LXR linux/drivers/net/wireless/ath/carl9170/tx.c

   1/*
   2 * Atheros CARL9170 driver
   3 *
   4 * 802.11 xmit & status routines
   5 *
   6 * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
   7 * Copyright 2009, 2010, Christian Lamparter <chunkeey@googlemail.com>
   8 *
   9 * This program is free software; you can redistribute it and/or modify
  10 * it under the terms of the GNU General Public License as published by
  11 * the Free Software Foundation; either version 2 of the License, or
  12 * (at your option) any later version.
  13 *
  14 * This program is distributed in the hope that it will be useful,
  15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17 * GNU General Public License for more details.
  18 *
  19 * You should have received a copy of the GNU General Public License
  20 * along with this program; see the file COPYING.  If not, see
  21 * http://www.gnu.org/licenses/.
  22 *
  23 * This file incorporates work covered by the following copyright and
  24 * permission notice:
  25 *    Copyright (c) 2007-2008 Atheros Communications, Inc.
  26 *
  27 *    Permission to use, copy, modify, and/or distribute this software for any
  28 *    purpose with or without fee is hereby granted, provided that the above
  29 *    copyright notice and this permission notice appear in all copies.
  30 *
  31 *    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  32 *    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  33 *    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  34 *    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  35 *    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  36 *    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  37 *    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  38 */
  39
  40#include <linux/slab.h>
  41#include <linux/module.h>
  42#include <linux/etherdevice.h>
  43#include <net/mac80211.h>
  44#include "carl9170.h"
  45#include "hw.h"
  46#include "cmd.h"
  47
  48static inline unsigned int __carl9170_get_queue(struct ar9170 *ar,
  49                                                unsigned int queue)
  50{
  51        if (unlikely(modparam_noht)) {
  52                return queue;
  53        } else {
  54                /*
  55                 * This is just another workaround, until
  56                 * someone figures out how to get QoS and
  57                 * AMPDU to play nicely together.
  58                 */
  59
  60                return 2;               /* AC_BE */
  61        }
  62}
  63
  64static inline unsigned int carl9170_get_queue(struct ar9170 *ar,
  65                                              struct sk_buff *skb)
  66{
  67        return __carl9170_get_queue(ar, skb_get_queue_mapping(skb));
  68}
  69
  70static bool is_mem_full(struct ar9170 *ar)
  71{
  72        return (DIV_ROUND_UP(IEEE80211_MAX_FRAME_LEN, ar->fw.mem_block_size) >
  73                atomic_read(&ar->mem_free_blocks));
  74}
  75
  76static void carl9170_tx_accounting(struct ar9170 *ar, struct sk_buff *skb)
  77{
  78        int queue, i;
  79        bool mem_full;
  80
  81        atomic_inc(&ar->tx_total_queued);
  82
  83        queue = skb_get_queue_mapping(skb);
  84        spin_lock_bh(&ar->tx_stats_lock);
  85
  86        /*
  87         * The driver has to accept the frame, regardless if the queue is
  88         * full to the brim, or not. We have to do the queuing internally,
  89         * since mac80211 assumes that a driver which can operate with
  90         * aggregated frames does not reject frames for this reason.
  91         */
  92        ar->tx_stats[queue].len++;
  93        ar->tx_stats[queue].count++;
  94
  95        mem_full = is_mem_full(ar);
  96        for (i = 0; i < ar->hw->queues; i++) {
  97                if (mem_full || ar->tx_stats[i].len >= ar->tx_stats[i].limit) {
  98                        ieee80211_stop_queue(ar->hw, i);
  99                        ar->queue_stop_timeout[i] = jiffies;
 100                }
 101        }
 102
 103        spin_unlock_bh(&ar->tx_stats_lock);
 104}
 105
 106/* needs rcu_read_lock */
 107static struct ieee80211_sta *__carl9170_get_tx_sta(struct ar9170 *ar,
 108                                                   struct sk_buff *skb)
 109{
 110        struct _carl9170_tx_superframe *super = (void *) skb->data;
 111        struct ieee80211_hdr *hdr = (void *) super->frame_data;
 112        struct ieee80211_vif *vif;
 113        unsigned int vif_id;
 114
 115        vif_id = (super->s.misc & CARL9170_TX_SUPER_MISC_VIF_ID) >>
 116                 CARL9170_TX_SUPER_MISC_VIF_ID_S;
 117
 118        if (WARN_ON_ONCE(vif_id >= AR9170_MAX_VIRTUAL_MAC))
 119                return NULL;
 120
 121        vif = rcu_dereference(ar->vif_priv[vif_id].vif);
 122        if (unlikely(!vif))
 123                return NULL;
 124
 125        /*
 126         * Normally we should use wrappers like ieee80211_get_DA to get
 127         * the correct peer ieee80211_sta.
 128         *
 129         * But there is a problem with indirect traffic (broadcasts, or
 130         * data which is designated for other stations) in station mode.
 131         * The frame will be directed to the AP for distribution and not
 132         * to the actual destination.
 133         */
 134
 135        return ieee80211_find_sta(vif, hdr->addr1);
 136}
 137
 138static void carl9170_tx_ps_unblock(struct ar9170 *ar, struct sk_buff *skb)
 139{
 140        struct ieee80211_sta *sta;
 141        struct carl9170_sta_info *sta_info;
 142
 143        rcu_read_lock();
 144        sta = __carl9170_get_tx_sta(ar, skb);
 145        if (unlikely(!sta))
 146                goto out_rcu;
 147
 148        sta_info = (struct carl9170_sta_info *) sta->drv_priv;
 149        if (atomic_dec_return(&sta_info->pending_frames) == 0)
 150                ieee80211_sta_block_awake(ar->hw, sta, false);
 151
 152out_rcu:
 153        rcu_read_unlock();
 154}
 155
 156static void carl9170_tx_accounting_free(struct ar9170 *ar, struct sk_buff *skb)
 157{
 158        int queue;
 159
 160        queue = skb_get_queue_mapping(skb);
 161
 162        spin_lock_bh(&ar->tx_stats_lock);
 163
 164        ar->tx_stats[queue].len--;
 165
 166        if (!is_mem_full(ar)) {
 167                unsigned int i;
 168                for (i = 0; i < ar->hw->queues; i++) {
 169                        if (ar->tx_stats[i].len >= CARL9170_NUM_TX_LIMIT_SOFT)
 170                                continue;
 171
 172                        if (ieee80211_queue_stopped(ar->hw, i)) {
 173                                unsigned long tmp;
 174
 175                                tmp = jiffies - ar->queue_stop_timeout[i];
 176                                if (tmp > ar->max_queue_stop_timeout[i])
 177                                        ar->max_queue_stop_timeout[i] = tmp;
 178                        }
 179
 180                        ieee80211_wake_queue(ar->hw, i);
 181                }
 182        }
 183
 184        spin_unlock_bh(&ar->tx_stats_lock);
 185
 186        if (atomic_dec_and_test(&ar->tx_total_queued))
 187                complete(&ar->tx_flush);
 188}
 189
 190static int carl9170_alloc_dev_space(struct ar9170 *ar, struct sk_buff *skb)
 191{
 192        struct _carl9170_tx_superframe *super = (void *) skb->data;
 193        unsigned int chunks;
 194        int cookie = -1;
 195
 196        atomic_inc(&ar->mem_allocs);
 197
 198        chunks = DIV_ROUND_UP(skb->len, ar->fw.mem_block_size);
 199        if (unlikely(atomic_sub_return(chunks, &ar->mem_free_blocks) < 0)) {
 200                atomic_add(chunks, &ar->mem_free_blocks);
 201                return -ENOSPC;
 202        }
 203
 204        spin_lock_bh(&ar->mem_lock);
 205        cookie = bitmap_find_free_region(ar->mem_bitmap, ar->fw.mem_blocks, 0);
 206        spin_unlock_bh(&ar->mem_lock);
 207
 208        if (unlikely(cookie < 0)) {
 209                atomic_add(chunks, &ar->mem_free_blocks);
 210                return -ENOSPC;
 211        }
 212
 213        super = (void *) skb->data;
 214
 215        /*
 216         * Cookie #0 serves two special purposes:
 217         *  1. The firmware might use it generate BlockACK frames
 218         *     in responds of an incoming BlockAckReqs.
 219         *
 220         *  2. Prevent double-free bugs.
