_len, &status)) goto drop; return; drop: ar->rx_dropped++; } static void carl9170_rx_untie_cmds(struct ar9170 *ar, const u8 *respbuf, const unsigned int resplen) { struct carl9170_rsp *cmd; int i = 0; while (i < resplen) { cmd = (void *) &respbuf[i]; i += cmd->hdr.len + 4; if (unlikely(i > resplen)) break; if (carl9170_check_sequence(ar, cmd->hdr.seq)) break; carl9170_handle_command_response(ar, cmd, cmd->hdr.len + 4); } if (unlikely(i != resplen)) { if (!net_ratelimit()) return; wiphy_err(ar->hw->wiphy, "malformed firmware trap:\n"); print_hex_dump_bytes("rxcmd:", DUMP_PREFIX_OFFSET, respbuf, resplen); } } static void __carl9170_rx(struct ar9170 *ar, u8 *buf, unsigned int len) { unsigned int i = 0; /* weird thing, but this is the same in the original driver */ while (len > 2 && i < 12 && buf[0] == 0xff && buf[1] == 0xff) { i += 2; len -= 2; buf += 2; } if (unlikely(len < 4)) return; /* found the 6 * 0xffff marker? */ if (i == 12) carl9170_rx_untie_cmds(ar, buf, len); else carl9170_rx_untie_data(ar, buf, len); } static void carl9170_rx_stream(struct ar9170 *ar, void *buf, unsigned int len) { unsigned int tlen, wlen = 0, clen = 0; struct ar9170_stream *rx_stream; u8 *tbuf; tbuf = buf; tlen = len; while (tlen >= 4) { rx_stream = (void *) tbuf; clen = le16_to_cpu(rx_stream->length); wlen = ALIGN(clen, 4); /* check if this is stream has a valid tag.*/ if (rx_stream->tag != cpu_to_le16(AR9170_RX_STREAM_TAG)) { /* * TODO: handle the highly unlikely event that the * corrupted stream has the TAG at the right position. */ /* check if the frame can be repaired. */ if (!ar->rx_failover_missing) { /* this is not "short read". */ if (net_ratelimit()) { wiphy_err(ar->hw->wiphy, "missing tag!\n"); } __carl9170_rx(ar, tbuf, tlen); return; } if (ar->rx_failover_missing > tlen) { if (net_ratelimit()) { wiphy_err(ar->hw->wiphy, "possible multi " "stream corruption!\n"); goto err_telluser; } else { goto err_silent; } } memcpy(skb_put(ar->rx_failover, tlen), tbuf, tlen); ar->rx_failover_missing -= tlen; if (ar->rx_failover_missing <= 0) { /* * nested carl9170_rx_stream call! * * termination is guaranteed, even when the * combined frame also have an element with * a bad tag. */ ar->rx_failover_missing = 0; carl9170_rx_stream(ar, ar->rx_failover->data, ar->rx_failover->len); skb_reset_tail_pointer(ar->rx_failover); skb_trim(ar->rx_failover, 0); } return; } /* check if stream is clipped */ if (wlen > tlen - 4) { if (ar->rx_failover_missing) { /* TODO: handle double stream corruption. */ if (net_ratelimit()) { wiphy_err(ar->hw->wiphy, "double rx " "stream corruption!\n"); goto err_telluser; } else { goto err_silent; } } /* * save incomplete data set. * the firmware will resend the missing bits when * the rx - descriptor comes round again. */ memcpy(skb_put(ar->rx_failover, tlen), tbuf, tlen); ar->rx_failover_missing = clen - tlen; return; } __carl9170_rx(ar, rx_stream->payload, clen); tbuf += wlen + 4; tlen -= wlen + 4; } if (tlen) { if (net_ratelimit()) { wiphy_err(ar->hw->wiphy, "%d bytes of unprocessed " "data left in rx stream!\n", tlen); } goto err_telluser; } return; err_telluser: wiphy_err(ar->hw->wiphy, "damaged RX stream data [want:%d, " "data:%d, rx:%d, pending:%d ]\n", clen, wlen, tlen, ar->rx_failover_missing); if (ar->rx_failover_missing) print_hex_dump_bytes("rxbuf:", DUMP_PREFIX_OFFSET, ar->rx_failover->data, ar->rx_failover->len); print_hex_dump_bytes("stream:", DUMP_PREFIX_OFFSET, buf, len); wiphy_err(ar->hw->wiphy, "please check your hardware and cables, if " "you see this message frequently.\n"); err_silent: if (ar->rx_failover_missing) { skb_reset_tail_pointer(ar->rx_failover); skb_trim(ar->rx_failover, 0); ar->rx_failover_missing = 0; } } void carl9170_rx(struct ar9170 *ar, void *buf, unsigned int len) { if (ar->fw.rx_stream) carl9170_rx_stream(ar, buf, len); else __carl9170_rx(ar, buf, len); }