1 /******************************************************************************
2  *
3  * Copyright(c) 2003 - 2014 Intel Corporation. All rights reserved.
4  *
5  * Portions of this file are derived from the ipw3945 project, as well
6  * as portions of the ieee80211 subsystem header files.
7  *
8  * This program is free software; you can redistribute it and/or modify it
9  * under the terms of version 2 of the GNU General Public License as
10  * published by the Free Software Foundation.
11  *
12  * This program is distributed in the hope that it will be useful, but WITHOUT
13  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
15  * more details.
16  *
17  * You should have received a copy of the GNU General Public License along with
18  * this program; if not, write to the Free Software Foundation, Inc.,
19  * 51 Franklin Street, Fifth Floor, Boston, MA 02110, USA
20  *
21  * The full GNU General Public License is included in this distribution in the
22  * file called LICENSE.
23  *
24  * Contact Information:
25  *  Intel Linux Wireless <linuxwifi@intel.com>
26  * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
27  *
28  *****************************************************************************/
29 #include <linux/etherdevice.h>
30 #include <net/mac80211.h>
31 #include "iwl-trans.h"
32 #include "dev.h"
33 #include "agn.h"
34 
35 const u8 iwl_bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
36 
37 static int iwl_sta_ucode_activate(struct iwl_priv *priv, u8 sta_id)
38 {
39 	lockdep_assert_held(&priv->sta_lock);
40 
41 	if (sta_id >= IWLAGN_STATION_COUNT) {
42 		IWL_ERR(priv, "invalid sta_id %u\n", sta_id);
43 		return -EINVAL;
44 	}
45 	if (!(priv->stations[sta_id].used & IWL_STA_DRIVER_ACTIVE))
46 		IWL_ERR(priv, "ACTIVATE a non DRIVER active station id %u "
47 			"addr %pM\n",
48 			sta_id, priv->stations[sta_id].sta.sta.addr);
49 
50 	if (priv->stations[sta_id].used & IWL_STA_UCODE_ACTIVE) {
51 		IWL_DEBUG_ASSOC(priv,
52 				"STA id %u addr %pM already present in uCode "
53 				"(according to driver)\n",
54 				sta_id, priv->stations[sta_id].sta.sta.addr);
55 	} else {
56 		priv->stations[sta_id].used |= IWL_STA_UCODE_ACTIVE;
57 		IWL_DEBUG_ASSOC(priv, "Added STA id %u addr %pM to uCode\n",
58 				sta_id, priv->stations[sta_id].sta.sta.addr);
59 	}
60 	return 0;
61 }
62 
63 static void iwl_process_add_sta_resp(struct iwl_priv *priv,
64 				     struct iwl_rx_packet *pkt)
65 {
66 	struct iwl_add_sta_resp *add_sta_resp = (void *)pkt->data;
67 
68 	IWL_DEBUG_INFO(priv, "Processing response for adding station\n");
69 
70 	spin_lock_bh(&priv->sta_lock);
71 
72 	switch (add_sta_resp->status) {
73 	case ADD_STA_SUCCESS_MSK:
74 		IWL_DEBUG_INFO(priv, "REPLY_ADD_STA PASSED\n");
75 		break;
76 	case ADD_STA_NO_ROOM_IN_TABLE:
77 		IWL_ERR(priv, "Adding station failed, no room in table.\n");
78 		break;
79 	case ADD_STA_NO_BLOCK_ACK_RESOURCE:
80 		IWL_ERR(priv,
81 			"Adding station failed, no block ack resource.\n");
82 		break;
83 	case ADD_STA_MODIFY_NON_EXIST_STA:
84 		IWL_ERR(priv, "Attempting to modify non-existing station\n");
85 		break;
86 	default:
87 		IWL_DEBUG_ASSOC(priv, "Received REPLY_ADD_STA:(0x%08X)\n",
88 				add_sta_resp->status);
89 		break;
90 	}
91 
92 	spin_unlock_bh(&priv->sta_lock);
93 }
94 
95 void iwl_add_sta_callback(struct iwl_priv *priv, struct iwl_rx_cmd_buffer *rxb)
96 {
97 	struct iwl_rx_packet *pkt = rxb_addr(rxb);
98 
99 	iwl_process_add_sta_resp(priv, pkt);
100 }
101 
102 int iwl_send_add_sta(struct iwl_priv *priv,
103 		     struct iwl_addsta_cmd *sta, u8 flags)
104 {
105 	int ret = 0;
106 	struct iwl_host_cmd cmd = {
107 		.id = REPLY_ADD_STA,
108 		.flags = flags,
109 		.data = { sta, },
110 		.len = { sizeof(*sta), },
111 	};
112 	u8 sta_id __maybe_unused = sta->sta.sta_id;
113 	struct iwl_rx_packet *pkt;
114 	struct iwl_add_sta_resp *add_sta_resp;
115 
116 	IWL_DEBUG_INFO(priv, "Adding sta %u (%pM) %ssynchronously\n",
117 		       sta_id, sta->sta.addr, flags & CMD_ASYNC ?  "a" : "");
118 
119 	if (!(flags & CMD_ASYNC)) {
120 		cmd.flags |= CMD_WANT_SKB;
121 		might_sleep();
122 	}
123 
124 	ret = iwl_dvm_send_cmd(priv, &cmd);
125 
126 	if (ret || (flags & CMD_ASYNC))
127 		return ret;
128 
129 	pkt = cmd.resp_pkt;
130 	add_sta_resp = (void *)pkt->data;
131 
132 	/* debug messages are printed in the handler */
133 	if (add_sta_resp->status == ADD_STA_SUCCESS_MSK) {
134 		spin_lock_bh(&priv->sta_lock);
135 		ret = iwl_sta_ucode_activate(priv, sta_id);
136 		spin_unlock_bh(&priv->sta_lock);
137 	} else {
138 		ret = -EIO;
139 	}
140 
141 	iwl_free_resp(&cmd);
142 
143 	return ret;
144 }
145 
146 bool iwl_is_ht40_tx_allowed(struct iwl_priv *priv,
147 			    struct iwl_rxon_context *ctx,
148 			    struct ieee80211_sta *sta)
149 {
150 	if (!ctx->ht.enabled || !ctx->ht.is_40mhz)
151 		return false;
152 
153 #ifdef CONFIG_IWLWIFI_DEBUGFS
154 	if (priv->disable_ht40)
155 		return false;
156 #endif
157 
158 	/* special case for RXON */
159 	if (!sta)
160 		return true;
161 
162 	return sta->bandwidth >= IEEE80211_STA_RX_BW_40;
163 }
164 
165 static void iwl_sta_calc_ht_flags(struct iwl_priv *priv,
166 				  struct ieee80211_sta *sta,
167 				  struct iwl_rxon_context *ctx,
168 				  __le32 *flags, __le32 *mask)
169 {
170 	struct ieee80211_sta_ht_cap *sta_ht_inf = &sta->ht_cap;
171 
172 	*mask = STA_FLG_RTS_MIMO_PROT_MSK |
173 		STA_FLG_MIMO_DIS_MSK |
174 		STA_FLG_HT40_EN_MSK |
175 		STA_FLG_MAX_AGG_SIZE_MSK |
176 		STA_FLG_AGG_MPDU_DENSITY_MSK;
177 	*flags = 0;
178 
179 	if (!sta || !sta_ht_inf->ht_supported)
180 		return;
181 
182 	IWL_DEBUG_INFO(priv, "STA %pM SM PS mode: %s\n",
183 			sta->addr,
184 			(sta->smps_mode == IEEE80211_SMPS_STATIC) ?
185 			"static" :
186 			(sta->smps_mode == IEEE80211_SMPS_DYNAMIC) ?
