1 /******************************************************************************
3 * Copyright(c) 2003 - 2010 Intel Corporation. All rights reserved.
5 * Portions of this file are derived from the ipw3945 project, as well
6 * as portions of the ieee80211 subsystem header files.
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of version 2 of the GNU General Public License as
10 * published by the Free Software Foundation.
12 * This program is distributed in the hope that it will be useful, but WITHOUT
13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
17 * You should have received a copy of the GNU General Public License along with
18 * this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110, USA
21 * The full GNU General Public License is included in this distribution in the
22 * file called LICENSE.
24 * Contact Information:
25 * Intel Linux Wireless <ilw@linux.intel.com>
26 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
28 *****************************************************************************/
30 #include <linux/etherdevice.h>
31 #include <linux/sched.h>
32 #include <linux/slab.h>
33 #include <net/mac80211.h>
34 #include "iwl-eeprom.h"
39 #include "iwl-helpers.h"
41 static const u16 default_tid_to_tx_fifo[] = {
61 static inline int iwl_alloc_dma_ptr(struct iwl_priv *priv,
62 struct iwl_dma_ptr *ptr, size_t size)
64 ptr->addr = dma_alloc_coherent(&priv->pci_dev->dev, size, &ptr->dma,
72 static inline void iwl_free_dma_ptr(struct iwl_priv *priv,
73 struct iwl_dma_ptr *ptr)
75 if (unlikely(!ptr->addr))
78 dma_free_coherent(&priv->pci_dev->dev, ptr->size, ptr->addr, ptr->dma);
79 memset(ptr, 0, sizeof(*ptr));
83 * iwl_txq_update_write_ptr - Send new write index to hardware
85 void iwl_txq_update_write_ptr(struct iwl_priv *priv, struct iwl_tx_queue *txq)
88 int txq_id = txq->q.id;
90 if (txq->need_update == 0)
93 /* if we're trying to save power */
94 if (test_bit(STATUS_POWER_PMI, &priv->status)) {
95 /* wake up nic if it's powered down ...
96 * uCode will wake up, and interrupt us again, so next
97 * time we'll skip this part. */
98 reg = iwl_read32(priv, CSR_UCODE_DRV_GP1);
100 if (reg & CSR_UCODE_DRV_GP1_BIT_MAC_SLEEP) {
101 IWL_DEBUG_INFO(priv, "Tx queue %d requesting wakeup, GP1 = 0x%x\n",
103 iwl_set_bit(priv, CSR_GP_CNTRL,
104 CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
108 iwl_write_direct32(priv, HBUS_TARG_WRPTR,
109 txq->q.write_ptr | (txq_id << 8));
111 /* else not in power-save mode, uCode will never sleep when we're
112 * trying to tx (during RFKILL, we're not trying to tx). */
114 iwl_write32(priv, HBUS_TARG_WRPTR,
115 txq->q.write_ptr | (txq_id << 8));
117 txq->need_update = 0;
119 EXPORT_SYMBOL(iwl_txq_update_write_ptr);
122 void iwl_free_tfds_in_queue(struct iwl_priv *priv,
123 int sta_id, int tid, int freed)
125 if (priv->stations[sta_id].tid[tid].tfds_in_queue >= freed)
126 priv->stations[sta_id].tid[tid].tfds_in_queue -= freed;
128 IWL_DEBUG_TX(priv, "free more than tfds_in_queue (%u:%d)\n",
129 priv->stations[sta_id].tid[tid].tfds_in_queue,
131 priv->stations[sta_id].tid[tid].tfds_in_queue = 0;
134 EXPORT_SYMBOL(iwl_free_tfds_in_queue);
137 * iwl_tx_queue_free - Deallocate DMA queue.
138 * @txq: Transmit queue to deallocate.
140 * Empty queue by removing and destroying all BD's.
142 * 0-fill, but do not free "txq" descriptor structure.
144 void iwl_tx_queue_free(struct iwl_priv *priv, int txq_id)
146 struct iwl_tx_queue *txq = &priv->txq[txq_id];
147 struct iwl_queue *q = &txq->q;
148 struct device *dev = &priv->pci_dev->dev;
154 /* first, empty all BD's */
155 for (; q->write_ptr != q->read_ptr;
156 q->read_ptr = iwl_queue_inc_wrap(q->read_ptr, q->n_bd))
157 priv->cfg->ops->lib->txq_free_tfd(priv, txq);
159 /* De-alloc array of command/tx buffers */
160 for (i = 0; i < TFD_TX_CMD_SLOTS; i++)
163 /* De-alloc circular buffer of TFDs */
165 dma_free_coherent(dev, priv->hw_params.tfd_size *
166 txq->q.n_bd, txq->tfds, txq->q.dma_addr);
168 /* De-alloc array of per-TFD driver data */
172 /* deallocate arrays */
178 /* 0-fill queue descriptor structure */
179 memset(txq, 0, sizeof(*txq));
181 EXPORT_SYMBOL(iwl_tx_queue_free);
184 * iwl_cmd_queue_free - Deallocate DMA queue.
185 * @txq: Transmit queue to deallocate.
187 * Empty queue by removing and destroying all BD's.
189 * 0-fill, but do not free "txq" descriptor structure.
191 void iwl_cmd_queue_free(struct iwl_priv *priv)
193 struct iwl_tx_queue *txq = &priv->txq[IWL_CMD_QUEUE_NUM];
194 struct iwl_queue *q = &txq->q;
195 struct device *dev = &priv->pci_dev->dev;
201 /* De-alloc array of command/tx buffers */
202 for (i = 0; i <= TFD_CMD_SLOTS; i++)
205 /* De-alloc circular buffer of TFDs */
207 dma_free_coherent(dev, priv->hw_params.tfd_size * txq->q.n_bd,
208 txq->tfds, txq->q.dma_addr);
210 /* deallocate arrays */
216 /* 0-fill queue descriptor structure */
217 memset(txq, 0, sizeof(*txq));
219 EXPORT_SYMBOL(iwl_cmd_queue_free);
221 /*************** DMA-QUEUE-GENERAL-FUNCTIONS *****
224 * Theory of operation
226 * A Tx or Rx queue resides in host DRAM, and is comprised of a circular buffer
227 * of buffer descriptors, each of which points to one or more data buffers for
228 * the device to read from or fill. Driver and device exchange status of each
229 * queue via "read" and "write" pointers. Driver keeps minimum of 2 empty
230 * entries in each circular buffer, to protect against confusing empty and full
233 * The device reads or writes the data in the queues via the device's several
234 * DMA/FIFO channels. Each queue is mapped to a single DMA channel.
236 * For Tx queue, there are low mark and high mark limits. If, after queuing
237 * the packet for Tx, free space become < low mark, Tx queue stopped. When
238 * reclaiming packets (on 'tx done IRQ), if free space become > high mark,
241 * See more detailed info in iwl-4965-hw.h.
