1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause 2 /* 3 * Copyright (C) 2024-2026 Intel Corporation 4 */ 5 #include <linux/crc32.h> 6 7 #include "iwl-utils.h" 8 9 #include "mld.h" 10 #include "scan.h" 11 #include "hcmd.h" 12 #include "iface.h" 13 #include "phy.h" 14 #include "mlo.h" 15 16 #include "fw/api/scan.h" 17 #include "fw/dbg.h" 18 19 #define IWL_SCAN_DWELL_ACTIVE 10 20 #define IWL_SCAN_DWELL_PASSIVE 110 21 #define IWL_SCAN_NUM_OF_FRAGS 3 22 23 /* adaptive dwell max budget time [TU] for full scan */ 24 #define IWL_SCAN_ADWELL_MAX_BUDGET_FULL_SCAN 300 25 26 /* adaptive dwell max budget time [TU] for directed scan */ 27 #define IWL_SCAN_ADWELL_MAX_BUDGET_DIRECTED_SCAN 100 28 29 /* adaptive dwell default high band APs number */ 30 #define IWL_SCAN_ADWELL_DEFAULT_HB_N_APS 8 31 32 /* adaptive dwell default low band APs number */ 33 #define IWL_SCAN_ADWELL_DEFAULT_LB_N_APS 2 34 35 /* adaptive dwell default APs number for P2P social channels (1, 6, 11) */ 36 #define IWL_SCAN_ADWELL_DEFAULT_N_APS_SOCIAL 10 37 38 /* adaptive dwell number of APs override for P2P friendly GO channels */ 39 #define IWL_SCAN_ADWELL_N_APS_GO_FRIENDLY 10 40 41 /* adaptive dwell number of APs override for P2P social channels */ 42 #define IWL_SCAN_ADWELL_N_APS_SOCIAL_CHS 2 43 44 /* adaptive dwell number of APs override mask for p2p friendly GO */ 45 #define IWL_SCAN_ADWELL_N_APS_GO_FRIENDLY_BIT BIT(20) 46 47 /* adaptive dwell number of APs override mask for social channels */ 48 #define IWL_SCAN_ADWELL_N_APS_SOCIAL_CHS_BIT BIT(21) 49 50 /* minimal number of 2GHz and 5GHz channels in the regular scan request */ 51 #define IWL_MLD_6GHZ_PASSIVE_SCAN_MIN_CHANS 4 52 53 enum iwl_mld_scan_type { 54 IWL_SCAN_TYPE_NOT_SET, 55 IWL_SCAN_TYPE_UNASSOC, 56 IWL_SCAN_TYPE_WILD, 57 IWL_SCAN_TYPE_MILD, 58 IWL_SCAN_TYPE_FRAGMENTED, 59 IWL_SCAN_TYPE_FAST_BALANCE, 60 }; 61 62 struct iwl_mld_scan_timing_params { 63 u32 suspend_time; 64 u32 max_out_time; 65 }; 66 67 static const struct iwl_mld_scan_timing_params scan_timing[] = { 68 [IWL_SCAN_TYPE_UNASSOC] = { 69 .suspend_time = 0, 70 .max_out_time = 0, 71 }, 72 [IWL_SCAN_TYPE_WILD] = { 73 .suspend_time = 30, 74 .max_out_time = 120, 75 }, 76 [IWL_SCAN_TYPE_MILD] = { 77 .suspend_time = 120, 78 .max_out_time = 120, 79 }, 80 [IWL_SCAN_TYPE_FRAGMENTED] = { 81 .suspend_time = 95, 82 .max_out_time = 44, 83 }, 84 [IWL_SCAN_TYPE_FAST_BALANCE] = { 85 .suspend_time = 30, 86 .max_out_time = 37, 87 }, 88 }; 89 90 struct iwl_mld_scan_params { 91 enum iwl_mld_scan_type type; 92 u32 n_channels; 93 u16 delay; 94 int n_ssids; 95 struct cfg80211_ssid *ssids; 96 struct ieee80211_channel **channels; 97 u32 flags; 98 u8 *mac_addr; 99 u8 *mac_addr_mask; 100 bool no_cck; 101 bool pass_all; 102 int n_match_sets; 103 struct iwl_scan_probe_req preq; 104 struct cfg80211_match_set *match_sets; 105 int n_scan_plans; 106 struct cfg80211_sched_scan_plan *scan_plans; 107 bool iter_notif; 108 bool respect_p2p_go; 109 u8 fw_link_id; 110 struct cfg80211_scan_6ghz_params *scan_6ghz_params; 111 u32 n_6ghz_params; 112 bool scan_6ghz; 113 bool enable_6ghz_passive; 114 u8 bssid[ETH_ALEN] __aligned(2); 115 }; 116 117 struct iwl_scan_req_params_ptrs { 118 struct iwl_scan_general_params_v11 *general_params; 119 struct iwl_scan_channel_params_v8 *channel_params; 120 struct iwl_scan_periodic_parms_v1 *periodic_params; 121 struct iwl_scan_probe_params_v4 *probe_params; 122 }; 123 124 struct iwl_mld_scan_respect_p2p_go_iter_data { 125 struct ieee80211_vif *current_vif; 126 bool p2p_go; 127 }; 128 129 static void iwl_mld_scan_respect_p2p_go_iter(void *_data, u8 *mac, 130 struct ieee80211_vif *vif) 131 { 132 struct iwl_mld_scan_respect_p2p_go_iter_data *data = _data; 133 134 /* exclude the given vif */ 135 if (vif == data->current_vif) 136 return; 137 138 /* TODO: CDB check the band of the GO */ 139 if (ieee80211_vif_type_p2p(vif) == NL80211_IFTYPE_P2P_GO && 140 iwl_mld_vif_from_mac80211(vif)->ap_ibss_active) 141 data->p2p_go = true; 142 } 143 144 static bool iwl_mld_get_respect_p2p_go(struct iwl_mld *mld, 145 struct ieee80211_vif *vif, 146 bool low_latency) 147 { 148 struct iwl_mld_scan_respect_p2p_go_iter_data data = { 149 .current_vif = vif, 150 .p2p_go = false, 151 }; 152 153 if (!low_latency) 154 return false; 155 156 ieee80211_iterate_active_interfaces_mtx(mld->hw, 157 IEEE80211_IFACE_ITER_NORMAL, 158 iwl_mld_scan_respect_p2p_go_iter, 159 &data); 160 161 return data.p2p_go; 162 } 163 164 struct iwl_mld_scan_iter_data { 165 struct ieee80211_vif *current_vif; 166 bool active_vif; 167 bool is_dcm_with_p2p_go; 168 bool global_low_latency; 169 }; 170 171 static void iwl_mld_scan_iterator(void *_data, u8 *mac, 172 struct ieee80211_vif *vif) 173 { 174 struct iwl_mld_scan_iter_data *data = _data; 175 struct ieee80211_vif *curr_vif = data->current_vif; 176 struct iwl_mld_vif *mld_vif = iwl_mld_vif_from_mac80211(vif); 177 struct iwl_mld_vif *curr_mld_vif; 178 unsigned long curr_vif_active_links; 179 u16 link_id; 180 181 data->global_low_latency |= iwl_mld_vif_low_latency(mld_vif); 182 183 if ((ieee80211_vif_is_mld(vif) && vif->active_links) || 184 (vif->type != NL80211_IFTYPE_P2P_DEVICE && 185 mld_vif->deflink.active)) 186 data->active_vif = true; 187 188 if (vif == curr_vif) 189 return; 190 191 if (ieee80211_vif_type_p2p(vif) != NL80211_IFTYPE_P2P_GO) 192 return; 193 194 /* Currently P2P GO can't be AP MLD so the logic below assumes that */ 195 WARN_ON_ONCE(ieee80211_vif_is_mld(vif)); 196 197 curr_vif_active_links = 198 ieee80211_vif_is_mld(curr_vif) ? curr_vif->active_links : 1; 199 200 curr_mld_vif = iwl_mld_vif_from_mac80211(curr_vif); 201 202 for_each_set_bit(link_id, &curr_vif_active_links, 203 IEEE80211_MLD_MAX_NUM_LINKS) { 204 struct iwl_mld_link *curr_mld_link = 205 iwl_mld_link_dereference_check(curr_mld_vif, link_id); 206 207 if (WARN_ON(!curr_mld_link)) 208 return; 209 210 if (rcu_access_pointer(curr_mld_link->chan_ctx) && 211 rcu_access_pointer(mld_vif->deflink.chan_ctx) != 212 rcu_access_pointer(curr_mld_link->chan_ctx)) { 213 data->is_dcm_with_p2p_go = true; 214 return; 215 } 216 } 217 } 218 219 static enum 220 iwl_mld_scan_type iwl_mld_get_scan_type(struct iwl_mld *mld, 221 struct ieee80211_vif *vif, 222 struct iwl_mld_scan_iter_data *data) 223 { 224 enum iwl_mld_traffic_load load = mld->scan.traffic_load.status; 225 226 /* A scanning AP interface probably wants to generate a survey to do 227 * ACS (automatic channel selection). 228 * Force a non-fragmented scan in that case. 229 */ 230 if (ieee80211_vif_type_p2p(vif) == NL80211_IFTYPE_AP) 231 return IWL_SCAN_TYPE_WILD; 232 233 if (!data->active_vif) 234 return IWL_SCAN_TYPE_UNASSOC; 235 236 if ((load == IWL_MLD_TRAFFIC_HIGH || data->global_low_latency) && 237 vif->type != NL80211_IFTYPE_P2P_DEVICE) 238 return IWL_SCAN_TYPE_FRAGMENTED; 239 240 /* While associated to MLD AP with active EMLSR, set all scan 241 * operations as fast-balance scans. 242 */ 243 if (iwl_mld_emlsr_active(vif)) 244 return IWL_SCAN_TYPE_FAST_BALANCE; 245 246 /* In case of DCM with P2P GO set all scan requests as 247 * fast-balance scan 248 */ 249 if (vif->type == NL80211_IFTYPE_STATION && 250 data->is_dcm_with_p2p_go) 251 return IWL_SCAN_TYPE_FAST_BALANCE; 252 253 if (load >= IWL_MLD_TRAFFIC_MEDIUM || data->global_low_latency) 254 return IWL_SCAN_TYPE_MILD; 255 256 return IWL_SCAN_TYPE_WILD; 257 } 258 259 static u8 * 260 iwl_mld_scan_add_2ghz_elems(struct iwl_mld *mld, const u8 *ies, 261 size_t len, u8 *const pos) 262 { 263 static const u8 before_ds_params[] = { 264 WLAN_EID_SSID, 265 WLAN_EID_SUPP_RATES, 266 WLAN_EID_REQUEST, 267 WLAN_EID_EXT_SUPP_RATES, 268 }; 269 size_t offs; 270 u8 *newpos = pos; 271 272 offs = ieee80211_ie_split(ies, len, 273 before_ds_params, 274 ARRAY_SIZE(before_ds_params), 275 0); 276 277 memcpy(newpos, ies, offs); 278 newpos += offs; 279 280 /* Add a placeholder for DS Parameter Set element */ 281 *newpos++ = WLAN_EID_DS_PARAMS; 282 *newpos++ = 1; 283 *newpos++ = 0; 284 285 memcpy(newpos, ies + offs, len - offs); 286 newpos += len - offs; 287 288 return newpos; 289 } 290 291 static void 292 iwl_mld_scan_add_tpc_report_elem(u8 *pos) 293 { 294 pos[0] = WLAN_EID_VENDOR_SPECIFIC; 295 pos[1] = WFA_TPC_IE_LEN - 2; 296 pos[2] = (WLAN_OUI_MICROSOFT >> 16) & 0xff; 297 pos[3] = (WLAN_OUI_MICROSOFT >> 8) & 0xff; 298 pos[4] = WLAN_OUI_MICROSOFT & 0xff; 299 pos[5] = WLAN_OUI_TYPE_MICROSOFT_TPC; 300 pos[6] = 0; 301 /* pos[7] - tx power will be inserted by the FW */ 302 pos[7] = 0; 303 pos[8] = 0; 304 } 305 306 static u32 307 iwl_mld_scan_ooc_priority(enum iwl_mld_scan_status scan_status) 308 { 309 if (scan_status == IWL_MLD_SCAN_REGULAR) 310 return IWL_SCAN_PRIORITY_EXT_6; 311 if (scan_status == IWL_MLD_SCAN_INT_MLO) 312 return IWL_SCAN_PRIORITY_EXT_4; 313 314 return IWL_SCAN_PRIORITY_EXT_2; 315 } 316 317 static bool 318 iwl_mld_scan_is_regular(struct iwl_mld_scan_params *params) 319 { 320 return params->n_scan_plans == 1 && 321 params->scan_plans[0].iterations == 1; 322 } 323 324 