1 /******************************************************************************
2  *
3  * This file is provided under a dual BSD/GPLv2 license.  When using or
4  * redistributing this file, you may do so under either license.
5  *
6  * GPL LICENSE SUMMARY
7  *
8  * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved.
9  * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
10  * Copyright(c) 2016 Intel Deutschland GmbH
11  *
12  * This program is free software; you can redistribute it and/or modify
13  * it under the terms of version 2 of the GNU General Public License as
14  * published by the Free Software Foundation.
15  *
16  * This program is distributed in the hope that it will be useful, but
17  * WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
19  * General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software
23  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
24  * USA
25  *
26  * The full GNU General Public License is included in this distribution
27  * in the file called COPYING.
28  *
29  * Contact Information:
30  *  Intel Linux Wireless <linuxwifi@intel.com>
31  * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
32  *
33  * BSD LICENSE
34  *
35  * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved.
36  * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
37  * Copyright(c) 2016 Intel Deutschland GmbH
38  * All rights reserved.
39  *
40  * Redistribution and use in source and binary forms, with or without
41  * modification, are permitted provided that the following conditions
42  * are met:
43  *
44  *  * Redistributions of source code must retain the above copyright
45  *    notice, this list of conditions and the following disclaimer.
46  *  * Redistributions in binary form must reproduce the above copyright
47  *    notice, this list of conditions and the following disclaimer in
48  *    the documentation and/or other materials provided with the
49  *    distribution.
50  *  * Neither the name Intel Corporation nor the names of its
51  *    contributors may be used to endorse or promote products derived
52  *    from this software without specific prior written permission.
53  *
54  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
55  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
56  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
57  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
58  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
59  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
60  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
61  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
62  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
63  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
64  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
65  *
66  *****************************************************************************/
67 
68 #include <linux/etherdevice.h>
69 #include <net/mac80211.h>
70 
71 #include "mvm.h"
72 #include "fw-api-scan.h"
73 #include "iwl-io.h"
74 
75 #define IWL_DENSE_EBS_SCAN_RATIO 5
76 #define IWL_SPARSE_EBS_SCAN_RATIO 1
77 
78 enum iwl_mvm_traffic_load {
79 	IWL_MVM_TRAFFIC_LOW,
80 	IWL_MVM_TRAFFIC_MEDIUM,
81 	IWL_MVM_TRAFFIC_HIGH,
82 };
83 
84 struct iwl_mvm_scan_timing_params {
85 	u32 dwell_active;
86 	u32 dwell_passive;
87 	u32 dwell_fragmented;
88 	u32 dwell_extended;
89 	u32 suspend_time;
90 	u32 max_out_time;
91 };
92 
93 static struct iwl_mvm_scan_timing_params scan_timing[] = {
94 	[IWL_SCAN_TYPE_UNASSOC] = {
95 		.dwell_active = 10,
96 		.dwell_passive = 110,
97 		.dwell_fragmented = 44,
98 		.dwell_extended = 90,
99 		.suspend_time = 0,
100 		.max_out_time = 0,
101 	},
102 	[IWL_SCAN_TYPE_WILD] = {
103 		.dwell_active = 10,
104 		.dwell_passive = 110,
105 		.dwell_fragmented = 44,
106 		.dwell_extended = 90,
107 		.suspend_time = 30,
108 		.max_out_time = 120,
109 	},
110 	[IWL_SCAN_TYPE_MILD] = {
111 		.dwell_active = 10,
112 		.dwell_passive = 110,
113 		.dwell_fragmented = 44,
114 		.dwell_extended = 90,
115 		.suspend_time = 120,
116 		.max_out_time = 120,
117 	},
118 	[IWL_SCAN_TYPE_FRAGMENTED] = {
119 		.dwell_active = 10,
120 		.dwell_passive = 110,
121 		.dwell_fragmented = 44,
122 		.suspend_time = 95,
123 		.max_out_time = 44,
124 	},
125 };
126 
127 struct iwl_mvm_scan_params {
128 	enum iwl_mvm_scan_type type;
129 	u32 n_channels;
130 	u16 delay;
131 	int n_ssids;
132 	struct cfg80211_ssid *ssids;
133 	struct ieee80211_channel **channels;
134 	u32 flags;
135 	u8 *mac_addr;
136 	u8 *mac_addr_mask;
137 	bool no_cck;
138 	bool pass_all;
139 	int n_match_sets;
140 	struct iwl_scan_probe_req preq;
141 	struct cfg80211_match_set *match_sets;
142 	int n_scan_plans;
143 	struct cfg80211_sched_scan_plan *scan_plans;
144 };
145 
146 static u8 iwl_mvm_scan_rx_ant(struct iwl_mvm *mvm)
147 {
148 	if (mvm->scan_rx_ant != ANT_NONE)
149 		return mvm->scan_rx_ant;
150 	return iwl_mvm_get_valid_rx_ant(mvm);
151 }
152 
153 static inline __le16 iwl_mvm_scan_rx_chain(struct iwl_mvm *mvm)
154 {
155 	u16 rx_chain;
156 	u8 rx_ant;
157 
158 	rx_ant = iwl_mvm_scan_rx_ant(mvm);
159 	rx_chain = rx_ant << PHY_RX_CHAIN_VALID_POS;
160 	rx_chain |= rx_ant << PHY_RX_CHAIN_FORCE_MIMO_SEL_POS;
161 	rx_chain |= rx_ant << PHY_RX_CHAIN_FORCE_SEL_POS;
162 	rx_chain |= 0x1 << PHY_RX_CHAIN_DRIVER_FORCE_POS;
163 	return cpu_to_le16(rx_chain);
164 }
165 
166 static __le32 iwl_mvm_scan_rxon_flags(enum nl80211_band band)
167 {
168 	if (band == NL80211_BAND_2GHZ)
169 		return cpu_to_le32(PHY_BAND_24);
170 	else
171 		return cpu_to_le32(PHY_BAND_5);
172 }
173 
174 static inline __le32
175 iwl_mvm_scan_rate_n_flags(struct iwl_mvm *mvm, enum nl80211_band band,
176 			  bool no_cck)
177 {
178 	u32 tx_ant;
179 
180 	mvm->scan_last_antenna_idx =
181 		iwl_mvm_next_antenna(mvm, iwl_mvm_get_valid_tx_ant(mvm),
182 				     mvm->scan_last_antenna_idx);
183 	tx_ant = BIT(mvm->scan_last_antenna_idx) << RATE_MCS_ANT_POS;
184 
185 	if (band == NL80211_BAND_2GHZ && !no_cck)
186 		return cpu_to_le32(IWL_RATE_1M_PLCP | RATE_MCS_CCK_MSK |
187 				   tx_ant);
188 	else
189 		return cpu_to_le32(IWL_RATE_6M_PLCP | tx_ant);
190 }
191 
192 static void iwl_mvm_scan_condition_iterator(void *data, u8 *mac,
193 					    struct ieee80211_vif *vif)
194 {
195 	struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
196 	int *global_cnt = data;
197 
198 	if (vif->type != NL80211_IFTYPE_P2P_DEVICE && mvmvif->phy_ctxt &&
199 	    mvmvif->phy_ctxt->id < MAX_PHYS)
200 		*global_cnt += 1;
201 }
202 
203 static enum iwl_mvm_traffic_load iwl_mvm_get_traffic_load(struct iwl_mvm *mvm)
204 {
205 	return IWL_MVM_TRAFFIC_LOW;
206 }
207 
208 static enum
209 iwl_mvm_scan_type iwl_mvm_get_scan_type(struct iwl_mvm *mvm, bool p2p_device)
210 {
211 	int global_cnt = 0;
212 	enum iwl_mvm_traffic_load load;
213 	bool low_latency;
214 
215 	ieee80211_iterate_active_interfaces_atomic(mvm->hw,
216 					    IEEE80211_IFACE_ITER_NORMAL,
217 					    iwl_mvm_scan_condition_iterator,
218 					    &global_cnt);
219 	if (!global_cnt)
220 		return IWL_SCAN_TYPE_UNASSOC;
221 
222 	load = iwl_mvm_get_traffic_load(mvm);
223 	low_latency = iwl_mvm_low_latency(mvm);
224 
225 	if ((load == IWL_MVM_TRAFFIC_HIGH || low_latency) && !p2p_device &&
226 	    fw_has_api(&mvm->fw->ucode_capa, IWL_UCODE_TLV_API_FRAGMENTED_SCAN))
227 		return IWL_SCAN_TYPE_FRAGMENTED;
228 
229 	if (load >= IWL_MVM_TRAFFIC_MEDIUM || low_latency)
230 		return IWL_SCAN_TYPE_MILD;
231 
232 	return IWL_SCAN_TYPE_WILD;
233 }
234 
235 static inline bool iwl_mvm_rrm_scan_needed(struct iwl_mvm *mvm)
236 {
237 	/* require rrm scan whenever the fw supports it */
238 	return fw_has_capa(&mvm->fw->ucode_capa,
239 			   IWL_UCODE_TLV_CAPA_DS_PARAM_SET_IE_SUPPORT);
240 }
241 
242 static int iwl_mvm_max_scan_ie_fw_cmd_room(struct iwl_mvm *mvm)
243 {
244 	int max_probe_len;
245 
246 	max_probe_len = SCAN_OFFLOAD_PROBE_REQ_SIZE;
247 
248 	/* we create the 802.11 header and SSID element */
249 	max_probe_len -= 24 + 2;
250 
251 	/* DS parameter set element is added on 2.4GHZ band if required */
252 	if (iwl_mvm_rrm_scan_needed(mvm))
253 		max_probe_len -= 3;
254 
255 	return max_probe_len;
256 }
257 
258 int iwl_mvm_max_scan_ie_len(struct iwl_mvm *mvm)
259 {
260 	int max_ie_len = iwl_mvm_max_scan_ie_fw_cmd_room(mvm);
261 
262 	/* TODO: [BUG] This function should return the maximum allowed size of
263 	 * scan IEs, however the LMAC scan api contains both 2GHZ and 5GHZ IEs
264 	 * in the same command. So the correct implementation of this function
265 	 * is just iwl_mvm_max_scan_ie_fw_cmd_room() / 2. Currently the scan
266 	 * command has only 512 bytes and it would leave us with about 240
267 	 * bytes for scan IEs, which is clearly not enough. So meanwhile
268 	 * we will report an incorrect value. This may result in a failure to
269 	 * issue a scan in unified_scan_lmac and unified_sched_scan_lmac
270 	 * functions with -ENOBUFS, if a large enough probe will be provided.
271 	 */
272 	return max_ie_len;
273 }
274 
275 static u8 *iwl_mvm_dump_channel_list(struct iwl_scan_results_notif *res,
276 				     int num_res, u8 *buf, size_t buf_size)
277 {
278 	int i;
279 	u8 *pos = buf, *end = buf + buf_size;
280 
281 	for (i = 0; pos < end && i < num_res; i++)
282 		pos += snprintf(pos, end - pos, " %u", res[i].channel);
283 
284 	/* terminate the string in case the buffer was too short */
285 	*(buf + buf_size - 1) = '\0';
286 
287 	return buf;
288 }
289 
290 void iwl_mvm_rx_lmac_scan_iter_complete_notif(struct iwl_mvm *mvm,
291 					      struct iwl_rx_cmd_buffer *rxb)
292 {
293 	struct iwl_rx_packet *pkt = rxb_addr(rxb);
294 	struct iwl_lmac_scan_complete_notif *notif = (void *)pkt->data;
295 	u8 buf[256];
296 
297 	IWL_DEBUG_SCAN(mvm,
298 		       "Scan offload iteration complete: status=0x%x scanned channels=%d channels list: %s\n",
299 		       notif->status, notif->scanned_channels,
300 		       iwl_mvm_dump_channel_list(notif->results,
301 						 notif->scanned_channels, buf,
302 						 sizeof(buf)));
303 
304 	if (mvm->sched_scan_pass_all == SCHED_SCAN_PASS_ALL_FOUND) {
305 		IWL_DEBUG_SCAN(mvm, "Pass all scheduled scan results found\n");
306 		ieee80211_sched_scan_results(mvm->hw);
307 		mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_ENABLED;
308 	}
309 }
310 
311 void iwl_mvm_rx_scan_match_found(struct iwl_mvm *mvm,
312 				 struct iwl_rx_cmd_buffer *rxb)
313 {
314 	IWL_DEBUG_SCAN(mvm, "Scheduled scan results\n");
315 	ieee80211_sched_scan_results(mvm->hw);
316 }
317 
318 static const char *iwl_mvm_ebs_status_str(enum iwl_scan_ebs_status status)
319 {
320 	switch (status) {
321 	case IWL_SCAN_EBS_SUCCESS:
322 		return "successful";
323 	case IWL_SCAN_EBS_INACTIVE:
324 		return "inactive";
325 	case IWL_SCAN_EBS_FAILED:
326 	case IWL_SCAN_EBS_CHAN_NOT_FOUND:
327 	default:
328 		return "failed";
329 	}
330 }
331 
332 void iwl_mvm_rx_lmac_scan_complete_notif(struct iwl_mvm *mvm,
333 					 struct iwl_rx_cmd_buffer *rxb)
334 {
335 	struct iwl_rx_packet *pkt = rxb_addr(rxb);
336 	struct iwl_periodic_scan_complete *scan_notif = (void *)pkt->data;
337 	bool aborted = (scan_notif->status == IWL_SCAN_OFFLOAD_ABORTED);
338 
339 	/* If this happens, the firmware has mistakenly sent an LMAC
340 	 * notification during UMAC scans -- warn and ignore it.
341 	 */
342 	if (WARN_ON_ONCE(fw_has_capa(&mvm->fw->ucode_capa,
343 				     IWL_UCODE_TLV_CAPA_UMAC_SCAN)))
344 		return;
345 
346 	/* scan status must be locked for proper checking */
347 	lockdep_assert_held(&mvm->mutex);
348 
349 	/* We first check if we were stopping a scan, in which case we
350 	 * just clear the stopping flag.  Then we check if it was a
351 	 * firmware initiated stop, in which case we need to inform
352 	 * mac80211.
353 	 * Note that we can have a stopping and a running scan
354 	 * simultaneously, but we can't have two different types of
355 	 * scans stopping or running at the same time (since LMAC
356 	 * doesn't support it).
357 	 */
358 
359 	if (mvm->scan_status & IWL_MVM_SCAN_STOPPING_SCHED) {
360 		WARN_ON_ONCE(mvm->scan_status & IWL_MVM_SCAN_STOPPING_REGULAR);
361 
362 		IWL_DEBUG_SCAN(mvm, "Scheduled scan %s, EBS status %s\n",
363 			       aborted ? "aborted" : "completed",
364 			       iwl_mvm_ebs_status_str(scan_notif->ebs_status));
365 		IWL_DEBUG_SCAN(mvm,
366 			       "Last line %d, Last iteration %d, Time after last iteration %d\n",
367 			       scan_notif->last_schedule_line,
368 			       scan_notif->last_schedule_iteration,
369 			       __le32_to_cpu(scan_notif->time_after_last_iter));
370 
371 		mvm->scan_status &= ~IWL_MVM_SCAN_STOPPING_SCHED;
372 	} else if (mvm->scan_status & IWL_MVM_SCAN_STOPPING_REGULAR) {
373 		IWL_DEBUG_SCAN(mvm, "Regular scan %s, EBS status %s\n",
374 			       aborted ? "aborted" : "completed",
375 			       iwl_mvm_ebs_status_str(scan_notif->ebs_status));
376 
377 		mvm->scan_status &= ~IWL_MVM_SCAN_STOPPING_REGULAR;
378 	} else if (mvm->scan_status & IWL_MVM_SCAN_SCHED) {
379 		WARN_ON_ONCE(mvm->scan_status & IWL_MVM_SCAN_REGULAR);
380 
381 		IWL_DEBUG_SCAN(mvm, "Scheduled scan %s, EBS status %s\n",
382 			       aborted ? "aborted" : "completed",
383 			       iwl_mvm_ebs_status_str(scan_notif->ebs_status));
384 		IWL_DEBUG_SCAN(mvm,
385 			       "Last line %d, Last iteration %d, Time after last iteration %d (FW)\n",
386 			       scan_notif->last_schedule_line,
387 			       scan_notif->last_schedule_iteration,
388 			       __le32_to_cpu(scan_notif->time_after_last_iter));
389 
390 		mvm->scan_status &= ~IWL_MVM_SCAN_SCHED;
391 		ieee80211_sched_scan_stopped(mvm->hw);
392 		mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED;
393 	} else if (mvm->scan_status & IWL_MVM_SCAN_REGULAR) {
394 		IWL_DEBUG_SCAN(mvm, "Regular scan %s, EBS status %s (FW)\n",
395 			       aborted ? "aborted" : "completed",
396 			       iwl_mvm_ebs_status_str(scan_notif->ebs_status));
397 
398 		mvm->scan_status &= ~IWL_MVM_SCAN_REGULAR;
399 		ieee80211_scan_completed(mvm->hw,
400 				scan_notif->status == IWL_SCAN_OFFLOAD_ABORTED);
401 		iwl_mvm_unref(mvm, IWL_MVM_REF_SCAN);
402 		del_timer(&mvm->scan_timer);
403 	} else {
404 		IWL_ERR(mvm,
405 			"got scan complete notification but no scan is running\n");
406 	}
407 
408 	mvm->last_ebs_successful =
409 			scan_notif->ebs_status == IWL_SCAN_EBS_SUCCESS ||
410 			scan_notif->ebs_status == IWL_SCAN_EBS_INACTIVE;
411 }
412 
413 static int iwl_ssid_exist(u8 *ssid, u8 ssid_len, struct iwl_ssid_ie *ssid_list)
414 {
415 	int i;
416 
417 	for (i = 0; i < PROBE_OPTION_MAX; i++) {
418 		if (!ssid_list[i].len)
419 			break;
420 		if (ssid_list[i].len == ssid_len &&
421 		    !memcmp(ssid_list->ssid, ssid, ssid_len))
422 			return i;
423 	}
424 	return -1;
425 }
426 
427 /* We insert the SSIDs in an inverted order, because the FW will
428  * invert it back.
429  */
430 static void iwl_scan_build_ssids(struct iwl_mvm_scan_params *params,
431 				 struct iwl_ssid_ie *ssids,
432 				 u32 *ssid_bitmap)
433 {
434 	int i, j;
435 	int index;
436 
437 	/*
438 	 * copy SSIDs from match list.
439 	 * iwl_config_sched_scan_profiles() uses the order of these ssids to
440 	 * config match list.
441 	 */
442 	for (i = 0, j = params->n_match_sets - 1;
443 	     j >= 0 && i < PROBE_OPTION_MAX;
444 	     i++, j--) {
445 		/* skip empty SSID matchsets */
446 		if (!params->match_sets[j].ssid.ssid_len)
447 			continue;
448 		ssids[i].id = WLAN_EID_SSID;
449 		ssids[i].len = params->match_sets[j].ssid.ssid_len;
450 		memcpy(ssids[i].ssid, params->match_sets[j].ssid.ssid,
451 		       ssids[i].len);
452 	}
453 
454 	/* add SSIDs from scan SSID list */
455 	*ssid_bitmap = 0;
456 	for (j = params->n_ssids - 1;
457 	     j >= 0 && i < PROBE_OPTION_MAX;
458 	     i++, j--) {
459 		index = iwl_ssid_exist(params->ssids[j].ssid,
460 				       params->ssids[j].ssid_len,
461 				       ssids);
462 		if (index < 0) {
463 			ssids[i].id = WLAN_EID_SSID;
464 			ssids[i].len = params->ssids[j].ssid_len;
465 			memcpy(ssids[i].ssid, params->ssids[j].ssid,
466 			       ssids[i].len);
467 			*ssid_bitmap |= BIT(i);
468 		} else {
469 			*ssid_bitmap |= BIT(index);
470 		}
471 	}
472 }
473 
474 static int
475 iwl_mvm_config_sched_scan_profiles(struct iwl_mvm *mvm,
476 				   struct cfg80211_sched_scan_request *req)
477 {
478 	struct iwl_scan_offload_profile *profile;
479 	struct iwl_scan_offload_profile_cfg *profile_cfg;
480 	struct iwl_scan_offload_blacklist *blacklist;
481 	struct iwl_host_cmd cmd = {
482 		.id = SCAN_OFFLOAD_UPDATE_PROFILES_CMD,
483 		.len[1] = sizeof(*profile_cfg),
484 		.dataflags[0] = IWL_HCMD_DFL_NOCOPY,
485 		.dataflags[1] = IWL_HCMD_DFL_NOCOPY,
486 	};
487 	int blacklist_len;
488 	int i;
489 	int ret;
490 
491 	if (WARN_ON(req->n_match_sets > IWL_SCAN_MAX_PROFILES))
492 		return -EIO;
493 
494 	if (mvm->fw->ucode_capa.flags & IWL_UCODE_TLV_FLAGS_SHORT_BL)
495 		blacklist_len = IWL_SCAN_SHORT_BLACKLIST_LEN;
496 	else
497 		blacklist_len = IWL_SCAN_MAX_BLACKLIST_LEN;
498 
499 	blacklist = kzalloc(sizeof(*blacklist) * blacklist_len, GFP_KERNEL);
500 	if (!blacklist)
501 		return -ENOMEM;
502 
503 	profile_cfg = kzalloc(sizeof(*profile_cfg), GFP_KERNEL);
504 	if (!profile_cfg) {
505 		ret = -ENOMEM;
506 		goto free_blacklist;
507 	}
508 
509 	cmd.data[0] = blacklist;
510 	cmd.len[0] = sizeof(*blacklist) * blacklist_len;
511 	cmd.data[1] = profile_cfg;
512 
513 	/* No blacklist configuration */
514 
515 	profile_cfg->num_profiles = req->n_match_sets;
516 	profile_cfg->active_clients = SCAN_CLIENT_SCHED_SCAN;
517 	profile_cfg->pass_match = SCAN_CLIENT_SCHED_SCAN;
518 	profile_cfg->match_notify = SCAN_CLIENT_SCHED_SCAN;
519 	if (!req->n_match_sets || !req->match_sets[0].ssid.ssid_len)
520 		profile_cfg->any_beacon_notify = SCAN_CLIENT_SCHED_SCAN;
521 
522 	for (i = 0; i < req->n_match_sets; i++) {
523 		profile = &profile_cfg->profiles[i];
524 		profile->ssid_index = i;
525 		/* Support any cipher and auth algorithm */
526 		profile->unicast_cipher = 0xff;
527 		profile->auth_alg = 0xff;
528 		profile->network_type = IWL_NETWORK_TYPE_ANY;
529 		profile->band_selection = IWL_SCAN_OFFLOAD_SELECT_ANY;
530 		profile->client_bitmap = SCAN_CLIENT_SCHED_SCAN;
531 	}
532 
533 	IWL_DEBUG_SCAN(mvm, "Sending scheduled scan profile config\n");
534 
535 	ret = iwl_mvm_send_cmd(mvm, &cmd);
536 	kfree(profile_cfg);
537 free_blacklist:
538 	kfree(blacklist);
539 
540 	return ret;
541 }
542 
543 static bool iwl_mvm_scan_pass_all(struct iwl_mvm *mvm,
544 				  struct cfg80211_sched_scan_request *req)
545 {
546 	if (req->n_match_sets && req->match_sets[0].ssid.ssid_len) {
547 		IWL_DEBUG_SCAN(mvm,
548 			       "Sending scheduled scan with filtering, n_match_sets %d\n",
549 			       req->n_match_sets);
550 		mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED;
551 		return false;
552 	}
553 
554 	IWL_DEBUG_SCAN(mvm, "Sending Scheduled scan without filtering\n");
555 
556 	mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_ENABLED;
557 	return true;
558 }
559 
560 static int iwl_mvm_lmac_scan_abort(struct iwl_mvm *mvm)
561 {
562 	int ret;
563 	struct iwl_host_cmd cmd = {
564 		.id = SCAN_OFFLOAD_ABORT_CMD,
565 	};
566 	u32 status;
567 
568 	ret = iwl_mvm_send_cmd_status(mvm, &cmd, &status);
569 	if (ret)
570 		return ret;
571 
572 	if (status != CAN_ABORT_STATUS) {
573 		/*
574 		 * The scan abort will return 1 for success or
575 		 * 2 for "failure".  A failure condition can be
576 		 * due to simply not being in an active scan which
577 		 * can occur if we send the scan abort before the
578 		 * microcode has notified us that a scan is completed.
579 		 */
580 		IWL_DEBUG_SCAN(mvm, "SCAN OFFLOAD ABORT ret %d.\n", status);
581 		ret = -ENOENT;
582 	}
583 
584 	return ret;
585 }
586 
587 static void iwl_mvm_scan_fill_tx_cmd(struct iwl_mvm *mvm,
588 				     struct iwl_scan_req_tx_cmd *tx_cmd,
589 				     bool no_cck)
590 {
591 	tx_cmd[0].tx_flags = cpu_to_le32(TX_CMD_FLG_SEQ_CTL |
592 					 TX_CMD_FLG_BT_DIS);
593 	tx_cmd[0].rate_n_flags = iwl_mvm_scan_rate_n_flags(mvm,
594 							   NL80211_BAND_2GHZ,
595 							   no_cck);
596 	tx_cmd[0].sta_id = mvm->aux_sta.sta_id;
597 
598 	tx_cmd[1].tx_flags = cpu_to_le32(TX_CMD_FLG_SEQ_CTL |
599 					 TX_CMD_FLG_BT_DIS);
600 	tx_cmd[1].rate_n_flags = iwl_mvm_scan_rate_n_flags(mvm,
601 							   NL80211_BAND_5GHZ,
602 							   no_cck);
603 	tx_cmd[1].sta_id = mvm->aux_sta.sta_id;
604 }
605 
606 static void
607 iwl_mvm_lmac_scan_cfg_channels(struct iwl_mvm *mvm,
608 			       struct ieee80211_channel **channels,
609 			       int n_channels, u32 ssid_bitmap,
610 			       struct iwl_scan_req_lmac *cmd)
611 {
612 	struct iwl_scan_channel_cfg_lmac *channel_cfg = (void *)&cmd->data;
613 	int i;
614 
615 	for (i = 0; i < n_channels; i++) {
616 		channel_cfg[i].channel_num =
617 			cpu_to_le16(channels[i]->hw_value);
618 		channel_cfg[i].iter_count = cpu_to_le16(1);
619 		channel_cfg[i].iter_interval = 0;
620 		channel_cfg[i].flags =
621 			cpu_to_le32(IWL_UNIFIED_SCAN_CHANNEL_PARTIAL |
622 				    ssid_bitmap);
623 	}
624 }
625 
626 static u8 *iwl_mvm_copy_and_insert_ds_elem(struct iwl_mvm *mvm, const u8 *ies,
627 					   size_t len, u8 *const pos)
628 {
629 	static const u8 before_ds_params[] = {
630 			WLAN_EID_SSID,
631 			WLAN_EID_SUPP_RATES,
632 			WLAN_EID_REQUEST,
633 			WLAN_EID_EXT_SUPP_RATES,
634 	};
635 	size_t offs;
636 	u8 *newpos = pos;
637 
638 	if (!iwl_mvm_rrm_scan_needed(mvm)) {
639 		memcpy(newpos, ies, len);
640 		return newpos + len;
641 	}
642 
643 	offs = ieee80211_ie_split(ies, len,
644 				  before_ds_params,
645 				  ARRAY_SIZE(before_ds_params),
646 				  0);
647 
648 	memcpy(newpos, ies, offs);
649 	newpos += offs;
650 
651 	/* Add a placeholder for DS Parameter Set element */
652 	*newpos++ = WLAN_EID_DS_PARAMS;
653 	*newpos++ = 1;
654 	*newpos++ = 0;
655 
656 	memcpy(newpos, ies + offs, len - offs);
657 	newpos += len - offs;
658 
659 	return newpos;
660 }
661 
662 static void
663 iwl_mvm_build_scan_probe(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
664 			 struct ieee80211_scan_ies *ies,
665 			 struct iwl_mvm_scan_params *params)
666 {
667 	struct ieee80211_mgmt *frame = (void *)params->preq.buf;
668 	u8 *pos, *newpos;
669 	const u8 *mac_addr = params->flags & NL80211_SCAN_FLAG_RANDOM_ADDR ?
670 		params->mac_addr : NULL;
671 
672 	/*
673 	 * Unfortunately, right now the offload scan doesn't support randomising
674 	 * within the firmware, so until the firmware API is ready we implement
675 	 * it in the driver. This means that the scan iterations won't really be
676 	 * random, only when it's restarted, but at least that helps a bit.
677 	 */
678 	if (mac_addr)
679 		get_random_mask_addr(frame->sa, mac_addr,
680 				     params->mac_addr_mask);
681 	else
682 		memcpy(frame->sa, vif->addr, ETH_ALEN);
683 
684 	frame->frame_control = cpu_to_le16(IEEE80211_STYPE_PROBE_REQ);
685 	eth_broadcast_addr(frame->da);
686 	eth_broadcast_addr(frame->bssid);
687 	frame->seq_ctrl = 0;
688 
689 	pos = frame->u.probe_req.variable;
690 	*pos++ = WLAN_EID_SSID;
691 	*pos++ = 0;
692 
693 	params->preq.mac_header.offset = 0;
694 	params->preq.mac_header.len = cpu_to_le16(24 + 2);
695 
696 	/* Insert ds parameter set element on 2.4 GHz band */
697 	newpos = iwl_mvm_copy_and_insert_ds_elem(mvm,
698 						 ies->ies[NL80211_BAND_2GHZ],
699 						 ies->len[NL80211_BAND_2GHZ],
700 						 pos);
701 	params->preq.band_data[0].offset = cpu_to_le16(pos - params->preq.buf);
702 	params->preq.band_data[0].len = cpu_to_le16(newpos - pos);
703 	pos = newpos;
704 
705 	memcpy(pos, ies->ies[NL80211_BAND_5GHZ],
706 	       ies->len[NL80211_BAND_5GHZ]);
707 	params->preq.band_data[1].offset = cpu_to_le16(pos - params->preq.buf);
708 	params->preq.band_data[1].len =
709 		cpu_to_le16(ies->len[NL80211_BAND_5GHZ]);
710 	pos += ies->len[NL80211_BAND_5GHZ];
711 
712 	memcpy(pos, ies->common_ies, ies->common_ie_len);
713 	params->preq.common_data.offset = cpu_to_le16(pos - params->preq.buf);
714 	params->preq.common_data.len = cpu_to_le16(ies->common_ie_len);
715 }
716 
717 static __le32 iwl_mvm_scan_priority(struct iwl_mvm *mvm,
718 				    enum iwl_scan_priority_ext prio)
719 {
720 	if (fw_has_api(&mvm->fw->ucode_capa,
721 		       IWL_UCODE_TLV_API_EXT_SCAN_PRIORITY))
722 		return cpu_to_le32(prio);
723 
724 	if (prio <= IWL_SCAN_PRIORITY_EXT_2)
725 		return cpu_to_le32(IWL_SCAN_PRIORITY_LOW);
726 
727 	if (prio <= IWL_SCAN_PRIORITY_EXT_4)
728 		return cpu_to_le32(IWL_SCAN_PRIORITY_MEDIUM);
729 
730 	return cpu_to_le32(IWL_SCAN_PRIORITY_HIGH);
731 }
732 
733 static void iwl_mvm_scan_lmac_dwell(struct iwl_mvm *mvm,
734 				    struct iwl_scan_req_lmac *cmd,
735 				    struct iwl_mvm_scan_params *params)
736 {
737 	cmd->active_dwell = scan_timing[params->type].dwell_active;
738 	cmd->passive_dwell = scan_timing[params->type].dwell_passive;
739 	cmd->fragmented_dwell = scan_timing[params->type].dwell_fragmented;
740 	cmd->extended_dwell = scan_timing[params->type].dwell_extended;
741 	cmd->max_out_time = cpu_to_le32(scan_timing[params->type].max_out_time);
742 	cmd->suspend_time = cpu_to_le32(scan_timing[params->type].suspend_time);
743 	cmd->scan_prio = iwl_mvm_scan_priority(mvm, IWL_SCAN_PRIORITY_EXT_6);
744 }
745 
746 static inline bool iwl_mvm_scan_fits(struct iwl_mvm *mvm, int n_ssids,
747 				     struct ieee80211_scan_ies *ies,
748 				     int n_channels)
749 {
750 	return ((n_ssids <= PROBE_OPTION_MAX) &&
751 		(n_channels <= mvm->fw->ucode_capa.n_scan_channels) &
752 		(ies->common_ie_len +
753 		 ies->len[NL80211_BAND_2GHZ] +
754 		 ies->len[NL80211_BAND_5GHZ] <=
755 		 iwl_mvm_max_scan_ie_fw_cmd_room(mvm)));
756 }
757 
758 static inline bool iwl_mvm_scan_use_ebs(struct iwl_mvm *mvm,
759 					struct ieee80211_vif *vif)
760 {
761 	const struct iwl_ucode_capabilities *capa = &mvm->fw->ucode_capa;
762 
763 	/* We can only use EBS if:
764 	 *	1. the feature is supported;
765 	 *	2. the last EBS was successful;
766 	 *	3. if only single scan, the single scan EBS API is supported;
767 	 *	4. it's not a p2p find operation.
768 	 */
769 	return ((capa->flags & IWL_UCODE_TLV_FLAGS_EBS_SUPPORT) &&
770 		mvm->last_ebs_successful &&
771 		vif->type != NL80211_IFTYPE_P2P_DEVICE);
772 }
773 
774 static inline bool iwl_mvm_is_regular_scan(struct iwl_mvm_scan_params *params)
775 {
776 	return params->n_scan_plans == 1 &&
777 		params->scan_plans[0].iterations == 1;
778 }
779 
780 static int iwl_mvm_scan_lmac_flags(struct iwl_mvm *mvm,
781 				   struct iwl_mvm_scan_params *params,
782 				   struct ieee80211_vif *vif)
783 {
784 	int flags = 0;
785 
786 	if (params->n_ssids == 0)
787 		flags |= IWL_MVM_LMAC_SCAN_FLAG_PASSIVE;
788 
789 	if (params->n_ssids == 1 && params->ssids[0].ssid_len != 0)
790 		flags |= IWL_MVM_LMAC_SCAN_FLAG_PRE_CONNECTION;
791 
792 	if (params->type == IWL_SCAN_TYPE_FRAGMENTED)
793 		flags |= IWL_MVM_LMAC_SCAN_FLAG_FRAGMENTED;
794 
795 	if (iwl_mvm_rrm_scan_needed(mvm))
796 		flags |= IWL_MVM_LMAC_SCAN_FLAGS_RRM_ENABLED;
797 
798 	if (params->pass_all)
799 		flags |= IWL_MVM_LMAC_SCAN_FLAG_PASS_ALL;
800 	else
801 		flags |= IWL_MVM_LMAC_SCAN_FLAG_MATCH;
802 
803 #ifdef CONFIG_IWLWIFI_DEBUGFS
804 	if (mvm->scan_iter_notif_enabled)
805 		flags |= IWL_MVM_LMAC_SCAN_FLAG_ITER_COMPLETE;
806 #endif
807 
808 	if (mvm->sched_scan_pass_all == SCHED_SCAN_PASS_ALL_ENABLED)
809 		flags |= IWL_MVM_LMAC_SCAN_FLAG_ITER_COMPLETE;
810 
811 	if (iwl_mvm_is_regular_scan(params) &&
812 	    vif->type != NL80211_IFTYPE_P2P_DEVICE &&
813 	    params->type != IWL_SCAN_TYPE_FRAGMENTED)
814 		flags |= IWL_MVM_LMAC_SCAN_FLAG_EXTENDED_DWELL;
815 
816 	return flags;
817 }
818 
819 static int iwl_mvm_scan_lmac(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
820 			     struct iwl_mvm_scan_params *params)
821 {
822 	struct iwl_scan_req_lmac *cmd = mvm->scan_cmd;
823 	struct iwl_scan_probe_req *preq =
824 		(void *)(cmd->data + sizeof(struct iwl_scan_channel_cfg_lmac) *
825 			 mvm->fw->ucode_capa.n_scan_channels);
826 	u32 ssid_bitmap = 0;
827 	int i;
828 
829 	lockdep_assert_held(&mvm->mutex);
830 
831 	memset(cmd, 0, ksize(cmd));
832 
833 	if (WARN_ON(params->n_scan_plans > IWL_MAX_SCHED_SCAN_PLANS))
834 		return -EINVAL;
835 
836 	iwl_mvm_scan_lmac_dwell(mvm, cmd, params);
837 
838 	cmd->rx_chain_select = iwl_mvm_scan_rx_chain(mvm);
839 	cmd->iter_num = cpu_to_le32(1);
840 	cmd->n_channels = (u8)params->n_channels;
841 
842 	cmd->delay = cpu_to_le32(params->delay);
843 
844 	cmd->scan_flags = cpu_to_le32(iwl_mvm_scan_lmac_flags(mvm, params,
845 							      vif));
846 
847 	cmd->flags = iwl_mvm_scan_rxon_flags(params->channels[0]->band);
848 	cmd->filter_flags = cpu_to_le32(MAC_FILTER_ACCEPT_GRP |
849 					MAC_FILTER_IN_BEACON);
850 	iwl_mvm_scan_fill_tx_cmd(mvm, cmd->tx_cmd, params->no_cck);
851 	iwl_scan_build_ssids(params, cmd->direct_scan, &ssid_bitmap);
852 
853 	/* this API uses bits 1-20 instead of 0-19 */
854 	ssid_bitmap <<= 1;
855 
856 	for (i = 0; i < params->n_scan_plans; i++) {
857 		struct cfg80211_sched_scan_plan *scan_plan =
858 			&params->scan_plans[i];
859 
860 		cmd->schedule[i].delay =
861 			cpu_to_le16(scan_plan->interval);
862 		cmd->schedule[i].iterations = scan_plan->iterations;
863 		cmd->schedule[i].full_scan_mul = 1;
864 	}
865 
866 	/*
867 	 * If the number of iterations of the last scan plan is set to
868 	 * zero, it should run infinitely. However, this is not always the case.
869 	 * For example, when regular scan is requested the driver sets one scan
870 	 * plan with one iteration.
871 	 */
872 	if (!cmd->schedule[i - 1].iterations)
873 		cmd->schedule[i - 1].iterations = 0xff;
874 
875 	if (iwl_mvm_scan_use_ebs(mvm, vif)) {
876 		cmd->channel_opt[0].flags =
877 			cpu_to_le16(IWL_SCAN_CHANNEL_FLAG_EBS |
878 				    IWL_SCAN_CHANNEL_FLAG_EBS_ACCURATE |
879 				    IWL_SCAN_CHANNEL_FLAG_CACHE_ADD);
880 		cmd->channel_opt[0].non_ebs_ratio =
881 			cpu_to_le16(IWL_DENSE_EBS_SCAN_RATIO);
882 		cmd->channel_opt[1].flags =
883 			cpu_to_le16(IWL_SCAN_CHANNEL_FLAG_EBS |
884 				    IWL_SCAN_CHANNEL_FLAG_EBS_ACCURATE |
885 				    IWL_SCAN_CHANNEL_FLAG_CACHE_ADD);
886 		cmd->channel_opt[1].non_ebs_ratio =
887 			cpu_to_le16(IWL_SPARSE_EBS_SCAN_RATIO);
888 	}
889 
890 	iwl_mvm_lmac_scan_cfg_channels(mvm, params->channels,
891 				       params->n_channels, ssid_bitmap, cmd);
892 
893 	*preq = params->preq;
894 
895 	return 0;
896 }
897 
898 static int rate_to_scan_rate_flag(unsigned int rate)
899 {
900 	static const int rate_to_scan_rate[IWL_RATE_COUNT] = {
901 		[IWL_RATE_1M_INDEX]	= SCAN_CONFIG_RATE_1M,
902 		[IWL_RATE_2M_INDEX]	= SCAN_CONFIG_RATE_2M,
903 		[IWL_RATE_5M_INDEX]	= SCAN_CONFIG_RATE_5M,
904 		[IWL_RATE_11M_INDEX]	= SCAN_CONFIG_RATE_11M,
905 		[IWL_RATE_6M_INDEX]	= SCAN_CONFIG_RATE_6M,
906 		[IWL_RATE_9M_INDEX]	= SCAN_CONFIG_RATE_9M,
907 		[IWL_RATE_12M_INDEX]	= SCAN_CONFIG_RATE_12M,
908 		[IWL_RATE_18M_INDEX]	= SCAN_CONFIG_RATE_18M,
909 		[IWL_RATE_24M_INDEX]	= SCAN_CONFIG_RATE_24M,
910 		[IWL_RATE_36M_INDEX]	= SCAN_CONFIG_RATE_36M,
911 		[IWL_RATE_48M_INDEX]	= SCAN_CONFIG_RATE_48M,
912 		[IWL_RATE_54M_INDEX]	= SCAN_CONFIG_RATE_54M,
913 	};
914 
915 	return rate_to_scan_rate[rate];
916 }
917 
918 static __le32 iwl_mvm_scan_config_rates(struct iwl_mvm *mvm)
919 {
920 	struct ieee80211_supported_band *band;
921 	unsigned int rates = 0;
922 	int i;
923 
924 	band = &mvm->nvm_data->bands[NL80211_BAND_2GHZ];
925 	for (i = 0; i < band->n_bitrates; i++)
926 		rates |= rate_to_scan_rate_flag(band->bitrates[i].hw_value);
927 	band = &mvm->nvm_data->bands[NL80211_BAND_5GHZ];
928 	for (i = 0; i < band->n_bitrates; i++)
929 		rates |= rate_to_scan_rate_flag(band->bitrates[i].hw_value);
930 
931 	/* Set both basic rates and supported rates */
932 	rates |= SCAN_CONFIG_SUPPORTED_RATE(rates);
933 
934 	return cpu_to_le32(rates);
935 }
936 
937 int iwl_mvm_config_scan(struct iwl_mvm *mvm)
938 {
939 	struct iwl_scan_config *scan_config;
940 	struct ieee80211_supported_band *band;
941 	int num_channels =
942 		mvm->nvm_data->bands[NL80211_BAND_2GHZ].n_channels +
943 		mvm->nvm_data->bands[NL80211_BAND_5GHZ].n_channels;
944 	int ret, i, j = 0, cmd_size;
945 	struct iwl_host_cmd cmd = {
946 		.id = iwl_cmd_id(SCAN_CFG_CMD, IWL_ALWAYS_LONG_GROUP, 0),
947 	};
948 	enum iwl_mvm_scan_type type = iwl_mvm_get_scan_type(mvm, false);
949 
950 	if (WARN_ON(num_channels > mvm->fw->ucode_capa.n_scan_channels))
951 		return -ENOBUFS;
952 
953 	if (type == mvm->scan_type) {
954 		IWL_DEBUG_SCAN(mvm,
955 			       "Ignoring UMAC scan config of the same type\n");
956 		return 0;
957 	}
958 
959 	cmd_size = sizeof(*scan_config) + mvm->fw->ucode_capa.n_scan_channels;
960 
961 	scan_config = kzalloc(cmd_size, GFP_KERNEL);
962 	if (!scan_config)
963 		return -ENOMEM;
964 
965 	scan_config->flags = cpu_to_le32(SCAN_CONFIG_FLAG_ACTIVATE |
966 					 SCAN_CONFIG_FLAG_ALLOW_CHUB_REQS |
967 					 SCAN_CONFIG_FLAG_SET_TX_CHAINS |
968 					 SCAN_CONFIG_FLAG_SET_RX_CHAINS |
969 					 SCAN_CONFIG_FLAG_SET_AUX_STA_ID |
970 					 SCAN_CONFIG_FLAG_SET_ALL_TIMES |
971 					 SCAN_CONFIG_FLAG_SET_LEGACY_RATES |
972 					 SCAN_CONFIG_FLAG_SET_MAC_ADDR |
973 					 SCAN_CONFIG_FLAG_SET_CHANNEL_FLAGS|
974 					 SCAN_CONFIG_N_CHANNELS(num_channels) |
975 					 (type == IWL_SCAN_TYPE_FRAGMENTED ?
976 					  SCAN_CONFIG_FLAG_SET_FRAGMENTED :
977 					  SCAN_CONFIG_FLAG_CLEAR_FRAGMENTED));
978 	scan_config->tx_chains = cpu_to_le32(iwl_mvm_get_valid_tx_ant(mvm));
979 	scan_config->rx_chains = cpu_to_le32(iwl_mvm_scan_rx_ant(mvm));
980 	scan_config->legacy_rates = iwl_mvm_scan_config_rates(mvm);
981 	scan_config->out_of_channel_time =
982 		cpu_to_le32(scan_timing[type].max_out_time);
983 	scan_config->suspend_time = cpu_to_le32(scan_timing[type].suspend_time);
984 	scan_config->dwell_active = scan_timing[type].dwell_active;
985 	scan_config->dwell_passive = scan_timing[type].dwell_passive;
986 	scan_config->dwell_fragmented = scan_timing[type].dwell_fragmented;
987 	scan_config->dwell_extended = scan_timing[type].dwell_extended;
988 
989 	memcpy(&scan_config->mac_addr, &mvm->addresses[0].addr, ETH_ALEN);
990 
991 	scan_config->bcast_sta_id = mvm->aux_sta.sta_id;
992 	scan_config->channel_flags = IWL_CHANNEL_FLAG_EBS |
993 				     IWL_CHANNEL_FLAG_ACCURATE_EBS |
994 				     IWL_CHANNEL_FLAG_EBS_ADD |
995 				     IWL_CHANNEL_FLAG_PRE_SCAN_PASSIVE2ACTIVE;
996 
997 	band = &mvm->nvm_data->bands[NL80211_BAND_2GHZ];
998 	for (i = 0; i < band->n_channels; i++, j++)
999 		scan_config->channel_array[j] = band->channels[i].hw_value;
1000 	band = &mvm->nvm_data->bands[NL80211_BAND_5GHZ];
1001 	for (i = 0; i < band->n_channels; i++, j++)
1002 		scan_config->channel_array[j] = band->channels[i].hw_value;
1003 
1004 	cmd.data[0] = scan_config;
1005 	cmd.len[0] = cmd_size;
1006 	cmd.dataflags[0] = IWL_HCMD_DFL_NOCOPY;
1007 
1008 	IWL_DEBUG_SCAN(mvm, "Sending UMAC scan config\n");
1009 
1010 	ret = iwl_mvm_send_cmd(mvm, &cmd);
1011 	if (!ret)
1012 		mvm->scan_type = type;
1013 
1014 	kfree(scan_config);
1015 	return ret;
1016 }
1017 
1018 static int iwl_mvm_scan_uid_by_status(struct iwl_mvm *mvm, int status)
1019 {
1020 	int i;
1021 
1022 	for (i = 0; i < mvm->max_scans; i++)
1023 		if (mvm->scan_uid_status[i] == status)
1024 			return i;
1025 
1026 	return -ENOENT;
1027 }
1028 
1029 static void iwl_mvm_scan_umac_dwell(struct iwl_mvm *mvm,
1030 				    struct iwl_scan_req_umac *cmd,
1031 				    struct iwl_mvm_scan_params *params)
1032 {
1033 	cmd->extended_dwell = scan_timing[params->type].dwell_extended;
1034 	cmd->active_dwell = scan_timing[params->type].dwell_active;
1035 	cmd->passive_dwell = scan_timing[params->type].dwell_passive;
1036 	cmd->fragmented_dwell = scan_timing[params->type].dwell_fragmented;
1037 	cmd->max_out_time = cpu_to_le32(scan_timing[params->type].max_out_time);
1038 	cmd->suspend_time = cpu_to_le32(scan_timing[params->type].suspend_time);
1039 	cmd->scan_priority =
1040 		iwl_mvm_scan_priority(mvm, IWL_SCAN_PRIORITY_EXT_6);
1041 
1042 	if (iwl_mvm_is_regular_scan(params))
1043 		cmd->ooc_priority =
1044 			iwl_mvm_scan_priority(mvm, IWL_SCAN_PRIORITY_EXT_6);
1045 	else
1046 		cmd->ooc_priority =
1047 			iwl_mvm_scan_priority(mvm, IWL_SCAN_PRIORITY_EXT_2);
1048 }
1049 
1050 static void
1051 iwl_mvm_umac_scan_cfg_channels(struct iwl_mvm *mvm,
1052 			       struct ieee80211_channel **channels,
1053 			       int n_channels, u32 ssid_bitmap,
1054 			       struct iwl_scan_req_umac *cmd)
1055 {
1056 	struct iwl_scan_channel_cfg_umac *channel_cfg = (void *)&cmd->data;
1057 	int i;
1058 
1059 	for (i = 0; i < n_channels; i++) {
1060 		channel_cfg[i].flags = cpu_to_le32(ssid_bitmap);
1061 		channel_cfg[i].channel_num = channels[i]->hw_value;
1062 		channel_cfg[i].iter_count = 1;
1063 		channel_cfg[i].iter_interval = 0;
1064 	}
1065 }
1066 
1067 static u32 iwl_mvm_scan_umac_flags(struct iwl_mvm *mvm,
1068 				   struct iwl_mvm_scan_params *params,
1069 				   struct ieee80211_vif *vif)
1070 {
1071 	int flags = 0;
1072 
1073 	if (params->n_ssids == 0)
1074 		flags = IWL_UMAC_SCAN_GEN_FLAGS_PASSIVE;
1075 
1076 	if (params->n_ssids == 1 && params->ssids[0].ssid_len != 0)
1077 		flags |= IWL_UMAC_SCAN_GEN_FLAGS_PRE_CONNECT;
1078 
1079 	if (params->type == IWL_SCAN_TYPE_FRAGMENTED)
1080 		flags |= IWL_UMAC_SCAN_GEN_FLAGS_FRAGMENTED;
1081 
1082 	if (iwl_mvm_rrm_scan_needed(mvm))
1083 		flags |= IWL_UMAC_SCAN_GEN_FLAGS_RRM_ENABLED;
1084 
1085 	if (params->pass_all)
1086 		flags |= IWL_UMAC_SCAN_GEN_FLAGS_PASS_ALL;
1087 	else
1088 		flags |= IWL_UMAC_SCAN_GEN_FLAGS_MATCH;
1089 
1090 	if (!iwl_mvm_is_regular_scan(params))
1091 		flags |= IWL_UMAC_SCAN_GEN_FLAGS_PERIODIC;
1092 
1093 #ifdef CONFIG_IWLWIFI_DEBUGFS
1094 	if (mvm->scan_iter_notif_enabled)
1095 		flags |= IWL_UMAC_SCAN_GEN_FLAGS_ITER_COMPLETE;
1096 #endif
1097 
1098 	if (mvm->sched_scan_pass_all == SCHED_SCAN_PASS_ALL_ENABLED)
1099 		flags |= IWL_UMAC_SCAN_GEN_FLAGS_ITER_COMPLETE;
1100 
1101 	if (iwl_mvm_is_regular_scan(params) &&
1102 	    vif->type != NL80211_IFTYPE_P2P_DEVICE &&
1103 	    params->type != IWL_SCAN_TYPE_FRAGMENTED)
1104 		flags |= IWL_UMAC_SCAN_GEN_FLAGS_EXTENDED_DWELL;
1105 
1106 	return flags;
1107 }
1108 
1109 static int iwl_mvm_scan_umac(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
1110 			     struct iwl_mvm_scan_params *params,
1111 			     int type)
1112 {
1113 	struct iwl_scan_req_umac *cmd = mvm->scan_cmd;
1114 	struct iwl_scan_req_umac_tail *sec_part = (void *)&cmd->data +
1115 		sizeof(struct iwl_scan_channel_cfg_umac) *
1116 			mvm->fw->ucode_capa.n_scan_channels;
1117 	int uid, i;
1118 	u32 ssid_bitmap = 0;
1119 
1120 	lockdep_assert_held(&mvm->mutex);
1121 
1122 	if (WARN_ON(params->n_scan_plans > IWL_MAX_SCHED_SCAN_PLANS))
1123 		return -EINVAL;
1124 
1125 	uid = iwl_mvm_scan_uid_by_status(mvm, 0);
1126 	if (uid < 0)
1127 		return uid;
1128 
1129 	memset(cmd, 0, ksize(cmd));
1130 
1131 	iwl_mvm_scan_umac_dwell(mvm, cmd, params);
1132 
1133 	mvm->scan_uid_status[uid] = type;
1134 
1135 	cmd->uid = cpu_to_le32(uid);
1136 	cmd->general_flags = cpu_to_le32(iwl_mvm_scan_umac_flags(mvm, params,
1137 								 vif));
1138 
1139 	if (type == IWL_MVM_SCAN_SCHED || type == IWL_MVM_SCAN_NETDETECT)
1140 		cmd->flags = cpu_to_le32(IWL_UMAC_SCAN_FLAG_PREEMPTIVE);
1141 
1142 	if (iwl_mvm_scan_use_ebs(mvm, vif))
1143 		cmd->channel_flags = IWL_SCAN_CHANNEL_FLAG_EBS |
1144 				     IWL_SCAN_CHANNEL_FLAG_EBS_ACCURATE |
1145 				     IWL_SCAN_CHANNEL_FLAG_CACHE_ADD;
1146 
1147 	cmd->n_channels = params->n_channels;
1148 
1149 	iwl_scan_build_ssids(params, sec_part->direct_scan, &ssid_bitmap);
1150 
1151 	iwl_mvm_umac_scan_cfg_channels(mvm, params->channels,
1152 				       params->n_channels, ssid_bitmap, cmd);
1153 
1154 	for (i = 0; i < params->n_scan_plans; i++) {
1155 		struct cfg80211_sched_scan_plan *scan_plan =
1156 			&params->scan_plans[i];
1157 
1158 		sec_part->schedule[i].iter_count = scan_plan->iterations;
1159 		sec_part->schedule[i].interval =
1160 			cpu_to_le16(scan_plan->interval);
1161 	}
1162 
1163 	/*
1164 	 * If the number of iterations of the last scan plan is set to
1165 	 * zero, it should run infinitely. However, this is not always the case.
1166 	 * For example, when regular scan is requested the driver sets one scan
1167 	 * plan with one iteration.
1168 	 */
1169 	if (!sec_part->schedule[i - 1].iter_count)
1170 		sec_part->schedule[i - 1].iter_count = 0xff;
1171 
1172 	sec_part->delay = cpu_to_le16(params->delay);
1173 	sec_part->preq = params->preq;
1174 
1175 	return 0;
1176 }
1177 
1178 static int iwl_mvm_num_scans(struct iwl_mvm *mvm)
1179 {
1180 	return hweight32(mvm->scan_status & IWL_MVM_SCAN_MASK);
1181 }
1182 
1183 static int iwl_mvm_check_running_scans(struct iwl_mvm *mvm, int type)
1184 {
1185 	/* This looks a bit arbitrary, but the idea is that if we run
1186 	 * out of possible simultaneous scans and the userspace is
1187 	 * trying to run a scan type that is already running, we
1188 	 * return -EBUSY.  But if the userspace wants to start a
1189 	 * different type of scan, we stop the opposite type to make
1190 	 * space for the new request.  The reason is backwards
1191 	 * compatibility with old wpa_supplicant that wouldn't stop a
1192 	 * scheduled scan before starting a normal scan.
1193 	 */
1194 
1195 	if (iwl_mvm_num_scans(mvm) < mvm->max_scans)
1196 		return 0;
1197 
1198 	/* Use a switch, even though this is a bitmask, so that more
1199 	 * than one bits set will fall in default and we will warn.
1200 	 */
1201 	switch (type) {
1202 	case IWL_MVM_SCAN_REGULAR:
1203 		if (mvm->scan_status & IWL_MVM_SCAN_REGULAR_MASK)
1204 			return -EBUSY;
1205 		return iwl_mvm_scan_stop(mvm, IWL_MVM_SCAN_SCHED, true);
1206 	case IWL_MVM_SCAN_SCHED:
1207 		if (mvm->scan_status & IWL_MVM_SCAN_SCHED_MASK)
1208 			return -EBUSY;
1209 		return iwl_mvm_scan_stop(mvm, IWL_MVM_SCAN_REGULAR, true);
1210 	case IWL_MVM_SCAN_NETDETECT:
1211 		/* No need to stop anything for net-detect since the
1212 		 * firmware is restarted anyway.  This way, any sched
1213 		 * scans that were running will be restarted when we
1214 		 * resume.
1215 		*/
1216 		return 0;
1217 	default:
1218 		WARN_ON(1);
1219 		break;
1220 	}
1221 
1222 	return -EIO;
1223 }
1224 
1225 #define SCAN_TIMEOUT (20 * HZ)
1226 
1227 void iwl_mvm_scan_timeout(unsigned long data)
1228 {
1229 	struct iwl_mvm *mvm = (struct iwl_mvm *)data;
1230 
1231 	IWL_ERR(mvm, "regular scan timed out\n");
1232 
1233 	del_timer(&mvm->scan_timer);
1234 	iwl_force_nmi(mvm->trans);
1235 }
1236 
1237 int iwl_mvm_reg_scan_start(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
1238 			   struct cfg80211_scan_request *req,
1239 			   struct ieee80211_scan_ies *ies)
1240 {
1241 	struct iwl_host_cmd hcmd = {
1242 		.len = { iwl_mvm_scan_size(mvm), },
1243 		.data = { mvm->scan_cmd, },
1244 		.dataflags = { IWL_HCMD_DFL_NOCOPY, },
1245 	};
1246 	struct iwl_mvm_scan_params params = {};
1247 	int ret;
1248 	struct cfg80211_sched_scan_plan scan_plan = { .iterations = 1 };
1249 
1250 	lockdep_assert_held(&mvm->mutex);
1251 
1252 	if (iwl_mvm_is_lar_supported(mvm) && !mvm->lar_regdom_set) {
1253 		IWL_ERR(mvm, "scan while LAR regdomain is not set\n");
1254 		return -EBUSY;
1255 	}
1256 
1257 	ret = iwl_mvm_check_running_scans(mvm, IWL_MVM_SCAN_REGULAR);
1258 	if (ret)
1259 		return ret;
1260 
1261 	/* we should have failed registration if scan_cmd was NULL */
1262 	if (WARN_ON(!mvm->scan_cmd))
1263 		return -ENOMEM;
1264 
1265 	if (!iwl_mvm_scan_fits(mvm, req->n_ssids, ies, req->n_channels))
1266 		return -ENOBUFS;
1267 
1268 	params.n_ssids = req->n_ssids;
1269 	params.flags = req->flags;
1270 	params.n_channels = req->n_channels;
1271 	params.delay = 0;
1272 	params.ssids = req->ssids;
1273 	params.channels = req->channels;
1274 	params.mac_addr = req->mac_addr;
1275 	params.mac_addr_mask = req->mac_addr_mask;
1276 	params.no_cck = req->no_cck;
1277 	params.pass_all = true;
1278 	params.n_match_sets = 0;
1279 	params.match_sets = NULL;
1280 
1281 	params.scan_plans = &scan_plan;
1282 	params.n_scan_plans = 1;
1283 
1284 	params.type =
1285 		iwl_mvm_get_scan_type(mvm,
1286 				      vif->type == NL80211_IFTYPE_P2P_DEVICE);
1287 
1288 	iwl_mvm_build_scan_probe(mvm, vif, ies, &params);
1289 
1290 	if (fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_UMAC_SCAN)) {
1291 		hcmd.id = iwl_cmd_id(SCAN_REQ_UMAC, IWL_ALWAYS_LONG_GROUP, 0);
1292 		ret = iwl_mvm_scan_umac(mvm, vif, &params,
1293 					IWL_MVM_SCAN_REGULAR);
1294 	} else {
1295 		hcmd.id = SCAN_OFFLOAD_REQUEST_CMD;
1296 		ret = iwl_mvm_scan_lmac(mvm, vif, &params);
1297 	}
1298 
1299 	if (ret)
1300 		return ret;
1301 
1302 	ret = iwl_mvm_send_cmd(mvm, &hcmd);
1303 	if (ret) {
1304 		/* If the scan failed, it usually means that the FW was unable
1305 		 * to allocate the time events. Warn on it, but maybe we
1306 		 * should try to send the command again with different params.
1307 		 */
1308 		IWL_ERR(mvm, "Scan failed! ret %d\n", ret);
1309 		return ret;
1310 	}
1311 
1312 	IWL_DEBUG_SCAN(mvm, "Scan request was sent successfully\n");
1313 	mvm->scan_status |= IWL_MVM_SCAN_REGULAR;
1314 	iwl_mvm_ref(mvm, IWL_MVM_REF_SCAN);
1315 
1316 	mod_timer(&mvm->scan_timer, jiffies + SCAN_TIMEOUT);
1317 
1318 	return 0;
1319 }
1320 
1321 int iwl_mvm_sched_scan_start(struct iwl_mvm *mvm,
1322 			     struct ieee80211_vif *vif,
1323 			     struct cfg80211_sched_scan_request *req,
1324 			     struct ieee80211_scan_ies *ies,
1325 			     int type)
1326 {
1327 	struct iwl_host_cmd hcmd = {
1328 		.len = { iwl_mvm_scan_size(mvm), },
1329 		.data = { mvm->scan_cmd, },
1330 		.dataflags = { IWL_HCMD_DFL_NOCOPY, },
1331 	};
1332 	struct iwl_mvm_scan_params params = {};
1333 	int ret;
1334 
1335 	lockdep_assert_held(&mvm->mutex);
1336 
1337 	if (iwl_mvm_is_lar_supported(mvm) && !mvm->lar_regdom_set) {
1338 		IWL_ERR(mvm, "sched-scan while LAR regdomain is not set\n");
1339 		return -EBUSY;
1340 	}
1341 
1342 	ret = iwl_mvm_check_running_scans(mvm, type);
1343 	if (ret)
1344 		return ret;
1345 
1346 	/* we should have failed registration if scan_cmd was NULL */
1347 	if (WARN_ON(!mvm->scan_cmd))
1348 		return -ENOMEM;
1349 
1350 	if (!iwl_mvm_scan_fits(mvm, req->n_ssids, ies, req->n_channels))
1351 		return -ENOBUFS;
1352 
1353 	params.n_ssids = req->n_ssids;
1354 	params.flags = req->flags;
1355 	params.n_channels = req->n_channels;
1356 	params.ssids = req->ssids;
1357 	params.channels = req->channels;
1358 	params.mac_addr = req->mac_addr;
1359 	params.mac_addr_mask = req->mac_addr_mask;
1360 	params.no_cck = false;
1361 	params.pass_all =  iwl_mvm_scan_pass_all(mvm, req);
1362 	params.n_match_sets = req->n_match_sets;
1363 	params.match_sets = req->match_sets;
1364 	if (!req->n_scan_plans)
1365 		return -EINVAL;
1366 
1367 	params.n_scan_plans = req->n_scan_plans;
1368 	params.scan_plans = req->scan_plans;
1369 
1370 	params.type =
1371 		iwl_mvm_get_scan_type(mvm,
1372 				      vif->type == NL80211_IFTYPE_P2P_DEVICE);
1373 
1374 	/* In theory, LMAC scans can handle a 32-bit delay, but since
1375 	 * waiting for over 18 hours to start the scan is a bit silly
1376 	 * and to keep it aligned with UMAC scans (which only support
1377 	 * 16-bit delays), trim it down to 16-bits.
1378 	 */
1379 	if (req->delay > U16_MAX) {
1380 		IWL_DEBUG_SCAN(mvm,
1381 			       "delay value is > 16-bits, set to max possible\n");
1382 		params.delay = U16_MAX;
1383 	} else {
1384 		params.delay = req->delay;
1385 	}
1386 
1387 	ret = iwl_mvm_config_sched_scan_profiles(mvm, req);
1388 	if (ret)
1389 		return ret;
1390 
1391 	iwl_mvm_build_scan_probe(mvm, vif, ies, &params);
1392 
1393 	if (fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_UMAC_SCAN)) {
1394 		hcmd.id = iwl_cmd_id(SCAN_REQ_UMAC, IWL_ALWAYS_LONG_GROUP, 0);
1395 		ret = iwl_mvm_scan_umac(mvm, vif, &params, type);
1396 	} else {
1397 		hcmd.id = SCAN_OFFLOAD_REQUEST_CMD;
1398 		ret = iwl_mvm_scan_lmac(mvm, vif, &params);
1399 	}
1400 
1401 	if (ret)
1402 		return ret;
1403 
1404 	ret = iwl_mvm_send_cmd(mvm, &hcmd);
1405 	if (!ret) {
1406 		IWL_DEBUG_SCAN(mvm,
1407 			       "Sched scan request was sent successfully\n");
1408 		mvm->scan_status |= type;
1409 	} else {
1410 		/* If the scan failed, it usually means that the FW was unable
1411 		 * to allocate the time events. Warn on it, but maybe we
1412 		 * should try to send the command again with different params.
1413 		 */
1414 		IWL_ERR(mvm, "Sched scan failed! ret %d\n", ret);
1415 	}
1416 
1417 	return ret;
1418 }
1419 
1420 void iwl_mvm_rx_umac_scan_complete_notif(struct iwl_mvm *mvm,
1421 					 struct iwl_rx_cmd_buffer *rxb)
1422 {
1423 	struct iwl_rx_packet *pkt = rxb_addr(rxb);
1424 	struct iwl_umac_scan_complete *notif = (void *)pkt->data;
1425 	u32 uid = __le32_to_cpu(notif->uid);
1426 	bool aborted = (notif->status == IWL_SCAN_OFFLOAD_ABORTED);
1427 
1428 	if (WARN_ON(!(mvm->scan_uid_status[uid] & mvm->scan_status)))
1429 		return;
1430 
1431 	/* if the scan is already stopping, we don't need to notify mac80211 */
1432 	if (mvm->scan_uid_status[uid] == IWL_MVM_SCAN_REGULAR) {
1433 		ieee80211_scan_completed(mvm->hw, aborted);
1434 		iwl_mvm_unref(mvm, IWL_MVM_REF_SCAN);
1435 		del_timer(&mvm->scan_timer);
1436 	} else if (mvm->scan_uid_status[uid] == IWL_MVM_SCAN_SCHED) {
1437 		ieee80211_sched_scan_stopped(mvm->hw);
1438 		mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED;
1439 	}
1440 
1441 	mvm->scan_status &= ~mvm->scan_uid_status[uid];
1442 	IWL_DEBUG_SCAN(mvm,
1443 		       "Scan completed, uid %u type %u, status %s, EBS status %s\n",
1444 		       uid, mvm->scan_uid_status[uid],
1445 		       notif->status == IWL_SCAN_OFFLOAD_COMPLETED ?
1446 				"completed" : "aborted",
1447 		       iwl_mvm_ebs_status_str(notif->ebs_status));
1448 	IWL_DEBUG_SCAN(mvm,
1449 		       "Last line %d, Last iteration %d, Time from last iteration %d\n",
1450 		       notif->last_schedule, notif->last_iter,
1451 		       __le32_to_cpu(notif->time_from_last_iter));
1452 
1453 	if (notif->ebs_status != IWL_SCAN_EBS_SUCCESS &&
1454 	    notif->ebs_status != IWL_SCAN_EBS_INACTIVE)
1455 		mvm->last_ebs_successful = false;
1456 
1457 	mvm->scan_uid_status[uid] = 0;
1458 }
1459 
1460 void iwl_mvm_rx_umac_scan_iter_complete_notif(struct iwl_mvm *mvm,
1461 					      struct iwl_rx_cmd_buffer *rxb)
1462 {
1463 	struct iwl_rx_packet *pkt = rxb_addr(rxb);
1464 	struct iwl_umac_scan_iter_complete_notif *notif = (void *)pkt->data;
1465 	u8 buf[256];
1466 
1467 	IWL_DEBUG_SCAN(mvm,
1468 		       "UMAC Scan iteration complete: status=0x%x scanned_channels=%d channels list: %s\n",
1469 		       notif->status, notif->scanned_channels,
1470 		       iwl_mvm_dump_channel_list(notif->results,
1471 						 notif->scanned_channels, buf,
1472 						 sizeof(buf)));
1473 
1474 	if (mvm->sched_scan_pass_all == SCHED_SCAN_PASS_ALL_FOUND) {
1475 		IWL_DEBUG_SCAN(mvm, "Pass all scheduled scan results found\n");
1476 		ieee80211_sched_scan_results(mvm->hw);
1477 		mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_ENABLED;
1478 	}
1479 }
1480 
1481 static int iwl_mvm_umac_scan_abort(struct iwl_mvm *mvm, int type)
1482 {
1483 	struct iwl_umac_scan_abort cmd = {};
1484 	int uid, ret;
1485 
1486 	lockdep_assert_held(&mvm->mutex);
1487 
1488 	/* We should always get a valid index here, because we already
1489 	 * checked that this type of scan was running in the generic
1490 	 * code.
1491 	 */
1492 	uid = iwl_mvm_scan_uid_by_status(mvm, type);
1493 	if (WARN_ON_ONCE(uid < 0))
1494 		return uid;
1495 
1496 	cmd.uid = cpu_to_le32(uid);
1497 
1498 	IWL_DEBUG_SCAN(mvm, "Sending scan abort, uid %u\n", uid);
1499 
1500 	ret = iwl_mvm_send_cmd_pdu(mvm,
1501 				   iwl_cmd_id(SCAN_ABORT_UMAC,
1502 					      IWL_ALWAYS_LONG_GROUP, 0),
1503 				   0, sizeof(cmd), &cmd);
1504 	if (!ret)
1505 		mvm->scan_uid_status[uid] = type << IWL_MVM_SCAN_STOPPING_SHIFT;
1506 
1507 	return ret;
1508 }
1509 
1510 static int iwl_mvm_scan_stop_wait(struct iwl_mvm *mvm, int type)
1511 {
1512 	struct iwl_notification_wait wait_scan_done;
1513 	static const u16 scan_done_notif[] = { SCAN_COMPLETE_UMAC,
1514 					      SCAN_OFFLOAD_COMPLETE, };
1515 	int ret;
1516 
1517 	lockdep_assert_held(&mvm->mutex);
1518 
1519 	iwl_init_notification_wait(&mvm->notif_wait, &wait_scan_done,
1520 				   scan_done_notif,
1521 				   ARRAY_SIZE(scan_done_notif),
1522 				   NULL, NULL);
1523 
1524 	IWL_DEBUG_SCAN(mvm, "Preparing to stop scan, type %x\n", type);
1525 
1526 	if (fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_UMAC_SCAN))
1527 		ret = iwl_mvm_umac_scan_abort(mvm, type);
1528 	else
1529 		ret = iwl_mvm_lmac_scan_abort(mvm);
1530 
1531 	if (ret) {
1532 		IWL_DEBUG_SCAN(mvm, "couldn't stop scan type %d\n", type);
1533 		iwl_remove_notification(&mvm->notif_wait, &wait_scan_done);
1534 		return ret;
1535 	}
1536 
1537 	ret = iwl_wait_notification(&mvm->notif_wait, &wait_scan_done, 1 * HZ);
1538 
1539 	return ret;
1540 }
1541 
1542 int iwl_mvm_scan_size(struct iwl_mvm *mvm)
1543 {
1544 	if (fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_UMAC_SCAN))
1545 		return sizeof(struct iwl_scan_req_umac) +
1546 			sizeof(struct iwl_scan_channel_cfg_umac) *
1547 				mvm->fw->ucode_capa.n_scan_channels +
1548 			sizeof(struct iwl_scan_req_umac_tail);
1549 
1550 	return sizeof(struct iwl_scan_req_lmac) +
1551 		sizeof(struct iwl_scan_channel_cfg_lmac) *
1552 		mvm->fw->ucode_capa.n_scan_channels +
1553 		sizeof(struct iwl_scan_probe_req);
1554 }
1555 
1556 /*
1557  * This function is used in nic restart flow, to inform mac80211 about scans
1558  * that was aborted by restart flow or by an assert.
1559  */
1560 void iwl_mvm_report_scan_aborted(struct iwl_mvm *mvm)
1561 {
1562 	if (fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_UMAC_SCAN)) {
1563 		int uid, i;
1564 
1565 		uid = iwl_mvm_scan_uid_by_status(mvm, IWL_MVM_SCAN_REGULAR);
1566 		if (uid >= 0) {
1567 			ieee80211_scan_completed(mvm->hw, true);
1568 			mvm->scan_uid_status[uid] = 0;
1569 		}
1570 		uid = iwl_mvm_scan_uid_by_status(mvm, IWL_MVM_SCAN_SCHED);
1571 		if (uid >= 0 && !mvm->restart_fw) {
1572 			ieee80211_sched_scan_stopped(mvm->hw);
1573 			mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED;
1574 			mvm->scan_uid_status[uid] = 0;
1575 		}
1576 
1577 		/* We shouldn't have any UIDs still set.  Loop over all the
1578 		 * UIDs to make sure there's nothing left there and warn if
1579 		 * any is found.
1580 		 */
1581 		for (i = 0; i < mvm->max_scans; i++) {
1582 			if (WARN_ONCE(mvm->scan_uid_status[i],
1583 				      "UMAC scan UID %d status was not cleaned\n",
1584 				      i))
1585 				mvm->scan_uid_status[i] = 0;
1586 		}
1587 	} else {
1588 		if (mvm->scan_status & IWL_MVM_SCAN_REGULAR)
1589 			ieee80211_scan_completed(mvm->hw, true);
1590 
1591 		/* Sched scan will be restarted by mac80211 in
1592 		 * restart_hw, so do not report if FW is about to be
1593 		 * restarted.
1594 		 */
1595 		if ((mvm->scan_status & IWL_MVM_SCAN_SCHED) &&
1596 		    !mvm->restart_fw) {
1597 			ieee80211_sched_scan_stopped(mvm->hw);
1598 			mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED;
1599 		}
1600 	}
1601 }
1602 
1603 int iwl_mvm_scan_stop(struct iwl_mvm *mvm, int type, bool notify)
1604 {
1605 	int ret;
1606 
1607 	if (!(mvm->scan_status & type))
1608 		return 0;
1609 
1610 	if (iwl_mvm_is_radio_killed(mvm)) {
1611 		ret = 0;
1612 		goto out;
1613 	}
1614 
1615 	ret = iwl_mvm_scan_stop_wait(mvm, type);
1616 	if (!ret)
1617 		mvm->scan_status |= type << IWL_MVM_SCAN_STOPPING_SHIFT;
1618 out:
1619 	/* Clear the scan status so the next scan requests will
1620 	 * succeed and mark the scan as stopping, so that the Rx
1621 	 * handler doesn't do anything, as the scan was stopped from
1622 	 * above.
1623 	 */
1624 	mvm->scan_status &= ~type;
1625 
1626 	if (type == IWL_MVM_SCAN_REGULAR) {
1627 		/* Since the rx handler won't do anything now, we have
1628 		 * to release the scan reference here.
1629 		 */
1630 		iwl_mvm_unref(mvm, IWL_MVM_REF_SCAN);
1631 		del_timer(&mvm->scan_timer);
1632 		if (notify)
1633 			ieee80211_scan_completed(mvm->hw, true);
1634 	} else if (notify) {
1635 		ieee80211_sched_scan_stopped(mvm->hw);
1636 		mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED;
1637 	}
1638 
1639 	return ret;
1640 }
1641