LXR linux/drivers/net/wireless/ath/carl9170/tx.c

   1/*
   2 * Atheros CARL9170 driver
   3 *
   4 * 802.11 xmit & status routines
   5 *
   6 * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
   7 * Copyright 2009, 2010, Christian Lamparter <chunkeey@googlemail.com>
   8 *
   9 * This program is free software; you can redistribute it and/or modify
  10 * it under the terms of the GNU General Public License as published by
  11 * the Free Software Foundation; either version 2 of the License, or
  12 * (at your option) any later version.
  13 *
  14 * This program is distributed in the hope that it will be useful,
  15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17 * GNU General Public License for more details.
  18 *
  19 * You should have received a copy of the GNU General Public License
  20 * along with this program; see the file COPYING.  If not, see
  21 * http://www.gnu.org/licenses/.
  22 *
  23 * This file incorporates work covered by the following copyright and
  24 * permission notice:
  25 *    Copyright (c) 2007-2008 Atheros Communications, Inc.
  26 *
  27 *    Permission to use, copy, modify, and/or distribute this software for any
  28 *    purpose with or without fee is hereby granted, provided that the above
  29 *    copyright notice and this permission notice appear in all copies.
  30 *
  31 *    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  32 *    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  33 *    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  34 *    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  35 *    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  36 *    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  37 *    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  38 */
  39
  40#include <linux/slab.h>
  41#include <linux/module.h>
  42#include <linux/etherdevice.h>
  43#include <net/mac80211.h>
  44#include "carl9170.h"
  45#include "hw.h"
  46#include "cmd.h"
  47
  48static inline unsigned int __carl9170_get_queue(struct ar9170 *ar,
  49                                                unsigned int queue)
  50{
  51        if (unlikely(modparam_noht)) {
  52                return queue;
  53        } else {
  54                /*
  55                 * This is just another workaround, until
  56                 * someone figures out how to get QoS and
  57                 * AMPDU to play nicely together.
  58                 */
  59
  60                return 2;               /* AC_BE */
  61        }
  62}
  63
  64static inline unsigned int carl9170_get_queue(struct ar9170 *ar,
  65                                              struct sk_buff *skb)
  66{
  67        return __carl9170_get_queue(ar, skb_get_queue_mapping(skb));
  68}
  69
  70static bool is_mem_full(struct ar9170 *ar)
  71{
  72        return (DIV_ROUND_UP(IEEE80211_MAX_FRAME_LEN, ar->fw.mem_block_size) >
  73                atomic_read(&ar->mem_free_blocks));
  74}
  75
  76static void carl9170_tx_accounting(struct ar9170 *ar, struct sk_buff *skb)
  77{
  78        int queue, i;
  79        bool mem_full;
  80
  81        atomic_inc(&ar->tx_total_queued);
  82
  83        queue = skb_get_queue_mapping(skb);
  84        spin_lock_bh(&ar->tx_stats_lock);
  85
  86        /*
  87         * The driver has to accept the frame, regardless if the queue is
  88         * full to the brim, or not. We have to do the queuing internally,
  89         * since mac80211 assumes that a driver which can operate with
  90         * aggregated frames does not reject frames for this reason.
  91         */
  92        ar->tx_stats[queue].len++;
  93        ar->tx_stats[queue].count++;
  94
  95        mem_full = is_mem_full(ar);
  96        for (i = 0; i < ar->hw->queues; i++) {
  97                if (mem_full || ar->tx_stats[i].len >= ar->tx_stats[i].limit) {
  98                        ieee80211_stop_queue(ar->hw, i);
  99                        ar->queue_stop_timeout[i] = jiffies;
 100                }
 101        }
 102
 103        spin_unlock_bh(&ar->tx_stats_lock);
 104}
 105
 106/* needs rcu_read_lock */
 107static struct ieee80211_sta *__carl9170_get_tx_sta(struct ar9170 *ar,
 108                                                   struct sk_buff *skb)
 109{
 110        struct _carl9170_tx_superframe *super = (void *) skb->data;
 111        struct ieee80211_hdr *hdr = (void *) super->frame_data;
 112        struct ieee80211_vif *vif;
 113        unsigned int vif_id;
 114
 115        vif_id = (super->s.misc & CARL9170_TX_SUPER_MISC_VIF_ID) >>
 116                 CARL9170_TX_SUPER_MISC_VIF_ID_S;
 117
 118        if (WARN_ON_ONCE(vif_id >= AR9170_MAX_VIRTUAL_MAC))
 119                return NULL;
 120
 121        vif = rcu_dereference(ar->vif_priv[vif_id].vif);
 122        if (unlikely(!vif))
 123                return NULL;
 124
 125        /*
 126         * Normally we should use wrappers like ieee80211_get_DA to get
 127         * the correct peer ieee80211_sta.
 128         *
 129         * But there is a problem with indirect traffic (broadcasts, or
 130         * data which is designated for other stations) in station mode.
 131         * The frame will be directed to the AP for distribution and not
 132         * to the actual destination.
 133         */
 134
 135        return ieee80211_find_sta(vif, hdr->addr1);
 136}
 137
 138static void carl9170_tx_ps_unblock(struct ar9170 *ar, struct sk_buff *skb)
 139{
 140        struct ieee80211_sta *sta;
 141        struct carl9170_sta_info *sta_info;
 142
 143        rcu_read_lock();
 144        sta = __carl9170_get_tx_sta(ar, skb);
 145        if (unlikely(!sta))
 146                goto out_rcu;
 147
 148        sta_info = (struct carl9170_sta_info *) sta->drv_priv;
 149        if (atomic_dec_return(&sta_info->pending_frames) == 0)
 150                ieee80211_sta_block_awake(ar->hw, sta, false);
 151
 152out_rcu:
 153        rcu_read_unlock();
 154}
 155
 156static void carl9170_tx_accounting_free(struct ar9170 *ar, struct sk_buff *skb)
 157{
 158        int queue;
 159
 160        queue = skb_get_queue_mapping(skb);
 161
 162        spin_lock_bh(&ar->tx_stats_lock);
 163
 164        ar->tx_stats[queue].len--;
 165
 166        if (!is_mem_full(ar)) {
 167                unsigned int i;
 168                for (i = 0; i < ar->hw->queues; i++) {
 169                        if (ar->tx_stats[i].len >= CARL9170_NUM_TX_LIMIT_SOFT)
 170                                continue;
 171
 172                        if (ieee80211_queue_stopped(ar->hw, i)) {
 173                                unsigned long tmp;
 174
 175                                tmp = jiffies - ar->queue_stop_timeout[i];
 176                                if (tmp > ar->max_queue_stop_timeout[i])
 177                                        ar->max_queue_stop_timeout[i] = tmp;
 178                        }
 179
 180                        ieee80211_wake_queue(ar->hw, i);
 181                }
 182        }
 183
 184        spin_unlock_bh(&ar->tx_stats_lock);
 185
 186        if (atomic_dec_and_test(&ar->tx_total_queued))
 187                complete(&ar->tx_flush);
 188}
 189
 190static int carl9170_alloc_dev_space(struct ar9170 *ar, struct sk_buff *skb)
 191{
 192        struct _carl9170_tx_superframe *super = (void *) skb->data;
 193        unsigned int chunks;
 194        int cookie = -1;
 195
 196        atomic_inc(&ar->mem_allocs);
 197
 198        chunks = DIV_ROUND_UP(skb->len, ar->fw.mem_block_size);
 199        if (unlikely(atomic_sub_return(chunks, &ar->mem_free_blocks) < 0)) {
 200                atomic_add(chunks, &ar->mem_free_blocks);
 201                return -ENOSPC;
 202        }
 203
 204        spin_lock_bh(&ar->mem_lock);
 205        cookie = bitmap_find_free_region(ar->mem_bitmap, ar->fw.mem_blocks, 0);
 206        spin_unlock_bh(&ar->mem_lock);
 207
 208        if (unlikely(cookie < 0)) {
 209                atomic_add(chunks, &ar->mem_free_blocks);
 210                return -ENOSPC;
 211        }
 212
 213        super = (void *) skb->data;
 214
 215        /*
 216         * Cookie #0 serves two special purposes:
 217         *  1. The firmware might use it generate BlockACK frames
 218         *     in responds of an incoming BlockAckReqs.
 219         *
 220         *  2. Prevent double-free bugs.
