Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / net / wireless / b43 / xmit.c
blob2c5367884b3ff0f0a600ba5c6b409b43fabcc349
1 /*
3 Broadcom B43 wireless driver
5 Transmission (TX/RX) related functions.
7 Copyright (C) 2005 Martin Langer <martin-langer@gmx.de>
8 Copyright (C) 2005 Stefano Brivio <stefano.brivio@polimi.it>
9 Copyright (C) 2005, 2006 Michael Buesch <m@bues.ch>
10 Copyright (C) 2005 Danny van Dyk <kugelfang@gentoo.org>
11 Copyright (C) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
13 This program is free software; you can redistribute it and/or modify
14 it under the terms of the GNU General Public License as published by
15 the Free Software Foundation; either version 2 of the License, or
16 (at your option) any later version.
18 This program is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 GNU General Public License for more details.
23 You should have received a copy of the GNU General Public License
24 along with this program; see the file COPYING. If not, write to
25 the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
26 Boston, MA 02110-1301, USA.
30 #include "xmit.h"
31 #include "phy_common.h"
32 #include "dma.h"
33 #include "pio.h"
35 static const struct b43_tx_legacy_rate_phy_ctl_entry b43_tx_legacy_rate_phy_ctl[] = {
36 { B43_CCK_RATE_1MB, 0x0, 0x0 },
37 { B43_CCK_RATE_2MB, 0x0, 0x1 },
38 { B43_CCK_RATE_5MB, 0x0, 0x2 },
39 { B43_CCK_RATE_11MB, 0x0, 0x3 },
40 { B43_OFDM_RATE_6MB, B43_TXH_PHY1_CRATE_1_2, B43_TXH_PHY1_MODUL_BPSK },
41 { B43_OFDM_RATE_9MB, B43_TXH_PHY1_CRATE_3_4, B43_TXH_PHY1_MODUL_BPSK },
42 { B43_OFDM_RATE_12MB, B43_TXH_PHY1_CRATE_1_2, B43_TXH_PHY1_MODUL_QPSK },
43 { B43_OFDM_RATE_18MB, B43_TXH_PHY1_CRATE_3_4, B43_TXH_PHY1_MODUL_QPSK },
44 { B43_OFDM_RATE_24MB, B43_TXH_PHY1_CRATE_1_2, B43_TXH_PHY1_MODUL_QAM16 },
45 { B43_OFDM_RATE_36MB, B43_TXH_PHY1_CRATE_3_4, B43_TXH_PHY1_MODUL_QAM16 },
46 { B43_OFDM_RATE_48MB, B43_TXH_PHY1_CRATE_2_3, B43_TXH_PHY1_MODUL_QAM64 },
47 { B43_OFDM_RATE_54MB, B43_TXH_PHY1_CRATE_3_4, B43_TXH_PHY1_MODUL_QAM64 },
50 static const struct b43_tx_legacy_rate_phy_ctl_entry *
51 b43_tx_legacy_rate_phy_ctl_ent(u8 bitrate)
53 const struct b43_tx_legacy_rate_phy_ctl_entry *e;
54 unsigned int i;
56 for (i = 0; i < ARRAY_SIZE(b43_tx_legacy_rate_phy_ctl); i++) {
57 e = &(b43_tx_legacy_rate_phy_ctl[i]);
58 if (e->bitrate == bitrate)
59 return e;
62 B43_WARN_ON(1);
63 return NULL;
66 /* Extract the bitrate index out of a CCK PLCP header. */
67 static int b43_plcp_get_bitrate_idx_cck(struct b43_plcp_hdr6 *plcp)
69 switch (plcp->raw[0]) {
70 case 0x0A:
71 return 0;
72 case 0x14:
73 return 1;
74 case 0x37:
75 return 2;
76 case 0x6E:
77 return 3;
79 return -1;
82 /* Extract the bitrate index out of an OFDM PLCP header. */
83 static int b43_plcp_get_bitrate_idx_ofdm(struct b43_plcp_hdr6 *plcp, bool aphy)
85 int base = aphy ? 0 : 4;
87 switch (plcp->raw[0] & 0xF) {
88 case 0xB:
89 return base + 0;
90 case 0xF:
91 return base + 1;
92 case 0xA:
93 return base + 2;
94 case 0xE:
95 return base + 3;
96 case 0x9:
97 return base + 4;
98 case 0xD:
99 return base + 5;