242 ***************************************************/
244 int iwl_queue_space(const struct iwl_queue *q)
246 int s = q->read_ptr - q->write_ptr;
248 if (q->read_ptr > q->write_ptr)
253 /* keep some reserve to not confuse empty and full situations */
259 EXPORT_SYMBOL(iwl_queue_space);
263 * iwl_queue_init - Initialize queue's high/low-water and read/write indexes
265 static int iwl_queue_init(struct iwl_priv *priv, struct iwl_queue *q,
266 int count, int slots_num, u32 id)
269 q->n_window = slots_num;
272 /* count must be power-of-two size, otherwise iwl_queue_inc_wrap
273 * and iwl_queue_dec_wrap are broken. */
274 BUG_ON(!is_power_of_2(count));
276 /* slots_num must be power-of-two size, otherwise
277 * get_cmd_index is broken. */
278 BUG_ON(!is_power_of_2(slots_num));
280 q->low_mark = q->n_window / 4;
284 q->high_mark = q->n_window / 8;
285 if (q->high_mark < 2)
288 q->write_ptr = q->read_ptr = 0;
294 * iwl_tx_queue_alloc - Alloc driver data and TFD CB for one Tx/cmd queue
296 static int iwl_tx_queue_alloc(struct iwl_priv *priv,
297 struct iwl_tx_queue *txq, u32 id)
299 struct device *dev = &priv->pci_dev->dev;
300 size_t tfd_sz = priv->hw_params.tfd_size * TFD_QUEUE_SIZE_MAX;
302 /* Driver private data, only for Tx (not command) queues,
303 * not shared with device. */
304 if (id != IWL_CMD_QUEUE_NUM) {
305 txq->txb = kmalloc(sizeof(txq->txb[0]) *
306 TFD_QUEUE_SIZE_MAX, GFP_KERNEL);
308 IWL_ERR(priv, "kmalloc for auxiliary BD "
309 "structures failed\n");
316 /* Circular buffer of transmit frame descriptors (TFDs),
317 * shared with device */
318 txq->tfds = dma_alloc_coherent(dev, tfd_sz, &txq->q.dma_addr,
321 IWL_ERR(priv, "pci_alloc_consistent(%zd) failed\n", tfd_sz);
336 * iwl_tx_queue_init - Allocate and initialize one tx/cmd queue
338 int iwl_tx_queue_init(struct iwl_priv *priv, struct iwl_tx_queue *txq,
339 int slots_num, u32 txq_id)
343 int actual_slots = slots_num;
346 * Alloc buffer array for commands (Tx or other types of commands).
347 * For the command queue (#4), allocate command space + one big
348 * command for scan, since scan command is very huge; the system will
349 * not have two scans at the same time, so only one is needed.
350 * For normal Tx queues (all other queues), no super-size command
353 if (txq_id == IWL_CMD_QUEUE_NUM)
356 txq->meta = kzalloc(sizeof(struct iwl_cmd_meta) * actual_slots,
358 txq->cmd = kzalloc(sizeof(struct iwl_device_cmd *) * actual_slots,
361 if (!txq->meta || !txq->cmd)
362 goto out_free_arrays;
364 len = sizeof(struct iwl_device_cmd);
365 for (i = 0; i < actual_slots; i++) {
366 /* only happens for cmd queue */
368 len = IWL_MAX_CMD_SIZE;
370 txq->cmd[i] = kmalloc(len, GFP_KERNEL);
375 /* Alloc driver data array and TFD circular buffer */
376 ret = iwl_tx_queue_alloc(priv, txq, txq_id);
380 txq->need_update = 0;
383 * Aggregation TX queues will get their ID when aggregation begins;
384 * they overwrite the setting done here. The command FIFO doesn't
385 * need an swq_id so don't set one to catch errors, all others can
386 * be set up to the identity mapping.
388 if (txq_id != IWL_CMD_QUEUE_NUM)
389 txq->swq_id = txq_id;
391 /* TFD_QUEUE_SIZE_MAX must be power-of-two size, otherwise
392 * iwl_queue_inc_wrap and iwl_queue_dec_wrap are broken. */
393 BUILD_BUG_ON(TFD_QUEUE_SIZE_MAX & (TFD_QUEUE_SIZE_MAX - 1));
395 /* Initialize queue's high/low-water marks, and head/tail indexes */
396 iwl_queue_init(priv, &txq->q, TFD_QUEUE_SIZE_MAX, slots_num, txq_id);
398 /* Tell device where to find queue */
399 priv->cfg->ops->lib->txq_init(priv, txq);
403 for (i = 0; i < actual_slots; i++)
411 EXPORT_SYMBOL(iwl_tx_queue_init);
414 * iwl_hw_txq_ctx_free - Free TXQ Context
416 * Destroy all TX DMA queues and structures
418 void iwl_hw_txq_ctx_free(struct iwl_priv *priv)
424 for (txq_id = 0; txq_id < priv->hw_params.max_txq_num;
426 if (txq_id == IWL_CMD_QUEUE_NUM)
427 iwl_cmd_queue_free(priv);
429 iwl_tx_queue_free(priv, txq_id);
431 iwl_free_dma_ptr(priv, &priv->kw);
433 iwl_free_dma_ptr(priv, &priv->scd_bc_tbls);
435 /* free tx queue structure */
436 iwl_free_txq_mem(priv);
438 EXPORT_SYMBOL(iwl_hw_txq_ctx_free);
441 * iwl_txq_ctx_reset - Reset TX queue context
442 * Destroys all DMA structures and initialize them again
447 int iwl_txq_ctx_reset(struct iwl_priv *priv)
450 int txq_id, slots_num;
453 /* Free all tx/cmd queues and keep-warm buffer */
454 iwl_hw_txq_ctx_free(priv);
456 ret = iwl_alloc_dma_ptr(priv, &priv->scd_bc_tbls,
457 priv->hw_params.scd_bc_tbls_size);
459 IWL_ERR(priv, "Scheduler BC Table allocation failed\n");
462 /* Alloc keep-warm buffer */
463 ret = iwl_alloc_dma_ptr(priv, &priv->kw, IWL_KW_SIZE);
465 IWL_ERR(priv, "Keep Warm allocation failed\n");
469 /* allocate tx queue structure */
470 ret = iwl_alloc_txq_mem(priv);
474 spin_lock_irqsave(&priv->lock, flags);
476 /* Turn off all Tx DMA fifos */
477 priv->cfg->ops->lib->txq_set_sched(priv, 0);
479 /* Tell NIC where to find the "keep warm" buffer */
480 iwl_write_direct32(priv, FH_KW_MEM_ADDR_REG, priv->kw.dma >> 4);
482 spin_unlock_irqrestore(&priv->lock, flags);
484 /* Alloc and init all Tx queues, including the command queue (#4) */
485 for (txq_id = 0; txq_id < priv->hw_params.max_txq_num; txq_id++) {
486 slots_num = (txq_id == IWL_CMD_QUEUE_NUM) ?
487 TFD_CMD_SLOTS : TFD_TX_CMD_SLOTS;
488 ret = iwl_tx_queue_init(priv, &priv->txq[txq_id], slots_num,
491 IWL_ERR(priv, "Tx %d queue init failed\n", txq_id);
499 iwl_hw_txq_ctx_free(priv);
500 iwl_free_dma_ptr(priv, &priv->kw);
502 iwl_free_dma_ptr(priv, &priv->scd_bc_tbls);
508 * iwl_txq_ctx_stop - Stop all Tx DMA channels, free Tx queue memory
510 void iwl_txq_ctx_stop(struct iwl_priv *priv)
515 /* Turn off all Tx DMA fifos */
516 spin_lock_irqsave(&priv->lock, flags);
518 priv->cfg->ops->lib->txq_set_sched(priv, 0);
520 /* Stop each Tx DMA channel, and wait for it to be idle */
521 for (ch = 0; ch < priv->hw_params.dma_chnl_num; ch++) {
522 iwl_write_direct32(priv, FH_TCSR_CHNL_TX_CONFIG_REG(ch), 0x0);
523 iwl_poll_direct_bit(priv, FH_TSSR_TX_STATUS_REG,
524 FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE(ch),
527 spin_unlock_irqrestore(&priv->lock, flags);
529 /* Deallocate memory for all Tx queues */
530 iwl_hw_txq_ctx_free(priv);
532 EXPORT_SYMBOL(iwl_txq_ctx_stop);
535 * handle build REPLY_TX command notification.
