Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / net / wireless / iwlwifi / iwl-trans-pcie-tx.c
blobbd29568177e6354eb2f6523c0a782155221072a5
1 /******************************************************************************
3 * Copyright(c) 2003 - 2011 Intel Corporation. All rights reserved.
5 * Portions of this file are derived from the ipw3945 project, as well
6 * as portions of the ieee80211 subsystem header files.
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of version 2 of the GNU General Public License as
10 * published by the Free Software Foundation.
12 * This program is distributed in the hope that it will be useful, but WITHOUT
13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * more details.
17 * You should have received a copy of the GNU General Public License along with
18 * this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110, USA
21 * The full GNU General Public License is included in this distribution in the
22 * file called LICENSE.
24 * Contact Information:
25 * Intel Linux Wireless <ilw@linux.intel.com>
26 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
28 *****************************************************************************/
29 #include <linux/etherdevice.h>
30 #include <linux/slab.h>
31 #include <linux/sched.h>
33 #include "iwl-debug.h"
34 #include "iwl-csr.h"
35 #include "iwl-prph.h"
36 #include "iwl-io.h"
37 #include "iwl-agn-hw.h"
38 #include "iwl-trans-pcie-int.h"
40 #define IWL_TX_CRC_SIZE 4
41 #define IWL_TX_DELIMITER_SIZE 4
43 /**
44 * iwl_trans_txq_update_byte_cnt_tbl - Set up entry in Tx byte-count array
46 void iwl_trans_txq_update_byte_cnt_tbl(struct iwl_trans *trans,
47 struct iwl_tx_queue *txq,
48 u16 byte_cnt)
50 struct iwlagn_scd_bc_tbl *scd_bc_tbl;
51 struct iwl_trans_pcie *trans_pcie =
52 IWL_TRANS_GET_PCIE_TRANS(trans);
53 int write_ptr = txq->q.write_ptr;
54 int txq_id = txq->q.id;
55 u8 sec_ctl = 0;
56 u8 sta_id = 0;
57 u16 len = byte_cnt + IWL_TX_CRC_SIZE + IWL_TX_DELIMITER_SIZE;
58 __le16 bc_ent;
59 struct iwl_tx_cmd *tx_cmd =
60 (struct iwl_tx_cmd *) txq->cmd[txq->q.write_ptr]->payload;
62 scd_bc_tbl = trans_pcie->scd_bc_tbls.addr;
64 WARN_ON(len > 0xFFF || write_ptr >= TFD_QUEUE_SIZE_MAX);
66 sta_id = tx_cmd->sta_id;
67 sec_ctl = tx_cmd->sec_ctl;
69 switch (sec_ctl & TX_CMD_SEC_MSK) {
70 case TX_CMD_SEC_CCM:
71 len += CCMP_MIC_LEN;
72 break;
73 case TX_CMD_SEC_TKIP:
74 len += TKIP_ICV_LEN;
75 break;
76 case TX_CMD_SEC_WEP:
77 len += WEP_IV_LEN + WEP_ICV_LEN;
78 break;
81 bc_ent = cpu_to_le16((len & 0xFFF) | (sta_id << 12));
83 scd_bc_tbl[txq_id].tfd_offset[write_ptr] = bc_ent;
85 if (write_ptr < TFD_QUEUE_SIZE_BC_DUP)
86 scd_bc_tbl[txq_id].
87 tfd_offset[TFD_QUEUE_SIZE_MAX + write_ptr] = bc_ent;
90 /**
91 * iwl_txq_update_write_ptr - Send new write index to hardware
93 void iwl_txq_update_write_ptr(struct iwl_trans *trans, struct iwl_tx_queue *txq)
95 u32 reg = 0;
96 int txq_id = txq->q.id;
98 if (txq->need_update == 0)
99 return;
101 if (hw_params(trans).shadow_reg_enable) {
102 /* shadow register enabled */
103 iwl_write32(bus(trans), HBUS_TARG_WRPTR,
104 txq->q.write_ptr | (txq_id << 8));
105 } else {
106 /* if we're trying to save power */
107 if (test_bit(STATUS_POWER_PMI, &trans->shrd->status)) {
108 /* wake up nic if it's powered down ...
109 * uCode will wake up, and interrupt us again, so next
110 * time we'll skip this part. */
111 reg = iwl_read32(bus(trans), CSR_UCODE_DRV_GP1);
113 if (reg & CSR_UCODE_DRV_GP1_BIT_MAC_SLEEP) {
114 IWL_DEBUG_INFO(trans,
115 "Tx queue %d requesting wakeup,"
116 " GP1 = 0x%x\n", txq_id, reg);
117 iwl_set_bit(bus(trans), CSR_GP_CNTRL,
118 CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
119 return;
122 iwl_write_direct32(bus(trans), HBUS_TARG_WRPTR,
123 txq->q.write_ptr | (txq_id << 8));
126 * else not in power-save mode,
127 * uCode will never sleep when we're
128 * trying to tx (during RFKILL, we're not trying to tx).
