2 * Intel Wireless WiMAX Connection 2400m
3 * Handle incoming traffic and deliver it to the control or data planes
6 * Copyright (C) 2007-2008 Intel Corporation. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * * Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * * Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
18 * * Neither the name of Intel Corporation nor the names of its
19 * contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
27 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
28 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
32 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 * Intel Corporation <linux-wimax@intel.com>
36 * Yanir Lubetkin <yanirx.lubetkin@intel.com>
37 * - Initial implementation
38 * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
39 * - Use skb_clone(), break up processing in chunks
40 * - Split transport/device specific
41 * - Make buffer size dynamic to exert less memory pressure
42 * - RX reorder support
44 * This handles the RX path.
46 * We receive an RX message from the bus-specific driver, which
47 * contains one or more payloads that have potentially different
48 * destinataries (data or control paths).
50 * So we just take that payload from the transport specific code in
51 * the form of an skb, break it up in chunks (a cloned skb each in the
52 * case of network packets) and pass it to netdev or to the
53 * command/ack handler (and from there to the WiMAX stack).
57 * The format of the buffer is:
59 * HEADER (struct i2400m_msg_hdr)
60 * PAYLOAD DESCRIPTOR 0 (struct i2400m_pld)
61 * PAYLOAD DESCRIPTOR 1
63 * PAYLOAD DESCRIPTOR N
64 * PAYLOAD 0 (raw bytes)
69 * See tx.c for a deeper description on alignment requirements and
70 * other fun facts of it.
74 * In firmwares <= v1.3, data packets have no header for RX, but they
75 * do for TX (currently unused).
77 * In firmware >= 1.4, RX packets have an extended header (16
78 * bytes). This header conveys information for management of host
79 * reordering of packets (the device offloads storage of the packets
80 * for reordering to the host). Read below for more information.
82 * The header is used as dummy space to emulate an ethernet header and
83 * thus be able to act as an ethernet device without having to reallocate.
87 * Starting in firmware v1.4, the device can deliver packets for
88 * delivery with special reordering information; this allows it to
89 * more effectively do packet management when some frames were lost in
92 * Thus, for RX packets that come out of order, the device gives the
93 * driver enough information to queue them properly and then at some
94 * point, the signal to deliver the whole (or part) of the queued
95 * packets to the networking stack. There are 16 such queues.
97 * This only happens when a packet comes in with the "need reorder"
98 * flag set in the RX header. When such bit is set, the following
99 * operations might be indicated:
101 * - reset queue: send all queued packets to the OS
103 * - queue: queue a packet
105 * - update ws: update the queue's window start and deliver queued
106 * packets that meet the criteria
108 * - queue & update ws: queue a packet, update the window start and
109 * deliver queued packets that meet the criteria
111 * (delivery criteria: the packet's [normalized] sequence number is
112 * lower than the new [normalized] window start).
114 * See the i2400m_roq_*() functions for details.
119 * i2400m_rx_msg_hdr_check
120 * i2400m_rx_pl_descr_check
129 * i2400m_roq_update_ws
130 * __i2400m_roq_update_ws
132 * i2400m_roq_queue_update_ws
134 * __i2400m_roq_update_ws
137 * i2400m_msg_size_check
138 * i2400m_report_hook_work [in a workqueue]
142 * wimax_msg_to_user_alloc
144 * i2400m_msg_size_check
147 #include <linux/slab.h>
148 #include <linux/kernel.h>
149 #include <linux/if_arp.h>
150 #include <linux/netdevice.h>
151 #include <linux/workqueue.h>
155 #define D_SUBMODULE rx
156 #include "debug-levels.h"
158 struct i2400m_report_hook_args {
159 struct sk_buff *skb_rx;
160 const struct i2400m_l3l4_hdr *l3l4_hdr;
162 struct list_head list_node;
167 * Execute i2400m_report_hook in a workqueue
169 * Goes over the list of queued reports in i2400m->rx_reports and
172 * NOTE: refcounts on i2400m are not needed because we flush the
173 * workqueue this runs on (i2400m->work_queue) before destroying
176 void i2400m_report_hook_work(struct work_struct *ws)
178 struct i2400m *i2400m = container_of(ws, struct i2400m, rx_report_ws);
179 struct device *dev = i2400m_dev(i2400m);
180 struct i2400m_report_hook_args *args, *args_next;
185 spin_lock_irqsave(&i2400m->rx_lock, flags);
186 list_splice_init(&i2400m->rx_reports, &list);
187 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
188 if (list_empty(&list))
191 d_printf(1, dev, "processing queued reports\n");
192 list_for_each_entry_safe(args, args_next, &list, list_node) {
193 d_printf(2, dev, "processing queued report %p\n", args);
194 i2400m_report_hook(i2400m, args->l3l4_hdr, args->size);
195 kfree_skb(args->skb_rx);
196 list_del(&args->list_node);
204 * Flush the list of queued reports
207 void i2400m_report_hook_flush(struct i2400m *i2400m)
209 struct device *dev = i2400m_dev(i2400m);
210 struct i2400m_report_hook_args *args, *args_next;
214 d_printf(1, dev, "flushing queued reports\n");
215 spin_lock_irqsave(&i2400m->rx_lock, flags);
216 list_splice_init(&i2400m->rx_reports, &list);
217 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
218 list_for_each_entry_safe(args, args_next, &list, list_node) {
219 d_printf(2, dev, "flushing queued report %p\n", args);
220 kfree_skb(args->skb_rx);
221 list_del(&args->list_node);
228 * Queue a report for later processing
230 * @i2400m: device descriptor
231 * @skb_rx: skb that contains the payload (for reference counting)
232 * @l3l4_hdr: pointer to the control
233 * @size: size of the message
236 void i2400m_report_hook_queue(struct i2400m *i2400m, struct sk_buff *skb_rx,
237 const void *l3l4_hdr, size_t size)
239 struct device *dev = i2400m_dev(i2400m);
241 struct i2400m_report_hook_args *args;
243 args = kzalloc(sizeof(*args), GFP_NOIO);
245 args->skb_rx = skb_get(skb_rx);
246 args->l3l4_hdr = l3l4_hdr;
248 spin_lock_irqsave(&i2400m->rx_lock, flags);
249 list_add_tail(&args->list_node, &i2400m->rx_reports);
250 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
251 d_printf(2, dev, "queued report %p\n", args);
252 rmb(); /* see i2400m->ready's documentation */
253 if (likely(i2400m->ready)) /* only send if up */
254 queue_work(i2400m->work_queue, &i2400m->rx_report_ws);
256 if (printk_ratelimit())
257 dev_err(dev, "%s:%u: Can't allocate %zu B\n",
258 __func__, __LINE__, sizeof(*args));
264 * Process an ack to a command
266 * @i2400m: device descriptor
267 * @payload: pointer to message
268 * @size: size of the message
270 * Pass the acknodledgment (in an skb) to the thread that is waiting
271 * for it in i2400m->msg_completion.