100 case 0x8:
101 return base + 6;
102 case 0xC:
103 return base + 7;
105 return -1;
108 u8 b43_plcp_get_ratecode_cck(const u8 bitrate)
110 switch (bitrate) {
111 case B43_CCK_RATE_1MB:
112 return 0x0A;
113 case B43_CCK_RATE_2MB:
114 return 0x14;
115 case B43_CCK_RATE_5MB:
116 return 0x37;
117 case B43_CCK_RATE_11MB:
118 return 0x6E;
120 B43_WARN_ON(1);
121 return 0;
124 u8 b43_plcp_get_ratecode_ofdm(const u8 bitrate)
126 switch (bitrate) {
127 case B43_OFDM_RATE_6MB:
128 return 0xB;
129 case B43_OFDM_RATE_9MB:
130 return 0xF;
131 case B43_OFDM_RATE_12MB:
132 return 0xA;
133 case B43_OFDM_RATE_18MB:
134 return 0xE;
135 case B43_OFDM_RATE_24MB:
136 return 0x9;
137 case B43_OFDM_RATE_36MB:
138 return 0xD;
139 case B43_OFDM_RATE_48MB:
140 return 0x8;
141 case B43_OFDM_RATE_54MB:
142 return 0xC;
144 B43_WARN_ON(1);
145 return 0;
148 void b43_generate_plcp_hdr(struct b43_plcp_hdr4 *plcp,
149 const u16 octets, const u8 bitrate)
151 __u8 *raw = plcp->raw;
153 if (b43_is_ofdm_rate(bitrate)) {
154 u32 d;
156 d = b43_plcp_get_ratecode_ofdm(bitrate);
157 B43_WARN_ON(octets & 0xF000);
158 d |= (octets << 5);
159 plcp->data = cpu_to_le32(d);
160 } else {
161 u32 plen;
163 plen = octets * 16 / bitrate;
164 if ((octets * 16 % bitrate) > 0) {
165 plen++;
166 if ((bitrate == B43_CCK_RATE_11MB)
167 && ((octets * 8 % 11) < 4)) {
168 raw[1] = 0x84;
169 } else
170 raw[1] = 0x04;
171 } else
172 raw[1] = 0x04;
173 plcp->data |= cpu_to_le32(plen << 16);
174 raw[0] = b43_plcp_get_ratecode_cck(bitrate);
178 /* TODO: verify if needed for SSLPN or LCN */
179 static u16 b43_generate_tx_phy_ctl1(struct b43_wldev *dev, u8 bitrate)
181 const struct b43_phy *phy = &dev->phy;
182 const struct b43_tx_legacy_rate_phy_ctl_entry *e;
183 u16 control = 0;
184 u16 bw;
186 if (phy->type == B43_PHYTYPE_LP)
187 bw = B43_TXH_PHY1_BW_20;
188 else /* FIXME */
189 bw = B43_TXH_PHY1_BW_20;
191 if (0) { /* FIXME: MIMO */
192 } else if (b43_is_cck_rate(bitrate) && phy->type != B43_PHYTYPE_LP) {
193 control = bw;
194 } else {
195 control = bw;
196 e = b43_tx_legacy_rate_phy_ctl_ent(bitrate);
197 if (e) {
198 control |= e->coding_rate;
199 control |= e->modulation;
201 control |= B43_TXH_PHY1_MODE_SISO;
204 return control;
207 static u8 b43_calc_fallback_rate(u8 bitrate)
209 switch (bitrate) {
210 case B43_CCK_RATE_1MB:
211 return B43_CCK_RATE_1MB;
212 case B43_CCK_RATE_2MB:
213 return B43_CCK_RATE_1MB;
214 case B43_CCK_RATE_5MB:
215 return B43_CCK_RATE_2MB;
216 case B43_CCK_RATE_11MB:
217 return B43_CCK_RATE_5MB;
218 case B43_OFDM_RATE_6MB:
219 return B43_CCK_RATE_5MB;
220 case B43_OFDM_RATE_9MB:
221 return B43_OFDM_RATE_6MB;
222 case B43_OFDM_RATE_12MB:
223 return B43_OFDM_RATE_9MB;
224 case B43_OFDM_RATE_18MB:
225 return B43_OFDM_RATE_12MB;
226 case B43_OFDM_RATE_24MB:
227 return B43_OFDM_RATE_18MB;
228 case B43_OFDM_RATE_36MB:
229 return B43_OFDM_RATE_24MB;
230 case B43_OFDM_RATE_48MB:
231 return B43_OFDM_RATE_36MB;
232 case B43_OFDM_RATE_54MB:
233 return B43_OFDM_RATE_48MB;
235 B43_WARN_ON(1);
236 return 0;
239 /* Generate a TX data header. */
240 int b43_generate_txhdr(struct b43_wldev *dev,