 221         */
 222        super->s.cookie = (u8) cookie + 1;
 223        return 0;
 224}
 225
 226static void carl9170_release_dev_space(struct ar9170 *ar, struct sk_buff *skb)
 227{
 228        struct _carl9170_tx_superframe *super = (void *) skb->data;
 229        int cookie;
 230
 231        /* make a local copy of the cookie */
 232        cookie = super->s.cookie;
 233        /* invalidate cookie */
 234        super->s.cookie = 0;
 235
 236        /*
 237         * Do a out-of-bounds check on the cookie:
 238         *
 239         *  * cookie "0" is reserved and won't be assigned to any
 240         *    out-going frame. Internally however, it is used to
 241         *    mark no longer/un-accounted frames and serves as a
 242         *    cheap way of preventing frames from being freed
 243         *    twice by _accident_. NB: There is a tiny race...
 244         *
 245         *  * obviously, cookie number is limited by the amount
 246         *    of available memory blocks, so the number can
 247         *    never execeed the mem_blocks count.
 248         */
 249        if (unlikely(WARN_ON_ONCE(cookie == 0) ||
 250            WARN_ON_ONCE(cookie > ar->fw.mem_blocks)))
 251                return;
 252
 253        atomic_add(DIV_ROUND_UP(skb->len, ar->fw.mem_block_size),
 254                   &ar->mem_free_blocks);
 255
 256        spin_lock_bh(&ar->mem_lock);
 257        bitmap_release_region(ar->mem_bitmap, cookie - 1, 0);
 258        spin_unlock_bh(&ar->mem_lock);
 259}
 260
 261/* Called from any context */
 262static void carl9170_tx_release(struct kref *ref)
 263{
 264        struct ar9170 *ar;
 265        struct carl9170_tx_info *arinfo;
 266        struct ieee80211_tx_info *txinfo;
 267        struct sk_buff *skb;
 268
 269        arinfo = container_of(ref, struct carl9170_tx_info, ref);
 270        txinfo = container_of((void *) arinfo, struct ieee80211_tx_info,
 271                              rate_driver_data);
 272        skb = container_of((void *) txinfo, struct sk_buff, cb);
 273
 274        ar = arinfo->ar;
 275        if (WARN_ON_ONCE(!ar))
 276                return;
 277
 278        BUILD_BUG_ON(
 279            offsetof(struct ieee80211_tx_info, status.ack_signal) != 20);
 280
 281        memset(&txinfo->status.ack_signal, 0,
 282               sizeof(struct ieee80211_tx_info) -
 283               offsetof(struct ieee80211_tx_info, status.ack_signal));
 284
 285        if (atomic_read(&ar->tx_total_queued))
 286                ar->tx_schedule = true;
 287
 288        if (txinfo->flags & IEEE80211_TX_CTL_AMPDU) {
 289                if (!atomic_read(&ar->tx_ampdu_upload))
 290                        ar->tx_ampdu_schedule = true;
 291
 292                if (txinfo->flags & IEEE80211_TX_STAT_AMPDU) {
 293                        struct _carl9170_tx_superframe *super;
 294
 295                        super = (void *)skb->data;
 296                        txinfo->status.ampdu_len = super->s.rix;
 297                        txinfo->status.ampdu_ack_len = super->s.cnt;
 298                } else if ((txinfo->flags & IEEE80211_TX_STAT_ACK) &&
 299                           !(txinfo->flags & IEEE80211_TX_CTL_REQ_TX_STATUS)) {
 300                        /*
 301                         * drop redundant tx_status reports:
 302                         *
 303                         * 1. ampdu_ack_len of the final tx_status does
 304                         *    include the feedback of this particular frame.
 305                         *
 306                         * 2. tx_status_irqsafe only queues up to 128
 307                         *    tx feedback reports and discards the rest.
 308                         *
 309                         * 3. minstrel_ht is picky, it only accepts
 310                         *    reports of frames with the TX_STATUS_AMPDU flag.
 311                         *
 312                         * 4. mac80211 is not particularly interested in
 313                         *    feedback either [CTL_REQ_TX_STATUS not set]
 314                         */
 315
 316                        ieee80211_free_txskb(ar->hw, skb);
 317                        return;
 318                } else {
 319                        /*
 320                         * Either the frame transmission has failed or
 321                         * mac80211 requested tx status.
 322                         */
 323                }
 324        }
 325
 326        skb_pull(skb, sizeof(struct _carl9170_tx_superframe));
 327        ieee80211_tx_status_irqsafe(ar->hw, skb);
 328}
 329
 330void carl9170_tx_get_skb(struct sk_buff *skb)
 331{
 332        struct carl9170_tx_info *arinfo = (void *)
 333                (IEEE80211_SKB_CB(skb))->rate_driver_data;
 334        kref_get(&arinfo->ref);
 335}
 336
 337int carl9170_tx_put_skb(struct sk_buff *skb)
 338{
 339        struct carl9170_tx_info *arinfo = (void *)
 340                (IEEE80211_SKB_CB(skb))->rate_driver_data;
 341
 342        return kref_put(&arinfo->ref, carl9170_tx_release);
 343}
 344
 345/* Caller must hold the tid_info->lock & rcu_read_lock */
 346static void carl9170_tx_shift_bm(struct ar9170 *ar,
 347        struct carl9170_sta_tid *tid_info, u16 seq)
 348{
 349        u16 off;
 350
 351        off = SEQ_DIFF(seq, tid_info->bsn);
 352
 353        if (WARN_ON_ONCE(off >= CARL9170_BAW_BITS))
 354                return;
 355
 356        /*
 357         * Sanity check. For each MPDU we set the bit in bitmap and
 358         * clear it once we received the tx_status.
 359         * But if the bit is already cleared then we've been bitten
 360         * by a bug.
 361         */
 362        WARN_ON_ONCE(!test_and_clear_bit(off, tid_info->bitmap));
 363
 364        off = SEQ_DIFF(tid_info->snx, tid_info->bsn);
 365        if (WARN_ON_ONCE(off >= CARL9170_BAW_BITS))
 366                return;
 367
 368        if (!bitmap_empty(tid_info->bitmap, off))
 369                off = find_first_bit(tid_info->bitmap, off);
 370
 371        tid_info->bsn += off;
 372        tid_info->bsn &= 0x0fff;
 373
 374        bitmap_shift_right(tid_info->bitmap, tid_info->bitmap,
 375                           off, CARL9170_BAW_BITS);
 376}
 377
 378static void carl9170_tx_status_process_ampdu(struct ar9170 *ar,
 379        struct sk_buff *skb, struct ieee80211_tx_info *txinfo)
 380{
 381        struct _carl9170_tx_superframe *super = (void *) skb->data;
 382        struct ieee80211_hdr *hdr = (void *) super->frame_data;
 383        struct ieee80211_sta *sta;
 384        struct carl9170_sta_info *sta_info;
 385        struct carl9170_sta_tid *tid_info;
 386        u8 tid;
 387
 388        if (!(txinfo->flags & IEEE80211_TX_CTL_AMPDU) ||
 389            txinfo->flags & IEEE80211_TX_CTL_INJECTED)
 390                return;
 391
 392        rcu_read_lock();
 393        sta = __carl9170_get_tx_sta(ar, skb);
 394        if (unlikely(!sta))
 395                goto out_rcu;
 396
 397        tid = get_tid_h(hdr);
 398
 399        sta_info = (void *) sta->drv_priv;
 400        tid_info = rcu_dereference(sta_info->agg[tid]);
 401        if (!tid_info)
 402                goto out_rcu;
 403
 404        spin_lock_bh(&tid_info->lock);
 405        if (likely(tid_info->state >= CARL9170_TID_STATE_IDLE))
 406                carl9170_tx_shift_bm(ar, tid_info, get_seq_h(hdr));
 407
 408        if (sta_info->stats[tid].clear) {
 409                sta_info->stats[tid].clear = false;
 410                sta_info->stats[tid].req = false;
 411                sta_info->stats[tid].ampdu_len = 0;
 412                sta_info->stats[tid].ampdu_ack_len = 0;
 413        }
 414
 415        sta_info->stats[tid].ampdu_len++;
 416        if (txinfo->status.rates[0].count == 1)
 417                sta_info->stats[tid].ampdu_ack_len++;
 418
 419        if (!(txinfo->flags & IEEE80211_TX_STAT_ACK))
 420                sta_info->stats[tid].req = true;
 421
 422        if (super->f.mac_control & cpu_to_le16(AR9170_TX_MAC_IMM_BA)) {
 423                super->s.rix = sta_info->stats[tid].ampdu_len;
 424                super->s.cnt = sta_info->stats[tid].ampdu_ack_len;
 425                txinfo->flags |= IEEE80211_TX_STAT_AMPDU;
 426                if (sta_info->stats[tid].req)
 427                        txinfo->flags |= IEEE80211_TX_STAT_AMPDU_NO_BACK;
 428
 429                sta_info->stats[tid].clear = true;
 430        }
 431        spin_unlock_bh(&tid_info->lock);
 432
 433out_rcu:
 434        rcu_read_unlock();
 435}
 436
 437static void carl9170_tx_bar_status(struct ar9170 *ar, struct sk_buff *skb,
 438        struct ieee80211_tx_info *tx_info)
 439{
 440        struct _carl9170_tx_superframe *super = (void *) skb->data;
 441        struct ieee80211_bar *bar = (void *) super->frame_data;
 442
 443        /*
 444         * Unlike all other frames, the status report for BARs does
 445         * not directly come from the hardware as it is incapable of
 446         * matching a BA to a previously send BAR.
