1 /****************************************************************************** 2 * 3 * This file is provided under a dual BSD/GPLv2 license. When using or 4 * redistributing this file, you may do so under either license. 5 * 6 * GPL LICENSE SUMMARY 7 * 8 * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved. 9 * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH 10 * Copyright(c) 2016 - 2017 Intel Deutschland GmbH 11 * Copyright(c) 2018 - 2019 Intel Corporation 12 * 13 * This program is free software; you can redistribute it and/or modify 14 * it under the terms of version 2 of the GNU General Public License as 15 * published by the Free Software Foundation. 16 * 17 * This program is distributed in the hope that it will be useful, but 18 * WITHOUT ANY WARRANTY; without even the implied warranty of 19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 20 * General Public License for more details. 21 * 22 * The full GNU General Public License is included in this distribution 23 * in the file called COPYING. 24 * 25 * Contact Information: 26 * Intel Linux Wireless <linuxwifi@intel.com> 27 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 28 * 29 * BSD LICENSE 30 * 31 * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved. 32 * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH 33 * Copyright(c) 2016 - 2017 Intel Deutschland GmbH 34 * Copyright(c) 2018 - 2019 Intel Corporation 35 * All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 41 * * Redistributions of source code must retain the above copyright 42 * notice, this list of conditions and the following disclaimer. 43 * * Redistributions in binary form must reproduce the above copyright 44 * notice, this list of conditions and the following disclaimer in 45 * the documentation and/or other materials provided with the 46 * distribution. 47 * * Neither the name Intel Corporation nor the names of its 48 * contributors may be used to endorse or promote products derived 49 * from this software without specific prior written permission. 50 * 51 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 52 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 53 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 54 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 55 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 56 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 57 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 58 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 59 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 60 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 61 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 62 * 63 *****************************************************************************/ 64 65 #include <linux/etherdevice.h> 66 #include <net/mac80211.h> 67 68 #include "mvm.h" 69 #include "fw/api/scan.h" 70 #include "iwl-io.h" 71 72 #define IWL_DENSE_EBS_SCAN_RATIO 5 73 #define IWL_SPARSE_EBS_SCAN_RATIO 1 74 75 #define IWL_SCAN_DWELL_ACTIVE 10 76 #define IWL_SCAN_DWELL_PASSIVE 110 77 #define IWL_SCAN_DWELL_FRAGMENTED 44 78 #define IWL_SCAN_DWELL_EXTENDED 90 79 #define IWL_SCAN_NUM_OF_FRAGS 3 80 81 82 /* adaptive dwell max budget time [TU] for full scan */ 83 #define IWL_SCAN_ADWELL_MAX_BUDGET_FULL_SCAN 300 84 /* adaptive dwell max budget time [TU] for directed scan */ 85 #define IWL_SCAN_ADWELL_MAX_BUDGET_DIRECTED_SCAN 100 86 /* adaptive dwell default APs number */ 87 #define IWL_SCAN_ADWELL_DEFAULT_N_APS 2 88 /* adaptive dwell default APs number in social channels (1, 6, 11) */ 89 #define IWL_SCAN_ADWELL_DEFAULT_N_APS_SOCIAL 10 90 91 struct iwl_mvm_scan_timing_params { 92 u32 suspend_time; 93 u32 max_out_time; 94 }; 95 96 static struct iwl_mvm_scan_timing_params scan_timing[] = { 97 [IWL_SCAN_TYPE_UNASSOC] = { 98 .suspend_time = 0, 99 .max_out_time = 0, 100 }, 101 [IWL_SCAN_TYPE_WILD] = { 102 .suspend_time = 30, 103 .max_out_time = 120, 104 }, 105 [IWL_SCAN_TYPE_MILD] = { 106 .suspend_time = 120, 107 .max_out_time = 120, 108 }, 109 [IWL_SCAN_TYPE_FRAGMENTED] = { 110 .suspend_time = 95, 111 .max_out_time = 44, 112 }, 113 [IWL_SCAN_TYPE_FAST_BALANCE] = { 114 .suspend_time = 30, 115 .max_out_time = 37, 116 }, 117 }; 118 119 struct iwl_mvm_scan_params { 120 /* For CDB this is low band scan type, for non-CDB - type. */ 121 enum iwl_mvm_scan_type type; 122 enum iwl_mvm_scan_type hb_type; 123 u32 n_channels; 124 u16 delay; 125 int n_ssids; 126 struct cfg80211_ssid *ssids; 127 struct ieee80211_channel **channels; 128 u32 flags; 129 u8 *mac_addr; 130 u8 *mac_addr_mask; 131 bool no_cck; 132 bool pass_all; 133 int n_match_sets; 134 struct iwl_scan_probe_req preq; 135 struct cfg80211_match_set *match_sets; 136 int n_scan_plans; 137 struct cfg80211_sched_scan_plan *scan_plans; 138 u32 measurement_dwell; 139 }; 140 141 static inline void *iwl_mvm_get_scan_req_umac_data(struct iwl_mvm *mvm) 142 { 143 struct iwl_scan_req_umac *cmd = mvm->scan_cmd; 144 145 if (iwl_mvm_is_adaptive_dwell_v2_supported(mvm)) 146 return (void *)&cmd->v8.data; 147 148 if (iwl_mvm_is_adaptive_dwell_supported(mvm)) 149 return (void *)&cmd->v7.data; 150 151 if (iwl_mvm_cdb_scan_api(mvm)) 152 return (void *)&cmd->v6.data; 153 154 return (void *)&cmd->v1.data; 155 } 156 157 static inline struct iwl_scan_umac_chan_param * 158 iwl_mvm_get_scan_req_umac_channel(struct iwl_mvm *mvm) 159 { 160 struct iwl_scan_req_umac *cmd = mvm->scan_cmd; 161 162 if (iwl_mvm_is_adaptive_dwell_v2_supported(mvm)) 163 return &cmd->v8.channel; 164 165 if (iwl_mvm_is_adaptive_dwell_supported(mvm)) 166 return &cmd->v7.channel; 167 168 if (iwl_mvm_cdb_scan_api(mvm)) 169 return &cmd->v6.channel; 170 171 return &cmd->v1.channel; 172 } 173 174 static u8 iwl_mvm_scan_rx_ant(struct iwl_mvm *mvm) 175 { 176 if (mvm->scan_rx_ant != ANT_NONE) 177 return mvm->scan_rx_ant; 178 return iwl_mvm_get_valid_rx_ant(mvm); 179 } 180 181 static inline __le16 iwl_mvm_scan_rx_chain(struct iwl_mvm *mvm) 182 { 183 u16 rx_chain; 184 u8 rx_ant; 185 186 rx_ant = iwl_mvm_scan_rx_ant(mvm); 187 rx_chain = rx_ant << PHY_RX_CHAIN_VALID_POS; 188 rx_chain |= rx_ant << PHY_RX_CHAIN_FORCE_MIMO_SEL_POS; 189 rx_chain |= rx_ant << PHY_RX_CHAIN_FORCE_SEL_POS; 190 rx_chain |= 0x1 << PHY_RX_CHAIN_DRIVER_FORCE_POS; 191 return cpu_to_le16(rx_chain); 192 } 193 194 static __le32 iwl_mvm_scan_rxon_flags(enum nl80211_band band) 195 { 196 if (band == NL80211_BAND_2GHZ) 197 return cpu_to_le32(PHY_BAND_24); 198 else 199 return cpu_to_le32(PHY_BAND_5); 200 } 201 202 static inline __le32 203 iwl_mvm_scan_rate_n_flags(struct iwl_mvm *mvm, enum nl80211_band band, 204 bool no_cck) 205 { 206 u32 tx_ant; 207 208 iwl_mvm_toggle_tx_ant(mvm, &mvm->scan_last_antenna_idx); 209 tx_ant = BIT(mvm->scan_last_antenna_idx) << RATE_MCS_ANT_POS; 210 211 if (band == NL80211_BAND_2GHZ && !no_cck) 212 return cpu_to_le32(IWL_RATE_1M_PLCP | RATE_MCS_CCK_MSK | 213 tx_ant); 214 else 215 return cpu_to_le32(IWL_RATE_6M_PLCP | tx_ant); 216 } 217 218 static void iwl_mvm_scan_condition_iterator(void *data, u8 *mac, 219 struct ieee80211_vif *vif) 220 { 221 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 222 int *global_cnt = data; 223 224 if (vif->type != NL80211_IFTYPE_P2P_DEVICE && mvmvif->phy_ctxt && 225 mvmvif->phy_ctxt->id < NUM_PHY_CTX) 226 *global_cnt += 1; 227 } 228 229 static enum iwl_mvm_traffic_load iwl_mvm_get_traffic_load(struct iwl_mvm *mvm) 230 { 231 return mvm->tcm.result.global_load; 232 } 233 234 static enum iwl_mvm_traffic_load 235 iwl_mvm_get_traffic_load_band(struct iwl_mvm *mvm, enum nl80211_band band) 236 { 237 return mvm->tcm.result.band_load[band]; 238 } 239 240 struct iwl_is_dcm_with_go_iterator_data { 241 struct ieee80211_vif *current_vif; 242 bool is_dcm_with_p2p_go; 243 }; 244 245 static void iwl_mvm_is_dcm_with_go_iterator(void *_data, u8 *mac, 246 struct ieee80211_vif *vif) 247 { 248 struct iwl_is_dcm_with_go_iterator_data *data = _data; 249 struct iwl_mvm_vif *other_mvmvif = iwl_mvm_vif_from_mac80211(vif); 250 struct iwl_mvm_vif *curr_mvmvif = 251 iwl_mvm_vif_from_mac80211(data->current_vif); 252 253 /* exclude the given vif */ 254 if (vif == data->current_vif) 255 return; 256 257 if (vif->type == NL80211_IFTYPE_AP && vif->p2p && 258 other_mvmvif->phy_ctxt && curr_mvmvif->phy_ctxt && 259 other_mvmvif->phy_ctxt->id != curr_mvmvif->phy_ctxt->id) 260 data->is_dcm_with_p2p_go = true; 261 } 262 263 static enum 264 iwl_mvm_scan_type _iwl_mvm_get_scan_type(struct iwl_mvm *mvm, 265 struct ieee80211_vif *vif, 266 enum iwl_mvm_traffic_load load, 267 bool low_latency) 268 { 269 int global_cnt = 0; 270 271 