537 static void iwl_tx_cmd_build_basic(struct iwl_priv *priv,
538 struct iwl_tx_cmd *tx_cmd,
539 struct ieee80211_tx_info *info,
540 struct ieee80211_hdr *hdr,
543 __le16 fc = hdr->frame_control;
544 __le32 tx_flags = tx_cmd->tx_flags;
546 tx_cmd->stop_time.life_time = TX_CMD_LIFE_TIME_INFINITE;
547 if (!(info->flags & IEEE80211_TX_CTL_NO_ACK)) {
548 tx_flags |= TX_CMD_FLG_ACK_MSK;
549 if (ieee80211_is_mgmt(fc))
550 tx_flags |= TX_CMD_FLG_SEQ_CTL_MSK;
551 if (ieee80211_is_probe_resp(fc) &&
552 !(le16_to_cpu(hdr->seq_ctrl) & 0xf))
553 tx_flags |= TX_CMD_FLG_TSF_MSK;
555 tx_flags &= (~TX_CMD_FLG_ACK_MSK);
556 tx_flags |= TX_CMD_FLG_SEQ_CTL_MSK;
559 if (ieee80211_is_back_req(fc))
560 tx_flags |= TX_CMD_FLG_ACK_MSK | TX_CMD_FLG_IMM_BA_RSP_MASK;
563 tx_cmd->sta_id = std_id;
564 if (ieee80211_has_morefrags(fc))
565 tx_flags |= TX_CMD_FLG_MORE_FRAG_MSK;
567 if (ieee80211_is_data_qos(fc)) {
568 u8 *qc = ieee80211_get_qos_ctl(hdr);
569 tx_cmd->tid_tspec = qc[0] & 0xf;
570 tx_flags &= ~TX_CMD_FLG_SEQ_CTL_MSK;
572 tx_flags |= TX_CMD_FLG_SEQ_CTL_MSK;
575 priv->cfg->ops->utils->rts_tx_cmd_flag(info, &tx_flags);
577 if ((tx_flags & TX_CMD_FLG_RTS_MSK) || (tx_flags & TX_CMD_FLG_CTS_MSK))
578 tx_flags |= TX_CMD_FLG_FULL_TXOP_PROT_MSK;
580 tx_flags &= ~(TX_CMD_FLG_ANT_SEL_MSK);
581 if (ieee80211_is_mgmt(fc)) {
582 if (ieee80211_is_assoc_req(fc) || ieee80211_is_reassoc_req(fc))
583 tx_cmd->timeout.pm_frame_timeout = cpu_to_le16(3);
585 tx_cmd->timeout.pm_frame_timeout = cpu_to_le16(2);
587 tx_cmd->timeout.pm_frame_timeout = 0;
590 tx_cmd->driver_txop = 0;
591 tx_cmd->tx_flags = tx_flags;
592 tx_cmd->next_frame_len = 0;
595 #define RTS_HCCA_RETRY_LIMIT 3
596 #define RTS_DFAULT_RETRY_LIMIT 60
598 static void iwl_tx_cmd_build_rate(struct iwl_priv *priv,
599 struct iwl_tx_cmd *tx_cmd,
600 struct ieee80211_tx_info *info,
601 __le16 fc, int is_hcca)
609 /* Set retry limit on DATA packets and Probe Responses*/
610 if (ieee80211_is_probe_resp(fc))
611 data_retry_limit = 3;
613 data_retry_limit = IWL_DEFAULT_TX_RETRY;
614 tx_cmd->data_retry_limit = data_retry_limit;
616 /* Set retry limit on RTS packets */
617 rts_retry_limit = (is_hcca) ? RTS_HCCA_RETRY_LIMIT :
618 RTS_DFAULT_RETRY_LIMIT;
619 if (data_retry_limit < rts_retry_limit)
620 rts_retry_limit = data_retry_limit;
621 tx_cmd->rts_retry_limit = rts_retry_limit;
623 /* DATA packets will use the uCode station table for rate/antenna
625 if (ieee80211_is_data(fc)) {
626 tx_cmd->initial_rate_index = 0;
627 tx_cmd->tx_flags |= TX_CMD_FLG_STA_RATE_MSK;
632 * If the current TX rate stored in mac80211 has the MCS bit set, it's
633 * not really a TX rate. Thus, we use the lowest supported rate for
634 * this band. Also use the lowest supported rate if the stored rate
637 rate_idx = info->control.rates[0].idx;
638 if (info->control.rates[0].flags & IEEE80211_TX_RC_MCS ||
639 (rate_idx < 0) || (rate_idx > IWL_RATE_COUNT_LEGACY))
640 rate_idx = rate_lowest_index(&priv->bands[info->band],
642 /* For 5 GHZ band, remap mac80211 rate indices into driver indices */
643 if (info->band == IEEE80211_BAND_5GHZ)
644 rate_idx += IWL_FIRST_OFDM_RATE;
645 /* Get PLCP rate for tx_cmd->rate_n_flags */
646 rate_plcp = iwl_rates[rate_idx].plcp;
647 /* Zero out flags for this packet */
650 /* Set CCK flag as needed */
651 if ((rate_idx >= IWL_FIRST_CCK_RATE) && (rate_idx <= IWL_LAST_CCK_RATE))
652 rate_flags |= RATE_MCS_CCK_MSK;
654 /* Set up RTS and CTS flags for certain packets */
655 switch (fc & cpu_to_le16(IEEE80211_FCTL_STYPE)) {
656 case cpu_to_le16(IEEE80211_STYPE_AUTH):
657 case cpu_to_le16(IEEE80211_STYPE_DEAUTH):
658 case cpu_to_le16(IEEE80211_STYPE_ASSOC_REQ):
659 case cpu_to_le16(IEEE80211_STYPE_REASSOC_REQ):
660 if (tx_cmd->tx_flags & TX_CMD_FLG_RTS_MSK) {
661 tx_cmd->tx_flags &= ~TX_CMD_FLG_RTS_MSK;
662 tx_cmd->tx_flags |= TX_CMD_FLG_CTS_MSK;
669 /* Set up antennas */
670 priv->mgmt_tx_ant = iwl_toggle_tx_ant(priv, priv->mgmt_tx_ant);
671 rate_flags |= iwl_ant_idx_to_flags(priv->mgmt_tx_ant);
673 /* Set the rate in the TX cmd */
674 tx_cmd->rate_n_flags = iwl_hw_set_rate_n_flags(rate_plcp, rate_flags);
677 static void iwl_tx_cmd_build_hwcrypto(struct iwl_priv *priv,
678 struct ieee80211_tx_info *info,
679 struct iwl_tx_cmd *tx_cmd,
680 struct sk_buff *skb_frag,
683 struct ieee80211_key_conf *keyconf = info->control.hw_key;
685 switch (keyconf->alg) {
687 tx_cmd->sec_ctl = TX_CMD_SEC_CCM;
688 memcpy(tx_cmd->key, keyconf->key, keyconf->keylen);
689 if (info->flags & IEEE80211_TX_CTL_AMPDU)
690 tx_cmd->tx_flags |= TX_CMD_FLG_AGG_CCMP_MSK;
691 IWL_DEBUG_TX(priv, "tx_cmd with AES hwcrypto\n");
695 tx_cmd->sec_ctl = TX_CMD_SEC_TKIP;
696 ieee80211_get_tkip_key(keyconf, skb_frag,
697 IEEE80211_TKIP_P2_KEY, tx_cmd->key);
698 IWL_DEBUG_TX(priv, "tx_cmd with tkip hwcrypto\n");
702 tx_cmd->sec_ctl |= (TX_CMD_SEC_WEP |
703 (keyconf->keyidx & TX_CMD_SEC_MSK) << TX_CMD_SEC_SHIFT);
705 if (keyconf->keylen == WEP_KEY_LEN_128)
706 tx_cmd->sec_ctl |= TX_CMD_SEC_KEY128;
708 memcpy(&tx_cmd->key[3], keyconf->key, keyconf->keylen);
710 IWL_DEBUG_TX(priv, "Configuring packet for WEP encryption "
