1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
2 /*
3 * Copyright (C) 2024-2025 Intel Corporation
4 */
5
6 #include "mld.h"
7 #include "notif.h"
8 #include "scan.h"
9 #include "iface.h"
10 #include "mlo.h"
11 #include "iwl-trans.h"
12 #include "fw/file.h"
13 #include "fw/dbg.h"
14 #include "fw/api/cmdhdr.h"
15 #include "fw/api/mac-cfg.h"
16 #include "session-protect.h"
17 #include "fw/api/time-event.h"
18 #include "fw/api/tx.h"
19 #include "fw/api/rs.h"
20 #include "fw/api/offload.h"
21 #include "fw/api/stats.h"
22 #include "fw/api/rfi.h"
23 #include "fw/api/coex.h"
24
25 #include "mcc.h"
26 #include "link.h"
27 #include "tx.h"
28 #include "rx.h"
29 #include "tlc.h"
30 #include "agg.h"
31 #include "mac80211.h"
32 #include "thermal.h"
33 #include "roc.h"
34 #include "stats.h"
35 #include "coex.h"
36 #include "time_sync.h"
37 #include "ftm-initiator.h"
38
39 /* Please use this in an increasing order of the versions */
40 #define CMD_VER_ENTRY(_ver, _struct) \
41 { .size = sizeof(struct _struct), .ver = _ver },
42 #define CMD_VERSIONS(name, ...) \
43 static const struct iwl_notif_struct_size \
44 iwl_notif_struct_sizes_##name[] = { __VA_ARGS__ };
45
46 #define RX_HANDLER_NO_OBJECT(_grp, _cmd, _name, _context) \
47 {.cmd_id = WIDE_ID(_grp, _cmd), \
48 .context = _context, \
49 .fn = iwl_mld_handle_##_name, \
50 .sizes = iwl_notif_struct_sizes_##_name, \
51 .n_sizes = ARRAY_SIZE(iwl_notif_struct_sizes_##_name), \
52 },
53
54 /* Use this for Rx handlers that do not need notification validation */
55 #define RX_HANDLER_NO_VAL(_grp, _cmd, _name, _context) \
56 {.cmd_id = WIDE_ID(_grp, _cmd), \
57 .context = _context, \
58 .fn = iwl_mld_handle_##_name, \
59 },
60
61 #define RX_HANDLER_VAL_FN(_grp, _cmd, _name, _context) \
62 { .cmd_id = WIDE_ID(_grp, _cmd), \
63 .context = _context, \
64 .fn = iwl_mld_handle_##_name, \
65 .val_fn = iwl_mld_validate_##_name, \
66 },
67
68 #define DEFINE_SIMPLE_CANCELLATION(name, notif_struct, id_member) \
69 static bool iwl_mld_cancel_##name##_notif(struct iwl_mld *mld, \
70 struct iwl_rx_packet *pkt, \
71 u32 obj_id) \
72 { \
73 const struct notif_struct *notif = (const void *)pkt->data; \
74 \
75 return obj_id == _Generic((notif)->id_member, \
76 __le32: le32_to_cpu((notif)->id_member), \
77 __le16: le16_to_cpu((notif)->id_member), \
78 u8: (notif)->id_member); \
79 }
80
81 /* Currently only defined for the RX_HANDLER_SIZES options. Use this for
82 * notifications that belong to a specific object, and that should be
83 * canceled when the object is removed
84 */
85 #define RX_HANDLER_OF_OBJ(_grp, _cmd, _name, _obj_type) \
86 {.cmd_id = WIDE_ID(_grp, _cmd), \
87 /* Only async handlers can be canceled */ \
88 .context = RX_HANDLER_ASYNC, \
89 .fn = iwl_mld_handle_##_name, \
90 .sizes = iwl_notif_struct_sizes_##_name, \
91 .n_sizes = ARRAY_SIZE(iwl_notif_struct_sizes_##_name), \
92 .obj_type = IWL_MLD_OBJECT_TYPE_##_obj_type, \
93 .cancel = iwl_mld_cancel_##_name, \
94 },
95
96 #define RX_HANDLER_OF_LINK(_grp, _cmd, _name) \
97 RX_HANDLER_OF_OBJ(_grp, _cmd, _name, LINK) \
98
99 #define RX_HANDLER_OF_VIF(_grp, _cmd, _name) \
100 RX_HANDLER_OF_OBJ(_grp, _cmd, _name, VIF) \
101
102 #define RX_HANDLER_OF_STA(_grp, _cmd, _name) \
103 RX_HANDLER_OF_OBJ(_grp, _cmd, _name, STA) \
104
105 #define RX_HANDLER_OF_ROC(_grp, _cmd, _name) \
106 RX_HANDLER_OF_OBJ(_grp, _cmd, _name, ROC)
107
108 #define RX_HANDLER_OF_SCAN(_grp, _cmd, _name) \