241 u8 *_txhdr,
242 struct sk_buff *skb_frag,
243 struct ieee80211_tx_info *info,
244 u16 cookie)
246 const unsigned char *fragment_data = skb_frag->data;
247 unsigned int fragment_len = skb_frag->len;
248 struct b43_txhdr *txhdr = (struct b43_txhdr *)_txhdr;
249 const struct b43_phy *phy = &dev->phy;
250 const struct ieee80211_hdr *wlhdr =
251 (const struct ieee80211_hdr *)fragment_data;
252 int use_encryption = !!info->control.hw_key;
253 __le16 fctl = wlhdr->frame_control;
254 struct ieee80211_rate *fbrate;
255 u8 rate, rate_fb;
256 int rate_ofdm, rate_fb_ofdm;
257 unsigned int plcp_fragment_len;
258 u32 mac_ctl = 0;
259 u16 phy_ctl = 0;
260 bool fill_phy_ctl1 = (phy->type == B43_PHYTYPE_LP ||
261 phy->type == B43_PHYTYPE_N ||
262 phy->type == B43_PHYTYPE_HT);
263 u8 extra_ft = 0;
264 struct ieee80211_rate *txrate;
265 struct ieee80211_tx_rate *rates;
267 memset(txhdr, 0, sizeof(*txhdr));
269 txrate = ieee80211_get_tx_rate(dev->wl->hw, info);
270 rate = txrate ? txrate->hw_value : B43_CCK_RATE_1MB;
271 rate_ofdm = b43_is_ofdm_rate(rate);
272 fbrate = ieee80211_get_alt_retry_rate(dev->wl->hw, info, 0) ? : txrate;
273 rate_fb = fbrate->hw_value;
274 rate_fb_ofdm = b43_is_ofdm_rate(rate_fb);
276 if (rate_ofdm)
277 txhdr->phy_rate = b43_plcp_get_ratecode_ofdm(rate);
278 else
279 txhdr->phy_rate = b43_plcp_get_ratecode_cck(rate);
280 txhdr->mac_frame_ctl = wlhdr->frame_control;
281 memcpy(txhdr->tx_receiver, wlhdr->addr1, 6);
283 /* Calculate duration for fallback rate */
284 if ((rate_fb == rate) ||
285 (wlhdr->duration_id & cpu_to_le16(0x8000)) ||
286 (wlhdr->duration_id == cpu_to_le16(0))) {
287 /* If the fallback rate equals the normal rate or the
288 * dur_id field contains an AID, CFP magic or 0,
289 * use the original dur_id field. */
290 txhdr->dur_fb = wlhdr->duration_id;
291 } else {
292 txhdr->dur_fb = ieee80211_generic_frame_duration(
293 dev->wl->hw, info->control.vif, fragment_len, fbrate);
296 plcp_fragment_len = fragment_len + FCS_LEN;
297 if (use_encryption) {
298 u8 key_idx = info->control.hw_key->hw_key_idx;
299 struct b43_key *key;
300 int wlhdr_len;
301 size_t iv_len;
303 B43_WARN_ON(key_idx >= ARRAY_SIZE(dev->key));
304 key = &(dev->key[key_idx]);
306 if (unlikely(!key->keyconf)) {
307 /* This key is invalid. This might only happen
308 * in a short timeframe after machine resume before
309 * we were able to reconfigure keys.
310 * Drop this packet completely. Do not transmit it
311 * unencrypted to avoid leaking information. */
312 return -ENOKEY;
315 /* Hardware appends ICV. */
316 plcp_fragment_len += info->control.hw_key->icv_len;
318 key_idx = b43_kidx_to_fw(dev, key_idx);
319 mac_ctl |= (key_idx << B43_TXH_MAC_KEYIDX_SHIFT) &
320 B43_TXH_MAC_KEYIDX;
321 mac_ctl |= (key->algorithm << B43_TXH_MAC_KEYALG_SHIFT) &
322 B43_TXH_MAC_KEYALG;
323 wlhdr_len = ieee80211_hdrlen(fctl);
324 if (key->algorithm == B43_SEC_ALGO_TKIP) {
325 u16 phase1key[5];
326 int i;
327 /* we give the phase1key and iv16 here, the key is stored in
328 * shm. With that the hardware can do phase 2 and encryption.