 221         */
 222        super->s.cookie = (u8) cookie + 1;
 223        return 0;
 224}
 225
 226static void carl9170_release_dev_space(struct ar9170 *ar, struct sk_buff *skb)
 227{
 228        struct _carl9170_tx_superframe *super = (void *) skb->data;
 229        int cookie;
 230
 231        /* make a local copy of the cookie */
 232        cookie = super->s.cookie;
 233        /* invalidate cookie */
 234        super->s.cookie = 0;
 235
 236        /*
 237         * Do a out-of-bounds check on the cookie:
 238         *
 239         *  * cookie "0" is reserved and won't be assigned to any
 240         *    out-going frame. Internally however, it is used to
 241         *    mark no longer/un-accounted frames and serves as a
 242         *    cheap way of preventing frames from being freed
 243         *    twice by _accident_. NB: There is a tiny race...
 244         *
 245         *  * obviously, cookie number is limited by the amount
 246         *    of available memory blocks, so the number can
 247         *    never execeed the mem_blocks count.
 248         */
 249        if (WARN_ON_ONCE(cookie == 0) ||
 250            WARN_ON_ONCE(cookie > ar->fw.mem_blocks))
 251                return;
 252
 253        atomic_add(DIV_ROUND_UP(skb->len, ar->fw.mem_block_size),
 254                   &ar->mem_free_blocks);
 255
 256        spin_lock_bh(&ar->mem_lock);
 257        bitmap_release_region(ar->mem_bitmap, cookie - 1, 0);
 258        spin_unlock_bh(&ar->mem_lock);
 259}
 260
 261/* Called from any context */
 262static void carl9170_tx_release(struct kref *ref)
 263{
 264        struct ar9170 *ar;
 265        struct carl9170_tx_info *arinfo;
 266        struct ieee80211_tx_info *txinfo;
 267        struct sk_buff *skb;
 268
 269        arinfo = container_of(ref, struct carl9170_tx_info, ref);
 270        txinfo = container_of((void *) arinfo, struct ieee80211_tx_info,
 271                              rate_driver_data);
 272        skb = container_of((void *) txinfo, struct sk_buff, cb);
 273
 274        ar = arinfo->ar;
 275        if (WARN_ON_ONCE(!ar))
 276                return;
 277
 278        BUILD_BUG_ON(
 279            offsetof(struct ieee80211_tx_info, status.ack_signal) != 20);
 280
 281        memset(&txinfo->status.ack_signal, 0,
 282               sizeof(struct ieee80211_tx_info) -
 283               offsetof(struct ieee80211_tx_info, status.ack_signal));
 284
 285        if (atomic_read(&ar->tx_total_queued))
 286                ar->tx_schedule = true;
 287
 288        if (txinfo->flags & IEEE80211_TX_CTL_AMPDU) {
 289                if (!atomic_read(&ar->tx_ampdu_upload))
 290                        ar->tx_ampdu_schedule = true;
 291
 292                if (txinfo->flags & IEEE80211_TX_STAT_AMPDU) {
 293                        struct _carl9170_tx_superframe *super;
 294
 295                        super = (void *)skb->data;
 296                        txinfo->status.ampdu_len = super->s.rix;
 297                        txinfo->status.ampdu_ack_len = super->s.cnt;
 298                } else if ((txinfo->flags & IEEE80211_TX_STAT_ACK) &&
 299                           !(txinfo->flags & IEEE80211_TX_CTL_REQ_TX_STATUS)) {
 300                        /*
 301                         * drop redundant tx_status reports:
 302                         *
 303                         * 1. ampdu_ack_len of the final tx_status does
 304                         *    include the feedback of this particular frame.
 305                         *
 306                         * 2. tx_status_irqsafe only queues up to 128
 307                         *    tx feedback reports and discards the rest.
 308                         *
 309                         * 3. minstrel_ht is picky, it only accepts
 310                         *    reports of frames with the TX_STATUS_AMPDU flag.
 311                         *
 312                         * 4. mac80211 is not particularly interested in
 313                         *    feedback either [CTL_REQ_TX_STATUS not set]
 314                         */
 315
 316                        ieee80211_free_txskb(ar->hw, skb);
 317                        return;
 318                } else {
 319                        /*
 320                         * Either the frame transmission has failed or
 321                         * mac80211 requested tx status.
 322                         */
 323                }
 324        }
 325
 326        skb_pull(skb, sizeof(struct _carl9170_tx_superframe));
 327        ieee80211_tx_status_irqsafe(ar->hw, skb);
 328}
 329
 330void carl9170_tx_get_skb(struct sk_buff *skb)
 331{
 332        struct carl9170_tx_info *arinfo = (void *)
 333                (IEEE80211_SKB_CB(skb))->rate_driver_data;
 334        kref_get(&arinfo->ref);
 335}
 336
 337int carl9170_tx_put_skb(struct sk_buff *skb)
 338{
 339        struct carl9170_tx_info *arinfo = (void *)
 340                (IEEE80211_SKB_CB(skb))->rate_driver_data;
 341
 342        return kref_put(&arinfo->ref, carl9170_tx_release);
 343}
 344
 345/* Caller must hold the tid_info->lock & rcu_read_lock */
 346static void carl9170_tx_shift_bm(struct ar9170 *ar,
 347        struct carl9170_sta_tid *tid_info, u16 seq)
 348{
 349        u16 off;
 350
 351        off = SEQ_DIFF(seq, tid_info->bsn);
 352
 353        if (WARN_ON_ONCE(off >= CARL9170_BAW_BITS))
 354                return;
 355
 356        /*
 357         * Sanity check. For each MPDU we set the bit in bitmap and
 358         * clear it once we received the tx_status.
 359         * But if the bit is already cleared then we've been bitten
 360         * by a bug.
 361         */
 362        WARN_ON_ONCE(!test_and_clear_bit(off, tid_info->bitmap));
 363
 364        off = SEQ_DIFF(tid_info->snx, tid_info->bsn);
 365        if (WARN_ON_ONCE(off >= CARL9170_BAW_BITS))
 366                return;
 367
 368        if (!bitmap_empty(tid_info->bitmap, off))
 369                off = find_first_bit(tid_info->bitmap, off);
 370
 371        tid_info->bsn += off;
 372        tid_info->bsn &= 0x0fff;
 373
 374        bitmap_shift_right(tid_info->bitmap, tid_info->bitmap,
 375                           off, CARL9170_BAW_BITS);
 376}
 377
 378static void carl9170_tx_status_process_ampdu(struct ar9170 *ar,
 379        struct sk_buff *skb, struct ieee80211_tx_info *txinfo)
 380{
 381        struct _carl9170_tx_superframe *super = (void *) skb->data;
 382        struct ieee80211_hdr *hdr = (void *) super->frame_data;
 383        struct ieee80211_sta *sta;
 384        struct carl9170_sta_info *sta_info;
 385        struct carl9170_sta_tid *tid_info;
 386        u8 tid;
 387
 388        if (!(txinfo->flags & IEEE80211_TX_CTL_AMPDU) ||
 389            txinfo->flags & IEEE80211_TX_CTL_INJECTED)
 390                return;
 391
 392        rcu_read_lock();
 393        sta = __carl9170_get_tx_sta(ar, skb);
 394        if (unlikely(!sta))
 395                goto out_rcu;
 396
 397        tid = get_tid_h(hdr);
 398
 399        sta_info = (void *) sta->drv_priv;
 400        tid_info = rcu_dereference(sta_info->agg[tid]);
 401        if (!tid_info)
 402                goto out_rcu;
 403
 404        spin_lock_bh(&tid_info->lock);
 405        if (likely(tid_info->state >= CARL9170_TID_STATE_IDLE))
 406                carl9170_tx_shift_bm(ar, tid_info, get_seq_h(hdr));
 407
 408        if (sta_info->stats[tid].clear) {
 409                sta_info->stats[tid].clear = false;
 410                sta_info->stats[tid].req = false;
 411                sta_info->stats[tid].ampdu_len = 0;
 412                sta_info->stats[tid].ampdu_ack_len = 0;
 413        }
 414
 415        sta_info->stats[tid].ampdu_len++;
 416        if (txinfo->status.rates[0].count == 1)
 417                sta_info->stats[tid].ampdu_ack_len++;
 418
 419        if (!(txinfo->flags & IEEE80211_TX_STAT_ACK))
 420                sta_info->stats[tid].req = true;
 421
 422        if (super->f.mac_control & cpu_to_le16(AR9170_TX_MAC_IMM_BA)) {
 423                super->s.rix = sta_info->stats[tid].ampdu_len;
 424                super->s.cnt = sta_info->stats[tid].ampdu_ack_len;
 425                txinfo->flags |= IEEE80211_TX_STAT_AMPDU;
 426                if (sta_info->stats[tid].req)
 427                        txinfo->flags |= IEEE80211_TX_STAT_AMPDU_NO_BACK;
 428
 429                sta_info->stats[tid].clear = true;
 430        }
 431        spin_unlock_bh(&tid_info->lock);
 432
 433out_rcu:
 434        rcu_read_unlock();
 435}
 436
 437static void carl9170_tx_bar_status(struct ar9170 *ar, struct sk_buff *skb,
 438        struct ieee80211_tx_info *tx_info)
 439{
 440        struct _carl9170_tx_superframe *super = (void *) skb->data;
 441        struct ieee80211_bar *bar = (void *) super->frame_data;
 442
 443        /*
 444         * Unlike all other frames, the status report for BARs does
 445         * not directly come from the hardware as it is incapable of
 446         * matching a BA to a previously send BAR.