ieee80211_iterate_active_interfaces_atomic(mvm->hw, 272 IEEE80211_IFACE_ITER_NORMAL, 273 iwl_mvm_scan_condition_iterator, 274 &global_cnt); 275 if (!global_cnt) 276 return IWL_SCAN_TYPE_UNASSOC; 277 278 if (fw_has_api(&mvm->fw->ucode_capa, 279 IWL_UCODE_TLV_API_FRAGMENTED_SCAN)) { 280 if ((load == IWL_MVM_TRAFFIC_HIGH || low_latency) && 281 (!vif || vif->type != NL80211_IFTYPE_P2P_DEVICE)) 282 return IWL_SCAN_TYPE_FRAGMENTED; 283 284 /* in case of DCM with GO where BSS DTIM interval < 220msec 285 * set all scan requests as fast-balance scan 286 * */ 287 if (vif && vif->type == NL80211_IFTYPE_STATION && 288 vif->bss_conf.dtim_period < 220) { 289 struct iwl_is_dcm_with_go_iterator_data data = { 290 .current_vif = vif, 291 .is_dcm_with_p2p_go = false, 292 }; 293 294 ieee80211_iterate_active_interfaces_atomic(mvm->hw, 295 IEEE80211_IFACE_ITER_NORMAL, 296 iwl_mvm_is_dcm_with_go_iterator, 297 &data); 298 if (data.is_dcm_with_p2p_go) 299 return IWL_SCAN_TYPE_FAST_BALANCE; 300 } 301 } 302 303 if (load >= IWL_MVM_TRAFFIC_MEDIUM || low_latency) 304 return IWL_SCAN_TYPE_MILD; 305 306 return IWL_SCAN_TYPE_WILD; 307 } 308 309 static enum 310 iwl_mvm_scan_type iwl_mvm_get_scan_type(struct iwl_mvm *mvm, 311 struct ieee80211_vif *vif) 312 { 313 enum iwl_mvm_traffic_load load; 314 bool low_latency; 315 316 load = iwl_mvm_get_traffic_load(mvm); 317 low_latency = iwl_mvm_low_latency(mvm); 318 319 return _iwl_mvm_get_scan_type(mvm, vif, load, low_latency); 320 } 321 322 static enum 323 iwl_mvm_scan_type iwl_mvm_get_scan_type_band(struct iwl_mvm *mvm, 324 struct ieee80211_vif *vif, 325 enum nl80211_band band) 326 { 327 enum iwl_mvm_traffic_load load; 328 bool low_latency; 329 330 load = iwl_mvm_get_traffic_load_band(mvm, band); 331 low_latency = iwl_mvm_low_latency_band(mvm, band); 332 333 return _iwl_mvm_get_scan_type(mvm, vif, load, low_latency); 334 } 335 336 static int 337 iwl_mvm_get_measurement_dwell(struct iwl_mvm *mvm, 338 struct cfg80211_scan_request *req, 339 struct iwl_mvm_scan_params *params) 340 { 341 u32 duration = scan_timing[params->type].max_out_time; 342 343 if (!req->duration) 344 return 0; 345 346 if (iwl_mvm_is_cdb_supported(mvm)) { 347 u32 hb_time = scan_timing[params->hb_type].max_out_time; 348 349 duration = min_t(u32, duration, hb_time); 350 } 351 352 if (req->duration_mandatory && req->duration > duration) { 353 IWL_DEBUG_SCAN(mvm, 354 "Measurement scan - too long dwell %hu (max out time %u)\n", 355 req->duration, 356 duration); 357 return -EOPNOTSUPP; 358 } 359 360 return min_t(u32, (u32)req->duration, duration); 361 } 362 363 static inline bool iwl_mvm_rrm_scan_needed(struct iwl_mvm *mvm) 364 { 365 /* require rrm scan whenever the fw supports it */ 366 return fw_has_capa(&mvm->fw->ucode_capa, 367 IWL_UCODE_TLV_CAPA_DS_PARAM_SET_IE_SUPPORT); 368 } 369 370 static int iwl_mvm_max_scan_ie_fw_cmd_room(struct iwl_mvm *mvm) 371 { 372 int max_probe_len; 373 374 max_probe_len = SCAN_OFFLOAD_PROBE_REQ_SIZE; 375 376 /* we create the 802.11 header and SSID element */ 377 max_probe_len -= 24 + 2; 378 379 /* DS parameter set element is added on 2.4GHZ band if required */ 380 if (iwl_mvm_rrm_scan_needed(mvm)) 381 max_probe_len -= 3; 382 383 return max_probe_len; 384 } 385 386 int iwl_mvm_max_scan_ie_len(struct iwl_mvm *mvm) 387 { 388 int max_ie_len = iwl_mvm_max_scan_ie_fw_cmd_room(mvm); 389 390 /* TODO: [BUG] This function should return the maximum allowed size of 391 * scan IEs, however the LMAC scan api contains both 2GHZ and 5GHZ IEs 392 * in the same command. So the correct implementation of this function 393 * is just iwl_mvm_max_scan_ie_fw_cmd_room() / 2. Currently the scan 394 * command has only 512 bytes and it would leave us with about 240 395 * bytes for scan IEs, which is clearly not enough. So meanwhile 396 * we will report an incorrect value. This may result in a failure to 397 * issue a scan in unified_scan_lmac and unified_sched_scan_lmac 398 * functions with -ENOBUFS, if a large enough probe will be provided. 399 */ 400 return max_ie_len; 401 } 402 403 void iwl_mvm_rx_lmac_scan_iter_complete_notif(struct iwl_mvm *mvm, 404 struct iwl_rx_cmd_buffer *rxb) 405 { 406 struct iwl_rx_packet *pkt = rxb_addr(rxb); 407 struct iwl_lmac_scan_complete_notif *notif = (void *)pkt->data; 408 409 IWL_DEBUG_SCAN(mvm, 410 "Scan offload iteration complete: status=0x%x scanned channels=%d\n", 411 notif->status, notif->scanned_channels); 412 413 if (mvm->sched_scan_pass_all == SCHED_SCAN_PASS_ALL_FOUND) { 414 IWL_DEBUG_SCAN(mvm, "Pass all scheduled scan results found\n"); 415 ieee80211_sched_scan_results(mvm->hw); 416 mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_ENABLED; 417 } 418 } 419 420 void iwl_mvm_rx_scan_match_found(struct iwl_mvm *mvm, 421 struct iwl_rx_cmd_buffer *rxb) 422 { 423 IWL_DEBUG_SCAN(mvm, "Scheduled scan results\n"); 424 ieee80211_sched_scan_results(mvm->hw); 425 } 426 427 static const char *iwl_mvm_ebs_status_str(enum iwl_scan_ebs_status status) 428 { 429 switch (status) { 430 case IWL_SCAN_EBS_SUCCESS: 431 return "successful"; 432 case IWL_SCAN_EBS_INACTIVE: 433 return "inactive"; 434 case IWL_SCAN_EBS_FAILED: 435 case IWL_SCAN_EBS_CHAN_NOT_FOUND: 436 default: 437 return "failed"; 438 } 439 } 440 441 void iwl_mvm_rx_lmac_scan_complete_notif(struct iwl_mvm *mvm, 442 struct iwl_rx_cmd_buffer *rxb) 443 { 444 struct iwl_rx_packet *pkt = rxb_addr(rxb); 445 struct iwl_periodic_scan_complete *scan_notif = (void *)pkt->data; 446 bool aborted = (scan_notif->status == IWL_SCAN_OFFLOAD_ABORTED); 447 448 /* If this happens, the firmware has mistakenly sent an LMAC 449 * notification during UMAC scans -- warn and ignore it. 450 */ 451 if (WARN_ON_ONCE(fw_has_capa(&mvm->fw->ucode_capa, 452 IWL_UCODE_TLV_CAPA_UMAC_SCAN))) 453 return; 454 455 /* scan status must be locked for proper checking */ 456 lockdep_assert_held(&mvm->mutex); 457 458 /* We first check if we were stopping a scan, in which case we 459 * just clear the stopping flag. Then we check if it was a 460 * firmware initiated stop, in which case we need to inform 461 * mac80211. 462 * Note that we can have a stopping and a running scan 463 * simultaneously, but we can't have two different types of 464 * scans stopping or running at the same time (since LMAC 465 * doesn't support it). 466 */ 467 468 if (mvm->scan_status & IWL_MVM_SCAN_STOPPING_SCHED) { 469 WARN_ON_ONCE(mvm->scan_status & IWL_MVM_SCAN_STOPPING_REGULAR); 470 471 IWL_DEBUG_SCAN(mvm, "Scheduled scan %s, EBS status %s\n", 472 aborted ? "aborted" : "completed", 473 iwl_mvm_ebs_status_str(scan_notif->ebs_status)); 474 IWL_DEBUG_SCAN(mvm, 475 "Last line %d, Last iteration %d, Time after last iteration %d\n", 476 scan_notif->last_schedule_line, 477 scan_notif->last_schedule_iteration, 478 __le32_to_cpu(scan_notif->time_after_last_iter)); 479 480 mvm->scan_status &= ~IWL_MVM_SCAN_STOPPING_SCHED; 481 } else if (mvm->scan_status & IWL_MVM_SCAN_STOPPING_REGULAR) { 482 IWL_DEBUG_SCAN(mvm, "Regular scan %s, EBS status %s\n", 483 aborted ? "aborted" : "completed", 484 iwl_mvm_ebs_status_str(scan_notif->ebs_status)); 485 486 mvm->scan_status &= ~IWL_MVM_SCAN_STOPPING_REGULAR; 487 } else if (mvm->scan_status & IWL_MVM_SCAN_SCHED) { 488 WARN_ON_ONCE(mvm->scan_status & IWL_MVM_SCAN_REGULAR); 489 490 IWL_DEBUG_SCAN(mvm, "Scheduled scan %s, EBS status %s\n", 491 aborted ? "aborted" : "completed", 492 iwl_mvm_ebs_status_str(scan_notif->ebs_status)); 493 IWL_DEBUG_SCAN(mvm, 494 "Last line %d, Last iteration %d, Time after last iteration %d (FW)\n", 495 scan_notif->last_schedule_line, 496 scan_notif->last_schedule_iteration, 497 __le32_to_cpu(scan_notif->time_after_last_iter)); 498 499 mvm->scan_status &= ~IWL_MVM_SCAN_SCHED; 500 ieee80211_sched_scan_stopped(mvm->hw); 501 mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED; 502 } else if (mvm->scan_status & IWL_MVM_SCAN_REGULAR) { 503 struct cfg80211_scan_info info = { 504 .aborted = aborted, 505 }; 506 507 IWL_DEBUG_SCAN(mvm, "Regular scan %s, EBS status %s (FW)\n", 508 aborted ? "aborted" : "completed", 509 iwl_mvm_ebs_status_str(scan_notif->ebs_status)); 510 511 mvm->scan_status &= ~IWL_MVM_SCAN_REGULAR; 512 ieee80211_scan_completed(mvm->hw, &info); 513 iwl_mvm_unref(mvm, IWL_MVM_REF_SCAN); 514 cancel_delayed_work(&mvm->scan_timeout_dwork); 515 iwl_mvm_resume_tcm(mvm); 516 } else { 517 IWL_ERR(mvm, 518 "got scan complete notification but no scan is running\n"); 519 } 520 521 mvm->last_ebs_successful = 522 scan_notif->ebs_status == IWL_SCAN_EBS_SUCCESS || 523 scan_notif->ebs_status == IWL_SCAN_EBS_INACTIVE; 524 } 525 526 static int iwl_ssid_exist(u8 *ssid, u8 ssid_len, struct iwl_ssid_ie *ssid_list) 527 { 528 int i; 529 530 for (i = 0; i < PROBE_OPTION_MAX; i++) { 531 if (!ssid_list[i].len) 532 break; 533 if (ssid_list[i].len == ssid_len && 534 !memcmp(ssid_list->ssid, ssid, ssid_len)) 535 return i; 536 } 537 return -1; 538 } 539 540 /* We insert the SSIDs in an inverted order, because the FW will 541 * invert it back. 542 */ 543 static void iwl_scan_build_ssids(struct iwl_mvm_scan_params *params, 544 struct iwl_ssid_ie *ssids, 545 u32 *ssid_bitmap) 546 { 547 int i, j; 548 int index; 549 550 /* 551 * copy SSIDs from match list. 552 * iwl_config_sched_scan_profiles() uses the order of these ssids to 553 * config match list. 554 */ 555 for (i = 0, j = params->n_match_sets - 1; 556 j >= 0 && i < PROBE_OPTION_MAX; 557 i++, j--) { 558 /* skip empty SSID matchsets */ 559 if (!params->match_sets[j].ssid.ssid_len) 560 continue; 561 ssids[i].id = WLAN_EID_SSID; 562 ssids[i].len = params->match_sets[j].ssid.ssid_len; 563 memcpy(ssids[i].ssid, params->match_sets[j].ssid.ssid, 564 ssids[i].len); 565 } 566 567 /* add SSIDs from scan SSID list */ 568 *ssid_bitmap = 0; 569 for (j = params->n_ssids - 1; 570 j >= 0 && i < PROBE_OPTION_MAX; 571 i++, j--) { 572 index = iwl_ssid_exist(params->ssids[j].ssid, 573 params->ssids[j].ssid_len, 574 ssids); 575 if (index < 0) { 576 ssids[i].id = WLAN_EID_SSID; 577 ssids[i].len = params->ssids[j].ssid_len; 578 memcpy(ssids[i].ssid, params->ssids[j].ssid, 579 ssids[i].len); 580 *ssid_bitmap |= BIT(i); 581 } else { 582 *ssid_bitmap |= BIT(index); 583 } 584 } 585 } 586 587 static int 588 iwl_mvm_config_sched_scan_profiles(struct iwl_mvm *mvm, 589 struct cfg80211_sched_scan_request *req) 590 { 591 struct iwl_scan_offload_profile *profile; 592 struct iwl_scan_offload_profile_cfg *profile_cfg; 593 struct iwl_scan_offload_blacklist *blacklist; 594 struct iwl_host_cmd cmd = { 595 .id = SCAN_OFFLOAD_UPDATE_PROFILES_CMD, 596 .len[1] = sizeof(*profile_cfg), 597 .dataflags[0] = IWL_HCMD_DFL_NOCOPY, 598 .dataflags[1] = IWL_HCMD_DFL_NOCOPY, 599 }; 600 int blacklist_len; 601 int i; 602 int ret; 603 604 if (WARN_ON(req->n_match_sets > IWL_SCAN_MAX_PROFILES)) 605 return -EIO; 606 607 if (mvm->fw->ucode_capa.flags & IWL_UCODE_TLV_FLAGS_SHORT_BL) 608 blacklist_len = IWL_SCAN_SHORT_BLACKLIST_LEN; 609 else 610 blacklist_len = IWL_SCAN_MAX_BLACKLIST_LEN; 611 612 blacklist = kcalloc(blacklist_len, sizeof(*blacklist), GFP_KERNEL); 613 if (!blacklist) 614 return -ENOMEM; 615 616 profile_cfg = kzalloc(sizeof(*profile_cfg), GFP_KERNEL); 617 if (!profile_cfg) { 618 ret = -ENOMEM; 619 goto free_blacklist; 620 } 621 622 cmd.data[0] = blacklist; 623 cmd.len[0] = sizeof(*blacklist) * blacklist_len; 624 cmd.data[1] = profile_cfg; 625 626 /* No blacklist configuration */ 627 628 profile_cfg->num_profiles = req->n_match_sets; 629 profile_cfg->active_clients = SCAN_CLIENT_SCHED_SCAN; 630 profile_cfg->pass_match = SCAN_CLIENT_SCHED_SCAN; 631 profile_cfg->match_notify = SCAN_CLIENT_SCHED_SCAN; 632 if (!req->n_match_sets || !req->match_sets[0].ssid.ssid_len) 633 profile_cfg->any_beacon_notify = SCAN_CLIENT_SCHED_SCAN; 634 635 for (i = 0; i < req->n_match_sets; i++) { 636 profile = &profile_cfg->profiles[i]; 637 profile->ssid_index = i; 638 /* Support any cipher and auth algorithm */ 639 profile->unicast_cipher = 0xff; 640 profile->auth_alg = 0xff; 641 profile->network_type = IWL_NETWORK_TYPE_ANY; 642 profile->band_selection = IWL_SCAN_OFFLOAD_SELECT_ANY; 643 profile->client_bitmap = SCAN_CLIENT_SCHED_SCAN; 644 } 645 646 IWL_DEBUG_SCAN(mvm, "Sending scheduled scan profile config\n"); 647 648 ret = iwl_mvm_send_cmd(mvm, &cmd); 649 kfree(profile_cfg); 650 free_blacklist: 651 kfree(blacklist); 652 653 return ret; 654 } 655 656 static bool iwl_mvm_scan_pass_all(struct iwl_mvm *mvm, 657 struct cfg80211_sched_scan_request *req) 658 { 659 if (req->n_match_sets && req->match_sets[0].ssid.ssid_len) { 660 IWL_DEBUG_SCAN(mvm, 661 "Sending scheduled scan with filtering, n_match_sets %d\n", 662 req->n_match_sets); 663 mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED; 664 return false; 665 } 666 667 IWL_DEBUG_SCAN(mvm, "Sending Scheduled scan without filtering\n"); 668 669 mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_ENABLED; 670 return true; 671 } 672 673 static int iwl_mvm_lmac_scan_abort(struct iwl_mvm *mvm) 674 { 675 int ret; 676 struct iwl_host_cmd cmd = { 677 .id = SCAN_OFFLOAD_ABORT_CMD, 678 }; 679 u32 status = CAN_ABORT_STATUS; 680 681 ret = iwl_mvm_send_cmd_status(mvm, &cmd, &status); 682 if (ret) 683 return ret; 684 685 if (status != CAN_ABORT_STATUS) { 686 /* 687 * The scan abort will return 1 for success or 688 * 2 for "failure". A failure condition can be 689 * due to simply not being in an active scan which 690 * can occur if we send the scan abort before the 691 * microcode has notified us that a scan is completed. 692 */ 693 IWL_DEBUG_SCAN(mvm, "SCAN OFFLOAD ABORT ret %d.\n", status); 694 ret = -ENOENT; 695 } 696 697 return ret; 698 } 699 700 static void iwl_mvm_scan_fill_tx_cmd(struct iwl_mvm *mvm, 701 struct iwl_scan_req_tx_cmd *tx_cmd, 702 bool no_cck) 703 { 704 tx_cmd[0].tx_flags = cpu_to_le32(TX_CMD_FLG_SEQ_CTL | 705 TX_CMD_FLG_BT_DIS); 706 tx_cmd[0].rate_n_flags = iwl_mvm_scan_rate_n_flags(mvm, 707 NL80211_BAND_2GHZ, 708 no_cck); 709 tx_cmd[0].sta_id = mvm->aux_sta.sta_id; 710 711 tx_cmd[1].tx_flags = cpu_to_le32(TX_CMD_FLG_SEQ_CTL | 712 TX_CMD_FLG_BT_DIS); 713 tx_cmd[1].rate_n_flags = iwl_mvm_scan_rate_n_flags(mvm, 714 NL80211_BAND_5GHZ, 715 no_cck); 716 tx_cmd[1].sta_id = mvm->aux_sta.sta_id; 717 } 718 719 static void 720 iwl_mvm_lmac_scan_cfg_channels(struct iwl_mvm *mvm, 721 struct ieee80211_channel **channels, 722 int n_channels, u32 ssid_bitmap, 723 struct iwl_scan_req_lmac *cmd) 724 { 725 struct iwl_scan_channel_cfg_lmac *channel_cfg = (void *)&cmd->data; 726 int i; 727 728 for (i = 0; i < n_channels; i++) { 729 channel_cfg[i].channel_num = 730 cpu_to_le16(channels[i]->hw_value); 731 channel_cfg[i].iter_count = cpu_to_le16(1); 732 channel_cfg[i].iter_interval = 0; 733 channel_cfg[i].flags = 734 cpu_to_le32(IWL_UNIFIED_SCAN_CHANNEL_PARTIAL | 735 ssid_bitmap); 736 } 737 } 738 739 static u8 *iwl_mvm_copy_and_insert_ds_elem(struct iwl_mvm *mvm, const u8 *ies, 740 size_t len, u8 *const pos) 741 { 742 static const u8 before_ds_params[] = { 743 WLAN_EID_SSID, 744 WLAN_EID_SUPP_RATES, 745 WLAN_EID_REQUEST, 746 WLAN_EID_EXT_SUPP_RATES, 747 }; 748 size_t offs; 749 u8 *newpos = pos; 750 751 if (!iwl_mvm_rrm_scan_needed(mvm)) { 752 memcpy(newpos, ies, len); 753 return newpos + len; 754 } 755 756 offs = ieee80211_ie_split(ies, len, 757 before_ds_params, 758 ARRAY_SIZE(before_ds_params), 759 0); 760 761 memcpy(newpos, ies, offs); 762 newpos += offs; 763 764 /* Add a placeholder for DS Parameter Set element */ 765 *newpos++ = WLAN_EID_DS_PARAMS; 766 *newpos++ = 1; 767 *newpos++ = 0; 768 769 memcpy(newpos, ies + offs, len - offs); 770 newpos += len - offs; 771 772 return newpos; 773 } 774 775 #define WFA_TPC_IE_LEN 9 776 777 static void iwl_mvm_add_tpc_report_ie(u8 *pos) 778 { 779 pos[0] = WLAN_EID_VENDOR_SPECIFIC; 780 pos[1] = WFA_TPC_IE_LEN - 2; 781 pos[2] = (WLAN_OUI_MICROSOFT >> 16) & 0xff; 782 pos[3] = (WLAN_OUI_MICROSOFT >> 8) & 0xff; 783 pos[4] = WLAN_OUI_MICROSOFT & 0xff; 784 pos[5] = WLAN_OUI_TYPE_MICROSOFT_TPC; 785 pos[6] = 0; 786 /* pos[7] - tx power will be inserted by the FW */ 787 pos[7] = 0; 788 pos[8] = 0; 789 } 790 791 static void 792 iwl_mvm_build_scan_probe(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 793 struct ieee80211_scan_ies *ies, 794 struct iwl_mvm_scan_params *params) 795 { 796 struct ieee80211_mgmt *frame = (void *)params->preq.buf; 797 u8 *pos, *newpos; 798 const u8 *mac_addr = params->flags & NL80211_SCAN_FLAG_RANDOM_ADDR ? 799 params->mac_addr : NULL; 800 801 /* 802 * Unfortunately, right now the offload scan doesn't support randomising 803 * within the firmware, so until the firmware API is ready we implement 804 * it in the driver. This means that the scan iterations won't really be 805 * random, only when it's restarted, but at least that helps a bit. 806 */ 807 if (mac_addr) 808 get_random_mask_addr(frame->sa, mac_addr, 809 params->mac_addr_mask); 810 else 811 memcpy(frame->sa, vif->addr, ETH_ALEN); 812 813 frame->frame_control = cpu_to_le16(IEEE80211_STYPE_PROBE_REQ); 814 eth_broadcast_addr(frame->da); 815 eth_broadcast_addr(frame->bssid); 816 frame->seq_ctrl = 0; 817 818 pos = frame->u.probe_req.variable; 819 *pos++ = WLAN_EID_SSID; 820 *pos++ = 0; 821 822 params->preq.mac_header.offset = 0; 823 params->preq.mac_header.len = cpu_to_le16(24 + 2); 824 825 /* Insert ds parameter set element on 2.4 GHz band */ 826 newpos = iwl_mvm_copy_and_insert_ds_elem(mvm, 827 ies->ies[NL80211_BAND_2GHZ], 828 ies->len[NL80211_BAND_2GHZ], 829 pos); 830 params->preq.band_data[0].offset = cpu_to_le16(pos - params->preq.buf); 831 params->preq.band_data[0].len = cpu_to_le16(newpos - pos); 832 pos = newpos; 833 834 memcpy(pos, ies->ies[NL80211_BAND_5GHZ], 835 ies->len[NL80211_BAND_5GHZ]); 836 params->preq.band_data[1].offset = cpu_to_le16(pos - params->preq.buf); 837 params->preq.band_data[1].len = 838 cpu_to_le16(ies->len[NL80211_BAND_5GHZ]); 839 pos += ies->len[NL80211_BAND_5GHZ]; 840 841 memcpy(pos, ies->common_ies, ies->common_ie_len); 842 params->preq.common_data.offset = cpu_to_le16(pos - params->preq.buf); 843 844 if (iwl_mvm_rrm_scan_needed(mvm) && 845 !fw_has_capa(&mvm->fw->ucode_capa, 846 IWL_UCODE_TLV_CAPA_WFA_TPC_REP_IE_SUPPORT)) { 847 iwl_mvm_add_tpc_report_ie(pos + ies->common_ie_len); 848 params->preq.common_data.len = cpu_to_le16(ies->common_ie_len + 849 WFA_TPC_IE_LEN); 850 } else { 851 params->preq.common_data.len = cpu_to_le16(ies->common_ie_len); 852 } 853 } 854 855 static void iwl_mvm_scan_lmac_dwell(struct iwl_mvm *mvm, 856 struct iwl_scan_req_lmac *cmd, 857 struct iwl_mvm_scan_params *params) 858 { 859 cmd->active_dwell = IWL_SCAN_DWELL_ACTIVE; 860 cmd->passive_dwell = IWL_SCAN_DWELL_PASSIVE; 861 cmd->fragmented_dwell = IWL_SCAN_DWELL_FRAGMENTED; 862 cmd->extended_dwell = IWL_SCAN_DWELL_EXTENDED; 863 cmd->max_out_time = cpu_to_le32(scan_timing[params->type].max_out_time); 864 cmd->suspend_time = cpu_to_le32(scan_timing[params->type].suspend_time); 865 cmd->scan_prio = cpu_to_le32(IWL_SCAN_PRIORITY_EXT_6); 866 } 867 868 static inline bool iwl_mvm_scan_fits(struct iwl_mvm *mvm, int n_ssids, 869 struct ieee80211_scan_ies *ies, 870 int n_channels) 871 { 872 return ((n_ssids <= PROBE_OPTION_MAX) && 873 (n_channels <= mvm->fw->ucode_capa.n_scan_channels) & 874 (ies->common_ie_len + 875 ies->len[NL80211_BAND_2GHZ] + 876 ies->len[NL80211_BAND_5GHZ] <= 877 iwl_mvm_max_scan_ie_fw_cmd_room(mvm))); 878 } 879 880 static inline bool iwl_mvm_scan_use_ebs(struct iwl_mvm *mvm, 881 struct ieee80211_vif *vif) 882 { 883 const struct iwl_ucode_capabilities *capa = &mvm->fw->ucode_capa; 884 bool low_latency; 885 886 if (iwl_mvm_is_cdb_supported(mvm)) 887 low_latency = iwl_mvm_low_latency_band(mvm, NL80211_BAND_5GHZ); 888 else 889 low_latency = iwl_mvm_low_latency(mvm); 890 891 /* We can only use EBS if: 892 * 1. the feature is supported; 893 * 2. the last EBS was successful; 894 * 3. if only single scan, the single scan EBS API is supported; 895 * 4. it's not a p2p find operation. 896 * 5. we are not in low latency mode, 897 * or if fragmented ebs is supported by the FW 898 */ 899 return ((capa->flags & IWL_UCODE_TLV_FLAGS_EBS_SUPPORT) && 900 mvm->last_ebs_successful && IWL_MVM_ENABLE_EBS && 901 vif->type != NL80211_IFTYPE_P2P_DEVICE && 902 (!low_latency || iwl_mvm_is_frag_ebs_supported(mvm))); 903 } 904 905 static inline bool iwl_mvm_is_regular_scan(struct iwl_mvm_scan_params *params) 906 { 907 return params->n_scan_plans == 1 && 908 params->scan_plans[0].iterations == 1; 909 } 910 911 static bool iwl_mvm_is_scan_fragmented(enum iwl_mvm_scan_type type) 912 { 913 return (type == IWL_SCAN_TYPE_FRAGMENTED || 914 type == IWL_SCAN_TYPE_FAST_BALANCE); 915 } 916 917 static int iwl_mvm_scan_lmac_flags(struct iwl_mvm *mvm, 918 struct iwl_mvm_scan_params *params, 919 struct ieee80211_vif *vif) 920 { 921 int flags = 0; 922 923 if (params->n_ssids == 0) 924 flags |= IWL_MVM_LMAC_SCAN_FLAG_PASSIVE; 925 926 if (params->n_ssids == 1 && params->ssids[0].ssid_len != 0) 927 flags |= IWL_MVM_LMAC_SCAN_FLAG_PRE_CONNECTION; 928 929 if (iwl_mvm_is_scan_fragmented(params->type)) 930 flags |= IWL_MVM_LMAC_SCAN_FLAG_FRAGMENTED; 931 932 if (iwl_mvm_rrm_scan_needed(mvm) && 933 fw_has_capa(&mvm->fw->ucode_capa, 934 IWL_UCODE_TLV_CAPA_WFA_TPC_REP_IE_SUPPORT)) 935 flags |= IWL_MVM_LMAC_SCAN_FLAGS_RRM_ENABLED; 936 937 if (params->pass_all) 938 flags |= IWL_MVM_LMAC_SCAN_FLAG_PASS_ALL; 939 else 940 flags |= IWL_MVM_LMAC_SCAN_FLAG_MATCH; 941 942 #ifdef CONFIG_IWLWIFI_DEBUGFS 943 if (mvm->scan_iter_notif_enabled) 944 flags |= IWL_MVM_LMAC_SCAN_FLAG_ITER_COMPLETE; 945 #endif 946 947 if (mvm->sched_scan_pass_all == SCHED_SCAN_PASS_ALL_ENABLED) 948 flags |= IWL_MVM_LMAC_SCAN_FLAG_ITER_COMPLETE; 949 950 if (iwl_mvm_is_regular_scan(params) && 951 vif->type != NL80211_IFTYPE_P2P_DEVICE && 952 !iwl_mvm_is_scan_fragmented(params->type)) 953 flags |= IWL_MVM_LMAC_SCAN_FLAG_EXTENDED_DWELL; 954 955 return flags; 956 } 957 958 static int iwl_mvm_scan_lmac(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 959 struct iwl_mvm_scan_params *params) 960 { 961 struct iwl_scan_req_lmac *cmd = mvm->scan_cmd; 962 struct iwl_scan_probe_req *preq = 963 (void *)(cmd->data + sizeof(struct iwl_scan_channel_cfg_lmac) * 964 mvm->fw->ucode_capa.n_scan_channels); 965 u32 ssid_bitmap = 0; 966 int i; 967 968 lockdep_assert_held(&mvm->mutex); 969 970 memset(cmd, 0, ksize(cmd)); 971 972 if (WARN_ON(params->n_scan_plans > IWL_MAX_SCHED_SCAN_PLANS)) 973 return -EINVAL; 974 975 iwl_mvm_scan_lmac_dwell(mvm, cmd, params); 976 977 cmd->rx_chain_select = iwl_mvm_scan_rx_chain(mvm); 978 cmd->iter_num = cpu_to_le32(1); 979 cmd->n_channels = (u8)params->n_channels; 980 981 cmd->delay = cpu_to_le32(params->delay); 982 983 cmd->scan_flags = cpu_to_le32(iwl_mvm_scan_lmac_flags(mvm, params, 984 vif)); 985 986 cmd->flags = iwl_mvm_scan_rxon_flags(params->channels[0]->band); 987 cmd->filter_flags = cpu_to_le32(MAC_FILTER_ACCEPT_GRP | 988 MAC_FILTER_IN_BEACON); 989 iwl_mvm_scan_fill_tx_cmd(mvm, cmd->tx_cmd, params->no_cck); 990 iwl_scan_build_ssids(params, cmd->direct_scan, &ssid_bitmap); 991 992 /* this API uses bits 1-20 instead of 0-19 */ 993 ssid_bitmap <<= 1; 994 995 for (i = 0; i < params->n_scan_plans; i++) { 996 struct cfg80211_sched_scan_plan *scan_plan = 997 ¶ms->scan_plans[i]; 998 999 cmd->schedule[i].delay = 1000 cpu_to_le16(scan_plan->interval); 1001 cmd->schedule[i].iterations = scan_plan->iterations; 1002 cmd->schedule[i].full_scan_mul = 1; 1003 } 1004 1005 /* 1006 * If the number of iterations of the last scan plan is set to 1007 * zero, it should run infinitely. However, this is not always the case. 1008 * For example, when regular scan is requested the driver sets one scan 1009 * plan with one iteration. 1010 */ 1011 if (!cmd->schedule[i - 1].iterations) 1012 cmd->schedule[i - 1].iterations = 0xff; 1013 1014 if (iwl_mvm_scan_use_ebs(mvm, vif)) { 1015 cmd->channel_opt[0].flags = 1016 cpu_to_le16(IWL_SCAN_CHANNEL_FLAG_EBS | 1017 IWL_SCAN_CHANNEL_FLAG_EBS_ACCURATE | 1018 IWL_SCAN_CHANNEL_FLAG_CACHE_ADD); 1019 cmd->channel_opt[0].non_ebs_ratio = 1020 cpu_to_le16(IWL_DENSE_EBS_SCAN_RATIO); 1021 cmd->channel_opt[1].flags = 1022 cpu_to_le16(IWL_SCAN_CHANNEL_FLAG_EBS | 1023 IWL_SCAN_CHANNEL_FLAG_EBS_ACCURATE | 1024 IWL_SCAN_CHANNEL_FLAG_CACHE_ADD); 1025 cmd->channel_opt[1].non_ebs_ratio = 1026 cpu_to_le16(IWL_SPARSE_EBS_SCAN_RATIO); 1027 } 1028 1029 iwl_mvm_lmac_scan_cfg_channels(mvm, params->channels, 1030 params->n_channels, ssid_bitmap, cmd); 1031 1032 *preq = params->preq; 1033 1034 return 0; 1035 } 1036 1037 static int rate_to_scan_rate_flag(unsigned int rate) 1038 { 1039 static const int rate_to_scan_rate[IWL_RATE_COUNT] = { 1040 [IWL_RATE_1M_INDEX] = SCAN_CONFIG_RATE_1M, 1041 [IWL_RATE_2M_INDEX] = SCAN_CONFIG_RATE_2M, 1042 [IWL_RATE_5M_INDEX] = SCAN_CONFIG_RATE_5M, 1043 [IWL_RATE_11M_INDEX] = SCAN_CONFIG_RATE_11M, 1044 [IWL_RATE_6M_INDEX] = SCAN_CONFIG_RATE_6M, 1045 [IWL_RATE_9M_INDEX] = SCAN_CONFIG_RATE_9M, 1046 [IWL_RATE_12M_INDEX] = SCAN_CONFIG_RATE_12M, 1047 [IWL_RATE_18M_INDEX] = SCAN_CONFIG_RATE_18M, 1048 [IWL_RATE_24M_INDEX] = SCAN_CONFIG_RATE_24M, 1049 [IWL_RATE_36M_INDEX] = SCAN_CONFIG_RATE_36M, 1050 [IWL_RATE_48M_INDEX] = SCAN_CONFIG_RATE_48M, 1051 [IWL_RATE_54M_INDEX] = SCAN_CONFIG_RATE_54M, 1052 }; 1053 1054 return rate_to_scan_rate[rate]; 1055 } 1056 1057 static __le32 iwl_mvm_scan_config_rates(struct iwl_mvm *mvm) 1058 { 1059 struct ieee80211_supported_band *band; 1060 unsigned int rates = 0; 1061 int i; 1062 1063 band = &mvm->nvm_data->bands[NL80211_BAND_2GHZ]; 1064 for (i = 0; i < band->n_bitrates; i++) 1065 rates |= rate_to_scan_rate_flag(band->bitrates[i].hw_value); 1066 band = &mvm->nvm_data->bands[NL80211_BAND_5GHZ]; 1067 for (i = 0; i < band->n_bitrates; i++) 1068 rates |= rate_to_scan_rate_flag(band->bitrates[i].hw_value); 1069 1070 /* Set both basic rates and supported rates */ 1071 rates |= SCAN_CONFIG_SUPPORTED_RATE(rates); 1072 1073 return cpu_to_le32(rates); 1074 } 1075 1076 static void iwl_mvm_fill_scan_dwell(struct iwl_mvm *mvm, 1077 struct iwl_scan_dwell *dwell) 1078 { 1079 dwell->active = IWL_SCAN_DWELL_ACTIVE; 1080 dwell->passive = IWL_SCAN_DWELL_PASSIVE; 1081 dwell->fragmented = IWL_SCAN_DWELL_FRAGMENTED; 1082 dwell->extended = IWL_SCAN_DWELL_EXTENDED; 1083 } 1084 1085 static void iwl_mvm_fill_channels(struct iwl_mvm *mvm, u8 *channels) 1086 { 1087 struct ieee80211_supported_band *band; 1088 int i, j = 0; 1089 1090 band = &mvm->nvm_data->bands[NL80211_BAND_2GHZ]; 1091 for (i = 0; i < band->n_channels; i++, j++) 1092 channels[j] = band->channels[i].hw_value; 1093 band = &mvm->nvm_data->bands[NL80211_BAND_5GHZ]; 1094 for (i = 0; i < band->n_channels; i++, j++) 1095 channels[j] = band->channels[i].hw_value; 1096 } 1097 1098 static void iwl_mvm_fill_scan_config_v1(struct iwl_mvm *mvm, void *config, 1099 u32 flags, u8 channel_flags) 1100 { 1101 enum iwl_mvm_scan_type type = iwl_mvm_get_scan_type(mvm, NULL); 1102 struct iwl_scan_config_v1 *cfg = config; 1103 1104 cfg->flags = cpu_to_le32(flags); 1105 cfg->tx_chains = cpu_to_le32(iwl_mvm_get_valid_tx_ant(mvm)); 1106 cfg->rx_chains = cpu_to_le32(iwl_mvm_scan_rx_ant(mvm)); 1107 cfg->legacy_rates = iwl_mvm_scan_config_rates(mvm); 1108 cfg->out_of_channel_time = cpu_to_le32(scan_timing[type].max_out_time); 1109 cfg->suspend_time = cpu_to_le32(scan_timing[type].suspend_time); 1110 1111 iwl_mvm_fill_scan_dwell(mvm, &cfg->dwell); 1112 1113 memcpy(&cfg->mac_addr, &mvm->addresses[0].addr, ETH_ALEN); 1114 1115 cfg->bcast_sta_id = mvm->aux_sta.sta_id; 1116 cfg->channel_flags = channel_flags; 1117 1118 iwl_mvm_fill_channels(mvm, cfg->channel_array); 1119 } 1120 1121 static void iwl_mvm_fill_scan_config(struct iwl_mvm *mvm, void *config, 1122 u32 flags, u8 channel_flags) 1123 { 1124 struct iwl_scan_config *cfg = config; 1125 1126 cfg->flags = cpu_to_le32(flags); 1127 cfg->tx_chains = cpu_to_le32(iwl_mvm_get_valid_tx_ant(mvm)); 1128 cfg->rx_chains = cpu_to_le32(iwl_mvm_scan_rx_ant(mvm)); 1129 cfg->legacy_rates = iwl_mvm_scan_config_rates(mvm); 1130 1131 if (iwl_mvm_is_cdb_supported(mvm)) { 1132 enum iwl_mvm_scan_type lb_type, hb_type; 1133 1134 lb_type = iwl_mvm_get_scan_type_band(mvm, NULL, 1135 NL80211_BAND_2GHZ); 1136 hb_type = iwl_mvm_get_scan_type_band(mvm, NULL, 1137 NL80211_BAND_5GHZ); 1138 1139 cfg->out_of_channel_time[SCAN_LB_LMAC_IDX] = 1140 cpu_to_le32(scan_timing[lb_type].max_out_time); 1141 cfg->suspend_time[SCAN_LB_LMAC_IDX] = 1142 cpu_to_le32(scan_timing[lb_type].suspend_time); 1143 1144 cfg->out_of_channel_time[SCAN_HB_LMAC_IDX] = 1145 cpu_to_le32(scan_timing[hb_type].max_out_time); 1146 cfg->suspend_time[SCAN_HB_LMAC_IDX] = 1147 cpu_to_le32(scan_timing[hb_type].suspend_time); 1148 } else { 1149 enum iwl_mvm_scan_type type = 1150 iwl_mvm_get_scan_type(mvm, NULL); 1151 1152 cfg->out_of_channel_time[SCAN_LB_LMAC_IDX] = 1153 cpu_to_le32(scan_timing[type].max_out_time); 1154 cfg->suspend_time[SCAN_LB_LMAC_IDX] = 1155 cpu_to_le32(scan_timing[type].suspend_time); 1156 } 1157 1158 iwl_mvm_fill_scan_dwell(mvm, &cfg->dwell); 1159 1160 memcpy(&cfg->mac_addr, &mvm->addresses[0].addr, ETH_ALEN); 1161 1162 cfg->bcast_sta_id = mvm->aux_sta.sta_id; 1163 cfg->channel_flags = channel_flags; 1164 1165 iwl_mvm_fill_channels(mvm, cfg->channel_array); 1166 } 1167 1168 int iwl_mvm_config_scan(struct iwl_mvm *mvm) 1169 { 1170 void *cfg; 1171 int ret, cmd_size; 1172 struct iwl_host_cmd cmd = { 1173 .id = iwl_cmd_id(SCAN_CFG_CMD, IWL_ALWAYS_LONG_GROUP, 0), 1174 }; 1175 enum iwl_mvm_scan_type type; 1176 enum iwl_mvm_scan_type hb_type = IWL_SCAN_TYPE_NOT_SET; 1177 int num_channels = 1178 mvm->nvm_data->bands[NL80211_BAND_2GHZ].n_channels + 1179 mvm->nvm_data->bands[NL80211_BAND_5GHZ].n_channels; 1180 u32 flags; 1181 u8 channel_flags; 1182 1183 if (WARN_ON(num_channels > mvm->fw->ucode_capa.n_scan_channels)) 1184 return -ENOBUFS; 1185 1186 if (iwl_mvm_is_cdb_supported(mvm)) { 1187 type = iwl_mvm_get_scan_type_band(mvm, NULL, 1188 NL80211_BAND_2GHZ); 1189 hb_type = iwl_mvm_get_scan_type_band(mvm, NULL, 1190 NL80211_BAND_5GHZ); 1191 if (type == mvm->scan_type && hb_type == mvm->hb_scan_type) 1192 return 0; 1193 } else { 1194 type = iwl_mvm_get_scan_type(mvm, NULL); 1195 if (type == mvm->scan_type) 1196 return 0; 1197 } 1198 1199 if (iwl_mvm_cdb_scan_api(mvm)) 1200 cmd_size = sizeof(struct iwl_scan_config); 1201 else 1202 cmd_size = sizeof(struct iwl_scan_config_v1); 1203 cmd_size += mvm->fw->ucode_capa.n_scan_channels; 1204 1205 cfg = kzalloc(cmd_size, GFP_KERNEL); 1206 if (!cfg) 1207 return -ENOMEM; 1208 1209 flags = SCAN_CONFIG_FLAG_ACTIVATE | 1210 SCAN_CONFIG_FLAG_ALLOW_CHUB_REQS | 1211 SCAN_CONFIG_FLAG_SET_TX_CHAINS | 1212 SCAN_CONFIG_FLAG_SET_RX_CHAINS | 1213 SCAN_CONFIG_FLAG_SET_AUX_STA_ID | 1214 SCAN_CONFIG_FLAG_SET_ALL_TIMES | 1215 SCAN_CONFIG_FLAG_SET_LEGACY_RATES | 1216 SCAN_CONFIG_FLAG_SET_MAC_ADDR | 1217 SCAN_CONFIG_FLAG_SET_CHANNEL_FLAGS | 1218 SCAN_CONFIG_N_CHANNELS(num_channels) | 1219 (iwl_mvm_is_scan_fragmented(type) ? 1220 SCAN_CONFIG_FLAG_SET_FRAGMENTED : 1221 SCAN_CONFIG_FLAG_CLEAR_FRAGMENTED); 1222 1223 channel_flags = IWL_CHANNEL_FLAG_EBS | 1224 IWL_CHANNEL_FLAG_ACCURATE_EBS | 1225 IWL_CHANNEL_FLAG_EBS_ADD | 1226 IWL_CHANNEL_FLAG_PRE_SCAN_PASSIVE2ACTIVE; 1227 1228 /* 1229 * Check for fragmented scan on LMAC2 - high band. 1230 * LMAC1 - low band is checked above. 1231 */ 1232 if (iwl_mvm_cdb_scan_api(mvm)) { 1233 if (iwl_mvm_is_cdb_supported(mvm)) 1234 flags |= (iwl_mvm_is_scan_fragmented(hb_type)) ? 1235 SCAN_CONFIG_FLAG_SET_LMAC2_FRAGMENTED : 1236 SCAN_CONFIG_FLAG_CLEAR_LMAC2_FRAGMENTED; 1237 iwl_mvm_fill_scan_config(mvm, cfg, flags, channel_flags); 1238 } else { 1239 iwl_mvm_fill_scan_config_v1(mvm, cfg, flags, channel_flags); 1240 } 1241 1242 cmd.data[0] = cfg; 1243 cmd.len[0] = cmd_size; 1244 cmd.dataflags[0] = IWL_HCMD_DFL_NOCOPY; 1245 1246 IWL_DEBUG_SCAN(mvm, "Sending UMAC scan config\n"); 1247 1248 ret = iwl_mvm_send_cmd(mvm, &cmd); 1249 if (!ret) { 1250 mvm->scan_type = type; 1251 mvm->hb_scan_type = hb_type; 1252 } 1253 1254 kfree(cfg); 1255 return ret; 1256 } 1257 1258 static int iwl_mvm_scan_uid_by_status(struct iwl_mvm *mvm, int status) 1259 { 1260 int i; 1261 1262 for (i = 0; i < mvm->max_scans; i++) 1263 if (mvm->scan_uid_status[i] == status) 1264 return i; 1265 1266 return -ENOENT; 1267 } 1268 1269 static void iwl_mvm_scan_umac_dwell(struct iwl_mvm *mvm, 1270 struct iwl_scan_req_umac *cmd, 1271 struct iwl_mvm_scan_params *params) 1272 { 1273 struct iwl_mvm_scan_timing_params *timing, *hb_timing; 1274 u8 active_dwell, passive_dwell; 1275 1276 timing = &scan_timing[params->type]; 1277 active_dwell = params->measurement_dwell ? 1278 params->measurement_dwell : IWL_SCAN_DWELL_ACTIVE; 1279 passive_dwell = params->measurement_dwell ? 1280 params->measurement_dwell : IWL_SCAN_DWELL_PASSIVE; 1281 1282 if (iwl_mvm_is_adaptive_dwell_supported(mvm)) { 1283 cmd->v7.adwell_default_n_aps_social = 1284 IWL_SCAN_ADWELL_DEFAULT_N_APS_SOCIAL; 1285 cmd->v7.adwell_default_n_aps = 1286 IWL_SCAN_ADWELL_DEFAULT_N_APS; 1287 1288 /* if custom max budget was configured with debugfs */ 1289 if (IWL_MVM_ADWELL_MAX_BUDGET) 1290 cmd->v7.adwell_max_budget = 1291 cpu_to_le16(IWL_MVM_ADWELL_MAX_BUDGET); 1292 else if (params->ssids && params->ssids[0].ssid_len) 1293 cmd->v7.adwell_max_budget = 1294 cpu_to_le16(IWL_SCAN_ADWELL_MAX_BUDGET_DIRECTED_SCAN); 1295 else 1296 cmd->v7.adwell_max_budget = 1297 cpu_to_le16(IWL_SCAN_ADWELL_MAX_BUDGET_FULL_SCAN); 1298 1299 cmd->v7.scan_priority = cpu_to_le32(IWL_SCAN_PRIORITY_EXT_6); 1300 cmd->v7.max_out_time[SCAN_LB_LMAC_IDX] = 1301 cpu_to_le32(timing->max_out_time); 1302 cmd->v7.suspend_time[SCAN_LB_LMAC_IDX] = 1303 cpu_to_le32(timing->suspend_time); 1304 1305 if (iwl_mvm_is_cdb_supported(mvm)) { 1306 hb_timing = &scan_timing[params->hb_type]; 1307 1308 cmd->v7.max_out_time[SCAN_HB_LMAC_IDX] = 1309 cpu_to_le32(hb_timing->max_out_time); 1310 cmd->v7.suspend_time[SCAN_HB_LMAC_IDX] = 1311 cpu_to_le32(hb_timing->suspend_time); 1312 } 1313 1314 if (!iwl_mvm_is_adaptive_dwell_v2_supported(mvm)) { 1315 cmd->v7.active_dwell = active_dwell; 1316 cmd->v7.passive_dwell = passive_dwell; 1317 cmd->v7.fragmented_dwell = IWL_SCAN_DWELL_FRAGMENTED; 1318 } else { 1319 cmd->v8.active_dwell[SCAN_LB_LMAC_IDX] = active_dwell; 1320 cmd->v8.passive_dwell[SCAN_LB_LMAC_IDX] = passive_dwell; 1321 if (iwl_mvm_is_cdb_supported(mvm)) { 1322 cmd->v8.active_dwell[SCAN_HB_LMAC_IDX] = 1323 active_dwell; 1324 cmd->v8.passive_dwell[SCAN_HB_LMAC_IDX] = 1325 passive_dwell; 1326 } 1327 } 1328 } else { 1329 cmd->v1.extended_dwell = params->measurement_dwell ? 1330 params->measurement_dwell : IWL_SCAN_DWELL_EXTENDED; 1331 cmd->v1.active_dwell = active_dwell; 1332 cmd->v1.passive_dwell = passive_dwell; 1333 cmd->v1.fragmented_dwell = IWL_SCAN_DWELL_FRAGMENTED; 1334 1335 if (iwl_mvm_is_cdb_supported(mvm)) { 1336 hb_timing = &scan_timing[params->hb_type]; 1337 1338 cmd->v6.max_out_time[SCAN_HB_LMAC_IDX] = 1339 cpu_to_le32(hb_timing->max_out_time); 1340 cmd->v6.suspend_time[SCAN_HB_LMAC_IDX] = 1341 cpu_to_le32(hb_timing->suspend_time); 1342 } 1343 1344 if (iwl_mvm_cdb_scan_api(mvm)) { 1345 cmd->v6.scan_priority = 1346 cpu_to_le32(IWL_SCAN_PRIORITY_EXT_6); 1347 cmd->v6.max_out_time[SCAN_LB_LMAC_IDX] = 1348 cpu_to_le32(timing->max_out_time); 1349 cmd->v6.suspend_time[SCAN_LB_LMAC_IDX] = 1350 cpu_to_le32(timing->suspend_time); 1351 } else { 1352 cmd->v1.scan_priority = 1353 cpu_to_le32(IWL_SCAN_PRIORITY_EXT_6); 1354 cmd->v1.max_out_time = 1355 cpu_to_le32(timing->max_out_time); 1356 cmd->v1.suspend_time = 1357 cpu_to_le32(timing->suspend_time); 1358 } 1359 } 1360 1361 if (iwl_mvm_is_regular_scan(params)) 1362 cmd->ooc_priority = cpu_to_le32(IWL_SCAN_PRIORITY_EXT_6); 1363 else 1364 cmd->ooc_priority = cpu_to_le32(IWL_SCAN_PRIORITY_EXT_2); 1365 } 1366 1367 static void 1368 iwl_mvm_umac_scan_cfg_channels(struct iwl_mvm *mvm, 1369 struct ieee80211_channel **channels, 1370 int n_channels, u32 ssid_bitmap, 1371 struct iwl_scan_channel_cfg_umac *channel_cfg) 1372 { 1373 int i; 1374 1375 for (i = 0; i < n_channels; i++) { 1376 channel_cfg[i].flags = cpu_to_le32(ssid_bitmap); 1377 channel_cfg[i].channel_num = channels[i]->hw_value; 1378 channel_cfg[i].iter_count = 1; 1379 channel_cfg[i].iter_interval = 0; 1380 } 1381 } 1382 1383 static u16 iwl_mvm_scan_umac_flags(struct iwl_mvm *mvm, 1384 struct iwl_mvm_scan_params *params, 1385 struct ieee80211_vif *vif) 1386 { 1387 u16 flags = 0; 1388 1389 if (params->n_ssids == 0) 1390 flags = IWL_UMAC_SCAN_GEN_FLAGS_PASSIVE; 1391 1392 if (params->n_ssids == 1 && params->ssids[0].ssid_len != 0) 1393 flags |= IWL_UMAC_SCAN_GEN_FLAGS_PRE_CONNECT; 1394 1395 if (iwl_mvm_is_scan_fragmented(params->type)) 1396 flags |= IWL_UMAC_SCAN_GEN_FLAGS_FRAGMENTED; 1397 1398 if (iwl_mvm_is_cdb_supported(mvm) && 1399 iwl_mvm_is_scan_fragmented(params->hb_type)) 1400 flags |= IWL_UMAC_SCAN_GEN_FLAGS_LMAC2_FRAGMENTED; 1401 1402 if (iwl_mvm_rrm_scan_needed(mvm) && 1403 fw_has_capa(&mvm->fw->ucode_capa, 1404 IWL_UCODE_TLV_CAPA_WFA_TPC_REP_IE_SUPPORT)) 1405 flags |= IWL_UMAC_SCAN_GEN_FLAGS_RRM_ENABLED; 1406 1407 if (params->pass_all) 1408 flags |= IWL_UMAC_SCAN_GEN_FLAGS_PASS_ALL; 1409 else 1410 flags |= IWL_UMAC_SCAN_GEN_FLAGS_MATCH; 1411 1412 if (!iwl_mvm_is_regular_scan(params)) 1413 flags |= IWL_UMAC_SCAN_GEN_FLAGS_PERIODIC; 1414 1415 if (params->measurement_dwell) 1416 flags |= IWL_UMAC_SCAN_GEN_FLAGS_ITER_COMPLETE; 1417 1418 #ifdef CONFIG_IWLWIFI_DEBUGFS 1419 if (mvm->scan_iter_notif_enabled) 1420 flags |= IWL_UMAC_SCAN_GEN_FLAGS_ITER_COMPLETE; 1421 #endif 1422 1423 if (mvm->sched_scan_pass_all == SCHED_SCAN_PASS_ALL_ENABLED) 1424 flags |= IWL_UMAC_SCAN_GEN_FLAGS_ITER_COMPLETE; 1425 1426 if (iwl_mvm_is_adaptive_dwell_supported(mvm) && IWL_MVM_ADWELL_ENABLE && 1427 vif->type != NL80211_IFTYPE_P2P_DEVICE) 1428 flags |= IWL_UMAC_SCAN_GEN_FLAGS_ADAPTIVE_DWELL; 1429 1430 /* 1431 * Extended dwell is relevant only for low band to start with, as it is 1432 * being used for social channles only (1, 6, 11), so we can check 1433 * only scan type on low band also for CDB. 1434 */ 1435 if (iwl_mvm_is_regular_scan(params) && 1436 vif->type != NL80211_IFTYPE_P2P_DEVICE && 1437 !iwl_mvm_is_scan_fragmented(params->type) && 1438 !iwl_mvm_is_adaptive_dwell_supported(mvm) && 1439 !iwl_mvm_is_oce_supported(mvm)) 1440 flags |= IWL_UMAC_SCAN_GEN_FLAGS_EXTENDED_DWELL; 1441 1442 if (iwl_mvm_is_oce_supported(mvm)) { 1443 if ((params->flags & 1444 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE)) 1445 flags |= IWL_UMAC_SCAN_GEN_FLAGS_PROB_REQ_HIGH_TX_RATE; 1446 /* Since IWL_UMAC_SCAN_GEN_FLAGS_EXTENDED_DWELL and 1447 * NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION shares 1448 * the same bit, we need to make sure that we use this bit here 1449 * only when IWL_UMAC_SCAN_GEN_FLAGS_EXTENDED_DWELL cannot be 1450 * used. */ 1451 if ((params->flags & 1452 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) && 1453 !WARN_ON_ONCE(!iwl_mvm_is_adaptive_dwell_supported(mvm))) 1454 flags |= IWL_UMAC_SCAN_GEN_FLAGS_PROB_REQ_DEFER_SUPP; 1455 if ((params->flags & NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME)) 1456 flags |= IWL_UMAC_SCAN_GEN_FLAGS_MAX_CHNL_TIME; 1457 } 1458 1459 return flags; 1460 } 1461 1462 static int iwl_mvm_scan_umac(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 1463 struct iwl_mvm_scan_params *params, 1464 int type) 1465 { 1466 struct iwl_scan_req_umac *cmd = mvm->scan_cmd; 1467 struct iwl_scan_umac_chan_param *chan_param; 1468 void *cmd_data = iwl_mvm_get_scan_req_umac_data(mvm); 1469 struct iwl_scan_req_umac_tail *sec_part = cmd_data + 1470 sizeof(struct iwl_scan_channel_cfg_umac) * 1471 mvm->fw->ucode_capa.n_scan_channels; 1472 int uid, i; 1473 u32 ssid_bitmap = 0; 1474 u8 channel_flags = 0; 1475 u16 gen_flags; 1476 struct iwl_mvm_vif *scan_vif = iwl_mvm_vif_from_mac80211(vif); 1477 1478 chan_param = iwl_mvm_get_scan_req_umac_channel(mvm); 1479 1480 lockdep_assert_held(&mvm->mutex); 1481 1482 if (WARN_ON(params->n_scan_plans > IWL_MAX_SCHED_SCAN_PLANS)) 1483 return -EINVAL; 1484 1485 uid = iwl_mvm_scan_uid_by_status(mvm, 0); 1486 if (uid < 0) 1487 return uid; 1488 1489 memset(cmd, 0, ksize(cmd)); 1490 1491 iwl_mvm_scan_umac_dwell(mvm, cmd, params); 1492 1493 mvm->scan_uid_status[uid] = type; 1494 1495 cmd->uid = cpu_to_le32(uid); 1496 gen_flags = iwl_mvm_scan_umac_flags(mvm, params, vif); 1497 cmd->general_flags = cpu_to_le16(gen_flags); 1498 if (iwl_mvm_is_adaptive_dwell_v2_supported(mvm)) { 1499 if (gen_flags & IWL_UMAC_SCAN_GEN_FLAGS_FRAGMENTED) 1500 cmd->v8.num_of_fragments[SCAN_LB_LMAC_IDX] = 1501 IWL_SCAN_NUM_OF_FRAGS; 1502 if (gen_flags & IWL_UMAC_SCAN_GEN_FLAGS_LMAC2_FRAGMENTED) 1503 cmd->v8.num_of_fragments[SCAN_HB_LMAC_IDX] = 1504 IWL_SCAN_NUM_OF_FRAGS; 1505 1506 cmd->v8.general_flags2 = 1507 IWL_UMAC_SCAN_GEN_FLAGS2_ALLOW_CHNL_REORDER; 1508 } 1509 1510 cmd->scan_start_mac_id = scan_vif->id; 1511 1512 if (type == IWL_MVM_SCAN_SCHED || type == IWL_MVM_SCAN_NETDETECT) 1513 cmd->flags = cpu_to_le32(IWL_UMAC_SCAN_FLAG_PREEMPTIVE); 1514 1515 if (iwl_mvm_scan_use_ebs(mvm, vif)) { 1516 channel_flags = IWL_SCAN_CHANNEL_FLAG_EBS | 1517 IWL_SCAN_CHANNEL_FLAG_EBS_ACCURATE | 1518 IWL_SCAN_CHANNEL_FLAG_CACHE_ADD; 1519 1520 /* set fragmented ebs for fragmented scan on HB channels */ 1521 if (iwl_mvm_is_frag_ebs_supported(mvm)) { 1522 if (gen_flags & 1523 IWL_UMAC_SCAN_GEN_FLAGS_LMAC2_FRAGMENTED || 1524 (!iwl_mvm_is_cdb_supported(mvm) && 1525 gen_flags & IWL_UMAC_SCAN_GEN_FLAGS_FRAGMENTED)) 1526 channel_flags |= IWL_SCAN_CHANNEL_FLAG_EBS_FRAG; 1527 } 1528 } 1529 1530 chan_param->flags = channel_flags; 1531 chan_param->count = params->n_channels; 1532 1533 iwl_scan_build_ssids(params, sec_part->direct_scan, &ssid_bitmap); 1534 1535 iwl_mvm_umac_scan_cfg_channels(mvm, params->channels, 1536 params->n_channels, ssid_bitmap, 1537 cmd_data); 1538 1539 for (i = 0; i < params->n_scan_plans; i++) { 1540 struct cfg80211_sched_scan_plan *scan_plan = 1541 ¶ms->scan_plans[i]; 1542 1543 sec_part->schedule[i].iter_count = scan_plan->iterations; 1544 sec_part->schedule[i].interval = 1545 cpu_to_le16(scan_plan->interval); 1546 } 1547 1548 /* 1549 * If the number of iterations of the last scan plan is set to 1550 * zero, it should run infinitely. However, this is not always the case. 1551 * For example, when regular scan is requested the driver sets one scan 1552 * plan with one iteration. 1553 */ 1554 if (!sec_part->schedule[i - 1].iter_count) 1555 sec_part->schedule[i - 1].iter_count = 0xff; 1556 1557 sec_part->delay = cpu_to_le16(params->delay); 1558 sec_part->preq = params->preq; 1559 1560 return 0; 1561 } 1562 1563 static int iwl_mvm_num_scans(struct iwl_mvm *mvm) 1564 { 1565 return hweight32(mvm->scan_status & IWL_MVM_SCAN_MASK); 1566 } 1567 1568 static int iwl_mvm_check_running_scans(struct iwl_mvm *mvm, int type) 1569 { 1570 bool unified_image = fw_has_capa(&mvm->fw->ucode_capa, 1571 IWL_UCODE_TLV_CAPA_CNSLDTD_D3_D0_IMG); 1572 1573 /* This looks a bit arbitrary, but the idea is that if we run 1574 * out of possible simultaneous scans and the userspace is 1575 * trying to run a scan type that is already running, we 1576 * return -EBUSY. But if the userspace wants to start a 1577 * different type of scan, we stop the opposite type to make 1578 * space for the new request. The reason is backwards 1579 * compatibility with old wpa_supplicant that wouldn't stop a 1580 * scheduled scan before starting a normal scan. 1581 */ 1582 1583 /* FW supports only a single periodic scan */ 1584 if ((type == IWL_MVM_SCAN_SCHED || type == IWL_MVM_SCAN_NETDETECT) && 1585 mvm->scan_status & (IWL_MVM_SCAN_SCHED | IWL_MVM_SCAN_NETDETECT)) 1586 return -EBUSY; 1587 1588 if (iwl_mvm_num_scans(mvm) < mvm->max_scans) 1589 return 0; 1590 1591 /* Use a switch, even though this is a bitmask, so that more 1592 * than one bits set will fall in default and we will warn. 1593 */ 1594 switch (type) { 1595 case IWL_MVM_SCAN_REGULAR: 1596 if (mvm->scan_status & IWL_MVM_SCAN_REGULAR_MASK) 1597 return -EBUSY; 1598 return iwl_mvm_scan_stop(mvm, IWL_MVM_SCAN_SCHED, true); 1599 case IWL_MVM_SCAN_SCHED: 1600 if (mvm->scan_status & IWL_MVM_SCAN_SCHED_MASK) 1601 return -EBUSY; 1602 return iwl_mvm_scan_stop(mvm, IWL_MVM_SCAN_REGULAR, true); 1603 case IWL_MVM_SCAN_NETDETECT: 1604 /* For non-unified images, there's no need to stop 1605 * anything for net-detect since the firmware is 1606 * restarted anyway. This way, any sched scans that 1607 * were running will be restarted when we resume. 1608 */ 1609 if (!unified_image) 1610 return 0; 1611 1612 /* If this is a unified image and we ran out of scans, 1613 * we need to stop something. Prefer stopping regular 1614 * scans, because the results are useless at this 1615 * point, and we should be able to keep running 1616 * another scheduled scan while suspended. 1617 */ 1618 if (mvm->scan_status & IWL_MVM_SCAN_REGULAR_MASK) 1619 return iwl_mvm_scan_stop(mvm, IWL_MVM_SCAN_REGULAR, 1620 true); 1621 if (mvm->scan_status & IWL_MVM_SCAN_SCHED_MASK) 1622 return iwl_mvm_scan_stop(mvm, IWL_MVM_SCAN_SCHED, 1623 true); 1624 /* Something is wrong if no scan was running but we 1625 * ran out of scans. 1626 */ 1627 /* fall through */ 1628 default: 1629 WARN_ON(1); 1630 break; 1631 } 1632 1633 return -EIO; 1634 } 1635 1636 #define SCAN_TIMEOUT 20000 1637 1638 void iwl_mvm_scan_timeout_wk(struct work_struct *work) 1639 { 1640 struct delayed_work *delayed_work = to_delayed_work(work); 1641 struct iwl_mvm *mvm = container_of(delayed_work, struct iwl_mvm, 1642 scan_timeout_dwork); 1643 1644 IWL_ERR(mvm, "regular scan timed out\n"); 1645 1646 iwl_force_nmi(mvm->trans); 1647 } 1648 1649 static void iwl_mvm_fill_scan_type(struct iwl_mvm *mvm, 1650 struct iwl_mvm_scan_params *params, 1651 struct ieee80211_vif *vif) 1652 { 1653 if (iwl_mvm_is_cdb_supported(mvm)) { 1654 params->type = 1655 iwl_mvm_get_scan_type_band(mvm, vif, 1656 NL80211_BAND_2GHZ); 1657 params->hb_type = 1658 iwl_mvm_get_scan_type_band(mvm, vif, 1659 NL80211_BAND_5GHZ); 1660 } else { 1661 params->type = iwl_mvm_get_scan_type(mvm, vif); 1662 } 1663 } 1664 1665 int iwl_mvm_reg_scan_start(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 1666 struct cfg80211_scan_request *req, 1667 struct ieee80211_scan_ies *ies) 1668 { 1669 struct iwl_host_cmd hcmd = { 1670 .len = { iwl_mvm_scan_size(mvm), }, 1671 .data = { mvm->scan_cmd, }, 1672 .dataflags = { IWL_HCMD_DFL_NOCOPY, }, 1673 }; 1674 struct iwl_mvm_scan_params params = {}; 1675 int ret; 1676 struct cfg80211_sched_scan_plan scan_plan = { .iterations = 1 }; 1677 1678 lockdep_assert_held(&mvm->mutex); 1679 1680 if (iwl_mvm_is_lar_supported(mvm) && !mvm->lar_regdom_set) { 1681 IWL_ERR(mvm, "scan while LAR regdomain is not set\n"); 1682 return -EBUSY; 1683 } 1684 1685 ret = iwl_mvm_check_running_scans(mvm, IWL_MVM_SCAN_REGULAR); 1686 if (ret) 1687 return ret; 1688 1689 /* we should have failed registration if scan_cmd was NULL */ 1690 if (WARN_ON(!mvm->scan_cmd)) 1691 return -ENOMEM; 1692 1693 if (!iwl_mvm_scan_fits(mvm, req->n_ssids, ies, req->n_channels)) 1694 return -ENOBUFS; 1695 1696 params.n_ssids = req->n_ssids; 1697 params.flags = req->flags; 1698 params.n_channels = req->n_channels; 1699 params.delay = 0; 1700 params.ssids = req->ssids; 1701 params.channels = req->channels; 1702 params.mac_addr = req->mac_addr; 1703 params.mac_addr_mask = req->mac_addr_mask; 1704 params.no_cck = req->no_cck; 1705 params.pass_all = true; 1706 params.n_match_sets = 0; 1707 params.match_sets = NULL; 1708 1709 params.scan_plans = &scan_plan; 1710 params.n_scan_plans = 1; 1711 1712 iwl_mvm_fill_scan_type(mvm, ¶ms, vif); 1713 1714 ret = iwl_mvm_get_measurement_dwell(mvm, req, ¶ms); 1715 if (ret < 0) 1716 return ret; 1717 1718 params.measurement_dwell = ret; 1719 1720 iwl_mvm_build_scan_probe(mvm, vif, ies, ¶ms); 1721 1722 if (fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_UMAC_SCAN)) { 1723 hcmd.id = iwl_cmd_id(SCAN_REQ_UMAC, IWL_ALWAYS_LONG_GROUP, 0); 1724 ret = iwl_mvm_scan_umac(mvm, vif, ¶ms, 1725 IWL_MVM_SCAN_REGULAR); 1726 } else { 1727 hcmd.id = SCAN_OFFLOAD_REQUEST_CMD; 1728 ret = iwl_mvm_scan_lmac(mvm, vif, ¶ms); 1729 } 1730 1731 if (ret) 1732 return ret; 1733 1734 iwl_mvm_pause_tcm(mvm, false); 1735 1736 ret = iwl_mvm_send_cmd(mvm, &hcmd); 1737 if (ret) { 1738 /* If the scan failed, it usually means that the FW was unable 1739 * to allocate the time events. Warn on it, but maybe we 1740 * should try to send the command again with different params. 1741 */ 1742 IWL_ERR(mvm, "Scan failed! ret %d\n", ret); 1743 iwl_mvm_resume_tcm(mvm); 1744 return ret; 1745 } 1746 1747 IWL_DEBUG_SCAN(mvm, "Scan request was sent successfully\n"); 1748 mvm->scan_status |= IWL_MVM_SCAN_REGULAR; 1749 mvm->scan_vif = iwl_mvm_vif_from_mac80211(vif); 1750 iwl_mvm_ref(mvm, IWL_MVM_REF_SCAN); 1751 1752 schedule_delayed_work(&mvm->scan_timeout_dwork, 1753 msecs_to_jiffies(SCAN_TIMEOUT)); 1754 1755 return 0; 1756 } 1757 1758 int iwl_mvm_sched_scan_start(struct iwl_mvm *mvm, 1759 struct ieee80211_vif *vif, 1760 struct cfg80211_sched_scan_request *req, 1761 struct ieee80211_scan_ies *ies, 1762 int type) 1763 { 1764 struct iwl_host_cmd hcmd = { 1765 .len = { iwl_mvm_scan_size(mvm), }, 1766 .data = { mvm->scan_cmd, }, 1767 .dataflags = { IWL_HCMD_DFL_NOCOPY, }, 1768 }; 1769 struct iwl_mvm_scan_params params = {}; 1770 int ret; 1771 1772 lockdep_assert_held(&mvm->mutex); 1773 1774 if (iwl_mvm_is_lar_supported(mvm) && !mvm->lar_regdom_set) { 1775 IWL_ERR(mvm, "sched-scan while LAR regdomain is not set\n"); 1776 return -EBUSY; 1777 } 1778 1779 ret = iwl_mvm_check_running_scans(mvm, type); 1780 if (ret) 1781 return ret; 1782 1783 /* we should have failed registration if scan_cmd was NULL */ 1784 if (WARN_ON(!mvm->scan_cmd)) 1785 return -ENOMEM; 1786 1787 if (!iwl_mvm_scan_fits(mvm, req->n_ssids, ies, req->n_channels)) 1788 return -ENOBUFS; 1789 1790 params.n_ssids = req->n_ssids; 1791 params.flags = req->flags; 1792 params.n_channels = req->n_channels; 1793 params.ssids = req->ssids; 1794 params.channels = req->channels; 1795 params.mac_addr = req->mac_addr; 1796 params.mac_addr_mask = req->mac_addr_mask; 1797 params.no_cck = false; 1798 params.pass_all = iwl_mvm_scan_pass_all(mvm, req); 1799 params.n_match_sets = req->n_match_sets; 1800 params.match_sets = req->match_sets; 1801 if (!req->n_scan_plans) 1802 return -EINVAL; 1803 1804 params.n_scan_plans = req->n_scan_plans; 1805 params.scan_plans = req->scan_plans; 1806 1807 iwl_mvm_fill_scan_type(mvm, ¶ms, vif); 1808 1809 /* In theory, LMAC scans can handle a 32-bit delay, but since 1810 * waiting for over 18 hours to start the scan is a bit silly 1811 * and to keep it aligned with UMAC scans (which only support 1812 * 16-bit delays), trim it down to 16-bits. 1813 */ 1814 if (req->delay > U16_MAX) { 1815 IWL_DEBUG_SCAN(mvm, 1816 "delay value is > 16-bits, set to max possible\n"); 1817 params.delay = U16_MAX; 1818 } else { 1819 params.delay = req->delay; 1820 } 1821 1822 ret = iwl_mvm_config_sched_scan_profiles(mvm, req); 1823 if (ret) 1824 return ret; 1825 1826 iwl_mvm_build_scan_probe(mvm, vif, ies, ¶ms); 1827 1828 if (fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_UMAC_SCAN)) { 1829 hcmd.id = iwl_cmd_id(SCAN_REQ_UMAC, IWL_ALWAYS_LONG_GROUP, 0); 1830 ret = iwl_mvm_scan_umac(mvm, vif, ¶ms, type); 1831 } else { 1832 hcmd.id = SCAN_OFFLOAD_REQUEST_CMD; 1833 ret = iwl_mvm_scan_lmac(mvm, vif, ¶ms); 1834 } 1835 1836 if (ret) 1837 return ret; 1838 1839 ret = iwl_mvm_send_cmd(mvm, &hcmd); 1840 if (!ret) { 1841 IWL_DEBUG_SCAN(mvm, 1842 "Sched scan request was sent successfully\n"); 1843 mvm->scan_status |= type; 1844 } else { 1845 /* If the scan failed, it usually means that the FW was unable 1846 * to allocate the time events. Warn on it, but maybe we 1847 * should try to send the command again with different params. 