273 * We need to coordinate properly with the thread waiting for the
274 * ack. Check if it is waiting or if it is gone. We loose the spinlock
275 * to avoid allocating on atomic contexts (yeah, could use GFP_ATOMIC,
276 * but this is not so speed critical).
279 void i2400m_rx_ctl_ack(struct i2400m *i2400m,
280 const void *payload, size_t size)
282 struct device *dev = i2400m_dev(i2400m);
283 struct wimax_dev *wimax_dev = &i2400m->wimax_dev;
285 struct sk_buff *ack_skb;
287 /* Anyone waiting for an answer? */
288 spin_lock_irqsave(&i2400m->rx_lock, flags);
289 if (i2400m->ack_skb != ERR_PTR(-EINPROGRESS)) {
290 dev_err(dev, "Huh? reply to command with no waiters\n");
291 goto error_no_waiter;
293 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
295 ack_skb = wimax_msg_alloc(wimax_dev, NULL, payload, size, GFP_KERNEL);
297 /* Check waiter didn't time out waiting for the answer... */
298 spin_lock_irqsave(&i2400m->rx_lock, flags);
299 if (i2400m->ack_skb != ERR_PTR(-EINPROGRESS)) {
300 d_printf(1, dev, "Huh? waiter for command reply cancelled\n");
301 goto error_waiter_cancelled;
303 if (ack_skb == NULL) {
304 dev_err(dev, "CMD/GET/SET ack: cannot allocate SKB\n");
305 i2400m->ack_skb = ERR_PTR(-ENOMEM);
307 i2400m->ack_skb = ack_skb;
308 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
309 complete(&i2400m->msg_completion);
312 error_waiter_cancelled:
315 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
321 * Receive and process a control payload
323 * @i2400m: device descriptor
324 * @skb_rx: skb that contains the payload (for reference counting)
325 * @payload: pointer to message
326 * @size: size of the message
328 * There are two types of control RX messages: reports (asynchronous,
329 * like your every day interrupts) and 'acks' (reponses to a command,
330 * get or set request).
332 * If it is a report, we run hooks on it (to extract information for
333 * things we need to do in the driver) and then pass it over to the
334 * WiMAX stack to send it to user space.
336 * NOTE: report processing is done in a workqueue specific to the
337 * generic driver, to avoid deadlocks in the system.
339 * If it is not a report, it is an ack to a previously executed
340 * command, set or get, so wake up whoever is waiting for it from
341 * i2400m_msg_to_dev(). i2400m_rx_ctl_ack() takes care of that.
343 * Note that the sizes we pass to other functions from here are the
344 * sizes of the _l3l4_hdr + payload, not full buffer sizes, as we have
345 * verified in _msg_size_check() that they are congruent.
347 * For reports: We can't clone the original skb where the data is
348 * because we need to send this up via netlink; netlink has to add
349 * headers and we can't overwrite what's preceeding the payload...as
350 * it is another message. So we just dup them.
353 void i2400m_rx_ctl(struct i2400m *i2400m, struct sk_buff *skb_rx,
354 const void *payload, size_t size)
357 struct device *dev = i2400m_dev(i2400m);
358 const struct i2400m_l3l4_hdr *l3l4_hdr = payload;
361 result = i2400m_msg_size_check(i2400m, l3l4_hdr, size);
363 dev_err(dev, "HW BUG? device sent a bad message: %d\n",
367 msg_type = le16_to_cpu(l3l4_hdr->type);
368 d_printf(1, dev, "%s 0x%04x: %zu bytes\n",
369 msg_type & I2400M_MT_REPORT_MASK ? "REPORT" : "CMD/SET/GET",
371 d_dump(2, dev, l3l4_hdr, size);
372 if (msg_type & I2400M_MT_REPORT_MASK) {
374 * Process each report
376 * - has to be ran serialized as well
378 * - the handling might force the execution of
379 * commands. That might cause reentrancy issues with
380 * bus-specific subdrivers and workqueues, so the we
381 * run it in a separate workqueue.
383 * - when the driver is not yet ready to handle them,
384 * they are queued and at some point the queue is
385 * restarted [NOTE: we can't queue SKBs directly, as
386 * this might be a piece of a SKB, not the whole
387 * thing, and this is cheaper than cloning the
390 * Note we don't do refcounting for the device
391 * structure; this is because before destroying
392 * 'i2400m', we make sure to flush the
393 * i2400m->work_queue, so there are no issues.