187 			"dynamic" : "disabled");
188 
189 	switch (sta->smps_mode) {
190 	case IEEE80211_SMPS_STATIC:
191 		*flags |= STA_FLG_MIMO_DIS_MSK;
192 		break;
193 	case IEEE80211_SMPS_DYNAMIC:
194 		*flags |= STA_FLG_RTS_MIMO_PROT_MSK;
195 		break;
196 	case IEEE80211_SMPS_OFF:
197 		break;
198 	default:
199 		IWL_WARN(priv, "Invalid MIMO PS mode %d\n", sta->smps_mode);
200 		break;
201 	}
202 
203 	*flags |= cpu_to_le32(
204 		(u32)sta_ht_inf->ampdu_factor << STA_FLG_MAX_AGG_SIZE_POS);
205 
206 	*flags |= cpu_to_le32(
207 		(u32)sta_ht_inf->ampdu_density << STA_FLG_AGG_MPDU_DENSITY_POS);
208 
209 	if (iwl_is_ht40_tx_allowed(priv, ctx, sta))
210 		*flags |= STA_FLG_HT40_EN_MSK;
211 }
212 
213 int iwl_sta_update_ht(struct iwl_priv *priv, struct iwl_rxon_context *ctx,
214 		      struct ieee80211_sta *sta)
215 {
216 	u8 sta_id = iwl_sta_id(sta);
217 	__le32 flags, mask;
218 	struct iwl_addsta_cmd cmd;
219 
220 	if (WARN_ON_ONCE(sta_id == IWL_INVALID_STATION))
221 		return -EINVAL;
222 
223 	iwl_sta_calc_ht_flags(priv, sta, ctx, &flags, &mask);
224 
225 	spin_lock_bh(&priv->sta_lock);
226 	priv->stations[sta_id].sta.station_flags &= ~mask;
227 	priv->stations[sta_id].sta.station_flags |= flags;
228 	spin_unlock_bh(&priv->sta_lock);
229 
230 	memset(&cmd, 0, sizeof(cmd));
231 	cmd.mode = STA_CONTROL_MODIFY_MSK;
232 	cmd.station_flags_msk = mask;
233 	cmd.station_flags = flags;
234 	cmd.sta.sta_id = sta_id;
235 
236 	return iwl_send_add_sta(priv, &cmd, 0);
237 }
238 
239 static void iwl_set_ht_add_station(struct iwl_priv *priv, u8 index,
240 				   struct ieee80211_sta *sta,
241 				   struct iwl_rxon_context *ctx)
242 {
243 	__le32 flags, mask;
244 
245 	iwl_sta_calc_ht_flags(priv, sta, ctx, &flags, &mask);
246 
247 	lockdep_assert_held(&priv->sta_lock);
248 	priv->stations[index].sta.station_flags &= ~mask;
249 	priv->stations[index].sta.station_flags |= flags;
250 }
251 
252 /**
253  * iwl_prep_station - Prepare station information for addition
254  *
255  * should be called with sta_lock held
256  */
257 u8 iwl_prep_station(struct iwl_priv *priv, struct iwl_rxon_context *ctx,
258 		    const u8 *addr, bool is_ap, struct ieee80211_sta *sta)
259 {
260 	struct iwl_station_entry *station;
261 	int i;
262 	u8 sta_id = IWL_INVALID_STATION;
263 
264 	if (is_ap)
265 		sta_id = ctx->ap_sta_id;
266 	else if (is_broadcast_ether_addr(addr))
267 		sta_id = ctx->bcast_sta_id;
268 	else
269 		for (i = IWL_STA_ID; i < IWLAGN_STATION_COUNT; i++) {
270 			if (ether_addr_equal(priv->stations[i].sta.sta.addr,
271 					     addr)) {
272 				sta_id = i;
273 				break;
274 			}
275 
276 			if (!priv->stations[i].used &&
277 			    sta_id == IWL_INVALID_STATION)
278 				sta_id = i;
279 		}
280 
281 	/*
282 	 * These two conditions have the same outcome, but keep them
283 	 * separate
284 	 */
285 	if (unlikely(sta_id == IWL_INVALID_STATION))
286 		return sta_id;
287 
288 	/*
289 	 * uCode is not able to deal with multiple requests to add a
290 	 * station. Keep track if one is in progress so that we do not send
291 	 * another.
292 	 */
293 	if (priv->stations[sta_id].used & IWL_STA_UCODE_INPROGRESS) {
294 		IWL_DEBUG_INFO(priv, "STA %d already in process of being "
295 			       "added.\n", sta_id);
296 		return sta_id;
297 	}
298 
299 	if ((priv->stations[sta_id].used & IWL_STA_DRIVER_ACTIVE) &&
300 	    (priv->stations[sta_id].used & IWL_STA_UCODE_ACTIVE) &&
301 	    ether_addr_equal(priv->stations[sta_id].sta.sta.addr, addr)) {
302 		IWL_DEBUG_ASSOC(priv, "STA %d (%pM) already added, not "
303 				"adding again.\n", sta_id, addr);
304 		return sta_id;
305 	}
306 
307 	station = &priv->stations[sta_id];
308 	station->used = IWL_STA_DRIVER_ACTIVE;
309 	IWL_DEBUG_ASSOC(priv, "Add STA to driver ID %d: %pM\n",
310 			sta_id, addr);
311 	priv->num_stations++;
312 
313 	/* Set up the REPLY_ADD_STA command to send to device */
314 	memset(&station->sta, 0, sizeof(struct iwl_addsta_cmd));
315 	memcpy(station->sta.sta.addr, addr, ETH_ALEN);
316 	station->sta.mode = 0;
317 	station->sta.sta.sta_id = sta_id;
318 	station->sta.station_flags = ctx->station_flags;
319 	station->ctxid = ctx->ctxid;
320 
321 	if (sta) {
322 		struct iwl_station_priv *sta_priv;
323 
324 		sta_priv = (void *)sta->drv_priv;
325 		sta_priv->ctx = ctx;
326 	}
327 
328 	/*
329 	 * OK to call unconditionally, since local stations (IBSS BSSID
330 	 * STA and broadcast STA) pass in a NULL sta, and mac80211
331 	 * doesn't allow HT IBSS.
332 	 */
333 	iwl_set_ht_add_station(priv, sta_id, sta, ctx);
334 
335 	return sta_id;
336 
337 }
338 
339 #define STA_WAIT_TIMEOUT (HZ/2)
340 
341 /**
342  * iwl_add_station_common -
343  */
344 int iwl_add_station_common(struct iwl_priv *priv, struct iwl_rxon_context *ctx,
345 			   const u8 *addr, bool is_ap,
346 			   struct ieee80211_sta *sta, u8 *sta_id_r)
347 {
348 	int ret = 0;
349 	u8 sta_id;
350 	struct iwl_addsta_cmd sta_cmd;
351 
352 	*sta_id_r = 0;
353 	spin_lock_bh(&priv->sta_lock);
354 	sta_id = iwl_prep_station(priv, ctx, addr, is_ap, sta);
355 	if (sta_id == IWL_INVALID_STATION) {
356 		IWL_ERR(priv, "Unable to prepare station %pM for addition\n",
357 			addr);
358 		spin_unlock_bh(&priv->sta_lock);
359 		return -EINVAL;
360 	}
361 
362 	/*
363 	 * uCode is not able to deal with multiple requests to add a
364 	 * station. Keep track if one is in progress so that we do not send
365 	 * another.
