Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / net / wireless / mwifiex / wmm.c
blob6c239c3c8249c31395d337213b5a1c0e3176e4ab
1 /*
2 * Marvell Wireless LAN device driver: WMM
4 * Copyright (C) 2011, Marvell International Ltd.
6 * This software file (the "File") is distributed by Marvell International
7 * Ltd. under the terms of the GNU General Public License Version 2, June 1991
8 * (the "License"). You may use, redistribute and/or modify this File in
9 * accordance with the terms and conditions of the License, a copy of which
10 * is available by writing to the Free Software Foundation, Inc.,
11 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
12 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
14 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
16 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about
17 * this warranty disclaimer.
20 #include "decl.h"
21 #include "ioctl.h"
22 #include "util.h"
23 #include "fw.h"
24 #include "main.h"
25 #include "wmm.h"
26 #include "11n.h"
29 /* Maximum value FW can accept for driver delay in packet transmission */
30 #define DRV_PKT_DELAY_TO_FW_MAX 512
33 #define WMM_QUEUED_PACKET_LOWER_LIMIT 180
35 #define WMM_QUEUED_PACKET_UPPER_LIMIT 200
37 /* Offset for TOS field in the IP header */
38 #define IPTOS_OFFSET 5
40 /* WMM information IE */
41 static const u8 wmm_info_ie[] = { WLAN_EID_VENDOR_SPECIFIC, 0x07,
42 0x00, 0x50, 0xf2, 0x02,
43 0x00, 0x01, 0x00
46 static const u8 wmm_aci_to_qidx_map[] = { WMM_AC_BE,
47 WMM_AC_BK,
48 WMM_AC_VI,
49 WMM_AC_VO
52 static u8 tos_to_tid[] = {
53 /* TID DSCP_P2 DSCP_P1 DSCP_P0 WMM_AC */
54 0x01, /* 0 1 0 AC_BK */
55 0x02, /* 0 0 0 AC_BK */
56 0x00, /* 0 0 1 AC_BE */
57 0x03, /* 0 1 1 AC_BE */
58 0x04, /* 1 0 0 AC_VI */
59 0x05, /* 1 0 1 AC_VI */
60 0x06, /* 1 1 0 AC_VO */
61 0x07 /* 1 1 1 AC_VO */
65 * This table inverses the tos_to_tid operation to get a priority
66 * which is in sequential order, and can be compared.
67 * Use this to compare the priority of two different TIDs.
69 static u8 tos_to_tid_inv[] = {
70 0x02, /* from tos_to_tid[2] = 0 */
71 0x00, /* from tos_to_tid[0] = 1 */
72 0x01, /* from tos_to_tid[1] = 2 */
73 0x03,
74 0x04,
75 0x05,
76 0x06,
77 0x07};
79 static u8 ac_to_tid[4][2] = { {1, 2}, {0, 3}, {4, 5}, {6, 7} };
82 * This function debug prints the priority parameters for a WMM AC.
84 static void
85 mwifiex_wmm_ac_debug_print(const struct ieee_types_wmm_ac_parameters *ac_param)
87 const char *ac_str[] = { "BK", "BE", "VI", "VO" };
89 pr_debug("info: WMM AC_%s: ACI=%d, ACM=%d, Aifsn=%d, "
90 "EcwMin=%d, EcwMax=%d, TxopLimit=%d\n",
91 ac_str[wmm_aci_to_qidx_map[(ac_param->aci_aifsn_bitmap
92 & MWIFIEX_ACI) >> 5]],
93 (ac_param->aci_aifsn_bitmap & MWIFIEX_ACI) >> 5,
94 (ac_param->aci_aifsn_bitmap & MWIFIEX_ACM) >> 4,
95 ac_param->aci_aifsn_bitmap & MWIFIEX_AIFSN,
96 ac_param->ecw_bitmap & MWIFIEX_ECW_MIN,
97 (ac_param->ecw_bitmap & MWIFIEX_ECW_MAX) >> 4,
98 le16_to_cpu(ac_param->tx_op_limit));
102 * This function allocates a route address list.
104 * The function also initializes the list with the provided RA.
106 static struct mwifiex_ra_list_tbl *
107 mwifiex_wmm_allocate_ralist_node(struct mwifiex_adapter *adapter, u8 *ra)
109 struct mwifiex_ra_list_tbl *ra_list;
111 ra_list = kzalloc(sizeof(struct mwifiex_ra_list_tbl), GFP_ATOMIC);
113 if (!ra_list) {
114 dev_err(adapter->dev, "%s: failed to alloc ra_list\n",
115 __func__);
116 return NULL;
118 INIT_LIST_HEAD(&ra_list->list);
119 skb_queue_head_init(&ra_list->skb_head);
121 memcpy(ra_list->ra, ra, ETH_ALEN);
123 ra_list->total_pkts_size = 0;
125 dev_dbg(adapter->dev, "info: allocated ra_list %p\n", ra_list);
127 return ra_list;
131 * This function allocates and adds a RA list for all TIDs
132 * with the given RA.
134 void
135 mwifiex_ralist_add(struct mwifiex_private *priv, u8 *ra)
137 int i;
138 struct mwifiex_ra_list_tbl *ra_list;
139 struct mwifiex_adapter *adapter = priv->adapter;
141 for (i = 0; i < MAX_NUM_TID; ++i) {
142 ra_list = mwifiex_wmm_allocate_ralist_node(adapter, ra);
143 dev_dbg(adapter->dev, "info: created ra_list %p\n", ra_list);
145 if (!ra_list)
146 break;
148 if (!mwifiex_queuing_ra_based(priv))
149 ra_list->is_11n_enabled = IS_11N_ENABLED(priv);
150 else
151 ra_list->is_11n_enabled = false;
153 dev_dbg(adapter->dev, "data: ralist %p: is_11n_enabled=%d\n",
154 ra_list, ra_list->is_11n_enabled);
156 list_add_tail(&ra_list->list,
157 &priv->wmm.tid_tbl_ptr[i].ra_list);
159 if (!priv->wmm.tid_tbl_ptr[i].ra_list_curr)
160 priv->wmm.tid_tbl_ptr[i].ra_list_curr = ra_list;
165 * This function sets the WMM queue priorities to their default values.
