Loading...
Note: File does not exist in v3.5.6.
1/******************************************************************************
2 *
3 * Copyright(c) 2003 - 2011 Intel Corporation. All rights reserved.
4 *
5 * Portions of this file are derived from the ipw3945 project, as well
6 * as portions of the ieee80211 subsystem header files.
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of version 2 of the GNU General Public License as
10 * published by the Free Software Foundation.
11 *
12 * This program is distributed in the hope that it will be useful, but WITHOUT
13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * more details.
16 *
17 * You should have received a copy of the GNU General Public License along with
18 * this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110, USA
20 *
21 * The full GNU General Public License is included in this distribution in the
22 * file called LICENSE.
23 *
24 * Contact Information:
25 * Intel Linux Wireless <ilw@linux.intel.com>
26 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
27 *
28 *****************************************************************************/
29
30#include <linux/etherdevice.h>
31#include <linux/slab.h>
32#include <linux/sched.h>
33#include <net/mac80211.h>
34#include <asm/unaligned.h>
35#include "iwl-eeprom.h"
36#include "iwl-dev.h"
37#include "iwl-core.h"
38#include "iwl-sta.h"
39#include "iwl-io.h"
40#include "iwl-helpers.h"
41#include "iwl-agn-calib.h"
42#include "iwl-agn.h"
43
44
45/******************************************************************************
46 *
47 * Generic RX handler implementations
48 *
49 ******************************************************************************/
50
51static void iwl_rx_reply_error(struct iwl_priv *priv,
52 struct iwl_rx_mem_buffer *rxb)
53{
54 struct iwl_rx_packet *pkt = rxb_addr(rxb);
55
56 IWL_ERR(priv, "Error Reply type 0x%08X cmd %s (0x%02X) "
57 "seq 0x%04X ser 0x%08X\n",
58 le32_to_cpu(pkt->u.err_resp.error_type),
59 get_cmd_string(pkt->u.err_resp.cmd_id),
60 pkt->u.err_resp.cmd_id,
61 le16_to_cpu(pkt->u.err_resp.bad_cmd_seq_num),
62 le32_to_cpu(pkt->u.err_resp.error_info));
63}
64
65static void iwl_rx_csa(struct iwl_priv *priv, struct iwl_rx_mem_buffer *rxb)
66{
67 struct iwl_rx_packet *pkt = rxb_addr(rxb);
68 struct iwl_csa_notification *csa = &(pkt->u.csa_notif);
69 /*
70 * MULTI-FIXME
71 * See iwl_mac_channel_switch.
72 */
73 struct iwl_rxon_context *ctx = &priv->contexts[IWL_RXON_CTX_BSS];
74 struct iwl_rxon_cmd *rxon = (void *)&ctx->active;
75
76 if (!test_bit(STATUS_CHANNEL_SWITCH_PENDING, &priv->status))
77 return;
78
79 if (!le32_to_cpu(csa->status) && csa->channel == priv->switch_channel) {
80 rxon->channel = csa->channel;
81 ctx->staging.channel = csa->channel;
82 IWL_DEBUG_11H(priv, "CSA notif: channel %d\n",
83 le16_to_cpu(csa->channel));
84 iwl_chswitch_done(priv, true);
85 } else {
86 IWL_ERR(priv, "CSA notif (fail) : channel %d\n",
87 le16_to_cpu(csa->channel));
88 iwl_chswitch_done(priv, false);
89 }
90}
91
92
93static void iwl_rx_spectrum_measure_notif(struct iwl_priv *priv,
94 struct iwl_rx_mem_buffer *rxb)
95{
96 struct iwl_rx_packet *pkt = rxb_addr(rxb);
97 struct iwl_spectrum_notification *report = &(pkt->u.spectrum_notif);
98
99 if (!report->state) {
100 IWL_DEBUG_11H(priv,
101 "Spectrum Measure Notification: Start\n");
102 return;
103 }
104
105 memcpy(&priv->measure_report, report, sizeof(*report));
106 priv->measurement_status |= MEASUREMENT_READY;
107}
108
109static void iwl_rx_pm_sleep_notif(struct iwl_priv *priv,
110 struct iwl_rx_mem_buffer *rxb)
111{
112#ifdef CONFIG_IWLWIFI_DEBUG
113 struct iwl_rx_packet *pkt = rxb_addr(rxb);
114 struct iwl_sleep_notification *sleep = &(pkt->u.sleep_notif);
115 IWL_DEBUG_RX(priv, "sleep mode: %d, src: %d\n",
116 sleep->pm_sleep_mode, sleep->pm_wakeup_src);
117#endif
118}
119
120static void iwl_rx_pm_debug_statistics_notif(struct iwl_priv *priv,
121 struct iwl_rx_mem_buffer *rxb)
122{
123 struct iwl_rx_packet *pkt = rxb_addr(rxb);
124 u32 len = le32_to_cpu(pkt->len_n_flags) & FH_RSCSR_FRAME_SIZE_MSK;
125 IWL_DEBUG_RADIO(priv, "Dumping %d bytes of unhandled "
126 "notification for %s:\n", len,
127 get_cmd_string(pkt->hdr.cmd));
128 iwl_print_hex_dump(priv, IWL_DL_RADIO, pkt->u.raw, len);
129}
130
131static void iwl_rx_beacon_notif(struct iwl_priv *priv,
132 struct iwl_rx_mem_buffer *rxb)
133{
134 struct iwl_rx_packet *pkt = rxb_addr(rxb);
135 struct iwlagn_beacon_notif *beacon = (void *)pkt->u.raw;
136#ifdef CONFIG_IWLWIFI_DEBUG
137 u16 status = le16_to_cpu(beacon->beacon_notify_hdr.status.status);
138 u8 rate = iwl_hw_get_rate(beacon->beacon_notify_hdr.rate_n_flags);
139
140 IWL_DEBUG_RX(priv, "beacon status %#x, retries:%d ibssmgr:%d "
141 "tsf:0x%.8x%.8x rate:%d\n",
142 status & TX_STATUS_MSK,
143 beacon->beacon_notify_hdr.failure_frame,
144 le32_to_cpu(beacon->ibss_mgr_status),
145 le32_to_cpu(beacon->high_tsf),
146 le32_to_cpu(beacon->low_tsf), rate);
147#endif
148
149 priv->ibss_manager = le32_to_cpu(beacon->ibss_mgr_status);
150
151 if (!test_bit(STATUS_EXIT_PENDING, &priv->status))
152 queue_work(priv->workqueue, &priv->beacon_update);
153}
154
155/* the threshold ratio of actual_ack_cnt to expected_ack_cnt in percent */
156#define ACK_CNT_RATIO (50)
157#define BA_TIMEOUT_CNT (5)
158#define BA_TIMEOUT_MAX (16)
159
160/**
161 * iwl_good_ack_health - checks for ACK count ratios, BA timeout retries.