 447         * Instead the RX-path will scan for incoming BAs and set the
 448         * IEEE80211_TX_STAT_ACK if it sees one that was likely
 449         * caused by a BAR from us.
 450         */
 451
 452        if (unlikely(ieee80211_is_back_req(bar->frame_control)) &&
 453           !(tx_info->flags & IEEE80211_TX_STAT_ACK)) {
 454                struct carl9170_bar_list_entry *entry;
 455                int queue = skb_get_queue_mapping(skb);
 456
 457                rcu_read_lock();
 458                list_for_each_entry_rcu(entry, &ar->bar_list[queue], list) {
 459                        if (entry->skb == skb) {
 460                                spin_lock_bh(&ar->bar_list_lock[queue]);
 461                                list_del_rcu(&entry->list);
 462                                spin_unlock_bh(&ar->bar_list_lock[queue]);
 463                                kfree_rcu(entry, head);
 464                                goto out;
 465                        }
 466                }
 467
 468                WARN(1, "bar not found in %d - ra:%pM ta:%pM c:%x ssn:%x\n",
 469                       queue, bar->ra, bar->ta, bar->control,
 470                        bar->start_seq_num);
 471out:
 472                rcu_read_unlock();
 473        }
 474}
 475
 476void carl9170_tx_status(struct ar9170 *ar, struct sk_buff *skb,
 477                        const bool success)
 478{
 479        struct ieee80211_tx_info *txinfo;
 480
 481        carl9170_tx_accounting_free(ar, skb);
 482
 483        txinfo = IEEE80211_SKB_CB(skb);
 484
 485        carl9170_tx_bar_status(ar, skb, txinfo);
 486
 487        if (success)
 488                txinfo->flags |= IEEE80211_TX_STAT_ACK;
 489        else
 490                ar->tx_ack_failures++;
 491
 492        if (txinfo->flags & IEEE80211_TX_CTL_AMPDU)
 493                carl9170_tx_status_process_ampdu(ar, skb, txinfo);
 494
 495        carl9170_tx_ps_unblock(ar, skb);
 496        carl9170_tx_put_skb(skb);
 497}
 498
 499/* This function may be called form any context */
 500void carl9170_tx_callback(struct ar9170 *ar, struct sk_buff *skb)
 501{
 502        struct ieee80211_tx_info *txinfo = IEEE80211_SKB_CB(skb);
 503
 504        atomic_dec(&ar->tx_total_pending);
 505
 506        if (txinfo->flags & IEEE80211_TX_CTL_AMPDU)
 507                atomic_dec(&ar->tx_ampdu_upload);
 508
 509        if (carl9170_tx_put_skb(skb))
 510                tasklet_hi_schedule(&ar->usb_tasklet);
 511}
 512
 513static struct sk_buff *carl9170_get_queued_skb(struct ar9170 *ar, u8 cookie,
 514                                               struct sk_buff_head *queue)
 515{
 516        struct sk_buff *skb;
 517
 518        spin_lock_bh(&queue->lock);
 519        skb_queue_walk(queue, skb) {
 520                struct _carl9170_tx_superframe *txc = (void *) skb->data;
 521
 522                if (txc->s.cookie != cookie)
 523                        continue;
 524
 525                __skb_unlink(skb, queue);
 526                spin_unlock_bh(&queue->lock);
 527
 528                carl9170_release_dev_space(ar, skb);
 529                return skb;
 530        }
 531        spin_unlock_bh(&queue->lock);
 532
 533        return NULL;
 534}
 535
 536static void carl9170_tx_fill_rateinfo(struct ar9170 *ar, unsigned int rix,
 537        unsigned int tries, struct ieee80211_tx_info *txinfo)
 538{
 539        unsigned int i;
 540
 541        for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
 542                if (txinfo->status.rates[i].idx < 0)
 543                        break;
 544
 545                if (i == rix) {
 546                        txinfo->status.rates[i].count = tries;
 547                        i++;
 548                        break;
 549                }
 550        }
 551
 552        for (; i < IEEE80211_TX_MAX_RATES; i++) {
 553                txinfo->status.rates[i].idx = -1;
 554                txinfo->status.rates[i].count = 0;
 555        }
 556}
 557
 558static void carl9170_check_queue_stop_timeout(struct ar9170 *ar)
 559{
 560        int i;
 561        struct sk_buff *skb;
 562        struct ieee80211_tx_info *txinfo;
 563        struct carl9170_tx_info *arinfo;
 564        bool restart = false;
 565
 566        for (i = 0; i < ar->hw->queues; i++) {
 567                spin_lock_bh(&ar->tx_status[i].lock);
 568
 569                skb = skb_peek(&ar->tx_status[i]);
 570
 571                if (!skb)
 572                        goto next;
 573
 574                txinfo = IEEE80211_SKB_CB(skb);
 575                arinfo = (void *) txinfo->rate_driver_data;
 576
 577                if (time_is_before_jiffies(arinfo->timeout +
 578                    msecs_to_jiffies(CARL9170_QUEUE_STUCK_TIMEOUT)) == true)
 579                        restart = true;
 580
 581next:
 582                spin_unlock_bh(&ar->tx_status[i].lock);
 583        }
 584
 585        if (restart) {
 586                /*
 587                 * At least one queue has been stuck for long enough.
 588                 * Give the device a kick and hope it gets back to
 589                 * work.
 590                 *
 591                 * possible reasons may include:
 592                 *  - frames got lost/corrupted (bad connection to the device)
 593                 *  - stalled rx processing/usb controller hiccups
 594                 *  - firmware errors/bugs
 595                 *  - every bug you can think of.
 596                 *  - all bugs you can't...
 597                 *  - ...
 598                 */
 599                carl9170_restart(ar, CARL9170_RR_STUCK_TX);
 600        }
 601}
 602
 603static void carl9170_tx_ampdu_timeout(struct ar9170 *ar)
 604{
 605        struct carl9170_sta_tid *iter;
 606        struct sk_buff *skb;
 607        struct ieee80211_tx_info *txinfo;
 608        struct carl9170_tx_info *arinfo;
 609        struct ieee80211_sta *sta;
 610
 611        rcu_read_lock();
 612        list_for_each_entry_rcu(iter, &ar->tx_ampdu_list, list) {
 613                if (iter->state < CARL9170_TID_STATE_IDLE)
 614                        continue;
 615
 616                spin_lock_bh(&iter->lock);
 617                skb = skb_peek(&iter->queue);
 618                if (!skb)
 619                        goto unlock;
 620
 621                txinfo = IEEE80211_SKB_CB(skb);
 622                arinfo = (void *)txinfo->rate_driver_data;
 623                if (time_is_after_jiffies(arinfo->timeout +
 624                    msecs_to_jiffies(CARL9170_QUEUE_TIMEOUT)))
 625                        goto unlock;
 626
 627                sta = iter->sta;
 628                if (WARN_ON(!sta))
 629                        goto unlock;
 630
 631                ieee80211_stop_tx_ba_session(sta, iter->tid);
 632unlock:
 633                spin_unlock_bh(&iter->lock);
 634
 635        }
 636        rcu_read_unlock();
 637}
 638
 639void carl9170_tx_janitor(struct work_struct *work)
 640{
 641        struct ar9170 *ar = container_of(work, struct ar9170,
 642                                         tx_janitor.work);
 643        if (!IS_STARTED(ar))
 644                return;
 645
 646        ar->tx_janitor_last_run = jiffies;
 647
 648        carl9170_check_queue_stop_timeout(ar);
 649        carl9170_tx_ampdu_timeout(ar);
 650
 651        if (!atomic_read(&ar->tx_total_queued))
 652                return;
 653
 654        ieee80211_queue_delayed_work(ar->hw, &ar->tx_janitor,
 655                msecs_to_jiffies(CARL9170_TX_TIMEOUT));
 656}
 657
 658static void __carl9170_tx_process_status(struct ar9170 *ar,
 659        const uint8_t cookie, const uint8_t info)
 660{
 661        struct sk_buff *skb;
 662        struct ieee80211_tx_info *txinfo;
 663        unsigned int r, t, q;
 664        bool success = true;
 665
 666        q = ar9170_qmap[info & CARL9170_TX_STATUS_QUEUE];
 667
 668        skb = carl9170_get_queued_skb(ar, cookie, &ar->tx_status[q]);
 669        if (!skb) {
 670                /*
 671                 * We have lost the race to another thread.
