OMAPDSS: VENC: fix NULL pointer dereference in DSS2 VENC sysfs debug attr on OMAP4
[zen-stable.git] / drivers / net / wireless / wl1251 / tx.c
blob28121c590a2b1a62effa4c17b335b83264c99acf
1 /*
2 * This file is part of wl1251
4 * Copyright (c) 1998-2007 Texas Instruments Incorporated
5 * Copyright (C) 2008 Nokia Corporation
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * version 2 as published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
19 * 02110-1301 USA
23 #include <linux/kernel.h>
24 #include <linux/module.h>
26 #include "wl1251.h"
27 #include "reg.h"
28 #include "tx.h"
29 #include "ps.h"
30 #include "io.h"
32 static bool wl1251_tx_double_buffer_busy(struct wl1251 *wl, u32 data_out_count)
34 int used, data_in_count;
36 data_in_count = wl->data_in_count;
38 if (data_in_count < data_out_count)
39 /* data_in_count has wrapped */
40 data_in_count += TX_STATUS_DATA_OUT_COUNT_MASK + 1;
42 used = data_in_count - data_out_count;
44 WARN_ON(used < 0);
45 WARN_ON(used > DP_TX_PACKET_RING_CHUNK_NUM);
47 if (used >= DP_TX_PACKET_RING_CHUNK_NUM)
48 return true;
49 else
50 return false;
53 static int wl1251_tx_path_status(struct wl1251 *wl)
55 u32 status, addr, data_out_count;
56 bool busy;
58 addr = wl->data_path->tx_control_addr;
59 status = wl1251_mem_read32(wl, addr);
60 data_out_count = status & TX_STATUS_DATA_OUT_COUNT_MASK;
61 busy = wl1251_tx_double_buffer_busy(wl, data_out_count);
63 if (busy)
64 return -EBUSY;
66 return 0;
69 static int wl1251_tx_id(struct wl1251 *wl, struct sk_buff *skb)
71 int i;
73 for (i = 0; i < FW_TX_CMPLT_BLOCK_SIZE; i++)
74 if (wl->tx_frames[i] == NULL) {
75 wl->tx_frames[i] = skb;
76 return i;
79 return -EBUSY;
82 static void wl1251_tx_control(struct tx_double_buffer_desc *tx_hdr,
83 struct ieee80211_tx_info *control, u16 fc)
85 *(u16 *)&tx_hdr->control = 0;
87 tx_hdr->control.rate_policy = 0;
89 /* 802.11 packets */
90 tx_hdr->control.packet_type = 0;
92 if (control->flags & IEEE80211_TX_CTL_NO_ACK)
93 tx_hdr->control.ack_policy = 1;
95 tx_hdr->control.tx_complete = 1;
97 if ((fc & IEEE80211_FTYPE_DATA) &&
98 ((fc & IEEE80211_STYPE_QOS_DATA) ||
99 (fc & IEEE80211_STYPE_QOS_NULLFUNC)))
100 tx_hdr->control.qos = 1;
103 /* RSN + MIC = 8 + 8 = 16 bytes (worst case - AES). */
104 #define MAX_MSDU_SECURITY_LENGTH 16
105 #define MAX_MPDU_SECURITY_LENGTH 16
106 #define WLAN_QOS_HDR_LEN 26
107 #define MAX_MPDU_HEADER_AND_SECURITY (MAX_MPDU_SECURITY_LENGTH + \
108 WLAN_QOS_HDR_LEN)
109 #define HW_BLOCK_SIZE 252
110 static void wl1251_tx_frag_block_num(struct tx_double_buffer_desc *tx_hdr)
112 u16 payload_len, frag_threshold, mem_blocks;
113 u16 num_mpdus, mem_blocks_per_frag;
115 frag_threshold = IEEE80211_MAX_FRAG_THRESHOLD;
116 tx_hdr->frag_threshold = cpu_to_le16(frag_threshold);
118 payload_len = le16_to_cpu(tx_hdr->length) + MAX_MSDU_SECURITY_LENGTH;
120 if (payload_len > frag_threshold) {
121 mem_blocks_per_frag =
122 ((frag_threshold + MAX_MPDU_HEADER_AND_SECURITY) /
123 HW_BLOCK_SIZE) + 1;
124 num_mpdus = payload_len / frag_threshold;
125 mem_blocks = num_mpdus * mem_blocks_per_frag;
126 payload_len -= num_mpdus * frag_threshold;
127 num_mpdus++;
129 } else {
130 mem_blocks_per_frag = 0;
131 mem_blocks = 0;
132 num_mpdus = 1;