109 RX_HANDLER_OF_OBJ(_grp, _cmd, _name, SCAN)
110
111 #define RX_HANDLER_OF_FTM_REQ(_grp, _cmd, _name) \
112 RX_HANDLER_OF_OBJ(_grp, _cmd, _name, FTM_REQ)
113
iwl_mld_handle_mfuart_notif(struct iwl_mld * mld,struct iwl_rx_packet * pkt)114 static void iwl_mld_handle_mfuart_notif(struct iwl_mld *mld,
115 struct iwl_rx_packet *pkt)
116 {
117 struct iwl_mfuart_load_notif *mfuart_notif = (void *)pkt->data;
118
119 IWL_DEBUG_INFO(mld,
120 "MFUART: installed ver: 0x%08x, external ver: 0x%08x\n",
121 le32_to_cpu(mfuart_notif->installed_ver),
122 le32_to_cpu(mfuart_notif->external_ver));
123 IWL_DEBUG_INFO(mld,
124 "MFUART: status: 0x%08x, duration: 0x%08x image size: 0x%08x\n",
125 le32_to_cpu(mfuart_notif->status),
126 le32_to_cpu(mfuart_notif->duration),
127 le32_to_cpu(mfuart_notif->image_size));
128 }
129
iwl_mld_mu_mimo_iface_iterator(void * _data,u8 * mac,struct ieee80211_vif * vif)130 static void iwl_mld_mu_mimo_iface_iterator(void *_data, u8 *mac,
131 struct ieee80211_vif *vif)
132 {
133 struct ieee80211_bss_conf *bss_conf = &vif->bss_conf;
134 unsigned int link_id = 0;
135
136 if (WARN(hweight16(vif->active_links) > 1,
137 "no support for this notif while in EMLSR 0x%x\n",
138 vif->active_links))
139 return;
140
141 if (ieee80211_vif_is_mld(vif)) {
142 link_id = __ffs(vif->active_links);
143 bss_conf = link_conf_dereference_check(vif, link_id);
144 }
145
146 if (!WARN_ON(!bss_conf) && bss_conf->mu_mimo_owner) {
147 const struct iwl_mu_group_mgmt_notif *notif = _data;
148
149 BUILD_BUG_ON(sizeof(notif->membership_status) !=
150 WLAN_MEMBERSHIP_LEN);
151 BUILD_BUG_ON(sizeof(notif->user_position) !=
152 WLAN_USER_POSITION_LEN);
153
154 /* MU-MIMO Group Id action frame is little endian. We treat
155 * the data received from firmware as if it came from the
156 * action frame, so no conversion is needed.
157 */
158 ieee80211_update_mu_groups(vif, link_id,
159 (u8 *)¬if->membership_status,
160 (u8 *)¬if->user_position);
161 }
162 }
163
164 /* This handler is called in SYNC mode because it needs to be serialized with
165 * Rx as specified in ieee80211_update_mu_groups()'s documentation.
166 */
iwl_mld_handle_mu_mimo_grp_notif(struct iwl_mld * mld,struct iwl_rx_packet * pkt)167 static void iwl_mld_handle_mu_mimo_grp_notif(struct iwl_mld *mld,
168 struct iwl_rx_packet *pkt)
169 {
170 struct iwl_mu_group_mgmt_notif *notif = (void *)pkt->data;
171
172 ieee80211_iterate_active_interfaces_atomic(mld->hw,
173 IEEE80211_IFACE_ITER_NORMAL,
174 iwl_mld_mu_mimo_iface_iterator,
175 notif);
176 }
177
178 static void
iwl_mld_handle_channel_switch_start_notif(struct iwl_mld * mld,struct iwl_rx_packet * pkt)179 iwl_mld_handle_channel_switch_start_notif(struct iwl_mld *mld,
180 struct iwl_rx_packet *pkt)
181 {
182 struct iwl_channel_switch_start_notif *notif = (void *)pkt->data;
183 u32 link_id = le32_to_cpu(notif->link_id);
184 struct ieee80211_bss_conf *link_conf =
185 iwl_mld_fw_id_to_link_conf(mld, link_id);
186 struct ieee80211_vif *vif;
187
188 if (WARN_ON(!link_conf))
189 return;
190
191 vif = link_conf->vif;
192
193 IWL_DEBUG_INFO(mld,
194 "CSA Start Notification with vif type: %d, link_id: %d\n",
195 vif->type,
196 link_conf->link_id);
197
198 switch (vif->type) {
199 case NL80211_IFTYPE_AP:
200 /* We don't support canceling a CSA as it was advertised
201 * by the AP itself
202 */
203 if (!link_conf->csa_active)
204 return;
205
206 ieee80211_csa_finish(vif, link_conf->link_id);