static bool 325 iwl_mld_scan_is_fragmented(enum iwl_mld_scan_type type) 326 { 327 return (type == IWL_SCAN_TYPE_FRAGMENTED || 328 type == IWL_SCAN_TYPE_FAST_BALANCE); 329 } 330 331 static int 332 iwl_mld_scan_uid_by_status(struct iwl_mld *mld, int status) 333 { 334 for (int i = 0; i < ARRAY_SIZE(mld->scan.uid_status); i++) 335 if (mld->scan.uid_status[i] == status) 336 return i; 337 338 return -ENOENT; 339 } 340 341 static const char * 342 iwl_mld_scan_ebs_status_str(enum iwl_scan_ebs_status status) 343 { 344 switch (status) { 345 case IWL_SCAN_EBS_SUCCESS: 346 return "successful"; 347 case IWL_SCAN_EBS_INACTIVE: 348 return "inactive"; 349 case IWL_SCAN_EBS_FAILED: 350 case IWL_SCAN_EBS_CHAN_NOT_FOUND: 351 default: 352 return "failed"; 353 } 354 } 355 356 static int 357 iwl_mld_scan_ssid_exist(u8 *ssid, u8 ssid_len, struct iwl_ssid_ie *ssid_list) 358 { 359 for (int i = 0; i < PROBE_OPTION_MAX; i++) { 360 if (!ssid_list[i].len) 361 return -1; 362 if (ssid_list[i].len == ssid_len && 363 !memcmp(ssid_list[i].ssid, ssid, ssid_len)) 364 return i; 365 } 366 367 return -1; 368 } 369 370 static bool 371 iwl_mld_scan_fits(struct iwl_mld *mld, int n_ssids, 372 struct ieee80211_scan_ies *ies, int n_channels) 373 { 374 return ((n_ssids <= PROBE_OPTION_MAX) && 375 (n_channels <= mld->fw->ucode_capa.n_scan_channels) && 376 (ies->common_ie_len + ies->len[NL80211_BAND_2GHZ] + 377 ies->len[NL80211_BAND_5GHZ] + ies->len[NL80211_BAND_6GHZ] <= 378 iwl_mld_scan_max_template_size())); 379 } 380 381 static void 382 iwl_mld_scan_build_probe_req(struct iwl_mld *mld, struct ieee80211_vif *vif, 383 struct ieee80211_scan_ies *ies, 384 struct iwl_mld_scan_params *params) 385 { 386 struct ieee80211_mgmt *frame = (void *)params->preq.buf; 387 u8 *pos, *newpos; 388 const u8 *mac_addr = params->flags & NL80211_SCAN_FLAG_RANDOM_ADDR ? 389 params->mac_addr : NULL; 390 391 if (mac_addr) 392 get_random_mask_addr(frame->sa, mac_addr, 393 params->mac_addr_mask); 394 else 395 memcpy(frame->sa, vif->addr, ETH_ALEN); 396 397 frame->frame_control = cpu_to_le16(IEEE80211_STYPE_PROBE_REQ); 398 eth_broadcast_addr(frame->da); 399 ether_addr_copy(frame->bssid, params->bssid); 400 frame->seq_ctrl = 0; 401 402 pos = frame->u.probe_req.variable; 403 *pos++ = WLAN_EID_SSID; 404 *pos++ = 0; 405 406 params->preq.mac_header.offset = 0; 407 params->preq.mac_header.len = cpu_to_le16(24 + 2); 408 409 /* Insert DS parameter set element on 2.4 GHz band */ 410 newpos = iwl_mld_scan_add_2ghz_elems(mld, 411 ies->ies[NL80211_BAND_2GHZ], 412 ies->len[NL80211_BAND_2GHZ], 413 pos); 414 params->preq.band_data[0].offset = cpu_to_le16(pos - params->preq.buf); 415 params->preq.band_data[0].len = cpu_to_le16(newpos - pos); 416 pos = newpos; 417 418 memcpy(pos, ies->ies[NL80211_BAND_5GHZ], 419 ies->len[NL80211_BAND_5GHZ]); 420 params->preq.band_data[1].offset = cpu_to_le16(pos - params->preq.buf); 421 params->preq.band_data[1].len = 422 cpu_to_le16(ies->len[NL80211_BAND_5GHZ]); 423 pos += ies->len[NL80211_BAND_5GHZ]; 424 425 memcpy(pos, ies->ies[NL80211_BAND_6GHZ], 426 ies->len[NL80211_BAND_6GHZ]); 427 params->preq.band_data[2].offset = cpu_to_le16(pos - params->preq.buf); 428 params->preq.band_data[2].len = 429 cpu_to_le16(ies->len[NL80211_BAND_6GHZ]); 430 pos += ies->len[NL80211_BAND_6GHZ]; 431 432 memcpy(pos, ies->common_ies, ies->common_ie_len); 433 params->preq.common_data.offset = cpu_to_le16(pos - params->preq.buf); 434 435 iwl_mld_scan_add_tpc_report_elem(pos + ies->common_ie_len); 436 params->preq.common_data.len = cpu_to_le16(ies->common_ie_len + 437 WFA_TPC_IE_LEN); 438 } 439 440 static u16 441 iwl_mld_scan_get_cmd_gen_flags(struct iwl_mld *mld, 442 struct iwl_mld_scan_params *params, 443 struct ieee80211_vif *vif, 444 enum iwl_mld_scan_status scan_status) 445 { 446 u16 flags = 0; 447 448 /* If no direct SSIDs are provided perform a passive scan. Otherwise, 449 * if there is a single SSID which is not the broadcast SSID, assume 450 * that the scan is intended for roaming purposes and thus enable Rx on 451 * all chains to improve chances of hearing the beacons/probe responses. 452 */ 453 if (params->n_ssids == 0) 454 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_FORCE_PASSIVE; 455 else if (params->n_ssids == 1 && params->ssids[0].ssid_len) 456 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_USE_ALL_RX_CHAINS; 457 458 if (params->pass_all) 459 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_PASS_ALL; 460 else 461 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_MATCH; 462 463 if (iwl_mld_scan_is_fragmented(params->type)) 464 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_FRAGMENTED_LMAC1; 465 466 if (!iwl_mld_scan_is_regular(params)) 467 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_PERIODIC; 468 469 if (params->iter_notif || 470 mld->scan.pass_all_sched_res == SCHED_SCAN_PASS_ALL_STATE_ENABLED) 471 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_NTFY_ITER_COMPLETE; 472 473 if (scan_status == IWL_MLD_SCAN_SCHED || 474 scan_status == IWL_MLD_SCAN_NETDETECT) 475 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_PREEMPTIVE; 476 477 if (params->flags & (NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP | 478 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE | 479 NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME)) 480 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_OCE; 481 482 if ((scan_status == IWL_MLD_SCAN_SCHED || 483 scan_status == IWL_MLD_SCAN_NETDETECT) && 484 params->flags & NL80211_SCAN_FLAG_COLOCATED_6GHZ) 485 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_TRIGGER_UHB_SCAN; 486 487 if (scan_status == IWL_MLD_SCAN_INT_MLO) 488 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_NTF_START; 489 490 if (params->enable_6ghz_passive) 491 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_6GHZ_PASSIVE_SCAN; 492 493 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_ADAPTIVE_DWELL; 494 495 return flags; 496 } 497 498 static u8 499 iwl_mld_scan_get_cmd_gen_flags2(struct iwl_mld *mld, 500 struct iwl_mld_scan_params *params, 501 struct ieee80211_vif *vif, 502 enum iwl_mld_scan_status scan_status, 503 u16 gen_flags) 504 { 505 u8 flags = 0; 506 507 /* TODO: CDB */ 508 if (params->respect_p2p_go) 509 flags |= IWL_UMAC_SCAN_GEN_PARAMS_FLAGS2_RESPECT_P2P_GO_LB | 510 IWL_UMAC_SCAN_GEN_PARAMS_FLAGS2_RESPECT_P2P_GO_HB; 511 512 if (params->scan_6ghz) 513 flags |= IWL_UMAC_SCAN_GEN_PARAMS_FLAGS2_DONT_TOGGLE_ANT; 514 515 /* For AP interfaces, request survey data for regular scans and if 516 * it is supported. For non-AP interfaces, EBS will be enabled and 517 * the results may be missing information for some channels. 518 */ 519 if (scan_status == IWL_MLD_SCAN_REGULAR && 520 ieee80211_vif_type_p2p(vif) == NL80211_IFTYPE_AP && 521 gen_flags & IWL_UMAC_SCAN_GEN_FLAGS_V2_FORCE_PASSIVE) 522 flags |= IWL_UMAC_SCAN_GEN_FLAGS2_COLLECT_CHANNEL_STATS; 523 524 return flags; 525 } 526 527 static void 528 iwl_mld_scan_cmd_set_dwell(struct iwl_mld *mld, 529 struct iwl_mld_scan_params *params, 530 struct iwl_scan_req_params_ptrs *scan_ptrs) 531 { 532 struct iwl_scan_general_params_v11 *gp = scan_ptrs->general_params; 533 const struct iwl_mld_scan_timing_params *timing = 534 &scan_timing[params->type]; 535 536 gp->adwell_default_social_chn = 537 IWL_SCAN_ADWELL_DEFAULT_N_APS_SOCIAL; 538 gp->adwell_default_2g = IWL_SCAN_ADWELL_DEFAULT_LB_N_APS; 539 gp->adwell_default_5g = IWL_SCAN_ADWELL_DEFAULT_HB_N_APS; 540 541 if (params->n_ssids && params->ssids[0].ssid_len) 542 gp->adwell_max_budget = 543 cpu_to_le16(IWL_SCAN_ADWELL_MAX_BUDGET_DIRECTED_SCAN); 544 else 545 gp->adwell_max_budget = 546 cpu_to_le16(IWL_SCAN_ADWELL_MAX_BUDGET_FULL_SCAN); 547 548 gp->scan_priority = cpu_to_le32(IWL_SCAN_PRIORITY_EXT_6); 549 550 gp->max_out_of_time[SCAN_LB_LMAC_IDX] = cpu_to_le32(timing->max_out_time); 551 gp->suspend_time[SCAN_LB_LMAC_IDX] = cpu_to_le32(timing->suspend_time); 552 553 gp->active_dwell[SCAN_LB_LMAC_IDX] = IWL_SCAN_DWELL_ACTIVE; 554 gp->passive_dwell[SCAN_LB_LMAC_IDX] = IWL_SCAN_DWELL_PASSIVE; 555 gp->active_dwell[SCAN_HB_LMAC_IDX] = IWL_SCAN_DWELL_ACTIVE; 556 gp->passive_dwell[SCAN_HB_LMAC_IDX] = IWL_SCAN_DWELL_PASSIVE; 557 558 IWL_DEBUG_SCAN(mld, 559 "Scan: adwell_max_budget=%d max_out_of_time=%d suspend_time=%d\n", 560 gp->adwell_max_budget, 561 gp->max_out_of_time[SCAN_LB_LMAC_IDX], 562 gp->suspend_time[SCAN_LB_LMAC_IDX]); 563 } 564 565 static void 566 iwl_mld_scan_cmd_set_gen_params(struct iwl_mld *mld, 567 struct iwl_mld_scan_params *params, 568 struct ieee80211_vif *vif, 569 struct iwl_scan_req_params_ptrs *scan_ptrs, 570 enum iwl_mld_scan_status scan_status) 571 { 572 struct iwl_scan_general_params_v11 *gp = scan_ptrs->general_params; 573 u16 gen_flags = iwl_mld_scan_get_cmd_gen_flags(mld, params, vif, 574 scan_status); 575 u8 gen_flags2 = iwl_mld_scan_get_cmd_gen_flags2(mld, params, vif, 576 scan_status, 577 gen_flags); 578 579 IWL_DEBUG_SCAN(mld, "General: flags=0x%x, flags2=0x%x\n", 580 gen_flags, gen_flags2); 581 582 gp->flags = cpu_to_le16(gen_flags); 583 gp->flags2 = gen_flags2; 584 585 iwl_mld_scan_cmd_set_dwell(mld, params, scan_ptrs); 586 587 if (gen_flags & IWL_UMAC_SCAN_GEN_FLAGS_V2_FRAGMENTED_LMAC1) 588 gp->num_of_fragments[SCAN_LB_LMAC_IDX] = IWL_SCAN_NUM_OF_FRAGS; 589 590 if (params->fw_link_id != IWL_MLD_INVALID_FW_ID) 591 gp->scan_start_mac_or_link_id = params->fw_link_id; 592 } 593 594 static int 595 iwl_mld_scan_cmd_set_sched_params(struct iwl_mld_scan_params *params, 596 struct iwl_scan_req_params_ptrs *scan_ptrs) 597 { 598 struct iwl_scan_umac_schedule *schedule = 599 scan_ptrs->periodic_params->schedule; 600 __le16 *delay = &scan_ptrs->periodic_params->delay; 601 602 if (WARN_ON(!params->n_scan_plans || 603 params->n_scan_plans > IWL_MAX_SCHED_SCAN_PLANS)) 604 return -EINVAL; 605 606 for (int i = 0; i < params->n_scan_plans; i++) { 607 struct cfg80211_sched_scan_plan *scan_plan = 608 ¶ms->scan_plans[i]; 609 610 schedule[i].iter_count = scan_plan->iterations; 611 schedule[i].interval = 612 cpu_to_le16(scan_plan->interval); 613 } 614 615 /* If the number of iterations of the last scan plan is set to zero, 616 * it should run infinitely. However, this is not always the case. 617 * For example, when regular scan is requested the driver sets one scan 618 * plan with one iteration. 