711 "with key %d\n", keyconf->keyidx);
715 IWL_ERR(priv, "Unknown encode alg %d\n", keyconf->alg);
721 * start REPLY_TX command process
723 int iwl_tx_skb(struct iwl_priv *priv, struct sk_buff *skb)
725 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
726 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
727 struct ieee80211_sta *sta = info->control.sta;
728 struct iwl_station_priv *sta_priv = NULL;
729 struct iwl_tx_queue *txq;
731 struct iwl_device_cmd *out_cmd;
732 struct iwl_cmd_meta *out_meta;
733 struct iwl_tx_cmd *tx_cmd;
735 dma_addr_t phys_addr;
736 dma_addr_t txcmd_phys;
737 dma_addr_t scratch_phys;
738 u16 len, len_org, firstlen, secondlen;
743 u8 wait_write_ptr = 0;
748 spin_lock_irqsave(&priv->lock, flags);
749 if (iwl_is_rfkill(priv)) {
750 IWL_DEBUG_DROP(priv, "Dropping - RF KILL\n");
754 fc = hdr->frame_control;
756 #ifdef CONFIG_IWLWIFI_DEBUG
757 if (ieee80211_is_auth(fc))
758 IWL_DEBUG_TX(priv, "Sending AUTH frame\n");
759 else if (ieee80211_is_assoc_req(fc))
760 IWL_DEBUG_TX(priv, "Sending ASSOC frame\n");
761 else if (ieee80211_is_reassoc_req(fc))
762 IWL_DEBUG_TX(priv, "Sending REASSOC frame\n");
765 /* drop all non-injected data frame if we are not associated */
766 if (ieee80211_is_data(fc) &&
767 !(info->flags & IEEE80211_TX_CTL_INJECTED) &&
768 (!iwl_is_associated(priv) ||
769 ((priv->iw_mode == NL80211_IFTYPE_STATION) && !priv->assoc_id) ||
770 !priv->assoc_station_added)) {
771 IWL_DEBUG_DROP(priv, "Dropping - !iwl_is_associated\n");
775 hdr_len = ieee80211_hdrlen(fc);
777 /* Find (or create) index into station table for destination station */
778 if (info->flags & IEEE80211_TX_CTL_INJECTED)
779 sta_id = priv->hw_params.bcast_sta_id;
781 sta_id = iwl_get_sta_id(priv, hdr);
782 if (sta_id == IWL_INVALID_STATION) {
783 IWL_DEBUG_DROP(priv, "Dropping - INVALID STATION: %pM\n",
788 IWL_DEBUG_TX(priv, "station Id %d\n", sta_id);
791 sta_priv = (void *)sta->drv_priv;
793 if (sta_priv && sta_id != priv->hw_params.bcast_sta_id &&
795 WARN_ON(!(info->flags & IEEE80211_TX_CTL_PSPOLL_RESPONSE));
797 * This sends an asynchronous command to the device,
798 * but we can rely on it being processed before the
799 * next frame is processed -- and the next frame to
800 * this station is the one that will consume this
802 * For now set the counter to just 1 since we do not
805 iwl_sta_modify_sleep_tx_count(priv, sta_id, 1);
808 txq_id = skb_get_queue_mapping(skb);
809 if (ieee80211_is_data_qos(fc)) {
810 qc = ieee80211_get_qos_ctl(hdr);
811 tid = qc[0] & IEEE80211_QOS_CTL_TID_MASK;
812 if (unlikely(tid >= MAX_TID_COUNT))
814 seq_number = priv->stations[sta_id].tid[tid].seq_number;
815 seq_number &= IEEE80211_SCTL_SEQ;
816 hdr->seq_ctrl = hdr->seq_ctrl &
817 cpu_to_le16(IEEE80211_SCTL_FRAG);
818 hdr->seq_ctrl |= cpu_to_le16(seq_number);
820 /* aggregation is on for this <sta,tid> */
821 if (info->flags & IEEE80211_TX_CTL_AMPDU &&
822 priv->stations[sta_id].tid[tid].agg.state == IWL_AGG_ON) {
823 txq_id = priv->stations[sta_id].tid[tid].agg.txq_id;
827 txq = &priv->txq[txq_id];
828 swq_id = txq->swq_id;
831 if (unlikely(iwl_queue_space(q) < q->high_mark))
834 if (ieee80211_is_data_qos(fc))
835 priv->stations[sta_id].tid[tid].tfds_in_queue++;
837 /* Set up driver data for this TFD */
838 memset(&(txq->txb[q->write_ptr]), 0, sizeof(struct iwl_tx_info));
839 txq->txb[q->write_ptr].skb[0] = skb;
841 /* Set up first empty entry in queue's array of Tx/cmd buffers */
842 out_cmd = txq->cmd[q->write_ptr];
843 out_meta = &txq->meta[q->write_ptr];
844 tx_cmd = &out_cmd->cmd.tx;
845 memset(&out_cmd->hdr, 0, sizeof(out_cmd->hdr));
846 memset(tx_cmd, 0, sizeof(struct iwl_tx_cmd));
849 * Set up the Tx-command (not MAC!) header.
850 * Store the chosen Tx queue and TFD index within the sequence field;
851 * after Tx, uCode's Tx response will return this value so driver can
852 * locate the frame within the tx queue and do post-tx processing.
854 out_cmd->hdr.cmd = REPLY_TX;
855 out_cmd->hdr.sequence = cpu_to_le16((u16)(QUEUE_TO_SEQ(txq_id) |
856 INDEX_TO_SEQ(q->write_ptr)));
858 /* Copy MAC header from skb into command buffer */
859 memcpy(tx_cmd->hdr, hdr, hdr_len);
862 /* Total # bytes to be transmitted */
864 tx_cmd->len = cpu_to_le16(len);
866 if (info->control.hw_key)
867 iwl_tx_cmd_build_hwcrypto(priv, info, tx_cmd, skb, sta_id);
869 /* TODO need this for burst mode later on */
870 iwl_tx_cmd_build_basic(priv, tx_cmd, info, hdr, sta_id);
871 iwl_dbg_log_tx_data_frame(priv, len, hdr);
873 /* set is_hcca to 0; it probably will never be implemented */
874 iwl_tx_cmd_build_rate(priv, tx_cmd, info, fc, 0);
876 iwl_update_stats(priv, true, fc, len);
878 * Use the first empty entry in this queue's command buffer array
879 * to contain the Tx command and MAC header concatenated together
880 * (payload data will be in another buffer).
881 * Size of this varies, due to varying MAC header length.
882 * If end is not dword aligned, we'll have 2 extra bytes at the end
883 * of the MAC header (device reads on dword boundaries).
884 * We'll tell device about this padding later.