395 i2400m_report_hook_queue(i2400m, skb_rx, l3l4_hdr, size);
396 if (unlikely(i2400m->trace_msg_from_user))
397 wimax_msg(&i2400m->wimax_dev, "echo",
398 l3l4_hdr, size, GFP_KERNEL);
399 result = wimax_msg(&i2400m->wimax_dev, NULL, l3l4_hdr, size,
402 dev_err(dev, "error sending report to userspace: %d\n",
404 } else /* an ack to a CMD, GET or SET */
405 i2400m_rx_ctl_ack(i2400m, payload, size);
412 * Receive and send up a trace
414 * @i2400m: device descriptor
415 * @skb_rx: skb that contains the trace (for reference counting)
416 * @payload: pointer to trace message inside the skb
417 * @size: size of the message
419 * THe i2400m might produce trace information (diagnostics) and we
420 * send them through a different kernel-to-user pipe (to avoid
423 * As in i2400m_rx_ctl(), we can't clone the original skb where the
424 * data is because we need to send this up via netlink; netlink has to
425 * add headers and we can't overwrite what's preceeding the
426 * payload...as it is another message. So we just dup them.
429 void i2400m_rx_trace(struct i2400m *i2400m,
430 const void *payload, size_t size)
433 struct device *dev = i2400m_dev(i2400m);
434 struct wimax_dev *wimax_dev = &i2400m->wimax_dev;
435 const struct i2400m_l3l4_hdr *l3l4_hdr = payload;
438 result = i2400m_msg_size_check(i2400m, l3l4_hdr, size);
440 dev_err(dev, "HW BUG? device sent a bad trace message: %d\n",
444 msg_type = le16_to_cpu(l3l4_hdr->type);
445 d_printf(1, dev, "Trace %s 0x%04x: %zu bytes\n",
446 msg_type & I2400M_MT_REPORT_MASK ? "REPORT" : "CMD/SET/GET",
448 d_dump(2, dev, l3l4_hdr, size);
449 result = wimax_msg(wimax_dev, "trace", l3l4_hdr, size, GFP_KERNEL);
451 dev_err(dev, "error sending trace to userspace: %d\n",
459 * Reorder queue data stored on skb->cb while the skb is queued in the
462 struct i2400m_roq_data {
463 unsigned sn; /* Serial number for the skb */
464 enum i2400m_cs cs; /* packet type for the skb */
471 * @ws: Window Start; sequence number where the current window start
473 * @queue: the skb queue itself
474 * @log: circular ring buffer used to log information about the
475 * reorder process in this queue that can be displayed in case of
476 * error to help diagnose it.
478 * This is the head for a list of skbs. In the skb->cb member of the
479 * skb when queued here contains a 'struct i2400m_roq_data' were we
480 * store the sequence number (sn) and the cs (packet type) coming from
481 * the RX payload header from the device.
486 struct sk_buff_head queue;
487 struct i2400m_roq_log *log;
492 void __i2400m_roq_init(struct i2400m_roq *roq)
495 skb_queue_head_init(&roq->queue);
500 unsigned __i2400m_roq_index(struct i2400m *i2400m, struct i2400m_roq *roq)
502 return ((unsigned long) roq - (unsigned long) i2400m->rx_roq)
508 * Normalize a sequence number based on the queue's window start
510 * nsn = (sn - ws) % 2048
512 * Note that if @sn < @roq->ws, we still need a positive number; %'s
513 * sign is implementation specific, so we normalize it by adding 2048
514 * to bring it to be positive.
517 unsigned __i2400m_roq_nsn(struct i2400m_roq *roq, unsigned sn)
520 r = ((int) sn - (int) roq->ws) % 2048;
528 * Circular buffer to keep the last N reorder operations
530 * In case something fails, dumb then to try to come up with what
534 I2400M_ROQ_LOG_LENGTH = 32,
537 struct i2400m_roq_log {
538 struct i2400m_roq_log_entry {
539 enum i2400m_ro_type type;
540 unsigned ws, count, sn, nsn, new_ws;
541 } entry[I2400M_ROQ_LOG_LENGTH];
546 /* Print a log entry */
548 void i2400m_roq_log_entry_print(struct i2400m *i2400m, unsigned index,
550 struct i2400m_roq_log_entry *e)
552 struct device *dev = i2400m_dev(i2400m);
555 case I2400M_RO_TYPE_RESET:
556 dev_err(dev, "q#%d reset ws %u cnt %u sn %u/%u"
558 index, e->ws, e->count, e->sn, e->nsn, e->new_ws);
560 case I2400M_RO_TYPE_PACKET:
561 dev_err(dev, "q#%d queue ws %u cnt %u sn %u/%u\n",
562 index, e->ws, e->count, e->sn, e->nsn);
564 case I2400M_RO_TYPE_WS:
565 dev_err(dev, "q#%d update_ws ws %u cnt %u sn %u/%u"
567 index, e->ws, e->count, e->sn, e->nsn, e->new_ws);
569 case I2400M_RO_TYPE_PACKET_WS:
570 dev_err(dev, "q#%d queue_update_ws ws %u cnt %u sn %u/%u"
572 index, e->ws, e->count, e->sn, e->nsn, e->new_ws);
575 dev_err(dev, "q#%d BUG? entry %u - unknown type %u\n",
576 index, e_index, e->type);
583 void i2400m_roq_log_add(struct i2400m *i2400m,
584 struct i2400m_roq *roq, enum i2400m_ro_type type,
585 unsigned ws, unsigned count, unsigned sn,
586 unsigned nsn, unsigned new_ws)
588 struct i2400m_roq_log_entry *e;
590 int index = __i2400m_roq_index(i2400m, roq);
592 /* if we run out of space, we eat from the end */
593 if (roq->log->in - roq->log->out == I2400M_ROQ_LOG_LENGTH)
595 cnt_idx = roq->log->in++ % I2400M_ROQ_LOG_LENGTH;
596 e = &roq->log->entry[cnt_idx];
606 i2400m_roq_log_entry_print(i2400m, index, cnt_idx, e);
610 /* Dump all the entries in the FIFO and reinitialize it */
612 void i2400m_roq_log_dump(struct i2400m *i2400m, struct i2400m_roq *roq)
614 unsigned cnt, cnt_idx;
615 struct i2400m_roq_log_entry *e;
616 int index = __i2400m_roq_index(i2400m, roq);
618 BUG_ON(roq->log->out > roq->log->in);
619 for (cnt = roq->log->out; cnt < roq->log->in; cnt++) {
620 cnt_idx = cnt % I2400M_ROQ_LOG_LENGTH;
621 e = &roq->log->entry[cnt_idx];
622 i2400m_roq_log_entry_print(i2400m, index, cnt_idx, e);
623 memset(e, 0, sizeof(*e));
625 roq->log->in = roq->log->out = 0;
630 * Backbone for the queuing of an skb (by normalized sequence number)
632 * @i2400m: device descriptor
633 * @roq: reorder queue where to add
634 * @skb: the skb to add
635 * @sn: the sequence number of the skb
636 * @nsn: the normalized sequence number of the skb (pre-computed by the
637 * caller from the @sn and @roq->ws).