167 static void mwifiex_wmm_default_queue_priorities(struct mwifiex_private *priv)
169 /* Default queue priorities: VO->VI->BE->BK */
170 priv->wmm.queue_priority[0] = WMM_AC_VO;
171 priv->wmm.queue_priority[1] = WMM_AC_VI;
172 priv->wmm.queue_priority[2] = WMM_AC_BE;
173 priv->wmm.queue_priority[3] = WMM_AC_BK;
177 * This function map ACs to TIDs.
179 static void
180 mwifiex_wmm_queue_priorities_tid(struct mwifiex_wmm_desc *wmm)
182 u8 *queue_priority = wmm->queue_priority;
183 int i;
185 for (i = 0; i < 4; ++i) {
186 tos_to_tid[7 - (i * 2)] = ac_to_tid[queue_priority[i]][1];
187 tos_to_tid[6 - (i * 2)] = ac_to_tid[queue_priority[i]][0];
190 for (i = 0; i < MAX_NUM_TID; ++i)
191 tos_to_tid_inv[tos_to_tid[i]] = (u8)i;
193 atomic_set(&wmm->highest_queued_prio, HIGH_PRIO_TID);
197 * This function initializes WMM priority queues.
199 void
200 mwifiex_wmm_setup_queue_priorities(struct mwifiex_private *priv,
201 struct ieee_types_wmm_parameter *wmm_ie)
203 u16 cw_min, avg_back_off, tmp[4];
204 u32 i, j, num_ac;
205 u8 ac_idx;
207 if (!wmm_ie || !priv->wmm_enabled) {
208 /* WMM is not enabled, just set the defaults and return */
209 mwifiex_wmm_default_queue_priorities(priv);
210 return;
213 dev_dbg(priv->adapter->dev, "info: WMM Parameter IE: version=%d, "
214 "qos_info Parameter Set Count=%d, Reserved=%#x\n",
215 wmm_ie->vend_hdr.version, wmm_ie->qos_info_bitmap &
216 IEEE80211_WMM_IE_AP_QOSINFO_PARAM_SET_CNT_MASK,
217 wmm_ie->reserved);
219 for (num_ac = 0; num_ac < ARRAY_SIZE(wmm_ie->ac_params); num_ac++) {
220 cw_min = (1 << (wmm_ie->ac_params[num_ac].ecw_bitmap &
221 MWIFIEX_ECW_MIN)) - 1;
222 avg_back_off = (cw_min >> 1) +
223 (wmm_ie->ac_params[num_ac].aci_aifsn_bitmap &
224 MWIFIEX_AIFSN);
226 ac_idx = wmm_aci_to_qidx_map[(wmm_ie->ac_params[num_ac].
227 aci_aifsn_bitmap &
228 MWIFIEX_ACI) >> 5];
229 priv->wmm.queue_priority[ac_idx] = ac_idx;
230 tmp[ac_idx] = avg_back_off;
232 dev_dbg(priv->adapter->dev, "info: WMM: CWmax=%d CWmin=%d Avg Back-off=%d\n",
233 (1 << ((wmm_ie->ac_params[num_ac].ecw_bitmap &
234 MWIFIEX_ECW_MAX) >> 4)) - 1,
235 cw_min, avg_back_off);
236 mwifiex_wmm_ac_debug_print(&wmm_ie->ac_params[num_ac]);
239 /* Bubble sort */
240 for (i = 0; i < num_ac; i++) {
241 for (j = 1; j < num_ac - i; j++) {
242 if (tmp[j - 1] > tmp[j]) {
243 swap(tmp[j - 1], tmp[j]);
244 swap(priv->wmm.queue_priority[j - 1],
245 priv->wmm.queue_priority[j]);
246 } else if (tmp[j - 1] == tmp[j]) {
247 if (priv->wmm.queue_priority[j - 1]
248 < priv->wmm.queue_priority[j])
249 swap(priv->wmm.queue_priority[j - 1],
250 priv->wmm.queue_priority[j]);
255 mwifiex_wmm_queue_priorities_tid(&priv->wmm);
259 * This function evaluates whether or not an AC is to be downgraded.
261 * In case the AC is not enabled, the highest AC is returned that is
262 * enabled and does not require admission control.
264 static enum mwifiex_wmm_ac_e
265 mwifiex_wmm_eval_downgrade_ac(struct mwifiex_private *priv,
266 enum mwifiex_wmm_ac_e eval_ac)
268 int down_ac;
269 enum mwifiex_wmm_ac_e ret_ac;
270 struct mwifiex_wmm_ac_status *ac_status;
272 ac_status = &priv->wmm.ac_status[eval_ac];
274 if (!ac_status->disabled)
275 /* Okay to use this AC, its enabled */
276 return eval_ac;
278 /* Setup a default return value of the lowest priority */
279 ret_ac = WMM_AC_BK;
282 * Find the highest AC that is enabled and does not require
283 * admission control. The spec disallows downgrading to an AC,
284 * which is enabled due to a completed admission control.
285 * Unadmitted traffic is not to be sent on an AC with admitted
286 * traffic.
288 for (down_ac = WMM_AC_BK; down_ac < eval_ac; down_ac++) {
289 ac_status = &priv->wmm.ac_status[down_ac];
291 if (!ac_status->disabled && !ac_status->flow_required)
292 /* AC is enabled and does not require admission
293 control */
294 ret_ac = (enum mwifiex_wmm_ac_e) down_ac;
297 return ret_ac;
301 * This function downgrades WMM priority queue.