1848 */ 1849 IWL_ERR(mvm, "Sched scan failed! ret %d\n", ret); 1850 } 1851 1852 return ret; 1853 } 1854 1855 void iwl_mvm_rx_umac_scan_complete_notif(struct iwl_mvm *mvm, 1856 struct iwl_rx_cmd_buffer *rxb) 1857 { 1858 struct iwl_rx_packet *pkt = rxb_addr(rxb); 1859 struct iwl_umac_scan_complete *notif = (void *)pkt->data; 1860 u32 uid = __le32_to_cpu(notif->uid); 1861 bool aborted = (notif->status == IWL_SCAN_OFFLOAD_ABORTED); 1862 1863 if (WARN_ON(!(mvm->scan_uid_status[uid] & mvm->scan_status))) 1864 return; 1865 1866 /* if the scan is already stopping, we don't need to notify mac80211 */ 1867 if (mvm->scan_uid_status[uid] == IWL_MVM_SCAN_REGULAR) { 1868 struct cfg80211_scan_info info = { 1869 .aborted = aborted, 1870 .scan_start_tsf = mvm->scan_start, 1871 }; 1872 1873 memcpy(info.tsf_bssid, mvm->scan_vif->bssid, ETH_ALEN); 1874 ieee80211_scan_completed(mvm->hw, &info); 1875 mvm->scan_vif = NULL; 1876 iwl_mvm_unref(mvm, IWL_MVM_REF_SCAN); 1877 cancel_delayed_work(&mvm->scan_timeout_dwork); 1878 iwl_mvm_resume_tcm(mvm); 1879 } else if (mvm->scan_uid_status[uid] == IWL_MVM_SCAN_SCHED) { 1880 ieee80211_sched_scan_stopped(mvm->hw); 1881 mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED; 1882 } 1883 1884 mvm->scan_status &= ~mvm->scan_uid_status[uid]; 1885 IWL_DEBUG_SCAN(mvm, 1886 "Scan completed, uid %u type %u, status %s, EBS status %s\n", 1887 uid, mvm->scan_uid_status[uid], 1888 notif->status == IWL_SCAN_OFFLOAD_COMPLETED ? 1889 "completed" : "aborted", 1890 iwl_mvm_ebs_status_str(notif->ebs_status)); 1891 IWL_DEBUG_SCAN(mvm, 1892 "Last line %d, Last iteration %d, Time from last iteration %d\n", 1893 notif->last_schedule, notif->last_iter, 1894 __le32_to_cpu(notif->time_from_last_iter)); 1895 1896 if (notif->ebs_status != IWL_SCAN_EBS_SUCCESS && 1897 notif->ebs_status != IWL_SCAN_EBS_INACTIVE) 1898 mvm->last_ebs_successful = false; 1899 1900 mvm->scan_uid_status[uid] = 0; 1901 1902 iwl_fw_dbg_apply_point(&mvm->fwrt, IWL_FW_INI_APPLY_SCAN_COMPLETE); 1903 } 1904 1905 void iwl_mvm_rx_umac_scan_iter_complete_notif(struct iwl_mvm *mvm, 1906 struct iwl_rx_cmd_buffer *rxb) 1907 { 1908 struct iwl_rx_packet *pkt = rxb_addr(rxb); 1909 struct iwl_umac_scan_iter_complete_notif *notif = (void *)pkt->data; 1910 1911 mvm->scan_start = le64_to_cpu(notif->start_tsf); 1912 1913 IWL_DEBUG_SCAN(mvm, 1914 "UMAC Scan iteration complete: status=0x%x scanned_channels=%d\n", 1915 notif->status, notif->scanned_channels); 1916 1917 if (mvm->sched_scan_pass_all == SCHED_SCAN_PASS_ALL_FOUND) { 1918 IWL_DEBUG_SCAN(mvm, "Pass all scheduled scan results found\n"); 1919 ieee80211_sched_scan_results(mvm->hw); 1920 mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_ENABLED; 1921 } 1922 1923 IWL_DEBUG_SCAN(mvm, 1924 "UMAC Scan iteration complete: scan started at %llu (TSF)\n", 1925 mvm->scan_start); 1926 } 1927 1928 static int iwl_mvm_umac_scan_abort(struct iwl_mvm *mvm, int type) 1929 { 1930 struct iwl_umac_scan_abort cmd = {}; 1931 int uid, ret; 1932 1933 lockdep_assert_held(&mvm->mutex); 1934 1935 /* We should always get a valid index here, because we already 1936 * checked that this type of scan was running in the generic 1937 * code. 1938 */ 1939 uid = iwl_mvm_scan_uid_by_status(mvm, type); 1940 if (WARN_ON_ONCE(uid < 0)) 1941 return uid; 1942 1943 cmd.uid = cpu_to_le32(uid); 1944 1945 IWL_DEBUG_SCAN(mvm, "Sending scan abort, uid %u\n", uid); 1946 1947 ret = iwl_mvm_send_cmd_pdu(mvm, 1948 iwl_cmd_id(SCAN_ABORT_UMAC, 1949 IWL_ALWAYS_LONG_GROUP, 0), 1950 0, sizeof(cmd), &cmd); 1951 if (!ret) 1952 mvm->scan_uid_status[uid] = type << IWL_MVM_SCAN_STOPPING_SHIFT; 1953 1954 return ret; 1955 } 1956 1957 static int iwl_mvm_scan_stop_wait(struct iwl_mvm *mvm, int type) 1958 { 1959 struct iwl_notification_wait wait_scan_done; 1960 static const u16 scan_done_notif[] = { SCAN_COMPLETE_UMAC, 1961 SCAN_OFFLOAD_COMPLETE, }; 1962 int ret; 1963 1964 lockdep_assert_held(&mvm->mutex); 1965 1966 iwl_init_notification_wait(&mvm->notif_wait, &wait_scan_done, 1967 scan_done_notif, 1968 ARRAY_SIZE(scan_done_notif), 1969 NULL, NULL); 1970 1971 IWL_DEBUG_SCAN(mvm, "Preparing to stop scan, type %x\n", type); 1972 1973 if (fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_UMAC_SCAN)) 1974 ret = iwl_mvm_umac_scan_abort(mvm, type); 1975 else 1976 ret = iwl_mvm_lmac_scan_abort(mvm); 1977 1978 if (ret) { 1979 IWL_DEBUG_SCAN(mvm, "couldn't stop scan type %d\n", type); 1980 iwl_remove_notification(&mvm->notif_wait, &wait_scan_done); 1981 return ret; 1982 } 1983 1984 return iwl_wait_notification(&mvm->notif_wait, &wait_scan_done, 1985 1 * HZ); 1986 } 1987 1988 int iwl_mvm_scan_size(struct iwl_mvm *mvm) 1989 { 1990 int base_size = IWL_SCAN_REQ_UMAC_SIZE_V1; 1991 1992 if (iwl_mvm_is_adaptive_dwell_v2_supported(mvm)) 1993 base_size = IWL_SCAN_REQ_UMAC_SIZE_V8; 1994 else if (iwl_mvm_is_adaptive_dwell_supported(mvm)) 1995 base_size = IWL_SCAN_REQ_UMAC_SIZE_V7; 1996 else if (iwl_mvm_cdb_scan_api(mvm)) 1997 base_size = IWL_SCAN_REQ_UMAC_SIZE_V6; 1998 1999 if (fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_UMAC_SCAN)) 2000 return base_size + 2001 sizeof(struct iwl_scan_channel_cfg_umac) * 2002 mvm->fw->ucode_capa.n_scan_channels + 2003 sizeof(struct iwl_scan_req_umac_tail); 2004 2005 return sizeof(struct iwl_scan_req_lmac) + 2006 sizeof(struct iwl_scan_channel_cfg_lmac) * 2007 mvm->fw->ucode_capa.n_scan_channels + 2008 sizeof(struct iwl_scan_probe_req); 2009 } 2010 2011 /* 2012 * This function is used in nic restart flow, to inform mac80211 about scans 2013 * that was aborted by restart flow or by an assert. 2014 */ 2015 void iwl_mvm_report_scan_aborted(struct iwl_mvm *mvm) 2016 { 2017 if (fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_UMAC_SCAN)) { 2018 int uid, i; 2019 2020 uid = iwl_mvm_scan_uid_by_status(mvm, IWL_MVM_SCAN_REGULAR); 2021 if (uid >= 0) { 2022 struct cfg80211_scan_info info = { 2023 .aborted = true, 2024 }; 2025 2026 ieee80211_scan_completed(mvm->hw, &info); 2027 mvm->scan_uid_status[uid] = 0; 2028 } 2029 uid = iwl_mvm_scan_uid_by_status(mvm, IWL_MVM_SCAN_SCHED); 2030 if (uid >= 0 && !mvm->fw_restart) { 2031 ieee80211_sched_scan_stopped(mvm->hw); 2032 mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED; 2033 mvm->scan_uid_status[uid] = 0; 2034 } 2035 2036 /* We shouldn't have any UIDs still set. Loop over all the 2037 * UIDs to make sure there's nothing left there and warn if 2038 * any is found. 2039 */ 2040 for (i = 0; i < mvm->max_scans; i++) { 2041 if (WARN_ONCE(mvm->scan_uid_status[i], 2042 "UMAC scan UID %d status was not cleaned\n", 2043 i)) 2044 mvm->scan_uid_status[i] = 0; 2045 } 2046 } else { 2047 if (mvm->scan_status & IWL_MVM_SCAN_REGULAR) { 2048 struct cfg80211_scan_info info = { 2049 .aborted = true, 2050 }; 2051 2052 ieee80211_scan_completed(mvm->hw, &info); 2053 } 2054 2055 /* Sched scan will be restarted by mac80211 in 2056 * restart_hw, so do not report if FW is about to be 2057 * restarted. 2058 */ 2059 if ((mvm->scan_status & IWL_MVM_SCAN_SCHED) && 2060 !mvm->fw_restart) { 2061 ieee80211_sched_scan_stopped(mvm->hw); 2062 mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED; 2063 } 2064 } 2065 } 2066 2067 int iwl_mvm_scan_stop(struct iwl_mvm *mvm, int type, bool notify) 2068 { 2069 int ret; 2070 2071 if (!(mvm->scan_status & type)) 2072 return 0; 2073 2074 if (iwl_mvm_is_radio_killed(mvm)) { 2075 ret = 0; 2076 goto out; 2077 } 2078 2079 ret = iwl_mvm_scan_stop_wait(mvm, type); 2080 if (!ret) 2081 mvm->scan_status |= type << IWL_MVM_SCAN_STOPPING_SHIFT; 2082 out: 2083 /* Clear the scan status so the next scan requests will 2084 * succeed and mark the scan as stopping, so that the Rx 2085 * handler doesn't do anything, as the scan was stopped from 2086 * above. 2087 */ 2088 mvm->scan_status &= ~type; 2089 2090 if (type == IWL_MVM_SCAN_REGULAR) { 2091 /* Since the rx handler won't do anything now, we have 2092 * to release the scan reference here. 2093 */ 2094 iwl_mvm_unref(mvm, IWL_MVM_REF_SCAN); 2095 cancel_delayed_work(&mvm->scan_timeout_dwork); 2096 if (notify) { 2097 struct cfg80211_scan_info info = { 2098 .aborted = true, 2099 }; 2100 2101 ieee80211_scan_completed(mvm->hw, &info); 2102 } 2103 } else if (notify) { 2104 ieee80211_sched_scan_stopped(mvm->hw); 2105 mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED; 2106 } 2107 2108 return ret; 2109 } 2110