xref: /freebsd/sys/contrib/dev/iwlwifi/mvm/ftm-responder.c (revision b2d2a78ad80ec68d4a17f5aef97d21686cb1e29b)
1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
2 /*
3  * Copyright (C) 2015-2017 Intel Deutschland GmbH
4  * Copyright (C) 2018-2024 Intel Corporation
5  */
6 #include <net/cfg80211.h>
7 #include <linux/etherdevice.h>
8 #include "mvm.h"
9 #include "constants.h"
10 
11 struct iwl_mvm_pasn_sta {
12 	struct list_head list;
13 	struct iwl_mvm_int_sta int_sta;
14 	u8 addr[ETH_ALEN];
15 
16 	/* must be last as it followed by buffer holding the key */
17 	struct ieee80211_key_conf keyconf;
18 };
19 
20 struct iwl_mvm_pasn_hltk_data {
21 	u8 *addr;
22 	u8 cipher;
23 	u8 *hltk;
24 };
25 
26 static int iwl_mvm_ftm_responder_set_bw_v1(struct cfg80211_chan_def *chandef,
27 					   u8 *bw, u8 *ctrl_ch_position)
28 {
29 	switch (chandef->width) {
30 	case NL80211_CHAN_WIDTH_20_NOHT:
31 		*bw = IWL_TOF_BW_20_LEGACY;
32 		break;
33 	case NL80211_CHAN_WIDTH_20:
34 		*bw = IWL_TOF_BW_20_HT;
35 		break;
36 	case NL80211_CHAN_WIDTH_40:
37 		*bw = IWL_TOF_BW_40;
38 		*ctrl_ch_position = iwl_mvm_get_ctrl_pos(chandef);
39 		break;
40 	case NL80211_CHAN_WIDTH_80:
41 		*bw = IWL_TOF_BW_80;
42 		*ctrl_ch_position = iwl_mvm_get_ctrl_pos(chandef);
43 		break;
44 	default:
45 		return -EOPNOTSUPP;
46 	}
47 
48 	return 0;
49 }
50 
51 static int iwl_mvm_ftm_responder_set_bw_v2(struct cfg80211_chan_def *chandef,
52 					   u8 *format_bw, u8 *ctrl_ch_position,
53 					   u8 cmd_ver)
54 {
55 	switch (chandef->width) {
56 	case NL80211_CHAN_WIDTH_20_NOHT:
57 		*format_bw = IWL_LOCATION_FRAME_FORMAT_LEGACY;
58 		*format_bw |= IWL_LOCATION_BW_20MHZ << LOCATION_BW_POS;
59 		break;
60 	case NL80211_CHAN_WIDTH_20:
61 		*format_bw = IWL_LOCATION_FRAME_FORMAT_HT;
62 		*format_bw |= IWL_LOCATION_BW_20MHZ << LOCATION_BW_POS;
63 		break;
64 	case NL80211_CHAN_WIDTH_40:
65 		*format_bw = IWL_LOCATION_FRAME_FORMAT_HT;
66 		*format_bw |= IWL_LOCATION_BW_40MHZ << LOCATION_BW_POS;
67 		*ctrl_ch_position = iwl_mvm_get_ctrl_pos(chandef);
68 		break;
69 	case NL80211_CHAN_WIDTH_80:
70 		*format_bw = IWL_LOCATION_FRAME_FORMAT_VHT;
71 		*format_bw |= IWL_LOCATION_BW_80MHZ << LOCATION_BW_POS;
72 		*ctrl_ch_position = iwl_mvm_get_ctrl_pos(chandef);
73 		break;
74 	case NL80211_CHAN_WIDTH_160:
75 		if (cmd_ver >= 9) {
76 			*format_bw = IWL_LOCATION_FRAME_FORMAT_HE;
77 			*format_bw |= IWL_LOCATION_BW_160MHZ << LOCATION_BW_POS;
78 			*ctrl_ch_position = iwl_mvm_get_ctrl_pos(chandef);
79 			break;
80 		}
81 		fallthrough;
82 	default:
83 		return -EOPNOTSUPP;
84 	}
85 
86 	return 0;
87 }
88 
89 static void
90 iwl_mvm_ftm_responder_set_ndp(struct iwl_mvm *mvm,
91 			      struct iwl_tof_responder_config_cmd *cmd)
92 {
93 	/* Up to 2 R2I STS are allowed on the responder */
94 	u32 r2i_max_sts = IWL_MVM_FTM_R2I_MAX_STS < 2 ?