130 } else
131 iwl_write32(bus(trans), HBUS_TARG_WRPTR,
132 txq->q.write_ptr | (txq_id << 8));
134 txq->need_update = 0;
137 static inline dma_addr_t iwl_tfd_tb_get_addr(struct iwl_tfd *tfd, u8 idx)
139 struct iwl_tfd_tb *tb = &tfd->tbs[idx];
141 dma_addr_t addr = get_unaligned_le32(&tb->lo);
142 if (sizeof(dma_addr_t) > sizeof(u32))
143 addr |=
144 ((dma_addr_t)(le16_to_cpu(tb->hi_n_len) & 0xF) << 16) << 16;
146 return addr;
149 static inline u16 iwl_tfd_tb_get_len(struct iwl_tfd *tfd, u8 idx)
151 struct iwl_tfd_tb *tb = &tfd->tbs[idx];
153 return le16_to_cpu(tb->hi_n_len) >> 4;
156 static inline void iwl_tfd_set_tb(struct iwl_tfd *tfd, u8 idx,
157 dma_addr_t addr, u16 len)
159 struct iwl_tfd_tb *tb = &tfd->tbs[idx];
160 u16 hi_n_len = len << 4;
162 put_unaligned_le32(addr, &tb->lo);
163 if (sizeof(dma_addr_t) > sizeof(u32))
164 hi_n_len |= ((addr >> 16) >> 16) & 0xF;
166 tb->hi_n_len = cpu_to_le16(hi_n_len);
168 tfd->num_tbs = idx + 1;
171 static inline u8 iwl_tfd_get_num_tbs(struct iwl_tfd *tfd)
173 return tfd->num_tbs & 0x1f;
176 static void iwlagn_unmap_tfd(struct iwl_trans *trans, struct iwl_cmd_meta *meta,
177 struct iwl_tfd *tfd, enum dma_data_direction dma_dir)
179 int i;
180 int num_tbs;
182 /* Sanity check on number of chunks */
183 num_tbs = iwl_tfd_get_num_tbs(tfd);
185 if (num_tbs >= IWL_NUM_OF_TBS) {
186 IWL_ERR(trans, "Too many chunks: %i\n", num_tbs);
187 /* @todo issue fatal error, it is quite serious situation */
188 return;
191 /* Unmap tx_cmd */
192 if (num_tbs)
193 dma_unmap_single(bus(trans)->dev,
194 dma_unmap_addr(meta, mapping),
195 dma_unmap_len(meta, len),
196 DMA_BIDIRECTIONAL);
198 /* Unmap chunks, if any. */
199 for (i = 1; i < num_tbs; i++)
200 dma_unmap_single(bus(trans)->dev, iwl_tfd_tb_get_addr(tfd, i),
201 iwl_tfd_tb_get_len(tfd, i), dma_dir);
205 * iwlagn_txq_free_tfd - Free all chunks referenced by TFD [txq->q.read_ptr]
206 * @trans - transport private data
207 * @txq - tx queue
208 * @index - the index of the TFD to be freed
209 *@dma_dir - the direction of the DMA mapping
211 * Does NOT advance any TFD circular buffer read/write indexes
212 * Does NOT free the TFD itself (which is within circular buffer)
214 void iwlagn_txq_free_tfd(struct iwl_trans *trans, struct iwl_tx_queue *txq,
215 int index, enum dma_data_direction dma_dir)
217 struct iwl_tfd *tfd_tmp = txq->tfds;
219 iwlagn_unmap_tfd(trans, &txq->meta[index], &tfd_tmp[index], dma_dir);
221 /* free SKB */
222 if (txq->skbs) {
223 struct sk_buff *skb;
225 skb = txq->skbs[index];
227 /* Can be called from irqs-disabled context
228 * If skb is not NULL, it means that the whole queue is being
229 * freed and that the queue is not empty - free the skb
231 if (skb) {
232 iwl_free_skb(priv(trans), skb);
233 txq->skbs[index] = NULL;
238 int iwlagn_txq_attach_buf_to_tfd(struct iwl_trans *trans,
239 struct iwl_tx_queue *txq,
240 dma_addr_t addr, u16 len,
241 u8 reset)
243 struct iwl_queue *q;
244 struct iwl_tfd *tfd, *tfd_tmp;
245 u32 num_tbs;
247 q = &txq->q;
248 tfd_tmp = txq->tfds;
249 tfd = &tfd_tmp[q->write_ptr];
251 if (reset)
252 memset(tfd, 0, sizeof(*tfd));
254 num_tbs = iwl_tfd_get_num_tbs(tfd);
256 /* Each TFD can point to a maximum 20 Tx buffers */
257 if (num_tbs >= IWL_NUM_OF_TBS) {
258 IWL_ERR(trans, "Error can not send more than %d chunks\n",
259 IWL_NUM_OF_TBS);
260 return -EINVAL;
263 if (WARN_ON(addr & ~DMA_BIT_MASK(36)))
264 return -EINVAL;
266 if (unlikely(addr & ~IWL_TX_DMA_MASK))
267 IWL_ERR(trans, "Unaligned address = %llx\n",
268 (unsigned long long)addr);
270 iwl_tfd_set_tb(tfd, num_tbs, addr, len);
272 return 0;
275 /*************** DMA-QUEUE-GENERAL-FUNCTIONS *****
276 * DMA services
278 * Theory of operation
280 * A Tx or Rx queue resides in host DRAM, and is comprised of a circular buffer
281 * of buffer descriptors, each of which points to one or more data buffers for
282 * the device to read from or fill. Driver and device exchange status of each
283 * queue via "read" and "write" pointers. Driver keeps minimum of 2 empty
284 * entries in each circular buffer, to protect against confusing empty and full
285 * queue states.
287 * The device reads or writes the data in the queues via the device's several
288 * DMA/FIFO channels. Each queue is mapped to a single DMA channel.