303 void
304 mwifiex_wmm_setup_ac_downgrade(struct mwifiex_private *priv)
306 int ac_val;
308 dev_dbg(priv->adapter->dev, "info: WMM: AC Priorities:"
309 "BK(0), BE(1), VI(2), VO(3)\n");
311 if (!priv->wmm_enabled) {
312 /* WMM is not enabled, default priorities */
313 for (ac_val = WMM_AC_BK; ac_val <= WMM_AC_VO; ac_val++)
314 priv->wmm.ac_down_graded_vals[ac_val] =
315 (enum mwifiex_wmm_ac_e) ac_val;
316 } else {
317 for (ac_val = WMM_AC_BK; ac_val <= WMM_AC_VO; ac_val++) {
318 priv->wmm.ac_down_graded_vals[ac_val]
319 = mwifiex_wmm_eval_downgrade_ac(priv,
320 (enum mwifiex_wmm_ac_e) ac_val);
321 dev_dbg(priv->adapter->dev, "info: WMM: AC PRIO %d maps to %d\n",
322 ac_val, priv->wmm.ac_down_graded_vals[ac_val]);
328 * This function converts the IP TOS field to an WMM AC
329 * Queue assignment.
331 static enum mwifiex_wmm_ac_e
332 mwifiex_wmm_convert_tos_to_ac(struct mwifiex_adapter *adapter, u32 tos)
334 /* Map of TOS UP values to WMM AC */
335 const enum mwifiex_wmm_ac_e tos_to_ac[] = { WMM_AC_BE,
336 WMM_AC_BK,
337 WMM_AC_BK,
338 WMM_AC_BE,
339 WMM_AC_VI,
340 WMM_AC_VI,
341 WMM_AC_VO,
342 WMM_AC_VO
345 if (tos >= ARRAY_SIZE(tos_to_ac))
346 return WMM_AC_BE;
348 return tos_to_ac[tos];
352 * This function evaluates a given TID and downgrades it to a lower
353 * TID if the WMM Parameter IE received from the AP indicates that the
354 * AP is disabled (due to call admission control (ACM bit). Mapping
355 * of TID to AC is taken care of internally.
357 static u8
358 mwifiex_wmm_downgrade_tid(struct mwifiex_private *priv, u32 tid)
360 enum mwifiex_wmm_ac_e ac, ac_down;
361 u8 new_tid;
363 ac = mwifiex_wmm_convert_tos_to_ac(priv->adapter, tid);
364 ac_down = priv->wmm.ac_down_graded_vals[ac];
366 /* Send the index to tid array, picking from the array will be
367 * taken care by dequeuing function
369 new_tid = ac_to_tid[ac_down][tid % 2];
371 return new_tid;
375 * This function initializes the WMM state information and the
376 * WMM data path queues.
378 void
379 mwifiex_wmm_init(struct mwifiex_adapter *adapter)
381 int i, j;
382 struct mwifiex_private *priv;
384 for (j = 0; j < adapter->priv_num; ++j) {
385 priv = adapter->priv[j];
386 if (!priv)
387 continue;
389 for (i = 0; i < MAX_NUM_TID; ++i) {
390 priv->aggr_prio_tbl[i].amsdu = tos_to_tid_inv[i];
391 priv->aggr_prio_tbl[i].ampdu_ap = tos_to_tid_inv[i];
392 priv->aggr_prio_tbl[i].ampdu_user = tos_to_tid_inv[i];
393 priv->wmm.tid_tbl_ptr[i].ra_list_curr = NULL;
396 priv->aggr_prio_tbl[6].amsdu
397 = priv->aggr_prio_tbl[6].ampdu_ap
398 = priv->aggr_prio_tbl[6].ampdu_user
399 = BA_STREAM_NOT_ALLOWED;
401 priv->aggr_prio_tbl[7].amsdu = priv->aggr_prio_tbl[7].ampdu_ap
402 = priv->aggr_prio_tbl[7].ampdu_user
403 = BA_STREAM_NOT_ALLOWED;
405 priv->add_ba_param.timeout = MWIFIEX_DEFAULT_BLOCK_ACK_TIMEOUT;
406 priv->add_ba_param.tx_win_size = MWIFIEX_AMPDU_DEF_TXWINSIZE;
407 priv->add_ba_param.rx_win_size = MWIFIEX_AMPDU_DEF_RXWINSIZE;
409 atomic_set(&priv->wmm.tx_pkts_queued, 0);
410 atomic_set(&priv->wmm.highest_queued_prio, HIGH_PRIO_TID);
415 * This function checks if WMM Tx queue is empty.
418 mwifiex_wmm_lists_empty(struct mwifiex_adapter *adapter)
420 int i;
421 struct mwifiex_private *priv;
423 for (i = 0; i < adapter->priv_num; ++i) {
424 priv = adapter->priv[i];
425 if (priv && atomic_read(&priv->wmm.tx_pkts_queued))
426 return false;
429 return true;
433 * This function deletes all packets in an RA list node.
435 * The packet sent completion callback handler are called with
436 * status failure, after they are dequeued to ensure proper
437 * cleanup. The RA list node itself is freed at the end.
439 static void
440 mwifiex_wmm_del_pkts_in_ralist_node(struct mwifiex_private *priv,
441 struct mwifiex_ra_list_tbl *ra_list)
443 struct mwifiex_adapter *adapter = priv->adapter;
444 struct sk_buff *skb, *tmp;
446 skb_queue_walk_safe(&ra_list->skb_head, skb, tmp)
447 mwifiex_write_data_complete(adapter, skb, -1);
451 * This function deletes all packets in an RA list.
453 * Each nodes in the RA list are freed individually first, and then
454 * the RA list itself is freed.
456 static void
457 mwifiex_wmm_del_pkts_in_ralist(struct mwifiex_private *priv,
458 struct list_head *ra_list_head)
460 struct mwifiex_ra_list_tbl *ra_list;
462 list_for_each_entry(ra_list, ra_list_head, list)
463 mwifiex_wmm_del_pkts_in_ralist_node(priv, ra_list);
467 * This function deletes all packets in all RA lists.
469 static void mwifiex_wmm_cleanup_queues(struct mwifiex_private *priv)
471 int i;
473 for (i = 0; i < MAX_NUM_TID; i++)
474 mwifiex_wmm_del_pkts_in_ralist(priv, &priv->wmm.tid_tbl_ptr[i].