886 len = sizeof(struct iwl_tx_cmd) +
887 sizeof(struct iwl_cmd_header) + hdr_len;
890 firstlen = len = (len + 3) & ~3;
897 /* Tell NIC about any 2-byte padding after MAC header */
899 tx_cmd->tx_flags |= TX_CMD_FLG_MH_PAD_MSK;
901 /* Physical address of this Tx command's header (not MAC header!),
902 * within command buffer array. */
903 txcmd_phys = pci_map_single(priv->pci_dev,
905 PCI_DMA_BIDIRECTIONAL);
906 pci_unmap_addr_set(out_meta, mapping, txcmd_phys);
907 pci_unmap_len_set(out_meta, len, len);
908 /* Add buffer containing Tx command and MAC(!) header to TFD's
910 priv->cfg->ops->lib->txq_attach_buf_to_tfd(priv, txq,
911 txcmd_phys, len, 1, 0);
913 if (!ieee80211_has_morefrags(hdr->frame_control)) {
914 txq->need_update = 1;
916 priv->stations[sta_id].tid[tid].seq_number = seq_number;
919 txq->need_update = 0;
922 /* Set up TFD's 2nd entry to point directly to remainder of skb,
923 * if any (802.11 null frames have no payload). */
924 secondlen = len = skb->len - hdr_len;
926 phys_addr = pci_map_single(priv->pci_dev, skb->data + hdr_len,
927 len, PCI_DMA_TODEVICE);
928 priv->cfg->ops->lib->txq_attach_buf_to_tfd(priv, txq,
933 scratch_phys = txcmd_phys + sizeof(struct iwl_cmd_header) +
934 offsetof(struct iwl_tx_cmd, scratch);
936 len = sizeof(struct iwl_tx_cmd) +
937 sizeof(struct iwl_cmd_header) + hdr_len;
938 /* take back ownership of DMA buffer to enable update */
939 pci_dma_sync_single_for_cpu(priv->pci_dev, txcmd_phys,
940 len, PCI_DMA_BIDIRECTIONAL);
941 tx_cmd->dram_lsb_ptr = cpu_to_le32(scratch_phys);
942 tx_cmd->dram_msb_ptr = iwl_get_dma_hi_addr(scratch_phys);
944 IWL_DEBUG_TX(priv, "sequence nr = 0X%x \n",
945 le16_to_cpu(out_cmd->hdr.sequence));
946 IWL_DEBUG_TX(priv, "tx_flags = 0X%x \n", le32_to_cpu(tx_cmd->tx_flags));
947 iwl_print_hex_dump(priv, IWL_DL_TX, (u8 *)tx_cmd, sizeof(*tx_cmd));
948 iwl_print_hex_dump(priv, IWL_DL_TX, (u8 *)tx_cmd->hdr, hdr_len);
950 /* Set up entry for this TFD in Tx byte-count array */
951 if (info->flags & IEEE80211_TX_CTL_AMPDU)
952 priv->cfg->ops->lib->txq_update_byte_cnt_tbl(priv, txq,
953 le16_to_cpu(tx_cmd->len));
955 pci_dma_sync_single_for_device(priv->pci_dev, txcmd_phys,
956 len, PCI_DMA_BIDIRECTIONAL);
958 trace_iwlwifi_dev_tx(priv,
959 &((struct iwl_tfd *)txq->tfds)[txq->q.write_ptr],
960 sizeof(struct iwl_tfd),
961 &out_cmd->hdr, firstlen,
962 skb->data + hdr_len, secondlen);
964 /* Tell device the write index *just past* this latest filled TFD */
965 q->write_ptr = iwl_queue_inc_wrap(q->write_ptr, q->n_bd);
966 iwl_txq_update_write_ptr(priv, txq);
967 spin_unlock_irqrestore(&priv->lock, flags);
970 * At this point the frame is "transmitted" successfully
971 * and we will get a TX status notification eventually,
972 * regardless of the value of ret. "ret" only indicates
973 * whether or not we should update the write pointer.
976 /* avoid atomic ops if it isn't an associated client */
977 if (sta_priv && sta_priv->client)
978 atomic_inc(&sta_priv->pending_frames);
980 if ((iwl_queue_space(q) < q->high_mark) && priv->mac80211_registered) {
981 if (wait_write_ptr) {
982 spin_lock_irqsave(&priv->lock, flags);
983 txq->need_update = 1;
984 iwl_txq_update_write_ptr(priv, txq);
985 spin_unlock_irqrestore(&priv->lock, flags);
987 iwl_stop_queue(priv, txq->swq_id);
994 spin_unlock_irqrestore(&priv->lock, flags);
997 EXPORT_SYMBOL(iwl_tx_skb);
999 /*************** HOST COMMAND QUEUE FUNCTIONS *****/
1002 * iwl_enqueue_hcmd - enqueue a uCode command
1003 * @priv: device private data point
1004 * @cmd: a point to the ucode command structure
1006 * The function returns < 0 values to indicate the operation is
1007 * failed. On success, it turns the index (> 0) of command in the
1010 int iwl_enqueue_hcmd(struct iwl_priv *priv, struct iwl_host_cmd *cmd)
1012 struct iwl_tx_queue *txq = &priv->txq[IWL_CMD_QUEUE_NUM];
1013 struct iwl_queue *q = &txq->q;
1014 struct iwl_device_cmd *out_cmd;
1015 struct iwl_cmd_meta *out_meta;
1016 dma_addr_t phys_addr;
1017 unsigned long flags;
1022 cmd->len = priv->cfg->ops->utils->get_hcmd_size(cmd->id, cmd->len);
1023 fix_size = (u16)(cmd->len + sizeof(out_cmd->hdr));
1025 /* If any of the command structures end up being larger than
1026 * the TFD_MAX_PAYLOAD_SIZE, and it sent as a 'small' command then
1027 * we will need to increase the size of the TFD entries
1028 * Also, check to see if command buffer should not exceed the size
1029 * of device_cmd and max_cmd_size. */
1030 BUG_ON((fix_size > TFD_MAX_PAYLOAD_SIZE) &&
1031 !(cmd->flags & CMD_SIZE_HUGE));
1032 BUG_ON(fix_size > IWL_MAX_CMD_SIZE);
1034 if (iwl_is_rfkill(priv) || iwl_is_ctkill(priv)) {
1035 IWL_WARN(priv, "Not sending command - %s KILL\n",
1036 iwl_is_rfkill(priv) ? "RF" : "CT");
1040 if (iwl_queue_space(q) < ((cmd->flags & CMD_ASYNC) ? 2 : 1)) {
1041 IWL_ERR(priv, "No space in command queue\n");
1042 if (iwl_within_ct_kill_margin(priv))
1043 iwl_tt_enter_ct_kill(priv);
1045 IWL_ERR(priv, "Restarting adapter due to queue full\n");
1046 queue_work(priv->workqueue, &priv->restart);
1051 spin_lock_irqsave(&priv->hcmd_lock, flags);
1053 idx = get_cmd_index(q, q->write_ptr, cmd->flags & CMD_SIZE_HUGE);
1054 out_cmd = txq->cmd[idx];
1055 out_meta = &txq->meta[idx];
1057 memset(out_meta, 0, sizeof(*out_meta)); /* re-initialize to NULL */
1058 out_meta->flags = cmd->flags;
1059 if (cmd->flags & CMD_WANT_SKB)
1060 out_meta->source = cmd;
1061 if (cmd->flags & CMD_ASYNC)
1062 out_meta->callback = cmd->callback;
1064 out_cmd->hdr.cmd = cmd->id;
1065 memcpy(&out_cmd->cmd.payload, cmd->data, cmd->len);
1067 /* At this point, the out_cmd now has all of the incoming cmd
1070 out_cmd->hdr.flags = 0;
1071 out_cmd->hdr.sequence = cpu_to_le16(QUEUE_TO_SEQ(IWL_CMD_QUEUE_NUM) |
1072 INDEX_TO_SEQ(q->write_ptr));
1073 if (cmd->flags & CMD_SIZE_HUGE)
1074 out_cmd->hdr.sequence |= SEQ_HUGE_FRAME;
1075 len = sizeof(struct iwl_device_cmd);
1076 if (idx == TFD_CMD_SLOTS)
1077 len = IWL_MAX_CMD_SIZE;
1079 #ifdef CONFIG_IWLWIFI_DEBUG
1080 switch (out_cmd->hdr.cmd) {