162 *
163 * When the ACK count ratio is low and aggregated BA timeout retries exceeding
164 * the BA_TIMEOUT_MAX, reload firmware and bring system back to normal
165 * operation state.
166 */
167static bool iwl_good_ack_health(struct iwl_priv *priv,
168 struct statistics_tx *cur)
169{
170 int actual_delta, expected_delta, ba_timeout_delta;
171 struct statistics_tx *old;
172
173 if (priv->agg_tids_count)
174 return true;
175
176 old = &priv->statistics.tx;
177
178 actual_delta = le32_to_cpu(cur->actual_ack_cnt) -
179 le32_to_cpu(old->actual_ack_cnt);
180 expected_delta = le32_to_cpu(cur->expected_ack_cnt) -
181 le32_to_cpu(old->expected_ack_cnt);
182
183 /* Values should not be negative, but we do not trust the firmware */
184 if (actual_delta <= 0 || expected_delta <= 0)
185 return true;
186
187 ba_timeout_delta = le32_to_cpu(cur->agg.ba_timeout) -
188 le32_to_cpu(old->agg.ba_timeout);
189
190 if ((actual_delta * 100 / expected_delta) < ACK_CNT_RATIO &&
191 ba_timeout_delta > BA_TIMEOUT_CNT) {
192 IWL_DEBUG_RADIO(priv, "deltas: actual %d expected %d ba_timeout %d\n",
193 actual_delta, expected_delta, ba_timeout_delta);
194
195#ifdef CONFIG_IWLWIFI_DEBUGFS
196 /*
197 * This is ifdef'ed on DEBUGFS because otherwise the
198 * statistics aren't available. If DEBUGFS is set but
199 * DEBUG is not, these will just compile out.
200 */
201 IWL_DEBUG_RADIO(priv, "rx_detected_cnt delta %d\n",
202 priv->delta_stats.tx.rx_detected_cnt);
203 IWL_DEBUG_RADIO(priv,
204 "ack_or_ba_timeout_collision delta %d\n",
205 priv->delta_stats.tx.ack_or_ba_timeout_collision);
206#endif
207
208 if (ba_timeout_delta >= BA_TIMEOUT_MAX)
209 return false;
210 }
211
212 return true;
213}
214
215/**
216 * iwl_good_plcp_health - checks for plcp error.
217 *
218 * When the plcp error is exceeding the thresholds, reset the radio
219 * to improve the throughput.
220 */
221static bool iwl_good_plcp_health(struct iwl_priv *priv,
222 struct statistics_rx_phy *cur_ofdm,
223 struct statistics_rx_ht_phy *cur_ofdm_ht,
224 unsigned int msecs)
225{
226 int delta;
227 int threshold = priv->cfg->base_params->plcp_delta_threshold;
228
229 if (threshold == IWL_MAX_PLCP_ERR_THRESHOLD_DISABLE) {
230 IWL_DEBUG_RADIO(priv, "plcp_err check disabled\n");
231 return true;
232 }
233
234 delta = le32_to_cpu(cur_ofdm->plcp_err) -
235 le32_to_cpu(priv->statistics.rx_ofdm.plcp_err) +
236 le32_to_cpu(cur_ofdm_ht->plcp_err) -
237 le32_to_cpu(priv->statistics.rx_ofdm_ht.plcp_err);
238
239 /* Can be negative if firmware reset statistics */
240 if (delta <= 0)
241 return true;
242
243 if ((delta * 100 / msecs) > threshold) {
244 IWL_DEBUG_RADIO(priv,
245 "plcp health threshold %u delta %d msecs %u\n",
246 threshold, delta, msecs);
247 return false;
248 }
249
250 return true;
251}
252
253static void iwl_recover_from_statistics(struct iwl_priv *priv,
254 struct statistics_rx_phy *cur_ofdm,
255 struct statistics_rx_ht_phy *cur_ofdm_ht,
256 struct statistics_tx *tx,
257 unsigned long stamp)
258{
259 unsigned int msecs;
260
261 if (test_bit(STATUS_EXIT_PENDING, &priv->status))
262 return;
263
264 msecs = jiffies_to_msecs(stamp - priv->rx_statistics_jiffies);
265
266 /* Only gather statistics and update time stamp when not associated */
267 if (!iwl_is_any_associated(priv))
268 return;
269
270 /* Do not check/recover when do not have enough statistics data */
271 if (msecs < 99)
272 return;
273
274 if (iwlagn_mod_params.ack_check && !iwl_good_ack_health(priv, tx)) {
275 IWL_ERR(priv, "low ack count detected, restart firmware\n");
276 if (!iwl_force_reset(priv, IWL_FW_RESET, false))
277 return;
278 }
279
280 if (iwlagn_mod_params.plcp_check &&
281 !iwl_good_plcp_health(priv, cur_ofdm, cur_ofdm_ht, msecs))
282 iwl_force_reset(priv, IWL_RF_RESET, false);
283}
284
285/* Calculate noise level, based on measurements during network silence just
286 * before arriving beacon. This measurement can be done only if we know
287 * exactly when to expect beacons, therefore only when we're associated. */