135 mem_blocks += (payload_len / HW_BLOCK_SIZE) + 1;
137 if (num_mpdus > 1)
138 mem_blocks += min(num_mpdus, mem_blocks_per_frag);
140 tx_hdr->num_mem_blocks = mem_blocks;
143 static int wl1251_tx_fill_hdr(struct wl1251 *wl, struct sk_buff *skb,
144 struct ieee80211_tx_info *control)
146 struct tx_double_buffer_desc *tx_hdr;
147 struct ieee80211_rate *rate;
148 int id;
149 u16 fc;
151 if (!skb)
152 return -EINVAL;
154 id = wl1251_tx_id(wl, skb);
155 if (id < 0)
156 return id;
158 fc = *(u16 *)skb->data;
159 tx_hdr = (struct tx_double_buffer_desc *) skb_push(skb,
160 sizeof(*tx_hdr));
162 tx_hdr->length = cpu_to_le16(skb->len - sizeof(*tx_hdr));
163 rate = ieee80211_get_tx_rate(wl->hw, control);
164 tx_hdr->rate = cpu_to_le16(rate->hw_value);
165 tx_hdr->expiry_time = cpu_to_le32(1 << 16);
166 tx_hdr->id = id;
168 tx_hdr->xmit_queue = wl1251_tx_get_queue(skb_get_queue_mapping(skb));
170 wl1251_tx_control(tx_hdr, control, fc);
171 wl1251_tx_frag_block_num(tx_hdr);
173 return 0;
176 /* We copy the packet to the target */
177 static int wl1251_tx_send_packet(struct wl1251 *wl, struct sk_buff *skb,
178 struct ieee80211_tx_info *control)
180 struct tx_double_buffer_desc *tx_hdr;
181 int len;
182 u32 addr;
184 if (!skb)
185 return -EINVAL;
187 tx_hdr = (struct tx_double_buffer_desc *) skb->data;
189 if (control->control.hw_key &&
190 control->control.hw_key->cipher == WLAN_CIPHER_SUITE_TKIP) {
191 int hdrlen;
192 __le16 fc;
193 u16 length;
194 u8 *pos;
196 fc = *(__le16 *)(skb->data + sizeof(*tx_hdr));
197 length = le16_to_cpu(tx_hdr->length) + WL1251_TKIP_IV_SPACE;
198 tx_hdr->length = cpu_to_le16(length);
200 hdrlen = ieee80211_hdrlen(fc);
202 pos = skb_push(skb, WL1251_TKIP_IV_SPACE);
203 memmove(pos, pos + WL1251_TKIP_IV_SPACE,
204 sizeof(*tx_hdr) + hdrlen);
207 /* Revisit. This is a workaround for getting non-aligned packets.
208 This happens at least with EAPOL packets from the user space.
209 Our DMA requires packets to be aligned on a 4-byte boundary.
211 if (unlikely((long)skb->data & 0x03)) {
212 int offset = (4 - (long)skb->data) & 0x03;
213 wl1251_debug(DEBUG_TX, "skb offset %d", offset);
215 /* check whether the current skb can be used */
216 if (skb_cloned(skb) || (skb_tailroom(skb) < offset)) {
217 struct sk_buff *newskb = skb_copy_expand(skb, 0, 3,
218 GFP_KERNEL);
220 if (unlikely(newskb == NULL)) {
221 wl1251_error("Can't allocate skb!");
222 return -EINVAL;
225 tx_hdr = (struct tx_double_buffer_desc *) newskb->data;
227 dev_kfree_skb_any(skb);
228 wl->tx_frames[tx_hdr->id] = skb = newskb;
230 offset = (4 - (long)skb->data) & 0x03;
231 wl1251_debug(DEBUG_TX, "new skb offset %d", offset);
234 /* align the buffer on a 4-byte boundary */
235 if (offset) {
236 unsigned char *src = skb->data;
237 skb_reserve(skb, offset);
238 memmove(skb->data, src, skb->len);
239 tx_hdr = (struct tx_double_buffer_desc *) skb->data;
243 /* Our skb->data at this point includes the HW header */
244 len = WL1251_TX_ALIGN(skb->len);
246 if (wl->data_in_count & 0x1)
247 addr = wl->data_path->tx_packet_ring_addr +
248 wl->data_path->tx_packet_ring_chunk_size;
249 else
250 addr = wl->data_path->tx_packet_ring_addr;
252 wl1251_mem_write(wl, addr, skb->data, len);