1081 case REPLY_TX_LINK_QUALITY_CMD:
1082 case SENSITIVITY_CMD:
1083 IWL_DEBUG_HC_DUMP(priv, "Sending command %s (#%x), seq: 0x%04X, "
1084 "%d bytes at %d[%d]:%d\n",
1085 get_cmd_string(out_cmd->hdr.cmd),
1087 le16_to_cpu(out_cmd->hdr.sequence), fix_size,
1088 q->write_ptr, idx, IWL_CMD_QUEUE_NUM);
1091 IWL_DEBUG_HC(priv, "Sending command %s (#%x), seq: 0x%04X, "
1092 "%d bytes at %d[%d]:%d\n",
1093 get_cmd_string(out_cmd->hdr.cmd),
1095 le16_to_cpu(out_cmd->hdr.sequence), fix_size,
1096 q->write_ptr, idx, IWL_CMD_QUEUE_NUM);
1099 txq->need_update = 1;
1101 if (priv->cfg->ops->lib->txq_update_byte_cnt_tbl)
1102 /* Set up entry in queue's byte count circular buffer */
1103 priv->cfg->ops->lib->txq_update_byte_cnt_tbl(priv, txq, 0);
1105 phys_addr = pci_map_single(priv->pci_dev, &out_cmd->hdr,
1106 fix_size, PCI_DMA_BIDIRECTIONAL);
1107 pci_unmap_addr_set(out_meta, mapping, phys_addr);
1108 pci_unmap_len_set(out_meta, len, fix_size);
1110 trace_iwlwifi_dev_hcmd(priv, &out_cmd->hdr, fix_size, cmd->flags);
1112 priv->cfg->ops->lib->txq_attach_buf_to_tfd(priv, txq,
1113 phys_addr, fix_size, 1,
1116 /* Increment and update queue's write index */
1117 q->write_ptr = iwl_queue_inc_wrap(q->write_ptr, q->n_bd);
1118 iwl_txq_update_write_ptr(priv, txq);
1120 spin_unlock_irqrestore(&priv->hcmd_lock, flags);
1124 static void iwl_tx_status(struct iwl_priv *priv, struct sk_buff *skb)
1126 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1127 struct ieee80211_sta *sta;
1128 struct iwl_station_priv *sta_priv;
1130 sta = ieee80211_find_sta(priv->vif, hdr->addr1);
1132 sta_priv = (void *)sta->drv_priv;
1133 /* avoid atomic ops if this isn't a client */
1134 if (sta_priv->client &&
1135 atomic_dec_return(&sta_priv->pending_frames) == 0)
1136 ieee80211_sta_block_awake(priv->hw, sta, false);
1139 ieee80211_tx_status_irqsafe(priv->hw, skb);
1142 int iwl_tx_queue_reclaim(struct iwl_priv *priv, int txq_id, int index)
1144 struct iwl_tx_queue *txq = &priv->txq[txq_id];
1145 struct iwl_queue *q = &txq->q;
1146 struct iwl_tx_info *tx_info;
1148 struct ieee80211_hdr *hdr;
1150 if ((index >= q->n_bd) || (iwl_queue_used(q, index) == 0)) {
1151 IWL_ERR(priv, "Read index for DMA queue txq id (%d), index %d, "
1152 "is out of range [0-%d] %d %d.\n", txq_id,
1153 index, q->n_bd, q->write_ptr, q->read_ptr);
1157 for (index = iwl_queue_inc_wrap(index, q->n_bd);
1158 q->read_ptr != index;
1159 q->read_ptr = iwl_queue_inc_wrap(q->read_ptr, q->n_bd)) {
1161 tx_info = &txq->txb[txq->q.read_ptr];
1162 iwl_tx_status(priv, tx_info->skb[0]);
1164 hdr = (struct ieee80211_hdr *)tx_info->skb[0]->data;
1165 if (hdr && ieee80211_is_data_qos(hdr->frame_control))
1167 tx_info->skb[0] = NULL;
1169 if (priv->cfg->ops->lib->txq_inval_byte_cnt_tbl)
1170 priv->cfg->ops->lib->txq_inval_byte_cnt_tbl(priv, txq);
1172 priv->cfg->ops->lib->txq_free_tfd(priv, txq);
1176 EXPORT_SYMBOL(iwl_tx_queue_reclaim);
1180 * iwl_hcmd_queue_reclaim - Reclaim TX command queue entries already Tx'd
1182 * When FW advances 'R' index, all entries between old and new 'R' index
1183 * need to be reclaimed. As result, some free space forms. If there is
1184 * enough free space (> low mark), wake the stack that feeds us.
1186 static void iwl_hcmd_queue_reclaim(struct iwl_priv *priv, int txq_id,
1187 int idx, int cmd_idx)
1189 struct iwl_tx_queue *txq = &priv->txq[txq_id];
1190 struct iwl_queue *q = &txq->q;
1193 if ((idx >= q->n_bd) || (iwl_queue_used(q, idx) == 0)) {
1194 IWL_ERR(priv, "Read index for DMA queue txq id (%d), index %d, "
1195 "is out of range [0-%d] %d %d.\n", txq_id,
1196 idx, q->n_bd, q->write_ptr, q->read_ptr);
1200 for (idx = iwl_queue_inc_wrap(idx, q->n_bd); q->read_ptr != idx;
1201 q->read_ptr = iwl_queue_inc_wrap(q->read_ptr, q->n_bd)) {
1204 IWL_ERR(priv, "HCMD skipped: index (%d) %d %d\n", idx,
1205 q->write_ptr, q->read_ptr);
1206 queue_work(priv->workqueue, &priv->restart);
1213 * iwl_tx_cmd_complete - Pull unused buffers off the queue and reclaim them
1214 * @rxb: Rx buffer to reclaim
1216 * If an Rx buffer has an async callback associated with it the callback
1217 * will be executed. The attached skb (if present) will only be freed
1218 * if the callback returns 1
1220 void iwl_tx_cmd_complete(struct iwl_priv *priv, struct iwl_rx_mem_buffer *rxb)
1222 struct iwl_rx_packet *pkt = rxb_addr(rxb);
1223 u16 sequence = le16_to_cpu(pkt->hdr.sequence);
1224 int txq_id = SEQ_TO_QUEUE(sequence);
1225 int index = SEQ_TO_INDEX(sequence);
1227 bool huge = !!(pkt->hdr.sequence & SEQ_HUGE_FRAME);
1228 struct iwl_device_cmd *cmd;
1229 struct iwl_cmd_meta *meta;
1231 /* If a Tx command is being handled and it isn't in the actual
1232 * command queue then there a command routing bug has been introduced
1233 * in the queue management code. */
1234 if (WARN(txq_id != IWL_CMD_QUEUE_NUM,
1235 "wrong command queue %d, sequence 0x%X readp=%d writep=%d\n",
1237 priv->txq[IWL_CMD_QUEUE_NUM].q.read_ptr,
1238 priv->txq[IWL_CMD_QUEUE_NUM].q.write_ptr)) {
1239 iwl_print_hex_error(priv, pkt, 32);
1243 cmd_index = get_cmd_index(&priv->txq[IWL_CMD_QUEUE_NUM].q, index, huge);
1244 cmd = priv->txq[IWL_CMD_QUEUE_NUM].cmd[cmd_index];
1245 meta = &priv->txq[IWL_CMD_QUEUE_NUM].meta[cmd_index];
1247 pci_unmap_single(priv->pci_dev,
1248 pci_unmap_addr(meta, mapping),
1249 pci_unmap_len(meta, len),
1250 PCI_DMA_BIDIRECTIONAL);
1252 /* Input error checking is done when commands are added to queue. */
1253 if (meta->flags & CMD_WANT_SKB) {
1254 meta->source->reply_page = (unsigned long)rxb_addr(rxb);
1256 } else if (meta->callback)
1257 meta->callback(priv, cmd, pkt);
1259 iwl_hcmd_queue_reclaim(priv, txq_id, index, cmd_index);
1261 if (!(meta->flags & CMD_ASYNC)) {
1262 clear_bit(STATUS_HCMD_ACTIVE, &priv->status);
1263 IWL_DEBUG_INFO(priv, "Clearing HCMD_ACTIVE for command %s \n",
1264 get_cmd_string(cmd->hdr.cmd));
1265 wake_up_interruptible(&priv->wait_command_queue);
1268 EXPORT_SYMBOL(iwl_tx_cmd_complete);
1271 * Find first available (lowest unused) Tx Queue, mark it "active".