288static void iwl_rx_calc_noise(struct iwl_priv *priv)
289{
290 struct statistics_rx_non_phy *rx_info;
291 int num_active_rx = 0;
292 int total_silence = 0;
293 int bcn_silence_a, bcn_silence_b, bcn_silence_c;
294 int last_rx_noise;
295
296 rx_info = &priv->statistics.rx_non_phy;
297
298 bcn_silence_a =
299 le32_to_cpu(rx_info->beacon_silence_rssi_a) & IN_BAND_FILTER;
300 bcn_silence_b =
301 le32_to_cpu(rx_info->beacon_silence_rssi_b) & IN_BAND_FILTER;
302 bcn_silence_c =
303 le32_to_cpu(rx_info->beacon_silence_rssi_c) & IN_BAND_FILTER;
304
305 if (bcn_silence_a) {
306 total_silence += bcn_silence_a;
307 num_active_rx++;
308 }
309 if (bcn_silence_b) {
310 total_silence += bcn_silence_b;
311 num_active_rx++;
312 }
313 if (bcn_silence_c) {
314 total_silence += bcn_silence_c;
315 num_active_rx++;
316 }
317
318 /* Average among active antennas */
319 if (num_active_rx)
320 last_rx_noise = (total_silence / num_active_rx) - 107;
321 else
322 last_rx_noise = IWL_NOISE_MEAS_NOT_AVAILABLE;
323
324 IWL_DEBUG_CALIB(priv, "inband silence a %u, b %u, c %u, dBm %d\n",
325 bcn_silence_a, bcn_silence_b, bcn_silence_c,
326 last_rx_noise);
327}
328
329#ifdef CONFIG_IWLWIFI_DEBUGFS
330/*
331 * based on the assumption of all statistics counter are in DWORD
332 * FIXME: This function is for debugging, do not deal with
333 * the case of counters roll-over.
334 */
335static void accum_stats(__le32 *prev, __le32 *cur, __le32 *delta,
336 __le32 *max_delta, __le32 *accum, int size)
337{
338 int i;
339
340 for (i = 0;
341 i < size / sizeof(__le32);
342 i++, prev++, cur++, delta++, max_delta++, accum++) {
343 if (le32_to_cpu(*cur) > le32_to_cpu(*prev)) {
344 *delta = cpu_to_le32(
345 le32_to_cpu(*cur) - le32_to_cpu(*prev));
346 le32_add_cpu(accum, le32_to_cpu(*delta));
347 if (le32_to_cpu(*delta) > le32_to_cpu(*max_delta))
348 *max_delta = *delta;
349 }
350 }
351}
352
353static void
354iwl_accumulative_statistics(struct iwl_priv *priv,
355 struct statistics_general_common *common,
356 struct statistics_rx_non_phy *rx_non_phy,
357 struct statistics_rx_phy *rx_ofdm,
358 struct statistics_rx_ht_phy *rx_ofdm_ht,
359 struct statistics_rx_phy *rx_cck,
360 struct statistics_tx *tx,
361 struct statistics_bt_activity *bt_activity)
362{
363#define ACCUM(_name) \
364 accum_stats((__le32 *)&priv->statistics._name, \
365 (__le32 *)_name, \
366 (__le32 *)&priv->delta_stats._name, \
367 (__le32 *)&priv->max_delta_stats._name, \
368 (__le32 *)&priv->accum_stats._name, \
369 sizeof(*_name));
370
371 ACCUM(common);
372 ACCUM(rx_non_phy);
373 ACCUM(rx_ofdm);
374 ACCUM(rx_ofdm_ht);
375 ACCUM(rx_cck);
376 ACCUM(tx);
377 if (bt_activity)
378 ACCUM(bt_activity);
379#undef ACCUM
380}
381#else
382static inline void
383iwl_accumulative_statistics(struct iwl_priv *priv,
384 struct statistics_general_common *common,
385 struct statistics_rx_non_phy *rx_non_phy,
386 struct statistics_rx_phy *rx_ofdm,
387 struct statistics_rx_ht_phy *rx_ofdm_ht,
388 struct statistics_rx_phy *rx_cck,
389 struct statistics_tx *tx,
390 struct statistics_bt_activity *bt_activity)
391{
392}
393#endif
394
395static void iwl_rx_statistics(struct iwl_priv *priv,
396 struct iwl_rx_mem_buffer *rxb)
397{
398 unsigned long stamp = jiffies;
399 const int reg_recalib_period = 60;
400 int change;
401 struct iwl_rx_packet *pkt = rxb_addr(rxb);
402 u32 len = le32_to_cpu(pkt->len_n_flags) & FH_RSCSR_FRAME_SIZE_MSK;
403 __le32 *flag;
404 struct statistics_general_common *common;
405 struct statistics_rx_non_phy *rx_non_phy;
406 struct statistics_rx_phy *rx_ofdm;
407 struct statistics_rx_ht_phy *rx_ofdm_ht;
408 struct statistics_rx_phy *rx_cck;
409 struct statistics_tx *tx;
410 struct statistics_bt_activity *bt_activity;
411
412 len -= sizeof(struct iwl_cmd_header); /* skip header */
413
414 IWL_DEBUG_RX(priv, "Statistics notification received (%d bytes).\n",
415 len);
416
417 if (len == sizeof(struct iwl_bt_notif_statistics)) {