475 ra_list);
477 atomic_set(&priv->wmm.tx_pkts_queued, 0);
478 atomic_set(&priv->wmm.highest_queued_prio, HIGH_PRIO_TID);
482 * This function deletes all route addresses from all RA lists.
484 static void mwifiex_wmm_delete_all_ralist(struct mwifiex_private *priv)
486 struct mwifiex_ra_list_tbl *ra_list, *tmp_node;
487 int i;
489 for (i = 0; i < MAX_NUM_TID; ++i) {
490 dev_dbg(priv->adapter->dev,
491 "info: ra_list: freeing buf for tid %d\n", i);
492 list_for_each_entry_safe(ra_list, tmp_node,
493 &priv->wmm.tid_tbl_ptr[i].ra_list, list) {
494 list_del(&ra_list->list);
495 kfree(ra_list);
498 INIT_LIST_HEAD(&priv->wmm.tid_tbl_ptr[i].ra_list);
500 priv->wmm.tid_tbl_ptr[i].ra_list_curr = NULL;
505 * This function cleans up the Tx and Rx queues.
507 * Cleanup includes -
508 * - All packets in RA lists
509 * - All entries in Rx reorder table
510 * - All entries in Tx BA stream table
511 * - MPA buffer (if required)
512 * - All RA lists
514 void
515 mwifiex_clean_txrx(struct mwifiex_private *priv)
517 unsigned long flags;
519 mwifiex_11n_cleanup_reorder_tbl(priv);
520 spin_lock_irqsave(&priv->wmm.ra_list_spinlock, flags);
522 mwifiex_wmm_cleanup_queues(priv);
523 mwifiex_11n_delete_all_tx_ba_stream_tbl(priv);
525 if (priv->adapter->if_ops.cleanup_mpa_buf)
526 priv->adapter->if_ops.cleanup_mpa_buf(priv->adapter);
528 mwifiex_wmm_delete_all_ralist(priv);
529 memcpy(tos_to_tid, ac_to_tid, sizeof(tos_to_tid));
531 spin_unlock_irqrestore(&priv->wmm.ra_list_spinlock, flags);
535 * This function retrieves a particular RA list node, matching with the
536 * given TID and RA address.
538 static struct mwifiex_ra_list_tbl *
539 mwifiex_wmm_get_ralist_node(struct mwifiex_private *priv, u8 tid,
540 u8 *ra_addr)
542 struct mwifiex_ra_list_tbl *ra_list;
544 list_for_each_entry(ra_list, &priv->wmm.tid_tbl_ptr[tid].ra_list,
545 list) {
546 if (!memcmp(ra_list->ra, ra_addr, ETH_ALEN))
547 return ra_list;
550 return NULL;
554 * This function retrieves an RA list node for a given TID and
555 * RA address pair.
557 * If no such node is found, a new node is added first and then
558 * retrieved.
560 static struct mwifiex_ra_list_tbl *
561 mwifiex_wmm_get_queue_raptr(struct mwifiex_private *priv, u8 tid, u8 *ra_addr)
563 struct mwifiex_ra_list_tbl *ra_list;
565 ra_list = mwifiex_wmm_get_ralist_node(priv, tid, ra_addr);
566 if (ra_list)
567 return ra_list;
568 mwifiex_ralist_add(priv, ra_addr);
570 return mwifiex_wmm_get_ralist_node(priv, tid, ra_addr);
574 * This function checks if a particular RA list node exists in a given TID
575 * table index.
578 mwifiex_is_ralist_valid(struct mwifiex_private *priv,
579 struct mwifiex_ra_list_tbl *ra_list, int ptr_index)
581 struct mwifiex_ra_list_tbl *rlist;
583 list_for_each_entry(rlist, &priv->wmm.tid_tbl_ptr[ptr_index].ra_list,
584 list) {
585 if (rlist == ra_list)
586 return true;
589 return false;
593 * This function adds a packet to WMM queue.
595 * In disconnected state the packet is immediately dropped and the
596 * packet send completion callback is called with status failure.
598 * Otherwise, the correct RA list node is located and the packet
599 * is queued at the list tail.
601 void
602 mwifiex_wmm_add_buf_txqueue(struct mwifiex_adapter *adapter,
603 struct sk_buff *skb)
605 struct mwifiex_txinfo *tx_info = MWIFIEX_SKB_TXCB(skb);
606 struct mwifiex_private *priv = adapter->priv[tx_info->bss_index];
607 u32 tid;
608 struct mwifiex_ra_list_tbl *ra_list;
609 u8 ra[ETH_ALEN], tid_down;
610 unsigned long flags;
612 if (!priv->media_connected) {
613 dev_dbg(adapter->dev, "data: drop packet in disconnect\n");
614 mwifiex_write_data_complete(adapter, skb, -1);
615 return;
618 tid = skb->priority;
620 spin_lock_irqsave(&priv->wmm.ra_list_spinlock, flags);
622 tid_down = mwifiex_wmm_downgrade_tid(priv, tid);
624 /* In case of infra as we have already created the list during
625 association we just don't have to call get_queue_raptr, we will
626 have only 1 raptr for a tid in case of infra */
627 if (!mwifiex_queuing_ra_based(priv)) {
628 if (!list_empty(&priv->wmm.tid_tbl_ptr[tid_down].ra_list))
629 ra_list = list_first_entry(
630 &priv->wmm.tid_tbl_ptr[tid_down].ra_list,
631 struct mwifiex_ra_list_tbl, list);
632 else
633 ra_list = NULL;
634 } else {
635 memcpy(ra, skb->data, ETH_ALEN);
636 if (ra[0] & 0x01)
637 memset(ra, 0xff, ETH_ALEN);
638 ra_list = mwifiex_wmm_get_queue_raptr(priv, tid_down, ra);
641 if (!ra_list) {
642 spin_unlock_irqrestore(&priv->wmm.ra_list_spinlock, flags);
643 mwifiex_write_data_complete(adapter, skb, -1);
644 return;
647 skb_queue_tail(&ra_list->skb_head, skb);
649 ra_list->total_pkts_size += skb->len;
651 atomic_inc(&priv->wmm.tx_pkts_queued);
653 if (atomic_read(&priv->wmm.highest_queued_prio) <
654 tos_to_tid_inv[tid_down])
655 atomic_set(&priv->wmm.highest_queued_prio,
656 tos_to_tid_inv[tid_down]);
658 spin_unlock_irqrestore(&priv->wmm.ra_list_spinlock, flags);
662 * This function processes the get WMM status command response from firmware.