95 		IWL_MVM_FTM_R2I_MAX_STS : 1;
96 
97 	cmd->r2i_ndp_params = IWL_MVM_FTM_R2I_MAX_REP |
98 		(r2i_max_sts << IWL_RESPONDER_STS_POS) |
99 		(IWL_MVM_FTM_R2I_MAX_TOTAL_LTF << IWL_RESPONDER_TOTAL_LTF_POS);
100 	cmd->i2r_ndp_params = IWL_MVM_FTM_I2R_MAX_REP |
101 		(IWL_MVM_FTM_I2R_MAX_STS << IWL_RESPONDER_STS_POS) |
102 		(IWL_MVM_FTM_I2R_MAX_TOTAL_LTF << IWL_RESPONDER_TOTAL_LTF_POS);
103 	cmd->cmd_valid_fields |=
104 		cpu_to_le32(IWL_TOF_RESPONDER_CMD_VALID_NDP_PARAMS);
105 }
106 
107 static int
108 iwl_mvm_ftm_responder_cmd(struct iwl_mvm *mvm,
109 			  struct ieee80211_vif *vif,
110 			  struct cfg80211_chan_def *chandef,
111 			  struct ieee80211_bss_conf *link_conf)
112 {
113 	u32 cmd_id = WIDE_ID(LOCATION_GROUP, TOF_RESPONDER_CONFIG_CMD);
114 	struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
115 	/*
116 	 * The command structure is the same for versions 6, 7 and 8 (only the
117 	 * field interpretation is different), so the same struct can be use
118 	 * for all cases.
119 	 */
120 	struct iwl_tof_responder_config_cmd cmd = {
121 		.channel_num = chandef->chan->hw_value,
122 		.cmd_valid_fields =
123 			cpu_to_le32(IWL_TOF_RESPONDER_CMD_VALID_CHAN_INFO |
124 				    IWL_TOF_RESPONDER_CMD_VALID_BSSID |
125 				    IWL_TOF_RESPONDER_CMD_VALID_STA_ID),
126 		.sta_id = mvmvif->link[link_conf->link_id]->bcast_sta.sta_id,
127 	};
128 	u8 cmd_ver = iwl_fw_lookup_cmd_ver(mvm->fw, cmd_id, 6);
129 	int err;
130 	int cmd_size;
131 
132 	lockdep_assert_held(&mvm->mutex);
133 
134 	if (cmd_ver == 10) {
135 		cmd.band =
136 			iwl_mvm_phy_band_from_nl80211(chandef->chan->band);
137 	}
138 
139 	/* Use a default of bss_color=1 for now */
140 	if (cmd_ver >= 9) {
141 		cmd.cmd_valid_fields |=
142 			cpu_to_le32(IWL_TOF_RESPONDER_CMD_VALID_BSS_COLOR |
143 				    IWL_TOF_RESPONDER_CMD_VALID_MIN_MAX_TIME_BETWEEN_MSR);
144 		cmd.bss_color = 1;
145 		cmd.min_time_between_msr =
146 			cpu_to_le16(IWL_MVM_FTM_NON_TB_MIN_TIME_BETWEEN_MSR);
147 		cmd.max_time_between_msr =
148 			cpu_to_le16(IWL_MVM_FTM_NON_TB_MAX_TIME_BETWEEN_MSR);
149 		cmd_size = sizeof(struct iwl_tof_responder_config_cmd_v9);
150 	} else {
151 		/* All versions up to version 8 have the same size */
152 		cmd_size = sizeof(struct iwl_tof_responder_config_cmd_v8);
153 	}
154 
155 	if (cmd_ver >= 8)
156 		iwl_mvm_ftm_responder_set_ndp(mvm, (void *)&cmd);
157 
158 	if (cmd_ver >= 7)
159 		err = iwl_mvm_ftm_responder_set_bw_v2(chandef, &cmd.format_bw,
160 						      &cmd.ctrl_ch_position,
161 						      cmd_ver);
162 	else
163 		err = iwl_mvm_ftm_responder_set_bw_v1(chandef, &cmd.format_bw,
164 						      &cmd.ctrl_ch_position);
165 
166 	if (err) {
167 		IWL_ERR(mvm, "Failed to set responder bandwidth\n");
168 		return err;
169 	}
170 
171 	memcpy(cmd.bssid, vif->addr, ETH_ALEN);
172 
173 	return iwl_mvm_send_cmd_pdu(mvm, cmd_id, 0, cmd_size, &cmd);
174 }
175 
176 static int
177 iwl_mvm_ftm_responder_dyn_cfg_v2(struct iwl_mvm *mvm,
178 				 struct ieee80211_vif *vif,
179 				 struct ieee80211_ftm_responder_params *params)
180 {
181 	struct iwl_tof_responder_dyn_config_cmd_v2 cmd = {
182 		.lci_len = cpu_to_le32(params->lci_len + 2),
183 		.civic_len = cpu_to_le32(params->civicloc_len + 2),
184 	};
185 	u8 data[IWL_LCI_CIVIC_IE_MAX_SIZE] = {0};
186 	struct iwl_host_cmd hcmd = {
187 		.id = WIDE_ID(LOCATION_GROUP, TOF_RESPONDER_DYN_CONFIG_CMD),
188 		.data[0] = &cmd,
189 		.len[0] = sizeof(cmd),
190 		.data[1] = &data,
191 		/* .len[1] set later */
192 		/* may not be able to DMA from stack */
193 		.dataflags[1] = IWL_HCMD_DFL_DUP,
194 	};
195 	u32 aligned_lci_len = ALIGN(params->lci_len + 2, 4);
196 	u32 aligned_civicloc_len = ALIGN(params->civicloc_len + 2, 4);
197 	u8 *pos = data;
198 
199 	lockdep_assert_held(&mvm->mutex);
200 
201 	if (aligned_lci_len + aligned_civicloc_len > sizeof(data)) {
202 		IWL_ERR(mvm, "LCI/civicloc data too big (%zd + %zd)\n",
203 			params->lci_len, params->civicloc_len);
204 		return -ENOBUFS;
205 	}
206 
207 	pos[0] = WLAN_EID_MEASURE_REPORT;
208 	pos[1] = params->lci_len;
209 	memcpy(pos + 2, params->lci, params->lci_len);
210 
211 	pos += aligned_lci_len;
212 	pos[0] = WLAN_EID_MEASURE_REPORT;
213 	pos[1] = params->civicloc_len;
214 	memcpy(pos + 2, params->civicloc, params->civicloc_len);
215 
216 	hcmd.len[1] = aligned_lci_len + aligned_civicloc_len;
217 
218 	return iwl_mvm_send_cmd(mvm, &hcmd);
219 }
220 
221 static int
222 iwl_mvm_ftm_responder_dyn_cfg_v3(struct iwl_mvm *mvm,
223 				 struct ieee80211_vif *vif,
224 				 struct ieee80211_ftm_responder_params *params,
225 				 struct iwl_mvm_pasn_hltk_data *hltk_data)
226 {
227 	struct iwl_tof_responder_dyn_config_cmd cmd;
228 	struct iwl_host_cmd hcmd = {
229 		.id = WIDE_ID(LOCATION_GROUP, TOF_RESPONDER_DYN_CONFIG_CMD),
230 		.data[0] = &cmd,
231 		.len[0] = sizeof(cmd),
232 		/* may not be able to DMA from stack */
233 		.dataflags[0] = IWL_HCMD_DFL_DUP,
234 	};
235 
236 	lockdep_assert_held(&mvm->mutex);
237 
238 	cmd.valid_flags = 0;
239 
240 	if (params) {
241 		if (params->lci_len + 2 > sizeof(cmd.lci_buf) ||
242 		    params->civicloc_len + 2 > sizeof(cmd.civic_buf)) {
243 			IWL_ERR(mvm,
244 				"LCI/civic data too big (lci=%zd, civic=%zd)\n",
245 				params->lci_len, params->civicloc_len);
246 			return -ENOBUFS;
247 		}
248 
249 		cmd.lci_buf[0] = WLAN_EID_MEASURE_REPORT;
250 		cmd.lci_buf[1] = params->lci_len;
251 		memcpy(cmd.lci_buf + 2, params->lci, params->lci_len);
252 		cmd.lci_len = params->lci_len + 2;
253 
254 		cmd.civic_buf[0] = WLAN_EID_MEASURE_REPORT;
255 		cmd.civic_buf[1] = params->civicloc_len;
256 		memcpy(cmd.civic_buf + 2, params->civicloc,
257 		       params->civicloc_len);
258 		cmd.civic_len = params->civicloc_len + 2;
259 
260 		cmd.valid_flags |= IWL_RESPONDER_DYN_CFG_VALID_LCI |
261 			IWL_RESPONDER_DYN_CFG_VALID_CIVIC;
262 	}
263 
264 	if (hltk_data) {
265 		if (hltk_data->cipher > IWL_LOCATION_CIPHER_GCMP_256) {
266 			IWL_ERR(mvm, "invalid cipher: %u\n",
267 				hltk_data->cipher);
268 			return -EINVAL;
269 		}
270 
271 		cmd.cipher = hltk_data->cipher;
272 		memcpy(cmd.addr, hltk_data->addr, sizeof(cmd.addr));
273 		memcpy(cmd.hltk_buf, hltk_data->hltk, sizeof(cmd.hltk_buf));
274 		cmd.valid_flags |= IWL_RESPONDER_DYN_CFG_VALID_PASN_STA;
275 	}