290 * For Tx queue, there are low mark and high mark limits. If, after queuing
291 * the packet for Tx, free space become < low mark, Tx queue stopped. When
292 * reclaiming packets (on 'tx done IRQ), if free space become > high mark,
293 * Tx queue resumed.
295 ***************************************************/
297 int iwl_queue_space(const struct iwl_queue *q)
299 int s = q->read_ptr - q->write_ptr;
301 if (q->read_ptr > q->write_ptr)
302 s -= q->n_bd;
304 if (s <= 0)
305 s += q->n_window;
306 /* keep some reserve to not confuse empty and full situations */
307 s -= 2;
308 if (s < 0)
309 s = 0;
310 return s;
314 * iwl_queue_init - Initialize queue's high/low-water and read/write indexes
316 int iwl_queue_init(struct iwl_queue *q, int count, int slots_num, u32 id)
318 q->n_bd = count;
319 q->n_window = slots_num;
320 q->id = id;
322 /* count must be power-of-two size, otherwise iwl_queue_inc_wrap
323 * and iwl_queue_dec_wrap are broken. */
324 if (WARN_ON(!is_power_of_2(count)))
325 return -EINVAL;
327 /* slots_num must be power-of-two size, otherwise
328 * get_cmd_index is broken. */
329 if (WARN_ON(!is_power_of_2(slots_num)))
330 return -EINVAL;
332 q->low_mark = q->n_window / 4;
333 if (q->low_mark < 4)
334 q->low_mark = 4;
336 q->high_mark = q->n_window / 8;
337 if (q->high_mark < 2)
338 q->high_mark = 2;
340 q->write_ptr = q->read_ptr = 0;
342 return 0;
345 static void iwlagn_txq_inval_byte_cnt_tbl(struct iwl_trans *trans,
346 struct iwl_tx_queue *txq)
348 struct iwl_trans_pcie *trans_pcie =
349 IWL_TRANS_GET_PCIE_TRANS(trans);
350 struct iwlagn_scd_bc_tbl *scd_bc_tbl = trans_pcie->scd_bc_tbls.addr;
351 int txq_id = txq->q.id;
352 int read_ptr = txq->q.read_ptr;
353 u8 sta_id = 0;
354 __le16 bc_ent;
355 struct iwl_tx_cmd *tx_cmd =
356 (struct iwl_tx_cmd *) txq->cmd[txq->q.read_ptr]->payload;
358 WARN_ON(read_ptr >= TFD_QUEUE_SIZE_MAX);
360 if (txq_id != trans->shrd->cmd_queue)
361 sta_id = tx_cmd->sta_id;
363 bc_ent = cpu_to_le16(1 | (sta_id << 12));
364 scd_bc_tbl[txq_id].tfd_offset[read_ptr] = bc_ent;
366 if (read_ptr < TFD_QUEUE_SIZE_BC_DUP)
367 scd_bc_tbl[txq_id].
368 tfd_offset[TFD_QUEUE_SIZE_MAX + read_ptr] = bc_ent;
371 static int iwlagn_tx_queue_set_q2ratid(struct iwl_trans *trans, u16 ra_tid,
372 u16 txq_id)
374 u32 tbl_dw_addr;
375 u32 tbl_dw;
376 u16 scd_q2ratid;
378 struct iwl_trans_pcie *trans_pcie =
379 IWL_TRANS_GET_PCIE_TRANS(trans);
381 scd_q2ratid = ra_tid & SCD_QUEUE_RA_TID_MAP_RATID_MSK;
383 tbl_dw_addr = trans_pcie->scd_base_addr +
384 SCD_TRANS_TBL_OFFSET_QUEUE(txq_id);
386 tbl_dw = iwl_read_targ_mem(bus(trans), tbl_dw_addr);
388 if (txq_id & 0x1)
389 tbl_dw = (scd_q2ratid << 16) | (tbl_dw & 0x0000FFFF);
390 else
391 tbl_dw = scd_q2ratid | (tbl_dw & 0xFFFF0000);
393 iwl_write_targ_mem(bus(trans), tbl_dw_addr, tbl_dw);
395 return 0;
398 static void iwlagn_tx_queue_stop_scheduler(struct iwl_trans *trans, u16 txq_id)
400 /* Simply stop the queue, but don't change any configuration;
401 * the SCD_ACT_EN bit is the write-enable mask for the ACTIVE bit. */
402 iwl_write_prph(bus(trans),
403 SCD_QUEUE_STATUS_BITS(txq_id),
404 (0 << SCD_QUEUE_STTS_REG_POS_ACTIVE)|
405 (1 << SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN));
408 void iwl_trans_set_wr_ptrs(struct iwl_trans *trans,
409 int txq_id, u32 index)
411 IWL_DEBUG_TX_QUEUES(trans, "Q %d WrPtr: %d", txq_id, index & 0xff);
412 iwl_write_direct32(bus(trans), HBUS_TARG_WRPTR,
413 (index & 0xff) | (txq_id << 8));
414 iwl_write_prph(bus(trans), SCD_QUEUE_RDPTR(txq_id), index);
417 void iwl_trans_tx_queue_set_status(struct iwl_trans *trans,
418 struct iwl_tx_queue *txq,
419 int tx_fifo_id, int scd_retry)
421 struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