366 	 */
367 	if (priv->stations[sta_id].used & IWL_STA_UCODE_INPROGRESS) {
368 		IWL_DEBUG_INFO(priv, "STA %d already in process of being "
369 			       "added.\n", sta_id);
370 		spin_unlock_bh(&priv->sta_lock);
371 		return -EEXIST;
372 	}
373 
374 	if ((priv->stations[sta_id].used & IWL_STA_DRIVER_ACTIVE) &&
375 	    (priv->stations[sta_id].used & IWL_STA_UCODE_ACTIVE)) {
376 		IWL_DEBUG_ASSOC(priv, "STA %d (%pM) already added, not "
377 				"adding again.\n", sta_id, addr);
378 		spin_unlock_bh(&priv->sta_lock);
379 		return -EEXIST;
380 	}
381 
382 	priv->stations[sta_id].used |= IWL_STA_UCODE_INPROGRESS;
383 	memcpy(&sta_cmd, &priv->stations[sta_id].sta,
384 	       sizeof(struct iwl_addsta_cmd));
385 	spin_unlock_bh(&priv->sta_lock);
386 
387 	/* Add station to device's station table */
388 	ret = iwl_send_add_sta(priv, &sta_cmd, 0);
389 	if (ret) {
390 		spin_lock_bh(&priv->sta_lock);
391 		IWL_ERR(priv, "Adding station %pM failed.\n",
392 			priv->stations[sta_id].sta.sta.addr);
393 		priv->stations[sta_id].used &= ~IWL_STA_DRIVER_ACTIVE;
394 		priv->stations[sta_id].used &= ~IWL_STA_UCODE_INPROGRESS;
395 		spin_unlock_bh(&priv->sta_lock);
396 	}
397 	*sta_id_r = sta_id;
398 	return ret;
399 }
400 
401 /**
402  * iwl_sta_ucode_deactivate - deactivate ucode status for a station
403  */
404 static void iwl_sta_ucode_deactivate(struct iwl_priv *priv, u8 sta_id)
405 {
406 	lockdep_assert_held(&priv->sta_lock);
407 
408 	/* Ucode must be active and driver must be non active */
409 	if ((priv->stations[sta_id].used &
410 	     (IWL_STA_UCODE_ACTIVE | IWL_STA_DRIVER_ACTIVE)) !=
411 	      IWL_STA_UCODE_ACTIVE)
412 		IWL_ERR(priv, "removed non active STA %u\n", sta_id);
413 
414 	priv->stations[sta_id].used &= ~IWL_STA_UCODE_ACTIVE;
415 
416 	memset(&priv->stations[sta_id], 0, sizeof(struct iwl_station_entry));
417 	IWL_DEBUG_ASSOC(priv, "Removed STA %u\n", sta_id);
418 }
419 
420 static int iwl_send_remove_station(struct iwl_priv *priv,
421 				   const u8 *addr, int sta_id,
422 				   bool temporary)
423 {
424 	struct iwl_rx_packet *pkt;
425 	int ret;
426 	struct iwl_rem_sta_cmd rm_sta_cmd;
427 	struct iwl_rem_sta_resp *rem_sta_resp;
428 
429 	struct iwl_host_cmd cmd = {
430 		.id = REPLY_REMOVE_STA,
431 		.len = { sizeof(struct iwl_rem_sta_cmd), },
432 		.data = { &rm_sta_cmd, },
433 	};
434 
435 	memset(&rm_sta_cmd, 0, sizeof(rm_sta_cmd));
436 	rm_sta_cmd.num_sta = 1;
437 	memcpy(&rm_sta_cmd.addr, addr, ETH_ALEN);
438 
439 	cmd.flags |= CMD_WANT_SKB;
440 
441 	ret = iwl_dvm_send_cmd(priv, &cmd);
442 
443 	if (ret)
444 		return ret;
445 
446 	pkt = cmd.resp_pkt;
447 	rem_sta_resp = (void *)pkt->data;
448 
449 	switch (rem_sta_resp->status) {
450 	case REM_STA_SUCCESS_MSK:
451 		if (!temporary) {
452 			spin_lock_bh(&priv->sta_lock);
453 			iwl_sta_ucode_deactivate(priv, sta_id);
454 			spin_unlock_bh(&priv->sta_lock);
455 		}
456 		IWL_DEBUG_ASSOC(priv, "REPLY_REMOVE_STA PASSED\n");
457 		break;
458 	default:
459 		ret = -EIO;
460 		IWL_ERR(priv, "REPLY_REMOVE_STA failed\n");
461 		break;
462 	}
463 
464 	iwl_free_resp(&cmd);
465 
466 	return ret;
467 }
468 
469 /**
470  * iwl_remove_station - Remove driver's knowledge of station.
471  */
472 int iwl_remove_station(struct iwl_priv *priv, const u8 sta_id,
473 		       const u8 *addr)
474 {
475 	u8 tid;
476 
477 	if (!iwl_is_ready(priv)) {
478 		IWL_DEBUG_INFO(priv,
479 			"Unable to remove station %pM, device not ready.\n",
480 			addr);
481 		/*
482 		 * It is typical for stations to be removed when we are
483 		 * going down. Return success since device will be down
484 		 * soon anyway
485 		 */
486 		return 0;
487 	}
488 
489 	IWL_DEBUG_ASSOC(priv, "Removing STA from driver:%d  %pM\n",
490 			sta_id, addr);
491 
492 	if (WARN_ON(sta_id == IWL_INVALID_STATION))
493 		return -EINVAL;
494 
495 	spin_lock_bh(&priv->sta_lock);
496 
497 	if (!(priv->stations[sta_id].used & IWL_STA_DRIVER_ACTIVE)) {
498 		IWL_DEBUG_INFO(priv, "Removing %pM but non DRIVER active\n",
499 				addr);
500 		goto out_err;
501 	}
502 
503 	if (!(priv->stations[sta_id].used & IWL_STA_UCODE_ACTIVE)) {
504 		IWL_DEBUG_INFO(priv, "Removing %pM but non UCODE active\n",
505 				addr);
506 		goto out_err;
507 	}
508 
509 	if (priv->stations[sta_id].used & IWL_STA_LOCAL) {
510 		kfree(priv->stations[sta_id].lq);
511 		priv->stations[sta_id].lq = NULL;
512 	}
513 
514 	for (tid = 0; tid < IWL_MAX_TID_COUNT; tid++)
515 		memset(&priv->tid_data[sta_id][tid], 0,
516 			sizeof(priv->tid_data[sta_id][tid]));
517 
518 	priv->stations[sta_id].used &= ~IWL_STA_DRIVER_ACTIVE;
519 
520 	priv->num_stations--;
521 
522 	if (WARN_ON(priv->num_stations < 0))
523 		priv->num_stations = 0;
524 
525 	spin_unlock_bh(&priv->sta_lock);
526 
527 	return iwl_send_remove_station(priv, addr, sta_id, false);
528 out_err:
529 	spin_unlock_bh(&priv->sta_lock);
530 	return -EINVAL;
531 }
532 
533 void iwl_deactivate_station(struct iwl_priv *priv, const u8 sta_id,
534 			    const u8 *addr)
535 {
536 	u8 tid;
537 
538 	if (!iwl_is_ready(priv)) {
539 		IWL_DEBUG_INFO(priv,
540 			"Unable to remove station %pM, device not ready.\n",
541 			addr);
542 		return;
543 	}
544 
545 	IWL_DEBUG_ASSOC(priv, "Deactivating STA: %pM (%d)\n", addr, sta_id);
546 
547 	if (WARN_ON_ONCE(sta_id == IWL_INVALID_STATION))
548 		return;
549 
550 	spin_lock_bh(&priv->sta_lock);
551 
552 	WARN_ON_ONCE(!(priv->stations[sta_id].used & IWL_STA_DRIVER_ACTIVE));
553 
554 	for (tid = 0; tid < IWL_MAX_TID_COUNT; tid++)
555 		memset(&priv->tid_data[sta_id][tid], 0,
556 			sizeof(priv->tid_data[sta_id][tid]));
557 
558 	priv->stations[sta_id].used &= ~IWL_STA_DRIVER_ACTIVE;
559 	priv->stations[sta_id].used &= ~IWL_STA_UCODE_INPROGRESS;
560 
561 	priv->num_stations--;
562 
563 	if (WARN_ON_ONCE(priv->num_stations < 0))
564 		priv->num_stations = 0;
565 
566 	spin_unlock_bh(&priv->sta_lock);
567 }
568 
569 static void iwl_sta_fill_lq(struct iwl_priv *priv, struct iwl_rxon_context *ctx,