 447         * Instead the RX-path will scan for incoming BAs and set the
 448         * IEEE80211_TX_STAT_ACK if it sees one that was likely
 449         * caused by a BAR from us.
 450         */
 451
 452        if (unlikely(ieee80211_is_back_req(bar->frame_control)) &&
 453           !(tx_info->flags & IEEE80211_TX_STAT_ACK)) {
 454                struct carl9170_bar_list_entry *entry;
 455                int queue = skb_get_queue_mapping(skb);
 456
 457                rcu_read_lock();
 458                list_for_each_entry_rcu(entry, &ar->bar_list[queue], list) {
 459                        if (entry->skb == skb) {
 460                                spin_lock_bh(&ar->bar_list_lock[queue]);
 461                                list_del_rcu(&entry->list);
 462                                spin_unlock_bh(&ar->bar_list_lock[queue]);
 463                                kfree_rcu(entry, head);
 464                                goto out;
 465                        }
 466                }
 467
 468                WARN(1, "bar not found in %d - ra:%pM ta:%pM c:%x ssn:%x\n",
 469                       queue, bar->ra, bar->ta, bar->control,
 470                        bar->start_seq_num);
 471out:
 472                rcu_read_unlock();
 473        }
 474}
 475
 476void carl9170_tx_status(struct ar9170 *ar, struct sk_buff *skb,
 477                        const bool success)
 478{
 479        struct ieee80211_tx_info *txinfo;
 480
 481        carl9170_tx_accounting_free(ar, skb);
 482
 483        txinfo = IEEE80211_SKB_CB(skb);
 484
 485        carl9170_tx_bar_status(ar, skb, txinfo);
 486
 487        if (success)
 488                txinfo->flags |= IEEE80211_TX_STAT_ACK;
 489        else
 490                ar->tx_ack_failures++;
 491
 492        if (txinfo->flags & IEEE80211_TX_CTL_AMPDU)
 493                carl9170_tx_status_process_ampdu(ar, skb, txinfo);
 494
 495        carl9170_tx_ps_unblock(ar, skb);
 496        carl9170_tx_put_skb(skb);
 497}
 498
 499/* This function may be called form any context */
 500void carl9170_tx_callback(struct ar9170 *ar, struct sk_buff *skb)
 501{
 502        struct ieee80211_tx_info *txinfo = IEEE80211_SKB_CB(skb);
 503
 504        atomic_dec(&ar->tx_total_pending);
 505
 506        if (txinfo->flags & IEEE80211_TX_CTL_AMPDU)
 507                atomic_dec(&ar->tx_ampdu_upload);
 508
 509        if (carl9170_tx_put_skb(skb))
 510                tasklet_hi_schedule(&ar->usb_tasklet);
 511}
 512
 513static struct sk_buff *carl9170_get_queued_skb(struct ar9170 *ar, u8 cookie,
 514                                               struct sk_buff_head *queue)
 515{
 516        struct sk_buff *skb;
 517
 518        spin_lock_bh(&queue->lock);
 519        skb_queue_walk(queue, skb) {
 520                struct _carl9170_tx_superframe *txc = (void *) skb->data;
 521
 522                if (txc->s.cookie != cookie)
 523                        continue;
 524
 525                __skb_unlink(skb, queue);
 526                spin_unlock_bh(&queue->lock);
 527
 528                carl9170_release_dev_space(ar, skb);
 529                return skb;
 530        }
 531        spin_unlock_bh(&queue->lock);
 532
 533        return NULL;
 534}
 535
 536static void carl9170_tx_fill_rateinfo(struct ar9170 *ar, unsigned int rix,
 537        unsigned int tries, struct ieee80211_tx_info *txinfo)
 538{
 539        unsigned int i;
 540
 541        for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
 542                if (txinfo->status.rates[i].idx < 0)
 543                        break;
 544
 545                if (i == rix) {
 546                        txinfo->status.rates[i].count = tries;
 547                        i++;
 548                        break;
 549                }
 550        }
 551
 552        for (; i < IEEE80211_TX_MAX_RATES; i++) {
 553                txinfo->status.rates[i].idx = -1;
 554                txinfo->status.rates[i].count = 0;
 555        }
 556}
 557
 558static void carl9170_check_queue_stop_timeout(struct ar9170 *ar)
 559{
 560        int i;
 561        struct sk_buff *skb;
 562        struct ieee80211_tx_info *txinfo;
 563        struct carl9170_tx_info *arinfo;
 564        bool restart = false;
 565
 566        for (i = 0; i < ar->hw->queues; i++) {
 567                spin_lock_bh(&ar->tx_status[i].lock);
 568
 569                skb = skb_peek(&ar->tx_status[i]);
 570
 571                if (!skb)
 572                        goto next;
 573
 574                txinfo = IEEE80211_SKB_CB(skb);
 575                arinfo = (void *) txinfo->rate_driver_data;
 576
 577                if (time_is_before_jiffies(arinfo->timeout +
 578                    msecs_to_jiffies(CARL9170_QUEUE_STUCK_TIMEOUT)) == true)
 579                        restart = true;
 580
 581next:
 582                spin_unlock_bh(&ar->tx_status[i].lock);
 583        }
 584
 585        if (restart) {
 586                /*
 587                 * At least one queue has been stuck for long enough.
 588                 * Give the device a kick and hope it gets back to
 589                 * work.
 590                 *
 591                 * possible reasons may include:
 592                 *  - frames got lost/corrupted (bad connection to the device)
 593                 *  - stalled rx processing/usb controller hiccups
 594                 *  - firmware errors/bugs
 595                 *  - every bug you can think of.
 596                 *  - all bugs you can't...
 597                 *  - ...
 598                 */
 599                carl9170_restart(ar, CARL9170_RR_STUCK_TX);
 600        }
 601}
 602
 603static void carl9170_tx_ampdu_timeout(struct ar9170 *ar)
 604{
 605        struct carl9170_sta_tid *iter;
 606        struct sk_buff *skb;
 607        struct ieee80211_tx_info *txinfo;
 608        struct carl9170_tx_info *arinfo;
 609        struct ieee80211_sta *sta;
 610
 611        rcu_read_lock();
 612        list_for_each_entry_rcu(iter, &ar->tx_ampdu_list, list) {
 613                if (iter->state < CARL9170_TID_STATE_IDLE)
 614                        continue;
 615
 616                spin_lock_bh(&iter->lock);
 617                skb = skb_peek(&iter->queue);
 618                if (!skb)
 619                        goto unlock;
 620
 621                txinfo = IEEE80211_SKB_CB(skb);
 622                arinfo = (void *)txinfo->rate_driver_data;
 623                if (time_is_after_jiffies(arinfo->timeout +
 624                    msecs_to_jiffies(CARL9170_QUEUE_TIMEOUT)))
 625                        goto unlock;
 626
 627                sta = iter->sta;
 628                if (WARN_ON(!sta))
 629                        goto unlock;
 630
 631                ieee80211_stop_tx_ba_session(sta, iter->tid);
 632unlock:
 633                spin_unlock_bh(&iter->lock);
 634
 635        }
 636        rcu_read_unlock();
 637}
 638
 639void carl9170_tx_janitor(struct work_struct *work)
 640{
 641        struct ar9170 *ar = container_of(work, struct ar9170,
 642                                         tx_janitor.work);
 643        if (!IS_STARTED(ar))
 644                return;
 645
 646        ar->tx_janitor_last_run = jiffies;
 647
 648        carl9170_check_queue_stop_timeout(ar);
 649        carl9170_tx_ampdu_timeout(ar);
 650
 651        if (!atomic_read(&ar->tx_total_queued))
 652                return;
 653
 654        ieee80211_queue_delayed_work(ar->hw, &ar->tx_janitor,
 655                msecs_to_jiffies(CARL9170_TX_TIMEOUT));
 656}
 657
 658static void __carl9170_tx_process_status(struct ar9170 *ar,
 659        const uint8_t cookie, const uint8_t info)
 660{
 661        struct sk_buff *skb;
 662        struct ieee80211_tx_info *txinfo;
 663        unsigned int r, t, q;
 664        bool success = true;
 665
 666        q = ar9170_qmap[info & CARL9170_TX_STATUS_QUEUE];
 667
 668        skb = carl9170_get_queued_skb(ar, cookie, &ar->tx_status[q]);
 669        if (!skb) {
 670                /*
 671                 * We have lost the race to another thread.