330 ieee80211_get_tkip_p1k(info->control.hw_key, skb_frag, phase1key);
331 /* phase1key is in host endian. Copy to little-endian txhdr->iv. */
332 for (i = 0; i < 5; i++) {
333 txhdr->iv[i * 2 + 0] = phase1key[i];
334 txhdr->iv[i * 2 + 1] = phase1key[i] >> 8;
336 /* iv16 */
337 memcpy(txhdr->iv + 10, ((u8 *) wlhdr) + wlhdr_len, 3);
338 } else {
339 iv_len = min((size_t) info->control.hw_key->iv_len,
340 ARRAY_SIZE(txhdr->iv));
341 memcpy(txhdr->iv, ((u8 *) wlhdr) + wlhdr_len, iv_len);
344 switch (dev->fw.hdr_format) {
345 case B43_FW_HDR_598:
346 b43_generate_plcp_hdr((struct b43_plcp_hdr4 *)(&txhdr->format_598.plcp),
347 plcp_fragment_len, rate);
348 break;
349 case B43_FW_HDR_351:
350 b43_generate_plcp_hdr((struct b43_plcp_hdr4 *)(&txhdr->format_351.plcp),
351 plcp_fragment_len, rate);
352 break;
353 case B43_FW_HDR_410:
354 b43_generate_plcp_hdr((struct b43_plcp_hdr4 *)(&txhdr->format_410.plcp),
355 plcp_fragment_len, rate);
356 break;
358 b43_generate_plcp_hdr((struct b43_plcp_hdr4 *)(&txhdr->plcp_fb),
359 plcp_fragment_len, rate_fb);
361 /* Extra Frame Types */
362 if (rate_fb_ofdm)
363 extra_ft |= B43_TXH_EFT_FB_OFDM;
364 else
365 extra_ft |= B43_TXH_EFT_FB_CCK;
367 /* Set channel radio code. Note that the micrcode ORs 0x100 to
368 * this value before comparing it to the value in SHM, if this
369 * is a 5Ghz packet.
371 txhdr->chan_radio_code = phy->channel;
373 /* PHY TX Control word */
374 if (rate_ofdm)
375 phy_ctl |= B43_TXH_PHY_ENC_OFDM;
376 else
377 phy_ctl |= B43_TXH_PHY_ENC_CCK;
378 if (info->control.rates[0].flags & IEEE80211_TX_RC_USE_SHORT_PREAMBLE)
379 phy_ctl |= B43_TXH_PHY_SHORTPRMBL;
381 switch (b43_ieee80211_antenna_sanitize(dev, info->antenna_sel_tx)) {
382 case 0: /* Default */
383 phy_ctl |= B43_TXH_PHY_ANT01AUTO;
384 break;
385 case 1: /* Antenna 0 */
386 phy_ctl |= B43_TXH_PHY_ANT0;
387 break;
388 case 2: /* Antenna 1 */
389 phy_ctl |= B43_TXH_PHY_ANT1;
390 break;
391 case 3: /* Antenna 2 */
392 phy_ctl |= B43_TXH_PHY_ANT2;
393 break;
394 case 4: /* Antenna 3 */
395 phy_ctl |= B43_TXH_PHY_ANT3;
396 break;
397 default:
398 B43_WARN_ON(1);
401 rates = info->control.rates;
402 /* MAC control */
403 if (!(info->flags & IEEE80211_TX_CTL_NO_ACK))
404 mac_ctl |= B43_TXH_MAC_ACK;
405 /* use hardware sequence counter as the non-TID counter */
406 if (info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ)
407 mac_ctl |= B43_TXH_MAC_HWSEQ;
408 if (info->flags & IEEE80211_TX_CTL_FIRST_FRAGMENT)
409 mac_ctl |= B43_TXH_MAC_STMSDU;
410 if (phy->type == B43_PHYTYPE_A)
411 mac_ctl |= B43_TXH_MAC_5GHZ;
413 /* Overwrite rates[0].count to make the retry calculation
414 * in the tx status easier. need the actual retry limit to
415 * detect whether the fallback rate was used.
417 if ((rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS) ||
418 (rates[0].count <= dev->wl->hw->conf.long_frame_max_tx_count)) {
419 rates[0].count = dev->wl->hw->conf.long_frame_max_tx_count;
420 mac_ctl |= B43_TXH_MAC_LONGFRAME;
421 } else {
422 rates[0].count = dev->wl->hw->conf.short_frame_max_tx_count;
425 /* Generate the RTS or CTS-to-self frame */
426 if ((rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS) ||
427 (rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT)) {
428 unsigned int len;
429 struct ieee80211_hdr *uninitialized_var(hdr);
430 int rts_rate, rts_rate_fb;
431 int rts_rate_ofdm, rts_rate_fb_ofdm;
432 struct b43_plcp_hdr6 *uninitialized_var(plcp);