422 int txq_id = txq->q.id;
423 int active =
424 test_bit(txq_id, &trans_pcie->txq_ctx_active_msk) ? 1 : 0;
426 iwl_write_prph(bus(trans), SCD_QUEUE_STATUS_BITS(txq_id),
427 (active << SCD_QUEUE_STTS_REG_POS_ACTIVE) |
428 (tx_fifo_id << SCD_QUEUE_STTS_REG_POS_TXF) |
429 (1 << SCD_QUEUE_STTS_REG_POS_WSL) |
430 SCD_QUEUE_STTS_REG_MSK);
432 txq->sched_retry = scd_retry;
434 IWL_DEBUG_TX_QUEUES(trans, "%s %s Queue %d on FIFO %d\n",
435 active ? "Activate" : "Deactivate",
436 scd_retry ? "BA" : "AC/CMD", txq_id, tx_fifo_id);
439 static inline int get_fifo_from_tid(struct iwl_trans_pcie *trans_pcie,
440 u8 ctx, u16 tid)
442 const u8 *ac_to_fifo = trans_pcie->ac_to_fifo[ctx];
443 if (likely(tid < ARRAY_SIZE(tid_to_ac)))
444 return ac_to_fifo[tid_to_ac[tid]];
446 /* no support for TIDs 8-15 yet */
447 return -EINVAL;
450 static inline bool is_agg_txqid_valid(struct iwl_trans *trans, int txq_id)
452 if (txq_id < IWLAGN_FIRST_AMPDU_QUEUE)
453 return false;
454 return txq_id < (IWLAGN_FIRST_AMPDU_QUEUE +
455 hw_params(trans).num_ampdu_queues);
458 void iwl_trans_pcie_tx_agg_setup(struct iwl_trans *trans,
459 enum iwl_rxon_context_id ctx, int sta_id,
460 int tid, int frame_limit, u16 ssn)
462 int tx_fifo, txq_id;
463 u16 ra_tid;
464 unsigned long flags;
466 struct iwl_trans_pcie *trans_pcie =
467 IWL_TRANS_GET_PCIE_TRANS(trans);
469 if (WARN_ON(sta_id == IWL_INVALID_STATION))
470 return;
471 if (WARN_ON(tid >= IWL_MAX_TID_COUNT))
472 return;
474 tx_fifo = get_fifo_from_tid(trans_pcie, ctx, tid);
475 if (WARN_ON(tx_fifo < 0)) {
476 IWL_ERR(trans, "txq_agg_setup, bad fifo: %d\n", tx_fifo);
477 return;
480 txq_id = trans_pcie->agg_txq[sta_id][tid];
481 if (WARN_ON_ONCE(is_agg_txqid_valid(trans, txq_id) == false)) {
482 IWL_ERR(trans,
483 "queue number out of range: %d, must be %d to %d\n",
484 txq_id, IWLAGN_FIRST_AMPDU_QUEUE,
485 IWLAGN_FIRST_AMPDU_QUEUE +
486 hw_params(trans).num_ampdu_queues - 1);
487 return;
490 ra_tid = BUILD_RAxTID(sta_id, tid);
492 spin_lock_irqsave(&trans->shrd->lock, flags);
494 /* Stop this Tx queue before configuring it */
495 iwlagn_tx_queue_stop_scheduler(trans, txq_id);
497 /* Map receiver-address / traffic-ID to this queue */
498 iwlagn_tx_queue_set_q2ratid(trans, ra_tid, txq_id);
500 /* Set this queue as a chain-building queue */
501 iwl_set_bits_prph(bus(trans), SCD_QUEUECHAIN_SEL, (1<<txq_id));
503 /* enable aggregations for the queue */
504 iwl_set_bits_prph(bus(trans), SCD_AGGR_SEL, (1<<txq_id));
506 /* Place first TFD at index corresponding to start sequence number.
507 * Assumes that ssn_idx is valid (!= 0xFFF) */
508 trans_pcie->txq[txq_id].q.read_ptr = (ssn & 0xff);
509 trans_pcie->txq[txq_id].q.write_ptr = (ssn & 0xff);
510 iwl_trans_set_wr_ptrs(trans, txq_id, ssn);
512 /* Set up Tx window size and frame limit for this queue */
513 iwl_write_targ_mem(bus(trans), trans_pcie->scd_base_addr +
514 SCD_CONTEXT_QUEUE_OFFSET(txq_id) +
515 sizeof(u32),
516 ((frame_limit <<
517 SCD_QUEUE_CTX_REG2_WIN_SIZE_POS) &
518 SCD_QUEUE_CTX_REG2_WIN_SIZE_MSK) |
519 ((frame_limit <<
520 SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) &
521 SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK));
523 iwl_set_bits_prph(bus(trans), SCD_INTERRUPT_MASK, (1 << txq_id));
525 /* Set up Status area in SRAM, map to Tx DMA/FIFO, activate the queue */
526 iwl_trans_tx_queue_set_status(trans, &trans_pcie->txq[txq_id],
527 tx_fifo, 1);
529 trans_pcie->txq[txq_id].sta_id = sta_id;
530 trans_pcie->txq[txq_id].tid = tid;
532 spin_unlock_irqrestore(&trans->shrd->lock, flags);
536 * Find first available (lowest unused) Tx Queue, mark it "active".
537 * Called only when finding queue for aggregation.