 672                 */
 673
 674                return ;
 675        }
 676
 677        txinfo = IEEE80211_SKB_CB(skb);
 678
 679        if (!(info & CARL9170_TX_STATUS_SUCCESS))
 680                success = false;
 681
 682        r = (info & CARL9170_TX_STATUS_RIX) >> CARL9170_TX_STATUS_RIX_S;
 683        t = (info & CARL9170_TX_STATUS_TRIES) >> CARL9170_TX_STATUS_TRIES_S;
 684
 685        carl9170_tx_fill_rateinfo(ar, r, t, txinfo);
 686        carl9170_tx_status(ar, skb, success);
 687}
 688
 689void carl9170_tx_process_status(struct ar9170 *ar,
 690                                const struct carl9170_rsp *cmd)
 691{
 692        unsigned int i;
 693
 694        for (i = 0;  i < cmd->hdr.ext; i++) {
 695                if (WARN_ON(i > ((cmd->hdr.len / 2) + 1))) {
 696                        print_hex_dump_bytes("UU:", DUMP_PREFIX_NONE,
 697                                             (void *) cmd, cmd->hdr.len + 4);
 698                        break;
 699                }
 700
 701                __carl9170_tx_process_status(ar, cmd->_tx_status[i].cookie,
 702                                             cmd->_tx_status[i].info);
 703        }
 704}
 705
 706static void carl9170_tx_rate_tpc_chains(struct ar9170 *ar,
 707        struct ieee80211_tx_info *info, struct ieee80211_tx_rate *txrate,
 708        unsigned int *phyrate, unsigned int *tpc, unsigned int *chains)
 709{
 710        struct ieee80211_rate *rate = NULL;
 711        u8 *txpower;
 712        unsigned int idx;
 713
 714        idx = txrate->idx;
 715        *tpc = 0;
 716        *phyrate = 0;
 717
 718        if (txrate->flags & IEEE80211_TX_RC_MCS) {
 719                if (txrate->flags & IEEE80211_TX_RC_40_MHZ_WIDTH) {
 720                        /* +1 dBm for HT40 */
 721                        *tpc += 2;
 722
 723                        if (info->band == NL80211_BAND_2GHZ)
 724                                txpower = ar->power_2G_ht40;
 725                        else
 726                                txpower = ar->power_5G_ht40;
 727                } else {
 728                        if (info->band == NL80211_BAND_2GHZ)
 729                                txpower = ar->power_2G_ht20;
 730                        else
 731                                txpower = ar->power_5G_ht20;
 732                }
 733
 734                *phyrate = txrate->idx;
 735                *tpc += txpower[idx & 7];
 736        } else {
 737                if (info->band == NL80211_BAND_2GHZ) {
 738                        if (idx < 4)
 739                                txpower = ar->power_2G_cck;
 740                        else
 741                                txpower = ar->power_2G_ofdm;
 742                } else {
 743                        txpower = ar->power_5G_leg;
 744                        idx += 4;
 745                }
 746
 747                rate = &__carl9170_ratetable[idx];
 748                *tpc += txpower[(rate->hw_value & 0x30) >> 4];
 749                *phyrate = rate->hw_value & 0xf;
 750        }
 751
 752        if (ar->eeprom.tx_mask == 1) {
 753                *chains = AR9170_TX_PHY_TXCHAIN_1;
 754        } else {
 755                if (!(txrate->flags & IEEE80211_TX_RC_MCS) &&
 756                    rate && rate->bitrate >= 360)
 757                        *chains = AR9170_TX_PHY_TXCHAIN_1;
 758                else
 759                        *chains = AR9170_TX_PHY_TXCHAIN_2;
 760        }
 761
 762        *tpc = min_t(unsigned int, *tpc, ar->hw->conf.power_level * 2);
 763}
 764
 765static __le32 carl9170_tx_physet(struct ar9170 *ar,
 766        struct ieee80211_tx_info *info, struct ieee80211_tx_rate *txrate)
 767{
 768        unsigned int power = 0, chains = 0, phyrate = 0;
 769        __le32 tmp;
 770
 771        tmp = cpu_to_le32(0);
 772
 773        if (txrate->flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
 774                tmp |= cpu_to_le32(AR9170_TX_PHY_BW_40MHZ <<
 775                        AR9170_TX_PHY_BW_S);
 776        /* this works because 40 MHz is 2 and dup is 3 */
 777        if (txrate->flags & IEEE80211_TX_RC_DUP_DATA)
 778                tmp |= cpu_to_le32(AR9170_TX_PHY_BW_40MHZ_DUP <<
 779                        AR9170_TX_PHY_BW_S);
 780
 781        if (txrate->flags & IEEE80211_TX_RC_SHORT_GI)
 782                tmp |= cpu_to_le32(AR9170_TX_PHY_SHORT_GI);
 783
 784        if (txrate->flags & IEEE80211_TX_RC_MCS) {
 785                SET_VAL(AR9170_TX_PHY_MCS, phyrate, txrate->idx);
 786
 787                /* heavy clip control */
 788                tmp |= cpu_to_le32((txrate->idx & 0x7) <<
 789                        AR9170_TX_PHY_TX_HEAVY_CLIP_S);
 790
 791                tmp |= cpu_to_le32(AR9170_TX_PHY_MOD_HT);
 792
 793                /*
 794                 * green field preamble does not work.
 795                 *
 796                 * if (txrate->flags & IEEE80211_TX_RC_GREEN_FIELD)
 797                 * tmp |= cpu_to_le32(AR9170_TX_PHY_GREENFIELD);
 798                 */
 799        } else {
 800                if (info->band == NL80211_BAND_2GHZ) {
 801                        if (txrate->idx <= AR9170_TX_PHY_RATE_CCK_11M)
 802                                tmp |= cpu_to_le32(AR9170_TX_PHY_MOD_CCK);
 803                        else
 804                                tmp |= cpu_to_le32(AR9170_TX_PHY_MOD_OFDM);
 805                } else {
 806                        tmp |= cpu_to_le32(AR9170_TX_PHY_MOD_OFDM);
 807                }
 808
 809                /*
 810                 * short preamble seems to be broken too.
 811                 *
 812                 * if (txrate->flags & IEEE80211_TX_RC_USE_SHORT_PREAMBLE)
 813                 *      tmp |= cpu_to_le32(AR9170_TX_PHY_SHORT_PREAMBLE);
 814                 */
 815        }
 816        carl9170_tx_rate_tpc_chains(ar, info, txrate,
 817                                    &phyrate, &power, &chains);
 818
 819        tmp |= cpu_to_le32(SET_CONSTVAL(AR9170_TX_PHY_MCS, phyrate));
 820        tmp |= cpu_to_le32(SET_CONSTVAL(AR9170_TX_PHY_TX_PWR, power));
 821        tmp |= cpu_to_le32(SET_CONSTVAL(AR9170_TX_PHY_TXCHAIN, chains));
 822        return tmp;
 823}
 824
 825static bool carl9170_tx_rts_check(struct ar9170 *ar,
 826                                  struct ieee80211_tx_rate *rate,
 827                                  bool ampdu, bool multi)
 828{
 829        switch (ar->erp_mode) {
 830        case CARL9170_ERP_AUTO:
 831                if (ampdu)
 832                        break;
 833                /* fall through */
 834
 835        case CARL9170_ERP_MAC80211:
 836                if (!(rate->flags & IEEE80211_TX_RC_USE_RTS_CTS))
 837                        break;
 838                /* fall through */
 839
 840        case CARL9170_ERP_RTS:
 841                if (likely(!multi))
 842                        return true;
 843
 844        default:
 845                break;
 846        }
 847
 848        return false;
 849}
 850
 851static bool carl9170_tx_cts_check(struct ar9170 *ar,
 852                                  struct ieee80211_tx_rate *rate)
 853{
 854        switch (ar->erp_mode) {
 855        case CARL9170_ERP_AUTO:
 856        case CARL9170_ERP_MAC80211:
 857                if (!(rate->flags & IEEE80211_TX_RC_USE_CTS_PROTECT))
 858                        break;
 859                /* fall through */
 860
 861        case CARL9170_ERP_CTS:
 862                return true;
 863
 864        default:
 865                break;
 866        }
 867
 868        return false;
 869}
 870
 871static void carl9170_tx_get_rates(struct ar9170 *ar,
 872                                  struct ieee80211_vif *vif,
 873                                  struct ieee80211_sta *sta,
 874                                  struct sk_buff *skb)
 875{
 876        struct ieee80211_tx_info *info;
 877
 878        BUILD_BUG_ON(IEEE80211_TX_MAX_RATES < CARL9170_TX_MAX_RATES);
 879        BUILD_BUG_ON(IEEE80211_TX_MAX_RATES > IEEE80211_TX_RATE_TABLE_SIZE);
 880
 881        info = IEEE80211_SKB_CB(skb);
 882
 883        ieee80211_get_tx_rates(vif, sta, skb,
 884                               info->control.rates,
 885                               IEEE80211_TX_MAX_RATES);
 886}
 887
 888static void carl9170_tx_apply_rateset(struct ar9170 *ar,
 889                                      struct ieee80211_tx_info *sinfo,
 890                                      struct sk_buff *skb)
 891{
 892        struct ieee80211_tx_rate *txrate;
 893        struct ieee80211_tx_info *info;
 894        struct _carl9170_tx_superframe *txc = (void *) skb->data;
 895        int i;
 896        bool ampdu;
 897        bool no_ack;
 898
 899        info = IEEE80211_SKB_CB(skb);
 900        ampdu = !!(info->flags & IEEE80211_TX_CTL_AMPDU);
 901        no_ack = !!(info->flags & IEEE80211_TX_CTL_NO_ACK);
 902
 903        /* Set the rate control probe flag for all (sub-) frames.