418 struct iwl_bt_notif_statistics *stats;
419 stats = &pkt->u.stats_bt;
420 flag = &stats->flag;
421 common = &stats->general.common;
422 rx_non_phy = &stats->rx.general.common;
423 rx_ofdm = &stats->rx.ofdm;
424 rx_ofdm_ht = &stats->rx.ofdm_ht;
425 rx_cck = &stats->rx.cck;
426 tx = &stats->tx;
427 bt_activity = &stats->general.activity;
428
429#ifdef CONFIG_IWLWIFI_DEBUGFS
430 /* handle this exception directly */
431 priv->statistics.num_bt_kills = stats->rx.general.num_bt_kills;
432 le32_add_cpu(&priv->statistics.accum_num_bt_kills,
433 le32_to_cpu(stats->rx.general.num_bt_kills));
434#endif
435 } else if (len == sizeof(struct iwl_notif_statistics)) {
436 struct iwl_notif_statistics *stats;
437 stats = &pkt->u.stats;
438 flag = &stats->flag;
439 common = &stats->general.common;
440 rx_non_phy = &stats->rx.general;
441 rx_ofdm = &stats->rx.ofdm;
442 rx_ofdm_ht = &stats->rx.ofdm_ht;
443 rx_cck = &stats->rx.cck;
444 tx = &stats->tx;
445 bt_activity = NULL;
446 } else {
447 WARN_ONCE(1, "len %d doesn't match BT (%zu) or normal (%zu)\n",
448 len, sizeof(struct iwl_bt_notif_statistics),
449 sizeof(struct iwl_notif_statistics));
450 return;
451 }
452
453 change = common->temperature != priv->statistics.common.temperature ||
454 (*flag & STATISTICS_REPLY_FLG_HT40_MODE_MSK) !=
455 (priv->statistics.flag & STATISTICS_REPLY_FLG_HT40_MODE_MSK);
456
457 iwl_accumulative_statistics(priv, common, rx_non_phy, rx_ofdm,
458 rx_ofdm_ht, rx_cck, tx, bt_activity);
459
460 iwl_recover_from_statistics(priv, rx_ofdm, rx_ofdm_ht, tx, stamp);
461
462 priv->statistics.flag = *flag;
463 memcpy(&priv->statistics.common, common, sizeof(*common));
464 memcpy(&priv->statistics.rx_non_phy, rx_non_phy, sizeof(*rx_non_phy));
465 memcpy(&priv->statistics.rx_ofdm, rx_ofdm, sizeof(*rx_ofdm));
466 memcpy(&priv->statistics.rx_ofdm_ht, rx_ofdm_ht, sizeof(*rx_ofdm_ht));
467 memcpy(&priv->statistics.rx_cck, rx_cck, sizeof(*rx_cck));
468 memcpy(&priv->statistics.tx, tx, sizeof(*tx));
469#ifdef CONFIG_IWLWIFI_DEBUGFS
470 if (bt_activity)
471 memcpy(&priv->statistics.bt_activity, bt_activity,
472 sizeof(*bt_activity));
473#endif
474
475 priv->rx_statistics_jiffies = stamp;
476
477 set_bit(STATUS_STATISTICS, &priv->status);
478
479 /* Reschedule the statistics timer to occur in
480 * reg_recalib_period seconds to ensure we get a
481 * thermal update even if the uCode doesn't give
482 * us one */
483 mod_timer(&priv->statistics_periodic, jiffies +
484 msecs_to_jiffies(reg_recalib_period * 1000));
485
486 if (unlikely(!test_bit(STATUS_SCANNING, &priv->status)) &&
487 (pkt->hdr.cmd == STATISTICS_NOTIFICATION)) {
488 iwl_rx_calc_noise(priv);
489 queue_work(priv->workqueue, &priv->run_time_calib_work);
490 }
491 if (priv->cfg->lib->temperature && change)
492 priv->cfg->lib->temperature(priv);
493}
494
495static void iwl_rx_reply_statistics(struct iwl_priv *priv,
496 struct iwl_rx_mem_buffer *rxb)
497{
498 struct iwl_rx_packet *pkt = rxb_addr(rxb);
499
500 if (le32_to_cpu(pkt->u.stats.flag) & UCODE_STATISTICS_CLEAR_MSK) {
501#ifdef CONFIG_IWLWIFI_DEBUGFS
502 memset(&priv->accum_stats, 0,
503 sizeof(priv->accum_stats));
504 memset(&priv->delta_stats, 0,
505 sizeof(priv->delta_stats));
506 memset(&priv->max_delta_stats, 0,
507 sizeof(priv->max_delta_stats));
508#endif
509 IWL_DEBUG_RX(priv, "Statistics have been cleared\n");
510 }
511 iwl_rx_statistics(priv, rxb);
512}
513
514/* Handle notification from uCode that card's power state is changing
515 * due to software, hardware, or critical temperature RFKILL */
516static void iwl_rx_card_state_notif(struct iwl_priv *priv,
517 struct iwl_rx_mem_buffer *rxb)
518{
519 struct iwl_rx_packet *pkt = rxb_addr(rxb);
520 u32 flags = le32_to_cpu(pkt->u.card_state_notif.flags);
521 unsigned long status = priv->status;
522
523 IWL_DEBUG_RF_KILL(priv, "Card state received: HW:%s SW:%s CT:%s\n",
524 (flags & HW_CARD_DISABLED) ? "Kill" : "On",
525 (flags & SW_CARD_DISABLED) ? "Kill" : "On",
526 (flags & CT_CARD_DISABLED) ?