 672                 */
 673
 674                return ;
 675        }
 676
 677        txinfo = IEEE80211_SKB_CB(skb);
 678
 679        if (!(info & CARL9170_TX_STATUS_SUCCESS))
 680                success = false;
 681
 682        r = (info & CARL9170_TX_STATUS_RIX) >> CARL9170_TX_STATUS_RIX_S;
 683        t = (info & CARL9170_TX_STATUS_TRIES) >> CARL9170_TX_STATUS_TRIES_S;
 684
 685        carl9170_tx_fill_rateinfo(ar, r, t, txinfo);
 686        carl9170_tx_status(ar, skb, success);
 687}
 688
 689void carl9170_tx_process_status(struct ar9170 *ar,
 690                                const struct carl9170_rsp *cmd)
 691{
 692        unsigned int i;
 693
 694        for (i = 0;  i < cmd->hdr.ext; i++) {
 695                if (WARN_ON(i > ((cmd->hdr.len / 2) + 1))) {
 696                        print_hex_dump_bytes("UU:", DUMP_PREFIX_NONE,
 697                                             (void *) cmd, cmd->hdr.len + 4);
 698                        break;
 699                }
 700
 701                __carl9170_tx_process_status(ar, cmd->_tx_status[i].cookie,
 702                                             cmd->_tx_status[i].info);
 703        }
 704}
 705
 706static void carl9170_tx_rate_tpc_chains(struct ar9170 *ar,
 707        struct ieee80211_tx_info *info, struct ieee80211_tx_rate *txrate,
 708        unsigned int *phyrate, unsigned int *tpc, unsigned int *chains)
 709{
 710        struct ieee80211_rate *rate = NULL;
 711        u8 *txpower;
 712        unsigned int idx;
 713
 714        idx = txrate->idx;
 715        *tpc = 0;
 716        *phyrate = 0;
 717
 718        if (txrate->flags & IEEE80211_TX_RC_MCS) {
 719                if (txrate->flags & IEEE80211_TX_RC_40_MHZ_WIDTH) {
 720                        /* +1 dBm for HT40 */
 721                        *tpc += 2;
 722
 723                        if (info->band == IEEE80211_BAND_2GHZ)
 724                                txpower = ar->power_2G_ht40;
 725                        else
 726                                txpower = ar->power_5G_ht40;
 727                } else {
 728                        if (info->band == IEEE80211_BAND_2GHZ)
 729                                txpower = ar->power_2G_ht20;
 730                        else
 731                                txpower = ar->power_5G_ht20;
 732                }
 733
 734                *phyrate = txrate->idx;
 735                *tpc += txpower[idx & 7];
 736        } else {
 737                if (info->band == IEEE80211_BAND_2GHZ) {
 738                        if (idx < 4)
 739                                txpower = ar->power_2G_cck;
 740                        else
 741                                txpower = ar->power_2G_ofdm;
 742                } else {
 743                        txpower = ar->power_5G_leg;
 744                        idx += 4;
 745                }
 746
 747                rate = &__carl9170_ratetable[idx];
 748                *tpc += txpower[(rate->hw_value & 0x30) >> 4];
 749                *phyrate = rate->hw_value & 0xf;
 750        }
 751
 752        if (ar->eeprom.tx_mask == 1) {
 753                *chains = AR9170_TX_PHY_TXCHAIN_1;
 754        } else {
 755                if (!(txrate->flags & IEEE80211_TX_RC_MCS) &&
 756                    rate && rate->bitrate >= 360)
 757                        *chains = AR9170_TX_PHY_TXCHAIN_1;
 758                else
 759                        *chains = AR9170_TX_PHY_TXCHAIN_2;
 760        }
 761
 762        *tpc = min_t(unsigned int, *tpc, ar->hw->conf.power_level * 2);
 763}
 764
 765static __le32 carl9170_tx_physet(struct ar9170 *ar,
 766        struct ieee80211_tx_info *info, struct ieee80211_tx_rate *txrate)
 767{
 768        unsigned int power = 0, chains = 0, phyrate = 0;
 769        __le32 tmp;
 770
 771        tmp = cpu_to_le32(0);
 772
 773        if (txrate->flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
 774                tmp |= cpu_to_le32(AR9170_TX_PHY_BW_40MHZ <<
 775                        AR9170_TX_PHY_BW_S);
 776        /* this works because 40 MHz is 2 and dup is 3 */
 777        if (txrate->flags & IEEE80211_TX_RC_DUP_DATA)
 778                tmp |= cpu_to_le32(AR9170_TX_PHY_BW_40MHZ_DUP <<
 779                        AR9170_TX_PHY_BW_S);
 780
 781        if (txrate->flags & IEEE80211_TX_RC_SHORT_GI)
 782                tmp |= cpu_to_le32(AR9170_TX_PHY_SHORT_GI);
 783
 784        if (txrate->flags & IEEE80211_TX_RC_MCS) {
 785                SET_VAL(AR9170_TX_PHY_MCS, phyrate, txrate->idx);
 786
 787                /* heavy clip control */
 788                tmp |= cpu_to_le32((txrate->idx & 0x7) <<
 789                        AR9170_TX_PHY_TX_HEAVY_CLIP_S);
 790
 791                tmp |= cpu_to_le32(AR9170_TX_PHY_MOD_HT);
 792
 793                /*
 794                 * green field preamble does not work.
 795                 *
 796                 * if (txrate->flags & IEEE80211_TX_RC_GREEN_FIELD)
 797                 * tmp |= cpu_to_le32(AR9170_TX_PHY_GREENFIELD);
 798                 */
 799        } else {
 800                if (info->band == IEEE80211_BAND_2GHZ) {
 801                        if (txrate->idx <= AR9170_TX_PHY_RATE_CCK_11M)
 802                                tmp |= cpu_to_le32(AR9170_TX_PHY_MOD_CCK);
 803                        else
 804                                tmp |= cpu_to_le32(AR9170_TX_PHY_MOD_OFDM);
 805                } else {
 806                        tmp |= cpu_to_le32(AR9170_TX_PHY_MOD_OFDM);
 807                }
 808
 809                /*
 810                 * short preamble seems to be broken too.
 811                 *
 812                 * if (txrate->flags & IEEE80211_TX_RC_USE_SHORT_PREAMBLE)
 813                 *      tmp |= cpu_to_le32(AR9170_TX_PHY_SHORT_PREAMBLE);
 814                 */
 815        }
 816        carl9170_tx_rate_tpc_chains(ar, info, txrate,
 817                                    &phyrate, &power, &chains);
 818
 819        tmp |= cpu_to_le32(SET_CONSTVAL(AR9170_TX_PHY_MCS, phyrate));
 820        tmp |= cpu_to_le32(SET_CONSTVAL(AR9170_TX_PHY_TX_PWR, power));
 821        tmp |= cpu_to_le32(SET_CONSTVAL(AR9170_TX_PHY_TXCHAIN, chains));
 822        return tmp;
 823}
 824
 825static bool carl9170_tx_rts_check(struct ar9170 *ar,
 826                                  struct ieee80211_tx_rate *rate,
 827                                  bool ampdu, bool multi)
 828{
 829        switch (ar->erp_mode) {
 830        case CARL9170_ERP_AUTO:
 831                if (ampdu)
 832                        break;
 833
 834        case CARL9170_ERP_MAC80211:
 835                if (!(rate->flags & IEEE80211_TX_RC_USE_RTS_CTS))
 836                        break;
 837
 838        case CARL9170_ERP_RTS:
 839                if (likely(!multi))
 840                        return true;
 841
 842        default:
 843                break;
 844        }
 845
 846        return false;
 847}
 848
 849static bool carl9170_tx_cts_check(struct ar9170 *ar,
 850                                  struct ieee80211_tx_rate *rate)
 851{
 852        switch (ar->erp_mode) {
 853        case CARL9170_ERP_AUTO:
 854        case CARL9170_ERP_MAC80211:
 855                if (!(rate->flags & IEEE80211_TX_RC_USE_CTS_PROTECT))
 856                        break;
 857
 858        case CARL9170_ERP_CTS:
 859                return true;
 860
 861        default:
 862                break;
 863        }
 864
 865        return false;
 866}
 867
 868static void carl9170_tx_get_rates(struct ar9170 *ar,
 869                                  struct ieee80211_vif *vif,
 870                                  struct ieee80211_sta *sta,
 871                                  struct sk_buff *skb)
 872{
 873        struct ieee80211_tx_info *info;
 874
 875        BUILD_BUG_ON(IEEE80211_TX_MAX_RATES < CARL9170_TX_MAX_RATES);
 876        BUILD_BUG_ON(IEEE80211_TX_MAX_RATES > IEEE80211_TX_RATE_TABLE_SIZE);
 877
 878        info = IEEE80211_SKB_CB(skb);
 879
 880        ieee80211_get_tx_rates(vif, sta, skb,
 881                               info->control.rates,
 882                               IEEE80211_TX_MAX_RATES);
 883}
 884
 885static void carl9170_tx_apply_rateset(struct ar9170 *ar,
 886                                      struct ieee80211_tx_info *sinfo,
 887                                      struct sk_buff *skb)
 888{
 889        struct ieee80211_tx_rate *txrate;
 890        struct ieee80211_tx_info *info;
 891        struct _carl9170_tx_superframe *txc = (void *) skb->data;
 892        int i;
 893        bool ampdu;
 894        bool no_ack;
 895
 896        info = IEEE80211_SKB_CB(skb);
 897        ampdu = !!(info->flags & IEEE80211_TX_CTL_AMPDU);
 898        no_ack = !!(info->flags & IEEE80211_TX_CTL_NO_ACK);
 899
 900        /* Set the rate control probe flag for all (sub-) frames.