570 			    u8 sta_id, struct iwl_link_quality_cmd *link_cmd)
571 {
572 	int i, r;
573 	u32 rate_flags = 0;
574 	__le32 rate_n_flags;
575 
576 	lockdep_assert_held(&priv->mutex);
577 
578 	memset(link_cmd, 0, sizeof(*link_cmd));
579 
580 	/* Set up the rate scaling to start at selected rate, fall back
581 	 * all the way down to 1M in IEEE order, and then spin on 1M */
582 	if (priv->band == NL80211_BAND_5GHZ)
583 		r = IWL_RATE_6M_INDEX;
584 	else if (ctx && ctx->vif && ctx->vif->p2p)
585 		r = IWL_RATE_6M_INDEX;
586 	else
587 		r = IWL_RATE_1M_INDEX;
588 
589 	if (r >= IWL_FIRST_CCK_RATE && r <= IWL_LAST_CCK_RATE)
590 		rate_flags |= RATE_MCS_CCK_MSK;
591 
592 	rate_flags |= first_antenna(priv->nvm_data->valid_tx_ant) <<
593 				RATE_MCS_ANT_POS;
594 	rate_n_flags = iwl_hw_set_rate_n_flags(iwl_rates[r].plcp, rate_flags);
595 	for (i = 0; i < LINK_QUAL_MAX_RETRY_NUM; i++)
596 		link_cmd->rs_table[i].rate_n_flags = rate_n_flags;
597 
598 	link_cmd->general_params.single_stream_ant_msk =
599 			first_antenna(priv->nvm_data->valid_tx_ant);
600 
601 	link_cmd->general_params.dual_stream_ant_msk =
602 		priv->nvm_data->valid_tx_ant &
603 		~first_antenna(priv->nvm_data->valid_tx_ant);
604 	if (!link_cmd->general_params.dual_stream_ant_msk) {
605 		link_cmd->general_params.dual_stream_ant_msk = ANT_AB;
606 	} else if (num_of_ant(priv->nvm_data->valid_tx_ant) == 2) {
607 		link_cmd->general_params.dual_stream_ant_msk =
608 			priv->nvm_data->valid_tx_ant;
609 	}
610 
611 	link_cmd->agg_params.agg_dis_start_th =
612 		LINK_QUAL_AGG_DISABLE_START_DEF;
613 	link_cmd->agg_params.agg_time_limit =
614 		cpu_to_le16(LINK_QUAL_AGG_TIME_LIMIT_DEF);
615 
616 	link_cmd->sta_id = sta_id;
617 }
618 
619 /**
620  * iwl_clear_ucode_stations - clear ucode station table bits
621  *
622  * This function clears all the bits in the driver indicating
623  * which stations are active in the ucode. Call when something
624  * other than explicit station management would cause this in
625  * the ucode, e.g. unassociated RXON.
626  */
627 void iwl_clear_ucode_stations(struct iwl_priv *priv,
628 			      struct iwl_rxon_context *ctx)
629 {
630 	int i;
631 	bool cleared = false;
632 
633 	IWL_DEBUG_INFO(priv, "Clearing ucode stations in driver\n");
634 
635 	spin_lock_bh(&priv->sta_lock);
636 	for (i = 0; i < IWLAGN_STATION_COUNT; i++) {
637 		if (ctx && ctx->ctxid != priv->stations[i].ctxid)
638 			continue;
639 
640 		if (priv->stations[i].used & IWL_STA_UCODE_ACTIVE) {
641 			IWL_DEBUG_INFO(priv,
642 				"Clearing ucode active for station %d\n", i);
643 			priv->stations[i].used &= ~IWL_STA_UCODE_ACTIVE;
644 			cleared = true;
645 		}
646 	}
647 	spin_unlock_bh(&priv->sta_lock);
648 
649 	if (!cleared)
650 		IWL_DEBUG_INFO(priv,
651 			       "No active stations found to be cleared\n");
652 }
653 
654 /**
655  * iwl_restore_stations() - Restore driver known stations to device
656  *
657  * All stations considered active by driver, but not present in ucode, is
658  * restored.
659  *
660  * Function sleeps.
661  */
662 void iwl_restore_stations(struct iwl_priv *priv, struct iwl_rxon_context *ctx)
663 {
664 	struct iwl_addsta_cmd sta_cmd;
665 	static const struct iwl_link_quality_cmd zero_lq = {};
666 	struct iwl_link_quality_cmd lq;
667 	int i;
668 	bool found = false;
669 	int ret;
670 	bool send_lq;
671 
672 	if (!iwl_is_ready(priv)) {
673 		IWL_DEBUG_INFO(priv,
674 			       "Not ready yet, not restoring any stations.\n");
675 		return;
676 	}
677 
678 	IWL_DEBUG_ASSOC(priv, "Restoring all known stations ... start.\n");
679 	spin_lock_bh(&priv->sta_lock);
680 	for (i = 0; i < IWLAGN_STATION_COUNT; i++) {
681 		if (ctx->ctxid != priv->stations[i].ctxid)
682 			continue;
683 		if ((priv->stations[i].used & IWL_STA_DRIVER_ACTIVE) &&
684 			    !(priv->stations[i].used & IWL_STA_UCODE_ACTIVE)) {
685 			IWL_DEBUG_ASSOC(priv, "Restoring sta %pM\n",
686 					priv->stations[i].sta.sta.addr);
687 			priv->stations[i].sta.mode = 0;
688 			priv->stations[i].used |= IWL_STA_UCODE_INPROGRESS;
689 			found = true;
690 		}
691 	}
692 
693 	for (i = 0; i < IWLAGN_STATION_COUNT; i++) {
694 		if ((priv->stations[i].used & IWL_STA_UCODE_INPROGRESS)) {
695 			memcpy(&sta_cmd, &priv->stations[i].sta,
696 			       sizeof(struct iwl_addsta_cmd));
697 			send_lq = false;
698 			if (priv->stations[i].lq) {
699 				if (priv->wowlan)
700 					iwl_sta_fill_lq(priv, ctx, i, &lq);
701 				else
702 					memcpy(&lq, priv->stations[i].lq,
703 					       sizeof(struct iwl_link_quality_cmd));
704 
705 				if (memcmp(&lq, &zero_lq, sizeof(lq)))
706 					send_lq = true;
707 			}
708 			spin_unlock_bh(&priv->sta_lock);
709 			ret = iwl_send_add_sta(priv, &sta_cmd, 0);
710 			if (ret) {
711 				spin_lock_bh(&priv->sta_lock);
712 				IWL_ERR(priv, "Adding station %pM failed.\n",
713 					priv->stations[i].sta.sta.addr);
714 				priv->stations[i].used &=
715 						~IWL_STA_DRIVER_ACTIVE;
716 				priv->stations[i].used &=
717 						~IWL_STA_UCODE_INPROGRESS;
718 				continue;
719 			}
720 			/*
721 			 * Rate scaling has already been initialized, send
722 			 * current LQ command
723 			 */
724 			if (send_lq)
725 				iwl_send_lq_cmd(priv, ctx, &lq, 0, true);
726 			spin_lock_bh(&priv->sta_lock);
727 			priv->stations[i].used &= ~IWL_STA_UCODE_INPROGRESS;
728 		}
729 	}
730 
731 	spin_unlock_bh(&priv->sta_lock);
732 	if (!found)
733 		IWL_DEBUG_INFO(priv, "Restoring all known stations .... "
734 			"no stations to be restored.\n");
735 	else
736 		IWL_DEBUG_INFO(priv, "Restoring all known stations .... "
737 			"complete.\n");
738 }
739 
740 int iwl_get_free_ucode_key_offset(struct iwl_priv *priv)
741 {
742 	int i;
743 
744 	for (i = 0; i < priv->sta_key_max_num; i++)
745 		if (!test_and_set_bit(i, &priv->ucode_key_table))
746 			return i;
747 
748 	return WEP_INVALID_OFFSET;
749 }
750 
751 void iwl_dealloc_bcast_stations(struct iwl_priv *priv)
752 {
753 	int i;
754 
755 	spin_lock_bh(&priv->sta_lock);
756 	for (i = 0; i < IWLAGN_STATION_COUNT; i++) {