639 * We try first a couple of quick cases:
641 * - the queue is empty
642 * - the skb would be appended to the queue
644 * These will be the most common operations.
646 * If these fail, then we have to do a sorted insertion in the queue,
647 * which is the slowest path.
649 * We don't have to acquire a reference count as we are going to own it.
652 void __i2400m_roq_queue(struct i2400m *i2400m, struct i2400m_roq *roq,
653 struct sk_buff *skb, unsigned sn, unsigned nsn)
655 struct device *dev = i2400m_dev(i2400m);
656 struct sk_buff *skb_itr;
657 struct i2400m_roq_data *roq_data_itr, *roq_data;
660 d_fnstart(4, dev, "(i2400m %p roq %p skb %p sn %u nsn %u)\n",
661 i2400m, roq, skb, sn, nsn);
663 roq_data = (struct i2400m_roq_data *) &skb->cb;
664 BUILD_BUG_ON(sizeof(*roq_data) > sizeof(skb->cb));
666 d_printf(3, dev, "ERX: roq %p [ws %u] nsn %d sn %u\n",
667 roq, roq->ws, nsn, roq_data->sn);
669 /* Queues will be empty on not-so-bad environments, so try
671 if (skb_queue_empty(&roq->queue)) {
672 d_printf(2, dev, "ERX: roq %p - first one\n", roq);
673 __skb_queue_head(&roq->queue, skb);
676 /* Now try append, as most of the operations will be that */
677 skb_itr = skb_peek_tail(&roq->queue);
678 roq_data_itr = (struct i2400m_roq_data *) &skb_itr->cb;
679 nsn_itr = __i2400m_roq_nsn(roq, roq_data_itr->sn);
680 /* NSN bounds assumed correct (checked when it was queued) */
681 if (nsn >= nsn_itr) {
682 d_printf(2, dev, "ERX: roq %p - appended after %p (nsn %d sn %u)\n",
683 roq, skb_itr, nsn_itr, roq_data_itr->sn);
684 __skb_queue_tail(&roq->queue, skb);
687 /* None of the fast paths option worked. Iterate to find the
688 * right spot where to insert the packet; we know the queue is
689 * not empty, so we are not the first ones; we also know we
690 * are not going to be the last ones. The list is sorted, so
691 * we have to insert before the the first guy with an nsn_itr
692 * greater that our nsn. */
693 skb_queue_walk(&roq->queue, skb_itr) {
694 roq_data_itr = (struct i2400m_roq_data *) &skb_itr->cb;
695 nsn_itr = __i2400m_roq_nsn(roq, roq_data_itr->sn);
696 /* NSN bounds assumed correct (checked when it was queued) */
698 d_printf(2, dev, "ERX: roq %p - queued before %p "
699 "(nsn %d sn %u)\n", roq, skb_itr, nsn_itr,
701 __skb_queue_before(&roq->queue, skb_itr, skb);
705 /* If we get here, that is VERY bad -- print info to help
706 * diagnose and crash it */
707 dev_err(dev, "SW BUG? failed to insert packet\n");
708 dev_err(dev, "ERX: roq %p [ws %u] skb %p nsn %d sn %u\n",
709 roq, roq->ws, skb, nsn, roq_data->sn);
710 skb_queue_walk(&roq->queue, skb_itr) {
711 roq_data_itr = (struct i2400m_roq_data *) &skb_itr->cb;
712 nsn_itr = __i2400m_roq_nsn(roq, roq_data_itr->sn);
713 /* NSN bounds assumed correct (checked when it was queued) */
714 dev_err(dev, "ERX: roq %p skb_itr %p nsn %d sn %u\n",
715 roq, skb_itr, nsn_itr, roq_data_itr->sn);
719 d_fnend(4, dev, "(i2400m %p roq %p skb %p sn %u nsn %d) = void\n",
720 i2400m, roq, skb, sn, nsn);
726 * Backbone for the update window start operation
728 * @i2400m: device descriptor
729 * @roq: Reorder queue
730 * @sn: New sequence number
732 * Updates the window start of a queue; when doing so, it must deliver
733 * to the networking stack all the queued skb's whose normalized
734 * sequence number is lower than the new normalized window start.