254 wl1251_debug(DEBUG_TX, "tx id %u skb 0x%p payload %u rate 0x%x "
255 "queue %d", tx_hdr->id, skb, tx_hdr->length,
256 tx_hdr->rate, tx_hdr->xmit_queue);
258 return 0;
261 static void wl1251_tx_trigger(struct wl1251 *wl)
263 u32 data, addr;
265 if (wl->data_in_count & 0x1) {
266 addr = ACX_REG_INTERRUPT_TRIG_H;
267 data = INTR_TRIG_TX_PROC1;
268 } else {
269 addr = ACX_REG_INTERRUPT_TRIG;
270 data = INTR_TRIG_TX_PROC0;
273 wl1251_reg_write32(wl, addr, data);
275 /* Bumping data in */
276 wl->data_in_count = (wl->data_in_count + 1) &
277 TX_STATUS_DATA_OUT_COUNT_MASK;
280 /* caller must hold wl->mutex */
281 static int wl1251_tx_frame(struct wl1251 *wl, struct sk_buff *skb)
283 struct ieee80211_tx_info *info;
284 int ret = 0;
285 u8 idx;
287 info = IEEE80211_SKB_CB(skb);
289 if (info->control.hw_key) {
290 idx = info->control.hw_key->hw_key_idx;
291 if (unlikely(wl->default_key != idx)) {
292 ret = wl1251_acx_default_key(wl, idx);
293 if (ret < 0)
294 return ret;
298 ret = wl1251_tx_path_status(wl);
299 if (ret < 0)
300 return ret;
302 ret = wl1251_tx_fill_hdr(wl, skb, info);
303 if (ret < 0)
304 return ret;
306 ret = wl1251_tx_send_packet(wl, skb, info);
307 if (ret < 0)
308 return ret;
310 wl1251_tx_trigger(wl);
312 return ret;
315 void wl1251_tx_work(struct work_struct *work)
317 struct wl1251 *wl = container_of(work, struct wl1251, tx_work);
318 struct sk_buff *skb;
319 bool woken_up = false;
320 int ret;
322 mutex_lock(&wl->mutex);
324 if (unlikely(wl->state == WL1251_STATE_OFF))
325 goto out;
327 while ((skb = skb_dequeue(&wl->tx_queue))) {
328 if (!woken_up) {
329 ret = wl1251_ps_elp_wakeup(wl);
330 if (ret < 0)
331 goto out;
332 woken_up = true;
335 ret = wl1251_tx_frame(wl, skb);
336 if (ret == -EBUSY) {
337 skb_queue_head(&wl->tx_queue, skb);
338 goto out;
339 } else if (ret < 0) {
340 dev_kfree_skb(skb);
341 goto out;
345 out:
346 if (woken_up)
347 wl1251_ps_elp_sleep(wl);
349 mutex_unlock(&wl->mutex);
352 static const char *wl1251_tx_parse_status(u8 status)
354 /* 8 bit status field, one character per bit plus null */
355 static char buf[9];
356 int i = 0;
358 memset(buf, 0, sizeof(buf));
360 if (status & TX_DMA_ERROR)
361 buf[i++] = 'm';
362 if (status & TX_DISABLED)
363 buf[i++] = 'd';
364 if (status & TX_RETRY_EXCEEDED)
365 buf[i++] = 'r';
366 if (status & TX_TIMEOUT)
367 buf[i++] = 't';
368 if (status & TX_KEY_NOT_FOUND)
369 buf[i++] = 'k';
370 if (status & TX_ENCRYPT_FAIL)
371 buf[i++] = 'e';
372 if (status & TX_UNAVAILABLE_PRIORITY)
373 buf[i++] = 'p';
375 /* bit 0 is unused apparently */
377 return buf;
380 static void wl1251_tx_packet_cb(struct wl1251 *wl,
381 struct tx_result *result)
383 struct ieee80211_tx_info *info;
384 struct sk_buff *skb;
385 int hdrlen;
386 u8 *frame;
388 skb = wl->tx_frames[result->id];
389 if (skb == NULL) {
390 wl1251_error("SKB for packet %d is NULL", result->id);
391 return;
394 info = IEEE80211_SKB_CB(skb);
396 if (!(info->flags & IEEE80211_TX_CTL_NO_ACK) &&
397 (result->status == TX_SUCCESS))
398 info->flags |= IEEE80211_TX_STAT_ACK;
400 info->status.rates[0].count = result->ack_failures + 1;
401 wl->stats.retry_count += result->ack_failures;
404 * We have to remove our private TX header before pushing
405 * the skb back to mac80211.