1272 * Called only when finding queue for aggregation.
1273 * Should never return anything < 7, because they should already
1274 * be in use as EDCA AC (0-3), Command (4), HCCA (5, 6).
1276 static int iwl_txq_ctx_activate_free(struct iwl_priv *priv)
1280 for (txq_id = 0; txq_id < priv->hw_params.max_txq_num; txq_id++)
1281 if (!test_and_set_bit(txq_id, &priv->txq_ctx_active_msk))
1286 int iwl_tx_agg_start(struct iwl_priv *priv, const u8 *ra, u16 tid, u16 *ssn)
1292 unsigned long flags;
1293 struct iwl_tid_data *tid_data;
1295 if (likely(tid < ARRAY_SIZE(default_tid_to_tx_fifo)))
1296 tx_fifo = default_tid_to_tx_fifo[tid];
1300 IWL_WARN(priv, "%s on ra = %pM tid = %d\n",
1303 sta_id = iwl_find_station(priv, ra);
1304 if (sta_id == IWL_INVALID_STATION) {
1305 IWL_ERR(priv, "Start AGG on invalid station\n");
1308 if (unlikely(tid >= MAX_TID_COUNT))
1311 if (priv->stations[sta_id].tid[tid].agg.state != IWL_AGG_OFF) {
1312 IWL_ERR(priv, "Start AGG when state is not IWL_AGG_OFF !\n");
1316 txq_id = iwl_txq_ctx_activate_free(priv);
1318 IWL_ERR(priv, "No free aggregation queue available\n");
1322 spin_lock_irqsave(&priv->sta_lock, flags);
1323 tid_data = &priv->stations[sta_id].tid[tid];
1324 *ssn = SEQ_TO_SN(tid_data->seq_number);
1325 tid_data->agg.txq_id = txq_id;
1326 priv->txq[txq_id].swq_id = iwl_virtual_agg_queue_num(tx_fifo, txq_id);
1327 spin_unlock_irqrestore(&priv->sta_lock, flags);
1329 ret = priv->cfg->ops->lib->txq_agg_enable(priv, txq_id, tx_fifo,
1334 if (tid_data->tfds_in_queue == 0) {
1335 IWL_DEBUG_HT(priv, "HW queue is empty\n");
1336 tid_data->agg.state = IWL_AGG_ON;
1337 ieee80211_start_tx_ba_cb_irqsafe(priv->vif, ra, tid);
1339 IWL_DEBUG_HT(priv, "HW queue is NOT empty: %d packets in HW queue\n",
1340 tid_data->tfds_in_queue);
1341 tid_data->agg.state = IWL_EMPTYING_HW_QUEUE_ADDBA;
1345 EXPORT_SYMBOL(iwl_tx_agg_start);
1347 int iwl_tx_agg_stop(struct iwl_priv *priv , const u8 *ra, u16 tid)
1349 int tx_fifo_id, txq_id, sta_id, ssn = -1;
1350 struct iwl_tid_data *tid_data;
1351 int write_ptr, read_ptr;
1352 unsigned long flags;
1355 IWL_ERR(priv, "ra = NULL\n");
1359 if (unlikely(tid >= MAX_TID_COUNT))
1362 if (likely(tid < ARRAY_SIZE(default_tid_to_tx_fifo)))
1363 tx_fifo_id = default_tid_to_tx_fifo[tid];
1367 sta_id = iwl_find_station(priv, ra);
1369 if (sta_id == IWL_INVALID_STATION) {
1370 IWL_ERR(priv, "Invalid station for AGG tid %d\n", tid);
1374 if (priv->stations[sta_id].tid[tid].agg.state ==
1375 IWL_EMPTYING_HW_QUEUE_ADDBA) {
1376 IWL_DEBUG_HT(priv, "AGG stop before setup done\n");
1377 ieee80211_stop_tx_ba_cb_irqsafe(priv->vif, ra, tid);
1378 priv->stations[sta_id].tid[tid].agg.state = IWL_AGG_OFF;
1382 if (priv->stations[sta_id].tid[tid].agg.state != IWL_AGG_ON)
1383 IWL_WARN(priv, "Stopping AGG while state not ON or starting\n");
1385 tid_data = &priv->stations[sta_id].tid[tid];
1386 ssn = (tid_data->seq_number & IEEE80211_SCTL_SEQ) >> 4;
1387 txq_id = tid_data->agg.txq_id;
1388 write_ptr = priv->txq[txq_id].q.write_ptr;
1389 read_ptr = priv->txq[txq_id].q.read_ptr;
1391 /* The queue is not empty */
1392 if (write_ptr != read_ptr) {
1393 IWL_DEBUG_HT(priv, "Stopping a non empty AGG HW QUEUE\n");
1394 priv->stations[sta_id].tid[tid].agg.state =
1395 IWL_EMPTYING_HW_QUEUE_DELBA;
1399 IWL_DEBUG_HT(priv, "HW queue is empty\n");
1400 priv->stations[sta_id].tid[tid].agg.state = IWL_AGG_OFF;
1402 spin_lock_irqsave(&priv->lock, flags);
1404 * the only reason this call can fail is queue number out of range,
1405 * which can happen if uCode is reloaded and all the station
1406 * information are lost. if it is outside the range, there is no need
1407 * to deactivate the uCode queue, just return "success" to allow
1408 * mac80211 to clean up it own data.
1410 priv->cfg->ops->lib->txq_agg_disable(priv, txq_id, ssn,
1412 spin_unlock_irqrestore(&priv->lock, flags);
1414 ieee80211_stop_tx_ba_cb_irqsafe(priv->vif, ra, tid);
1418 EXPORT_SYMBOL(iwl_tx_agg_stop);
1420 int iwl_txq_check_empty(struct iwl_priv *priv, int sta_id, u8 tid, int txq_id)
1422 struct iwl_queue *q = &priv->txq[txq_id].q;
1423 u8 *addr = priv->stations[sta_id].sta.sta.addr;
1424 struct iwl_tid_data *tid_data = &priv->stations[sta_id].tid[tid];
1426 switch (priv->stations[sta_id].tid[tid].agg.state) {
1427 case IWL_EMPTYING_HW_QUEUE_DELBA:
1428 /* We are reclaiming the last packet of the */
1429 /* aggregated HW queue */
1430 if ((txq_id == tid_data->agg.txq_id) &&
1431 (q->read_ptr == q->write_ptr)) {
1432 u16 ssn = SEQ_TO_SN(tid_data->seq_number);
1433 int tx_fifo = default_tid_to_tx_fifo[tid];
1434 IWL_DEBUG_HT(priv, "HW queue empty: continue DELBA flow\n");
1435 priv->cfg->ops->lib->txq_agg_disable(priv, txq_id,
1437 tid_data->agg.state = IWL_AGG_OFF;
1438 ieee80211_stop_tx_ba_cb_irqsafe(priv->vif, addr, tid);
1441 case IWL_EMPTYING_HW_QUEUE_ADDBA:
1442 /* We are reclaiming the last packet of the queue */
1443 if (tid_data->tfds_in_queue == 0) {
1444 IWL_DEBUG_HT(priv, "HW queue empty: continue ADDBA flow\n");
1445 tid_data->agg.state = IWL_AGG_ON;
1446 ieee80211_start_tx_ba_cb_irqsafe(priv->vif, addr, tid);
1452 EXPORT_SYMBOL(iwl_txq_check_empty);
1455 * iwl_tx_status_reply_compressed_ba - Update tx status from block-ack
1457 * Go through block-ack's bitmap of ACK'd frames, update driver's record of
1458 * ACK vs. not. This gets sent to mac80211, then to rate scaling algo.