619 */ 620 if (!schedule[params->n_scan_plans - 1].iter_count) 621 schedule[params->n_scan_plans - 1].iter_count = 0xff; 622 623 *delay = cpu_to_le16(params->delay); 624 625 return 0; 626 } 627 628 /* We insert the SSIDs in an inverted order, because the FW will 629 * invert it back. 630 */ 631 static void 632 iwl_mld_scan_cmd_build_ssids(struct iwl_mld_scan_params *params, 633 struct iwl_ssid_ie *ssids, u32 *ssid_bitmap) 634 { 635 int i, j; 636 int index; 637 u32 tmp_bitmap = 0; 638 639 /* copy SSIDs from match list. iwl_config_sched_scan_profiles() 640 * uses the order of these ssids to config match list. 641 */ 642 for (i = 0, j = params->n_match_sets - 1; 643 j >= 0 && i < PROBE_OPTION_MAX; 644 i++, j--) { 645 /* skip empty SSID match_sets */ 646 if (!params->match_sets[j].ssid.ssid_len) 647 continue; 648 649 ssids[i].id = WLAN_EID_SSID; 650 ssids[i].len = params->match_sets[j].ssid.ssid_len; 651 memcpy(ssids[i].ssid, params->match_sets[j].ssid.ssid, 652 ssids[i].len); 653 } 654 655 /* add SSIDs from scan SSID list */ 656 for (j = params->n_ssids - 1; 657 j >= 0 && i < PROBE_OPTION_MAX; 658 i++, j--) { 659 index = iwl_mld_scan_ssid_exist(params->ssids[j].ssid, 660 params->ssids[j].ssid_len, 661 ssids); 662 if (index < 0) { 663 ssids[i].id = WLAN_EID_SSID; 664 ssids[i].len = params->ssids[j].ssid_len; 665 memcpy(ssids[i].ssid, params->ssids[j].ssid, 666 ssids[i].len); 667 tmp_bitmap |= BIT(i); 668 } else { 669 tmp_bitmap |= BIT(index); 670 } 671 } 672 673 if (ssid_bitmap) 674 *ssid_bitmap = tmp_bitmap; 675 } 676 677 static void 678 iwl_mld_scan_fill_6g_chan_list(struct iwl_mld_scan_params *params, 679 struct iwl_scan_req_params_ptrs *scan_ptrs) 680 { 681 int j, idex_s = 0, idex_b = 0; 682 struct cfg80211_scan_6ghz_params *scan_6ghz_params = 683 params->scan_6ghz_params; 684 struct iwl_scan_probe_params_v4 *pp = scan_ptrs->probe_params; 685 686 for (j = 0; 687 j < params->n_ssids && idex_s < SCAN_SHORT_SSID_MAX_SIZE; 688 j++) { 689 if (!params->ssids[j].ssid_len) 690 continue; 691 692 pp->short_ssid[idex_s] = 693 cpu_to_le32(~crc32_le(~0, params->ssids[j].ssid, 694 params->ssids[j].ssid_len)); 695 696 /* hidden 6ghz scan */ 697 pp->direct_scan[idex_s].id = WLAN_EID_SSID; 698 pp->direct_scan[idex_s].len = params->ssids[j].ssid_len; 699 memcpy(pp->direct_scan[idex_s].ssid, params->ssids[j].ssid, 700 params->ssids[j].ssid_len); 701 idex_s++; 702 } 703 704 /* Populate the arrays of the short SSIDs and the BSSIDs using the 6GHz 705 * collocated parameters. This might not be optimal, as this processing 706 * does not (yet) correspond to the actual channels, so it is possible 707 * that some entries would be left out. 708 */ 709 for (j = 0; j < params->n_6ghz_params; j++) { 710 int k; 711 712 /* First, try to place the short SSID */ 713 if (scan_6ghz_params[j].short_ssid_valid) { 714 for (k = 0; k < idex_s; k++) { 715 if (pp->short_ssid[k] == 716 cpu_to_le32(scan_6ghz_params[j].short_ssid)) 717 break; 718 } 719 720 if (k == idex_s && idex_s < SCAN_SHORT_SSID_MAX_SIZE) { 721 pp->short_ssid[idex_s++] = 722 cpu_to_le32(scan_6ghz_params[j].short_ssid); 723 } 724 } 725 726 /* try to place BSSID for the same entry */ 727 for (k = 0; k < idex_b; k++) { 728 if (!memcmp(&pp->bssid_array[k], 729 scan_6ghz_params[j].bssid, ETH_ALEN)) 730 break; 731 } 732 733 if (k == idex_b && idex_b < SCAN_BSSID_MAX_SIZE && 734 !WARN_ONCE(!is_valid_ether_addr(scan_6ghz_params[j].bssid), 735 "scan: invalid BSSID at index %u, index_b=%u\n", 736 j, idex_b)) { 737 memcpy(&pp->bssid_array[idex_b++], 738 scan_6ghz_params[j].bssid, ETH_ALEN); 739 } 740 } 741 742 pp->short_ssid_num = idex_s; 743 pp->bssid_num = idex_b; 744 } 745 746 static void 747 iwl_mld_scan_cmd_set_probe_params(struct iwl_mld_scan_params *params, 748 struct iwl_scan_req_params_ptrs *scan_ptrs, 749 u32 *bitmap_ssid) 750 { 751 struct iwl_scan_probe_params_v4 *pp = scan_ptrs->probe_params; 752 753 pp->preq = params->preq; 754 755 if (params->scan_6ghz) { 756 iwl_mld_scan_fill_6g_chan_list(params, scan_ptrs); 757 return; 758 } 759 760 /* relevant only for 2.4 GHz /5 GHz scan */ 761 iwl_mld_scan_cmd_build_ssids(params, pp->direct_scan, bitmap_ssid); 762 } 763 764 static bool 765 iwl_mld_scan_use_ebs(struct iwl_mld *mld, struct ieee80211_vif *vif, 766 bool low_latency) 767 { 768 const struct iwl_ucode_capabilities *capa = &mld->fw->ucode_capa; 769 770 /* We can only use EBS if: 771 * 1. the feature is supported. 772 * 2. the last EBS was successful. 773 * 3. it's not a p2p find operation. 774 * 4. we are not in low latency mode, 775 * or if fragmented ebs is supported by the FW 776 * 5. the VIF is not an AP interface (scan wants survey results) 777 */ 778 return ((capa->flags & IWL_UCODE_TLV_FLAGS_EBS_SUPPORT) && 779 !mld->scan.last_ebs_failed && 780 vif->type != NL80211_IFTYPE_P2P_DEVICE && 781 (!low_latency || fw_has_api(capa, IWL_UCODE_TLV_API_FRAG_EBS)) && 782 ieee80211_vif_type_p2p(vif) != NL80211_IFTYPE_AP); 783 } 784 785 static u8 786 iwl_mld_scan_cmd_set_chan_flags(struct iwl_mld *mld, 787 struct iwl_mld_scan_params *params, 788 struct ieee80211_vif *vif, 789 bool low_latency) 790 { 791 u8 flags = 0; 792 793 flags |= IWL_SCAN_CHANNEL_FLAG_ENABLE_CHAN_ORDER; 794 795 if (iwl_mld_scan_use_ebs(mld, vif, low_latency)) 796 flags |= IWL_SCAN_CHANNEL_FLAG_EBS | 797 IWL_SCAN_CHANNEL_FLAG_EBS_ACCURATE | 798 IWL_SCAN_CHANNEL_FLAG_CACHE_ADD; 799 800 /* set fragmented ebs for fragmented scan */ 801 if (iwl_mld_scan_is_fragmented(params->type)) 802 flags |= IWL_SCAN_CHANNEL_FLAG_EBS_FRAG; 803 804 /* Force EBS in case the scan is a fragmented and there is a need 805 * to take P2P GO operation into consideration during scan operation. 806 */ 807 /* TODO: CDB */ 808 if (iwl_mld_scan_is_fragmented(params->type) && 809 params->respect_p2p_go) { 810 IWL_DEBUG_SCAN(mld, "Respect P2P GO. Force EBS\n"); 811 flags |= IWL_SCAN_CHANNEL_FLAG_FORCE_EBS; 812 } 813 814 return flags; 815 } 816 817 static const u8 p2p_go_friendly_chs[] = { 818 36, 40, 44, 48, 149, 153, 157, 161, 165, 819 }; 820 821 static const u8 social_chs[] = { 822 1, 6, 11 823 }; 824 825 static u32 iwl_mld_scan_ch_n_aps_flag(enum nl80211_iftype vif_type, u8 ch_id) 826 { 827 if (vif_type != NL80211_IFTYPE_P2P_DEVICE) 828 return 0; 829 830 for (int i = 0; i < ARRAY_SIZE(p2p_go_friendly_chs); i++) { 831 if (ch_id == p2p_go_friendly_chs[i]) 832 return IWL_SCAN_ADWELL_N_APS_GO_FRIENDLY_BIT; 833 } 834 835 for (int i = 0; i < ARRAY_SIZE(social_chs); i++) { 836 if (ch_id == social_chs[i]) 837 return IWL_SCAN_ADWELL_N_APS_SOCIAL_CHS_BIT; 838 } 839 840 return 0; 841 } 842 843 static void 844 iwl_mld_scan_cmd_set_channels(struct iwl_mld *mld, 845 struct ieee80211_channel **channels, 846 struct iwl_scan_req_params_ptrs *scan_ptrs, 847 int n_channels, u32 flags, 848 enum nl80211_iftype vif_type) 849 { 850 struct iwl_scan_channel_params_v8 *cp = scan_ptrs->channel_params; 851 852 for (int i = 0; i < n_channels; i++) { 853 enum nl80211_band band = channels[i]->band; 854 struct iwl_scan_channel_cfg_umac *cfg = &cp->channel_config[i]; 855 u8 iwl_band = iwl_mld_nl80211_band_to_fw(band); 856 u32 n_aps_flag = 857 iwl_mld_scan_ch_n_aps_flag(vif_type, 858 channels[i]->hw_value); 859 860 if (IWL_MLD_ADAPTIVE_DWELL_NUM_APS_OVERRIDE) 861 n_aps_flag = IWL_SCAN_ADWELL_N_APS_GO_FRIENDLY_BIT; 862 863 cfg->flags = cpu_to_le32(flags | n_aps_flag); 864 cfg->channel_num = channels[i]->hw_value; 865 if (cfg80211_channel_is_psc(channels[i])) 866 cfg->flags = 0; 867 868 if (band == NL80211_BAND_6GHZ) { 869 /* 6 GHz channels should only appear in a scan request 870 * that has scan_6ghz set. The only exception is MLO 871 * scan, which has to be passive. 