207 break;
208 case NL80211_IFTYPE_STATION:
209 if (!link_conf->csa_active) {
210 /* Either unexpected cs notif or mac80211 chose to
211 * ignore, for example in channel switch to same channel
212 */
213 struct iwl_cancel_channel_switch_cmd cmd = {
214 .id = cpu_to_le32(link_id),
215 };
216
217 if (iwl_mld_send_cmd_pdu(mld,
218 WIDE_ID(MAC_CONF_GROUP,
219 CANCEL_CHANNEL_SWITCH_CMD),
220 &cmd))
221 IWL_ERR(mld,
222 "Failed to cancel the channel switch\n");
223 return;
224 }
225
226 ieee80211_chswitch_done(vif, true, link_conf->link_id);
227 break;
228
229 default:
230 WARN(1, "CSA on invalid vif type: %d", vif->type);
231 }
232 }
233
234 static void
iwl_mld_handle_channel_switch_error_notif(struct iwl_mld * mld,struct iwl_rx_packet * pkt)235 iwl_mld_handle_channel_switch_error_notif(struct iwl_mld *mld,
236 struct iwl_rx_packet *pkt)
237 {
238 struct iwl_channel_switch_error_notif *notif = (void *)pkt->data;
239 struct ieee80211_bss_conf *link_conf;
240 struct ieee80211_vif *vif;
241 u32 link_id = le32_to_cpu(notif->link_id);
242 u32 csa_err_mask = le32_to_cpu(notif->csa_err_mask);
243
244 link_conf = iwl_mld_fw_id_to_link_conf(mld, link_id);
245 if (WARN_ON(!link_conf))
246 return;
247
248 vif = link_conf->vif;
249
250 IWL_DEBUG_INFO(mld, "FW reports CSA error: id=%u, csa_err_mask=%u\n",
251 link_id, csa_err_mask);
252
253 if (csa_err_mask & (CS_ERR_COUNT_ERROR |
254 CS_ERR_LONG_DELAY_AFTER_CS |
255 CS_ERR_TX_BLOCK_TIMER_EXPIRED))
256 ieee80211_channel_switch_disconnect(vif);
257 }
258
iwl_mld_handle_beacon_notification(struct iwl_mld * mld,struct iwl_rx_packet * pkt)259 static void iwl_mld_handle_beacon_notification(struct iwl_mld *mld,
260 struct iwl_rx_packet *pkt)
261 {
262 struct iwl_extended_beacon_notif *beacon = (void *)pkt->data;
263
264 mld->ibss_manager = !!beacon->ibss_mgr_status;
265 }
266
267 /**
268 * DOC: Notification versioning
269 *
270 * The firmware's notifications change from time to time. In order to
271 * differentiate between different versions of the same notification, the
272 * firmware advertises the version of each notification.
273 * Here are listed all the notifications that are supported. Several versions
274 * of the same notification can be allowed at the same time:
275 *
276 * CMD_VERSION(my_multi_version_notif,
277 * CMD_VER_ENTRY(1, iwl_my_multi_version_notif_ver1)
278 * CMD_VER_ENTRY(2, iwl_my_multi_version_notif_ver2)
279 *
280 * etc...
281 *
282 * The driver will enforce that the notification coming from the firmware
283 * has its version listed here and it'll also enforce that the firmware sent
284 * at least enough bytes to cover the structure listed in the CMD_VER_ENTRY.
285 */
286
287 CMD_VERSIONS(scan_complete_notif,
288 CMD_VER_ENTRY(1, iwl_umac_scan_complete))
289 CMD_VERSIONS(scan_iter_complete_notif,
290 CMD_VER_ENTRY(2, iwl_umac_scan_iter_complete_notif))
291 CMD_VERSIONS(channel_survey_notif,
292 CMD_VER_ENTRY(1, iwl_umac_scan_channel_survey_notif))
293 CMD_VERSIONS(mfuart_notif,
294 CMD_VER_ENTRY(2, iwl_mfuart_load_notif))
295 CMD_VERSIONS(update_mcc,
296 CMD_VER_ENTRY(1, iwl_mcc_chub_notif))
297 CMD_VERSIONS(session_prot_notif,
298 CMD_VER_ENTRY(3, iwl_session_prot_notif))
299 CMD_VERSIONS(missed_beacon_notif,
300 CMD_VER_ENTRY(5, iwl_missed_beacons_notif))
301 CMD_VERSIONS(tx_resp_notif,
302 CMD_VER_ENTRY(8, iwl_tx_resp)
303 CMD_VER_ENTRY(9, iwl_tx_resp))
304 CMD_VERSIONS(compressed_ba_notif,
305 CMD_VER_ENTRY(5, iwl_compressed_ba_notif)
306 CMD_VER_ENTRY(6, iwl_compressed_ba_notif)
307 CMD_VER_ENTRY(7, iwl_compressed_ba_notif))
308 CMD_VERSIONS(tlc_notif,
309 CMD_VER_ENTRY(3, iwl_tlc_update_notif)
310 CMD_VER_ENTRY(4, iwl_tlc_update_notif))
311 CMD_VERSIONS(mu_mimo_grp_notif,
312 CMD_VER_ENTRY(1, iwl_mu_group_mgmt_notif))
313 CMD_VERSIONS(channel_switch_start_notif,
314 CMD_VER_ENTRY(3, iwl_channel_switch_start_notif))
315 CMD_VERSIONS(channel_switch_error_notif,
316 CMD_VER_ENTRY(2, iwl_channel_switch_error_notif))
317 CMD_VERSIONS(ct_kill_notif,
318 CMD_VER_ENTRY(2, ct_kill_notif))
319 CMD_VERSIONS(temp_notif,
320 CMD_VER_ENTRY(2, iwl_dts_measurement_notif))
321 CMD_VERSIONS(roc_notif,
322 CMD_VER_ENTRY(1, iwl_roc_notif))
323 CMD_VERSIONS(probe_resp_data_notif,
324 CMD_VER_ENTRY(1, iwl_probe_resp_data_notif))
325 CMD_VERSIONS(datapath_monitor_notif,
326 CMD_VER_ENTRY(1, iwl_datapath_monitor_notif))
327 CMD_VERSIONS(stats_oper_notif,
328 CMD_VER_ENTRY(3, iwl_system_statistics_notif_oper))
329 CMD_VERSIONS(stats_oper_part1_notif,
330 CMD_VER_ENTRY(4, iwl_system_statistics_part1_notif_oper))
331 CMD_VERSIONS(bt_coex_notif,
332 CMD_VER_ENTRY(1, iwl_bt_coex_profile_notif))
333 CMD_VERSIONS(beacon_notification,
334 CMD_VER_ENTRY(6, iwl_extended_beacon_notif))
335 CMD_VERSIONS(emlsr_mode_notif,
336 CMD_VER_ENTRY(1, iwl_esr_mode_notif_v1)
337 CMD_VER_ENTRY(2, iwl_esr_mode_notif))
338 CMD_VERSIONS(emlsr_trans_fail_notif,
339 CMD_VER_ENTRY(1, iwl_esr_trans_fail_notif))
340 CMD_VERSIONS(uapsd_misbehaving_ap_notif,
341 CMD_VER_ENTRY(1, iwl_uapsd_misbehaving_ap_notif))
342 CMD_VERSIONS(time_msmt_notif,
343 CMD_VER_ENTRY(1, iwl_time_msmt_notify))
344 CMD_VERSIONS(time_sync_confirm_notif,
345 CMD_VER_ENTRY(1, iwl_time_msmt_cfm_notify))
346 CMD_VERSIONS(ftm_resp_notif, CMD_VER_ENTRY(10, iwl_tof_range_rsp_ntfy))
347 CMD_VERSIONS(beacon_filter_notif, CMD_VER_ENTRY(2, iwl_beacon_filter_notif))
348
349 DEFINE_SIMPLE_CANCELLATION(session_prot, iwl_session_prot_notif, mac_link_id)
350 DEFINE_SIMPLE_CANCELLATION(tlc, iwl_tlc_update_notif, sta_id)
351 DEFINE_SIMPLE_CANCELLATION(channel_switch_start,
352 iwl_channel_switch_start_notif, link_id)
353 DEFINE_SIMPLE_CANCELLATION(channel_switch_error,
354 iwl_channel_switch_error_notif, link_id)
355 DEFINE_SIMPLE_CANCELLATION(datapath_monitor, iwl_datapath_monitor_notif,
356 link_id)
357 DEFINE_SIMPLE_CANCELLATION(roc, iwl_roc_notif, activity)
358 DEFINE_SIMPLE_CANCELLATION(scan_complete, iwl_umac_scan_complete, uid)
359 DEFINE_SIMPLE_CANCELLATION(probe_resp_data, iwl_probe_resp_data_notif,
360 mac_id)
361 DEFINE_SIMPLE_CANCELLATION(uapsd_misbehaving_ap, iwl_uapsd_misbehaving_ap_notif,
362 mac_id)
363 DEFINE_SIMPLE_CANCELLATION(ftm_resp, iwl_tof_range_rsp_ntfy, request_id)
364 DEFINE_SIMPLE_CANCELLATION(beacon_filter, iwl_beacon_filter_notif, link_id)
365
366 /**
367 * DOC: Handlers for fw notifications
368 *
369 * Here are listed the notifications IDs (including the group ID), the handler
370 * of the notification and how it should be called:
371 *
372 * - RX_HANDLER_SYNC: will be called as part of the Rx path
373 * - RX_HANDLER_ASYNC: will be handled in a working with the wiphy_lock held
374 *
375 * This means that if the firmware sends two notifications A and B in that
376 * order and notification A is RX_HANDLER_ASYNC and notification is
377 * RX_HANDLER_SYNC, the handler of B will likely be called before the handler
378 * of A.
379 *
380 * This list should be in order of frequency for performance purposes.
381 * The handler can be one from two contexts, see &iwl_rx_handler_context
382 *
383 * A handler can declare that it relies on a specific object in which case it
384 * can be cancelled in case the object is deleted. In order to use this
385 * mechanism, a cancellation function is needed. The cancellation function must
386 * receive an object id (the index of that object in the firmware) and a
387 * notification payload. It'll return true if that specific notification should
388 * be cancelled upon the obliteration of the specific instance of the object.
389 *
390 * DEFINE_SIMPLE_CANCELLATION allows to easily create a cancellation function
391 * that wills simply return true if a given object id matches the object id in
392 * the firmware notification.
393 */
394
395 VISIBLE_IF_IWLWIFI_KUNIT
396 const struct iwl_rx_handler iwl_mld_rx_handlers[] = {
397 RX_HANDLER_NO_OBJECT(LEGACY_GROUP, TX_CMD, tx_resp_notif,
398 RX_HANDLER_SYNC)
399 RX_HANDLER_NO_OBJECT(LEGACY_GROUP, BA_NOTIF, compressed_ba_notif,
400 RX_HANDLER_SYNC)
401 RX_HANDLER_OF_SCAN(LEGACY_GROUP, SCAN_COMPLETE_UMAC,
402 scan_complete_notif)
403 RX_HANDLER_NO_OBJECT(LEGACY_GROUP, SCAN_ITERATION_COMPLETE_UMAC,
404 scan_iter_complete_notif,
405 RX_HANDLER_SYNC)
406 RX_HANDLER_NO_VAL(LEGACY_GROUP, MATCH_FOUND_NOTIFICATION,
407 match_found_notif, RX_HANDLER_SYNC)
408
409 RX_HANDLER_NO_OBJECT(SCAN_GROUP, CHANNEL_SURVEY_NOTIF,
410 channel_survey_notif,
411 RX_HANDLER_ASYNC)
412
413 RX_HANDLER_NO_OBJECT(STATISTICS_GROUP, STATISTICS_OPER_NOTIF,
414 stats_oper_notif, RX_HANDLER_ASYNC)
415 RX_HANDLER_NO_OBJECT(STATISTICS_GROUP, STATISTICS_OPER_PART1_NOTIF,
416 stats_oper_part1_notif, RX_HANDLER_ASYNC)
417
418 RX_HANDLER_NO_OBJECT(LEGACY_GROUP, MFUART_LOAD_NOTIFICATION,
419 mfuart_notif, RX_HANDLER_SYNC)
420
421 RX_HANDLER_NO_OBJECT(PHY_OPS_GROUP, DTS_MEASUREMENT_NOTIF_WIDE,
422 temp_notif, RX_HANDLER_ASYNC)
423 RX_HANDLER_OF_LINK(MAC_CONF_GROUP, SESSION_PROTECTION_NOTIF,
424 session_prot_notif)
425 RX_HANDLER_OF_LINK(MAC_CONF_GROUP, MISSED_BEACONS_NOTIF,
426 missed_beacon_notif)
427 RX_HANDLER_OF_STA(DATA_PATH_GROUP, TLC_MNG_UPDATE_NOTIF, tlc_notif)
428 RX_HANDLER_OF_LINK(MAC_CONF_GROUP, CHANNEL_SWITCH_START_NOTIF,
429 channel_switch_start_notif)
430 RX_HANDLER_OF_LINK(MAC_CONF_GROUP, CHANNEL_SWITCH_ERROR_NOTIF,
431 channel_switch_error_notif)
432 RX_HANDLER_OF_ROC(MAC_CONF_GROUP, ROC_NOTIF, roc_notif)
433 RX_HANDLER_NO_OBJECT(DATA_PATH_GROUP, MU_GROUP_MGMT_NOTIF,
434 mu_mimo_grp_notif, RX_HANDLER_SYNC)
435 RX_HANDLER_OF_VIF(MAC_CONF_GROUP, PROBE_RESPONSE_DATA_NOTIF,
436 probe_resp_data_notif)
437 RX_HANDLER_NO_OBJECT(PHY_OPS_GROUP, CT_KILL_NOTIFICATION,
438 ct_kill_notif, RX_HANDLER_ASYNC)
439 RX_HANDLER_OF_LINK(DATA_PATH_GROUP, MONITOR_NOTIF,
440 datapath_monitor_notif)
441 RX_HANDLER_NO_OBJECT(LEGACY_GROUP, MCC_CHUB_UPDATE_CMD, update_mcc,
442 RX_HANDLER_ASYNC)
443 RX_HANDLER_NO_OBJECT(BT_COEX_GROUP, PROFILE_NOTIF,
444 bt_coex_notif, RX_HANDLER_ASYNC)
445 RX_HANDLER_NO_OBJECT(LEGACY_GROUP, BEACON_NOTIFICATION,
446 beacon_notification, RX_HANDLER_ASYNC)
447 RX_HANDLER_NO_OBJECT(DATA_PATH_GROUP, ESR_MODE_NOTIF,
448 emlsr_mode_notif, RX_HANDLER_ASYNC)
449 RX_HANDLER_NO_OBJECT(MAC_CONF_GROUP, EMLSR_TRANS_FAIL_NOTIF,
450 emlsr_trans_fail_notif, RX_HANDLER_ASYNC)
451 RX_HANDLER_OF_VIF(LEGACY_GROUP, PSM_UAPSD_AP_MISBEHAVING_NOTIFICATION,
452 uapsd_misbehaving_ap_notif)
453 RX_HANDLER_NO_OBJECT(LEGACY_GROUP,
454 WNM_80211V_TIMING_MEASUREMENT_NOTIFICATION,
455 time_msmt_notif, RX_HANDLER_SYNC)
456 RX_HANDLER_NO_OBJECT(LEGACY_GROUP,
457 WNM_80211V_TIMING_MEASUREMENT_CONFIRM_NOTIFICATION,
458 time_sync_confirm_notif, RX_HANDLER_ASYNC)
459 RX_HANDLER_OF_LINK(DATA_PATH_GROUP, BEACON_FILTER_IN_NOTIF,
460 beacon_filter_notif)
461 RX_HANDLER_OF_FTM_REQ(LOCATION_GROUP, TOF_RANGE_RESPONSE_NOTIF,
462 ftm_resp_notif)
463 };
464 EXPORT_SYMBOL_IF_IWLWIFI_KUNIT(iwl_mld_rx_handlers);
465
466 #if IS_ENABLED(CONFIG_IWLWIFI_KUNIT_TESTS)
467 const unsigned int iwl_mld_rx_handlers_num = ARRAY_SIZE(iwl_mld_rx_handlers);
468 EXPORT_SYMBOL_IF_IWLWIFI_KUNIT(iwl_mld_rx_handlers_num);
469 #endif
470
471 static bool
iwl_mld_notif_is_valid(struct iwl_mld * mld,struct iwl_rx_packet * pkt,const struct iwl_rx_handler * handler)472 iwl_mld_notif_is_valid(struct iwl_mld *mld, struct iwl_rx_packet *pkt,
473 const struct iwl_rx_handler *handler)
474 {
475 unsigned int size = iwl_rx_packet_payload_len(pkt);
476 size_t notif_ver;
477
478 /* If n_sizes == 0, it indicates that a validation function may be used
479 * or that no validation is required.
480 */
481 if (!handler->n_sizes) {
482 if (handler->val_fn)
483 return handler->val_fn(mld, pkt);
484 return true;
485 }
486
487 notif_ver = iwl_fw_lookup_notif_ver(mld->fw,
488 iwl_cmd_groupid(handler->cmd_id),
489 iwl_cmd_opcode(handler->cmd_id),
490 IWL_FW_CMD_VER_UNKNOWN);
491
492 for (int i = 0; i < handler->n_sizes; i++) {
493 if (handler->sizes[i].ver != notif_ver)
494 continue;
495
496 if (IWL_FW_CHECK(mld, size < handler->sizes[i].size,
497 "unexpected notification 0x%04x size %d, need %d\n",
498 handler->cmd_id, size, handler->sizes[i].size))
499 return false;
500 return true;
501 }
502
503 IWL_FW_CHECK_FAILED(mld,
504 "notif 0x%04x ver %zu missing expected size, use version %u size\n",
505 handler->cmd_id, notif_ver,
506 handler->sizes[handler->n_sizes - 1].ver);
507
508 return size < handler->sizes[handler->n_sizes - 1].size;
509 }
510
511 struct iwl_async_handler_entry {
512 struct list_head list;
513 struct iwl_rx_cmd_buffer rxb;
514 const struct iwl_rx_handler *rx_h;
515 };
516
517 static void
iwl_mld_log_async_handler_op(struct iwl_mld * mld,const char * op,struct iwl_rx_cmd_buffer * rxb)518 iwl_mld_log_async_handler_op(struct iwl_mld *mld, const char *op,
519 struct iwl_rx_cmd_buffer *rxb)
520 {
521 struct iwl_rx_packet *pkt = rxb_addr(rxb);
522
523 IWL_DEBUG_HC(mld,
524 "%s async handler for notif %s (%.2x.%2x, seq 0x%x)\n",
525 op, iwl_get_cmd_string(mld->trans,
526 WIDE_ID(pkt->hdr.group_id, pkt->hdr.cmd)),
527 pkt->hdr.group_id, pkt->hdr.cmd,
528 le16_to_cpu(pkt->hdr.sequence));
529 }
530
iwl_mld_rx_notif(struct iwl_mld * mld,struct iwl_rx_cmd_buffer * rxb,struct iwl_rx_packet * pkt)531 static void iwl_mld_rx_notif(struct iwl_mld *mld,
532 struct iwl_rx_cmd_buffer *rxb,
533 struct iwl_rx_packet *pkt)
534 {
535 for (int i = 0; i < ARRAY_SIZE(iwl_mld_rx_handlers); i++) {
536 const struct iwl_rx_handler *rx_h = &iwl_mld_rx_handlers[i];
537 struct iwl_async_handler_entry *entry;
538
539 if (rx_h->cmd_id != WIDE_ID(pkt->hdr.group_id, pkt->hdr.cmd))
540 continue;
541
542 if (!iwl_mld_notif_is_valid(mld, pkt, rx_h))
543 return;
544
545 if (rx_h->context == RX_HANDLER_SYNC) {
546 rx_h->fn(mld, pkt);
547 break;
548 }
549
550 entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
551 /* we can't do much... */
552 if (!entry)
553 return;
554
555 /* Set the async handler entry */
556 entry->rxb._page = rxb_steal_page(rxb);
557 entry->rxb._offset = rxb->_offset;
558 entry->rxb._rx_page_order = rxb->_rx_page_order;
559
560 entry->rx_h = rx_h;
561
562 /* Add it to the list and queue the work */
563 spin_lock(&mld->async_handlers_lock);
564 list_add_tail(&entry->list, &mld->async_handlers_list);
565 spin_unlock(&mld->async_handlers_lock);
566
567 wiphy_work_queue(mld->hw->wiphy,
568 &mld->async_handlers_wk);
569
570 iwl_mld_log_async_handler_op(mld, "Queued", rxb);
571 break;
572 }
573
574 iwl_notification_wait_notify(&mld->notif_wait, pkt);
575 }
576
iwl_mld_rx(struct iwl_op_mode * op_mode,struct napi_struct * napi,struct iwl_rx_cmd_buffer * rxb)577 void iwl_mld_rx(struct iwl_op_mode *op_mode, struct napi_struct *napi,
578 struct iwl_rx_cmd_buffer *rxb)
579 {
580 struct iwl_rx_packet *pkt = rxb_addr(rxb);
581 struct iwl_mld *mld = IWL_OP_MODE_GET_MLD(op_mode);
582 u16 cmd_id = WIDE_ID(pkt->hdr.group_id, pkt->hdr.cmd);
583
584 if (likely(cmd_id == WIDE_ID(LEGACY_GROUP, REPLY_RX_MPDU_CMD)))
585 iwl_mld_rx_mpdu(mld, napi, rxb, 0);
586 else if (cmd_id == WIDE_ID(LEGACY_GROUP, FRAME_RELEASE))
587 iwl_mld_handle_frame_release_notif(mld, napi, pkt, 0);
588 else if (cmd_id == WIDE_ID(LEGACY_GROUP, BAR_FRAME_RELEASE))
589 iwl_mld_handle_bar_frame_release_notif(mld, napi, pkt, 0);
590 else if (unlikely(cmd_id == WIDE_ID(DATA_PATH_GROUP,
591 RX_QUEUES_NOTIFICATION)))
592 iwl_mld_handle_rx_queues_sync_notif(mld, napi, pkt, 0);
593 else if (cmd_id == WIDE_ID(DATA_PATH_GROUP, RX_NO_DATA_NOTIF))
594 iwl_mld_rx_monitor_no_data(mld, napi, pkt, 0);
595 else
596 iwl_mld_rx_notif(mld, rxb, pkt);
597 }
598
iwl_mld_rx_rss(struct iwl_op_mode * op_mode,struct napi_struct * napi,struct iwl_rx_cmd_buffer * rxb,unsigned int queue)599 void iwl_mld_rx_rss(struct iwl_op_mode *op_mode, struct napi_struct *napi,
600 struct iwl_rx_cmd_buffer *rxb, unsigned int queue)
601 {
602 struct iwl_rx_packet *pkt = rxb_addr(rxb);
603 struct iwl_mld *mld = IWL_OP_MODE_GET_MLD(op_mode);
604 u16 cmd_id = WIDE_ID(pkt->hdr.group_id, pkt->hdr.cmd);
605
606 if (unlikely(queue >= mld->trans->info.num_rxqs))
607 return;
608
609 if (likely(cmd_id == WIDE_ID(LEGACY_GROUP, REPLY_RX_MPDU_CMD)))
610 iwl_mld_rx_mpdu(mld, napi, rxb, queue);
611 else if (unlikely(cmd_id == WIDE_ID(DATA_PATH_GROUP,
612 RX_QUEUES_NOTIFICATION)))
613 iwl_mld_handle_rx_queues_sync_notif(mld, napi, pkt, queue);
614 else if (unlikely(cmd_id == WIDE_ID(LEGACY_GROUP, FRAME_RELEASE)))
615 iwl_mld_handle_frame_release_notif(mld, napi, pkt, queue);
616 }
617
iwl_mld_delete_handlers(struct iwl_mld * mld,const u16 * cmds,int n_cmds)618 void iwl_mld_delete_handlers(struct iwl_mld *mld, const u16 *cmds, int n_cmds)
619 {
620 struct iwl_async_handler_entry *entry, *tmp;
621
622 spin_lock_bh(&mld->async_handlers_lock);
623 list_for_each_entry_safe(entry, tmp, &mld->async_handlers_list, list) {
624 bool match = false;
625
626 for (int i = 0; i < n_cmds; i++) {
627 if (entry->rx_h->cmd_id == cmds[i]) {
628 match = true;
629 break;
630 }
631 }
632
633 if (!match)
634 continue;
635
636 iwl_mld_log_async_handler_op(mld, "Delete", &entry->rxb);
637 iwl_free_rxb(&entry->rxb);
638 list_del(&entry->list);
639 kfree(entry);
640 }
641 spin_unlock_bh(&mld->async_handlers_lock);
642 }
643
iwl_mld_async_handlers_wk(struct wiphy * wiphy,struct wiphy_work * wk)644 void iwl_mld_async_handlers_wk(struct wiphy *wiphy, struct wiphy_work *wk)
645 {
646 struct iwl_mld *mld =
647 container_of(wk, struct iwl_mld, async_handlers_wk);
648 struct iwl_async_handler_entry *entry, *tmp;
649 LIST_HEAD(local_list);
650
651 /* Sync with Rx path with a lock. Remove all the entries from this
652 * list, add them to a local one (lock free), and then handle them.
653 */
654 spin_lock_bh(&mld->async_handlers_lock);
655 list_splice_init(&mld->async_handlers_list, &local_list);
656 spin_unlock_bh(&mld->async_handlers_lock);
657
658 list_for_each_entry_safe(entry, tmp, &local_list, list) {
659 iwl_mld_log_async_handler_op(mld, "Handle", &entry->rxb);
660 entry->rx_h->fn(mld, rxb_addr(&entry->rxb));
661 iwl_free_rxb(&entry->rxb);
662 list_del(&entry->list);
663 kfree(entry);
664 }
665 }
666
iwl_mld_cancel_async_notifications(struct iwl_mld * mld)667 void iwl_mld_cancel_async_notifications(struct iwl_mld *mld)
668 {
669 struct iwl_async_handler_entry *entry, *tmp;
670
671 lockdep_assert_wiphy(mld->wiphy);
672
673 wiphy_work_cancel(mld->wiphy, &mld->async_handlers_wk);
674
675 spin_lock_bh(&mld->async_handlers_lock);
676 list_for_each_entry_safe(entry, tmp, &mld->async_handlers_list, list) {
677 iwl_mld_log_async_handler_op(mld, "Purged", &entry->rxb);
678 iwl_free_rxb(&entry->rxb);
679 list_del(&entry->list);
680 kfree(entry);
681 }
682 spin_unlock_bh(&mld->async_handlers_lock);
683 }
684
iwl_mld_cancel_notifications_of_object(struct iwl_mld * mld,enum iwl_mld_object_type obj_type,u32 obj_id)685 void iwl_mld_cancel_notifications_of_object(struct iwl_mld *mld,
686 enum iwl_mld_object_type obj_type,
687 u32 obj_id)
688 {
689 struct iwl_async_handler_entry *entry, *tmp;
690 LIST_HEAD(cancel_list);
691
692 lockdep_assert_wiphy(mld->wiphy);
693
694 if (WARN_ON(obj_type == IWL_MLD_OBJECT_TYPE_NONE))
695 return;
696
697 /* Sync with RX path and remove matching entries from the async list */
698 spin_lock_bh(&mld->async_handlers_lock);
699 list_for_each_entry_safe(entry, tmp, &mld->async_handlers_list, list) {
700 const struct iwl_rx_handler *rx_h = entry->rx_h;
701
702 if (rx_h->obj_type != obj_type || WARN_ON(!rx_h->cancel))
703 continue;
704
705 if (rx_h->cancel(mld, rxb_addr(&entry->rxb), obj_id)) {
706 iwl_mld_log_async_handler_op(mld, "Cancel", &entry->rxb);
707 list_del(&entry->list);
708 list_add_tail(&entry->list, &cancel_list);
709 }
710 }
711
712 spin_unlock_bh(&mld->async_handlers_lock);
713
714 /* Free the matching entries outside of the spinlock */
715 list_for_each_entry_safe(entry, tmp, &cancel_list, list) {
716 iwl_free_rxb(&entry->rxb);
717 list_del(&entry->list);
718 kfree(entry);
719 }
720 }
721