538 * Should never return anything < 7, because they should already
539 * be in use as EDCA AC (0-3), Command (4), reserved (5, 6)
541 static int iwlagn_txq_ctx_activate_free(struct iwl_trans *trans)
543 struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
544 int txq_id;
546 for (txq_id = 0; txq_id < hw_params(trans).max_txq_num; txq_id++)
547 if (!test_and_set_bit(txq_id,
548 &trans_pcie->txq_ctx_active_msk))
549 return txq_id;
550 return -1;
553 int iwl_trans_pcie_tx_agg_alloc(struct iwl_trans *trans,
554 int sta_id, int tid)
556 struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
557 int txq_id;
559 txq_id = iwlagn_txq_ctx_activate_free(trans);
560 if (txq_id == -1) {
561 IWL_ERR(trans, "No free aggregation queue available\n");
562 return -ENXIO;
565 trans_pcie->agg_txq[sta_id][tid] = txq_id;
566 iwl_set_swq_id(&trans_pcie->txq[txq_id], get_ac_from_tid(tid), txq_id);
568 return 0;
571 int iwl_trans_pcie_tx_agg_disable(struct iwl_trans *trans, int sta_id, int tid)
573 struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
574 u8 txq_id = trans_pcie->agg_txq[sta_id][tid];
576 if (WARN_ON_ONCE(is_agg_txqid_valid(trans, txq_id) == false)) {
577 IWL_ERR(trans,
578 "queue number out of range: %d, must be %d to %d\n",
579 txq_id, IWLAGN_FIRST_AMPDU_QUEUE,
580 IWLAGN_FIRST_AMPDU_QUEUE +
581 hw_params(trans).num_ampdu_queues - 1);
582 return -EINVAL;
585 iwlagn_tx_queue_stop_scheduler(trans, txq_id);
587 iwl_clear_bits_prph(bus(trans), SCD_AGGR_SEL, (1 << txq_id));
589 trans_pcie->agg_txq[sta_id][tid] = 0;
590 trans_pcie->txq[txq_id].q.read_ptr = 0;
591 trans_pcie->txq[txq_id].q.write_ptr = 0;
592 /* supposes that ssn_idx is valid (!= 0xFFF) */
593 iwl_trans_set_wr_ptrs(trans, txq_id, 0);
595 iwl_clear_bits_prph(bus(trans), SCD_INTERRUPT_MASK, (1 << txq_id));
596 iwl_txq_ctx_deactivate(trans_pcie, txq_id);
597 iwl_trans_tx_queue_set_status(trans, &trans_pcie->txq[txq_id], 0, 0);
598 return 0;
601 /*************** HOST COMMAND QUEUE FUNCTIONS *****/
604 * iwl_enqueue_hcmd - enqueue a uCode command
605 * @priv: device private data point
606 * @cmd: a point to the ucode command structure
608 * The function returns < 0 values to indicate the operation is
609 * failed. On success, it turns the index (> 0) of command in the
610 * command queue.
612 static int iwl_enqueue_hcmd(struct iwl_trans *trans, struct iwl_host_cmd *cmd)
614 struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
615 struct iwl_tx_queue *txq = &trans_pcie->txq[trans->shrd->cmd_queue];
616 struct iwl_queue *q = &txq->q;
617 struct iwl_device_cmd *out_cmd;
618 struct iwl_cmd_meta *out_meta;
619 dma_addr_t phys_addr;
620 unsigned long flags;
621 u32 idx;
622 u16 copy_size, cmd_size;
623 bool is_ct_kill = false;
624 bool had_nocopy = false;
625 int i;
626 u8 *cmd_dest;
627 #ifdef CONFIG_IWLWIFI_DEVICE_TRACING
628 const void *trace_bufs[IWL_MAX_CMD_TFDS + 1] = {};
629 int trace_lens[IWL_MAX_CMD_TFDS + 1] = {};
630 int trace_idx;
631 #endif
633 if (test_bit(STATUS_FW_ERROR, &trans->shrd->status)) {
634 IWL_WARN(trans, "fw recovery, no hcmd send\n");
635 return -EIO;
638 if ((trans->shrd->ucode_owner == IWL_OWNERSHIP_TM) &&
639 !(cmd->flags & CMD_ON_DEMAND)) {
640 IWL_DEBUG_HC(trans, "tm own the uCode, no regular hcmd send\n");
641 return -EIO;
644 copy_size = sizeof(out_cmd->hdr);
645 cmd_size = sizeof(out_cmd->hdr);
647 /* need one for the header if the first is NOCOPY */
648 BUILD_BUG_ON(IWL_MAX_CMD_TFDS > IWL_NUM_OF_TBS - 1);
650 for (i = 0; i < IWL_MAX_CMD_TFDS; i++) {
651 if (!cmd->len[i])
652 continue;
653 if (cmd->dataflags[i] & IWL_HCMD_DFL_NOCOPY) {
654 had_nocopy = true;
655 } else {
656 /* NOCOPY must not be followed by normal! */
657 if (WARN_ON(had_nocopy))
658 return -EINVAL;
659 copy_size += cmd->len[i];
661 cmd_size += cmd->len[i];
665 * If any of the command structures end up being larger than
666 * the TFD_MAX_PAYLOAD_SIZE and they aren't dynamically
667 * allocated into separate TFDs, then we will need to
668 * increase the size of the buffers.