872 */ 873 WARN_ON_ONCE(cfg->flags != 0); 874 cfg->flags = 875 cpu_to_le32(IWL_UHB_CHAN_CFG_FLAG_FORCE_PASSIVE); 876 } 877 878 cfg->v2.iter_count = 1; 879 cfg->v2.iter_interval = 0; 880 cfg->flags |= cpu_to_le32(iwl_band << 881 IWL_CHAN_CFG_FLAGS_BAND_POS); 882 } 883 } 884 885 static u8 886 iwl_mld_scan_cfg_channels_6g(struct iwl_mld *mld, 887 struct iwl_mld_scan_params *params, 888 u32 n_channels, 889 struct iwl_scan_req_params_ptrs *scan_ptrs, 890 enum nl80211_iftype vif_type) 891 { 892 struct iwl_scan_probe_params_v4 *pp = scan_ptrs->probe_params; 893 struct iwl_scan_channel_params_v8 *cp = scan_ptrs->channel_params; 894 struct cfg80211_scan_6ghz_params *scan_6ghz_params = 895 params->scan_6ghz_params; 896 u32 i; 897 u8 ch_cnt; 898 899 for (i = 0, ch_cnt = 0; i < params->n_channels; i++) { 900 struct iwl_scan_channel_cfg_umac *cfg = 901 &cp->channel_config[ch_cnt]; 902 903 u32 s_ssid_bitmap = 0, bssid_bitmap = 0, flags = 0; 904 u8 k, n_s_ssids = 0, n_bssids = 0; 905 u8 max_s_ssids, max_bssids; 906 bool force_passive = false, found = false, allow_passive = true, 907 unsolicited_probe_on_chan = false, psc_no_listen = false; 908 s8 psd_20 = IEEE80211_RNR_TBTT_PARAMS_PSD_RESERVED; 909 910 /* Avoid performing passive scan on non PSC channels unless the 911 * scan is specifically a passive scan, i.e., no SSIDs 912 * configured in the scan command. 913 */ 914 if (!cfg80211_channel_is_psc(params->channels[i]) && 915 !params->n_6ghz_params && params->n_ssids) 916 continue; 917 918 cfg->channel_num = params->channels[i]->hw_value; 919 cfg->flags |= 920 cpu_to_le32(PHY_BAND_6 << IWL_CHAN_CFG_FLAGS_BAND_POS); 921 922 cfg->v5.iter_count = 1; 923 cfg->v5.iter_interval = 0; 924 925 for (u32 j = 0; j < params->n_6ghz_params; j++) { 926 s8 tmp_psd_20; 927 928 if (!(scan_6ghz_params[j].channel_idx == i)) 929 continue; 930 931 unsolicited_probe_on_chan |= 932 scan_6ghz_params[j].unsolicited_probe; 933 934 /* Use the highest PSD value allowed as advertised by 935 * APs for this channel 936 */ 937 tmp_psd_20 = scan_6ghz_params[j].psd_20; 938 if (tmp_psd_20 != 939 IEEE80211_RNR_TBTT_PARAMS_PSD_RESERVED && 940 (psd_20 == 941 IEEE80211_RNR_TBTT_PARAMS_PSD_RESERVED || 942 psd_20 < tmp_psd_20)) 943 psd_20 = tmp_psd_20; 944 945 psc_no_listen |= scan_6ghz_params[j].psc_no_listen; 946 } 947 948 /* In the following cases apply passive scan: 949 * 1. Non fragmented scan: 950 * - PSC channel with NO_LISTEN_FLAG on should be treated 951 * like non PSC channel 952 * - Non PSC channel with more than 3 short SSIDs or more 953 * than 9 BSSIDs. 954 * - Non PSC Channel with unsolicited probe response and 955 * more than 2 short SSIDs or more than 6 BSSIDs. 956 * - PSC channel with more than 2 short SSIDs or more than 957 * 6 BSSIDs. 958 * 2. Fragmented scan: 959 * - PSC channel with more than 1 SSID or 3 BSSIDs. 960 * - Non PSC channel with more than 2 SSIDs or 6 BSSIDs. 961 * - Non PSC channel with unsolicited probe response and 962 * more than 1 SSID or more than 3 BSSIDs. 963 */ 964 if (!iwl_mld_scan_is_fragmented(params->type)) { 965 if (!cfg80211_channel_is_psc(params->channels[i]) || 966 psc_no_listen) { 967 if (unsolicited_probe_on_chan) { 968 max_s_ssids = 2; 969 max_bssids = 6; 970 } else { 971 max_s_ssids = 3; 972 max_bssids = 9; 973 } 974 } else { 975 max_s_ssids = 2; 976 max_bssids = 6; 977 } 978 } else if (cfg80211_channel_is_psc(params->channels[i])) { 979 max_s_ssids = 1; 980 max_bssids = 3; 981 } else { 982 if (unsolicited_probe_on_chan) { 983 max_s_ssids = 1; 984 max_bssids = 3; 985 } else { 986 max_s_ssids = 2; 987 max_bssids = 6; 988 } 989 } 990 991 /* To optimize the scan time, i.e., reduce the scan dwell time 992 * on each channel, the below logic tries to set 3 direct BSSID 993 * probe requests for each broadcast probe request with a short 994 * SSID. 995 */ 996 for (u32 j = 0; j < params->n_6ghz_params; j++) { 997 if (!(scan_6ghz_params[j].channel_idx == i)) 998 continue; 999 1000 found = false; 1001 1002 for (k = 0; 1003 k < pp->short_ssid_num && n_s_ssids < max_s_ssids; 1004 k++) { 1005 if (!scan_6ghz_params[j].unsolicited_probe && 1006 le32_to_cpu(pp->short_ssid[k]) == 1007 scan_6ghz_params[j].short_ssid) { 1008 /* Relevant short SSID bit set */ 1009 if (s_ssid_bitmap & BIT(k)) { 1010 found = true; 1011 break; 1012 } 1013 1014 /* Prefer creating BSSID entries unless 1015 * the short SSID probe can be done in 1016 * the same channel dwell iteration. 1017 * 1018 * We also need to create a short SSID 1019 * entry for any hidden AP. 1020 */ 1021 if (3 * n_s_ssids > n_bssids && 1022 !pp->direct_scan[k].len) 1023 break; 1024 1025 /* Hidden AP, cannot do passive scan */ 1026 if (pp->direct_scan[k].len) 1027 allow_passive = false; 1028 1029 s_ssid_bitmap |= BIT(k); 1030 n_s_ssids++; 1031 found = true; 1032 break; 1033 } 1034 } 1035 1036 if (found) 1037 continue; 1038 1039 for (k = 0; k < pp->bssid_num; k++) { 1040 if (memcmp(&pp->bssid_array[k], 1041 scan_6ghz_params[j].bssid, 1042 ETH_ALEN)) 1043 continue; 1044 1045 if (bssid_bitmap & BIT(k)) 1046 break; 1047 1048 if (n_bssids < max_bssids) { 1049 bssid_bitmap |= BIT(k); 1050 n_bssids++; 1051 } else { 1052 force_passive = TRUE; 1053 } 1054 1055 break; 1056 } 1057 } 1058 1059 if (cfg80211_channel_is_psc(params->channels[i]) && 1060 psc_no_listen) 1061 flags |= IWL_UHB_CHAN_CFG_FLAG_PSC_CHAN_NO_LISTEN; 1062 1063 if (unsolicited_probe_on_chan) 1064 flags |= IWL_UHB_CHAN_CFG_FLAG_UNSOLICITED_PROBE_RES; 1065 1066 if ((allow_passive && force_passive) || 1067 (!(bssid_bitmap | s_ssid_bitmap) && 1068 !cfg80211_channel_is_psc(params->channels[i]))) 1069 flags |= IWL_UHB_CHAN_CFG_FLAG_FORCE_PASSIVE; 1070 else 1071 flags |= bssid_bitmap | (s_ssid_bitmap << 16); 1072 1073 cfg->flags |= cpu_to_le32(flags); 1074 cfg->v5.psd_20 = psd_20; 1075 1076 ch_cnt++; 1077 } 1078 1079 if (params->n_channels > ch_cnt) 1080 IWL_DEBUG_SCAN(mld, 1081 "6GHz: reducing number channels: (%u->%u)\n", 1082 params->n_channels, ch_cnt); 1083 1084 return ch_cnt; 1085 } 1086 1087 static int 1088 iwl_mld_scan_cmd_set_6ghz_chan_params(struct iwl_mld *mld, 1089 struct iwl_mld_scan_params *params, 1090 struct ieee80211_vif *vif, 1091 struct iwl_scan_req_params_ptrs *scan_ptrs) 1092 { 1093 struct iwl_scan_channel_params_v8 *cp = scan_ptrs->channel_params; 1094 1095 /* Explicitly clear the flags since most of them are not 1096 * relevant for 6 GHz scan. 1097 */ 1098 cp->flags = 0; 1099 cp->count = iwl_mld_scan_cfg_channels_6g(mld, params, 1100 params->n_channels, 1101 scan_ptrs, vif->type); 1102 if (!cp->count) 1103 return -EINVAL; 1104 1105 if (!params->n_ssids || 1106 (params->n_ssids == 1 && !params->ssids[0].ssid_len)) 1107 cp->flags |= IWL_SCAN_CHANNEL_FLAG_6G_PSC_NO_FILTER; 1108 1109 return 0; 1110 } 1111 1112 static int 1113 iwl_mld_scan_cmd_set_chan_params(struct iwl_mld *mld, 1114 struct iwl_mld_scan_params *params, 1115 struct ieee80211_vif *vif, 1116 struct iwl_scan_req_params_ptrs *scan_ptrs, 1117 bool low_latency, 1118 enum iwl_mld_scan_status scan_status, 1119 u32 channel_cfg_flags) 1120 { 1121 struct iwl_scan_channel_params_v8 *cp = scan_ptrs->channel_params; 1122 struct ieee80211_supported_band *sband = 1123 &mld->nvm_data->bands[NL80211_BAND_6GHZ]; 1124 1125 cp->n_aps_override[0] = IWL_SCAN_ADWELL_N_APS_GO_FRIENDLY; 1126 cp->n_aps_override[1] = IWL_SCAN_ADWELL_N_APS_SOCIAL_CHS; 1127 1128 if (IWL_MLD_ADAPTIVE_DWELL_NUM_APS_OVERRIDE) 1129 cp->n_aps_override[0] = IWL_MLD_ADAPTIVE_DWELL_NUM_APS_OVERRIDE; 1130 1131 if (params->scan_6ghz) 1132 return iwl_mld_scan_cmd_set_6ghz_chan_params(mld, params, 1133 vif, scan_ptrs); 1134 1135 /* relevant only for 2.4 GHz/5 GHz scan */ 1136 cp->flags = iwl_mld_scan_cmd_set_chan_flags(mld, params, vif, 1137 low_latency); 1138 cp->count = params->n_channels; 1139 1140 iwl_mld_scan_cmd_set_channels(mld, params->channels, scan_ptrs, 1141 params->n_channels, channel_cfg_flags, 1142 vif->type); 1143 1144 if (!params->enable_6ghz_passive) 1145 return 0; 1146 1147 /* fill 6 GHz passive scan cfg */ 1148 for (int i = 0; i < sband->n_channels; i++) { 1149 struct ieee80211_channel *channel = 1150 &sband->channels[i]; 1151 struct iwl_scan_channel_cfg_umac *cfg = 1152 &cp->channel_config[cp->count]; 1153 1154 if (!cfg80211_channel_is_psc(channel)) 1155 continue; 1156 1157 cfg->channel_num = channel->hw_value; 1158 cfg->v5.iter_count = 1; 1159 cfg->v5.iter_interval = 0; 1160 cfg->v5.psd_20 = 1161 IEEE80211_RNR_TBTT_PARAMS_PSD_RESERVED; 1162 cfg->flags = cpu_to_le32(PHY_BAND_6 << 1163 IWL_CHAN_CFG_FLAGS_BAND_POS); 1164 cp->count++; 1165 } 1166 1167 return 0; 1168 } 1169 1170 struct iwl_scan_umac_handler { 1171 u8 version; 1172 int (*handler)(struct iwl_mld *mld, struct ieee80211_vif *vif, 1173 struct iwl_mld_scan_params *params, 1174 enum iwl_mld_scan_status scan_status, 1175 int uid, u32 ooc_priority, bool low_latency); 1176 }; 1177 1178 #define IWL_SCAN_UMAC_HANDLER(_ver) { \ 1179 .version = _ver, \ 1180 .handler = iwl_mld_scan_umac_v##_ver, \ 1181 } 1182 1183 static int