 904         * This is because the TX_STATS_AMPDU flag is only set on
 905         * the last frame, so it has to be inherited.
 906         */
 907        info->flags |= (sinfo->flags & IEEE80211_TX_CTL_RATE_CTRL_PROBE);
 908
 909        /* NOTE: For the first rate, the ERP & AMPDU flags are directly
 910         * taken from mac_control. For all fallback rate, the firmware
 911         * updates the mac_control flags from the rate info field.
 912         */
 913        for (i = 0; i < CARL9170_TX_MAX_RATES; i++) {
 914                __le32 phy_set;
 915
 916                txrate = &sinfo->control.rates[i];
 917                if (txrate->idx < 0)
 918                        break;
 919
 920                phy_set = carl9170_tx_physet(ar, info, txrate);
 921                if (i == 0) {
 922                        __le16 mac_tmp = cpu_to_le16(0);
 923
 924                        /* first rate - part of the hw's frame header */
 925                        txc->f.phy_control = phy_set;
 926
 927                        if (ampdu && txrate->flags & IEEE80211_TX_RC_MCS)
 928                                mac_tmp |= cpu_to_le16(AR9170_TX_MAC_AGGR);
 929
 930                        if (carl9170_tx_rts_check(ar, txrate, ampdu, no_ack))
 931                                mac_tmp |= cpu_to_le16(AR9170_TX_MAC_PROT_RTS);
 932                        else if (carl9170_tx_cts_check(ar, txrate))
 933                                mac_tmp |= cpu_to_le16(AR9170_TX_MAC_PROT_CTS);
 934
 935                        txc->f.mac_control |= mac_tmp;
 936                } else {
 937                        /* fallback rates are stored in the firmware's
 938                         * retry rate set array.
 939                         */
 940                        txc->s.rr[i - 1] = phy_set;
 941                }
 942
 943                SET_VAL(CARL9170_TX_SUPER_RI_TRIES, txc->s.ri[i],
 944                        txrate->count);
 945
 946                if (carl9170_tx_rts_check(ar, txrate, ampdu, no_ack))
 947                        txc->s.ri[i] |= (AR9170_TX_MAC_PROT_RTS <<
 948                                CARL9170_TX_SUPER_RI_ERP_PROT_S);
 949                else if (carl9170_tx_cts_check(ar, txrate))
 950                        txc->s.ri[i] |= (AR9170_TX_MAC_PROT_CTS <<
 951                                CARL9170_TX_SUPER_RI_ERP_PROT_S);
 952
 953                if (ampdu && (txrate->flags & IEEE80211_TX_RC_MCS))
 954                        txc->s.ri[i] |= CARL9170_TX_SUPER_RI_AMPDU;
 955        }
 956}
 957
 958static int carl9170_tx_prepare(struct ar9170 *ar,
 959                               struct ieee80211_sta *sta,
 960                               struct sk_buff *skb)
 961{
 962        struct ieee80211_hdr *hdr;
 963        struct _carl9170_tx_superframe *txc;
 964        struct carl9170_vif_info *cvif;
 965        struct ieee80211_tx_info *info;
 966        struct carl9170_tx_info *arinfo;
 967        unsigned int hw_queue;
 968        __le16 mac_tmp;
 969        u16 len;
 970
 971        BUILD_BUG_ON(sizeof(*arinfo) > sizeof(info->rate_driver_data));
 972        BUILD_BUG_ON(sizeof(struct _carl9170_tx_superdesc) !=
 973                     CARL9170_TX_SUPERDESC_LEN);
 974
 975        BUILD_BUG_ON(sizeof(struct _ar9170_tx_hwdesc) !=
 976                     AR9170_TX_HWDESC_LEN);
 977
 978        BUILD_BUG_ON(AR9170_MAX_VIRTUAL_MAC >
 979                ((CARL9170_TX_SUPER_MISC_VIF_ID >>
 980                 CARL9170_TX_SUPER_MISC_VIF_ID_S) + 1));
 981
 982        hw_queue = ar9170_qmap[carl9170_get_queue(ar, skb)];
 983
 984        hdr = (void *)skb->data;
 985        info = IEEE80211_SKB_CB(skb);
 986        len = skb->len;
 987
 988        /*
 989         * Note: If the frame was sent through a monitor interface,
 990         * the ieee80211_vif pointer can be NULL.
 991         */
 992        if (likely(info->control.vif))
 993                cvif = (void *) info->control.vif->drv_priv;
 994        else
 995                cvif = NULL;
 996
 997        txc = skb_push(skb, sizeof(*txc));
 998        memset(txc, 0, sizeof(*txc));
 999
1000        SET_VAL(CARL9170_TX_SUPER_MISC_QUEUE, txc->s.misc, hw_queue);

1001
1002        if (likely(cvif))
1003                SET_VAL(CARL9170_TX_SUPER_MISC_VIF_ID, txc->s.misc, cvif->id);
1004
1005        if (unlikely(info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM))
1006                txc->s.misc |= CARL9170_TX_SUPER_MISC_CAB;
1007
1008        if (unlikely(info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ))
1009                txc->s.misc |= CARL9170_TX_SUPER_MISC_ASSIGN_SEQ;
1010
1011        if (unlikely(ieee80211_is_probe_resp(hdr->frame_control)))
1012                txc->s.misc |= CARL9170_TX_SUPER_MISC_FILL_IN_TSF;
1013
1014        mac_tmp = cpu_to_le16(AR9170_TX_MAC_HW_DURATION |
1015                              AR9170_TX_MAC_BACKOFF);
1016        mac_tmp |= cpu_to_le16((hw_queue << AR9170_TX_MAC_QOS_S) &
1017                               AR9170_TX_MAC_QOS);
1018
1019        if (unlikely(info->flags & IEEE80211_TX_CTL_NO_ACK))
1020                mac_tmp |= cpu_to_le16(AR9170_TX_MAC_NO_ACK);
1021
1022        if (info->control.hw_key) {
1023                len += info->control.hw_key->icv_len;
1024
1025                switch (info->control.hw_key->cipher) {
1026                case WLAN_CIPHER_SUITE_WEP40:
1027                case WLAN_CIPHER_SUITE_WEP104:
1028                case WLAN_CIPHER_SUITE_TKIP:
1029                        mac_tmp |= cpu_to_le16(AR9170_TX_MAC_ENCR_RC4);
1030                        break;
1031                case WLAN_CIPHER_SUITE_CCMP:
1032                        mac_tmp |= cpu_to_le16(AR9170_TX_MAC_ENCR_AES);
1033                        break;
1034                default:
1035                        WARN_ON(1);
1036                        goto err_out;
1037                }
1038        }
1039
1040        if (info->flags & IEEE80211_TX_CTL_AMPDU) {
1041                unsigned int density, factor;
1042
1043                if (unlikely(!sta || !cvif))
1044                        goto err_out;
1045
1046                factor = min_t(unsigned int, 1u, sta->ht_cap.ampdu_factor);
1047                density = sta->ht_cap.ampdu_density;
1048
1049                if (density) {
1050                        /*
1051                         * Watch out!
1052                         *
1053                         * Otus uses slightly different density values than
1054                         * those from the 802.11n spec.