757 		if (!(priv->stations[i].used & IWL_STA_BCAST))
758 			continue;
759 
760 		priv->stations[i].used &= ~IWL_STA_UCODE_ACTIVE;
761 		priv->num_stations--;
762 		if (WARN_ON(priv->num_stations < 0))
763 			priv->num_stations = 0;
764 		kfree(priv->stations[i].lq);
765 		priv->stations[i].lq = NULL;
766 	}
767 	spin_unlock_bh(&priv->sta_lock);
768 }
769 
770 #ifdef CONFIG_IWLWIFI_DEBUG
771 static void iwl_dump_lq_cmd(struct iwl_priv *priv,
772 			   struct iwl_link_quality_cmd *lq)
773 {
774 	int i;
775 	IWL_DEBUG_RATE(priv, "lq station id 0x%x\n", lq->sta_id);
776 	IWL_DEBUG_RATE(priv, "lq ant 0x%X 0x%X\n",
777 		       lq->general_params.single_stream_ant_msk,
778 		       lq->general_params.dual_stream_ant_msk);
779 
780 	for (i = 0; i < LINK_QUAL_MAX_RETRY_NUM; i++)
781 		IWL_DEBUG_RATE(priv, "lq index %d 0x%X\n",
782 			       i, lq->rs_table[i].rate_n_flags);
783 }
784 #else
785 static inline void iwl_dump_lq_cmd(struct iwl_priv *priv,
786 				   struct iwl_link_quality_cmd *lq)
787 {
788 }
789 #endif
790 
791 /**
792  * is_lq_table_valid() - Test one aspect of LQ cmd for validity
793  *
794  * It sometimes happens when a HT rate has been in use and we
795  * loose connectivity with AP then mac80211 will first tell us that the
796  * current channel is not HT anymore before removing the station. In such a
797  * scenario the RXON flags will be updated to indicate we are not
798  * communicating HT anymore, but the LQ command may still contain HT rates.
799  * Test for this to prevent driver from sending LQ command between the time
800  * RXON flags are updated and when LQ command is updated.
801  */
802 static bool is_lq_table_valid(struct iwl_priv *priv,
803 			      struct iwl_rxon_context *ctx,
804 			      struct iwl_link_quality_cmd *lq)
805 {
806 	int i;
807 
808 	if (ctx->ht.enabled)
809 		return true;
810 
811 	IWL_DEBUG_INFO(priv, "Channel %u is not an HT channel\n",
812 		       ctx->active.channel);
813 	for (i = 0; i < LINK_QUAL_MAX_RETRY_NUM; i++) {
814 		if (le32_to_cpu(lq->rs_table[i].rate_n_flags) &
815 		    RATE_MCS_HT_MSK) {
816 			IWL_DEBUG_INFO(priv,
817 				       "index %d of LQ expects HT channel\n",
818 				       i);
819 			return false;
820 		}
821 	}
822 	return true;
823 }
824 
825 /**
826  * iwl_send_lq_cmd() - Send link quality command
827  * @init: This command is sent as part of station initialization right
828  *        after station has been added.
829  *
830  * The link quality command is sent as the last step of station creation.
831  * This is the special case in which init is set and we call a callback in
832  * this case to clear the state indicating that station creation is in
833  * progress.
834  */
835 int iwl_send_lq_cmd(struct iwl_priv *priv, struct iwl_rxon_context *ctx,
836 		    struct iwl_link_quality_cmd *lq, u8 flags, bool init)
837 {
838 	int ret = 0;
839 	struct iwl_host_cmd cmd = {
840 		.id = REPLY_TX_LINK_QUALITY_CMD,
841 		.len = { sizeof(struct iwl_link_quality_cmd), },
842 		.flags = flags,
843 		.data = { lq, },
844 	};
845 
846 	if (WARN_ON(lq->sta_id == IWL_INVALID_STATION))
847 		return -EINVAL;
848 
849 
850 	spin_lock_bh(&priv->sta_lock);
851 	if (!(priv->stations[lq->sta_id].used & IWL_STA_DRIVER_ACTIVE)) {
852 		spin_unlock_bh(&priv->sta_lock);
853 		return -EINVAL;
854 	}
855 	spin_unlock_bh(&priv->sta_lock);
856 
857 	iwl_dump_lq_cmd(priv, lq);
858 	if (WARN_ON(init && (cmd.flags & CMD_ASYNC)))
859 		return -EINVAL;
860 
861 	if (is_lq_table_valid(priv, ctx, lq))
862 		ret = iwl_dvm_send_cmd(priv, &cmd);
863 	else
864 		ret = -EINVAL;
865 
866 	if (cmd.flags & CMD_ASYNC)
867 		return ret;
868 
869 	if (init) {
870 		IWL_DEBUG_INFO(priv, "init LQ command complete, "
871 			       "clearing sta addition status for sta %d\n",
872 			       lq->sta_id);
873 		spin_lock_bh(&priv->sta_lock);
874 		priv->stations[lq->sta_id].used &= ~IWL_STA_UCODE_INPROGRESS;
875 		spin_unlock_bh(&priv->sta_lock);
876 	}
877 	return ret;
878 }
879 
880 
881 static struct iwl_link_quality_cmd *
882 iwl_sta_alloc_lq(struct iwl_priv *priv, struct iwl_rxon_context *ctx,
883 		 u8 sta_id)
884 {
885 	struct iwl_link_quality_cmd *link_cmd;
886 
887 	link_cmd = kzalloc(sizeof(struct iwl_link_quality_cmd), GFP_KERNEL);
888 	if (!link_cmd) {
889 		IWL_ERR(priv, "Unable to allocate memory for LQ cmd.\n");
890 		return NULL;
891 	}
892 
893 	iwl_sta_fill_lq(priv, ctx, sta_id, link_cmd);
894 
895 	return link_cmd;
896 }
897 
898 /*
899  * iwlagn_add_bssid_station - Add the special IBSS BSSID station
900  *
901  * Function sleeps.
902  */
903 int iwlagn_add_bssid_station(struct iwl_priv *priv,
904 			     struct iwl_rxon_context *ctx,
905 			     const u8 *addr, u8 *sta_id_r)
906 {
907 	int ret;
908 	u8 sta_id;
909 	struct iwl_link_quality_cmd *link_cmd;
910 
911 	if (sta_id_r)
912 		*sta_id_r = IWL_INVALID_STATION;
913 
914 	ret = iwl_add_station_common(priv, ctx, addr, 0, NULL, &sta_id);
915 	if (ret) {
916 		IWL_ERR(priv, "Unable to add station %pM\n", addr);
917 		return ret;
918 	}
919 
920 	if (sta_id_r)
921 		*sta_id_r = sta_id;
922 
923 	spin_lock_bh(&priv->sta_lock);
924 	priv->stations[sta_id].used |= IWL_STA_LOCAL;
925 	spin_unlock_bh(&priv->sta_lock);
926 
927 	/* Set up default rate scaling table in device's station table */
928 	link_cmd = iwl_sta_alloc_lq(priv, ctx, sta_id);
929 	if (!link_cmd) {
930 		IWL_ERR(priv,
931 			"Unable to initialize rate scaling for station %pM.\n",
932 			addr);
933 		return -ENOMEM;
934 	}
935 
936 	ret = iwl_send_lq_cmd(priv, ctx, link_cmd, 0, true);
937 	if (ret)
938 		IWL_ERR(priv, "Link quality command failed (%d)\n", ret);
939 
940 	spin_lock_bh(&priv->sta_lock);
941 	priv->stations[sta_id].lq = link_cmd;
942 	spin_unlock_bh(&priv->sta_lock);
943 
944 	return 0;
945 }
946 
947 /*
948  * static WEP keys
949  *
950  * For each context, the device has a table of 4 static WEP keys
951  * (one for each key index) that is updated with the following
952  * commands.