 901         * This is because the TX_STATS_AMPDU flag is only set on
 902         * the last frame, so it has to be inherited.
 903         */
 904        info->flags |= (sinfo->flags & IEEE80211_TX_CTL_RATE_CTRL_PROBE);
 905
 906        /* NOTE: For the first rate, the ERP & AMPDU flags are directly
 907         * taken from mac_control. For all fallback rate, the firmware
 908         * updates the mac_control flags from the rate info field.
 909         */
 910        for (i = 0; i < CARL9170_TX_MAX_RATES; i++) {
 911                __le32 phy_set;
 912
 913                txrate = &sinfo->control.rates[i];
 914                if (txrate->idx < 0)
 915                        break;
 916
 917                phy_set = carl9170_tx_physet(ar, info, txrate);
 918                if (i == 0) {
 919                        __le16 mac_tmp = cpu_to_le16(0);
 920
 921                        /* first rate - part of the hw's frame header */
 922                        txc->f.phy_control = phy_set;
 923
 924                        if (ampdu && txrate->flags & IEEE80211_TX_RC_MCS)
 925                                mac_tmp |= cpu_to_le16(AR9170_TX_MAC_AGGR);
 926
 927                        if (carl9170_tx_rts_check(ar, txrate, ampdu, no_ack))
 928                                mac_tmp |= cpu_to_le16(AR9170_TX_MAC_PROT_RTS);
 929                        else if (carl9170_tx_cts_check(ar, txrate))
 930                                mac_tmp |= cpu_to_le16(AR9170_TX_MAC_PROT_CTS);
 931
 932                        txc->f.mac_control |= mac_tmp;
 933                } else {
 934                        /* fallback rates are stored in the firmware's
 935                         * retry rate set array.
 936                         */
 937                        txc->s.rr[i - 1] = phy_set;
 938                }
 939
 940                SET_VAL(CARL9170_TX_SUPER_RI_TRIES, txc->s.ri[i],
 941                        txrate->count);
 942
 943                if (carl9170_tx_rts_check(ar, txrate, ampdu, no_ack))
 944                        txc->s.ri[i] |= (AR9170_TX_MAC_PROT_RTS <<
 945                                CARL9170_TX_SUPER_RI_ERP_PROT_S);
 946                else if (carl9170_tx_cts_check(ar, txrate))
 947                        txc->s.ri[i] |= (AR9170_TX_MAC_PROT_CTS <<
 948                                CARL9170_TX_SUPER_RI_ERP_PROT_S);
 949
 950                if (ampdu && (txrate->flags & IEEE80211_TX_RC_MCS))
 951                        txc->s.ri[i] |= CARL9170_TX_SUPER_RI_AMPDU;
 952        }
 953}
 954
 955static int carl9170_tx_prepare(struct ar9170 *ar,
 956                               struct ieee80211_sta *sta,
 957                               struct sk_buff *skb)
 958{
 959        struct ieee80211_hdr *hdr;
 960        struct _carl9170_tx_superframe *txc;
 961        struct carl9170_vif_info *cvif;
 962        struct ieee80211_tx_info *info;
 963        struct carl9170_tx_info *arinfo;
 964        unsigned int hw_queue;
 965        __le16 mac_tmp;
 966        u16 len;
 967
 968        BUILD_BUG_ON(sizeof(*arinfo) > sizeof(info->rate_driver_data));
 969        BUILD_BUG_ON(sizeof(struct _carl9170_tx_superdesc) !=
 970                     CARL9170_TX_SUPERDESC_LEN);
 971
 972        BUILD_BUG_ON(sizeof(struct _ar9170_tx_hwdesc) !=
 973                     AR9170_TX_HWDESC_LEN);
 974
 975        BUILD_BUG_ON(AR9170_MAX_VIRTUAL_MAC >
 976                ((CARL9170_TX_SUPER_MISC_VIF_ID >>
 977                 CARL9170_TX_SUPER_MISC_VIF_ID_S) + 1));
 978
 979        hw_queue = ar9170_qmap[carl9170_get_queue(ar, skb)];
 980
 981        hdr = (void *)skb->data;
 982        info = IEEE80211_SKB_CB(skb);
 983        len = skb->len;
 984
 985        /*
 986         * Note: If the frame was sent through a monitor interface,
 987         * the ieee80211_vif pointer can be NULL.
 988         */
 989        if (likely(info->control.vif))
 990                cvif = (void *) info->control.vif->drv_priv;
 991        else
 992                cvif = NULL;
 993
 994        txc = (void *)skb_push(skb, sizeof(*txc));
 995        memset(txc, 0, sizeof(*txc));
 996
 997        SET_VAL(CARL9170_TX_SUPER_MISC_QUEUE, txc->s.misc, hw_queue);
 998
 999        if (likely(cvif))
1000                SET_VAL(CARL9170_TX_SUPER_MISC_VIF_ID, txc->s.misc, cvif->id);

1001
1002        if (unlikely(info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM))
1003                txc->s.misc |= CARL9170_TX_SUPER_MISC_CAB;
1004
1005        if (unlikely(info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ))
1006                txc->s.misc |= CARL9170_TX_SUPER_MISC_ASSIGN_SEQ;
1007
1008        if (unlikely(ieee80211_is_probe_resp(hdr->frame_control)))
1009                txc->s.misc |= CARL9170_TX_SUPER_MISC_FILL_IN_TSF;
1010
1011        mac_tmp = cpu_to_le16(AR9170_TX_MAC_HW_DURATION |
1012                              AR9170_TX_MAC_BACKOFF);
1013        mac_tmp |= cpu_to_le16((hw_queue << AR9170_TX_MAC_QOS_S) &
1014                               AR9170_TX_MAC_QOS);
1015
1016        if (unlikely(info->flags & IEEE80211_TX_CTL_NO_ACK))
1017                mac_tmp |= cpu_to_le16(AR9170_TX_MAC_NO_ACK);
1018
1019        if (info->control.hw_key) {
1020                len += info->control.hw_key->icv_len;
1021
1022                switch (info->control.hw_key->cipher) {
1023                case WLAN_CIPHER_SUITE_WEP40:
1024                case WLAN_CIPHER_SUITE_WEP104:
1025                case WLAN_CIPHER_SUITE_TKIP:
1026                        mac_tmp |= cpu_to_le16(AR9170_TX_MAC_ENCR_RC4);
1027                        break;
1028                case WLAN_CIPHER_SUITE_CCMP:
1029                        mac_tmp |= cpu_to_le16(AR9170_TX_MAC_ENCR_AES);
1030                        break;
1031                default:
1032                        WARN_ON(1);
1033                        goto err_out;
1034                }
1035        }
1036
1037        if (info->flags & IEEE80211_TX_CTL_AMPDU) {
1038                unsigned int density, factor;
1039
1040                if (unlikely(!sta || !cvif))
1041                        goto err_out;
1042
1043                factor = min_t(unsigned int, 1u, sta->ht_cap.ampdu_factor);
1044                density = sta->ht_cap.ampdu_density;
1045
1046                if (density) {
1047                        /*
1048                         * Watch out!
1049                         *
1050                         * Otus uses slightly different density values than
1051                         * those from the 802.11n spec.