737 unsigned __i2400m_roq_update_ws(struct i2400m *i2400m, struct i2400m_roq *roq,
740 struct device *dev = i2400m_dev(i2400m);
741 struct sk_buff *skb_itr, *tmp_itr;
742 struct i2400m_roq_data *roq_data_itr;
743 unsigned new_nws, nsn_itr;
745 new_nws = __i2400m_roq_nsn(roq, sn);
746 if (unlikely(new_nws >= 1024) && d_test(1)) {
747 dev_err(dev, "SW BUG? __update_ws new_nws %u (sn %u ws %u)\n",
748 new_nws, sn, roq->ws);
750 i2400m_roq_log_dump(i2400m, roq);
752 skb_queue_walk_safe(&roq->queue, skb_itr, tmp_itr) {
753 roq_data_itr = (struct i2400m_roq_data *) &skb_itr->cb;
754 nsn_itr = __i2400m_roq_nsn(roq, roq_data_itr->sn);
755 /* NSN bounds assumed correct (checked when it was queued) */
756 if (nsn_itr < new_nws) {
757 d_printf(2, dev, "ERX: roq %p - release skb %p "
758 "(nsn %u/%u new nws %u)\n",
759 roq, skb_itr, nsn_itr, roq_data_itr->sn,
761 __skb_unlink(skb_itr, &roq->queue);
762 i2400m_net_erx(i2400m, skb_itr, roq_data_itr->cs);
765 break; /* rest of packets all nsn_itr > nws */
775 * @i2400m: device descriptor
778 * Deliver all the packets and reset the window-start to zero. Name is
779 * kind of misleading.
782 void i2400m_roq_reset(struct i2400m *i2400m, struct i2400m_roq *roq)
784 struct device *dev = i2400m_dev(i2400m);
785 struct sk_buff *skb_itr, *tmp_itr;
786 struct i2400m_roq_data *roq_data_itr;
788 d_fnstart(2, dev, "(i2400m %p roq %p)\n", i2400m, roq);
789 i2400m_roq_log_add(i2400m, roq, I2400M_RO_TYPE_RESET,
790 roq->ws, skb_queue_len(&roq->queue),
792 skb_queue_walk_safe(&roq->queue, skb_itr, tmp_itr) {
793 roq_data_itr = (struct i2400m_roq_data *) &skb_itr->cb;
794 d_printf(2, dev, "ERX: roq %p - release skb %p (sn %u)\n",
795 roq, skb_itr, roq_data_itr->sn);
796 __skb_unlink(skb_itr, &roq->queue);
797 i2400m_net_erx(i2400m, skb_itr, roq_data_itr->cs);
800 d_fnend(2, dev, "(i2400m %p roq %p) = void\n", i2400m, roq);
808 * @i2400m: device descriptor
810 * @skb: containing the packet data
811 * @fbn: First block number of the packet in @skb
812 * @lbn: Last block number of the packet in @skb
814 * The hardware is asking the driver to queue a packet for later
815 * delivery to the networking stack.
818 void i2400m_roq_queue(struct i2400m *i2400m, struct i2400m_roq *roq,
819 struct sk_buff * skb, unsigned lbn)
821 struct device *dev = i2400m_dev(i2400m);
824 d_fnstart(2, dev, "(i2400m %p roq %p skb %p lbn %u) = void\n",
825 i2400m, roq, skb, lbn);
826 len = skb_queue_len(&roq->queue);
827 nsn = __i2400m_roq_nsn(roq, lbn);
828 if (unlikely(nsn >= 1024)) {
829 dev_err(dev, "SW BUG? queue nsn %d (lbn %u ws %u)\n",
831 i2400m_roq_log_dump(i2400m, roq);
832 i2400m_reset(i2400m, I2400M_RT_WARM);
834 __i2400m_roq_queue(i2400m, roq, skb, lbn, nsn);
835 i2400m_roq_log_add(i2400m, roq, I2400M_RO_TYPE_PACKET,
836 roq->ws, len, lbn, nsn, ~0);
838 d_fnend(2, dev, "(i2400m %p roq %p skb %p lbn %u) = void\n",
839 i2400m, roq, skb, lbn);
845 * Update the window start in a reorder queue and deliver all skbs
846 * with a lower window start
848 * @i2400m: device descriptor
849 * @roq: Reorder queue
850 * @sn: New sequence number
853 void i2400m_roq_update_ws(struct i2400m *i2400m, struct i2400m_roq *roq,
856 struct device *dev = i2400m_dev(i2400m);
857 unsigned old_ws, nsn, len;
859 d_fnstart(2, dev, "(i2400m %p roq %p sn %u)\n", i2400m, roq, sn);
861 len = skb_queue_len(&roq->queue);
862 nsn = __i2400m_roq_update_ws(i2400m, roq, sn);
863 i2400m_roq_log_add(i2400m, roq, I2400M_RO_TYPE_WS,
864 old_ws, len, sn, nsn, roq->ws);
865 d_fnstart(2, dev, "(i2400m %p roq %p sn %u) = void\n", i2400m, roq, sn);
871 * Queue a packet and update the window start
873 * @i2400m: device descriptor
875 * @skb: containing the packet data
876 * @fbn: First block number of the packet in @skb
877 * @sn: Last block number of the packet in @skb
879 * Note that unlike i2400m_roq_update_ws(), which sets the new window
880 * start to @sn, in here we'll set it to @sn + 1.
883 void i2400m_roq_queue_update_ws(struct i2400m *i2400m, struct i2400m_roq *roq,
884 struct sk_buff * skb, unsigned sn)
886 struct device *dev = i2400m_dev(i2400m);
887 unsigned nsn, old_ws, len;
889 d_fnstart(2, dev, "(i2400m %p roq %p skb %p sn %u)\n",
890 i2400m, roq, skb, sn);
891 len = skb_queue_len(&roq->queue);
892 nsn = __i2400m_roq_nsn(roq, sn);
894 if (unlikely(nsn >= 1024)) {
895 dev_err(dev, "SW BUG? queue_update_ws nsn %u (sn %u ws %u)\n",
897 i2400m_roq_log_dump(i2400m, roq);
898 i2400m_reset(i2400m, I2400M_RT_WARM);
900 /* if the queue is empty, don't bother as we'd queue
901 * it and inmediately unqueue it -- just deliver it */
903 struct i2400m_roq_data *roq_data;
904 roq_data = (struct i2400m_roq_data *) &skb->cb;
905 i2400m_net_erx(i2400m, skb, roq_data->cs);
908 __i2400m_roq_queue(i2400m, roq, skb, sn, nsn);
909 __i2400m_roq_update_ws(i2400m, roq, sn + 1);
910 i2400m_roq_log_add(i2400m, roq, I2400M_RO_TYPE_PACKET_WS,
911 old_ws, len, sn, nsn, roq->ws);
913 d_fnend(2, dev, "(i2400m %p roq %p skb %p sn %u) = void\n",
914 i2400m, roq, skb, sn);
920 * Receive and send up an extended data packet
922 * @i2400m: device descriptor
923 * @skb_rx: skb that contains the extended data packet
924 * @single_last: 1 if the payload is the only one or the last one of
926 * @payload: pointer to the packet's data inside the skb
927 * @size: size of the payload
929 * Starting in v1.4 of the i2400m's firmware, the device can send data
930 * packets to the host in an extended format that; this incudes a 16
931 * byte header (struct i2400m_pl_edata_hdr). Using this header's space
932 * we can fake ethernet headers for ethernet device emulation without
933 * having to copy packets around.
935 * This function handles said path.
938 * Receive and send up an extended data packet that requires no reordering
940 * @i2400m: device descriptor
941 * @skb_rx: skb that contains the extended data packet
942 * @single_last: 1 if the payload is the only one or the last one of
944 * @payload: pointer to the packet's data (past the actual extended
945 * data payload header).
946 * @size: size of the payload
948 * Pass over to the networking stack a data packet that might have
949 * reordering requirements.
951 * This needs to the decide if the skb in which the packet is
952 * contained can be reused or if it needs to be cloned. Then it has to
953 * be trimmed in the edges so that the beginning is the space for eth
954 * header and then pass it to i2400m_net_erx() for the stack
956 * Assumes the caller has verified the sanity of the payload (size,
960 void i2400m_rx_edata(struct i2400m *i2400m, struct sk_buff *skb_rx,
961 unsigned single_last, const void *payload, size_t size)
963 struct device *dev = i2400m_dev(i2400m);
964 const struct i2400m_pl_edata_hdr *hdr = payload;
965 struct net_device *net_dev = i2400m->wimax_dev.net_dev;
969 unsigned ro_needed, ro_type, ro_cin, ro_sn;
970 struct i2400m_roq *roq;
971 struct i2400m_roq_data *roq_data;
973 BUILD_BUG_ON(ETH_HLEN > sizeof(*hdr));
975 d_fnstart(2, dev, "(i2400m %p skb_rx %p single %u payload %p "
976 "size %zu)\n", i2400m, skb_rx, single_last, payload, size);
977 if (size < sizeof(*hdr)) {
978 dev_err(dev, "ERX: HW BUG? message with short header (%zu "
979 "vs %zu bytes expected)\n", size, sizeof(*hdr));
984 skb = skb_get(skb_rx);
985 d_printf(3, dev, "ERX: skb %p reusing\n", skb);
987 skb = skb_clone(skb_rx, GFP_KERNEL);
989 dev_err(dev, "ERX: no memory to clone skb\n");
990 net_dev->stats.rx_dropped++;
991 goto error_skb_clone;
993 d_printf(3, dev, "ERX: skb %p cloned from %p\n", skb, skb_rx);
995 /* now we have to pull and trim so that the skb points to the
996 * beginning of the IP packet; the netdev part will add the
997 * ethernet header as needed - we know there is enough space
998 * because we checked in i2400m_rx_edata(). */
999 skb_pull(skb, payload + sizeof(*hdr) - (void *) skb->data);
1000 skb_trim(skb, (void *) skb_end_pointer(skb) - payload - sizeof(*hdr));
1002 reorder = le32_to_cpu(hdr->reorder);
1003 ro_needed = reorder & I2400M_RO_NEEDED;
1006 ro_type = (reorder >> I2400M_RO_TYPE_SHIFT) & I2400M_RO_TYPE;
1007 ro_cin = (reorder >> I2400M_RO_CIN_SHIFT) & I2400M_RO_CIN;
1008 ro_sn = (reorder >> I2400M_RO_SN_SHIFT) & I2400M_RO_SN;
1010 roq = &i2400m->rx_roq[ro_cin];
1011 roq_data = (struct i2400m_roq_data *) &skb->cb;
1012 roq_data->sn = ro_sn;
1014 d_printf(2, dev, "ERX: reorder needed: "
1015 "type %u cin %u [ws %u] sn %u/%u len %zuB\n",
1016 ro_type, ro_cin, roq->ws, ro_sn,
1017 __i2400m_roq_nsn(roq, ro_sn), size);
1018 d_dump(2, dev, payload, size);
1020 case I2400M_RO_TYPE_RESET:
1021 i2400m_roq_reset(i2400m, roq);
1022 kfree_skb(skb); /* no data here */
1024 case I2400M_RO_TYPE_PACKET:
1025 i2400m_roq_queue(i2400m, roq, skb, ro_sn);
1027 case I2400M_RO_TYPE_WS:
1028 i2400m_roq_update_ws(i2400m, roq, ro_sn);
1029 kfree_skb(skb); /* no data here */
1031 case I2400M_RO_TYPE_PACKET_WS:
1032 i2400m_roq_queue_update_ws(i2400m, roq, skb, ro_sn);
1035 dev_err(dev, "HW BUG? unknown reorder type %u\n", ro_type);
1039 i2400m_net_erx(i2400m, skb, cs);
1042 d_fnend(2, dev, "(i2400m %p skb_rx %p single %u payload %p "
1043 "size %zu) = void\n", i2400m, skb_rx, single_last, payload, size);
1049 * Act on a received payload
1051 * @i2400m: device instance
1052 * @skb_rx: skb where the transaction was received
1053 * @single_last: 1 this is the only payload or the last one (so the
1054 * skb can be reused instead of cloned).
1055 * @pld: payload descriptor
1056 * @payload: payload data
1058 * Upon reception of a payload, look at its guts in the payload
1059 * descriptor and decide what to do with it. If it is a single payload
1060 * skb or if the last skb is a data packet, the skb will be referenced
1061 * and modified (so it doesn't have to be cloned).
1064 void i2400m_rx_payload(struct i2400m *i2400m, struct sk_buff *skb_rx,
1065 unsigned single_last, const struct i2400m_pld *pld,
1066 const void *payload)
1068 struct device *dev = i2400m_dev(i2400m);
1069 size_t pl_size = i2400m_pld_size(pld);
1070 enum i2400m_pt pl_type = i2400m_pld_type(pld);
1072 d_printf(7, dev, "RX: received payload type %u, %zu bytes\n",
1074 d_dump(8, dev, payload, pl_size);
1077 case I2400M_PT_DATA:
1078 d_printf(3, dev, "RX: data payload %zu bytes\n", pl_size);
1079 i2400m_net_rx(i2400m, skb_rx, single_last, payload, pl_size);
1081 case I2400M_PT_CTRL:
1082 i2400m_rx_ctl(i2400m, skb_rx, payload, pl_size);
1084 case I2400M_PT_TRACE:
1085 i2400m_rx_trace(i2400m, payload, pl_size);
1087 case I2400M_PT_EDATA:
1088 d_printf(3, dev, "ERX: data payload %zu bytes\n", pl_size);
1089 i2400m_rx_edata(i2400m, skb_rx, single_last, payload, pl_size);
1091 default: /* Anything else shouldn't come to the host */
1092 if (printk_ratelimit())
1093 dev_err(dev, "RX: HW BUG? unexpected payload type %u\n",
1100 * Check a received transaction's message header
1102 * @i2400m: device descriptor
1103 * @msg_hdr: message header
1104 * @buf_size: size of the received buffer
1106 * Check that the declarations done by a RX buffer message header are
1107 * sane and consistent with the amount of data that was received.
1110 int i2400m_rx_msg_hdr_check(struct i2400m *i2400m,
1111 const struct i2400m_msg_hdr *msg_hdr,
1115 struct device *dev = i2400m_dev(i2400m);
1116 if (buf_size < sizeof(*msg_hdr)) {
1117 dev_err(dev, "RX: HW BUG? message with short header (%zu "
1118 "vs %zu bytes expected)\n", buf_size, sizeof(*msg_hdr));
1121 if (msg_hdr->barker != cpu_to_le32(I2400M_D2H_MSG_BARKER)) {
1122 dev_err(dev, "RX: HW BUG? message received with unknown "
1123 "barker 0x%08x (buf_size %zu bytes)\n",
1124 le32_to_cpu(msg_hdr->barker), buf_size);
1127 if (msg_hdr->num_pls == 0) {
1128 dev_err(dev, "RX: HW BUG? zero payload packets in message\n");
1131 if (le16_to_cpu(msg_hdr->num_pls) > I2400M_MAX_PLS_IN_MSG) {
1132 dev_err(dev, "RX: HW BUG? message contains more payload "
1133 "than maximum; ignoring.\n");
1143 * Check a payload descriptor against the received data
1145 * @i2400m: device descriptor
1146 * @pld: payload descriptor
1147 * @pl_itr: offset (in bytes) in the received buffer the payload is
1149 * @buf_size: size of the received buffer
1151 * Given a payload descriptor (part of a RX buffer), check it is sane
1152 * and that the data it declares fits in the buffer.
1155 int i2400m_rx_pl_descr_check(struct i2400m *i2400m,
1156 const struct i2400m_pld *pld,
1157 size_t pl_itr, size_t buf_size)
1160 struct device *dev = i2400m_dev(i2400m);
1161 size_t pl_size = i2400m_pld_size(pld);
1162 enum i2400m_pt pl_type = i2400m_pld_type(pld);
1164 if (pl_size > i2400m->bus_pl_size_max) {
1165 dev_err(dev, "RX: HW BUG? payload @%zu: size %zu is "
1166 "bigger than maximum %zu; ignoring message\n",
1167 pl_itr, pl_size, i2400m->bus_pl_size_max);
1170 if (pl_itr + pl_size > buf_size) { /* enough? */
1171 dev_err(dev, "RX: HW BUG? payload @%zu: size %zu "
1172 "goes beyond the received buffer "
1173 "size (%zu bytes); ignoring message\n",
1174 pl_itr, pl_size, buf_size);
1177 if (pl_type >= I2400M_PT_ILLEGAL) {
1178 dev_err(dev, "RX: HW BUG? illegal payload type %u; "
1179 "ignoring message\n", pl_type);
1189 * i2400m_rx - Receive a buffer of data from the device
1191 * @i2400m: device descriptor
1192 * @skb: skbuff where the data has been received
1194 * Parse in a buffer of data that contains an RX message sent from the
1195 * device. See the file header for the format. Run all checks on the
1196 * buffer header, then run over each payload's descriptors, verify
1197 * their consistency and act on each payload's contents. If
1198 * everything is successful, update the device's statistics.
1200 * Note: You need to set the skb to contain only the length of the
1201 * received buffer; for that, use skb_trim(skb, RECEIVED_SIZE).
1205 * 0 if ok, < 0 errno on error
1207 * If ok, this function owns now the skb and the caller DOESN'T have
1208 * to run kfree_skb() on it. However, on error, the caller still owns
1209 * the skb and it is responsible for releasing it.