670 if (WARN_ON(copy_size > TFD_MAX_PAYLOAD_SIZE))
671 return -EINVAL;
673 if (iwl_is_rfkill(trans->shrd) || iwl_is_ctkill(trans->shrd)) {
674 IWL_WARN(trans, "Not sending command - %s KILL\n",
675 iwl_is_rfkill(trans->shrd) ? "RF" : "CT");
676 return -EIO;
679 spin_lock_irqsave(&trans->hcmd_lock, flags);
681 if (iwl_queue_space(q) < ((cmd->flags & CMD_ASYNC) ? 2 : 1)) {
682 spin_unlock_irqrestore(&trans->hcmd_lock, flags);
684 IWL_ERR(trans, "No space in command queue\n");
685 is_ct_kill = iwl_check_for_ct_kill(priv(trans));
686 if (!is_ct_kill) {
687 IWL_ERR(trans, "Restarting adapter queue is full\n");
688 iwlagn_fw_error(priv(trans), false);
690 return -ENOSPC;
693 idx = get_cmd_index(q, q->write_ptr);
694 out_cmd = txq->cmd[idx];
695 out_meta = &txq->meta[idx];
697 memset(out_meta, 0, sizeof(*out_meta)); /* re-initialize to NULL */
698 if (cmd->flags & CMD_WANT_SKB)
699 out_meta->source = cmd;
701 /* set up the header */
703 out_cmd->hdr.cmd = cmd->id;
704 out_cmd->hdr.flags = 0;
705 out_cmd->hdr.sequence =
706 cpu_to_le16(QUEUE_TO_SEQ(trans->shrd->cmd_queue) |
707 INDEX_TO_SEQ(q->write_ptr));
709 /* and copy the data that needs to be copied */
711 cmd_dest = out_cmd->payload;
712 for (i = 0; i < IWL_MAX_CMD_TFDS; i++) {
713 if (!cmd->len[i])
714 continue;
715 if (cmd->dataflags[i] & IWL_HCMD_DFL_NOCOPY)
716 break;
717 memcpy(cmd_dest, cmd->data[i], cmd->len[i]);
718 cmd_dest += cmd->len[i];
721 IWL_DEBUG_HC(trans, "Sending command %s (#%x), seq: 0x%04X, "
722 "%d bytes at %d[%d]:%d\n",
723 get_cmd_string(out_cmd->hdr.cmd),
724 out_cmd->hdr.cmd,
725 le16_to_cpu(out_cmd->hdr.sequence), cmd_size,
726 q->write_ptr, idx, trans->shrd->cmd_queue);
728 phys_addr = dma_map_single(bus(trans)->dev, &out_cmd->hdr, copy_size,
729 DMA_BIDIRECTIONAL);
730 if (unlikely(dma_mapping_error(bus(trans)->dev, phys_addr))) {
731 idx = -ENOMEM;
732 goto out;
735 dma_unmap_addr_set(out_meta, mapping, phys_addr);
736 dma_unmap_len_set(out_meta, len, copy_size);
738 iwlagn_txq_attach_buf_to_tfd(trans, txq,
739 phys_addr, copy_size, 1);
740 #ifdef CONFIG_IWLWIFI_DEVICE_TRACING
741 trace_bufs[0] = &out_cmd->hdr;
742 trace_lens[0] = copy_size;
743 trace_idx = 1;
744 #endif
746 for (i = 0; i < IWL_MAX_CMD_TFDS; i++) {
747 if (!cmd->len[i])
748 continue;
749 if (!(cmd->dataflags[i] & IWL_HCMD_DFL_NOCOPY))
750 continue;
751 phys_addr = dma_map_single(bus(trans)->dev,
752 (void *)cmd->data[i],
753 cmd->len[i], DMA_BIDIRECTIONAL);
754 if (dma_mapping_error(bus(trans)->dev, phys_addr)) {
755 iwlagn_unmap_tfd(trans, out_meta,
756 &txq->tfds[q->write_ptr],
757 DMA_BIDIRECTIONAL);
758 idx = -ENOMEM;
759 goto out;
762 iwlagn_txq_attach_buf_to_tfd(trans, txq, phys_addr,
763 cmd->len[i], 0);
764 #ifdef CONFIG_IWLWIFI_DEVICE_TRACING
765 trace_bufs[trace_idx] = cmd->data[i];
766 trace_lens[trace_idx] = cmd->len[i];
767 trace_idx++;
768 #endif
771 out_meta->flags = cmd->flags;
773 txq->need_update = 1;
775 /* check that tracing gets all possible blocks */
776 BUILD_BUG_ON(IWL_MAX_CMD_TFDS + 1 != 3);
777 #ifdef CONFIG_IWLWIFI_DEVICE_TRACING
778 trace_iwlwifi_dev_hcmd(priv(trans), cmd->flags,
779 trace_bufs[0], trace_lens[0],
780 trace_bufs[1], trace_lens[1],
781 trace_bufs[2], trace_lens[2]);
782 #endif
784 /* Increment and update queue's write index */
785 q->write_ptr = iwl_queue_inc_wrap(q->write_ptr, q->n_bd);
786 iwl_txq_update_write_ptr(trans, txq);
788 out:
789 spin_unlock_irqrestore(&trans->hcmd_lock, flags);
790 return idx;
794 * iwl_hcmd_queue_reclaim - Reclaim TX command queue entries already Tx'd
796 * When FW advances 'R' index, all entries between old and new 'R' index
797 * need to be reclaimed. As result, some free space forms. If there is
798 * enough free space (> low mark), wake the stack that feeds us.