527 "Reached" : "Not reached");
528
529 if (flags & (SW_CARD_DISABLED | HW_CARD_DISABLED |
530 CT_CARD_DISABLED)) {
531
532 iwl_write32(priv, CSR_UCODE_DRV_GP1_SET,
533 CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED);
534
535 iwl_write_direct32(priv, HBUS_TARG_MBX_C,
536 HBUS_TARG_MBX_C_REG_BIT_CMD_BLOCKED);
537
538 if (!(flags & RXON_CARD_DISABLED)) {
539 iwl_write32(priv, CSR_UCODE_DRV_GP1_CLR,
540 CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED);
541 iwl_write_direct32(priv, HBUS_TARG_MBX_C,
542 HBUS_TARG_MBX_C_REG_BIT_CMD_BLOCKED);
543 }
544 if (flags & CT_CARD_DISABLED)
545 iwl_tt_enter_ct_kill(priv);
546 }
547 if (!(flags & CT_CARD_DISABLED))
548 iwl_tt_exit_ct_kill(priv);
549
550 if (flags & HW_CARD_DISABLED)
551 set_bit(STATUS_RF_KILL_HW, &priv->status);
552 else
553 clear_bit(STATUS_RF_KILL_HW, &priv->status);
554
555
556 if (!(flags & RXON_CARD_DISABLED))
557 iwl_scan_cancel(priv);
558
559 if ((test_bit(STATUS_RF_KILL_HW, &status) !=
560 test_bit(STATUS_RF_KILL_HW, &priv->status)))
561 wiphy_rfkill_set_hw_state(priv->hw->wiphy,
562 test_bit(STATUS_RF_KILL_HW, &priv->status));
563 else
564 wake_up_interruptible(&priv->wait_command_queue);
565}
566
567static void iwl_rx_missed_beacon_notif(struct iwl_priv *priv,
568 struct iwl_rx_mem_buffer *rxb)
569
570{
571 struct iwl_rx_packet *pkt = rxb_addr(rxb);
572 struct iwl_missed_beacon_notif *missed_beacon;
573
574 missed_beacon = &pkt->u.missed_beacon;
575 if (le32_to_cpu(missed_beacon->consecutive_missed_beacons) >
576 priv->missed_beacon_threshold) {
577 IWL_DEBUG_CALIB(priv,
578 "missed bcn cnsq %d totl %d rcd %d expctd %d\n",
579 le32_to_cpu(missed_beacon->consecutive_missed_beacons),
580 le32_to_cpu(missed_beacon->total_missed_becons),
581 le32_to_cpu(missed_beacon->num_recvd_beacons),
582 le32_to_cpu(missed_beacon->num_expected_beacons));
583 if (!test_bit(STATUS_SCANNING, &priv->status))
584 iwl_init_sensitivity(priv);
585 }
586}
587
588/* Cache phy data (Rx signal strength, etc) for HT frame (REPLY_RX_PHY_CMD).
589 * This will be used later in iwl_rx_reply_rx() for REPLY_RX_MPDU_CMD. */
590static void iwl_rx_reply_rx_phy(struct iwl_priv *priv,
591 struct iwl_rx_mem_buffer *rxb)
592{
593 struct iwl_rx_packet *pkt = rxb_addr(rxb);
594
595 priv->last_phy_res_valid = true;
596 memcpy(&priv->last_phy_res, pkt->u.raw,
597 sizeof(struct iwl_rx_phy_res));
598}
599
600/*
601 * returns non-zero if packet should be dropped
602 */
603static int iwl_set_decrypted_flag(struct iwl_priv *priv,
604 struct ieee80211_hdr *hdr,
605 u32 decrypt_res,
606 struct ieee80211_rx_status *stats)
607{
608 u16 fc = le16_to_cpu(hdr->frame_control);
609
610 /*
611 * All contexts have the same setting here due to it being
612 * a module parameter, so OK to check any context.
613 */
614 if (priv->contexts[IWL_RXON_CTX_BSS].active.filter_flags &
615 RXON_FILTER_DIS_DECRYPT_MSK)
616 return 0;
617
618 if (!(fc & IEEE80211_FCTL_PROTECTED))
619 return 0;
620
621 IWL_DEBUG_RX(priv, "decrypt_res:0x%x\n", decrypt_res);
622 switch (decrypt_res & RX_RES_STATUS_SEC_TYPE_MSK) {
623 case RX_RES_STATUS_SEC_TYPE_TKIP:
624 /* The uCode has got a bad phase 1 Key, pushes the packet.
625 * Decryption will be done in SW. */
626 if ((decrypt_res & RX_RES_STATUS_DECRYPT_TYPE_MSK) ==
627 RX_RES_STATUS_BAD_KEY_TTAK)
628 break;
629
630 case RX_RES_STATUS_SEC_TYPE_WEP:
631 if ((decrypt_res & RX_RES_STATUS_DECRYPT_TYPE_MSK) ==
632 RX_RES_STATUS_BAD_ICV_MIC) {
633 /* bad ICV, the packet is destroyed since the
634 * decryption is inplace, drop it */
635 IWL_DEBUG_RX(priv, "Packet destroyed\n");
636 return -1;
637 }
638 case RX_RES_STATUS_SEC_TYPE_CCMP:
639 if ((decrypt_res & RX_RES_STATUS_DECRYPT_TYPE_MSK) ==
640 RX_RES_STATUS_DECRYPT_OK) {
641 IWL_DEBUG_RX(priv, "hw decrypt successfully!!!\n");
642 stats->flag |= RX_FLAG_DECRYPTED;
643 }
644 break;
645
646 default:
647 break;
648 }
649 return 0;
650}
651
652static void iwl_pass_packet_to_mac80211(struct iwl_priv *priv,
653 struct ieee80211_hdr *hdr,
654 u16 len,
655 u32 ampdu_status,
656 struct iwl_rx_mem_buffer *rxb,
657 struct ieee80211_rx_status *stats)
658{
659 struct sk_buff *skb;
660 __le16 fc = hdr->frame_control;
661 struct iwl_rxon_context *ctx;
662
663 /* We only process data packets if the interface is open */
664 if (unlikely(!priv->is_open)) {
665 IWL_DEBUG_DROP_LIMIT(priv,
666 "Dropping packet while interface is not open.\n");
667 return;
668 }
669
670 /* In case of HW accelerated crypto and bad decryption, drop */
671 if (!iwlagn_mod_params.sw_crypto &&
672 iwl_set_decrypted_flag(priv, hdr, ampdu_status, stats))
673 return;
674
675 skb = dev_alloc_skb(128);
676 if (!skb) {
677 IWL_ERR(priv, "dev_alloc_skb failed\n");
678 return;
679 }
680
681 skb_add_rx_frag(skb, 0, rxb->page, (void *)hdr - rxb_addr(rxb), len);
682
683 iwl_update_stats(priv, false, fc, len);
684
685 /*
686 * Wake any queues that were stopped due to a passive channel tx
687 * failure. This can happen because the regulatory enforcement in
688 * the device waits for a beacon before allowing transmission,
689 * sometimes even after already having transmitted frames for the
690 * association because the new RXON may reset the information.