1460 static int iwl_tx_status_reply_compressed_ba(struct iwl_priv *priv,
1461 struct iwl_ht_agg *agg,
1462 struct iwl_compressed_ba_resp *ba_resp)
1466 u16 seq_ctl = le16_to_cpu(ba_resp->seq_ctl);
1467 u16 scd_flow = le16_to_cpu(ba_resp->scd_flow);
1470 struct ieee80211_tx_info *info;
1472 if (unlikely(!agg->wait_for_ba)) {
1473 IWL_ERR(priv, "Received BA when not expected\n");
1477 /* Mark that the expected block-ack response arrived */
1478 agg->wait_for_ba = 0;
1479 IWL_DEBUG_TX_REPLY(priv, "BA %d %d\n", agg->start_idx, ba_resp->seq_ctl);
1481 /* Calculate shift to align block-ack bits with our Tx window bits */
1482 sh = agg->start_idx - SEQ_TO_INDEX(seq_ctl >> 4);
1483 if (sh < 0) /* tbw something is wrong with indices */
1486 /* don't use 64-bit values for now */
1487 bitmap = le64_to_cpu(ba_resp->bitmap) >> sh;
1489 if (agg->frame_count > (64 - sh)) {
1490 IWL_DEBUG_TX_REPLY(priv, "more frames than bitmap size");
1494 /* check for success or failure according to the
1495 * transmitted bitmap and block-ack bitmap */
1496 bitmap &= agg->bitmap;
1498 /* For each frame attempted in aggregation,
1499 * update driver's record of tx frame's status. */
1500 for (i = 0; i < agg->frame_count ; i++) {
1501 ack = bitmap & (1ULL << i);
1503 IWL_DEBUG_TX_REPLY(priv, "%s ON i=%d idx=%d raw=%d\n",
1504 ack ? "ACK" : "NACK", i, (agg->start_idx + i) & 0xff,
1505 agg->start_idx + i);
1508 info = IEEE80211_SKB_CB(priv->txq[scd_flow].txb[agg->start_idx].skb[0]);
1509 memset(&info->status, 0, sizeof(info->status));
1510 info->flags |= IEEE80211_TX_STAT_ACK;
1511 info->flags |= IEEE80211_TX_STAT_AMPDU;
1512 info->status.ampdu_ack_map = successes;
1513 info->status.ampdu_ack_len = agg->frame_count;
1514 iwl_hwrate_to_tx_control(priv, agg->rate_n_flags, info);
1516 IWL_DEBUG_TX_REPLY(priv, "Bitmap %llx\n", (unsigned long long)bitmap);
1522 * iwl_rx_reply_compressed_ba - Handler for REPLY_COMPRESSED_BA
1524 * Handles block-acknowledge notification from device, which reports success
1525 * of frames sent via aggregation.
1527 void iwl_rx_reply_compressed_ba(struct iwl_priv *priv,
1528 struct iwl_rx_mem_buffer *rxb)
1530 struct iwl_rx_packet *pkt = rxb_addr(rxb);
1531 struct iwl_compressed_ba_resp *ba_resp = &pkt->u.compressed_ba;
1532 struct iwl_tx_queue *txq = NULL;
1533 struct iwl_ht_agg *agg;
1538 /* "flow" corresponds to Tx queue */
1539 u16 scd_flow = le16_to_cpu(ba_resp->scd_flow);
1541 /* "ssn" is start of block-ack Tx window, corresponds to index
1542 * (in Tx queue's circular buffer) of first TFD/frame in window */
1543 u16 ba_resp_scd_ssn = le16_to_cpu(ba_resp->scd_ssn);
1545 if (scd_flow >= priv->hw_params.max_txq_num) {
1547 "BUG_ON scd_flow is bigger than number of queues\n");
1551 txq = &priv->txq[scd_flow];
1552 sta_id = ba_resp->sta_id;
1554 agg = &priv->stations[sta_id].tid[tid].agg;
1556 /* Find index just before block-ack window */
1557 index = iwl_queue_dec_wrap(ba_resp_scd_ssn & 0xff, txq->q.n_bd);
1559 /* TODO: Need to get this copy more safely - now good for debug */
1561 IWL_DEBUG_TX_REPLY(priv, "REPLY_COMPRESSED_BA [%d] Received from %pM, "
1564 (u8 *) &ba_resp->sta_addr_lo32,
1566 IWL_DEBUG_TX_REPLY(priv, "TID = %d, SeqCtl = %d, bitmap = 0x%llx, scd_flow = "
1567 "%d, scd_ssn = %d\n",
1570 (unsigned long long)le64_to_cpu(ba_resp->bitmap),
1573 IWL_DEBUG_TX_REPLY(priv, "DAT start_idx = %d, bitmap = 0x%llx \n",
1575 (unsigned long long)agg->bitmap);
1577 /* Update driver's record of ACK vs. not for each frame in window */
1578 iwl_tx_status_reply_compressed_ba(priv, agg, ba_resp);
1580 /* Release all TFDs before the SSN, i.e. all TFDs in front of
1581 * block-ack window (we assume that they've been successfully
1582 * transmitted ... if not, it's too late anyway). */
1583 if (txq->q.read_ptr != (ba_resp_scd_ssn & 0xff)) {
1584 /* calculate mac80211 ampdu sw queue to wake */
1585 int freed = iwl_tx_queue_reclaim(priv, scd_flow, index);
1586 iwl_free_tfds_in_queue(priv, sta_id, tid, freed);
1588 if ((iwl_queue_space(&txq->q) > txq->q.low_mark) &&
1589 priv->mac80211_registered &&
1590 (agg->state != IWL_EMPTYING_HW_QUEUE_DELBA))
1591 iwl_wake_queue(priv, txq->swq_id);
1593 iwl_txq_check_empty(priv, sta_id, tid, scd_flow);
1596 EXPORT_SYMBOL(iwl_rx_reply_compressed_ba);
1598 #ifdef CONFIG_IWLWIFI_DEBUG
1599 #define TX_STATUS_ENTRY(x) case TX_STATUS_FAIL_ ## x: return #x
1601 const char *iwl_get_tx_fail_reason(u32 status)
1603 switch (status & TX_STATUS_MSK) {
1604 case TX_STATUS_SUCCESS:
1606 TX_STATUS_ENTRY(SHORT_LIMIT);
1607 TX_STATUS_ENTRY(LONG_LIMIT);
1608 TX_STATUS_ENTRY(FIFO_UNDERRUN);
1609 TX_STATUS_ENTRY(MGMNT_ABORT);
1610 TX_STATUS_ENTRY(NEXT_FRAG);
1611 TX_STATUS_ENTRY(LIFE_EXPIRE);
1612 TX_STATUS_ENTRY(DEST_PS);
1613 TX_STATUS_ENTRY(ABORTED);
1614 TX_STATUS_ENTRY(BT_RETRY);
1615 TX_STATUS_ENTRY(STA_INVALID);
1616 TX_STATUS_ENTRY(FRAG_DROPPED);
1617 TX_STATUS_ENTRY(TID_DISABLE);
1618 TX_STATUS_ENTRY(FRAME_FLUSHED);
1619 TX_STATUS_ENTRY(INSUFFICIENT_CF_POLL);
1620 TX_STATUS_ENTRY(TX_LOCKED);
1621 TX_STATUS_ENTRY(NO_BEACON_ON_RADAR);
1626 EXPORT_SYMBOL(iwl_get_tx_fail_reason);
1627 #endif /* CONFIG_IWLWIFI_DEBUG */
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob