1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause 2 /* 3 * Copyright (C) 2012-2014, 2018-2025 Intel Corporation 4 * Copyright (C) 2013-2015 Intel Mobile Communications GmbH 5 * Copyright (C) 2017 Intel Deutschland GmbH 6 */ 7 #include <linux/jiffies.h> 8 #include <net/mac80211.h> 9 10 #include "fw/notif-wait.h" 11 #include "iwl-trans.h" 12 #include "fw-api.h" 13 #include "time-event.h" 14 #include "mvm.h" 15 #include "iwl-io.h" 16 #include "iwl-prph.h" 17 18 /* 19 * For the high priority TE use a time event type that has similar priority to 20 * the FW's action scan priority. 21 */ 22 #define IWL_MVM_ROC_TE_TYPE_NORMAL TE_P2P_DEVICE_DISCOVERABLE 23 #define IWL_MVM_ROC_TE_TYPE_MGMT_TX TE_P2P_CLIENT_ASSOC 24 25 void iwl_mvm_te_clear_data(struct iwl_mvm *mvm, 26 struct iwl_mvm_time_event_data *te_data) 27 { 28 lockdep_assert_held(&mvm->time_event_lock); 29 30 if (!te_data || !te_data->vif) 31 return; 32 33 list_del(&te_data->list); 34 35 /* 36 * the list is only used for AUX ROC events so make sure it is always 37 * initialized 38 */ 39 INIT_LIST_HEAD(&te_data->list); 40 41 te_data->running = false; 42 te_data->uid = 0; 43 te_data->id = TE_MAX; 44 te_data->vif = NULL; 45 } 46 47 static void iwl_mvm_cleanup_roc(struct iwl_mvm *mvm) 48 { 49 struct ieee80211_vif *vif = mvm->p2p_device_vif; 50 51 lockdep_assert_held(&mvm->mutex); 52 53 /* 54 * Clear the ROC_P2P_RUNNING status bit. 55 * This will cause the TX path to drop offchannel transmissions. 56 * That would also be done by mac80211, but it is racy, in particular 57 * in the case that the time event actually completed in the firmware. 58 * 59 * Also flush the offchannel queue -- this is called when the time 60 * event finishes or is canceled, so that frames queued for it 61 * won't get stuck on the queue and be transmitted in the next 62 * time event. 63 */ 64 if (test_and_clear_bit(IWL_MVM_STATUS_ROC_P2P_RUNNING, &mvm->status)) { 65 struct iwl_mvm_vif *mvmvif; 66 67 synchronize_net(); 68 69 /* 70 * NB: access to this pointer would be racy, but the flush bit 71 * can only be set when we had a P2P-Device VIF, and we have a 72 * flush of this work in iwl_mvm_prepare_mac_removal() so it's 73 * not really racy. 74 */ 75 76 if (!WARN_ON(!vif)) { 77 mvmvif = iwl_mvm_vif_from_mac80211(vif); 78 iwl_mvm_flush_sta(mvm, mvmvif->deflink.bcast_sta.sta_id, 79 mvmvif->deflink.bcast_sta.tfd_queue_msk); 80 81 if (mvm->mld_api_is_used) { 82 iwl_mvm_mld_rm_bcast_sta(mvm, vif, 83 &vif->bss_conf); 84 85 iwl_mvm_link_changed(mvm, vif, &vif->bss_conf, 86 LINK_CONTEXT_MODIFY_ACTIVE, 87 false); 88 } else { 89 iwl_mvm_rm_p2p_bcast_sta(mvm, vif); 90 iwl_mvm_binding_remove_vif(mvm, vif); 91 } 92 93 /* Do not remove the PHY context as removing and adding 94 * a PHY context has timing overheads. Leaving it 95 * configured in FW would be useful in case the next ROC 96 * is with the same channel. 97 */ 98 } 99 } 100 101 /* 102 * P2P AUX ROC and HS2.0 ROC do not run simultaneously. 103 * Clear the ROC_AUX_RUNNING status bit. 104 * This will cause the TX path to drop offchannel transmissions. 105 * That would also be done by mac80211, but it is racy, in particular 106 * in the case that the time event actually completed in the firmware 107 * (which is handled in iwl_mvm_te_handle_notif). 108 */ 109 if (test_and_clear_bit(IWL_MVM_STATUS_ROC_AUX_RUNNING, &mvm->status)) { 110 synchronize_net(); 111 112 iwl_mvm_flush_sta(mvm, mvm->aux_sta.sta_id, 113 mvm->aux_sta.tfd_queue_msk); 114 115 /* In newer version of this command an aux station is added only 116 * in cases of dedicated tx queue and need to be removed in end 117 * of use. For the even newer mld api, use the appropriate 118 * function. 119 */ 120 if (mvm->mld_api_is_used) 121 iwl_mvm_mld_rm_aux_sta(mvm); 122 else if (iwl_mvm_has_new_station_api(mvm->fw)) 123 iwl_mvm_rm_aux_sta(mvm); 124 } 125 126 mutex_unlock(&mvm->mutex); 127 } 128 129 void iwl_mvm_roc_done_wk(struct work_struct *wk) 130 { 131 struct iwl_mvm *mvm = container_of(wk, struct iwl_mvm, roc_done_wk); 132 133 mutex_lock(&mvm->mutex); 134 /* Mutex is released inside */ 135 iwl_mvm_cleanup_roc(mvm); 136 } 137 138 static void iwl_mvm_roc_finished(struct iwl_mvm *mvm) 139 { 140 /* 141 * Of course, our status bit is just as racy as mac80211, so in 142 * addition, fire off the work struct which will drop all frames 143 * from the hardware queues that made it through the race. First 144 * it will of course synchronize the TX path to make sure that 145 * any *new* TX will be rejected. 146 */ 147 schedule_work(&mvm->roc_done_wk); 148 } 149 150 static void iwl_mvm_csa_noa_start(struct iwl_mvm *mvm) 151 { 152 struct ieee80211_vif *csa_vif; 153 154 rcu_read_lock(); 155 156 csa_vif = rcu_dereference(mvm->csa_vif); 157 if (!csa_vif || !csa_vif->bss_conf.csa_active) 158 goto out_unlock; 159 160 IWL_DEBUG_TE(mvm, "CSA NOA started\n"); 161 162 /* 163 * CSA NoA is started but we still have beacons to 164 * transmit on the current channel. 165 * So we just do nothing here and the switch 166 * will be performed on the last TBTT. 167 */ 168 if (!ieee80211_beacon_cntdwn_is_complete(csa_vif, 0)) { 169 IWL_WARN(mvm, "CSA NOA started too early\n"); 170 goto out_unlock; 171 } 172 173 ieee80211_csa_finish(csa_vif, 0); 174 175 rcu_read_unlock(); 176 177 RCU_INIT_POINTER(mvm->csa_vif, NULL); 178 179 return; 180 181 out_unlock: 182 rcu_read_unlock(); 183 } 184 185 static bool iwl_mvm_te_check_disconnect(struct iwl_mvm *mvm, 186 struct ieee80211_vif *vif, 187 const char *errmsg) 188 { 189 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 190 191 if (vif->type != NL80211_IFTYPE_STATION) 192 return false; 193 194 if (!mvmvif->csa_bcn_pending && vif->cfg.assoc && 195 vif->bss_conf.dtim_period) 196 return false; 197 if (errmsg) 198 IWL_ERR(mvm, "%s\n", errmsg); 199 200 if (mvmvif->csa_bcn_pending) { 201 struct iwl_mvm_sta *mvmsta; 202 203 rcu_read_lock(); 204 mvmsta = iwl_mvm_sta_from_staid_rcu(mvm, 205 mvmvif->deflink.ap_sta_id); 206 if (!WARN_ON(!mvmsta)) 207 iwl_mvm_sta_modify_disable_tx(mvm, mvmsta, false); 208 rcu_read_unlock(); 209 } 210 211 if (vif->cfg.assoc) { 212 /* 213 * When not associated, this will be called from 214 * iwl_mvm_event_mlme_callback_ini() 215 */ 216 iwl_dbg_tlv_time_point(&mvm->fwrt, 217 IWL_FW_INI_TIME_POINT_ASSOC_FAILED, 218 NULL); 219 220 mvmvif->session_prot_connection_loss = true; 221 } 222 223 iwl_mvm_connection_loss(mvm, vif, errmsg); 224 return true; 225 } 226 227 static void 228 iwl_mvm_te_handle_notify_csa(struct iwl_mvm *mvm, 229 struct iwl_mvm_time_event_data *te_data, 230 struct iwl_time_event_notif *notif) 231 { 232 struct ieee80211_vif *vif = te_data->vif; 233 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 234 235 if (!notif->status) 236 IWL_DEBUG_TE(mvm, "CSA time event failed to start\n"); 237 238 switch (te_data->vif->type) { 239 case NL80211_IFTYPE_AP: 240 if (!notif->status) 241 mvmvif->csa_failed = true; 242 iwl_mvm_csa_noa_start(mvm); 243 break; 244 case NL80211_IFTYPE_STATION: 245 if (!notif->status) { 246 iwl_mvm_connection_loss(mvm, vif, 247 "CSA TE failed to start"); 248 break; 249 } 250 iwl_mvm_csa_client_absent(mvm, te_data->vif); 251 cancel_delayed_work(&mvmvif->csa_work); 252 ieee80211_chswitch_done(te_data->vif, true, 0); 253 break; 254 default: 255 /* should never happen */ 256 WARN_ON_ONCE(1); 257 break; 258 } 259 260 /* we don't need it anymore */ 261 iwl_mvm_te_clear_data(mvm, te_data); 262 } 263 264 static void iwl_mvm_te_check_trigger(struct iwl_mvm *mvm, 265 struct iwl_time_event_notif *notif, 266 struct iwl_mvm_time_event_data *te_data) 267 { 268 struct iwl_fw_dbg_trigger_tlv *trig; 269 struct iwl_fw_dbg_trigger_time_event *te_trig; 270 int i; 271 272 trig = iwl_fw_dbg_trigger_on(&mvm->fwrt, 273 ieee80211_vif_to_wdev(te_data->vif), 274 FW_DBG_TRIGGER_TIME_EVENT); 275 if (!trig) 276 return; 277 278 te_trig = (void *)trig->data; 279 280 for (i = 0; i < ARRAY_SIZE(te_trig->time_events); i++) { 281 u32 trig_te_id = le32_to_cpu(te_trig->time_events[i].id); 282 u32 trig_action_bitmap = 283 le32_to_cpu(te_trig->time_events[i].action_bitmap); 284 u32 trig_status_bitmap = 285 le32_to_cpu(te_trig->time_events[i].status_bitmap); 286 287 if (trig_te_id != te_data->id || 288 !(trig_action_bitmap & le32_to_cpu(notif->action)) || 289 !(trig_status_bitmap & BIT(le32_to_cpu(notif->status)))) 290 continue; 291 292 iwl_fw_dbg_collect_trig(&mvm->fwrt, trig, 293 "Time event %d Action 0x%x received status: %d", 294 te_data->id, 295 le32_to_cpu(notif->action), 296 le32_to_cpu(notif->status)); 297 break; 298 } 299 } 300 301 /* 302 * Handles a FW notification for an event that is known to the driver. 303 * 304 * @mvm: the mvm component 305 * @te_data: the time event data 306 * @notif: the notification data corresponding the time event data. 307 */ 308 static void iwl_mvm_te_handle_notif(struct iwl_mvm *mvm, 309 struct iwl_mvm_time_event_data *te_data, 310 struct iwl_time_event_notif *notif) 311 { 312 lockdep_assert_held(&mvm->time_event_lock); 313 314 IWL_DEBUG_TE(mvm, "Handle time event notif - UID = 0x%x action %d\n", 315 le32_to_cpu(notif->unique_id), 316 le32_to_cpu(notif->action)); 317 318 iwl_mvm_te_check_trigger(mvm, notif, te_data); 319 320 /* 321 * The FW sends the start/end time event notifications even for events 322 * that it fails to schedule. This is indicated in the status field of 323 * the notification. This happens in cases that the scheduler cannot 324 * find a schedule that can handle the event (for example requesting a 325 * P2P Device discoveribility, while there are other higher priority 326 * events in the system). 327 */ 328 if (!le32_to_cpu(notif->status)) { 329 const char *msg; 330 331 if (notif->action & cpu_to_le32(TE_V2_NOTIF_HOST_EVENT_START)) 332 msg = "Time Event start notification failure"; 333 else 334 msg = "Time Event end notification failure"; 335 336 IWL_DEBUG_TE(mvm, "%s\n", msg); 337 338 if (iwl_mvm_te_check_disconnect(mvm, te_data->vif, msg)) { 339 iwl_mvm_te_clear_data(mvm, te_data); 340 return; 341 } 342 } 343 344 if (le32_to_cpu(notif->action) & TE_V2_NOTIF_HOST_EVENT_END) { 345 IWL_DEBUG_TE(mvm, 346 "TE ended - current time %lu, estimated end %lu\n", 347 jiffies, te_data->end_jiffies); 348 349 switch (te_data->vif->type) { 350 case NL80211_IFTYPE_P2P_DEVICE: 351 ieee80211_remain_on_channel_expired(mvm->hw); 352 iwl_mvm_roc_finished(mvm); 353 break; 354 case NL80211_IFTYPE_STATION: 355 /* 356 * If we are switching channel, don't disconnect 357 * if the time event is already done. Beacons can 358 * be delayed a bit after the switch. 359 */ 360 if (te_data->id == TE_CHANNEL_SWITCH_PERIOD) { 361 IWL_DEBUG_TE(mvm, 362 "No beacon heard and the CS time event is over, don't disconnect\n"); 363 break; 364 } 365 366 /* 367 * By now, we should have finished association 368 * and know the dtim period. 369 */ 370 iwl_mvm_te_check_disconnect(mvm, te_data->vif, 371 !te_data->vif->cfg.assoc ? 372 "Not associated and the time event is over already..." : 373 "No beacon heard and the time event is over already..."); 374 break; 375 default: 376 break; 377 } 378 379 iwl_mvm_te_clear_data(mvm, te_data); 380 } else if (le32_to_cpu(notif->action) & TE_V2_NOTIF_HOST_EVENT_START) { 381 te_data->running = true; 382 te_data->end_jiffies = TU_TO_EXP_TIME(te_data->duration); 383 384 if (te_data->vif->type == NL80211_IFTYPE_P2P_DEVICE) { 385 set_bit(IWL_MVM_STATUS_ROC_P2P_RUNNING, &mvm->status); 386 ieee80211_ready_on_channel(mvm->hw); 387 } else if (te_data->id == TE_CHANNEL_SWITCH_PERIOD) { 388 iwl_mvm_te_handle_notify_csa(mvm, te_data, notif); 389 } 390 } else { 391 IWL_WARN(mvm, "Got TE with unknown action\n"); 392 } 393 } 394 395 struct iwl_mvm_rx_roc_iterator_data { 396 u32 activity; 397 bool end_activity; 398 bool found; 399 }; 400 401 static void iwl_mvm_rx_roc_iterator(void *_data, u8 *mac, 402 struct ieee80211_vif *vif) 403 { 404 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 405 struct iwl_mvm_rx_roc_iterator_data *data = _data; 406 407 if (mvmvif->roc_activity == data->activity) { 408 data->found = true; 409 if (data->end_activity) 410 mvmvif->roc_activity = ROC_NUM_ACTIVITIES; 411 } 412 } 413 414 void iwl_mvm_rx_roc_notif(struct iwl_mvm *mvm, 415 struct iwl_rx_cmd_buffer *rxb) 416 { 417 struct iwl_rx_packet *pkt = rxb_addr(rxb); 418 struct iwl_roc_notif *notif = (void *)pkt->data; 419 u32 activity = le32_to_cpu(notif->activity); 420 bool started = le32_to_cpu(notif->success) && 421 le32_to_cpu(notif->started); 422 struct iwl_mvm_rx_roc_iterator_data data = { 423 .activity = activity, 424 .end_activity = !started, 425 }; 426 427 /* Clear vif roc_activity if done (set to ROC_NUM_ACTIVITIES) */ 428 ieee80211_iterate_active_interfaces_atomic(mvm->hw, 429 IEEE80211_IFACE_ITER_NORMAL, 430 iwl_mvm_rx_roc_iterator, 431 &data); 432 /* 433 * It is possible that the ROC was canceled 434 * but the notification was already fired. 435 */ 436 if (!data.found) 437 return; 438 439 if (started) { 440 set_bit(IWL_MVM_STATUS_ROC_AUX_RUNNING, &mvm->status); 441 ieee80211_ready_on_channel(mvm->hw); 442 } else { 443 iwl_mvm_roc_finished(mvm); 444 ieee80211_remain_on_channel_expired(mvm->hw); 445 } 446 } 447 448 /* 449 * Handle A Aux ROC time event 450 */ 451 static int iwl_mvm_aux_roc_te_handle_notif(struct iwl_mvm *mvm, 452 struct iwl_time_event_notif *notif) 453 { 454 struct iwl_mvm_time_event_data *aux_roc_te = NULL, *te_data; 455 456 list_for_each_entry(te_data, &mvm->aux_roc_te_list, list) { 457 if (le32_to_cpu(notif->unique_id) == te_data->uid) { 458 aux_roc_te = te_data; 459 break; 460 } 461 } 462 if (!aux_roc_te) /* Not a Aux ROC time event */ 463 return -EINVAL; 464 465 iwl_mvm_te_check_trigger(mvm, notif, aux_roc_te); 466 467 IWL_DEBUG_TE(mvm, 468 "Aux ROC time event notification - UID = 0x%x action %d (error = %d)\n", 469 le32_to_cpu(notif->unique_id), 470 le32_to_cpu(notif->action), le32_to_cpu(notif->status)); 471 472 if (!le32_to_cpu(notif->status) || 473 le32_to_cpu(notif->action) == TE_V2_NOTIF_HOST_EVENT_END) { 474 /* End TE, notify mac80211 */ 475 ieee80211_remain_on_channel_expired(mvm->hw); 476 iwl_mvm_roc_finished(mvm); /* flush aux queue */ 477 list_del(&aux_roc_te->list); /* remove from list */ 478 aux_roc_te->running = false; 479 aux_roc_te->vif = NULL; 480 aux_roc_te->uid = 0; 481 aux_roc_te->id = TE_MAX; 482 } else if (le32_to_cpu(notif->action) == TE_V2_NOTIF_HOST_EVENT_START) { 483 set_bit(IWL_MVM_STATUS_ROC_AUX_RUNNING, &mvm->status); 484 aux_roc_te->running = true; 485 ieee80211_ready_on_channel(mvm->hw); /* Start TE */ 486 } else { 487 IWL_DEBUG_TE(mvm, 488 "ERROR: Unknown Aux ROC Time Event (action = %d)\n", 489 le32_to_cpu(notif->action)); 490 return -EINVAL; 491 } 492 493 return 0; 494 } 495 496 /* 497 * The Rx handler for time event notifications 498 */ 499 void iwl_mvm_rx_time_event_notif(struct iwl_mvm *mvm, 500 struct iwl_rx_cmd_buffer *rxb) 501 { 502 struct iwl_rx_packet *pkt = rxb_addr(rxb); 503 struct iwl_time_event_notif *notif = (void *)pkt->data; 504 struct iwl_mvm_time_event_data *te_data, *tmp; 505 506 IWL_DEBUG_TE(mvm, "Time event notification - UID = 0x%x action %d\n", 507 le32_to_cpu(notif->unique_id), 508 le32_to_cpu(notif->action)); 509 510 spin_lock_bh(&mvm->time_event_lock); 511 /* This time event is triggered for Aux ROC request */ 512 if (!iwl_mvm_aux_roc_te_handle_notif(mvm, notif)) 513 goto unlock; 514 515 list_for_each_entry_safe(te_data, tmp, &mvm->time_event_list, list) { 516 if (le32_to_cpu(notif->unique_id) == te_data->uid) 517 iwl_mvm_te_handle_notif(mvm, te_data, notif); 518 } 519 unlock: 520 spin_unlock_bh(&mvm->time_event_lock); 521 } 522 523 static bool iwl_mvm_te_notif(struct iwl_notif_wait_data *notif_wait, 524 struct iwl_rx_packet *pkt, void *data) 525 { 526 struct iwl_mvm *mvm = 527 container_of(notif_wait, struct iwl_mvm, notif_wait); 528 struct iwl_mvm_time_event_data *te_data = data; 529 struct iwl_time_event_notif *resp; 530 int resp_len = iwl_rx_packet_payload_len(pkt); 531 532 if (WARN_ON(pkt->hdr.cmd != TIME_EVENT_NOTIFICATION)) 533 return true; 534 535 if (WARN_ON_ONCE(resp_len != sizeof(*resp))) { 536 IWL_ERR(mvm, "Invalid TIME_EVENT_NOTIFICATION response\n"); 537 return true; 538 } 539 540 resp = (void *)pkt->data; 541 542 /* te_data->uid is already set in the TIME_EVENT_CMD response */ 543 if (le32_to_cpu(resp->unique_id) != te_data->uid) 544 return false; 545 546 IWL_DEBUG_TE(mvm, "TIME_EVENT_NOTIFICATION response - UID = 0x%x\n", 547 te_data->uid); 548 if (!resp->status) 549 IWL_ERR(mvm, 550 "TIME_EVENT_NOTIFICATION received but not executed\n"); 551 552 return true; 553 } 554 555 static bool iwl_mvm_time_event_response(struct iwl_notif_wait_data *notif_wait, 556 struct iwl_rx_packet *pkt, void *data) 557 { 558 struct iwl_mvm *mvm = 559 container_of(notif_wait, struct iwl_mvm, notif_wait); 560 struct iwl_mvm_time_event_data *te_data = data; 561 struct iwl_time_event_resp *resp; 562 int resp_len = iwl_rx_packet_payload_len(pkt); 563 564 if (WARN_ON(pkt->hdr.cmd != TIME_EVENT_CMD)) 565 return true; 566 567 if (WARN_ON_ONCE(resp_len != sizeof(*resp))) { 568 IWL_ERR(mvm, "Invalid TIME_EVENT_CMD response\n"); 569 return true; 570 } 571 572 resp = (void *)pkt->data; 573 574 /* we should never get a response to another TIME_EVENT_CMD here */ 575 if (WARN_ON_ONCE(le32_to_cpu(resp->id) != te_data->id)) 576 return false; 577 578 te_data->uid = le32_to_cpu(resp->unique_id); 579 IWL_DEBUG_TE(mvm, "TIME_EVENT_CMD response - UID = 0x%x\n", 580 te_data->uid); 581 return true; 582 } 583 584 static int iwl_mvm_time_event_send_add(struct iwl_mvm *mvm, 585 struct ieee80211_vif *vif, 586 struct iwl_mvm_time_event_data *te_data, 587 struct iwl_time_event_cmd *te_cmd) 588 { 589 static const u16 time_event_response[] = { TIME_EVENT_CMD }; 590 struct iwl_notification_wait wait_time_event; 591 int ret; 592 593 lockdep_assert_held(&mvm->mutex); 594 595 IWL_DEBUG_TE(mvm, "Add new TE, duration %d TU\n", 596 le32_to_cpu(te_cmd->duration)); 597 598 spin_lock_bh(&mvm->time_event_lock); 599 if (WARN_ON(te_data->id != TE_MAX)) { 600 spin_unlock_bh(&mvm->time_event_lock); 601 return -EIO; 602 } 603 te_data->vif = vif; 604 te_data->duration = le32_to_cpu(te_cmd->duration); 605 te_data->id = le32_to_cpu(te_cmd->id); 606 list_add_tail(&te_data->list, &mvm->time_event_list); 607 spin_unlock_bh(&mvm->time_event_lock); 608 609 /* 610 * Use a notification wait, which really just processes the 611 * command response and doesn't wait for anything, in order 612 * to be able to process the response and get the UID inside 613 * the RX path. Using CMD_WANT_SKB doesn't work because it 614 * stores the buffer and then wakes up this thread, by which 615 * time another notification (that the time event started) 616 * might already be processed unsuccessfully. 617 */ 618 iwl_init_notification_wait(&mvm->notif_wait, &wait_time_event, 619 time_event_response, 620 ARRAY_SIZE(time_event_response), 621 iwl_mvm_time_event_response, te_data); 622 623 ret = iwl_mvm_send_cmd_pdu(mvm, TIME_EVENT_CMD, 0, 624 sizeof(*te_cmd), te_cmd); 625 if (ret) { 626 IWL_ERR(mvm, "Couldn't send TIME_EVENT_CMD: %d\n", ret); 627 iwl_remove_notification(&mvm->notif_wait, &wait_time_event); 628 goto out_clear_te; 629 } 630 631 /* No need to wait for anything, so just pass 1 (0 isn't valid) */ 632 ret = iwl_wait_notification(&mvm->notif_wait, &wait_time_event, 1); 633 /* should never fail */ 634 WARN_ON_ONCE(ret); 635 636 if (ret) { 637 out_clear_te: 638 spin_lock_bh(&mvm->time_event_lock); 639 iwl_mvm_te_clear_data(mvm, te_data); 640 spin_unlock_bh(&mvm->time_event_lock); 641 } 642 return ret; 643 } 644 645 void iwl_mvm_protect_session(struct iwl_mvm *mvm, 646 struct ieee80211_vif *vif, 647 u32 duration, u32 min_duration, 648 u32 max_delay, bool wait_for_notif) 649 { 650 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 651 struct iwl_mvm_time_event_data *te_data = &mvmvif->time_event_data; 652 const u16 te_notif_response[] = { TIME_EVENT_NOTIFICATION }; 653 struct iwl_notification_wait wait_te_notif; 654 struct iwl_time_event_cmd time_cmd = {}; 655 656 lockdep_assert_held(&mvm->mutex); 657 658 if (te_data->running && 659 time_after(te_data->end_jiffies, TU_TO_EXP_TIME(min_duration))) { 660 IWL_DEBUG_TE(mvm, "We have enough time in the current TE: %u\n", 661 jiffies_to_msecs(te_data->end_jiffies - jiffies)); 662 return; 663 } 664 665 if (te_data->running) { 666 IWL_DEBUG_TE(mvm, "extend 0x%x: only %u ms left\n", 667 te_data->uid, 668 jiffies_to_msecs(te_data->end_jiffies - jiffies)); 669 /* 670 * we don't have enough time 671 * cancel the current TE and issue a new one 672 * Of course it would be better to remove the old one only 673 * when the new one is added, but we don't care if we are off 674 * channel for a bit. All we need to do, is not to return 675 * before we actually begin to be on the channel. 676 */ 677 iwl_mvm_stop_session_protection(mvm, vif); 678 } 679 680 time_cmd.action = cpu_to_le32(FW_CTXT_ACTION_ADD); 681 time_cmd.id_and_color = 682 cpu_to_le32(FW_CMD_ID_AND_COLOR(mvmvif->id, mvmvif->color)); 683 time_cmd.id = cpu_to_le32(TE_BSS_STA_AGGRESSIVE_ASSOC); 684 685 time_cmd.apply_time = cpu_to_le32(0); 686 687 time_cmd.max_frags = TE_V2_FRAG_NONE; 688 time_cmd.max_delay = cpu_to_le32(max_delay); 689 /* TODO: why do we need to interval = bi if it is not periodic? */ 690 time_cmd.interval = cpu_to_le32(1); 691 time_cmd.duration = cpu_to_le32(duration); 692 time_cmd.repeat = 1; 693 time_cmd.policy = cpu_to_le16(TE_V2_NOTIF_HOST_EVENT_START | 694 TE_V2_NOTIF_HOST_EVENT_END | 695 TE_V2_START_IMMEDIATELY); 696 697 if (!wait_for_notif) { 698 iwl_mvm_time_event_send_add(mvm, vif, te_data, &time_cmd); 699 return; 700 } 701 702 /* 703 * Create notification_wait for the TIME_EVENT_NOTIFICATION to use 704 * right after we send the time event 705 */ 706 iwl_init_notification_wait(&mvm->notif_wait, &wait_te_notif, 707 te_notif_response, 708 ARRAY_SIZE(te_notif_response), 709 iwl_mvm_te_notif, te_data); 710 711 /* If TE was sent OK - wait for the notification that started */ 712 if (iwl_mvm_time_event_send_add(mvm, vif, te_data, &time_cmd)) { 713 IWL_ERR(mvm, "Failed to add TE to protect session\n"); 714 iwl_remove_notification(&mvm->notif_wait, &wait_te_notif); 715 } else if (iwl_wait_notification(&mvm->notif_wait, &wait_te_notif, 716 TU_TO_JIFFIES(max_delay))) { 717 IWL_ERR(mvm, "Failed to protect session until TE\n"); 718 } 719 } 720 721 /* Determine whether mac or link id should be used, and validate the link id */ 722 static int iwl_mvm_get_session_prot_id(struct iwl_mvm *mvm, 723 struct ieee80211_vif *vif) 724 { 725 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 726 int ver = iwl_fw_lookup_cmd_ver(mvm->fw, 727 WIDE_ID(MAC_CONF_GROUP, 728 SESSION_PROTECTION_CMD), 1); 729 730 if (ver < 2) 731 return mvmvif->id; 732 733 if (WARN(!mvmvif->deflink.active, 734 "Session Protection on an inactive link\n")) 735 return -EINVAL; 736 737 return mvmvif->deflink.fw_link_id; 738 } 739 740 static void iwl_mvm_cancel_session_protection(struct iwl_mvm *mvm, 741 struct ieee80211_vif *vif, 742 u32 id) 743 { 744 int mac_link_id = iwl_mvm_get_session_prot_id(mvm, vif); 745 struct iwl_session_prot_cmd cmd = { 746 .id_and_color = cpu_to_le32(mac_link_id), 747 .action = cpu_to_le32(FW_CTXT_ACTION_REMOVE), 748 .conf_id = cpu_to_le32(id), 749 }; 750 int ret; 751 752 if (mac_link_id < 0) 753 return; 754 755 ret = iwl_mvm_send_cmd_pdu(mvm, 756 WIDE_ID(MAC_CONF_GROUP, SESSION_PROTECTION_CMD), 757 0, sizeof(cmd), &cmd); 758 if (ret) 759 IWL_ERR(mvm, 760 "Couldn't send the SESSION_PROTECTION_CMD: %d\n", ret); 761 } 762 763 static void iwl_mvm_roc_rm_cmd(struct iwl_mvm *mvm, u32 activity) 764 { 765 struct iwl_roc_req roc_cmd = { 766 .action = cpu_to_le32(FW_CTXT_ACTION_REMOVE), 767 .activity = cpu_to_le32(activity), 768 }; 769 u8 ver = iwl_fw_lookup_cmd_ver(mvm->fw, WIDE_ID(MAC_CONF_GROUP, ROC_CMD), 0); 770 u16 cmd_len = ver < 6 ? sizeof(struct iwl_roc_req_v5) : sizeof(roc_cmd); 771 int ret; 772 773 lockdep_assert_held(&mvm->mutex); 774 ret = iwl_mvm_send_cmd_pdu(mvm, WIDE_ID(MAC_CONF_GROUP, ROC_CMD), 0, 775 cmd_len, &roc_cmd); 776 if (ret) 777 IWL_ERR(mvm, "Couldn't send the ROC_CMD: %d\n", ret); 778 } 779 780 static bool __iwl_mvm_remove_time_event(struct iwl_mvm *mvm, 781 struct iwl_mvm_time_event_data *te_data, 782 u32 *uid) 783 { 784 u32 id; 785 struct ieee80211_vif *vif = te_data->vif; 786 struct iwl_mvm_vif *mvmvif; 787 enum nl80211_iftype iftype; 788 bool p2p_aux = iwl_mvm_has_p2p_over_aux(mvm); 789 u8 roc_ver = iwl_fw_lookup_cmd_ver(mvm->fw, 790 WIDE_ID(MAC_CONF_GROUP, ROC_CMD), 0); 791 792 if (!vif) 793 return false; 794 795 mvmvif = iwl_mvm_vif_from_mac80211(te_data->vif); 796 iftype = te_data->vif->type; 797 798 /* 799 * It is possible that by the time we got to this point the time 800 * event was already removed. 801 */ 802 spin_lock_bh(&mvm->time_event_lock); 803 804 /* Save time event uid before clearing its data */ 805 *uid = te_data->uid; 806 id = te_data->id; 807 808 /* 809 * The clear_data function handles time events that were already removed 810 */ 811 iwl_mvm_te_clear_data(mvm, te_data); 812 spin_unlock_bh(&mvm->time_event_lock); 813 814 if ((p2p_aux && iftype == NL80211_IFTYPE_P2P_DEVICE) || 815 (roc_ver >= 3 && mvmvif->roc_activity == ROC_ACTIVITY_HOTSPOT)) { 816 if (mvmvif->roc_activity < ROC_NUM_ACTIVITIES) { 817 iwl_mvm_roc_rm_cmd(mvm, mvmvif->roc_activity); 818 mvmvif->roc_activity = ROC_NUM_ACTIVITIES; 819 iwl_mvm_roc_finished(mvm); 820 } 821 return false; 822 } else if (fw_has_capa(&mvm->fw->ucode_capa, 823 IWL_UCODE_TLV_CAPA_SESSION_PROT_CMD) && 824 id != HOT_SPOT_CMD) { 825 /* When session protection is used, the te_data->id field 826 * is reused to save session protection's configuration. 827 * For AUX ROC, HOT_SPOT_CMD is used and the te_data->id 828 * field is set to HOT_SPOT_CMD. 829 */ 830 if (mvmvif && id < SESSION_PROTECT_CONF_MAX_ID) { 831 /* Session protection is still ongoing. Cancel it */ 832 iwl_mvm_cancel_session_protection(mvm, vif, id); 833 if (iftype == NL80211_IFTYPE_P2P_DEVICE) { 834 iwl_mvm_roc_finished(mvm); 835 } 836 } 837 return false; 838 } else { 839 /* It is possible that by the time we try to remove it, the 840 * time event has already ended and removed. In such a case 841 * there is no need to send a removal command. 842 */ 843 if (id == TE_MAX) { 844 IWL_DEBUG_TE(mvm, "TE 0x%x has already ended\n", *uid); 845 return false; 846 } 847 } 848 849 return true; 850 } 851 852 /* 853 * Explicit request to remove a aux roc time event. The removal of a time 854 * event needs to be synchronized with the flow of a time event's end 855 * notification, which also removes the time event from the op mode 856 * data structures. 857 */ 858 static void iwl_mvm_remove_aux_roc_te(struct iwl_mvm *mvm, 859 struct iwl_mvm_vif *mvmvif, 860 struct iwl_mvm_time_event_data *te_data) 861 { 862 struct iwl_hs20_roc_req aux_cmd = {}; 863 u16 len = sizeof(aux_cmd) - iwl_mvm_chan_info_padding(mvm); 864 865 u32 uid; 866 int ret; 867 868 if (!__iwl_mvm_remove_time_event(mvm, te_data, &uid)) 869 return; 870 871 aux_cmd.event_unique_id = cpu_to_le32(uid); 872 aux_cmd.action = cpu_to_le32(FW_CTXT_ACTION_REMOVE); 873 aux_cmd.id_and_color = 874 cpu_to_le32(FW_CMD_ID_AND_COLOR(mvmvif->id, mvmvif->color)); 875 IWL_DEBUG_TE(mvm, "Removing BSS AUX ROC TE 0x%x\n", 876 le32_to_cpu(aux_cmd.event_unique_id)); 877 ret = iwl_mvm_send_cmd_pdu(mvm, HOT_SPOT_CMD, 0, 878 len, &aux_cmd); 879 880 if (WARN_ON(ret)) 881 return; 882 } 883 884 /* 885 * Explicit request to remove a time event. The removal of a time event needs to 886 * be synchronized with the flow of a time event's end notification, which also 887 * removes the time event from the op mode data structures. 888 */ 889 void iwl_mvm_remove_time_event(struct iwl_mvm *mvm, 890 struct iwl_mvm_vif *mvmvif, 891 struct iwl_mvm_time_event_data *te_data) 892 { 893 struct iwl_time_event_cmd time_cmd = {}; 894 u32 uid; 895 int ret; 896 897 if (!__iwl_mvm_remove_time_event(mvm, te_data, &uid)) 898 return; 899 900 /* When we remove a TE, the UID is to be set in the id field */ 901 time_cmd.id = cpu_to_le32(uid); 902 time_cmd.action = cpu_to_le32(FW_CTXT_ACTION_REMOVE); 903 time_cmd.id_and_color = 904 cpu_to_le32(FW_CMD_ID_AND_COLOR(mvmvif->id, mvmvif->color)); 905 906 IWL_DEBUG_TE(mvm, "Removing TE 0x%x\n", le32_to_cpu(time_cmd.id)); 907 ret = iwl_mvm_send_cmd_pdu(mvm, TIME_EVENT_CMD, 0, 908 sizeof(time_cmd), &time_cmd); 909 if (ret) 910 IWL_ERR(mvm, "Couldn't remove the time event\n"); 911 } 912 913 void iwl_mvm_stop_session_protection(struct iwl_mvm *mvm, 914 struct ieee80211_vif *vif) 915 { 916 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 917 struct iwl_mvm_time_event_data *te_data = &mvmvif->time_event_data; 918 u32 id; 919 920 lockdep_assert_held(&mvm->mutex); 921 922 spin_lock_bh(&mvm->time_event_lock); 923 id = te_data->id; 924 spin_unlock_bh(&mvm->time_event_lock); 925 926 if (fw_has_capa(&mvm->fw->ucode_capa, 927 IWL_UCODE_TLV_CAPA_SESSION_PROT_CMD)) { 928 if (id != SESSION_PROTECT_CONF_ASSOC) { 929 IWL_DEBUG_TE(mvm, 930 "don't remove session protection id=%u\n", 931 id); 932 return; 933 } 934 } else if (id != TE_BSS_STA_AGGRESSIVE_ASSOC) { 935 IWL_DEBUG_TE(mvm, 936 "don't remove TE with id=%u (not session protection)\n", 937 id); 938 return; 939 } 940 941 iwl_mvm_remove_time_event(mvm, mvmvif, te_data); 942 } 943 944 void iwl_mvm_rx_session_protect_notif(struct iwl_mvm *mvm, 945 struct iwl_rx_cmd_buffer *rxb) 946 { 947 struct iwl_rx_packet *pkt = rxb_addr(rxb); 948 struct iwl_session_prot_notif *notif = (void *)pkt->data; 949 int id = le32_to_cpu(notif->mac_link_id); 950 struct ieee80211_vif *vif; 951 struct iwl_mvm_vif *mvmvif; 952 953 rcu_read_lock(); 954 955 /* note we use link ID == MAC ID */ 956 vif = iwl_mvm_rcu_dereference_vif_id(mvm, id, true); 957 if (!vif) 958 goto out_unlock; 959 960 mvmvif = iwl_mvm_vif_from_mac80211(vif); 961 962 /* The vif is not a P2P_DEVICE, maintain its time_event_data */ 963 if (vif->type != NL80211_IFTYPE_P2P_DEVICE) { 964 struct iwl_mvm_time_event_data *te_data = 965 &mvmvif->time_event_data; 966 967 if (!le32_to_cpu(notif->status)) { 968 iwl_mvm_te_check_disconnect(mvm, vif, 969 "Session protection failure"); 970 spin_lock_bh(&mvm->time_event_lock); 971 iwl_mvm_te_clear_data(mvm, te_data); 972 spin_unlock_bh(&mvm->time_event_lock); 973 } 974 975 if (le32_to_cpu(notif->start)) { 976 spin_lock_bh(&mvm->time_event_lock); 977 te_data->running = le32_to_cpu(notif->start); 978 te_data->end_jiffies = 979 TU_TO_EXP_TIME(te_data->duration); 980 spin_unlock_bh(&mvm->time_event_lock); 981 } else { 982 /* 983 * By now, we should have finished association 984 * and know the dtim period. 985 */ 986 iwl_mvm_te_check_disconnect(mvm, vif, 987 !vif->cfg.assoc ? 988 "Not associated and the session protection is over already..." : 989 "No beacon heard and the session protection is over already..."); 990 spin_lock_bh(&mvm->time_event_lock); 991 iwl_mvm_te_clear_data(mvm, te_data); 992 spin_unlock_bh(&mvm->time_event_lock); 993 } 994 995 goto out_unlock; 996 } 997 998 if (!le32_to_cpu(notif->status) || !le32_to_cpu(notif->start)) { 999 /* End TE, notify mac80211 */ 1000 mvmvif->time_event_data.id = SESSION_PROTECT_CONF_MAX_ID; 1001 /* set the bit so the ROC cleanup will actually clean up */ 1002 set_bit(IWL_MVM_STATUS_ROC_P2P_RUNNING, &mvm->status); 1003 iwl_mvm_roc_finished(mvm); 1004 ieee80211_remain_on_channel_expired(mvm->hw); 1005 } else if (le32_to_cpu(notif->start)) { 1006 if (WARN_ON(mvmvif->time_event_data.id != 1007 le32_to_cpu(notif->conf_id))) 1008 goto out_unlock; 1009 set_bit(IWL_MVM_STATUS_ROC_P2P_RUNNING, &mvm->status); 1010 ieee80211_ready_on_channel(mvm->hw); /* Start TE */ 1011 } 1012 1013 out_unlock: 1014 rcu_read_unlock(); 1015 } 1016 1017 #define AUX_ROC_MIN_DURATION MSEC_TO_TU(100) 1018 #define AUX_ROC_MIN_DELAY MSEC_TO_TU(200) 1019 #define AUX_ROC_MAX_DELAY MSEC_TO_TU(600) 1020 #define AUX_ROC_SAFETY_BUFFER MSEC_TO_TU(20) 1021 #define AUX_ROC_MIN_SAFETY_BUFFER MSEC_TO_TU(10) 1022 1023 void iwl_mvm_roc_duration_and_delay(struct ieee80211_vif *vif, 1024 u32 duration_ms, 1025 u32 *duration_tu, 1026 u32 *delay) 1027 { 1028 struct ieee80211_bss_conf *link_conf; 1029 unsigned int link_id; 1030 u32 dtim_interval = 0; 1031 1032 *delay = AUX_ROC_MIN_DELAY; 1033 *duration_tu = MSEC_TO_TU(duration_ms); 1034 1035 rcu_read_lock(); 1036 for_each_vif_active_link(vif, link_conf, link_id) { 1037 dtim_interval = 1038 max_t(u32, dtim_interval, 1039 link_conf->dtim_period * link_conf->beacon_int); 1040 } 1041 rcu_read_unlock(); 1042 1043 /* 1044 * If we are associated we want the delay time to be at least one 1045 * dtim interval so that the FW can wait until after the DTIM and 1046 * then start the time event, this will potentially allow us to 1047 * remain off-channel for the max duration. 1048 * Since we want to use almost a whole dtim interval we would also 1049 * like the delay to be for 2-3 dtim intervals, in case there are 1050 * other time events with higher priority. 1051 * dtim_interval should never be 0, it can be 1 if we don't know it 1052 * (we haven't heard any beacon yet). 1053 */ 1054 if (vif->cfg.assoc && !WARN_ON(!dtim_interval)) { 1055 *delay = min_t(u32, dtim_interval * 3, AUX_ROC_MAX_DELAY); 1056 /* We cannot remain off-channel longer than the DTIM interval */ 1057 if (dtim_interval <= *duration_tu) { 1058 *duration_tu = dtim_interval - AUX_ROC_SAFETY_BUFFER; 1059 if (*duration_tu <= AUX_ROC_MIN_DURATION) 1060 *duration_tu = dtim_interval - 1061 AUX_ROC_MIN_SAFETY_BUFFER; 1062 } 1063 } 1064 } 1065 1066 int iwl_mvm_roc_add_cmd(struct iwl_mvm *mvm, 1067 struct ieee80211_channel *channel, 1068 struct ieee80211_vif *vif, 1069 int duration, enum iwl_roc_activity activity) 1070 { 1071 int res; 1072 u32 duration_tu, delay; 1073 struct iwl_roc_req roc_req = { 1074 .action = cpu_to_le32(FW_CTXT_ACTION_ADD), 1075 .activity = cpu_to_le32(activity), 1076 .sta_id = cpu_to_le32(mvm->aux_sta.sta_id), 1077 }; 1078 u8 ver = iwl_fw_lookup_cmd_ver(mvm->fw, WIDE_ID(MAC_CONF_GROUP, ROC_CMD), 0); 1079 u16 cmd_len = ver < 6 ? sizeof(struct iwl_roc_req_v5) : sizeof(roc_req); 1080 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 1081 1082 lockdep_assert_held(&mvm->mutex); 1083 1084 if (WARN_ON(mvmvif->roc_activity != ROC_NUM_ACTIVITIES)) 1085 return -EBUSY; 1086 1087 /* Set the channel info data */ 1088 iwl_mvm_set_chan_info(mvm, &roc_req.channel_info, 1089 channel->hw_value, 1090 iwl_mvm_phy_band_from_nl80211(channel->band), 1091 IWL_PHY_CHANNEL_MODE20, 0); 1092 1093 iwl_mvm_roc_duration_and_delay(vif, duration, &duration_tu, 1094 &delay); 1095 roc_req.duration = cpu_to_le32(duration_tu); 1096 roc_req.max_delay = cpu_to_le32(delay); 1097 1098 IWL_DEBUG_TE(mvm, 1099 "\t(requested = %ums, max_delay = %ums)\n", 1100 duration, delay); 1101 IWL_DEBUG_TE(mvm, 1102 "Requesting to remain on channel %u for %utu. activity %u\n", 1103 channel->hw_value, duration_tu, activity); 1104 1105 /* Set the node address */ 1106 memcpy(roc_req.node_addr, vif->addr, ETH_ALEN); 1107 1108 res = iwl_mvm_send_cmd_pdu(mvm, WIDE_ID(MAC_CONF_GROUP, ROC_CMD), 1109 0, cmd_len, &roc_req); 1110 if (!res) 1111 mvmvif->roc_activity = activity; 1112 1113 return res; 1114 } 1115 1116 static int 1117 iwl_mvm_start_p2p_roc_session_protection(struct iwl_mvm *mvm, 1118 struct ieee80211_vif *vif, 1119 int duration, 1120 enum ieee80211_roc_type type) 1121 { 1122 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 1123 struct iwl_session_prot_cmd cmd = { 1124 .id_and_color = 1125 cpu_to_le32(iwl_mvm_get_session_prot_id(mvm, vif)), 1126 .action = cpu_to_le32(FW_CTXT_ACTION_ADD), 1127 .duration_tu = cpu_to_le32(MSEC_TO_TU(duration)), 1128 }; 1129 1130 lockdep_assert_held(&mvm->mutex); 1131 1132 /* The time_event_data.id field is reused to save session 1133 * protection's configuration. 1134 */ 1135 1136 switch (type) { 1137 case IEEE80211_ROC_TYPE_NORMAL: 1138 mvmvif->time_event_data.id = 1139 SESSION_PROTECT_CONF_P2P_DEVICE_DISCOV; 1140 break; 1141 case IEEE80211_ROC_TYPE_MGMT_TX: 1142 mvmvif->time_event_data.id = 1143 SESSION_PROTECT_CONF_P2P_GO_NEGOTIATION; 1144 break; 1145 default: 1146 WARN_ONCE(1, "Got an invalid ROC type\n"); 1147 return -EINVAL; 1148 } 1149 1150 cmd.conf_id = cpu_to_le32(mvmvif->time_event_data.id); 1151 return iwl_mvm_send_cmd_pdu(mvm, 1152 WIDE_ID(MAC_CONF_GROUP, SESSION_PROTECTION_CMD), 1153 0, sizeof(cmd), &cmd); 1154 } 1155 1156 int iwl_mvm_start_p2p_roc(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 1157 int duration, enum ieee80211_roc_type type) 1158 { 1159 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 1160 struct iwl_mvm_time_event_data *te_data = &mvmvif->time_event_data; 1161 struct iwl_time_event_cmd time_cmd = {}; 1162 1163 lockdep_assert_held(&mvm->mutex); 1164 if (te_data->running) { 1165 IWL_WARN(mvm, "P2P_DEVICE remain on channel already running\n"); 1166 return -EBUSY; 1167 } 1168 1169 if (fw_has_capa(&mvm->fw->ucode_capa, 1170 IWL_UCODE_TLV_CAPA_SESSION_PROT_CMD)) 1171 return iwl_mvm_start_p2p_roc_session_protection(mvm, vif, 1172 duration, 1173 type); 1174 1175 time_cmd.action = cpu_to_le32(FW_CTXT_ACTION_ADD); 1176 time_cmd.id_and_color = 1177 cpu_to_le32(FW_CMD_ID_AND_COLOR(mvmvif->id, mvmvif->color)); 1178 1179 switch (type) { 1180 case IEEE80211_ROC_TYPE_NORMAL: 1181 time_cmd.id = cpu_to_le32(IWL_MVM_ROC_TE_TYPE_NORMAL); 1182 break; 1183 case IEEE80211_ROC_TYPE_MGMT_TX: 1184 time_cmd.id = cpu_to_le32(IWL_MVM_ROC_TE_TYPE_MGMT_TX); 1185 break; 1186 default: 1187 WARN_ONCE(1, "Got an invalid ROC type\n"); 1188 return -EINVAL; 1189 } 1190 1191 time_cmd.apply_time = cpu_to_le32(0); 1192 time_cmd.interval = cpu_to_le32(1); 1193 1194 /* 1195 * The P2P Device TEs can have lower priority than other events 1196 * that are being scheduled by the driver/fw, and thus it might not be 1197 * scheduled. To improve the chances of it being scheduled, allow them 1198 * to be fragmented, and in addition allow them to be delayed. 1199 */ 1200 time_cmd.max_frags = min(MSEC_TO_TU(duration)/50, TE_V2_FRAG_ENDLESS); 1201 time_cmd.max_delay = cpu_to_le32(MSEC_TO_TU(duration/2)); 1202 time_cmd.duration = cpu_to_le32(MSEC_TO_TU(duration)); 1203 time_cmd.repeat = 1; 1204 time_cmd.policy = cpu_to_le16(TE_V2_NOTIF_HOST_EVENT_START | 1205 TE_V2_NOTIF_HOST_EVENT_END | 1206 TE_V2_START_IMMEDIATELY); 1207 1208 return iwl_mvm_time_event_send_add(mvm, vif, te_data, &time_cmd); 1209 } 1210 1211 static struct iwl_mvm_time_event_data *iwl_mvm_get_roc_te(struct iwl_mvm *mvm) 1212 { 1213 struct iwl_mvm_time_event_data *te_data; 1214 1215 lockdep_assert_held(&mvm->mutex); 1216 1217 spin_lock_bh(&mvm->time_event_lock); 1218 1219 /* 1220 * Iterate over the list of time events and find the time event that is 1221 * associated with a P2P_DEVICE interface. 1222 * This assumes that a P2P_DEVICE interface can have only a single time 1223 * event at any given time and this time event coresponds to a ROC 1224 * request 1225 */ 1226 list_for_each_entry(te_data, &mvm->time_event_list, list) { 1227 if (te_data->vif->type == NL80211_IFTYPE_P2P_DEVICE) 1228 goto out; 1229 } 1230 1231 /* There can only be at most one AUX ROC time event, we just use the 1232 * list to simplify/unify code. Remove it if it exists. 1233 */ 1234 te_data = list_first_entry_or_null(&mvm->aux_roc_te_list, 1235 struct iwl_mvm_time_event_data, 1236 list); 1237 out: 1238 spin_unlock_bh(&mvm->time_event_lock); 1239 return te_data; 1240 } 1241 1242 void iwl_mvm_cleanup_roc_te(struct iwl_mvm *mvm) 1243 { 1244 struct iwl_mvm_time_event_data *te_data; 1245 u32 uid; 1246 1247 te_data = iwl_mvm_get_roc_te(mvm); 1248 if (te_data) 1249 __iwl_mvm_remove_time_event(mvm, te_data, &uid); 1250 } 1251 1252 void iwl_mvm_stop_roc(struct iwl_mvm *mvm, struct ieee80211_vif *vif) 1253 { 1254 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 1255 struct iwl_mvm_time_event_data *te_data; 1256 bool p2p_aux = iwl_mvm_has_p2p_over_aux(mvm); 1257 u8 roc_ver = iwl_fw_lookup_cmd_ver(mvm->fw, 1258 WIDE_ID(MAC_CONF_GROUP, ROC_CMD), 0); 1259 int iftype = vif->type; 1260 1261 mutex_lock(&mvm->mutex); 1262 1263 if (p2p_aux || (roc_ver >= 3 && iftype != NL80211_IFTYPE_P2P_DEVICE)) { 1264 if (mvmvif->roc_activity < ROC_NUM_ACTIVITIES) { 1265 iwl_mvm_roc_rm_cmd(mvm, mvmvif->roc_activity); 1266 mvmvif->roc_activity = ROC_NUM_ACTIVITIES; 1267 } 1268 goto cleanup_roc; 1269 } else if (fw_has_capa(&mvm->fw->ucode_capa, 1270 IWL_UCODE_TLV_CAPA_SESSION_PROT_CMD)) { 1271 te_data = &mvmvif->time_event_data; 1272 1273 if (iftype == NL80211_IFTYPE_P2P_DEVICE) { 1274 if (te_data->id >= SESSION_PROTECT_CONF_MAX_ID) { 1275 IWL_DEBUG_TE(mvm, 1276 "No remain on channel event\n"); 1277 mutex_unlock(&mvm->mutex); 1278 return; 1279 } 1280 iwl_mvm_cancel_session_protection(mvm, vif, 1281 te_data->id); 1282 } else { 1283 iwl_mvm_remove_aux_roc_te(mvm, mvmvif, 1284 &mvmvif->hs_time_event_data); 1285 } 1286 goto cleanup_roc; 1287 } 1288 1289 te_data = iwl_mvm_get_roc_te(mvm); 1290 if (!te_data) { 1291 IWL_WARN(mvm, "No remain on channel event\n"); 1292 mutex_unlock(&mvm->mutex); 1293 return; 1294 } 1295 1296 mvmvif = iwl_mvm_vif_from_mac80211(te_data->vif); 1297 iftype = te_data->vif->type; 1298 if (iftype == NL80211_IFTYPE_P2P_DEVICE) 1299 iwl_mvm_remove_time_event(mvm, mvmvif, te_data); 1300 else 1301 iwl_mvm_remove_aux_roc_te(mvm, mvmvif, te_data); 1302 1303 cleanup_roc: 1304 /* 1305 * In case we get here before the ROC event started, 1306 * (so the status bit isn't set) set it here so iwl_mvm_cleanup_roc will 1307 * cleanup things properly 1308 */ 1309 if (p2p_aux || iftype != NL80211_IFTYPE_P2P_DEVICE) 1310 set_bit(IWL_MVM_STATUS_ROC_AUX_RUNNING, &mvm->status); 1311 else 1312 set_bit(IWL_MVM_STATUS_ROC_P2P_RUNNING, &mvm->status); 1313 1314 /* Mutex is released inside this function */ 1315 iwl_mvm_cleanup_roc(mvm); 1316 } 1317 1318 void iwl_mvm_remove_csa_period(struct iwl_mvm *mvm, 1319 struct ieee80211_vif *vif) 1320 { 1321 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 1322 struct iwl_mvm_time_event_data *te_data = &mvmvif->time_event_data; 1323 u32 id; 1324 1325 lockdep_assert_held(&mvm->mutex); 1326 1327 spin_lock_bh(&mvm->time_event_lock); 1328 id = te_data->id; 1329 spin_unlock_bh(&mvm->time_event_lock); 1330 1331 if (id != TE_CHANNEL_SWITCH_PERIOD) 1332 return; 1333 1334 iwl_mvm_remove_time_event(mvm, mvmvif, te_data); 1335 } 1336 1337 int iwl_mvm_schedule_csa_period(struct iwl_mvm *mvm, 1338 struct ieee80211_vif *vif, 1339 u32 duration, u32 apply_time) 1340 { 1341 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 1342 struct iwl_mvm_time_event_data *te_data = &mvmvif->time_event_data; 1343 struct iwl_time_event_cmd time_cmd = {}; 1344 1345 lockdep_assert_held(&mvm->mutex); 1346 1347 if (te_data->running) { 1348 u32 id; 1349 1350 spin_lock_bh(&mvm->time_event_lock); 1351 id = te_data->id; 1352 spin_unlock_bh(&mvm->time_event_lock); 1353 1354 if (id == TE_CHANNEL_SWITCH_PERIOD) { 1355 IWL_DEBUG_TE(mvm, "CS period is already scheduled\n"); 1356 return -EBUSY; 1357 } 1358 1359 /* 1360 * Remove the session protection time event to allow the 1361 * channel switch. If we got here, we just heard a beacon so 1362 * the session protection is not needed anymore anyway. 1363 */ 1364 iwl_mvm_remove_time_event(mvm, mvmvif, te_data); 1365 } 1366 1367 time_cmd.action = cpu_to_le32(FW_CTXT_ACTION_ADD); 1368 time_cmd.id_and_color = 1369 cpu_to_le32(FW_CMD_ID_AND_COLOR(mvmvif->id, mvmvif->color)); 1370 time_cmd.id = cpu_to_le32(TE_CHANNEL_SWITCH_PERIOD); 1371 time_cmd.apply_time = cpu_to_le32(apply_time); 1372 time_cmd.max_frags = TE_V2_FRAG_NONE; 1373 time_cmd.duration = cpu_to_le32(duration); 1374 time_cmd.repeat = 1; 1375 time_cmd.interval = cpu_to_le32(1); 1376 time_cmd.policy = cpu_to_le16(TE_V2_NOTIF_HOST_EVENT_START | 1377 TE_V2_ABSENCE); 1378 if (!apply_time) 1379 time_cmd.policy |= cpu_to_le16(TE_V2_START_IMMEDIATELY); 1380 1381 return iwl_mvm_time_event_send_add(mvm, vif, te_data, &time_cmd); 1382 } 1383 1384 static bool iwl_mvm_session_prot_notif(struct iwl_notif_wait_data *notif_wait, 1385 struct iwl_rx_packet *pkt, void *data) 1386 { 1387 struct iwl_mvm *mvm = 1388 container_of(notif_wait, struct iwl_mvm, notif_wait); 1389 struct iwl_session_prot_notif *resp; 1390 int resp_len = iwl_rx_packet_payload_len(pkt); 1391 1392 if (WARN_ON(pkt->hdr.cmd != SESSION_PROTECTION_NOTIF || 1393 pkt->hdr.group_id != MAC_CONF_GROUP)) 1394 return true; 1395 1396 if (WARN_ON_ONCE(resp_len != sizeof(*resp))) { 1397 IWL_ERR(mvm, "Invalid SESSION_PROTECTION_NOTIF response\n"); 1398 return true; 1399 } 1400 1401 resp = (void *)pkt->data; 1402 1403 if (!resp->status) 1404 IWL_ERR(mvm, 1405 "TIME_EVENT_NOTIFICATION received but not executed\n"); 1406 1407 return true; 1408 } 1409 1410 void iwl_mvm_schedule_session_protection(struct iwl_mvm *mvm, 1411 struct ieee80211_vif *vif, 1412 u32 duration, u32 min_duration, 1413 bool wait_for_notif) 1414 { 1415 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 1416 struct iwl_mvm_time_event_data *te_data = &mvmvif->time_event_data; 1417 const u16 notif[] = { WIDE_ID(MAC_CONF_GROUP, SESSION_PROTECTION_NOTIF) }; 1418 struct iwl_notification_wait wait_notif; 1419 int mac_link_id = iwl_mvm_get_session_prot_id(mvm, vif); 1420 struct iwl_session_prot_cmd cmd = { 1421 .id_and_color = cpu_to_le32(mac_link_id), 1422 .action = cpu_to_le32(FW_CTXT_ACTION_ADD), 1423 .conf_id = cpu_to_le32(SESSION_PROTECT_CONF_ASSOC), 1424 .duration_tu = cpu_to_le32(MSEC_TO_TU(duration)), 1425 }; 1426 1427 if (mac_link_id < 0) 1428 return; 1429 1430 lockdep_assert_held(&mvm->mutex); 1431 1432 spin_lock_bh(&mvm->time_event_lock); 1433 if (te_data->running && 1434 time_after(te_data->end_jiffies, TU_TO_EXP_TIME(min_duration))) { 1435 IWL_DEBUG_TE(mvm, "We have enough time in the current TE: %u\n", 1436 jiffies_to_msecs(te_data->end_jiffies - jiffies)); 1437 spin_unlock_bh(&mvm->time_event_lock); 1438 1439 return; 1440 } 1441 1442 iwl_mvm_te_clear_data(mvm, te_data); 1443 /* 1444 * The time_event_data.id field is reused to save session 1445 * protection's configuration. 1446 */ 1447 te_data->id = le32_to_cpu(cmd.conf_id); 1448 te_data->duration = le32_to_cpu(cmd.duration_tu); 1449 te_data->vif = vif; 1450 spin_unlock_bh(&mvm->time_event_lock); 1451 1452 IWL_DEBUG_TE(mvm, "Add new session protection, duration %d TU\n", 1453 le32_to_cpu(cmd.duration_tu)); 1454 1455 if (!wait_for_notif) { 1456 if (iwl_mvm_send_cmd_pdu(mvm, 1457 WIDE_ID(MAC_CONF_GROUP, SESSION_PROTECTION_CMD), 1458 0, sizeof(cmd), &cmd)) { 1459 goto send_cmd_err; 1460 } 1461 1462 return; 1463 } 1464 1465 iwl_init_notification_wait(&mvm->notif_wait, &wait_notif, 1466 notif, ARRAY_SIZE(notif), 1467 iwl_mvm_session_prot_notif, NULL); 1468 1469 if (iwl_mvm_send_cmd_pdu(mvm, 1470 WIDE_ID(MAC_CONF_GROUP, SESSION_PROTECTION_CMD), 1471 0, sizeof(cmd), &cmd)) { 1472 iwl_remove_notification(&mvm->notif_wait, &wait_notif); 1473 goto send_cmd_err; 1474 } else if (iwl_wait_notification(&mvm->notif_wait, &wait_notif, 1475 TU_TO_JIFFIES(100))) { 1476 IWL_ERR(mvm, 1477 "Failed to protect session until session protection\n"); 1478 } 1479 return; 1480 1481 send_cmd_err: 1482 IWL_ERR(mvm, 1483 "Couldn't send the SESSION_PROTECTION_CMD\n"); 1484 spin_lock_bh(&mvm->time_event_lock); 1485 iwl_mvm_te_clear_data(mvm, te_data); 1486 spin_unlock_bh(&mvm->time_event_lock); 1487 } 1488