1055                         */
1056
1057                        density = max_t(unsigned int, density + 1, 7u);
1058                }
1059
1060                SET_VAL(CARL9170_TX_SUPER_AMPDU_DENSITY,
1061                        txc->s.ampdu_settings, density);
1062
1063                SET_VAL(CARL9170_TX_SUPER_AMPDU_FACTOR,
1064                        txc->s.ampdu_settings, factor);
1065        }
1066
1067        txc->s.len = cpu_to_le16(skb->len);
1068        txc->f.length = cpu_to_le16(len + FCS_LEN);
1069        txc->f.mac_control = mac_tmp;
1070
1071        arinfo = (void *)info->rate_driver_data;
1072        arinfo->timeout = jiffies;
1073        arinfo->ar = ar;
1074        kref_init(&arinfo->ref);
1075        return 0;
1076
1077err_out:
1078        skb_pull(skb, sizeof(*txc));
1079        return -EINVAL;
1080}
1081
1082static void carl9170_set_immba(struct ar9170 *ar, struct sk_buff *skb)
1083{
1084        struct _carl9170_tx_superframe *super;
1085
1086        super = (void *) skb->data;
1087        super->f.mac_control |= cpu_to_le16(AR9170_TX_MAC_IMM_BA);
1088}
1089
1090static void carl9170_set_ampdu_params(struct ar9170 *ar, struct sk_buff *skb)
1091{
1092        struct _carl9170_tx_superframe *super;
1093        int tmp;
1094
1095        super = (void *) skb->data;
1096
1097        tmp = (super->s.ampdu_settings & CARL9170_TX_SUPER_AMPDU_DENSITY) <<
1098                CARL9170_TX_SUPER_AMPDU_DENSITY_S;
1099
1100        /*
1101         * If you haven't noticed carl9170_tx_prepare has already filled
1102         * in all ampdu spacing & factor parameters.
1103         * Now it's the time to check whenever the settings have to be
1104         * updated by the firmware, or if everything is still the same.
1105         *
1106         * There's no sane way to handle different density values with
1107         * this hardware, so we may as well just do the compare in the
1108         * driver.
1109         */
1110
1111        if (tmp != ar->current_density) {
1112                ar->current_density = tmp;
1113                super->s.ampdu_settings |=
1114                        CARL9170_TX_SUPER_AMPDU_COMMIT_DENSITY;
1115        }
1116
1117        tmp = (super->s.ampdu_settings & CARL9170_TX_SUPER_AMPDU_FACTOR) <<
1118                CARL9170_TX_SUPER_AMPDU_FACTOR_S;
1119
1120        if (tmp != ar->current_factor) {
1121                ar->current_factor = tmp;
1122                super->s.ampdu_settings |=
1123                        CARL9170_TX_SUPER_AMPDU_COMMIT_FACTOR;
1124        }
1125}
1126
1127static void carl9170_tx_ampdu(struct ar9170 *ar)
1128{
1129        struct sk_buff_head agg;
1130        struct carl9170_sta_tid *tid_info;
1131        struct sk_buff *skb, *first;
1132        struct ieee80211_tx_info *tx_info_first;
1133        unsigned int i = 0, done_ampdus = 0;
1134        u16 seq, queue, tmpssn;
1135
1136        atomic_inc(&ar->tx_ampdu_scheduler);
1137        ar->tx_ampdu_schedule = false;
1138
1139        if (atomic_read(&ar->tx_ampdu_upload))
1140                return;
1141
1142        if (!ar->tx_ampdu_list_len)
1143                return;
1144
1145        __skb_queue_head_init(&agg);
1146
1147        rcu_read_lock();
1148        tid_info = rcu_dereference(ar->tx_ampdu_iter);
1149        if (WARN_ON_ONCE(!tid_info)) {
1150                rcu_read_unlock();
1151                return;
1152        }
1153
1154retry:
1155        list_for_each_entry_continue_rcu(tid_info, &ar->tx_ampdu_list, list) {
1156                i++;
1157
1158                if (tid_info->state < CARL9170_TID_STATE_PROGRESS)
1159                        continue;
1160
1161                queue = TID_TO_WME_AC(tid_info->tid);
1162
1163                spin_lock_bh(&tid_info->lock);
1164                if (tid_info->state != CARL9170_TID_STATE_XMIT)
1165                        goto processed;
1166
1167                tid_info->counter++;
1168                first = skb_peek(&tid_info->queue);
1169                tmpssn = carl9170_get_seq(first);
1170                seq = tid_info->snx;
1171
1172                if (unlikely(tmpssn != seq)) {
1173                        tid_info->state = CARL9170_TID_STATE_IDLE;
1174
1175                        goto processed;
1176                }
1177
1178                tx_info_first = NULL;
1179                while ((skb = skb_peek(&tid_info->queue))) {
1180                        /* strict 0, 1, ..., n - 1, n frame sequence order */
1181                        if (unlikely(carl9170_get_seq(skb) != seq))
1182                                break;
1183
1184                        /* don't upload more than AMPDU FACTOR allows. */
1185                        if (unlikely(SEQ_DIFF(tid_info->snx, tid_info->bsn) >=
1186                            (tid_info->max - 1)))
1187                                break;
1188
1189                        if (!tx_info_first) {
1190                                carl9170_tx_get_rates(ar, tid_info->vif,
1191                                                      tid_info->sta, first);
1192                                tx_info_first = IEEE80211_SKB_CB(first);
1193                        }
1194
1195                        carl9170_tx_apply_rateset(ar, tx_info_first, skb);
1196
1197                        atomic_inc(&ar->tx_ampdu_upload);
1198                        tid_info->snx = seq = SEQ_NEXT(seq);
1199                        __skb_unlink(skb, &tid_info->queue);
1200
1201                        __skb_queue_tail(&agg, skb);
1202
1203                        if (skb_queue_len(&agg) >= CARL9170_NUM_TX_AGG_MAX)
1204                                break;
1205                }
1206
1207                if (skb_queue_empty(&tid_info->queue) ||
1208                    carl9170_get_seq(skb_peek(&tid_info->queue)) !=
1209                    tid_info->snx) {
1210                        /* stop TID, if A-MPDU frames are still missing,
1211                         * or whenever the queue is empty.
1212                         */
1213
1214                        tid_info->state = CARL9170_TID_STATE_IDLE;
1215                }
1216                done_ampdus++;
1217
1218processed:
1219                spin_unlock_bh(&tid_info->lock);
1220
1221                if (skb_queue_empty(&agg))
1222                        continue;
1223
1224                /* apply ampdu spacing & factor settings */
1225                carl9170_set_ampdu_params(ar, skb_peek(&agg));
1226
1227                /* set aggregation push bit */
1228                carl9170_set_immba(ar, skb_peek_tail(&agg));
1229
1230                spin_lock_bh(&ar->tx_pending[queue].lock);
1231                skb_queue_splice_tail_init(&agg, &ar->tx_pending[queue]);
1232                spin_unlock_bh(&ar->tx_pending[queue].lock);
1233                ar->tx_schedule = true;
1234        }
1235        if ((done_ampdus++ == 0) && (i++ == 0))
1236                goto retry;
1237
1238        rcu_assign_pointer(ar->tx_ampdu_iter, tid_info);
1239        rcu_read_unlock();
1240}
1241
1242static struct sk_buff *carl9170_tx_pick_skb(struct ar9170 *ar,
1243                                            struct sk_buff_head *queue)
1244{
1245        struct sk_buff *skb;
1246        struct ieee80211_tx_info *info;
1247        struct carl9170_tx_info *arinfo;
1248
1249        BUILD_BUG_ON(sizeof(*arinfo) > sizeof(info->rate_driver_data));
1250
1251        spin_lock_bh(&queue->lock);
1252        skb = skb_peek(queue);
1253        if (unlikely(!skb))
1254                goto err_unlock;
1255
1256        if (carl9170_alloc_dev_space(ar, skb))
1257                goto err_unlock;
1258
1259        __skb_unlink(skb, queue);
1260        spin_unlock_bh(&queue->lock);
1261
1262        info = IEEE80211_SKB_CB(skb);
1263        arinfo = (void *) info->rate_driver_data;
1264
1265        arinfo->timeout = jiffies;
1266        return skb;
1267
1268err_unlock:
1269        spin_unlock_bh(&queue->lock);
1270        return NULL;
1271}
1272
1273void carl9170_tx_drop(struct ar9170 *ar, struct sk_buff *skb)
1274{
1275        struct _carl9170_tx_superframe *super;
1276        uint8_t q = 0;
1277
1278        ar->tx_dropped++;
1279
1280        super = (void *)skb->data;
1281        SET_VAL(CARL9170_TX_SUPER_MISC_QUEUE, q,
1282                ar9170_qmap[carl9170_get_queue(ar, skb)]);
1283        __carl9170_tx_process_status(ar, super->s.cookie, q);
1284}
1285
1286static bool carl9170_tx_ps_drop(struct ar9170 *ar, struct sk_buff *skb)
1287{
1288        struct ieee80211_sta *sta;
1289        struct carl9170_sta_info *sta_info;
1290        struct ieee80211_tx_info *tx_info;
1291
1292        rcu_read_lock();
1293        sta = __carl9170_get_tx_sta(ar, skb);
1294        if (!sta)
1295                goto out_rcu;
1296
1297        sta_info = (void *) sta->drv_priv;
1298        tx_info = IEEE80211_SKB_CB(skb);
1299
1300        if (unlikely(sta_info->sleeping) &&
1301            !(tx_info->flags & (IEEE80211_TX_CTL_NO_PS_BUFFER |
1302                                IEEE80211_TX_CTL_CLEAR_PS_FILT))) {
1303                rcu_read_unlock();
1304
1305                if (tx_info->flags & IEEE80211_TX_CTL_AMPDU)
1306                        atomic_dec(&ar->tx_ampdu_upload);
1307
1308                tx_info->flags |= IEEE80211_TX_STAT_TX_FILTERED;
1309                carl9170_release_dev_space(ar, skb);
1310                carl9170_tx_status(ar, skb, false);
1311                return true;
1312        }
1313
1314out_rcu:
1315        rcu_read_unlock();
1316        return false;
1317}
1318
1319static void carl9170_bar_check(struct ar9170 *ar, struct sk_buff *skb)
1320{
1321        struct _carl9170_tx_superframe *super = (void *) skb->data;
1322        struct ieee80211_bar *bar = (void *) super->frame_data;
1323
1324        if (unlikely(ieee80211_is_back_req(bar->frame_control)) &&
1325            skb->len >= sizeof(struct ieee80211_bar)) {
1326                struct carl9170_bar_list_entry *entry;
1327                unsigned int queue = skb_get_queue_mapping(skb);
1328
1329                entry = kmalloc(sizeof(*entry), GFP_ATOMIC);
1330                if (!WARN_ON_ONCE(!entry)) {
1331                        entry->skb = skb;
1332                        spin_lock_bh(&ar->bar_list_lock[queue]);
1333                        list_add_tail_rcu(&entry->list, &ar->bar_list[queue]);
1334                        spin_unlock_bh(&ar->bar_list_lock[queue]);
1335                }
1336        }
1337}
1338
1339static void carl9170_tx(struct ar9170 *ar)
1340{
1341        struct sk_buff *skb;
1342        unsigned int i, q;
1343        bool schedule_garbagecollector = false;
1344
1345        ar->tx_schedule = false;
1346
1347        if (unlikely(!IS_STARTED(ar)))
1348                return;
1349
1350        carl9170_usb_handle_tx_err(ar);
1351
1352        for (i = 0; i < ar->hw->queues; i++) {
1353                while (!skb_queue_empty(&ar->tx_pending[i])) {
1354                        skb = carl9170_tx_pick_skb(ar, &ar->tx_pending[i]);
1355                        if (unlikely(!skb))
1356                                break;
1357
1358                        if (unlikely(carl9170_tx_ps_drop(ar, skb)))
1359                                continue;
1360
1361                        carl9170_bar_check(ar, skb);
1362
1363                        atomic_inc(&ar->tx_total_pending);
1364
1365                        q = __carl9170_get_queue(ar, i);
1366                        /*
1367                         * NB: tx_status[i] vs. tx_status[q],
1368                         * TODO: Move into pick_skb or alloc_dev_space.
1369                         */
1370                        skb_queue_tail(&ar->tx_status[q], skb);
1371
1372                        /*
1373                         * increase ref count to "2".
1374                         * Ref counting is the easiest way to solve the
1375                         * race between the urb's completion routine:
1376                         *      carl9170_tx_callback
1377                         * and wlan tx status functions:
1378                         *      carl9170_tx_status/janitor.
1379                         */
1380                        carl9170_tx_get_skb(skb);
1381
1382                        carl9170_usb_tx(ar, skb);
1383                        schedule_garbagecollector = true;
1384                }
1385        }
1386
1387        if (!schedule_garbagecollector)
1388                return;
1389
1390        ieee80211_queue_delayed_work(ar->hw, &ar->tx_janitor,
1391                msecs_to_jiffies(CARL9170_TX_TIMEOUT));
1392}
1393
1394static bool carl9170_tx_ampdu_queue(struct ar9170 *ar,
1395        struct ieee80211_sta *sta, struct sk_buff *skb,
1396        struct ieee80211_tx_info *txinfo)
1397{
1398        struct carl9170_sta_info *sta_info;
1399        struct carl9170_sta_tid *agg;
1400        struct sk_buff *iter;
1401        u16 tid, seq, qseq, off;
1402        bool run = false;
1403
1404        tid = carl9170_get_tid(skb);
1405        seq = carl9170_get_seq(skb);
1406        sta_info = (void *) sta->drv_priv;
1407
1408        rcu_read_lock();
1409        agg = rcu_dereference(sta_info->agg[tid]);
1410
1411        if (!agg)
1412                goto err_unlock_rcu;
1413
1414        spin_lock_bh(&agg->lock);
1415        if (unlikely(agg->state < CARL9170_TID_STATE_IDLE))
1416                goto err_unlock;
1417
1418        /* check if sequence is within the BA window */
1419        if (unlikely(!BAW_WITHIN(agg->bsn, CARL9170_BAW_BITS, seq)))
1420                goto err_unlock;
1421
1422        if (WARN_ON_ONCE(!BAW_WITHIN(agg->snx, CARL9170_BAW_BITS, seq)))
1423                goto err_unlock;
1424
1425        off = SEQ_DIFF(seq, agg->bsn);
1426        if (WARN_ON_ONCE(test_and_set_bit(off, agg->bitmap)))
1427                goto err_unlock;
1428
1429        if (likely(BAW_WITHIN(agg->hsn, CARL9170_BAW_BITS, seq))) {
1430                __skb_queue_tail(&agg->queue, skb);
1431                agg->hsn = seq;
1432                goto queued;
1433        }
1434
1435        skb_queue_reverse_walk(&agg->queue, iter) {
1436                qseq = carl9170_get_seq(iter);
1437
1438                if (BAW_WITHIN(qseq, CARL9170_BAW_BITS, seq)) {
1439                        __skb_queue_after(&agg->queue, iter, skb);
1440                        goto queued;
1441                }
1442        }
1443
1444        __skb_queue_head(&agg->queue, skb);
1445queued:
1446
1447        if (unlikely(agg->state != CARL9170_TID_STATE_XMIT)) {
1448                if (agg->snx == carl9170_get_seq(skb_peek(&agg->queue))) {
1449                        agg->state = CARL9170_TID_STATE_XMIT;
1450                        run = true;
1451                }
1452        }
1453
1454        spin_unlock_bh(&agg->lock);
1455        rcu_read_unlock();
1456
1457        return run;
1458
1459err_unlock:
1460        spin_unlock_bh(&agg->lock);
1461
1462err_unlock_rcu:
1463        rcu_read_unlock();
1464        txinfo->flags &= ~IEEE80211_TX_CTL_AMPDU;
1465        carl9170_tx_status(ar, skb, false);
1466        ar->tx_dropped++;
1467        return false;
1468}
1469
1470void carl9170_op_tx(struct ieee80211_hw *hw,
1471                    struct ieee80211_tx_control *control,
1472                    struct sk_buff *skb)
1473{
1474        struct ar9170 *ar = hw->priv;
1475        struct ieee80211_tx_info *info;
1476        struct ieee80211_sta *sta = control->sta;
1477        struct ieee80211_vif *vif;
1478        bool run;
1479
1480        if (unlikely(!IS_STARTED(ar)))
1481                goto err_free;
1482
1483        info = IEEE80211_SKB_CB(skb);
1484        vif = info->control.vif;
1485
1486        if (unlikely(carl9170_tx_prepare(ar, sta, skb)))
1487                goto err_free;
1488
1489        carl9170_tx_accounting(ar, skb);
1490        /*
1491         * from now on, one has to use carl9170_tx_status to free
1492         * all ressouces which are associated with the frame.
1493         */
1494
1495        if (sta) {
1496                struct carl9170_sta_info *stai = (void *) sta->drv_priv;
1497                atomic_inc(&stai->pending_frames);
1498        }
1499
1500        if (info->flags & IEEE80211_TX_CTL_AMPDU) {
1501                /* to static code analyzers and reviewers:
1502                 * mac80211 guarantees that a valid "sta"
1503                 * reference is present, if a frame is to
1504                 * be part of an ampdu. Hence any extra
1505                 * sta == NULL checks are redundant in this
1506                 * special case.