iwl_mld_scan_umac_common(struct iwl_mld *mld, 1184 struct ieee80211_vif *vif, 1185 struct iwl_mld_scan_params *params, 1186 struct iwl_scan_req_params_ptrs *scan_ptrs, 1187 enum iwl_mld_scan_status scan_status, 1188 bool low_latency) 1189 { 1190 u32 bitmap_ssid = 0; 1191 int ret; 1192 1193 iwl_mld_scan_cmd_set_gen_params(mld, params, vif, scan_ptrs, 1194 scan_status); 1195 1196 ret = iwl_mld_scan_cmd_set_sched_params(params, scan_ptrs); 1197 if (ret) 1198 return ret; 1199 1200 iwl_mld_scan_cmd_set_probe_params(params, scan_ptrs, &bitmap_ssid); 1201 1202 return iwl_mld_scan_cmd_set_chan_params(mld, params, vif, scan_ptrs, 1203 low_latency, scan_status, 1204 bitmap_ssid); 1205 } 1206 1207 static int iwl_mld_scan_umac_v18(struct iwl_mld *mld, struct ieee80211_vif *vif, 1208 struct iwl_mld_scan_params *params, 1209 enum iwl_mld_scan_status scan_status, 1210 int uid, u32 ooc_priority, bool low_latency) 1211 { 1212 struct iwl_scan_req_umac_v18 *cmd = mld->scan.cmd; 1213 struct iwl_scan_req_params_ptrs scan_ptrs = { 1214 .general_params = &cmd->scan_params.general_params, 1215 .probe_params = &cmd->scan_params.probe_params, 1216 .channel_params = &cmd->scan_params.channel_params, 1217 .periodic_params = &cmd->scan_params.periodic_params 1218 }; 1219 int ret; 1220 1221 if (WARN_ON(params->n_channels > SCAN_MAX_NUM_CHANS_V4)) 1222 return -EINVAL; 1223 1224 cmd->uid = cpu_to_le32(uid); 1225 cmd->ooc_priority = cpu_to_le32(ooc_priority); 1226 1227 ret = iwl_mld_scan_umac_common(mld, vif, params, &scan_ptrs, 1228 scan_status, low_latency); 1229 if (ret) 1230 return ret; 1231 1232 return uid; 1233 } 1234 1235 static int iwl_mld_scan_umac_v17(struct iwl_mld *mld, struct ieee80211_vif *vif, 1236 struct iwl_mld_scan_params *params, 1237 enum iwl_mld_scan_status scan_status, 1238 int uid, u32 ooc_priority, bool low_latency) 1239 { 1240 struct iwl_scan_req_umac_v17 *cmd = mld->scan.cmd; 1241 struct iwl_scan_req_params_ptrs scan_ptrs = { 1242 .general_params = &cmd->scan_params.general_params, 1243 .probe_params = &cmd->scan_params.probe_params, 1244 1245 /* struct iwl_scan_channel_params_v8 and struct 1246 * iwl_scan_channel_params_v7 are almost identical. The only 1247 * difference is that the newer version allows configuration of 1248 * more channels. So casting here is ok as long as we ensure 1249 * that we don't exceed the max number of channels supported by 1250 * the older version (see the WARN_ON below). 1251 */ 1252 .channel_params = (struct iwl_scan_channel_params_v8 *) 1253 &cmd->scan_params.channel_params, 1254 .periodic_params = &cmd->scan_params.periodic_params 1255 }; 1256 int ret; 1257 1258 if (WARN_ON(params->n_channels > SCAN_MAX_NUM_CHANS_V3)) 1259 return -EINVAL; 1260 1261 cmd->uid = cpu_to_le32(uid); 1262 cmd->ooc_priority = cpu_to_le32(ooc_priority); 1263 1264 ret = iwl_mld_scan_umac_common(mld, vif, params, &scan_ptrs, 1265 scan_status, low_latency); 1266 if (ret) 1267 return ret; 1268 1269 return uid; 1270 } 1271 1272 static const struct iwl_scan_umac_handler iwl_scan_umac_handlers[] = { 1273 /* set the newest version first to shorten the list traverse time */ 1274 IWL_SCAN_UMAC_HANDLER(18), 1275 IWL_SCAN_UMAC_HANDLER(17), 1276 }; 1277 1278 static int 1279 iwl_mld_scan_build_cmd(struct iwl_mld *mld, struct ieee80211_vif *vif, 1280 struct iwl_mld_scan_params *params, 1281 enum iwl_mld_scan_status scan_status, 1282 bool low_latency) 1283 { 1284 int uid, err; 1285 u32 ooc_priority; 1286 1287 memset(mld->scan.cmd, 0, mld->scan.cmd_size); 1288 uid = iwl_mld_scan_uid_by_status(mld, IWL_MLD_SCAN_NONE); 1289 if (uid < 0) 1290 return uid; 1291 1292 ooc_priority = iwl_mld_scan_ooc_priority(scan_status); 1293 1294 for (size_t i = 0; i < ARRAY_SIZE(iwl_scan_umac_handlers); i++) { 1295 const struct iwl_scan_umac_handler *ver_handler = 1296 &iwl_scan_umac_handlers[i]; 1297 1298 if (ver_handler->version != mld->scan.cmd_ver) 1299 continue; 1300 1301 err = ver_handler->handler(mld, vif, params, scan_status, 1302 uid, ooc_priority, low_latency); 1303 return err ? : uid; 1304 } 1305 1306 IWL_ERR(mld, "No handler for UMAC scan cmd version %d\n", 1307 mld->scan.cmd_ver); 1308 1309 return -EINVAL; 1310 } 1311 1312 static bool 1313 iwl_mld_scan_pass_all(struct iwl_mld *mld, 1314 struct cfg80211_sched_scan_request *req) 1315 { 1316 if (req->n_match_sets && req->match_sets[0].ssid.ssid_len) { 1317 IWL_DEBUG_SCAN(mld, 1318 "Sending scheduled scan with filtering, n_match_sets %d\n", 1319 req->n_match_sets); 1320 mld->scan.pass_all_sched_res = SCHED_SCAN_PASS_ALL_STATE_DISABLED; 1321 return false; 1322 } 1323 1324 IWL_DEBUG_SCAN(mld, "Sending Scheduled scan without filtering\n"); 1325 mld->scan.pass_all_sched_res = SCHED_SCAN_PASS_ALL_STATE_ENABLED; 1326 1327 return true; 1328 } 1329 1330 static int 1331 iwl_mld_config_sched_scan_profiles(struct iwl_mld *mld, 1332 struct cfg80211_sched_scan_request *req) 1333 { 1334 struct iwl_host_cmd hcmd = { 1335 .id = SCAN_OFFLOAD_UPDATE_PROFILES_CMD, 1336 .dataflags[0] = IWL_HCMD_DFL_NOCOPY, 1337 }; 1338 struct iwl_scan_offload_profile *profile; 1339 struct iwl_scan_offload_profile_cfg_data *cfg_data; 1340 struct iwl_scan_offload_profile_cfg *profile_cfg; 1341 struct iwl_scan_offload_blocklist *blocklist; 1342 u32 blocklist_size = IWL_SCAN_MAX_BLACKLIST_LEN * sizeof(*blocklist); 1343 u32 cmd_size = blocklist_size + sizeof(*profile_cfg); 1344 u8 *cmd; 1345 int ret; 1346 1347 if (WARN_ON(req->n_match_sets > IWL_SCAN_MAX_PROFILES_V2)) 1348 return -EIO; 1349 1350 cmd = kzalloc(cmd_size, GFP_KERNEL); 1351 if (!cmd) 1352 return -ENOMEM; 1353 1354 hcmd.data[0] = cmd; 1355 hcmd.len[0] = cmd_size; 1356 1357 blocklist = (struct iwl_scan_offload_blocklist *)cmd; 1358 profile_cfg = (struct iwl_scan_offload_profile_cfg *)(cmd + blocklist_size); 1359 1360 /* No blocklist configuration */ 1361 cfg_data = &profile_cfg->data; 1362 cfg_data->num_profiles = req->n_match_sets; 1363 cfg_data->active_clients = SCAN_CLIENT_SCHED_SCAN; 1364 cfg_data->pass_match = SCAN_CLIENT_SCHED_SCAN; 1365 cfg_data->match_notify = SCAN_CLIENT_SCHED_SCAN; 1366 1367 if (!req->n_match_sets || !req->match_sets[0].ssid.ssid_len) 1368 cfg_data->any_beacon_notify = SCAN_CLIENT_SCHED_SCAN; 1369 1370 for (int i = 0; i < req->n_match_sets; i++) { 1371 profile = &profile_cfg->profiles[i]; 1372 1373 /* Support any cipher and auth algorithm */ 1374 profile->unicast_cipher = 0xff; 1375 profile->auth_alg = IWL_AUTH_ALGO_UNSUPPORTED | 1376 IWL_AUTH_ALGO_NONE | IWL_AUTH_ALGO_PSK | 1377 IWL_AUTH_ALGO_8021X | IWL_AUTH_ALGO_SAE | 1378 IWL_AUTH_ALGO_8021X_SHA384 | IWL_AUTH_ALGO_OWE; 1379 profile->network_type = IWL_NETWORK_TYPE_ANY; 1380 profile->band_selection = IWL_SCAN_OFFLOAD_SELECT_ANY; 1381 profile->client_bitmap = SCAN_CLIENT_SCHED_SCAN; 1382 profile->ssid_index = i; 1383 } 1384 1385 IWL_DEBUG_SCAN(mld, 1386 "Sending scheduled scan profile config (n_match_sets=%u)\n", 1387 req->n_match_sets); 1388 1389 ret = iwl_mld_send_cmd(mld, &hcmd); 1390 1391 kfree(cmd); 1392 1393 return ret; 1394 } 1395 1396 static int 1397 iwl_mld_sched_scan_handle_non_psc_channels(struct iwl_mld_scan_params *params, 1398 bool *non_psc_included) 1399 { 1400 int i, j; 1401 1402 *non_psc_included = false; 1403 /* for 6 GHZ band only PSC channels need to be added */ 1404 for (i = 0; i < params->n_channels; i++) { 1405 struct ieee80211_channel *channel = params->channels[i]; 1406 1407 if (channel->band == NL80211_BAND_6GHZ && 1408 !cfg80211_channel_is_psc(channel)) { 1409 *non_psc_included = true; 1410 break; 1411 } 1412 } 1413 1414 if (!*non_psc_included) 1415 return 0; 1416 1417 params->channels = 1418 kmemdup(params->channels, 1419 sizeof(params->channels[0]) * params->n_channels, 1420 GFP_KERNEL); 1421 if (!params->channels) 1422 return -ENOMEM; 1423 1424 for (i = j = 0; i < params->n_channels; i++) { 1425 if (params->channels[i]->band == NL80211_BAND_6GHZ && 1426 !cfg80211_channel_is_psc(params->channels[i])) 1427 continue; 1428 params->channels[j++] = params->channels[i]; 1429 } 1430 1431 params->n_channels = j; 1432 1433 return 0; 1434 } 1435 1436 static void 1437 iwl_mld_scan_6ghz_passive_scan(struct iwl_mld *mld, 1438 struct iwl_mld_scan_params *params, 1439 struct ieee80211_vif *vif) 1440 { 1441 struct ieee80211_supported_band *sband = 1442 &mld->nvm_data->bands[NL80211_BAND_6GHZ]; 1443 u32 n_disabled, i; 1444 1445 params->enable_6ghz_passive = false; 1446 1447 /* 6 GHz passive scan may be enabled in the first 2.4 GHz/5 GHz scan 1448 * phase to discover geo location if no AP's are found. Skip it when 1449 * we're in the 6 GHz scan phase. 