664 * The response may contain multiple TLVs -
665 * - AC Queue status TLVs
666 * - Current WMM Parameter IE TLV
667 * - Admission Control action frame TLVs
669 * This function parses the TLVs and then calls further specific functions
670 * to process any changes in the queue prioritize or state.
672 int mwifiex_ret_wmm_get_status(struct mwifiex_private *priv,
673 const struct host_cmd_ds_command *resp)
675 u8 *curr = (u8 *) &resp->params.get_wmm_status;
676 uint16_t resp_len = le16_to_cpu(resp->size), tlv_len;
677 int valid = true;
679 struct mwifiex_ie_types_data *tlv_hdr;
680 struct mwifiex_ie_types_wmm_queue_status *tlv_wmm_qstatus;
681 struct ieee_types_wmm_parameter *wmm_param_ie = NULL;
682 struct mwifiex_wmm_ac_status *ac_status;
684 dev_dbg(priv->adapter->dev, "info: WMM: WMM_GET_STATUS cmdresp received: %d\n",
685 resp_len);
687 while ((resp_len >= sizeof(tlv_hdr->header)) && valid) {
688 tlv_hdr = (struct mwifiex_ie_types_data *) curr;
689 tlv_len = le16_to_cpu(tlv_hdr->header.len);
691 switch (le16_to_cpu(tlv_hdr->header.type)) {
692 case TLV_TYPE_WMMQSTATUS:
693 tlv_wmm_qstatus =
694 (struct mwifiex_ie_types_wmm_queue_status *)
695 tlv_hdr;
696 dev_dbg(priv->adapter->dev,
697 "info: CMD_RESP: WMM_GET_STATUS:"
698 " QSTATUS TLV: %d, %d, %d\n",
699 tlv_wmm_qstatus->queue_index,
700 tlv_wmm_qstatus->flow_required,
701 tlv_wmm_qstatus->disabled);
703 ac_status = &priv->wmm.ac_status[tlv_wmm_qstatus->
704 queue_index];
705 ac_status->disabled = tlv_wmm_qstatus->disabled;
706 ac_status->flow_required =
707 tlv_wmm_qstatus->flow_required;
708 ac_status->flow_created = tlv_wmm_qstatus->flow_created;
709 break;
711 case WLAN_EID_VENDOR_SPECIFIC:
713 * Point the regular IEEE IE 2 bytes into the Marvell IE
714 * and setup the IEEE IE type and length byte fields
717 wmm_param_ie =
718 (struct ieee_types_wmm_parameter *) (curr +
720 wmm_param_ie->vend_hdr.len = (u8) tlv_len;
721 wmm_param_ie->vend_hdr.element_id =
722 WLAN_EID_VENDOR_SPECIFIC;
724 dev_dbg(priv->adapter->dev,
725 "info: CMD_RESP: WMM_GET_STATUS:"
726 " WMM Parameter Set Count: %d\n",
727 wmm_param_ie->qos_info_bitmap &
728 IEEE80211_WMM_IE_AP_QOSINFO_PARAM_SET_CNT_MASK);
730 memcpy((u8 *) &priv->curr_bss_params.bss_descriptor.
731 wmm_ie, wmm_param_ie,
732 wmm_param_ie->vend_hdr.len + 2);
734 break;
736 default:
737 valid = false;
738 break;
741 curr += (tlv_len + sizeof(tlv_hdr->header));
742 resp_len -= (tlv_len + sizeof(tlv_hdr->header));
745 mwifiex_wmm_setup_queue_priorities(priv, wmm_param_ie);
746 mwifiex_wmm_setup_ac_downgrade(priv);
748 return 0;
752 * Callback handler from the command module to allow insertion of a WMM TLV.
754 * If the BSS we are associating to supports WMM, this function adds the
755 * required WMM Information IE to the association request command buffer in
756 * the form of a Marvell extended IEEE IE.
759 mwifiex_wmm_process_association_req(struct mwifiex_private *priv,
760 u8 **assoc_buf,
761 struct ieee_types_wmm_parameter *wmm_ie,
762 struct ieee80211_ht_cap *ht_cap)
764 struct mwifiex_ie_types_wmm_param_set *wmm_tlv;
765 u32 ret_len = 0;
767 /* Null checks */
768 if (!assoc_buf)
769 return 0;
770 if (!(*assoc_buf))
771 return 0;
773 if (!wmm_ie)
774 return 0;
776 dev_dbg(priv->adapter->dev, "info: WMM: process assoc req:"
777 "bss->wmmIe=0x%x\n",
778 wmm_ie->vend_hdr.element_id);
780 if ((priv->wmm_required
781 || (ht_cap && (priv->adapter->config_bands & BAND_GN
782 || priv->adapter->config_bands & BAND_AN))
784 && wmm_ie->vend_hdr.element_id == WLAN_EID_VENDOR_SPECIFIC) {
785 wmm_tlv = (struct mwifiex_ie_types_wmm_param_set *) *assoc_buf;
786 wmm_tlv->header.type = cpu_to_le16((u16) wmm_info_ie[0]);
787 wmm_tlv->header.len = cpu_to_le16((u16) wmm_info_ie[1]);
788 memcpy(wmm_tlv->wmm_ie, &wmm_info_ie[2],
789 le16_to_cpu(wmm_tlv->header.len));
790 if (wmm_ie->qos_info_bitmap & IEEE80211_WMM_IE_AP_QOSINFO_UAPSD)
791 memcpy((u8 *) (wmm_tlv->wmm_ie
792 + le16_to_cpu(wmm_tlv->header.len)
793 - sizeof(priv->wmm_qosinfo)),
794 &priv->wmm_qosinfo,
795 sizeof(priv->wmm_qosinfo));
797 ret_len = sizeof(wmm_tlv->header)
798 + le16_to_cpu(wmm_tlv->header.len);
800 *assoc_buf += ret_len;
803 return ret_len;
807 * This function computes the time delay in the driver queues for a
808 * given packet.