800 static void iwl_hcmd_queue_reclaim(struct iwl_trans *trans, int txq_id,
801 int idx)
803 struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
804 struct iwl_tx_queue *txq = &trans_pcie->txq[txq_id];
805 struct iwl_queue *q = &txq->q;
806 int nfreed = 0;
808 if ((idx >= q->n_bd) || (iwl_queue_used(q, idx) == 0)) {
809 IWL_ERR(trans, "%s: Read index for DMA queue txq id (%d), "
810 "index %d is out of range [0-%d] %d %d.\n", __func__,
811 txq_id, idx, q->n_bd, q->write_ptr, q->read_ptr);
812 return;
815 for (idx = iwl_queue_inc_wrap(idx, q->n_bd); q->read_ptr != idx;
816 q->read_ptr = iwl_queue_inc_wrap(q->read_ptr, q->n_bd)) {
818 if (nfreed++ > 0) {
819 IWL_ERR(trans, "HCMD skipped: index (%d) %d %d\n", idx,
820 q->write_ptr, q->read_ptr);
821 iwlagn_fw_error(priv(trans), false);
828 * iwl_tx_cmd_complete - Pull unused buffers off the queue and reclaim them
829 * @rxb: Rx buffer to reclaim
830 * @handler_status: return value of the handler of the command
831 * (put in setup_rx_handlers)
833 * If an Rx buffer has an async callback associated with it the callback
834 * will be executed. The attached skb (if present) will only be freed
835 * if the callback returns 1
837 void iwl_tx_cmd_complete(struct iwl_trans *trans, struct iwl_rx_mem_buffer *rxb,
838 int handler_status)
840 struct iwl_rx_packet *pkt = rxb_addr(rxb);
841 u16 sequence = le16_to_cpu(pkt->hdr.sequence);
842 int txq_id = SEQ_TO_QUEUE(sequence);
843 int index = SEQ_TO_INDEX(sequence);
844 int cmd_index;
845 struct iwl_device_cmd *cmd;
846 struct iwl_cmd_meta *meta;
847 struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
848 struct iwl_tx_queue *txq = &trans_pcie->txq[trans->shrd->cmd_queue];
849 unsigned long flags;
851 /* If a Tx command is being handled and it isn't in the actual
852 * command queue then there a command routing bug has been introduced
853 * in the queue management code. */
854 if (WARN(txq_id != trans->shrd->cmd_queue,
855 "wrong command queue %d (should be %d), sequence 0x%X readp=%d writep=%d\n",
856 txq_id, trans->shrd->cmd_queue, sequence,
857 trans_pcie->txq[trans->shrd->cmd_queue].q.read_ptr,
858 trans_pcie->txq[trans->shrd->cmd_queue].q.write_ptr)) {
859 iwl_print_hex_error(trans, pkt, 32);
860 return;
863 cmd_index = get_cmd_index(&txq->q, index);
864 cmd = txq->cmd[cmd_index];
865 meta = &txq->meta[cmd_index];
867 txq->time_stamp = jiffies;
869 iwlagn_unmap_tfd(trans, meta, &txq->tfds[index],
870 DMA_BIDIRECTIONAL);
872 /* Input error checking is done when commands are added to queue. */
873 if (meta->flags & CMD_WANT_SKB) {
874 meta->source->reply_page = (unsigned long)rxb_addr(rxb);
875 meta->source->handler_status = handler_status;
876 rxb->page = NULL;
879 spin_lock_irqsave(&trans->hcmd_lock, flags);
881 iwl_hcmd_queue_reclaim(trans, txq_id, index);
883 if (!(meta->flags & CMD_ASYNC)) {
884 if (!test_bit(STATUS_HCMD_ACTIVE, &trans->shrd->status)) {
885 IWL_WARN(trans,
886 "HCMD_ACTIVE already clear for command %s\n",
887 get_cmd_string(cmd->hdr.cmd));
889 clear_bit(STATUS_HCMD_ACTIVE, &trans->shrd->status);
890 IWL_DEBUG_INFO(trans, "Clearing HCMD_ACTIVE for command %s\n",
891 get_cmd_string(cmd->hdr.cmd));
892 wake_up(&trans->shrd->wait_command_queue);
895 meta->flags = 0;
897 spin_unlock_irqrestore(&trans->hcmd_lock, flags);
900 #define HOST_COMPLETE_TIMEOUT (2 * HZ)
902 static int iwl_send_cmd_async(struct iwl_trans *trans, struct iwl_host_cmd *cmd)
904 int ret;
906 /* An asynchronous command can not expect an SKB to be set. */
907 if (WARN_ON(cmd->flags & CMD_WANT_SKB))
908 return -EINVAL;
911 if (test_bit(STATUS_EXIT_PENDING, &trans->shrd->status))
912 return -EBUSY;
914 ret = iwl_enqueue_hcmd(trans, cmd);
915 if (ret < 0) {
916 IWL_DEBUG_QUIET_RFKILL(trans,
917 "Error sending %s: enqueue_hcmd failed: %d\n",
918 get_cmd_string(cmd->id), ret);
919 return ret;
921 return 0;
924 static int iwl_send_cmd_sync(struct iwl_trans *trans, struct iwl_host_cmd *cmd)
926 struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
927 int cmd_idx;
928 int ret;
930 lockdep_assert_held(&trans->shrd->mutex);