1450 */ 1451 if (params->scan_6ghz) 1452 return; 1453 1454 /* 6 GHz passive scan allowed only on station interface */ 1455 if (vif->type != NL80211_IFTYPE_STATION) { 1456 IWL_DEBUG_SCAN(mld, 1457 "6GHz passive scan: not station interface\n"); 1458 return; 1459 } 1460 1461 /* 6 GHz passive scan is allowed in a defined time interval following 1462 * HW reset or resume flow, or while not associated and a large 1463 * interval has passed since the last 6 GHz passive scan. 1464 */ 1465 if ((vif->cfg.assoc || 1466 time_after(mld->scan.last_6ghz_passive_jiffies + 1467 (IWL_MLD_6GHZ_PASSIVE_SCAN_TIMEOUT * HZ), jiffies)) && 1468 (time_before(mld->scan.last_start_time_jiffies + 1469 (IWL_MLD_6GHZ_PASSIVE_SCAN_ASSOC_TIMEOUT * HZ), 1470 jiffies))) { 1471 IWL_DEBUG_SCAN(mld, "6GHz passive scan: %s\n", 1472 vif->cfg.assoc ? "associated" : 1473 "timeout did not expire"); 1474 return; 1475 } 1476 1477 /* not enough channels in the regular scan request */ 1478 if (params->n_channels < IWL_MLD_6GHZ_PASSIVE_SCAN_MIN_CHANS) { 1479 IWL_DEBUG_SCAN(mld, 1480 "6GHz passive scan: not enough channels %d\n", 1481 params->n_channels); 1482 return; 1483 } 1484 1485 for (i = 0; i < params->n_ssids; i++) { 1486 if (!params->ssids[i].ssid_len) 1487 break; 1488 } 1489 1490 /* not a wildcard scan, so cannot enable passive 6 GHz scan */ 1491 if (i == params->n_ssids) { 1492 IWL_DEBUG_SCAN(mld, 1493 "6GHz passive scan: no wildcard SSID\n"); 1494 return; 1495 } 1496 1497 if (!sband || !sband->n_channels) { 1498 IWL_DEBUG_SCAN(mld, 1499 "6GHz passive scan: no 6GHz channels\n"); 1500 return; 1501 } 1502 1503 for (i = 0, n_disabled = 0; i < sband->n_channels; i++) { 1504 if (sband->channels[i].flags & (IEEE80211_CHAN_DISABLED)) 1505 n_disabled++; 1506 } 1507 1508 /* Not all the 6 GHz channels are disabled, so no need for 6 GHz 1509 * passive scan 1510 */ 1511 if (n_disabled != sband->n_channels) { 1512 IWL_DEBUG_SCAN(mld, 1513 "6GHz passive scan: 6GHz channels enabled\n"); 1514 return; 1515 } 1516 1517 /* all conditions to enable 6 GHz passive scan are satisfied */ 1518 IWL_DEBUG_SCAN(mld, "6GHz passive scan: can be enabled\n"); 1519 params->enable_6ghz_passive = true; 1520 } 1521 1522 static void 1523 iwl_mld_scan_set_link_id(struct iwl_mld *mld, struct ieee80211_vif *vif, 1524 struct iwl_mld_scan_params *params, 1525 s8 tsf_report_link_id, 1526 enum iwl_mld_scan_status scan_status) 1527 { 1528 struct iwl_mld_vif *mld_vif = iwl_mld_vif_from_mac80211(vif); 1529 struct iwl_mld_link *link; 1530 1531 if (tsf_report_link_id < 0) { 1532 if (vif->active_links) 1533 tsf_report_link_id = __ffs(vif->active_links); 1534 else 1535 tsf_report_link_id = 0; 1536 } 1537 1538 link = iwl_mld_link_dereference_check(mld_vif, tsf_report_link_id); 1539 if (!WARN_ON(!link)) { 1540 params->fw_link_id = link->fw_id; 1541 /* we to store fw_link_id only for regular scan, 1542 * and use it in scan complete notif 1543 */ 1544 if (scan_status == IWL_MLD_SCAN_REGULAR) 1545 mld->scan.fw_link_id = link->fw_id; 1546 } else { 1547 mld->scan.fw_link_id = IWL_MLD_INVALID_FW_ID; 1548 params->fw_link_id = IWL_MLD_INVALID_FW_ID; 1549 } 1550 } 1551 1552 static int 1553 _iwl_mld_single_scan_start(struct iwl_mld *mld, struct ieee80211_vif *vif, 1554 struct cfg80211_scan_request *req, 1555 struct ieee80211_scan_ies *ies, 1556 enum iwl_mld_scan_status scan_status) 1557 { 1558 struct iwl_host_cmd hcmd = { 1559 .id = WIDE_ID(LONG_GROUP, SCAN_REQ_UMAC), 1560 .len = { mld->scan.cmd_size, }, 1561 .data = { mld->scan.cmd, }, 1562 .dataflags = { IWL_HCMD_DFL_NOCOPY, }, 1563 }; 1564 struct iwl_mld_scan_iter_data scan_iter_data = { 1565 .current_vif = vif, 1566 }; 1567 struct cfg80211_sched_scan_plan scan_plan = {.iterations = 1}; 1568 struct iwl_mld_scan_params params = {}; 1569 int ret, uid; 1570 1571 /* we should have failed registration if scan_cmd was NULL */ 1572 if (WARN_ON(!mld->scan.cmd)) 1573 return -ENOMEM; 1574 1575 if (!iwl_mld_scan_fits(mld, req->n_ssids, ies, req->n_channels)) 1576 return -ENOBUFS; 1577 1578 ieee80211_iterate_active_interfaces_mtx(mld->hw, 1579 IEEE80211_IFACE_ITER_NORMAL, 1580 iwl_mld_scan_iterator, 1581 &scan_iter_data); 1582 1583 params.type = iwl_mld_get_scan_type(mld, vif, &scan_iter_data); 1584 params.n_ssids = req->n_ssids; 1585 params.flags = req->flags; 1586 params.n_channels = req->n_channels; 1587 params.delay = 0; 1588 params.ssids = req->ssids; 1589 params.channels = req->channels; 1590 params.mac_addr = req->mac_addr; 1591 params.mac_addr_mask = req->mac_addr_mask; 1592 params.no_cck = req->no_cck; 1593 params.pass_all = true; 1594 params.n_match_sets = 0; 1595 params.match_sets = NULL; 1596 params.scan_plans = &scan_plan; 1597 params.n_scan_plans = 1; 1598 1599 params.n_6ghz_params = req->n_6ghz_params; 1600 params.scan_6ghz_params = req->scan_6ghz_params; 1601 params.scan_6ghz = req->scan_6ghz; 1602 1603 ether_addr_copy(params.bssid, req->bssid); 1604 /* TODO: CDB - per-band flag */ 1605 params.respect_p2p_go = 1606 iwl_mld_get_respect_p2p_go(mld, vif, 1607 scan_iter_data.global_low_latency); 1608 1609 if (req->duration) 1610 params.iter_notif = true; 1611 1612 iwl_mld_scan_set_link_id(mld, vif, ¶ms, req->tsf_report_link_id, 1613 scan_status); 1614 1615 iwl_mld_scan_build_probe_req(mld, vif, ies, ¶ms); 1616 1617 iwl_mld_scan_6ghz_passive_scan(mld, ¶ms, vif); 1618 1619 uid = iwl_mld_scan_build_cmd(mld, vif, ¶ms, scan_status, 1620 scan_iter_data.global_low_latency); 1621 if (uid < 0) 1622 return uid; 1623 1624 ret = iwl_mld_send_cmd(mld, &hcmd); 1625 if (ret) { 1626 IWL_ERR(mld, "Scan failed! ret %d\n", ret); 1627 return ret; 1628 } 1629 1630 IWL_DEBUG_SCAN(mld, "Scan request send success: status=%u, uid=%u\n", 1631 scan_status, uid); 1632 1633 mld->scan.uid_status[uid] = scan_status; 1634 mld->scan.status |= scan_status; 1635 1636 if (params.enable_6ghz_passive) 1637 mld->scan.last_6ghz_passive_jiffies = jiffies; 1638 1639 return 0; 1640 } 1641 1642 static int 1643 iwl_mld_scan_send_abort_cmd_status(struct iwl_mld *mld, int uid, u32 *status) 1644 { 1645 struct iwl_umac_scan_abort abort_cmd = { 1646 .uid = cpu_to_le32(uid), 1647 }; 1648 struct iwl_host_cmd cmd = { 1649 .id = WIDE_ID(LONG_GROUP, SCAN_ABORT_UMAC), 1650 .flags = CMD_WANT_SKB, 1651 .data = { &abort_cmd }, 1652 .len[0] = sizeof(abort_cmd), 1653 }; 1654 struct iwl_rx_packet *pkt; 1655 struct iwl_cmd_response *resp; 1656 u32 resp_len; 1657 int ret; 1658 1659 ret = iwl_mld_send_cmd(mld, &cmd); 1660 if (ret) 1661 return ret; 1662 1663 pkt = cmd.resp_pkt; 1664 1665 resp_len = iwl_rx_packet_payload_len(pkt); 1666 if (IWL_FW_CHECK(mld, resp_len != sizeof(*resp), 1667 "Scan Abort: unexpected response length %d\n", 1668 resp_len)) { 1669 ret = -EIO; 1670 goto out; 1671 } 1672 1673 resp = (void *)pkt->data; 1674 *status = le32_to_cpu(resp->status); 1675 1676 out: 1677 iwl_free_resp(&cmd); 1678 return ret; 1679 } 1680 1681 static int 1682 iwl_mld_scan_abort(struct iwl_mld *mld, int type, int uid, bool *wait) 1683 { 1684 enum iwl_umac_scan_abort_status status; 1685 int ret; 1686 1687 *wait = true; 1688 1689 IWL_DEBUG_SCAN(mld, "Sending scan abort, uid %u\n", uid); 1690 1691 ret = iwl_mld_scan_send_abort_cmd_status(mld, uid, &status); 1692 1693 IWL_DEBUG_SCAN(mld, "Scan abort: ret=%d status=%u\n", ret, status); 1694 1695 /* We don't need to wait to scan complete in the following cases: 1696 * 1. Driver failed to send the scan abort cmd. 1697 * 2. The FW is no longer familiar with the scan that needs to be 1698 * stopped. It is expected that the scan complete notification was 1699 * already received but not yet processed. 1700 * 1701 * In both cases the flow should continue similar to the case that the 1702 * scan was really aborted. 1703 */ 1704 if (ret || status == IWL_UMAC_SCAN_ABORT_STATUS_NOT_FOUND) 1705 *wait = false; 1706 1707 return ret; 1708 } 1709 1710 static int 1711 iwl_mld_scan_stop_wait(struct iwl_mld *mld, int type, int uid) 1712 { 1713 struct iwl_notification_wait wait_scan_done; 1714 static const u16 scan_comp_notif[] = { SCAN_COMPLETE_UMAC }; 1715 bool wait = true; 1716 int ret; 1717 1718 iwl_init_notification_wait(&mld->notif_wait, &wait_scan_done, 1719 scan_comp_notif, 1720 ARRAY_SIZE(scan_comp_notif), 1721 NULL, NULL); 1722 1723 IWL_DEBUG_SCAN(mld, "Preparing to stop scan, type=%x\n", type); 1724 1725 ret = iwl_mld_scan_abort(mld, type, uid, &wait); 1726 if (ret) { 1727 IWL_DEBUG_SCAN(mld, "couldn't stop scan type=%d\n", type); 1728 goto return_no_wait; 1729 } 1730 1731 if (!wait) { 1732 IWL_DEBUG_SCAN(mld, "no need to wait for scan type=%d\n", type); 1733 goto return_no_wait; 1734 } 1735 1736 return iwl_wait_notification(&mld->notif_wait, &wait_scan_done, HZ); 1737 1738 return_no_wait: 1739 iwl_remove_notification(&mld->notif_wait, &wait_scan_done); 1740 return ret; 1741 } 1742 1743 int iwl_mld_sched_scan_start(struct iwl_mld *mld, 1744 struct ieee80211_vif *vif, 1745 struct cfg80211_sched_scan_request *req, 1746 struct ieee80211_scan_ies *ies, 1747 int type) 1748 { 1749 struct iwl_host_cmd hcmd = { 1750 .id = WIDE_ID(LONG_GROUP, SCAN_REQ_UMAC), 1751 .len = { mld->scan.cmd_size, }, 1752 .data = { mld->scan.cmd, }, 1753 .dataflags = { IWL_HCMD_DFL_NOCOPY, }, 1754 }; 1755 struct iwl_mld_scan_params params = {}; 1756 struct iwl_mld_scan_iter_data scan_iter_data = { 1757 .current_vif = vif, 1758 }; 1759 bool non_psc_included = false; 1760 int ret, uid; 1761 1762 /* we should have failed registration