810 * When the packet is received at the OS/Driver interface, the current
811 * time is set in the packet structure. The difference between the present
812 * time and that received time is computed in this function and limited
813 * based on pre-compiled limits in the driver.
816 mwifiex_wmm_compute_drv_pkt_delay(struct mwifiex_private *priv,
817 const struct sk_buff *skb)
819 u8 ret_val;
820 struct timeval out_tstamp, in_tstamp;
821 u32 queue_delay;
823 do_gettimeofday(&out_tstamp);
824 in_tstamp = ktime_to_timeval(skb->tstamp);
826 queue_delay = (out_tstamp.tv_sec - in_tstamp.tv_sec) * 1000;
827 queue_delay += (out_tstamp.tv_usec - in_tstamp.tv_usec) / 1000;
830 * Queue delay is passed as a uint8 in units of 2ms (ms shifted
831 * by 1). Min value (other than 0) is therefore 2ms, max is 510ms.
833 * Pass max value if queue_delay is beyond the uint8 range
835 ret_val = (u8) (min(queue_delay, priv->wmm.drv_pkt_delay_max) >> 1);
837 dev_dbg(priv->adapter->dev, "data: WMM: Pkt Delay: %d ms,"
838 " %d ms sent to FW\n", queue_delay, ret_val);
840 return ret_val;
844 * This function retrieves the highest priority RA list table pointer.
846 static struct mwifiex_ra_list_tbl *
847 mwifiex_wmm_get_highest_priolist_ptr(struct mwifiex_adapter *adapter,
848 struct mwifiex_private **priv, int *tid)
850 struct mwifiex_private *priv_tmp;
851 struct mwifiex_ra_list_tbl *ptr, *head;
852 struct mwifiex_bss_prio_node *bssprio_node, *bssprio_head;
853 struct mwifiex_tid_tbl *tid_ptr;
854 int is_list_empty;
855 unsigned long flags;
856 int i, j;
858 for (j = adapter->priv_num - 1; j >= 0; --j) {
859 spin_lock_irqsave(&adapter->bss_prio_tbl[j].bss_prio_lock,
860 flags);
861 is_list_empty = list_empty(&adapter->bss_prio_tbl[j]
862 .bss_prio_head);
863 spin_unlock_irqrestore(&adapter->bss_prio_tbl[j].bss_prio_lock,
864 flags);
865 if (is_list_empty)
866 continue;
868 if (adapter->bss_prio_tbl[j].bss_prio_cur ==
869 (struct mwifiex_bss_prio_node *)
870 &adapter->bss_prio_tbl[j].bss_prio_head) {
871 bssprio_node =
872 list_first_entry(&adapter->bss_prio_tbl[j]
873 .bss_prio_head,
874 struct mwifiex_bss_prio_node,
875 list);
876 bssprio_head = bssprio_node;
877 } else {
878 bssprio_node = adapter->bss_prio_tbl[j].bss_prio_cur;
879 bssprio_head = bssprio_node;
882 do {
883 atomic_t *hqp;
884 spinlock_t *lock;
886 priv_tmp = bssprio_node->priv;
887 hqp = &priv_tmp->wmm.highest_queued_prio;
888 lock = &priv_tmp->wmm.ra_list_spinlock;
890 for (i = atomic_read(hqp); i >= LOW_PRIO_TID; --i) {
892 tid_ptr = &(priv_tmp)->wmm.
893 tid_tbl_ptr[tos_to_tid[i]];
895 spin_lock_irqsave(&tid_ptr->tid_tbl_lock,
896 flags);
897 is_list_empty =
898 list_empty(&adapter->bss_prio_tbl[j]
899 .bss_prio_head);
900 spin_unlock_irqrestore(&tid_ptr->tid_tbl_lock,
901 flags);
902 if (is_list_empty)
903 continue;
906 * Always choose the next ra we transmitted
907 * last time, this way we pick the ra's in
908 * round robin fashion.
910 ptr = list_first_entry(
911 &tid_ptr->ra_list_curr->list,
912 struct mwifiex_ra_list_tbl,
913 list);
915 head = ptr;
916 if (ptr == (struct mwifiex_ra_list_tbl *)
917 &tid_ptr->ra_list) {
918 /* Get next ra */
919 ptr = list_first_entry(&ptr->list,
920 struct mwifiex_ra_list_tbl, list);
921 head = ptr;
924 do {
925 is_list_empty =
926 skb_queue_empty(&ptr->skb_head);
927 if (!is_list_empty) {
928 spin_lock_irqsave(lock, flags);
929 if (atomic_read(hqp) > i)
930 atomic_set(hqp, i);
931 spin_unlock_irqrestore(lock,
932 flags);
933 *priv = priv_tmp;
934 *tid = tos_to_tid[i];
935 return ptr;
937 /* Get next ra */
938 ptr = list_first_entry(&ptr->list,
939 struct mwifiex_ra_list_tbl,
940 list);
941 if (ptr ==
942 (struct mwifiex_ra_list_tbl *)
943 &tid_ptr->ra_list)
944 ptr = list_first_entry(
945 &ptr->list,
946 struct mwifiex_ra_list_tbl,
947 list);
948 } while (ptr != head);
951 /* No packet at any TID for this priv. Mark as such
952 * to skip checking TIDs for this priv (until pkt is
953 * added).
955 atomic_set(hqp, NO_PKT_PRIO_TID);
957 /* Get next bss priority node */
958 bssprio_node = list_first_entry(&bssprio_node->list,
959 struct mwifiex_bss_prio_node,
960 list);
962 if (bssprio_node ==
963 (struct mwifiex_bss_prio_node *)
964 &adapter->bss_prio_tbl[j].bss_prio_head)
965 /* Get next bss priority node */
966 bssprio_node = list_first_entry(
967 &bssprio_node->list,
968 struct mwifiex_bss_prio_node,
969 list);
970 } while (bssprio_node != bssprio_head);
972 return NULL;
976 * This function checks if 11n aggregation is possible.