691 */
692 if (unlikely(ieee80211_is_beacon(fc))) {
693 for_each_context(priv, ctx) {
694 if (!ctx->last_tx_rejected)
695 continue;
696 if (compare_ether_addr(hdr->addr3,
697 ctx->active.bssid_addr))
698 continue;
699 ctx->last_tx_rejected = false;
700 iwl_wake_any_queue(priv, ctx);
701 }
702 }
703
704 memcpy(IEEE80211_SKB_RXCB(skb), stats, sizeof(*stats));
705
706 ieee80211_rx(priv->hw, skb);
707 rxb->page = NULL;
708}
709
710static u32 iwl_translate_rx_status(struct iwl_priv *priv, u32 decrypt_in)
711{
712 u32 decrypt_out = 0;
713
714 if ((decrypt_in & RX_RES_STATUS_STATION_FOUND) ==
715 RX_RES_STATUS_STATION_FOUND)
716 decrypt_out |= (RX_RES_STATUS_STATION_FOUND |
717 RX_RES_STATUS_NO_STATION_INFO_MISMATCH);
718
719 decrypt_out |= (decrypt_in & RX_RES_STATUS_SEC_TYPE_MSK);
720
721 /* packet was not encrypted */
722 if ((decrypt_in & RX_RES_STATUS_SEC_TYPE_MSK) ==
723 RX_RES_STATUS_SEC_TYPE_NONE)
724 return decrypt_out;
725
726 /* packet was encrypted with unknown alg */
727 if ((decrypt_in & RX_RES_STATUS_SEC_TYPE_MSK) ==
728 RX_RES_STATUS_SEC_TYPE_ERR)
729 return decrypt_out;
730
731 /* decryption was not done in HW */
732 if ((decrypt_in & RX_MPDU_RES_STATUS_DEC_DONE_MSK) !=
733 RX_MPDU_RES_STATUS_DEC_DONE_MSK)
734 return decrypt_out;
735
736 switch (decrypt_in & RX_RES_STATUS_SEC_TYPE_MSK) {
737
738 case RX_RES_STATUS_SEC_TYPE_CCMP:
739 /* alg is CCM: check MIC only */
740 if (!(decrypt_in & RX_MPDU_RES_STATUS_MIC_OK))
741 /* Bad MIC */
742 decrypt_out |= RX_RES_STATUS_BAD_ICV_MIC;
743 else
744 decrypt_out |= RX_RES_STATUS_DECRYPT_OK;
745
746 break;
747
748 case RX_RES_STATUS_SEC_TYPE_TKIP:
749 if (!(decrypt_in & RX_MPDU_RES_STATUS_TTAK_OK)) {
750 /* Bad TTAK */
751 decrypt_out |= RX_RES_STATUS_BAD_KEY_TTAK;
752 break;
753 }
754 /* fall through if TTAK OK */
755 default:
756 if (!(decrypt_in & RX_MPDU_RES_STATUS_ICV_OK))
757 decrypt_out |= RX_RES_STATUS_BAD_ICV_MIC;
758 else
759 decrypt_out |= RX_RES_STATUS_DECRYPT_OK;
760 break;
761 }
762
763 IWL_DEBUG_RX(priv, "decrypt_in:0x%x decrypt_out = 0x%x\n",
764 decrypt_in, decrypt_out);
765
766 return decrypt_out;
767}
768
769/* Calc max signal level (dBm) among 3 possible receivers */
770static int iwlagn_calc_rssi(struct iwl_priv *priv,
771 struct iwl_rx_phy_res *rx_resp)
772{
773 /* data from PHY/DSP regarding signal strength, etc.,
774 * contents are always there, not configurable by host
775 */
776 struct iwlagn_non_cfg_phy *ncphy =
777 (struct iwlagn_non_cfg_phy *)rx_resp->non_cfg_phy_buf;
778 u32 val, rssi_a, rssi_b, rssi_c, max_rssi;
779 u8 agc;
780
781 val = le32_to_cpu(ncphy->non_cfg_phy[IWLAGN_RX_RES_AGC_IDX]);
782 agc = (val & IWLAGN_OFDM_AGC_MSK) >> IWLAGN_OFDM_AGC_BIT_POS;
783
784 /* Find max rssi among 3 possible receivers.
785 * These values are measured by the digital signal processor (DSP).
786 * They should stay fairly constant even as the signal strength varies,
787 * if the radio's automatic gain control (AGC) is working right.
788 * AGC value (see below) will provide the "interesting" info.