953  */
954 
955 static int iwl_send_static_wepkey_cmd(struct iwl_priv *priv,
956 				      struct iwl_rxon_context *ctx,
957 				      bool send_if_empty)
958 {
959 	int i, not_empty = 0;
960 	u8 buff[sizeof(struct iwl_wep_cmd) +
961 		sizeof(struct iwl_wep_key) * WEP_KEYS_MAX];
962 	struct iwl_wep_cmd *wep_cmd = (struct iwl_wep_cmd *)buff;
963 	size_t cmd_size  = sizeof(struct iwl_wep_cmd);
964 	struct iwl_host_cmd cmd = {
965 		.id = ctx->wep_key_cmd,
966 		.data = { wep_cmd, },
967 	};
968 
969 	might_sleep();
970 
971 	memset(wep_cmd, 0, cmd_size +
972 			(sizeof(struct iwl_wep_key) * WEP_KEYS_MAX));
973 
974 	for (i = 0; i < WEP_KEYS_MAX ; i++) {
975 		wep_cmd->key[i].key_index = i;
976 		if (ctx->wep_keys[i].key_size) {
977 			wep_cmd->key[i].key_offset = i;
978 			not_empty = 1;
979 		} else {
980 			wep_cmd->key[i].key_offset = WEP_INVALID_OFFSET;
981 		}
982 
983 		wep_cmd->key[i].key_size = ctx->wep_keys[i].key_size;
984 		memcpy(&wep_cmd->key[i].key[3], ctx->wep_keys[i].key,
985 				ctx->wep_keys[i].key_size);
986 	}
987 
988 	wep_cmd->global_key_type = WEP_KEY_WEP_TYPE;
989 	wep_cmd->num_keys = WEP_KEYS_MAX;
990 
991 	cmd_size += sizeof(struct iwl_wep_key) * WEP_KEYS_MAX;
992 
993 	cmd.len[0] = cmd_size;
994 
995 	if (not_empty || send_if_empty)
996 		return iwl_dvm_send_cmd(priv, &cmd);
997 	else
998 		return 0;
999 }
1000 
1001 int iwl_restore_default_wep_keys(struct iwl_priv *priv,
1002 				 struct iwl_rxon_context *ctx)
1003 {
1004 	lockdep_assert_held(&priv->mutex);
1005 
1006 	return iwl_send_static_wepkey_cmd(priv, ctx, false);
1007 }
1008 
1009 int iwl_remove_default_wep_key(struct iwl_priv *priv,
1010 			       struct iwl_rxon_context *ctx,
1011 			       struct ieee80211_key_conf *keyconf)
1012 {
1013 	int ret;
1014 
1015 	lockdep_assert_held(&priv->mutex);
1016 
1017 	IWL_DEBUG_WEP(priv, "Removing default WEP key: idx=%d\n",
1018 		      keyconf->keyidx);
1019 
1020 	memset(&ctx->wep_keys[keyconf->keyidx], 0, sizeof(ctx->wep_keys[0]));
1021 	if (iwl_is_rfkill(priv)) {
1022 		IWL_DEBUG_WEP(priv,
1023 			"Not sending REPLY_WEPKEY command due to RFKILL.\n");
1024 		/* but keys in device are clear anyway so return success */
1025 		return 0;
1026 	}
1027 	ret = iwl_send_static_wepkey_cmd(priv, ctx, 1);
1028 	IWL_DEBUG_WEP(priv, "Remove default WEP key: idx=%d ret=%d\n",
1029 		      keyconf->keyidx, ret);
1030 
1031 	return ret;
1032 }
1033 
1034 int iwl_set_default_wep_key(struct iwl_priv *priv,
1035 			    struct iwl_rxon_context *ctx,
1036 			    struct ieee80211_key_conf *keyconf)
1037 {
1038 	int ret;
1039 
1040 	lockdep_assert_held(&priv->mutex);
1041 
1042 	if (keyconf->keylen != WEP_KEY_LEN_128 &&
1043 	    keyconf->keylen != WEP_KEY_LEN_64) {
1044 		IWL_DEBUG_WEP(priv,
1045 			      "Bad WEP key length %d\n", keyconf->keylen);
1046 		return -EINVAL;
1047 	}
1048 
1049 	keyconf->hw_key_idx = IWLAGN_HW_KEY_DEFAULT;
1050 
1051 	ctx->wep_keys[keyconf->keyidx].key_size = keyconf->keylen;
1052 	memcpy(&ctx->wep_keys[keyconf->keyidx].key, &keyconf->key,
1053 							keyconf->keylen);
1054 
1055 	ret = iwl_send_static_wepkey_cmd(priv, ctx, false);
1056 	IWL_DEBUG_WEP(priv, "Set default WEP key: len=%d idx=%d ret=%d\n",
1057 		keyconf->keylen, keyconf->keyidx, ret);
1058 
1059 	return ret;
1060 }
1061 
1062 /*
1063  * dynamic (per-station) keys
1064  *
1065  * The dynamic keys are a little more complicated. The device has
1066  * a key cache of up to STA_KEY_MAX_NUM/STA_KEY_MAX_NUM_PAN keys.
1067  * These are linked to stations by a table that contains an index
1068  * into the key table for each station/key index/{mcast,unicast},
1069  * i.e. it's basically an array of pointers like this:
1070  *	key_offset_t key_mapping[NUM_STATIONS][4][2];
1071  * (it really works differently, but you can think of it as such)
1072  *
1073  * The key uploading and linking happens in the same command, the
1074  * add station command with STA_MODIFY_KEY_MASK.
1075  */
1076 
1077 static u8 iwlagn_key_sta_id(struct iwl_priv *priv,
1078 			    struct ieee80211_vif *vif,
1079 			    struct ieee80211_sta *sta)
1080 {
1081 	struct iwl_vif_priv *vif_priv = (void *)vif->drv_priv;
1082 
1083 	if (sta)
1084 		return iwl_sta_id(sta);
1085 
1086 	/*
1087 	 * The device expects GTKs for station interfaces to be
1088 	 * installed as GTKs for the AP station. If we have no
1089 	 * station ID, then use the ap_sta_id in that case.