433 struct ieee80211_rate *rts_cts_rate;
435 rts_cts_rate = ieee80211_get_rts_cts_rate(dev->wl->hw, info);
437 rts_rate = rts_cts_rate ? rts_cts_rate->hw_value : B43_CCK_RATE_1MB;
438 rts_rate_ofdm = b43_is_ofdm_rate(rts_rate);
439 rts_rate_fb = b43_calc_fallback_rate(rts_rate);
440 rts_rate_fb_ofdm = b43_is_ofdm_rate(rts_rate_fb);
442 if (rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT) {
443 struct ieee80211_cts *uninitialized_var(cts);
445 switch (dev->fw.hdr_format) {
446 case B43_FW_HDR_598:
447 cts = (struct ieee80211_cts *)
448 (txhdr->format_598.rts_frame);
449 break;
450 case B43_FW_HDR_351:
451 cts = (struct ieee80211_cts *)
452 (txhdr->format_351.rts_frame);
453 break;
454 case B43_FW_HDR_410:
455 cts = (struct ieee80211_cts *)
456 (txhdr->format_410.rts_frame);
457 break;
459 ieee80211_ctstoself_get(dev->wl->hw, info->control.vif,
460 fragment_data, fragment_len,
461 info, cts);
462 mac_ctl |= B43_TXH_MAC_SENDCTS;
463 len = sizeof(struct ieee80211_cts);
464 } else {
465 struct ieee80211_rts *uninitialized_var(rts);
467 switch (dev->fw.hdr_format) {
468 case B43_FW_HDR_598:
469 rts = (struct ieee80211_rts *)
470 (txhdr->format_598.rts_frame);
471 break;
472 case B43_FW_HDR_351:
473 rts = (struct ieee80211_rts *)
474 (txhdr->format_351.rts_frame);
475 break;
476 case B43_FW_HDR_410:
477 rts = (struct ieee80211_rts *)
478 (txhdr->format_410.rts_frame);
479 break;
481 ieee80211_rts_get(dev->wl->hw, info->control.vif,
482 fragment_data, fragment_len,
483 info, rts);
484 mac_ctl |= B43_TXH_MAC_SENDRTS;
485 len = sizeof(struct ieee80211_rts);
487 len += FCS_LEN;
489 /* Generate the PLCP headers for the RTS/CTS frame */
490 switch (dev->fw.hdr_format) {
491 case B43_FW_HDR_598:
492 plcp = &txhdr->format_598.rts_plcp;
493 break;
494 case B43_FW_HDR_351:
495 plcp = &txhdr->format_351.rts_plcp;
496 break;
497 case B43_FW_HDR_410:
498 plcp = &txhdr->format_410.rts_plcp;
499 break;
501 b43_generate_plcp_hdr((struct b43_plcp_hdr4 *)plcp,
502 len, rts_rate);
503 plcp = &txhdr->rts_plcp_fb;
504 b43_generate_plcp_hdr((struct b43_plcp_hdr4 *)plcp,
505 len, rts_rate_fb);
507 switch (dev->fw.hdr_format) {
508 case B43_FW_HDR_598:
509 hdr = (struct ieee80211_hdr *)
510 (&txhdr->format_598.rts_frame);
511 break;
512 case B43_FW_HDR_351:
513 hdr = (struct ieee80211_hdr *)
514 (&txhdr->format_351.rts_frame);
515 break;
516 case B43_FW_HDR_410:
517 hdr = (struct ieee80211_hdr *)
518 (&txhdr->format_410.rts_frame);
519 break;
521 txhdr->rts_dur_fb = hdr->duration_id;
523 if (rts_rate_ofdm) {
524 extra_ft |= B43_TXH_EFT_RTS_OFDM;
525 txhdr->phy_rate_rts =
526 b43_plcp_get_ratecode_ofdm(rts_rate);
527 } else {
528 extra_ft |= B43_TXH_EFT_RTS_CCK;
529 txhdr->phy_rate_rts =
530 b43_plcp_get_ratecode_cck(rts_rate);
532 if (rts_rate_fb_ofdm)
533 extra_ft |= B43_TXH_EFT_RTSFB_OFDM;
534 else
535 extra_ft |= B43_TXH_EFT_RTSFB_CCK;
537 if (rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS &&
538 fill_phy_ctl1) {
539 txhdr->phy_ctl1_rts = cpu_to_le16(
540 b43_generate_tx_phy_ctl1(dev, rts_rate));
541 txhdr->phy_ctl1_rts_fb = cpu_to_le16(
542 b43_generate_tx_phy_ctl1(dev, rts_rate_fb));
546 /* Magic cookie */
547 switch (dev->fw.hdr_format) {
548 case B43_FW_HDR_598:
549 txhdr->format_598.cookie = cpu_to_le16(cookie);
550 break;
551 case B43_FW_HDR_351:
552 txhdr->format_351.cookie = cpu_to_le16(cookie);
553 break;
554 case B43_FW_HDR_410:
555 txhdr->format_410.cookie = cpu_to_le16(cookie);
556 break;
559 if (fill_phy_ctl1) {
560 txhdr->phy_ctl1 =
561 cpu_to_le16(b43_generate_tx_phy_ctl1(dev, rate));
562 txhdr->phy_ctl1_fb =
563 cpu_to_le16(b43_generate_tx_phy_ctl1(dev, rate_fb));
566 /* Apply the bitfields */
567 txhdr->mac_ctl = cpu_to_le32(mac_ctl);
568 txhdr->phy_ctl = cpu_to_le16(phy_ctl);
569 txhdr->extra_ft = extra_ft;
571 return 0;
574 static s8 b43_rssi_postprocess(struct b43_wldev *dev,
575 u8 in_rssi, int ofdm,
576 int adjust_2053, int adjust_2050)
578 struct b43_phy *phy = &dev->phy;
579 struct b43_phy_g *gphy = phy->g;
580 s32 tmp;
582 switch (phy->radio_ver) {
583 case 0x2050:
584 if (ofdm) {
585 tmp = in_rssi;
586 if (tmp > 127)
587 tmp -= 256;
588 tmp *= 73;
589 tmp /= 64;
590 if (adjust_2050)
591 tmp += 25;
592 else
593 tmp -= 3;
594 } else {
595 if (dev->dev->bus_sprom->
596 boardflags_lo & B43_BFL_RSSI) {
597 if (in_rssi > 63)
598 in_rssi = 63;
599 B43_WARN_ON(phy->type != B43_PHYTYPE_G);
600 tmp = gphy->nrssi_lt[in_rssi];
601 tmp = 31 - tmp;
602 tmp *= -131;
603 tmp /= 128;
604 tmp -= 57;
605 } else {
606 tmp = in_rssi;
607 tmp = 31 - tmp;
608 tmp *= -149;
609 tmp /= 128;
610 tmp -= 68;
612 if (phy->type == B43_PHYTYPE_G && adjust_2050)
613 tmp += 25;
615 break;
616 case 0x2060:
617 if (in_rssi > 127)
618 tmp = in_rssi - 256;
619 else
620 tmp = in_rssi;
621 break;
622 default:
623 tmp = in_rssi;
624 tmp -= 11;
625 tmp *= 103;
626 tmp /= 64;
627 if (adjust_2053)
628 tmp -= 109;
629 else
630 tmp -= 83;
633 return (s8) tmp;
636 //TODO
637 #if 0
638 static s8 b43_rssinoise_postprocess(struct b43_wldev *dev, u8 in_rssi)
640 struct b43_phy *phy = &dev->phy;
641 s8 ret;
643 if (phy->type == B43_PHYTYPE_A) {
644 //TODO: Incomplete specs.
645 ret = 0;
646 } else
647 ret = b43_rssi_postprocess(dev, in_rssi, 0, 1, 1);
649 return ret;
651 #endif
653 void b43_rx(struct b43_wldev *dev, struct sk_buff *skb, const void *_rxhdr)
655 struct ieee80211_rx_status status;
656 struct b43_plcp_hdr6 *plcp;
657 struct ieee80211_hdr *wlhdr;
658 const struct b43_rxhdr_fw4 *rxhdr = _rxhdr;
659 __le16 fctl;
660 u16 phystat0, phystat3;
661 u16 uninitialized_var(chanstat), uninitialized_var(mactime);
662 u32 uninitialized_var(macstat);
663 u16 chanid;
664 u16 phytype;
665 int padding;
667 memset(&status, 0, sizeof(status));
669 /* Get metadata about the frame from the header. */
670 phystat0 = le16_to_cpu(rxhdr->phy_status0);
671 phystat3 = le16_to_cpu(rxhdr->phy_status3);
672 switch (dev->fw.hdr_format) {
673 case B43_FW_HDR_598:
674 macstat = le32_to_cpu(rxhdr->format_598.mac_status);
675 mactime = le16_to_cpu(rxhdr->format_598.mac_time);
676 chanstat = le16_to_cpu(rxhdr->format_598.channel);
677 break;
678 case B43_FW_HDR_410:
679 case B43_FW_HDR_351:
680 macstat = le32_to_cpu(rxhdr->format_351.mac_status);
681 mactime = le16_to_cpu(rxhdr->format_351.mac_time);
682 chanstat = le16_to_cpu(rxhdr->format_351.channel);
683 break;
685 phytype = chanstat & B43_RX_CHAN_PHYTYPE;
687 if (unlikely(macstat & B43_RX_MAC_FCSERR)) {
688 dev->wl->ieee_stats.dot11FCSErrorCount++;
689 status.flag |= RX_FLAG_FAILED_FCS_CRC;
691 if (unlikely(phystat0 & (B43_RX_PHYST0_PLCPHCF | B43_RX_PHYST0_PLCPFV)))
692 status.flag |= RX_FLAG_FAILED_PLCP_CRC;
693 if (phystat0 & B43_RX_PHYST0_SHORTPRMBL)
694 status.flag |= RX_FLAG_SHORTPRE;
695 if (macstat & B43_RX_MAC_DECERR) {
696 /* Decryption with the given key failed.