789 */
790 val = le32_to_cpu(ncphy->non_cfg_phy[IWLAGN_RX_RES_RSSI_AB_IDX]);
791 rssi_a = (val & IWLAGN_OFDM_RSSI_INBAND_A_BITMSK) >>
792 IWLAGN_OFDM_RSSI_A_BIT_POS;
793 rssi_b = (val & IWLAGN_OFDM_RSSI_INBAND_B_BITMSK) >>
794 IWLAGN_OFDM_RSSI_B_BIT_POS;
795 val = le32_to_cpu(ncphy->non_cfg_phy[IWLAGN_RX_RES_RSSI_C_IDX]);
796 rssi_c = (val & IWLAGN_OFDM_RSSI_INBAND_C_BITMSK) >>
797 IWLAGN_OFDM_RSSI_C_BIT_POS;
798
799 max_rssi = max_t(u32, rssi_a, rssi_b);
800 max_rssi = max_t(u32, max_rssi, rssi_c);
801
802 IWL_DEBUG_STATS(priv, "Rssi In A %d B %d C %d Max %d AGC dB %d\n",
803 rssi_a, rssi_b, rssi_c, max_rssi, agc);
804
805 /* dBm = max_rssi dB - agc dB - constant.
806 * Higher AGC (higher radio gain) means lower signal. */
807 return max_rssi - agc - IWLAGN_RSSI_OFFSET;
808}
809
810/* Called for REPLY_RX (legacy ABG frames), or
811 * REPLY_RX_MPDU_CMD (HT high-throughput N frames). */
812static void iwl_rx_reply_rx(struct iwl_priv *priv,
813 struct iwl_rx_mem_buffer *rxb)
814{
815 struct ieee80211_hdr *header;
816 struct ieee80211_rx_status rx_status;
817 struct iwl_rx_packet *pkt = rxb_addr(rxb);
818 struct iwl_rx_phy_res *phy_res;
819 __le32 rx_pkt_status;
820 struct iwl_rx_mpdu_res_start *amsdu;
821 u32 len;
822 u32 ampdu_status;
823 u32 rate_n_flags;
824
825 /**
826 * REPLY_RX and REPLY_RX_MPDU_CMD are handled differently.
827 * REPLY_RX: physical layer info is in this buffer
828 * REPLY_RX_MPDU_CMD: physical layer info was sent in separate
829 * command and cached in priv->last_phy_res
830 *
831 * Here we set up local variables depending on which command is
832 * received.
833 */
834 if (pkt->hdr.cmd == REPLY_RX) {
835 phy_res = (struct iwl_rx_phy_res *)pkt->u.raw;
836 header = (struct ieee80211_hdr *)(pkt->u.raw + sizeof(*phy_res)
837 + phy_res->cfg_phy_cnt);
838
839 len = le16_to_cpu(phy_res->byte_count);
840 rx_pkt_status = *(__le32 *)(pkt->u.raw + sizeof(*phy_res) +
841 phy_res->cfg_phy_cnt + len);
842 ampdu_status = le32_to_cpu(rx_pkt_status);
843 } else {
844 if (!priv->last_phy_res_valid) {
845 IWL_ERR(priv, "MPDU frame without cached PHY data\n");
846 return;
847 }
848 phy_res = &priv->last_phy_res;
849 amsdu = (struct iwl_rx_mpdu_res_start *)pkt->u.raw;
850 header = (struct ieee80211_hdr *)(pkt->u.raw + sizeof(*amsdu));
851 len = le16_to_cpu(amsdu->byte_count);
852 rx_pkt_status = *(__le32 *)(pkt->u.raw + sizeof(*amsdu) + len);
853 ampdu_status = iwl_translate_rx_status(priv,
854 le32_to_cpu(rx_pkt_status));
855 }
856
857 if ((unlikely(phy_res->cfg_phy_cnt > 20))) {
858 IWL_DEBUG_DROP(priv, "dsp size out of range [0,20]: %d/n",
859 phy_res->cfg_phy_cnt);
860 return;
861 }
862
863 if (!(rx_pkt_status & RX_RES_STATUS_NO_CRC32_ERROR) ||
864 !(rx_pkt_status & RX_RES_STATUS_NO_RXE_OVERFLOW)) {
865 IWL_DEBUG_RX(priv, "Bad CRC or FIFO: 0x%08X.\n",
866 le32_to_cpu(rx_pkt_status));
867 return;
868 }
869
870 /* This will be used in several places later */
871 rate_n_flags = le32_to_cpu(phy_res->rate_n_flags);
872
873 /* rx_status carries information about the packet to mac80211 */
874 rx_status.mactime = le64_to_cpu(phy_res->timestamp);
875 rx_status.band = (phy_res->phy_flags & RX_RES_PHY_FLAGS_BAND_24_MSK) ?
876 IEEE80211_BAND_2GHZ : IEEE80211_BAND_5GHZ;
877 rx_status.freq =
878 ieee80211_channel_to_frequency(le16_to_cpu(phy_res->channel),
879 rx_status.band);
880 rx_status.rate_idx =
881 iwlagn_hwrate_to_mac80211_idx(rate_n_flags, rx_status.band);
882 rx_status.flag = 0;
883
884 /* TSF isn't reliable. In order to allow smooth user experience,
885 * this W/A doesn't propagate it to the mac80211 */
886 /*rx_status.flag |= RX_FLAG_MACTIME_MPDU;*/
887
888 priv->ucode_beacon_time = le32_to_cpu(phy_res->beacon_time_stamp);
889
890 /* Find max signal strength (dBm) among 3 antenna/receiver chains */
891 rx_status.signal = iwlagn_calc_rssi(priv, phy_res);
892
893 iwl_dbg_log_rx_data_frame(priv, len, header);
894 IWL_DEBUG_STATS_LIMIT(priv, "Rssi %d, TSF %llu\n",
895 rx_status.signal, (unsigned long long)rx_status.mactime);
896
897 /*
898 * "antenna number"
899 *
900 * It seems that the antenna field in the phy flags value
901 * is actually a bit field. This is undefined by radiotap,
902 * it wants an actual antenna number but I always get "7"
903 * for most legacy frames I receive indicating that the
904 * same frame was received on all three RX chains.
905 *
906 * I think this field should be removed in favor of a
907 * new 802.11n radiotap field "RX chains" that is defined
908 * as a bitmask.