1052                         */
1053
1054                        density = max_t(unsigned int, density + 1, 7u);
1055                }
1056
1057                SET_VAL(CARL9170_TX_SUPER_AMPDU_DENSITY,
1058                        txc->s.ampdu_settings, density);
1059
1060                SET_VAL(CARL9170_TX_SUPER_AMPDU_FACTOR,
1061                        txc->s.ampdu_settings, factor);
1062        }
1063
1064        txc->s.len = cpu_to_le16(skb->len);
1065        txc->f.length = cpu_to_le16(len + FCS_LEN);
1066        txc->f.mac_control = mac_tmp;
1067
1068        arinfo = (void *)info->rate_driver_data;
1069        arinfo->timeout = jiffies;
1070        arinfo->ar = ar;
1071        kref_init(&arinfo->ref);
1072        return 0;
1073
1074err_out:
1075        skb_pull(skb, sizeof(*txc));
1076        return -EINVAL;
1077}
1078
1079static void carl9170_set_immba(struct ar9170 *ar, struct sk_buff *skb)
1080{
1081        struct _carl9170_tx_superframe *super;
1082
1083        super = (void *) skb->data;
1084        super->f.mac_control |= cpu_to_le16(AR9170_TX_MAC_IMM_BA);
1085}
1086
1087static void carl9170_set_ampdu_params(struct ar9170 *ar, struct sk_buff *skb)
1088{
1089        struct _carl9170_tx_superframe *super;
1090        int tmp;
1091
1092        super = (void *) skb->data;
1093
1094        tmp = (super->s.ampdu_settings & CARL9170_TX_SUPER_AMPDU_DENSITY) <<
1095                CARL9170_TX_SUPER_AMPDU_DENSITY_S;
1096
1097        /*
1098         * If you haven't noticed carl9170_tx_prepare has already filled
1099         * in all ampdu spacing & factor parameters.
1100         * Now it's the time to check whenever the settings have to be
1101         * updated by the firmware, or if everything is still the same.
1102         *
1103         * There's no sane way to handle different density values with
1104         * this hardware, so we may as well just do the compare in the
1105         * driver.
1106         */
1107
1108        if (tmp != ar->current_density) {
1109                ar->current_density = tmp;
1110                super->s.ampdu_settings |=
1111                        CARL9170_TX_SUPER_AMPDU_COMMIT_DENSITY;
1112        }
1113
1114        tmp = (super->s.ampdu_settings & CARL9170_TX_SUPER_AMPDU_FACTOR) <<
1115                CARL9170_TX_SUPER_AMPDU_FACTOR_S;
1116
1117        if (tmp != ar->current_factor) {
1118                ar->current_factor = tmp;
1119                super->s.ampdu_settings |=
1120                        CARL9170_TX_SUPER_AMPDU_COMMIT_FACTOR;
1121        }
1122}
1123
1124static void carl9170_tx_ampdu(struct ar9170 *ar)
1125{
1126        struct sk_buff_head agg;
1127        struct carl9170_sta_tid *tid_info;
1128        struct sk_buff *skb, *first;
1129        struct ieee80211_tx_info *tx_info_first;
1130        unsigned int i = 0, done_ampdus = 0;
1131        u16 seq, queue, tmpssn;
1132
1133        atomic_inc(&ar->tx_ampdu_scheduler);
1134        ar->tx_ampdu_schedule = false;
1135
1136        if (atomic_read(&ar->tx_ampdu_upload))
1137                return;
1138
1139        if (!ar->tx_ampdu_list_len)
1140                return;
1141
1142        __skb_queue_head_init(&agg);
1143
1144        rcu_read_lock();
1145        tid_info = rcu_dereference(ar->tx_ampdu_iter);
1146        if (WARN_ON_ONCE(!tid_info)) {
1147                rcu_read_unlock();
1148                return;
1149        }
1150
1151retry:
1152        list_for_each_entry_continue_rcu(tid_info, &ar->tx_ampdu_list, list) {
1153                i++;
1154
1155                if (tid_info->state < CARL9170_TID_STATE_PROGRESS)
1156                        continue;
1157
1158                queue = TID_TO_WME_AC(tid_info->tid);
1159
1160                spin_lock_bh(&tid_info->lock);
1161                if (tid_info->state != CARL9170_TID_STATE_XMIT)
1162                        goto processed;
1163
1164                tid_info->counter++;
1165                first = skb_peek(&tid_info->queue);
1166                tmpssn = carl9170_get_seq(first);
1167                seq = tid_info->snx;
1168
1169                if (unlikely(tmpssn != seq)) {
1170                        tid_info->state = CARL9170_TID_STATE_IDLE;
1171
1172                        goto processed;
1173                }
1174
1175                tx_info_first = NULL;
1176                while ((skb = skb_peek(&tid_info->queue))) {
1177                        /* strict 0, 1, ..., n - 1, n frame sequence order */
1178                        if (unlikely(carl9170_get_seq(skb) != seq))
1179                                break;
1180
1181                        /* don't upload more than AMPDU FACTOR allows. */
1182                        if (unlikely(SEQ_DIFF(tid_info->snx, tid_info->bsn) >=
1183                            (tid_info->max - 1)))
1184                                break;
1185
1186                        if (!tx_info_first) {
1187                                carl9170_tx_get_rates(ar, tid_info->vif,
1188                                                      tid_info->sta, first);
1189                                tx_info_first = IEEE80211_SKB_CB(first);
1190                        }
1191
1192                        carl9170_tx_apply_rateset(ar, tx_info_first, skb);
1193
1194                        atomic_inc(&ar->tx_ampdu_upload);
1195                        tid_info->snx = seq = SEQ_NEXT(seq);
1196                        __skb_unlink(skb, &tid_info->queue);
1197
1198                        __skb_queue_tail(&agg, skb);
1199
1200                        if (skb_queue_len(&agg) >= CARL9170_NUM_TX_AGG_MAX)
1201                                break;
1202                }
1203
1204                if (skb_queue_empty(&tid_info->queue) ||
1205                    carl9170_get_seq(skb_peek(&tid_info->queue)) !=
1206                    tid_info->snx) {
1207                        /* stop TID, if A-MPDU frames are still missing,
1208                         * or whenever the queue is empty.
1209                         */
1210
1211                        tid_info->state = CARL9170_TID_STATE_IDLE;
1212                }
1213                done_ampdus++;
1214
1215processed:
1216                spin_unlock_bh(&tid_info->lock);
1217
1218                if (skb_queue_empty(&agg))
1219                        continue;
1220
1221                /* apply ampdu spacing & factor settings */
1222                carl9170_set_ampdu_params(ar, skb_peek(&agg));
1223
1224                /* set aggregation push bit */
1225                carl9170_set_immba(ar, skb_peek_tail(&agg));
1226
1227                spin_lock_bh(&ar->tx_pending[queue].lock);
1228                skb_queue_splice_tail_init(&agg, &ar->tx_pending[queue]);
1229                spin_unlock_bh(&ar->tx_pending[queue].lock);
1230                ar->tx_schedule = true;
1231        }
1232        if ((done_ampdus++ == 0) && (i++ == 0))
1233                goto retry;
1234
1235        rcu_assign_pointer(ar->tx_ampdu_iter, tid_info);
1236        rcu_read_unlock();
1237}
1238
1239static struct sk_buff *carl9170_tx_pick_skb(struct ar9170 *ar,
1240                                            struct sk_buff_head *queue)
1241{
1242        struct sk_buff *skb;
1243        struct ieee80211_tx_info *info;
1244        struct carl9170_tx_info *arinfo;
1245
1246        BUILD_BUG_ON(sizeof(*arinfo) > sizeof(info->rate_driver_data));
1247
1248        spin_lock_bh(&queue->lock);
1249        skb = skb_peek(queue);
1250        if (unlikely(!skb))
1251                goto err_unlock;
1252
1253        if (carl9170_alloc_dev_space(ar, skb))
1254                goto err_unlock;
1255
1256        __skb_unlink(skb, queue);
1257        spin_unlock_bh(&queue->lock);
1258
1259        info = IEEE80211_SKB_CB(skb);
1260        arinfo = (void *) info->rate_driver_data;
1261
1262        arinfo->timeout = jiffies;
1263        return skb;
1264
1265err_unlock:
1266        spin_unlock_bh(&queue->lock);
1267        return NULL;
1268}
1269
1270void carl9170_tx_drop(struct ar9170 *ar, struct sk_buff *skb)
1271{
1272        struct _carl9170_tx_superframe *super;
1273        uint8_t q = 0;
1274
1275        ar->tx_dropped++;
1276
1277        super = (void *)skb->data;
1278        SET_VAL(CARL9170_TX_SUPER_MISC_QUEUE, q,