697 * Drop the packet. We also won't be able to decrypt it with
698 * the key in software. */
699 goto drop;
702 /* Skip PLCP and padding */
703 padding = (macstat & B43_RX_MAC_PADDING) ? 2 : 0;
704 if (unlikely(skb->len < (sizeof(struct b43_plcp_hdr6) + padding))) {
705 b43dbg(dev->wl, "RX: Packet size underrun (1)\n");
706 goto drop;
708 plcp = (struct b43_plcp_hdr6 *)(skb->data + padding);
709 skb_pull(skb, sizeof(struct b43_plcp_hdr6) + padding);
710 /* The skb contains the Wireless Header + payload data now */
711 if (unlikely(skb->len < (2 + 2 + 6 /*minimum hdr */ + FCS_LEN))) {
712 b43dbg(dev->wl, "RX: Packet size underrun (2)\n");
713 goto drop;
715 wlhdr = (struct ieee80211_hdr *)(skb->data);
716 fctl = wlhdr->frame_control;
718 if (macstat & B43_RX_MAC_DEC) {
719 unsigned int keyidx;
720 int wlhdr_len;
722 keyidx = ((macstat & B43_RX_MAC_KEYIDX)
723 >> B43_RX_MAC_KEYIDX_SHIFT);
724 /* We must adjust the key index here. We want the "physical"
725 * key index, but the ucode passed it slightly different.
727 keyidx = b43_kidx_to_raw(dev, keyidx);
728 B43_WARN_ON(keyidx >= ARRAY_SIZE(dev->key));
730 if (dev->key[keyidx].algorithm != B43_SEC_ALGO_NONE) {
731 wlhdr_len = ieee80211_hdrlen(fctl);
732 if (unlikely(skb->len < (wlhdr_len + 3))) {
733 b43dbg(dev->wl,
734 "RX: Packet size underrun (3)\n");
735 goto drop;
737 status.flag |= RX_FLAG_DECRYPTED;
741 /* Link quality statistics */
742 switch (chanstat & B43_RX_CHAN_PHYTYPE) {
743 case B43_PHYTYPE_HT:
744 /* TODO: is max the right choice? */
745 status.signal = max_t(__s8,
746 max(rxhdr->phy_ht_power0, rxhdr->phy_ht_power1),
747 rxhdr->phy_ht_power2);
748 break;
749 case B43_PHYTYPE_N:
750 /* Broadcom has code for min and avg, but always uses max */
751 if (rxhdr->power0 == 16 || rxhdr->power0 == 32)
752 status.signal = max(rxhdr->power1, rxhdr->power2);
753 else
754 status.signal = max(rxhdr->power0, rxhdr->power1);
755 break;
756 case B43_PHYTYPE_A:
757 case B43_PHYTYPE_B:
758 case B43_PHYTYPE_G:
759 case B43_PHYTYPE_LP:
760 status.signal = b43_rssi_postprocess(dev, rxhdr->jssi,
761 (phystat0 & B43_RX_PHYST0_OFDM),
762 (phystat0 & B43_RX_PHYST0_GAINCTL),
763 (phystat3 & B43_RX_PHYST3_TRSTATE));
764 break;
767 if (phystat0 & B43_RX_PHYST0_OFDM)
768 status.rate_idx = b43_plcp_get_bitrate_idx_ofdm(plcp,
769 phytype == B43_PHYTYPE_A);
770 else
771 status.rate_idx = b43_plcp_get_bitrate_idx_cck(plcp);
772 if (unlikely(status.rate_idx == -1)) {
773 /* PLCP seems to be corrupted.
774 * Drop the frame, if we are not interested in corrupted frames. */
775 if (!(dev->wl->filter_flags & FIF_PLCPFAIL))
776 goto drop;
778 status.antenna = !!(phystat0 & B43_RX_PHYST0_ANT);
781 * All frames on monitor interfaces and beacons always need a full
782 * 64-bit timestamp. Monitor interfaces need it for diagnostic
783 * purposes and beacons for IBSS merging.
784 * This code assumes we get to process the packet within 16 bits
785 * of timestamp, i.e. about 65 milliseconds after the PHY received
786 * the first symbol.
788 if (ieee80211_is_beacon(fctl) || dev->wl->radiotap_enabled) {
789 u16 low_mactime_now;
791 b43_tsf_read(dev, &status.mactime);
792 low_mactime_now = status.mactime;
793 status.mactime = status.mactime & ~0xFFFFULL;
794 status.mactime += mactime;
795 if (low_mactime_now <= mactime)
796 status.mactime -= 0x10000;
797 status.flag |= RX_FLAG_MACTIME_MPDU;
800 chanid = (chanstat & B43_RX_CHAN_ID) >> B43_RX_CHAN_ID_SHIFT;
801 switch (chanstat & B43_RX_CHAN_PHYTYPE) {
802 case B43_PHYTYPE_A:
803 status.band = IEEE80211_BAND_5GHZ;
804 B43_WARN_ON(1);
805 /* FIXME: We don't really know which value the "chanid" contains.