1090 	 */
1091 	if (vif->type == NL80211_IFTYPE_STATION && vif_priv->ctx)
1092 		return vif_priv->ctx->ap_sta_id;
1093 
1094 	return IWL_INVALID_STATION;
1095 }
1096 
1097 static int iwlagn_send_sta_key(struct iwl_priv *priv,
1098 			       struct ieee80211_key_conf *keyconf,
1099 			       u8 sta_id, u32 tkip_iv32, u16 *tkip_p1k,
1100 			       u32 cmd_flags)
1101 {
1102 	__le16 key_flags;
1103 	struct iwl_addsta_cmd sta_cmd;
1104 	int i;
1105 
1106 	spin_lock_bh(&priv->sta_lock);
1107 	memcpy(&sta_cmd, &priv->stations[sta_id].sta, sizeof(sta_cmd));
1108 	spin_unlock_bh(&priv->sta_lock);
1109 
1110 	key_flags = cpu_to_le16(keyconf->keyidx << STA_KEY_FLG_KEYID_POS);
1111 	key_flags |= STA_KEY_FLG_MAP_KEY_MSK;
1112 
1113 	switch (keyconf->cipher) {
1114 	case WLAN_CIPHER_SUITE_CCMP:
1115 		key_flags |= STA_KEY_FLG_CCMP;
1116 		memcpy(sta_cmd.key.key, keyconf->key, keyconf->keylen);
1117 		break;
1118 	case WLAN_CIPHER_SUITE_TKIP:
1119 		key_flags |= STA_KEY_FLG_TKIP;
1120 		sta_cmd.key.tkip_rx_tsc_byte2 = tkip_iv32;
1121 		for (i = 0; i < 5; i++)
1122 			sta_cmd.key.tkip_rx_ttak[i] = cpu_to_le16(tkip_p1k[i]);
1123 		memcpy(sta_cmd.key.key, keyconf->key, keyconf->keylen);
1124 		break;
1125 	case WLAN_CIPHER_SUITE_WEP104:
1126 		key_flags |= STA_KEY_FLG_KEY_SIZE_MSK;
1127 		/* fall through */
1128 	case WLAN_CIPHER_SUITE_WEP40:
1129 		key_flags |= STA_KEY_FLG_WEP;
1130 		memcpy(&sta_cmd.key.key[3], keyconf->key, keyconf->keylen);
1131 		break;
1132 	default:
1133 		WARN_ON(1);
1134 		return -EINVAL;
1135 	}
1136 
1137 	if (!(keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE))
1138 		key_flags |= STA_KEY_MULTICAST_MSK;
1139 
1140 	/* key pointer (offset) */
1141 	sta_cmd.key.key_offset = keyconf->hw_key_idx;
1142 
1143 	sta_cmd.key.key_flags = key_flags;
1144 	sta_cmd.mode = STA_CONTROL_MODIFY_MSK;
1145 	sta_cmd.sta.modify_mask = STA_MODIFY_KEY_MASK;
1146 
1147 	return iwl_send_add_sta(priv, &sta_cmd, cmd_flags);
1148 }
1149 
1150 void iwl_update_tkip_key(struct iwl_priv *priv,
1151 			 struct ieee80211_vif *vif,
1152 			 struct ieee80211_key_conf *keyconf,
1153 			 struct ieee80211_sta *sta, u32 iv32, u16 *phase1key)
1154 {
1155 	u8 sta_id = iwlagn_key_sta_id(priv, vif, sta);
1156 
1157 	if (sta_id == IWL_INVALID_STATION)
1158 		return;
1159 
1160 	if (iwl_scan_cancel(priv)) {
1161 		/* cancel scan failed, just live w/ bad key and rely
1162 		   briefly on SW decryption */
1163 		return;
1164 	}
1165 
1166 	iwlagn_send_sta_key(priv, keyconf, sta_id,
1167 			    iv32, phase1key, CMD_ASYNC);
1168 }
1169 
1170 int iwl_remove_dynamic_key(struct iwl_priv *priv,
1171 			   struct iwl_rxon_context *ctx,
1172 			   struct ieee80211_key_conf *keyconf,
1173 			   struct ieee80211_sta *sta)
1174 {
1175 	struct iwl_addsta_cmd sta_cmd;
1176 	u8 sta_id = iwlagn_key_sta_id(priv, ctx->vif, sta);
1177 	__le16 key_flags;
1178 
1179 	/* if station isn't there, neither is the key */
1180 	if (sta_id == IWL_INVALID_STATION)
1181 		return -ENOENT;
1182 
1183 	spin_lock_bh(&priv->sta_lock);
1184 	memcpy(&sta_cmd, &priv->stations[sta_id].sta, sizeof(sta_cmd));
1185 	if (!(priv->stations[sta_id].used & IWL_STA_UCODE_ACTIVE))
1186 		sta_id = IWL_INVALID_STATION;
1187 	spin_unlock_bh(&priv->sta_lock);
1188 
1189 	if (sta_id == IWL_INVALID_STATION)
1190 		return 0;
1191 
1192 	lockdep_assert_held(&priv->mutex);
1193 
1194 	ctx->key_mapping_keys--;
1195 
1196 	IWL_DEBUG_WEP(priv, "Remove dynamic key: idx=%d sta=%d\n",
1197 		      keyconf->keyidx, sta_id);
1198 
1199 	if (!test_and_clear_bit(keyconf->hw_key_idx, &priv->ucode_key_table))
1200 		IWL_ERR(priv, "offset %d not used in uCode key table.\n",
1201 			keyconf->hw_key_idx);
1202 
1203 	key_flags = cpu_to_le16(keyconf->keyidx << STA_KEY_FLG_KEYID_POS);
1204 	key_flags |= STA_KEY_FLG_MAP_KEY_MSK | STA_KEY_FLG_NO_ENC |
1205 		     STA_KEY_FLG_INVALID;
1206 
1207 	if (!(keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE))
1208 		key_flags |= STA_KEY_MULTICAST_MSK;
1209 
1210 	sta_cmd.key.key_flags = key_flags;
1211 	sta_cmd.key.key_offset = keyconf->hw_key_idx;
1212 	sta_cmd.sta.modify_mask = STA_MODIFY_KEY_MASK;
1213 	sta_cmd.mode = STA_CONTROL_MODIFY_MSK;
1214 
1215 	return iwl_send_add_sta(priv, &sta_cmd, 0);
1216 }
1217 
1218 int iwl_set_dynamic_key(struct iwl_priv *priv,
1219 			struct iwl_rxon_context *ctx,
1220 			struct ieee80211_key_conf *keyconf,
1221 			struct ieee80211_sta *sta)
1222 {
1223 	struct ieee80211_key_seq seq;
1224 	u16 p1k[5];
1225 	int ret;
1226 	u8 sta_id = iwlagn_key_sta_id(priv, ctx->vif, sta);
1227 	const u8 *addr;
1228 
1229 	if (sta_id == IWL_INVALID_STATION)
1230 		return -EINVAL;
1231 
1232 	lockdep_assert_held(&priv->mutex);
1233 
1234 	keyconf->hw_key_idx = iwl_get_free_ucode_key_offset(priv);
1235 	if (keyconf->hw_key_idx == WEP_INVALID_OFFSET)
1236 		return -ENOSPC;
1237 
1238 	ctx->key_mapping_keys++;
1239 
1240 	switch (keyconf->cipher) {
1241 	case WLAN_CIPHER_SUITE_TKIP:
1242 		if (sta)
1243 			addr = sta->addr;
1244 		else /* station mode case only */
1245 			addr = ctx->active.bssid_addr;
1246 
1247 		/* pre-fill phase 1 key into device cache */
1248 		ieee80211_get_key_rx_seq(keyconf, 0, &seq);
1249 		ieee80211_get_tkip_rx_p1k(keyconf, addr, seq.tkip.iv32, p1k);
1250 		ret = iwlagn_send_sta_key(priv, keyconf, sta_id,
1251 					  seq.tkip.iv32, p1k, 0);
1252 		break;
1253 	case WLAN_CIPHER_SUITE_CCMP:
1254 	case WLAN_CIPHER_SUITE_WEP40:
1255 	case WLAN_CIPHER_SUITE_WEP104:
1256 		ret = iwlagn_send_sta_key(priv, keyconf, sta_id,
1257 					  0, NULL, 0);
1258 		break;
1259 	default:
1260 		IWL_ERR(priv, "Unknown cipher %x\n", keyconf->cipher);
1261 		ret = -EINVAL;
1262 	}
1263 
1264 	if (ret) {
1265 		ctx->key_mapping_keys--;
1266 		clear_bit(keyconf->hw_key_idx, &priv->ucode_key_table);
1267 	}
1268 
1269 	IWL_DEBUG_WEP(priv, "Set dynamic key: cipher=%x len=%d idx=%d sta=%pM ret=%d\n",
1270 		      keyconf->cipher, keyconf->keylen, keyconf->keyidx,
1271 		      sta ? sta->addr : NULL, ret);
1272 
1273 	return ret;
1274 }
1275 
1276 /**
1277  * iwlagn_alloc_bcast_station - add broadcast station into driver's station table.