1279                ar9170_qmap[carl9170_get_queue(ar, skb)]);
1280        __carl9170_tx_process_status(ar, super->s.cookie, q);
1281}
1282
1283static bool carl9170_tx_ps_drop(struct ar9170 *ar, struct sk_buff *skb)
1284{
1285        struct ieee80211_sta *sta;
1286        struct carl9170_sta_info *sta_info;
1287        struct ieee80211_tx_info *tx_info;
1288
1289        rcu_read_lock();
1290        sta = __carl9170_get_tx_sta(ar, skb);
1291        if (!sta)
1292                goto out_rcu;
1293
1294        sta_info = (void *) sta->drv_priv;
1295        tx_info = IEEE80211_SKB_CB(skb);
1296
1297        if (unlikely(sta_info->sleeping) &&
1298            !(tx_info->flags & (IEEE80211_TX_CTL_NO_PS_BUFFER |
1299                                IEEE80211_TX_CTL_CLEAR_PS_FILT))) {
1300                rcu_read_unlock();
1301
1302                if (tx_info->flags & IEEE80211_TX_CTL_AMPDU)
1303                        atomic_dec(&ar->tx_ampdu_upload);
1304
1305                tx_info->flags |= IEEE80211_TX_STAT_TX_FILTERED;
1306                carl9170_release_dev_space(ar, skb);
1307                carl9170_tx_status(ar, skb, false);
1308                return true;
1309        }
1310
1311out_rcu:
1312        rcu_read_unlock();
1313        return false;
1314}
1315
1316static void carl9170_bar_check(struct ar9170 *ar, struct sk_buff *skb)
1317{
1318        struct _carl9170_tx_superframe *super = (void *) skb->data;
1319        struct ieee80211_bar *bar = (void *) super->frame_data;
1320
1321        if (unlikely(ieee80211_is_back_req(bar->frame_control)) &&
1322            skb->len >= sizeof(struct ieee80211_bar)) {
1323                struct carl9170_bar_list_entry *entry;
1324                unsigned int queue = skb_get_queue_mapping(skb);
1325
1326                entry = kmalloc(sizeof(*entry), GFP_ATOMIC);
1327                if (!WARN_ON_ONCE(!entry)) {
1328                        entry->skb = skb;
1329                        spin_lock_bh(&ar->bar_list_lock[queue]);
1330                        list_add_tail_rcu(&entry->list, &ar->bar_list[queue]);
1331                        spin_unlock_bh(&ar->bar_list_lock[queue]);
1332                }
1333        }
1334}
1335
1336static void carl9170_tx(struct ar9170 *ar)
1337{
1338        struct sk_buff *skb;
1339        unsigned int i, q;
1340        bool schedule_garbagecollector = false;
1341
1342        ar->tx_schedule = false;
1343
1344        if (unlikely(!IS_STARTED(ar)))
1345                return;
1346
1347        carl9170_usb_handle_tx_err(ar);
1348
1349        for (i = 0; i < ar->hw->queues; i++) {
1350                while (!skb_queue_empty(&ar->tx_pending[i])) {
1351                        skb = carl9170_tx_pick_skb(ar, &ar->tx_pending[i]);
1352                        if (unlikely(!skb))
1353                                break;
1354
1355                        if (unlikely(carl9170_tx_ps_drop(ar, skb)))
1356                                continue;
1357
1358                        carl9170_bar_check(ar, skb);
1359
1360                        atomic_inc(&ar->tx_total_pending);
1361
1362                        q = __carl9170_get_queue(ar, i);
1363                        /*
1364                         * NB: tx_status[i] vs. tx_status[q],
1365                         * TODO: Move into pick_skb or alloc_dev_space.
1366                         */
1367                        skb_queue_tail(&ar->tx_status[q], skb);
1368
1369                        /*
1370                         * increase ref count to "2".
1371                         * Ref counting is the easiest way to solve the
1372                         * race between the urb's completion routine:
1373                         *      carl9170_tx_callback
1374                         * and wlan tx status functions:
1375                         *      carl9170_tx_status/janitor.
1376                         */
1377                        carl9170_tx_get_skb(skb);
1378
1379                        carl9170_usb_tx(ar, skb);
1380                        schedule_garbagecollector = true;
1381                }
1382        }
1383
1384        if (!schedule_garbagecollector)
1385                return;
1386
1387        ieee80211_queue_delayed_work(ar->hw, &ar->tx_janitor,
1388                msecs_to_jiffies(CARL9170_TX_TIMEOUT));
1389}
1390
1391static bool carl9170_tx_ampdu_queue(struct ar9170 *ar,
1392        struct ieee80211_sta *sta, struct sk_buff *skb,
1393        struct ieee80211_tx_info *txinfo)
1394{
1395        struct carl9170_sta_info *sta_info;
1396        struct carl9170_sta_tid *agg;
1397        struct sk_buff *iter;
1398        u16 tid, seq, qseq, off;
1399        bool run = false;
1400
1401        tid = carl9170_get_tid(skb);
1402        seq = carl9170_get_seq(skb);
1403        sta_info = (void *) sta->drv_priv;
1404
1405        rcu_read_lock();
1406        agg = rcu_dereference(sta_info->agg[tid]);
1407
1408        if (!agg)
1409                goto err_unlock_rcu;
1410
1411        spin_lock_bh(&agg->lock);
1412        if (unlikely(agg->state < CARL9170_TID_STATE_IDLE))
1413                goto err_unlock;
1414
1415        /* check if sequence is within the BA window */
1416        if (unlikely(!BAW_WITHIN(agg->bsn, CARL9170_BAW_BITS, seq)))
1417                goto err_unlock;
1418
1419        if (WARN_ON_ONCE(!BAW_WITHIN(agg->snx, CARL9170_BAW_BITS, seq)))
1420                goto err_unlock;
1421
1422        off = SEQ_DIFF(seq, agg->bsn);
1423        if (WARN_ON_ONCE(test_and_set_bit(off, agg->bitmap)))
1424                goto err_unlock;
1425
1426        if (likely(BAW_WITHIN(agg->hsn, CARL9170_BAW_BITS, seq))) {
1427                __skb_queue_tail(&agg->queue, skb);
1428                agg->hsn = seq;
1429                goto queued;
1430        }
1431
1432        skb_queue_reverse_walk(&agg->queue, iter) {
1433                qseq = carl9170_get_seq(iter);
1434
1435                if (BAW_WITHIN(qseq, CARL9170_BAW_BITS, seq)) {
1436                        __skb_queue_after(&agg->queue, iter, skb);
1437                        goto queued;
1438                }
1439        }
1440
1441        __skb_queue_head(&agg->queue, skb);
1442queued:
1443
1444        if (unlikely(agg->state != CARL9170_TID_STATE_XMIT)) {
1445                if (agg->snx == carl9170_get_seq(skb_peek(&agg->queue))) {
1446                        agg->state = CARL9170_TID_STATE_XMIT;
1447                        run = true;
1448                }
1449        }
1450
1451        spin_unlock_bh(&agg->lock);
1452        rcu_read_unlock();
1453
1454        return run;
1455
1456err_unlock:
1457        spin_unlock_bh(&agg->lock);
1458
1459err_unlock_rcu:
1460        rcu_read_unlock();
1461        txinfo->flags &= ~IEEE80211_TX_CTL_AMPDU;
1462        carl9170_tx_status(ar, skb, false);
1463        ar->tx_dropped++;
1464        return false;
1465}
1466
1467void carl9170_op_tx(struct ieee80211_hw *hw,
1468                    struct ieee80211_tx_control *control,
1469                    struct sk_buff *skb)
1470{
1471        struct ar9170 *ar = hw->priv;
1472        struct ieee80211_tx_info *info;
1473        struct ieee80211_sta *sta = control->sta;
1474        struct ieee80211_vif *vif;
1475        bool run;
1476
1477        if (unlikely(!IS_STARTED(ar)))
1478                goto err_free;
1479
1480        info = IEEE80211_SKB_CB(skb);
1481        vif = info->control.vif;
1482
1483        if (unlikely(carl9170_tx_prepare(ar, sta, skb)))
1484                goto err_free;
1485
1486        carl9170_tx_accounting(ar, skb);
1487        /*
1488         * from now on, one has to use carl9170_tx_status to free
1489         * all ressouces which are associated with the frame.
1490         */
1491
1492        if (sta) {
1493                struct carl9170_sta_info *stai = (void *) sta->drv_priv;
1494                atomic_inc(&stai->pending_frames);
1495        }
1496
1497        if (info->flags & IEEE80211_TX_CTL_AMPDU) {
1498                /* to static code analyzers and reviewers:
1499                 * mac80211 guarantees that a valid "sta"
1500                 * reference is present, if a frame is to
1501                 * be part of an ampdu. Hence any extra
1502                 * sta == NULL checks are redundant in this
1503                 * special case.