806 * So the following assignment might be wrong. */
807 status.freq = b43_channel_to_freq_5ghz(chanid);
808 break;
809 case B43_PHYTYPE_G:
810 status.band = IEEE80211_BAND_2GHZ;
811 /* chanid is the radio channel cookie value as used
812 * to tune the radio. */
813 status.freq = chanid + 2400;
814 break;
815 case B43_PHYTYPE_N:
816 case B43_PHYTYPE_LP:
817 case B43_PHYTYPE_HT:
818 /* chanid is the SHM channel cookie. Which is the plain
819 * channel number in b43. */
820 if (chanstat & B43_RX_CHAN_5GHZ) {
821 status.band = IEEE80211_BAND_5GHZ;
822 status.freq = b43_freq_to_channel_5ghz(chanid);
823 } else {
824 status.band = IEEE80211_BAND_2GHZ;
825 status.freq = b43_freq_to_channel_2ghz(chanid);
827 break;
828 default:
829 B43_WARN_ON(1);
830 goto drop;
833 memcpy(IEEE80211_SKB_RXCB(skb), &status, sizeof(status));
834 ieee80211_rx_ni(dev->wl->hw, skb);
836 #if B43_DEBUG
837 dev->rx_count++;
838 #endif
839 return;
840 drop:
841 dev_kfree_skb_any(skb);
844 void b43_handle_txstatus(struct b43_wldev *dev,
845 const struct b43_txstatus *status)
847 b43_debugfs_log_txstat(dev, status);
849 if (status->intermediate)
850 return;
851 if (status->for_ampdu)
852 return;
853 if (!status->acked)
854 dev->wl->ieee_stats.dot11ACKFailureCount++;
855 if (status->rts_count) {
856 if (status->rts_count == 0xF) //FIXME
857 dev->wl->ieee_stats.dot11RTSFailureCount++;
858 else
859 dev->wl->ieee_stats.dot11RTSSuccessCount++;
862 if (b43_using_pio_transfers(dev))
863 b43_pio_handle_txstatus(dev, status);
864 else
865 b43_dma_handle_txstatus(dev, status);
867 b43_phy_txpower_check(dev, 0);
870 /* Fill out the mac80211 TXstatus report based on the b43-specific
871 * txstatus report data. This returns a boolean whether the frame was
872 * successfully transmitted. */
873 bool b43_fill_txstatus_report(struct b43_wldev *dev,
874 struct ieee80211_tx_info *report,
875 const struct b43_txstatus *status)
877 bool frame_success = true;
878 int retry_limit;
880 /* preserve the confiured retry limit before clearing the status
881 * The xmit function has overwritten the rc's value with the actual
882 * retry limit done by the hardware */
883 retry_limit = report->status.rates[0].count;
884 ieee80211_tx_info_clear_status(report);
886 if (status->acked) {
887 /* The frame was ACKed. */
888 report->flags |= IEEE80211_TX_STAT_ACK;
889 } else {
890 /* The frame was not ACKed... */
891 if (!(report->flags & IEEE80211_TX_CTL_NO_ACK)) {
892 /* ...but we expected an ACK. */
893 frame_success = false;
896 if (status->frame_count == 0) {
897 /* The frame was not transmitted at all. */
898 report->status.rates[0].count = 0;
899 } else if (status->rts_count > dev->wl->hw->conf.short_frame_max_tx_count) {
901 * If the short retries (RTS, not data frame) have exceeded
902 * the limit, the hw will not have tried the selected rate,
903 * but will have used the fallback rate instead.
904 * Don't let the rate control count attempts for the selected
905 * rate in this case, otherwise the statistics will be off.
907 report->status.rates[0].count = 0;
908 report->status.rates[1].count = status->frame_count;
909 } else {
910 if (status->frame_count > retry_limit) {
911 report->status.rates[0].count = retry_limit;
912 report->status.rates[1].count = status->frame_count -
913 retry_limit;
915 } else {
916 report->status.rates[0].count = status->frame_count;
917 report->status.rates[1].idx = -1;
921 return frame_success;
924 /* Stop any TX operation on the device (suspend the hardware queues) */
925 void b43_tx_suspend(struct b43_wldev *dev)
927 if (b43_using_pio_transfers(dev))
928 b43_pio_tx_suspend(dev);
929 else
930 b43_dma_tx_suspend(dev);
933 /* Resume any TX operation on the device (resume the hardware queues) */
934 void b43_tx_resume(struct b43_wldev *dev)
936 if (b43_using_pio_transfers(dev))
937 b43_pio_tx_resume(dev);
938 else
939 b43_dma_tx_resume(dev);