978 static int
979 mwifiex_is_11n_aggragation_possible(struct mwifiex_private *priv,
980 struct mwifiex_ra_list_tbl *ptr,
981 int max_buf_size)
983 int count = 0, total_size = 0;
984 struct sk_buff *skb, *tmp;
986 skb_queue_walk_safe(&ptr->skb_head, skb, tmp) {
987 total_size += skb->len;
988 if (total_size >= max_buf_size)
989 break;
990 if (++count >= MIN_NUM_AMSDU)
991 return true;
994 return false;
998 * This function sends a single packet to firmware for transmission.
1000 static void
1001 mwifiex_send_single_packet(struct mwifiex_private *priv,
1002 struct mwifiex_ra_list_tbl *ptr, int ptr_index,
1003 unsigned long ra_list_flags)
1004 __releases(&priv->wmm.ra_list_spinlock)
1006 struct sk_buff *skb, *skb_next;
1007 struct mwifiex_tx_param tx_param;
1008 struct mwifiex_adapter *adapter = priv->adapter;
1009 struct mwifiex_txinfo *tx_info;
1011 if (skb_queue_empty(&ptr->skb_head)) {
1012 spin_unlock_irqrestore(&priv->wmm.ra_list_spinlock,
1013 ra_list_flags);
1014 dev_dbg(adapter->dev, "data: nothing to send\n");
1015 return;
1018 skb = skb_dequeue(&ptr->skb_head);
1020 tx_info = MWIFIEX_SKB_TXCB(skb);
1021 dev_dbg(adapter->dev, "data: dequeuing the packet %p %p\n", ptr, skb);
1023 ptr->total_pkts_size -= skb->len;
1025 if (!skb_queue_empty(&ptr->skb_head))
1026 skb_next = skb_peek(&ptr->skb_head);
1027 else
1028 skb_next = NULL;
1030 spin_unlock_irqrestore(&priv->wmm.ra_list_spinlock, ra_list_flags);
1032 tx_param.next_pkt_len = ((skb_next) ? skb_next->len +
1033 sizeof(struct txpd) : 0);
1035 if (mwifiex_process_tx(priv, skb, &tx_param) == -EBUSY) {
1036 /* Queue the packet back at the head */
1037 spin_lock_irqsave(&priv->wmm.ra_list_spinlock, ra_list_flags);
1039 if (!mwifiex_is_ralist_valid(priv, ptr, ptr_index)) {
1040 spin_unlock_irqrestore(&priv->wmm.ra_list_spinlock,
1041 ra_list_flags);
1042 mwifiex_write_data_complete(adapter, skb, -1);
1043 return;
1046 skb_queue_tail(&ptr->skb_head, skb);
1048 ptr->total_pkts_size += skb->len;
1049 tx_info->flags |= MWIFIEX_BUF_FLAG_REQUEUED_PKT;
1050 spin_unlock_irqrestore(&priv->wmm.ra_list_spinlock,
1051 ra_list_flags);
1052 } else {
1053 spin_lock_irqsave(&priv->wmm.ra_list_spinlock, ra_list_flags);
1054 if (mwifiex_is_ralist_valid(priv, ptr, ptr_index)) {
1055 priv->wmm.packets_out[ptr_index]++;
1056 priv->wmm.tid_tbl_ptr[ptr_index].ra_list_curr = ptr;
1058 adapter->bss_prio_tbl[priv->bss_priority].bss_prio_cur =
1059 list_first_entry(
1060 &adapter->bss_prio_tbl[priv->bss_priority]
1061 .bss_prio_cur->list,
1062 struct mwifiex_bss_prio_node,
1063 list);
1064 atomic_dec(&priv->wmm.tx_pkts_queued);
1065 spin_unlock_irqrestore(&priv->wmm.ra_list_spinlock,
1066 ra_list_flags);
1071 * This function checks if the first packet in the given RA list
1072 * is already processed or not.
1074 static int
1075 mwifiex_is_ptr_processed(struct mwifiex_private *priv,
1076 struct mwifiex_ra_list_tbl *ptr)
1078 struct sk_buff *skb;
1079 struct mwifiex_txinfo *tx_info;
1081 if (skb_queue_empty(&ptr->skb_head))
1082 return false;
1084 skb = skb_peek(&ptr->skb_head);
1086 tx_info = MWIFIEX_SKB_TXCB(skb);
1087 if (tx_info->flags & MWIFIEX_BUF_FLAG_REQUEUED_PKT)
1088 return true;
1090 return false;
1094 * This function sends a single processed packet to firmware for
1095 * transmission.