1507                 */
1508                run = carl9170_tx_ampdu_queue(ar, sta, skb, info);
1509                if (run)
1510                        carl9170_tx_ampdu(ar);
1511
1512        } else {
1513                unsigned int queue = skb_get_queue_mapping(skb);
1514
1515                carl9170_tx_get_rates(ar, vif, sta, skb);
1516                carl9170_tx_apply_rateset(ar, info, skb);
1517                skb_queue_tail(&ar->tx_pending[queue], skb);
1518        }
1519
1520        carl9170_tx(ar);
1521        return;
1522
1523err_free:
1524        ar->tx_dropped++;
1525        ieee80211_free_txskb(ar->hw, skb);
1526}
1527
1528void carl9170_tx_scheduler(struct ar9170 *ar)
1529{
1530
1531        if (ar->tx_ampdu_schedule)
1532                carl9170_tx_ampdu(ar);
1533
1534        if (ar->tx_schedule)
1535                carl9170_tx(ar);
1536}
1537
1538/* caller has to take rcu_read_lock */
1539static struct carl9170_vif_info *carl9170_pick_beaconing_vif(struct ar9170 *ar)
1540{
1541        struct carl9170_vif_info *cvif;
1542        int i = 1;
1543
1544        /* The AR9170 hardware has no fancy beacon queue or some
1545         * other scheduling mechanism. So, the driver has to make
1546         * due by setting the two beacon timers (pretbtt and tbtt)
1547         * once and then swapping the beacon address in the HW's
1548         * register file each time the pretbtt fires.
1549         */
1550
1551        cvif = rcu_dereference(ar->beacon_iter);
1552        if (ar->vifs > 0 && cvif) {
1553                do {
1554                        list_for_each_entry_continue_rcu(cvif, &ar->vif_list,
1555                                                         list) {
1556                                if (cvif->active && cvif->enable_beacon)
1557                                        goto out;
1558                        }
1559                } while (ar->beacon_enabled && i--);
1560        }
1561
1562out:
1563        RCU_INIT_POINTER(ar->beacon_iter, cvif);
1564        return cvif;
1565}
1566
1567static bool carl9170_tx_beacon_physet(struct ar9170 *ar, struct sk_buff *skb,
1568                                      u32 *ht1, u32 *plcp)
1569{
1570        struct ieee80211_tx_info *txinfo;
1571        struct ieee80211_tx_rate *rate;
1572        unsigned int power, chains;
1573        bool ht_rate;
1574
1575        txinfo = IEEE80211_SKB_CB(skb);
1576        rate = &txinfo->control.rates[0];
1577        ht_rate = !!(txinfo->control.rates[0].flags & IEEE80211_TX_RC_MCS);
1578        carl9170_tx_rate_tpc_chains(ar, txinfo, rate, plcp, &power, &chains);
1579
1580        *ht1 = AR9170_MAC_BCN_HT1_TX_ANT0;
1581        if (chains == AR9170_TX_PHY_TXCHAIN_2)
1582                *ht1 |= AR9170_MAC_BCN_HT1_TX_ANT1;
1583        SET_VAL(AR9170_MAC_BCN_HT1_PWR_CTRL, *ht1, 7);
1584        SET_VAL(AR9170_MAC_BCN_HT1_TPC, *ht1, power);
1585        SET_VAL(AR9170_MAC_BCN_HT1_CHAIN_MASK, *ht1, chains);
1586
1587        if (ht_rate) {
1588                *ht1 |= AR9170_MAC_BCN_HT1_HT_EN;
1589                if (rate->flags & IEEE80211_TX_RC_SHORT_GI)
1590                        *plcp |= AR9170_MAC_BCN_HT2_SGI;
1591
1592                if (rate->flags & IEEE80211_TX_RC_40_MHZ_WIDTH) {
1593                        *ht1 |= AR9170_MAC_BCN_HT1_BWC_40M_SHARED;
1594                        *plcp |= AR9170_MAC_BCN_HT2_BW40;
1595                } else if (rate->flags & IEEE80211_TX_RC_DUP_DATA) {
1596                        *ht1 |= AR9170_MAC_BCN_HT1_BWC_40M_DUP;
1597                        *plcp |= AR9170_MAC_BCN_HT2_BW40;
1598                }
1599
1600                SET_VAL(AR9170_MAC_BCN_HT2_LEN, *plcp, skb->len + FCS_LEN);
1601        } else {
1602                if (*plcp <= AR9170_TX_PHY_RATE_CCK_11M)
1603                        *plcp |= ((skb->len + FCS_LEN) << (3 + 16)) + 0x0400;
1604                else
1605                        *plcp |= ((skb->len + FCS_LEN) << 16) + 0x0010;
1606        }
1607
1608        return ht_rate;
1609}
1610
1611int carl9170_update_beacon(struct ar9170 *ar, const bool submit)
1612{
1613        struct sk_buff *skb = NULL;
1614        struct carl9170_vif_info *cvif;
1615        __le32 *data, *old = NULL;
1616        u32 word, ht1, plcp, off, addr, len;
1617        int i = 0, err = 0;
1618        bool ht_rate;
1619
1620        rcu_read_lock();
1621        cvif = carl9170_pick_beaconing_vif(ar);
1622        if (!cvif)
1623                goto out_unlock;
1624
1625        skb = ieee80211_beacon_get_tim(ar->hw, carl9170_get_vif(cvif),
1626                NULL, NULL);
1627
1628        if (!skb) {
1629                err = -ENOMEM;
1630                goto err_free;
1631        }
1632
1633        spin_lock_bh(&ar->beacon_lock);
1634        data = (__le32 *)skb->data;
1635        if (cvif->beacon)
1636                old = (__le32 *)cvif->beacon->data;
1637
1638        off = cvif->id * AR9170_MAC_BCN_LENGTH_MAX;
1639        addr = ar->fw.beacon_addr + off;
1640        len = roundup(skb->len + FCS_LEN, 4);
1641
1642        if ((off + len) > ar->fw.beacon_max_len) {
1643                if (net_ratelimit()) {
1644                        wiphy_err(ar->hw->wiphy, "beacon does not "
1645                                  "fit into device memory!\n");
1646                }
1647                err = -EINVAL;
1648                goto err_unlock;
1649        }
1650
1651        if (len > AR9170_MAC_BCN_LENGTH_MAX) {
1652                if (net_ratelimit()) {
1653                        wiphy_err(ar->hw->wiphy, "no support for beacons "
1654                                "bigger than %d (yours:%d).\n",
1655                                 AR9170_MAC_BCN_LENGTH_MAX, len);
1656                }
1657
1658                err = -EMSGSIZE;
1659                goto err_unlock;
1660        }
1661
1662        ht_rate = carl9170_tx_beacon_physet(ar, skb, &ht1, &plcp);
1663
1664        carl9170_async_regwrite_begin(ar);
1665        carl9170_async_regwrite(AR9170_MAC_REG_BCN_HT1, ht1);
1666        if (ht_rate)
1667                carl9170_async_regwrite(AR9170_MAC_REG_BCN_HT2, plcp);
1668        else
1669                carl9170_async_regwrite(AR9170_MAC_REG_BCN_PLCP, plcp);
1670
1671        for (i = 0; i < DIV_ROUND_UP(skb->len, 4); i++) {
1672                /*
1673                 * XXX: This accesses beyond skb data for up
1674                 *      to the last 3 bytes!!
1675                 */
1676
1677                if (old && (data[i] == old[i]))
1678                        continue;
1679
1680                word = le32_to_cpu(data[i]);
1681                carl9170_async_regwrite(addr + 4 * i, word);
1682        }
1683        carl9170_async_regwrite_finish();
1684
1685        dev_kfree_skb_any(cvif->beacon);
1686        cvif->beacon = NULL;
1687
1688        err = carl9170_async_regwrite_result();
1689        if (!err)
1690                cvif->beacon = skb;
1691        spin_unlock_bh(&ar->beacon_lock);
1692        if (err)
1693                goto err_free;
1694
1695        if (submit) {
1696                err = carl9170_bcn_ctrl(ar, cvif->id,
1697                                        CARL9170_BCN_CTRL_CAB_TRIGGER,
1698                                        addr, skb->len + FCS_LEN);
1699
1700                if (err)
1701                        goto err_free;
1702        }
1703out_unlock:
1704        rcu_read_unlock();
1705        return 0;
1706
1707err_unlock:
1708        spin_unlock_bh(&ar->beacon_lock);
1709
1710err_free:
1711        rcu_read_unlock();
1712        dev_kfree_skb_any(skb);
1713        return err;
1714}
1715