1278  *
1279  * This adds the broadcast station into the driver's station table
1280  * and marks it driver active, so that it will be restored to the
1281  * device at the next best time.
1282  */
1283 int iwlagn_alloc_bcast_station(struct iwl_priv *priv,
1284 			       struct iwl_rxon_context *ctx)
1285 {
1286 	struct iwl_link_quality_cmd *link_cmd;
1287 	u8 sta_id;
1288 
1289 	spin_lock_bh(&priv->sta_lock);
1290 	sta_id = iwl_prep_station(priv, ctx, iwl_bcast_addr, false, NULL);
1291 	if (sta_id == IWL_INVALID_STATION) {
1292 		IWL_ERR(priv, "Unable to prepare broadcast station\n");
1293 		spin_unlock_bh(&priv->sta_lock);
1294 
1295 		return -EINVAL;
1296 	}
1297 
1298 	priv->stations[sta_id].used |= IWL_STA_DRIVER_ACTIVE;
1299 	priv->stations[sta_id].used |= IWL_STA_BCAST;
1300 	spin_unlock_bh(&priv->sta_lock);
1301 
1302 	link_cmd = iwl_sta_alloc_lq(priv, ctx, sta_id);
1303 	if (!link_cmd) {
1304 		IWL_ERR(priv,
1305 			"Unable to initialize rate scaling for bcast station.\n");
1306 		return -ENOMEM;
1307 	}
1308 
1309 	spin_lock_bh(&priv->sta_lock);
1310 	priv->stations[sta_id].lq = link_cmd;
1311 	spin_unlock_bh(&priv->sta_lock);
1312 
1313 	return 0;
1314 }
1315 
1316 /**
1317  * iwl_update_bcast_station - update broadcast station's LQ command
1318  *
1319  * Only used by iwlagn. Placed here to have all bcast station management
1320  * code together.
1321  */
1322 int iwl_update_bcast_station(struct iwl_priv *priv,
1323 			     struct iwl_rxon_context *ctx)
1324 {
1325 	struct iwl_link_quality_cmd *link_cmd;
1326 	u8 sta_id = ctx->bcast_sta_id;
1327 
1328 	link_cmd = iwl_sta_alloc_lq(priv, ctx, sta_id);
1329 	if (!link_cmd) {
1330 		IWL_ERR(priv, "Unable to initialize rate scaling for bcast station.\n");
1331 		return -ENOMEM;
1332 	}
1333 
1334 	spin_lock_bh(&priv->sta_lock);
1335 	if (priv->stations[sta_id].lq)
1336 		kfree(priv->stations[sta_id].lq);
1337 	else
1338 		IWL_DEBUG_INFO(priv, "Bcast station rate scaling has not been initialized yet.\n");
1339 	priv->stations[sta_id].lq = link_cmd;
1340 	spin_unlock_bh(&priv->sta_lock);
1341 
1342 	return 0;
1343 }
1344 
1345 int iwl_update_bcast_stations(struct iwl_priv *priv)
1346 {
1347 	struct iwl_rxon_context *ctx;
1348 	int ret = 0;
1349 
1350 	for_each_context(priv, ctx) {
1351 		ret = iwl_update_bcast_station(priv, ctx);
1352 		if (ret)
1353 			break;
1354 	}
1355 
1356 	return ret;
1357 }
1358 
1359 /**
1360  * iwl_sta_tx_modify_enable_tid - Enable Tx for this TID in station table
1361  */
1362 int iwl_sta_tx_modify_enable_tid(struct iwl_priv *priv, int sta_id, int tid)
1363 {
1364 	struct iwl_addsta_cmd sta_cmd;
1365 
1366 	lockdep_assert_held(&priv->mutex);
1367 
1368 	/* Remove "disable" flag, to enable Tx for this TID */
1369 	spin_lock_bh(&priv->sta_lock);
1370 	priv->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_TID_DISABLE_TX;
1371 	priv->stations[sta_id].sta.tid_disable_tx &= cpu_to_le16(~(1 << tid));
1372 	priv->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK;
1373 	memcpy(&sta_cmd, &priv->stations[sta_id].sta, sizeof(struct iwl_addsta_cmd));
1374 	spin_unlock_bh(&priv->sta_lock);
1375 
1376 	return iwl_send_add_sta(priv, &sta_cmd, 0);
1377 }
1378 
1379 int iwl_sta_rx_agg_start(struct iwl_priv *priv, struct ieee80211_sta *sta,
1380 			 int tid, u16 ssn)
1381 {
1382 	int sta_id;
1383 	struct iwl_addsta_cmd sta_cmd;
1384 
1385 	lockdep_assert_held(&priv->mutex);
1386 
1387 	sta_id = iwl_sta_id(sta);
1388 	if (sta_id == IWL_INVALID_STATION)
1389 		return -ENXIO;
1390 
1391 	spin_lock_bh(&priv->sta_lock);
1392 	priv->stations[sta_id].sta.station_flags_msk = 0;
1393 	priv->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_ADDBA_TID_MSK;
1394 	priv->stations[sta_id].sta.add_immediate_ba_tid = (u8)tid;
1395 	priv->stations[sta_id].sta.add_immediate_ba_ssn = cpu_to_le16(ssn);
1396 	priv->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK;
1397 	memcpy(&sta_cmd, &priv->stations[sta_id].sta, sizeof(struct iwl_addsta_cmd));
1398 	spin_unlock_bh(&priv->sta_lock);
1399 
1400 	return iwl_send_add_sta(priv, &sta_cmd, 0);
1401 }
1402 
1403 int iwl_sta_rx_agg_stop(struct iwl_priv *priv, struct ieee80211_sta *sta,
1404 			int tid)
1405 {
1406 	int sta_id;
1407 	struct iwl_addsta_cmd sta_cmd;
1408 
1409 	lockdep_assert_held(&priv->mutex);
1410 
1411 	sta_id = iwl_sta_id(sta);
1412 	if (sta_id == IWL_INVALID_STATION) {
1413 		IWL_ERR(priv, "Invalid station for AGG tid %d\n", tid);
1414 		return -ENXIO;
1415 	}
1416 
1417 	spin_lock_bh(&priv->sta_lock);
1418 	priv->stations[sta_id].sta.station_flags_msk = 0;
1419 	priv->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_DELBA_TID_MSK;
1420 	priv->stations[sta_id].sta.remove_immediate_ba_tid = (u8)tid;
1421 	priv->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK;
1422 	memcpy(&sta_cmd, &priv->stations[sta_id].sta, sizeof(struct iwl_addsta_cmd));
1423 	spin_unlock_bh(&priv->sta_lock);
1424 
1425 	return iwl_send_add_sta(priv, &sta_cmd, 0);
1426 }
1427 
1428 
1429 
1430 void iwl_sta_modify_sleep_tx_count(struct iwl_priv *priv, int sta_id, int cnt)
1431 {
1432 	struct iwl_addsta_cmd cmd = {
1433 		.mode = STA_CONTROL_MODIFY_MSK,
1434 		.station_flags = STA_FLG_PWR_SAVE_MSK,
1435 		.station_flags_msk = STA_FLG_PWR_SAVE_MSK,
1436 		.sta.sta_id = sta_id,
1437 		.sta.modify_mask = STA_MODIFY_SLEEP_TX_COUNT_MSK,
1438 		.sleep_tx_count = cpu_to_le16(cnt),
1439 	};
1440 
1441 	iwl_send_add_sta(priv, &cmd, CMD_ASYNC);
1442 }
1443