1097 static void
1098 mwifiex_send_processed_packet(struct mwifiex_private *priv,
1099 struct mwifiex_ra_list_tbl *ptr, int ptr_index,
1100 unsigned long ra_list_flags)
1101 __releases(&priv->wmm.ra_list_spinlock)
1103 struct mwifiex_tx_param tx_param;
1104 struct mwifiex_adapter *adapter = priv->adapter;
1105 int ret = -1;
1106 struct sk_buff *skb, *skb_next;
1107 struct mwifiex_txinfo *tx_info;
1109 if (skb_queue_empty(&ptr->skb_head)) {
1110 spin_unlock_irqrestore(&priv->wmm.ra_list_spinlock,
1111 ra_list_flags);
1112 return;
1115 skb = skb_dequeue(&ptr->skb_head);
1117 if (!skb_queue_empty(&ptr->skb_head))
1118 skb_next = skb_peek(&ptr->skb_head);
1119 else
1120 skb_next = NULL;
1122 tx_info = MWIFIEX_SKB_TXCB(skb);
1124 spin_unlock_irqrestore(&priv->wmm.ra_list_spinlock, ra_list_flags);
1125 tx_param.next_pkt_len =
1126 ((skb_next) ? skb_next->len +
1127 sizeof(struct txpd) : 0);
1128 ret = adapter->if_ops.host_to_card(adapter, MWIFIEX_TYPE_DATA, skb,
1129 &tx_param);
1130 switch (ret) {
1131 case -EBUSY:
1132 dev_dbg(adapter->dev, "data: -EBUSY is returned\n");
1133 spin_lock_irqsave(&priv->wmm.ra_list_spinlock, ra_list_flags);
1135 if (!mwifiex_is_ralist_valid(priv, ptr, ptr_index)) {
1136 spin_unlock_irqrestore(&priv->wmm.ra_list_spinlock,
1137 ra_list_flags);
1138 mwifiex_write_data_complete(adapter, skb, -1);
1139 return;
1142 skb_queue_tail(&ptr->skb_head, skb);
1144 tx_info->flags |= MWIFIEX_BUF_FLAG_REQUEUED_PKT;
1145 spin_unlock_irqrestore(&priv->wmm.ra_list_spinlock,
1146 ra_list_flags);
1147 break;
1148 case -1:
1149 adapter->data_sent = false;
1150 dev_err(adapter->dev, "host_to_card failed: %#x\n", ret);
1151 adapter->dbg.num_tx_host_to_card_failure++;
1152 mwifiex_write_data_complete(adapter, skb, ret);
1153 break;
1154 case -EINPROGRESS:
1155 adapter->data_sent = false;
1156 default:
1157 break;
1159 if (ret != -EBUSY) {
1160 spin_lock_irqsave(&priv->wmm.ra_list_spinlock, ra_list_flags);
1161 if (mwifiex_is_ralist_valid(priv, ptr, ptr_index)) {
1162 priv->wmm.packets_out[ptr_index]++;
1163 priv->wmm.tid_tbl_ptr[ptr_index].ra_list_curr = ptr;
1165 adapter->bss_prio_tbl[priv->bss_priority].bss_prio_cur =
1166 list_first_entry(
1167 &adapter->bss_prio_tbl[priv->bss_priority]
1168 .bss_prio_cur->list,
1169 struct mwifiex_bss_prio_node,
1170 list);
1171 atomic_dec(&priv->wmm.tx_pkts_queued);
1172 spin_unlock_irqrestore(&priv->wmm.ra_list_spinlock,
1173 ra_list_flags);
1178 * This function dequeues a packet from the highest priority list
1179 * and transmits it.
1181 static int
1182 mwifiex_dequeue_tx_packet(struct mwifiex_adapter *adapter)
1184 struct mwifiex_ra_list_tbl *ptr;
1185 struct mwifiex_private *priv = NULL;
1186 int ptr_index = 0;
1187 u8 ra[ETH_ALEN];
1188 int tid_del = 0, tid = 0;
1189 unsigned long flags;
1191 ptr = mwifiex_wmm_get_highest_priolist_ptr(adapter, &priv, &ptr_index);
1192 if (!ptr)
1193 return -1;
1195 tid = mwifiex_get_tid(ptr);
1197 dev_dbg(adapter->dev, "data: tid=%d\n", tid);
1199 spin_lock_irqsave(&priv->wmm.ra_list_spinlock, flags);
1200 if (!mwifiex_is_ralist_valid(priv, ptr, ptr_index)) {
1201 spin_unlock_irqrestore(&priv->wmm.ra_list_spinlock, flags);
1202 return -1;
1205 if (mwifiex_is_ptr_processed(priv, ptr)) {
1206 mwifiex_send_processed_packet(priv, ptr, ptr_index, flags);
1207 /* ra_list_spinlock has been freed in
1208 mwifiex_send_processed_packet() */
1209 return 0;
1212 if (!ptr->is_11n_enabled || mwifiex_is_ba_stream_setup(priv, ptr, tid)
1213 || ((priv->sec_info.wpa_enabled
1214 || priv->sec_info.wpa2_enabled) && !priv->wpa_is_gtk_set)
1216 mwifiex_send_single_packet(priv, ptr, ptr_index, flags);
1217 /* ra_list_spinlock has been freed in
1218 mwifiex_send_single_packet() */
1219 } else {
1220 if (mwifiex_is_ampdu_allowed(priv, tid)) {
1221 if (mwifiex_space_avail_for_new_ba_stream(adapter)) {
1222 mwifiex_11n_create_tx_ba_stream_tbl(priv,
1223 ptr->ra, tid,
1224 BA_STREAM_SETUP_INPROGRESS);
1225 mwifiex_send_addba(priv, tid, ptr->ra);
1226 } else if (mwifiex_find_stream_to_delete
1227 (priv, tid, &tid_del, ra)) {
1228 mwifiex_11n_create_tx_ba_stream_tbl(priv,
1229 ptr->ra, tid,
1230 BA_STREAM_SETUP_INPROGRESS);
1231 mwifiex_send_delba(priv, tid_del, ra, 1);
1234 if (mwifiex_is_amsdu_allowed(priv, tid) &&
1235 mwifiex_is_11n_aggragation_possible(priv, ptr,
1236 adapter->tx_buf_size))
1237 mwifiex_11n_aggregate_pkt(priv, ptr, INTF_HEADER_LEN,
1238 ptr_index, flags);
1239 /* ra_list_spinlock has been freed in
1240 mwifiex_11n_aggregate_pkt() */
1241 else
1242 mwifiex_send_single_packet(priv, ptr, ptr_index, flags);
1243 /* ra_list_spinlock has been freed in
1244 mwifiex_send_single_packet() */
1246 return 0;
1250 * This function transmits the highest priority packet awaiting in the
1251 * WMM Queues.
1253 void
1254 mwifiex_wmm_process_tx(struct mwifiex_adapter *adapter)
1256 do {
1257 /* Check if busy */
1258 if (adapter->data_sent || adapter->tx_lock_flag)
1259 break;
1261 if (mwifiex_dequeue_tx_packet(adapter))
1262 break;
1263 } while (!mwifiex_wmm_lists_empty(adapter));