909 */
910 rx_status.antenna =
911 (le16_to_cpu(phy_res->phy_flags) & RX_RES_PHY_FLAGS_ANTENNA_MSK)
912 >> RX_RES_PHY_FLAGS_ANTENNA_POS;
913
914 /* set the preamble flag if appropriate */
915 if (phy_res->phy_flags & RX_RES_PHY_FLAGS_SHORT_PREAMBLE_MSK)
916 rx_status.flag |= RX_FLAG_SHORTPRE;
917
918 /* Set up the HT phy flags */
919 if (rate_n_flags & RATE_MCS_HT_MSK)
920 rx_status.flag |= RX_FLAG_HT;
921 if (rate_n_flags & RATE_MCS_HT40_MSK)
922 rx_status.flag |= RX_FLAG_40MHZ;
923 if (rate_n_flags & RATE_MCS_SGI_MSK)
924 rx_status.flag |= RX_FLAG_SHORT_GI;
925
926 iwl_pass_packet_to_mac80211(priv, header, len, ampdu_status,
927 rxb, &rx_status);
928}
929
930/**
931 * iwl_setup_rx_handlers - Initialize Rx handler callbacks
932 *
933 * Setup the RX handlers for each of the reply types sent from the uCode
934 * to the host.
935 */
936void iwl_setup_rx_handlers(struct iwl_priv *priv)
937{
938 void (**handlers)(struct iwl_priv *priv, struct iwl_rx_mem_buffer *rxb);
939
940 handlers = priv->rx_handlers;
941
942 handlers[REPLY_ERROR] = iwl_rx_reply_error;
943 handlers[CHANNEL_SWITCH_NOTIFICATION] = iwl_rx_csa;
944 handlers[SPECTRUM_MEASURE_NOTIFICATION] = iwl_rx_spectrum_measure_notif;
945 handlers[PM_SLEEP_NOTIFICATION] = iwl_rx_pm_sleep_notif;
946 handlers[PM_DEBUG_STATISTIC_NOTIFIC] = iwl_rx_pm_debug_statistics_notif;
947 handlers[BEACON_NOTIFICATION] = iwl_rx_beacon_notif;
948
949 /*
950 * The same handler is used for both the REPLY to a discrete
951 * statistics request from the host as well as for the periodic
952 * statistics notifications (after received beacons) from the uCode.
953 */
954 handlers[REPLY_STATISTICS_CMD] = iwl_rx_reply_statistics;
955 handlers[STATISTICS_NOTIFICATION] = iwl_rx_statistics;
956
957 iwl_setup_rx_scan_handlers(priv);
958
959 handlers[CARD_STATE_NOTIFICATION] = iwl_rx_card_state_notif;
960 handlers[MISSED_BEACONS_NOTIFICATION] = iwl_rx_missed_beacon_notif;
961
962 /* Rx handlers */
963 handlers[REPLY_RX_PHY_CMD] = iwl_rx_reply_rx_phy;
964 handlers[REPLY_RX_MPDU_CMD] = iwl_rx_reply_rx;
965
966 /* block ack */
967 handlers[REPLY_COMPRESSED_BA] = iwlagn_rx_reply_compressed_ba;
968
969 /* init calibration handlers */
970 priv->rx_handlers[CALIBRATION_RES_NOTIFICATION] =
971 iwlagn_rx_calib_result;
972 priv->rx_handlers[REPLY_TX] = iwlagn_rx_reply_tx;
973
974 /* set up notification wait support */
975 spin_lock_init(&priv->notif_wait_lock);
976 INIT_LIST_HEAD(&priv->notif_waits);
977 init_waitqueue_head(&priv->notif_waitq);
978
979 /* Set up BT Rx handlers */
980 if (priv->cfg->lib->bt_rx_handler_setup)
981 priv->cfg->lib->bt_rx_handler_setup(priv);
982
983}
984
985void iwl_rx_dispatch(struct iwl_priv *priv, struct iwl_rx_mem_buffer *rxb)
986{
987 struct iwl_rx_packet *pkt = rxb_addr(rxb);
988
989 /*
990 * Do the notification wait before RX handlers so
991 * even if the RX handler consumes the RXB we have
992 * access to it in the notification wait entry.
993 */
994 if (!list_empty(&priv->notif_waits)) {
995 struct iwl_notification_wait *w;
996
997 spin_lock(&priv->notif_wait_lock);
998 list_for_each_entry(w, &priv->notif_waits, list) {
999 if (w->cmd != pkt->hdr.cmd)
1000 continue;
1001 IWL_DEBUG_RX(priv,
1002 "Notif: %s, 0x%02x - wake the callers up\n",
1003 get_cmd_string(pkt->hdr.cmd),
1004 pkt->hdr.cmd);
1005 w->triggered = true;
1006 if (w->fn)
1007 w->fn(priv, pkt, w->fn_data);
1008 }
1009 spin_unlock(&priv->notif_wait_lock);
1010
1011 wake_up_all(&priv->notif_waitq);
1012 }
1013
1014 if (priv->pre_rx_handler)
1015 priv->pre_rx_handler(priv, rxb);
1016
1017 /* Based on type of command response or notification,
1018 * handle those that need handling via function in
1019 * rx_handlers table. See iwl_setup_rx_handlers() */
1020 if (priv->rx_handlers[pkt->hdr.cmd]) {
1021 priv->isr_stats.rx_handlers[pkt->hdr.cmd]++;
1022 priv->rx_handlers[pkt->hdr.cmd] (priv, rxb);
1023 } else {
1024 /* No handling needed */
1025 IWL_DEBUG_RX(priv,
1026 "No handler needed for %s, 0x%02x\n",
1027 get_cmd_string(pkt->hdr.cmd), pkt->hdr.cmd);
1028 }
1029}