1211 int i2400m_rx(struct i2400m *i2400m, struct sk_buff *skb)
1214 struct device *dev = i2400m_dev(i2400m);
1215 const struct i2400m_msg_hdr *msg_hdr;
1216 size_t pl_itr, pl_size, skb_len;
1217 unsigned long flags;
1218 unsigned num_pls, single_last;
1221 d_fnstart(4, dev, "(i2400m %p skb %p [size %zu])\n",
1222 i2400m, skb, skb_len);
1224 msg_hdr = (void *) skb->data;
1225 result = i2400m_rx_msg_hdr_check(i2400m, msg_hdr, skb->len);
1227 goto error_msg_hdr_check;
1229 num_pls = le16_to_cpu(msg_hdr->num_pls);
1230 pl_itr = sizeof(*msg_hdr) + /* Check payload descriptor(s) */
1231 num_pls * sizeof(msg_hdr->pld[0]);
1232 pl_itr = ALIGN(pl_itr, I2400M_PL_ALIGN);
1233 if (pl_itr > skb->len) { /* got all the payload descriptors? */
1234 dev_err(dev, "RX: HW BUG? message too short (%u bytes) for "
1235 "%u payload descriptors (%zu each, total %zu)\n",
1236 skb->len, num_pls, sizeof(msg_hdr->pld[0]), pl_itr);
1237 goto error_pl_descr_short;
1239 /* Walk each payload payload--check we really got it */
1240 for (i = 0; i < num_pls; i++) {
1241 /* work around old gcc warnings */
1242 pl_size = i2400m_pld_size(&msg_hdr->pld[i]);
1243 result = i2400m_rx_pl_descr_check(i2400m, &msg_hdr->pld[i],
1246 goto error_pl_descr_check;
1247 single_last = num_pls == 1 || i == num_pls - 1;
1248 i2400m_rx_payload(i2400m, skb, single_last, &msg_hdr->pld[i],
1249 skb->data + pl_itr);
1250 pl_itr += ALIGN(pl_size, I2400M_PL_ALIGN);
1251 cond_resched(); /* Don't monopolize */
1254 /* Update device statistics */
1255 spin_lock_irqsave(&i2400m->rx_lock, flags);
1256 i2400m->rx_pl_num += i;
1257 if (i > i2400m->rx_pl_max)
1258 i2400m->rx_pl_max = i;
1259 if (i < i2400m->rx_pl_min)
1260 i2400m->rx_pl_min = i;
1262 i2400m->rx_size_acc += skb->len;
1263 if (skb->len < i2400m->rx_size_min)
1264 i2400m->rx_size_min = skb->len;
1265 if (skb->len > i2400m->rx_size_max)
1266 i2400m->rx_size_max = skb->len;
1267 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
1268 error_pl_descr_check:
1269 error_pl_descr_short:
1270 error_msg_hdr_check:
1271 d_fnend(4, dev, "(i2400m %p skb %p [size %zu]) = %d\n",
1272 i2400m, skb, skb_len, result);
1275 EXPORT_SYMBOL_GPL(i2400m_rx);
1278 void i2400m_unknown_barker(struct i2400m *i2400m,
1279 const void *buf, size_t size)
1281 struct device *dev = i2400m_dev(i2400m);
1283 const __le32 *barker = buf;
1284 dev_err(dev, "RX: HW BUG? unknown barker %08x, "
1285 "dropping %zu bytes\n", le32_to_cpu(*barker), size);
1286 snprintf(prefix, sizeof(prefix), "%s %s: ",
1287 dev_driver_string(dev), dev_name(dev));
1289 print_hex_dump(KERN_ERR, prefix, DUMP_PREFIX_OFFSET,
1291 printk(KERN_ERR "%s... (only first 64 bytes "
1292 "dumped)\n", prefix);
1294 print_hex_dump(KERN_ERR, prefix, DUMP_PREFIX_OFFSET,
1295 8, 4, buf, size, 0);
1297 EXPORT_SYMBOL(i2400m_unknown_barker);
1301 * Initialize the RX queue and infrastructure
1303 * This sets up all the RX reordering infrastructures, which will not
1304 * be used if reordering is not enabled or if the firmware does not
1305 * support it. The device is told to do reordering in
1306 * i2400m_dev_initialize(), where it also looks at the value of the
1307 * i2400m->rx_reorder switch before taking a decission.
1309 * Note we allocate the roq queues in one chunk and the actual logging
1310 * support for it (logging) in another one and then we setup the
1311 * pointers from the first to the last.
1313 int i2400m_rx_setup(struct i2400m *i2400m)
1316 struct device *dev = i2400m_dev(i2400m);
1318 i2400m->rx_reorder = i2400m_rx_reorder_disabled? 0 : 1;
1319 if (i2400m->rx_reorder) {
1322 struct i2400m_roq_log *rd;
1326 size = sizeof(i2400m->rx_roq[0]) * (I2400M_RO_CIN + 1);
1327 i2400m->rx_roq = kzalloc(size, GFP_KERNEL);
1328 if (i2400m->rx_roq == NULL) {
1329 dev_err(dev, "RX: cannot allocate %zu bytes for "
1330 "reorder queues\n", size);
1331 goto error_roq_alloc;
1334 size = sizeof(*i2400m->rx_roq[0].log) * (I2400M_RO_CIN + 1);
1335 rd = kzalloc(size, GFP_KERNEL);
1337 dev_err(dev, "RX: cannot allocate %zu bytes for "
1338 "reorder queues log areas\n", size);
1340 goto error_roq_log_alloc;
1343 for(itr = 0; itr < I2400M_RO_CIN + 1; itr++) {
1344 __i2400m_roq_init(&i2400m->rx_roq[itr]);
1345 i2400m->rx_roq[itr].log = &rd[itr];
1350 error_roq_log_alloc:
1351 kfree(i2400m->rx_roq);
1357 /* Tear down the RX queue and infrastructure */
1358 void i2400m_rx_release(struct i2400m *i2400m)
1360 if (i2400m->rx_reorder) {
1362 for(itr = 0; itr < I2400M_RO_CIN + 1; itr++)
1363 __skb_queue_purge(&i2400m->rx_roq[itr].queue);
1364 kfree(i2400m->rx_roq[0].log);
1365 kfree(i2400m->rx_roq);
1367 /* at this point, nothing can be received... */
1368 i2400m_report_hook_flush(i2400m);
git.openpandora.org / pandora-kernel.git / blob