407 frame = skb_pull(skb, sizeof(struct tx_double_buffer_desc));
408 if (info->control.hw_key &&
409 info->control.hw_key->cipher == WLAN_CIPHER_SUITE_TKIP) {
410 hdrlen = ieee80211_get_hdrlen_from_skb(skb);
411 memmove(frame + WL1251_TKIP_IV_SPACE, frame, hdrlen);
412 skb_pull(skb, WL1251_TKIP_IV_SPACE);
415 wl1251_debug(DEBUG_TX, "tx status id %u skb 0x%p failures %u rate 0x%x"
416 " status 0x%x (%s)",
417 result->id, skb, result->ack_failures, result->rate,
418 result->status, wl1251_tx_parse_status(result->status));
421 ieee80211_tx_status(wl->hw, skb);
423 wl->tx_frames[result->id] = NULL;
426 /* Called upon reception of a TX complete interrupt */
427 void wl1251_tx_complete(struct wl1251 *wl)
429 int i, result_index, num_complete = 0, queue_len;
430 struct tx_result result[FW_TX_CMPLT_BLOCK_SIZE], *result_ptr;
431 unsigned long flags;
433 if (unlikely(wl->state != WL1251_STATE_ON))
434 return;
436 /* First we read the result */
437 wl1251_mem_read(wl, wl->data_path->tx_complete_addr,
438 result, sizeof(result));
440 result_index = wl->next_tx_complete;
442 for (i = 0; i < ARRAY_SIZE(result); i++) {
443 result_ptr = &result[result_index];
445 if (result_ptr->done_1 == 1 &&
446 result_ptr->done_2 == 1) {
447 wl1251_tx_packet_cb(wl, result_ptr);
449 result_ptr->done_1 = 0;
450 result_ptr->done_2 = 0;
452 result_index = (result_index + 1) &
453 (FW_TX_CMPLT_BLOCK_SIZE - 1);
454 num_complete++;
455 } else {
456 break;
460 queue_len = skb_queue_len(&wl->tx_queue);
462 if ((num_complete > 0) && (queue_len > 0)) {
463 /* firmware buffer has space, reschedule tx_work */
464 wl1251_debug(DEBUG_TX, "tx_complete: reschedule tx_work");
465 ieee80211_queue_work(wl->hw, &wl->tx_work);
468 if (wl->tx_queue_stopped &&
469 queue_len <= WL1251_TX_QUEUE_LOW_WATERMARK) {
470 /* tx_queue has space, restart queues */
471 wl1251_debug(DEBUG_TX, "tx_complete: waking queues");
472 spin_lock_irqsave(&wl->wl_lock, flags);
473 ieee80211_wake_queues(wl->hw);
474 wl->tx_queue_stopped = false;
475 spin_unlock_irqrestore(&wl->wl_lock, flags);
478 /* Every completed frame needs to be acknowledged */
479 if (num_complete) {
481 * If we've wrapped, we have to clear
482 * the results in 2 steps.
484 if (result_index > wl->next_tx_complete) {
485 /* Only 1 write is needed */
486 wl1251_mem_write(wl,
487 wl->data_path->tx_complete_addr +
488 (wl->next_tx_complete *
489 sizeof(struct tx_result)),
490 &result[wl->next_tx_complete],
491 num_complete *
492 sizeof(struct tx_result));
495 } else if (result_index < wl->next_tx_complete) {
496 /* 2 writes are needed */
497 wl1251_mem_write(wl,
498 wl->data_path->tx_complete_addr +
499 (wl->next_tx_complete *
500 sizeof(struct tx_result)),
501 &result[wl->next_tx_complete],
502 (FW_TX_CMPLT_BLOCK_SIZE -
503 wl->next_tx_complete) *
504 sizeof(struct tx_result));
506 wl1251_mem_write(wl,
507 wl->data_path->tx_complete_addr,
508 result,
509 (num_complete -
510 FW_TX_CMPLT_BLOCK_SIZE +
511 wl->next_tx_complete) *
512 sizeof(struct tx_result));
514 } else {
515 /* We have to write the whole array */
516 wl1251_mem_write(wl,
517 wl->data_path->tx_complete_addr,
518 result,
519 FW_TX_CMPLT_BLOCK_SIZE *
520 sizeof(struct tx_result));
525 wl->next_tx_complete = result_index;
528 /* caller must hold wl->mutex */
529 void wl1251_tx_flush(struct wl1251 *wl)
531 int i;
532 struct sk_buff *skb;
533 struct ieee80211_tx_info *info;
535 /* TX failure */
536 /* control->flags = 0; FIXME */
538 while ((skb = skb_dequeue(&wl->tx_queue))) {
539 info = IEEE80211_SKB_CB(skb);
541 wl1251_debug(DEBUG_TX, "flushing skb 0x%p", skb);
543 if (!(info->flags & IEEE80211_TX_CTL_REQ_TX_STATUS))
544 continue;
546 ieee80211_tx_status(wl->hw, skb);
549 for (i = 0; i < FW_TX_CMPLT_BLOCK_SIZE; i++)
550 if (wl->tx_frames[i] != NULL) {
551 skb = wl->tx_frames[i];
552 info = IEEE80211_SKB_CB(skb);
554 if (!(info->flags & IEEE80211_TX_CTL_REQ_TX_STATUS))
555 continue;
557 ieee80211_tx_status(wl->hw, skb);
558 wl->tx_frames[i] = NULL;