1504                 */
1505                run = carl9170_tx_ampdu_queue(ar, sta, skb, info);
1506                if (run)
1507                        carl9170_tx_ampdu(ar);
1508
1509        } else {
1510                unsigned int queue = skb_get_queue_mapping(skb);
1511
1512                carl9170_tx_get_rates(ar, vif, sta, skb);
1513                carl9170_tx_apply_rateset(ar, info, skb);
1514                skb_queue_tail(&ar->tx_pending[queue], skb);
1515        }
1516
1517        carl9170_tx(ar);
1518        return;
1519
1520err_free:
1521        ar->tx_dropped++;
1522        ieee80211_free_txskb(ar->hw, skb);
1523}
1524
1525void carl9170_tx_scheduler(struct ar9170 *ar)
1526{
1527
1528        if (ar->tx_ampdu_schedule)
1529                carl9170_tx_ampdu(ar);
1530
1531        if (ar->tx_schedule)
1532                carl9170_tx(ar);
1533}
1534
1535/* caller has to take rcu_read_lock */
1536static struct carl9170_vif_info *carl9170_pick_beaconing_vif(struct ar9170 *ar)
1537{
1538        struct carl9170_vif_info *cvif;
1539        int i = 1;
1540
1541        /* The AR9170 hardware has no fancy beacon queue or some
1542         * other scheduling mechanism. So, the driver has to make
1543         * due by setting the two beacon timers (pretbtt and tbtt)
1544         * once and then swapping the beacon address in the HW's
1545         * register file each time the pretbtt fires.
1546         */
1547
1548        cvif = rcu_dereference(ar->beacon_iter);
1549        if (ar->vifs > 0 && cvif) {
1550                do {
1551                        list_for_each_entry_continue_rcu(cvif, &ar->vif_list,
1552                                                         list) {
1553                                if (cvif->active && cvif->enable_beacon)
1554                                        goto out;
1555                        }
1556                } while (ar->beacon_enabled && i--);
1557        }
1558
1559out:
1560        RCU_INIT_POINTER(ar->beacon_iter, cvif);
1561        return cvif;
1562}
1563
1564static bool carl9170_tx_beacon_physet(struct ar9170 *ar, struct sk_buff *skb,
1565                                      u32 *ht1, u32 *plcp)
1566{
1567        struct ieee80211_tx_info *txinfo;
1568        struct ieee80211_tx_rate *rate;
1569        unsigned int power, chains;
1570        bool ht_rate;
1571
1572        txinfo = IEEE80211_SKB_CB(skb);
1573        rate = &txinfo->control.rates[0];
1574        ht_rate = !!(txinfo->control.rates[0].flags & IEEE80211_TX_RC_MCS);
1575        carl9170_tx_rate_tpc_chains(ar, txinfo, rate, plcp, &power, &chains);
1576
1577        *ht1 = AR9170_MAC_BCN_HT1_TX_ANT0;
1578        if (chains == AR9170_TX_PHY_TXCHAIN_2)
1579                *ht1 |= AR9170_MAC_BCN_HT1_TX_ANT1;
1580        SET_VAL(AR9170_MAC_BCN_HT1_PWR_CTRL, *ht1, 7);
1581        SET_VAL(AR9170_MAC_BCN_HT1_TPC, *ht1, power);
1582        SET_VAL(AR9170_MAC_BCN_HT1_CHAIN_MASK, *ht1, chains);
1583
1584        if (ht_rate) {
1585                *ht1 |= AR9170_MAC_BCN_HT1_HT_EN;
1586                if (rate->flags & IEEE80211_TX_RC_SHORT_GI)
1587                        *plcp |= AR9170_MAC_BCN_HT2_SGI;
1588
1589                if (rate->flags & IEEE80211_TX_RC_40_MHZ_WIDTH) {
1590                        *ht1 |= AR9170_MAC_BCN_HT1_BWC_40M_SHARED;
1591                        *plcp |= AR9170_MAC_BCN_HT2_BW40;
1592                } else if (rate->flags & IEEE80211_TX_RC_DUP_DATA) {
1593                        *ht1 |= AR9170_MAC_BCN_HT1_BWC_40M_DUP;
1594                        *plcp |= AR9170_MAC_BCN_HT2_BW40;
1595                }
1596
1597                SET_VAL(AR9170_MAC_BCN_HT2_LEN, *plcp, skb->len + FCS_LEN);
1598        } else {
1599                if (*plcp <= AR9170_TX_PHY_RATE_CCK_11M)
1600                        *plcp |= ((skb->len + FCS_LEN) << (3 + 16)) + 0x0400;
1601                else
1602                        *plcp |= ((skb->len + FCS_LEN) << 16) + 0x0010;
1603        }
1604
1605        return ht_rate;
1606}
1607
1608int carl9170_update_beacon(struct ar9170 *ar, const bool submit)
1609{
1610        struct sk_buff *skb = NULL;
1611        struct carl9170_vif_info *cvif;
1612        __le32 *data, *old = NULL;
1613        u32 word, ht1, plcp, off, addr, len;
1614        int i = 0, err = 0;
1615        bool ht_rate;
1616
1617        rcu_read_lock();
1618        cvif = carl9170_pick_beaconing_vif(ar);
1619        if (!cvif)
1620                goto out_unlock;
1621
1622        skb = ieee80211_beacon_get_tim(ar->hw, carl9170_get_vif(cvif),
1623                NULL, NULL);
1624
1625        if (!skb) {
1626                err = -ENOMEM;
1627                goto err_free;
1628        }
1629
1630        spin_lock_bh(&ar->beacon_lock);
1631        data = (__le32 *)skb->data;
1632        if (cvif->beacon)
1633                old = (__le32 *)cvif->beacon->data;
1634
1635        off = cvif->id * AR9170_MAC_BCN_LENGTH_MAX;
1636        addr = ar->fw.beacon_addr + off;
1637        len = roundup(skb->len + FCS_LEN, 4);
1638
1639        if ((off + len) > ar->fw.beacon_max_len) {
1640                if (net_ratelimit()) {
1641                        wiphy_err(ar->hw->wiphy, "beacon does not "
1642                                  "fit into device memory!\n");
1643                }
1644                err = -EINVAL;
1645                goto err_unlock;
1646        }
1647
1648        if (len > AR9170_MAC_BCN_LENGTH_MAX) {
1649                if (net_ratelimit()) {
1650                        wiphy_err(ar->hw->wiphy, "no support for beacons "
1651                                "bigger than %d (yours:%d).\n",
1652                                 AR9170_MAC_BCN_LENGTH_MAX, len);
1653                }
1654
1655                err = -EMSGSIZE;
1656                goto err_unlock;
1657        }
1658
1659        ht_rate = carl9170_tx_beacon_physet(ar, skb, &ht1, &plcp);
1660
1661        carl9170_async_regwrite_begin(ar);
1662        carl9170_async_regwrite(AR9170_MAC_REG_BCN_HT1, ht1);
1663        if (ht_rate)
1664                carl9170_async_regwrite(AR9170_MAC_REG_BCN_HT2, plcp);
1665        else
1666                carl9170_async_regwrite(AR9170_MAC_REG_BCN_PLCP, plcp);
1667
1668        for (i = 0; i < DIV_ROUND_UP(skb->len, 4); i++) {
1669                /*
1670                 * XXX: This accesses beyond skb data for up
1671                 *      to the last 3 bytes!!
1672                 */
1673
1674                if (old && (data[i] == old[i]))
1675                        continue;
1676
1677                word = le32_to_cpu(data[i]);
1678                carl9170_async_regwrite(addr + 4 * i, word);
1679        }
1680        carl9170_async_regwrite_finish();
1681
1682        dev_kfree_skb_any(cvif->beacon);
1683        cvif->beacon = NULL;
1684
1685        err = carl9170_async_regwrite_result();
1686        if (!err)
1687                cvif->beacon = skb;
1688        spin_unlock_bh(&ar->beacon_lock);
1689        if (err)
1690                goto err_free;
1691
1692        if (submit) {
1693                err = carl9170_bcn_ctrl(ar, cvif->id,
1694                                        CARL9170_BCN_CTRL_CAB_TRIGGER,
1695                                        addr, skb->len + FCS_LEN);
1696
1697                if (err)
1698                        goto err_free;
1699        }
1700out_unlock:
1701        rcu_read_unlock();
1702        return 0;
1703
1704err_unlock:
1705        spin_unlock_bh(&ar->beacon_lock);
1706
1707err_free:
1708        rcu_read_unlock();
1709        dev_kfree_skb_any(skb);
1710        return err;
1711}
1712