if scan_cmd was NULL */ 1763 if (WARN_ON(!mld->scan.cmd)) 1764 return -ENOMEM; 1765 1766 /* FW supports only a single periodic scan */ 1767 if (mld->scan.status & (IWL_MLD_SCAN_SCHED | IWL_MLD_SCAN_NETDETECT)) 1768 return -EBUSY; 1769 1770 ieee80211_iterate_active_interfaces_mtx(mld->hw, 1771 IEEE80211_IFACE_ITER_NORMAL, 1772 iwl_mld_scan_iterator, 1773 &scan_iter_data); 1774 1775 params.type = iwl_mld_get_scan_type(mld, vif, &scan_iter_data); 1776 params.flags = req->flags; 1777 params.n_ssids = req->n_ssids; 1778 params.ssids = req->ssids; 1779 params.n_channels = req->n_channels; 1780 params.channels = req->channels; 1781 params.mac_addr = req->mac_addr; 1782 params.mac_addr_mask = req->mac_addr_mask; 1783 params.no_cck = false; 1784 params.pass_all = iwl_mld_scan_pass_all(mld, req); 1785 params.n_match_sets = req->n_match_sets; 1786 params.match_sets = req->match_sets; 1787 params.n_scan_plans = req->n_scan_plans; 1788 params.scan_plans = req->scan_plans; 1789 /* TODO: CDB - per-band flag */ 1790 params.respect_p2p_go = 1791 iwl_mld_get_respect_p2p_go(mld, vif, 1792 scan_iter_data.global_low_latency); 1793 1794 /* UMAC scan supports up to 16-bit delays, trim it down to 16-bits */ 1795 params.delay = req->delay > U16_MAX ? U16_MAX : req->delay; 1796 1797 eth_broadcast_addr(params.bssid); 1798 1799 ret = iwl_mld_config_sched_scan_profiles(mld, req); 1800 if (ret) 1801 return ret; 1802 1803 iwl_mld_scan_build_probe_req(mld, vif, ies, ¶ms); 1804 1805 ret = iwl_mld_sched_scan_handle_non_psc_channels(¶ms, 1806 &non_psc_included); 1807 if (ret) 1808 goto out; 1809 1810 if (!iwl_mld_scan_fits(mld, req->n_ssids, ies, params.n_channels)) { 1811 ret = -ENOBUFS; 1812 goto out; 1813 } 1814 1815 uid = iwl_mld_scan_build_cmd(mld, vif, ¶ms, type, 1816 scan_iter_data.global_low_latency); 1817 if (uid < 0) { 1818 ret = uid; 1819 goto out; 1820 } 1821 1822 ret = iwl_mld_send_cmd(mld, &hcmd); 1823 if (!ret) { 1824 IWL_DEBUG_SCAN(mld, 1825 "Sched scan request send success: type=%u, uid=%u\n", 1826 type, uid); 1827 mld->scan.uid_status[uid] = type; 1828 mld->scan.status |= type; 1829 } else { 1830 IWL_ERR(mld, "Sched scan failed! ret %d\n", ret); 1831 mld->scan.pass_all_sched_res = SCHED_SCAN_PASS_ALL_STATE_DISABLED; 1832 } 1833 1834 out: 1835 if (non_psc_included) 1836 kfree(params.channels); 1837 return ret; 1838 } 1839 1840 int iwl_mld_scan_stop(struct iwl_mld *mld, int type, bool notify) 1841 { 1842 int uid, ret; 1843 1844 IWL_DEBUG_SCAN(mld, 1845 "Request to stop scan: type=0x%x, status=0x%x\n", 1846 type, mld->scan.status); 1847 1848 if (!(mld->scan.status & type)) 1849 return 0; 1850 1851 uid = iwl_mld_scan_uid_by_status(mld, type); 1852 /* must be valid, we just checked it's running */ 1853 if (WARN_ON_ONCE(uid < 0)) 1854 return uid; 1855 1856 ret = iwl_mld_scan_stop_wait(mld, type, uid); 1857 if (ret) 1858 IWL_DEBUG_SCAN(mld, "Failed to stop scan\n"); 1859 1860 /* Clear the scan status so the next scan requests will 1861 * succeed and mark the scan as stopping, so that the Rx 1862 * handler doesn't do anything, as the scan was stopped from 1863 * above. Also remove the handler to not notify mac80211 1864 * erroneously after a new scan starts, for example. 1865 */ 1866 mld->scan.status &= ~type; 1867 mld->scan.uid_status[uid] = IWL_MLD_SCAN_NONE; 1868 iwl_mld_cancel_notifications_of_object(mld, IWL_MLD_OBJECT_TYPE_SCAN, 1869 uid); 1870 1871 if (type == IWL_MLD_SCAN_REGULAR) { 1872 if (notify) { 1873 struct cfg80211_scan_info info = { 1874 .aborted = true, 1875 }; 1876 1877 ieee80211_scan_completed(mld->hw, &info); 1878 } 1879 } else if (notify) { 1880 ieee80211_sched_scan_stopped(mld->hw); 1881 mld->scan.pass_all_sched_res = SCHED_SCAN_PASS_ALL_STATE_DISABLED; 1882 } 1883 1884 return ret; 1885 } 1886 1887 int iwl_mld_regular_scan_start(struct iwl_mld *mld, struct ieee80211_vif *vif, 1888 struct cfg80211_scan_request *req, 1889 struct ieee80211_scan_ies *ies) 1890 { 1891 /* Clear survey data when starting the first part of a regular scan */ 1892 if (req->first_part && mld->channel_survey) 1893 memset(mld->channel_survey->channels, 0, 1894 sizeof(mld->channel_survey->channels[0]) * 1895 mld->channel_survey->n_channels); 1896 1897 if (vif->type == NL80211_IFTYPE_P2P_DEVICE) 1898 iwl_mld_emlsr_block_tmp_non_bss(mld); 1899 1900 return _iwl_mld_single_scan_start(mld, vif, req, ies, 1901 IWL_MLD_SCAN_REGULAR); 1902 } 1903 1904 static void iwl_mld_int_mlo_scan_start(struct iwl_mld *mld, 1905 struct ieee80211_vif *vif, 1906 struct ieee80211_channel **channels, 1907 size_t n_channels) 1908 { 1909 struct cfg80211_scan_request *req __free(kfree) = NULL; 1910 struct ieee80211_scan_ies ies = {}; 1911 size_t size; 1912 int ret; 1913 1914 IWL_DEBUG_SCAN(mld, "Starting Internal MLO scan: n_channels=%zu\n", 1915 n_channels); 1916 1917 size = struct_size(req, channels, n_channels); 1918 req = kzalloc(size, GFP_KERNEL); 1919 if (!req) 1920 return; 1921 1922 /* set the requested channels */ 1923 for (int i = 0; i < n_channels; i++) 1924 req->channels[i] = channels[i]; 1925 1926 req->n_channels = n_channels; 1927 1928 /* set the rates */ 1929 for (int i = 0; i < NUM_NL80211_BANDS; i++) 1930 if (mld->wiphy->bands[i]) 1931 req->rates[i] = 1932 (1 << mld->wiphy->bands[i]->n_bitrates) - 1; 1933 1934 req->wdev = ieee80211_vif_to_wdev(vif); 1935 req->wiphy = mld->wiphy; 1936 req->scan_start = jiffies; 1937 req->tsf_report_link_id = -1; 1938 1939 ret = _iwl_mld_single_scan_start(mld, vif, req, &ies, 1940 IWL_MLD_SCAN_INT_MLO); 1941 1942 IWL_DEBUG_SCAN(mld, "Internal MLO scan: ret=%d\n", ret); 1943 } 1944 1945 #define IWL_MLD_MLO_SCAN_BLOCKOUT_TIME 5 /* seconds */ 1946 1947 void iwl_mld_int_mlo_scan(struct iwl_mld *mld, struct ieee80211_vif *vif) 1948 { 1949 struct ieee80211_channel *channels[IEEE80211_MLD_MAX_NUM_LINKS]; 1950 struct iwl_mld_vif *mld_vif = iwl_mld_vif_from_mac80211(vif); 1951 unsigned long usable_links = ieee80211_vif_usable_links(vif); 1952 size_t n_channels = 0; 1953 u8 link_id; 1954 1955 lockdep_assert_wiphy(mld->wiphy); 1956 1957 if (!IWL_MLD_AUTO_EML_ENABLE || !vif->cfg.assoc || 1958 !ieee80211_vif_is_mld(vif) || hweight16(vif->valid_links) == 1) 1959 return; 1960 1961 if (mld->scan.status & IWL_MLD_SCAN_INT_MLO) { 1962 IWL_DEBUG_SCAN(mld, "Internal MLO scan is already running\n"); 1963 return; 1964 } 1965 1966 if (mld_vif->last_link_activation_time > ktime_get_boottime_seconds() - 1967 IWL_MLD_MLO_SCAN_BLOCKOUT_TIME) { 1968 /* timing doesn't matter much, so use the blockout time */ 1969 wiphy_delayed_work_queue(mld->wiphy, 1970 &mld_vif->mlo_scan_start_wk, 1971 IWL_MLD_MLO_SCAN_BLOCKOUT_TIME); 1972 return; 1973 } 1974 1975 for_each_set_bit(link_id, &usable_links, IEEE80211_MLD_MAX_NUM_LINKS) { 1976 struct ieee80211_bss_conf *link_conf = 1977 link_conf_dereference_check(vif, link_id); 1978 1979 if (WARN_ON_ONCE(!link_conf)) 1980 continue; 1981 1982 channels[n_channels++] = link_conf->chanreq.oper.chan; 1983 } 1984 1985 if (!n_channels) 1986 return; 1987 1988 iwl_mld_int_mlo_scan_start(mld, vif, channels, n_channels); 1989 } 1990 1991 void iwl_mld_handle_scan_iter_complete_notif(struct iwl_mld *mld, 1992 struct iwl_rx_packet *pkt) 1993 { 1994 struct iwl_umac_scan_iter_complete_notif *notif = (void *)pkt->data; 1995 u32 uid = __le32_to_cpu(notif->uid); 1996 1997 if (IWL_FW_CHECK(mld, uid >= ARRAY_SIZE(mld->scan.uid_status), 1998 "FW reports out-of-range scan UID %d\n", uid)) 1999 return; 2000 2001 if (mld->scan.uid_status[uid] == IWL_MLD_SCAN_REGULAR) 2002 mld->scan.start_tsf = le64_to_cpu(notif->start_tsf); 2003 2004 IWL_DEBUG_SCAN(mld, 2005 "UMAC Scan iteration complete: status=0x%x scanned_channels=%d\n", 2006 notif->status, notif->scanned_channels); 2007 2008 if (mld->scan.pass_all_sched_res == SCHED_SCAN_PASS_ALL_STATE_FOUND) { 2009 IWL_DEBUG_SCAN(mld, "Pass all scheduled scan results found\n"); 2010 ieee80211_sched_scan_results(mld->hw); 2011 mld->scan.pass_all_sched_res = SCHED_SCAN_PASS_ALL_STATE_ENABLED; 2012 } 2013 2014 IWL_DEBUG_SCAN(mld, 2015 "UMAC Scan iteration complete: scan started at %llu (TSF)\n", 2016 le64_to_cpu(notif->start_tsf)); 2017 } 2018 2019 void iwl_mld_handle_match_found_notif(struct iwl_mld *mld, 2020 struct iwl_rx_packet *pkt) 2021 { 2022 IWL_DEBUG_SCAN(mld, "Scheduled scan results\n"); 2023 ieee80211_sched_scan_results(mld->hw); 2024 } 2025 2026 void iwl_mld_handle_scan_start_notif(struct iwl_mld *mld, 2027 struct iwl_rx_packet *pkt) 2028 { 2029 struct iwl_umac_scan_complete *notif = (void *)pkt->data; 2030 u32 uid = le32_to_cpu(notif->uid); 2031 2032 if (IWL_FW_CHECK(mld, uid >= ARRAY_SIZE(mld->scan.uid_status), 2033 "FW reports out-of-range scan UID %d\n", uid)) 2034 return; 2035 2036 if (IWL_FW_CHECK(mld, !