932 IWL_DEBUG_INFO(trans, "Attempting to send sync command %s\n",
933 get_cmd_string(cmd->id));
935 if (test_bit(STATUS_EXIT_PENDING, &trans->shrd->status))
936 return -EBUSY;
939 if (test_bit(STATUS_RF_KILL_HW, &trans->shrd->status)) {
940 IWL_ERR(trans, "Command %s aborted: RF KILL Switch\n",
941 get_cmd_string(cmd->id));
942 return -ECANCELED;
944 if (test_bit(STATUS_FW_ERROR, &trans->shrd->status)) {
945 IWL_ERR(trans, "Command %s failed: FW Error\n",
946 get_cmd_string(cmd->id));
947 return -EIO;
949 set_bit(STATUS_HCMD_ACTIVE, &trans->shrd->status);
950 IWL_DEBUG_INFO(trans, "Setting HCMD_ACTIVE for command %s\n",
951 get_cmd_string(cmd->id));
953 cmd_idx = iwl_enqueue_hcmd(trans, cmd);
954 if (cmd_idx < 0) {
955 ret = cmd_idx;
956 clear_bit(STATUS_HCMD_ACTIVE, &trans->shrd->status);
957 IWL_DEBUG_QUIET_RFKILL(trans,
958 "Error sending %s: enqueue_hcmd failed: %d\n",
959 get_cmd_string(cmd->id), ret);
960 return ret;
963 ret = wait_event_timeout(trans->shrd->wait_command_queue,
964 !test_bit(STATUS_HCMD_ACTIVE, &trans->shrd->status),
965 HOST_COMPLETE_TIMEOUT);
966 if (!ret) {
967 if (test_bit(STATUS_HCMD_ACTIVE, &trans->shrd->status)) {
968 struct iwl_tx_queue *txq =
969 &trans_pcie->txq[trans->shrd->cmd_queue];
970 struct iwl_queue *q = &txq->q;
972 IWL_DEBUG_QUIET_RFKILL(trans,
973 "Error sending %s: time out after %dms.\n",
974 get_cmd_string(cmd->id),
975 jiffies_to_msecs(HOST_COMPLETE_TIMEOUT));
977 IWL_DEBUG_QUIET_RFKILL(trans,
978 "Current CMD queue read_ptr %d write_ptr %d\n",
979 q->read_ptr, q->write_ptr);
981 clear_bit(STATUS_HCMD_ACTIVE, &trans->shrd->status);
982 IWL_DEBUG_INFO(trans, "Clearing HCMD_ACTIVE for command"
983 "%s\n", get_cmd_string(cmd->id));
984 ret = -ETIMEDOUT;
985 goto cancel;
989 if ((cmd->flags & CMD_WANT_SKB) && !cmd->reply_page) {
990 IWL_ERR(trans, "Error: Response NULL in '%s'\n",
991 get_cmd_string(cmd->id));
992 ret = -EIO;
993 goto cancel;
996 return 0;
998 cancel:
999 if (cmd->flags & CMD_WANT_SKB) {
1001 * Cancel the CMD_WANT_SKB flag for the cmd in the
1002 * TX cmd queue. Otherwise in case the cmd comes
1003 * in later, it will possibly set an invalid
1004 * address (cmd->meta.source).
1006 trans_pcie->txq[trans->shrd->cmd_queue].meta[cmd_idx].flags &=
1007 ~CMD_WANT_SKB;
1010 if (cmd->reply_page) {
1011 iwl_free_pages(trans->shrd, cmd->reply_page);
1012 cmd->reply_page = 0;
1015 return ret;
1018 int iwl_trans_pcie_send_cmd(struct iwl_trans *trans, struct iwl_host_cmd *cmd)
1020 if (cmd->flags & CMD_ASYNC)
1021 return iwl_send_cmd_async(trans, cmd);
1023 return iwl_send_cmd_sync(trans, cmd);
1026 /* Frees buffers until index _not_ inclusive */
1027 int iwl_tx_queue_reclaim(struct iwl_trans *trans, int txq_id, int index,
1028 struct sk_buff_head *skbs)
1030 struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
1031 struct iwl_tx_queue *txq = &trans_pcie->txq[txq_id];
1032 struct iwl_queue *q = &txq->q;
1033 int last_to_free;
1034 int freed = 0;
1036 /* This function is not meant to release cmd queue*/
1037 if (WARN_ON(txq_id == trans->shrd->cmd_queue))
1038 return 0;
1040 /*Since we free until index _not_ inclusive, the one before index is
1041 * the last we will free. This one must be used */
1042 last_to_free = iwl_queue_dec_wrap(index, q->n_bd);
1044 if ((index >= q->n_bd) ||
1045 (iwl_queue_used(q, last_to_free) == 0)) {
1046 IWL_ERR(trans, "%s: Read index for DMA queue txq id (%d), "
1047 "last_to_free %d is out of range [0-%d] %d %d.\n",
1048 __func__, txq_id, last_to_free, q->n_bd,
1049 q->write_ptr, q->read_ptr);
1050 return 0;
1053 if (WARN_ON(!skb_queue_empty(skbs)))
1054 return 0;
1056 for (;
1057 q->read_ptr != index;
1058 q->read_ptr = iwl_queue_inc_wrap(q->read_ptr, q->n_bd)) {
1060 if (WARN_ON_ONCE(txq->skbs[txq->q.read_ptr] == NULL))
1061 continue;
1063 __skb_queue_tail(skbs, txq->skbs[txq->q.read_ptr]);
1065 txq->skbs[txq->q.read_ptr] = NULL;
1067 iwlagn_txq_inval_byte_cnt_tbl(trans, txq);
1069 iwlagn_txq_free_tfd(trans, txq, txq->q.read_ptr, DMA_TO_DEVICE);
1070 freed++;
1072 return freed;