(mld->scan.uid_status[uid] & mld->scan.status), 2037 "FW reports scan UID %d we didn't trigger\n", uid)) 2038 return; 2039 2040 IWL_DEBUG_SCAN(mld, "Scan started: uid=%u type=%u\n", uid, 2041 mld->scan.uid_status[uid]); 2042 if (IWL_FW_CHECK(mld, mld->scan.uid_status[uid] != IWL_MLD_SCAN_INT_MLO, 2043 "FW reports scan start notification %d we didn't trigger\n", 2044 mld->scan.uid_status[uid])) 2045 return; 2046 2047 mld->scan.last_mlo_scan_start_time = ktime_get_boottime_ns(); 2048 } 2049 2050 void iwl_mld_handle_scan_complete_notif(struct iwl_mld *mld, 2051 struct iwl_rx_packet *pkt) 2052 { 2053 struct iwl_umac_scan_complete *notif = (void *)pkt->data; 2054 bool aborted = (notif->status == IWL_SCAN_OFFLOAD_ABORTED); 2055 u32 uid = __le32_to_cpu(notif->uid); 2056 2057 if (IWL_FW_CHECK(mld, uid >= ARRAY_SIZE(mld->scan.uid_status), 2058 "FW reports out-of-range scan UID %d\n", uid)) 2059 return; 2060 2061 IWL_DEBUG_SCAN(mld, 2062 "Scan completed: uid=%u type=%u, status=%s, EBS=%s\n", 2063 uid, mld->scan.uid_status[uid], 2064 notif->status == IWL_SCAN_OFFLOAD_COMPLETED ? 2065 "completed" : "aborted", 2066 iwl_mld_scan_ebs_status_str(notif->ebs_status)); 2067 IWL_DEBUG_SCAN(mld, "Scan completed: scan_status=0x%x\n", 2068 mld->scan.status); 2069 IWL_DEBUG_SCAN(mld, 2070 "Scan completed: line=%u, iter=%u, elapsed time=%u\n", 2071 notif->last_schedule, notif->last_iter, 2072 __le32_to_cpu(notif->time_from_last_iter)); 2073 2074 if (IWL_FW_CHECK(mld, !(mld->scan.uid_status[uid] & mld->scan.status), 2075 "FW reports scan UID %d we didn't trigger\n", uid)) 2076 return; 2077 2078 /* if the scan is already stopping, we don't need to notify mac80211 */ 2079 if (mld->scan.uid_status[uid] == IWL_MLD_SCAN_REGULAR) { 2080 struct cfg80211_scan_info info = { 2081 .aborted = aborted, 2082 .scan_start_tsf = mld->scan.start_tsf, 2083 }; 2084 int fw_link_id = mld->scan.fw_link_id; 2085 struct ieee80211_bss_conf *link_conf = NULL; 2086 2087 if (fw_link_id != IWL_MLD_INVALID_FW_ID) 2088 link_conf = iwl_mld_fw_id_to_link_conf(mld, fw_link_id); 2089 2090 /* It is possible that by the time the scan is complete the 2091 * link was already removed and is not valid. 2092 */ 2093 if (link_conf) 2094 ether_addr_copy(info.tsf_bssid, link_conf->bssid); 2095 else 2096 IWL_DEBUG_SCAN(mld, "Scan link is no longer valid\n"); 2097 2098 ieee80211_scan_completed(mld->hw, &info); 2099 2100 /* Scan is over, we can check again the tpt counters */ 2101 iwl_mld_stop_ignoring_tpt_updates(mld); 2102 } else if (mld->scan.uid_status[uid] == IWL_MLD_SCAN_SCHED) { 2103 ieee80211_sched_scan_stopped(mld->hw); 2104 mld->scan.pass_all_sched_res = SCHED_SCAN_PASS_ALL_STATE_DISABLED; 2105 } else if (mld->scan.uid_status[uid] == IWL_MLD_SCAN_INT_MLO) { 2106 IWL_DEBUG_SCAN(mld, "Internal MLO scan completed\n"); 2107 2108 /* 2109 * We limit link selection to internal MLO scans as otherwise 2110 * we do not know whether all channels were covered. 2111 */ 2112 iwl_mld_select_links(mld); 2113 } 2114 2115 mld->scan.status &= ~mld->scan.uid_status[uid]; 2116 2117 IWL_DEBUG_SCAN(mld, "Scan completed: after update: scan_status=0x%x\n", 2118 mld->scan.status); 2119 2120 mld->scan.uid_status[uid] = IWL_MLD_SCAN_NONE; 2121 2122 if (notif->ebs_status != IWL_SCAN_EBS_SUCCESS && 2123 notif->ebs_status != IWL_SCAN_EBS_INACTIVE) 2124 mld->scan.last_ebs_failed = true; 2125 } 2126 2127 /* This function is used in nic restart flow, to inform mac80211 about scans 2128 * that were aborted by restart flow or by an assert. 2129 */ 2130 void iwl_mld_report_scan_aborted(struct iwl_mld *mld) 2131 { 2132 int uid; 2133 2134 uid = iwl_mld_scan_uid_by_status(mld, IWL_MLD_SCAN_REGULAR); 2135 if (uid >= 0) { 2136 struct cfg80211_scan_info info = { 2137 .aborted = true, 2138 }; 2139 2140 ieee80211_scan_completed(mld->hw, &info); 2141 mld->scan.uid_status[uid] = IWL_MLD_SCAN_NONE; 2142 } 2143 2144 uid = iwl_mld_scan_uid_by_status(mld, IWL_MLD_SCAN_SCHED); 2145 if (uid >= 0) { 2146 mld->scan.pass_all_sched_res = SCHED_SCAN_PASS_ALL_STATE_DISABLED; 2147 mld->scan.uid_status[uid] = IWL_MLD_SCAN_NONE; 2148 2149 /* sched scan will be restarted by mac80211 in reconfig. 2150 * report to mac80211 that sched scan stopped only if we won't 2151 * restart the firmware. 2152 */ 2153 if (!iwlwifi_mod_params.fw_restart) 2154 ieee80211_sched_scan_stopped(mld->hw); 2155 } 2156 2157 uid = iwl_mld_scan_uid_by_status(mld, IWL_MLD_SCAN_INT_MLO); 2158 if (uid >= 0) { 2159 IWL_DEBUG_SCAN(mld, "Internal MLO scan aborted\n"); 2160 mld->scan.uid_status[uid] = IWL_MLD_SCAN_NONE; 2161 } 2162 2163 BUILD_BUG_ON(IWL_MLD_SCAN_NONE != 0); 2164 memset(mld->scan.uid_status, 0, sizeof(mld->scan.uid_status)); 2165 } 2166 2167 int iwl_mld_alloc_scan_cmd(struct iwl_mld *mld) 2168 { 2169 u8 scan_cmd_ver = iwl_fw_lookup_cmd_ver(mld->fw, SCAN_REQ_UMAC, 2170 IWL_FW_CMD_VER_UNKNOWN); 2171 size_t scan_cmd_size; 2172 2173 if (scan_cmd_ver == 17) { 2174 scan_cmd_size = sizeof(struct iwl_scan_req_umac_v17); 2175 } else if (scan_cmd_ver == 18) { 2176 scan_cmd_size = sizeof(struct iwl_scan_req_umac_v18); 2177 } else { 2178 IWL_ERR(mld, "Unexpected scan cmd version %d\n", scan_cmd_ver); 2179 return -EINVAL; 2180 } 2181 2182 mld->scan.cmd = kmalloc(scan_cmd_size, GFP_KERNEL); 2183 if (!mld->scan.cmd) 2184 return -ENOMEM; 2185 2186 mld->scan.cmd_size = scan_cmd_size; 2187 mld->scan.cmd_ver = scan_cmd_ver; 2188 2189 return 0; 2190 } 2191 2192 static int iwl_mld_chanidx_from_phy(struct iwl_mld *mld, 2193 enum nl80211_band band, 2194 u16 phy_chan_num) 2195 { 2196 struct ieee80211_supported_band *sband = mld->wiphy->bands[band]; 2197 2198 if (WARN_ON_ONCE(!sband)) 2199 return -EINVAL; 2200 2201 for (int chan_idx = 0; chan_idx < sband->n_channels; chan_idx++) { 2202 struct ieee80211_channel *channel = &sband->channels[chan_idx]; 2203 2204 if (channel->hw_value == phy_chan_num) 2205 return chan_idx; 2206 } 2207 2208 return -EINVAL; 2209 } 2210 2211 void iwl_mld_handle_channel_survey_notif(struct iwl_mld *mld, 2212 struct iwl_rx_packet *pkt) 2213 { 2214 const struct iwl_umac_scan_channel_survey_notif *notif = 2215 (void *)pkt->data; 2216 struct iwl_mld_survey_channel *info; 2217 enum nl80211_band band; 2218 int chan_idx; 2219 2220 if (!mld->channel_survey) { 2221 size_t n_channels = 0; 2222 2223 for (band = 0; band < NUM_NL80211_BANDS; band++) { 2224 if (!mld->wiphy->bands[band]) 2225 continue; 2226 2227 n_channels += mld->wiphy->bands[band]->n_channels; 2228 } 2229 2230 mld->channel_survey = kzalloc_flex(*mld->channel_survey, 2231 channels, n_channels); 2232 2233 if (!mld->channel_survey) 2234 return; 2235 2236 mld->channel_survey->n_channels = n_channels; 2237 n_channels = 0; 2238 for (band = 0; band < NUM_NL80211_BANDS; band++) { 2239 if (!mld->wiphy->bands[band]) 2240 continue; 2241 2242 mld->channel_survey->bands[band] = 2243 &mld->channel_survey->channels[n_channels]; 2244 n_channels += mld->wiphy->bands[band]->n_channels; 2245 } 2246 } 2247 2248 band = iwl_mld_phy_band_to_nl80211(le32_to_cpu(notif->band)); 2249 chan_idx = iwl_mld_chanidx_from_phy(mld, band, 2250 le32_to_cpu(notif->channel)); 2251 if (WARN_ON_ONCE(chan_idx < 0)) 2252 return; 2253 2254 IWL_DEBUG_SCAN(mld, "channel survey received for freq %d\n", 2255 mld->wiphy->bands[band]->channels[chan_idx].center_freq); 2256 2257 info = &mld->channel_survey->bands[band][chan_idx]; 2258 2259 /* Times are all in ms */ 2260 info->time = le32_to_cpu(notif->active_time); 2261 info->time_busy = le32_to_cpu(notif->busy_time); 2262 info->noise = 2263 iwl_average_neg_dbm(notif->noise, ARRAY_SIZE(notif->noise)); 2264 } 2265 2266 int iwl_mld_mac80211_get_survey(struct ieee80211_hw *hw, int idx, 2267 struct survey_info *survey) 2268 { 2269 struct iwl_mld *mld = IWL_MAC80211_GET_MLD(hw); 2270 int curr_idx = 0; 2271 2272 if (!mld->channel_survey) 2273 return -ENOENT; 2274 2275 /* Iterate bands/channels to find the requested index. 2276 * Logically this returns the entry with index "idx" from a flattened 2277 * survey result array that only contains channels with information. 2278 * The current index into this flattened array is tracked in curr_idx. 2279 */ 2280 for (enum nl80211_band band = 0; band < NUM_NL80211_BANDS; band++) { 2281 struct ieee80211_supported_band *sband = 2282 mld->wiphy->bands[band]; 2283 2284 if (!sband) 2285 continue; 2286 2287 for (int per_band_idx = 0; 2288 per_band_idx < sband->n_channels; 2289 per_band_idx++) { 2290 struct iwl_mld_survey_channel *info = 2291 &mld->channel_survey->bands[band][per_band_idx]; 2292 2293 /* Skip entry entirely, it was not reported/scanned, 2294 * do not increase curr_idx for this entry. 2295 */ 2296 if (!info->time) 2297 continue; 2298 2299 /* Search did not reach the requested entry yet, 2300 * increment curr_idx and continue. 2301 */ 2302 if (idx != curr_idx) { 2303 curr_idx++; 2304 continue; 2305 } 2306 2307 /* Found (the next) channel to report */ 2308 survey->channel = &sband->channels[per_band_idx]; 2309 survey->filled = SURVEY_INFO_TIME | 2310 SURVEY_INFO_TIME_BUSY; 2311 survey->time = info->time; 2312 survey->time_busy = info->time_busy; 2313 survey->noise = info->noise; 2314 if (survey->noise < 0) 2315 survey->filled |= SURVEY_INFO_NOISE_DBM; 2316 2317 return 0; 2318 } 2319 } 2320 2321 return -ENOENT; 2322 } 2323