276 
277 	return iwl_mvm_send_cmd(mvm, &hcmd);
278 }
279 
280 static int
281 iwl_mvm_ftm_responder_dyn_cfg_cmd(struct iwl_mvm *mvm,
282 				  struct ieee80211_vif *vif,
283 				  struct ieee80211_ftm_responder_params *params)
284 {
285 	int ret;
286 	u8 cmd_ver = iwl_fw_lookup_cmd_ver(mvm->fw,
287 					   WIDE_ID(LOCATION_GROUP, TOF_RESPONDER_DYN_CONFIG_CMD),
288 					   2);
289 
290 	switch (cmd_ver) {
291 	case 2:
292 		ret = iwl_mvm_ftm_responder_dyn_cfg_v2(mvm, vif,
293 						       params);
294 		break;
295 	case 3:
296 		ret = iwl_mvm_ftm_responder_dyn_cfg_v3(mvm, vif,
297 						       params, NULL);
298 		break;
299 	default:
300 		IWL_ERR(mvm, "Unsupported DYN_CONFIG_CMD version %u\n",
301 			cmd_ver);
302 		ret = -EOPNOTSUPP;
303 	}
304 
305 	return ret;
306 }
307 
308 static void iwl_mvm_resp_del_pasn_sta(struct iwl_mvm *mvm,
309 				      struct ieee80211_vif *vif,
310 				      struct iwl_mvm_pasn_sta *sta)
311 {
312 	list_del(&sta->list);
313 
314 	if (sta->keyconf.keylen)
315 		iwl_mvm_sec_key_del_pasn(mvm, vif, BIT(sta->int_sta.sta_id),
316 					 &sta->keyconf);
317 
318 	if (iwl_mvm_has_mld_api(mvm->fw))
319 		iwl_mvm_mld_rm_sta_id(mvm, sta->int_sta.sta_id);
320 	else
321 		iwl_mvm_rm_sta_id(mvm, vif, sta->int_sta.sta_id);
322 
323 	iwl_mvm_dealloc_int_sta(mvm, &sta->int_sta);
324 	kfree(sta);
325 }
326 
327 #if defined(__linux__)
328 int iwl_mvm_ftm_respoder_add_pasn_sta(struct iwl_mvm *mvm,
329 				      struct ieee80211_vif *vif,
330 				      u8 *addr, u32 cipher, u8 *tk, u32 tk_len,
331 				      u8 *hltk, u32 hltk_len)
332 {
333 	int ret;
334 	struct iwl_mvm_pasn_sta *sta = NULL;
335 	struct iwl_mvm_pasn_hltk_data hltk_data = {
336 		.addr = addr,
337 		.hltk = hltk,
338 	};
339 	struct iwl_mvm_pasn_hltk_data *hltk_data_ptr = NULL;
340 
341 	u8 cmd_ver = iwl_fw_lookup_cmd_ver(mvm->fw,
342 					   WIDE_ID(LOCATION_GROUP, TOF_RESPONDER_DYN_CONFIG_CMD),
343 					   2);
344 
345 	lockdep_assert_held(&mvm->mutex);
346 
347 	if (cmd_ver < 3) {
348 		IWL_ERR(mvm, "Adding PASN station not supported by FW\n");
349 		return -EOPNOTSUPP;
350 	}
351 
352 	if ((!hltk || !hltk_len) && (!tk || !tk_len)) {
353 		IWL_ERR(mvm, "TK and HLTK not set\n");
354 		return -EINVAL;
355 	}
356 
357 	if (hltk && hltk_len) {
358 		if (!fw_has_capa(&mvm->fw->ucode_capa,
359 				 IWL_UCODE_TLV_CAPA_SECURE_LTF_SUPPORT)) {
360 			IWL_ERR(mvm, "No support for secure LTF measurement\n");
361 			return -EINVAL;
362 		}
363 
364 		hltk_data.cipher = iwl_mvm_cipher_to_location_cipher(cipher);
365 		if (hltk_data.cipher == IWL_LOCATION_CIPHER_INVALID) {
366 			IWL_ERR(mvm, "invalid cipher: %u\n", cipher);
367 			return -EINVAL;
368 		}
369 
370 		hltk_data_ptr = &hltk_data;
371 	}
372 
373 	if (tk && tk_len) {
374 		sta = kzalloc(sizeof(*sta) + tk_len, GFP_KERNEL);
375 		if (!sta)
376 			return -ENOBUFS;
377 
378 		ret = iwl_mvm_add_pasn_sta(mvm, vif, &sta->int_sta, addr,
379 					   cipher, tk, tk_len, &sta->keyconf);
380 		if (ret) {
381 			kfree(sta);
382 			return ret;
383 		}
384 
385 		memcpy(sta->addr, addr, ETH_ALEN);
386 		list_add_tail(&sta->list, &mvm->resp_pasn_list);
387 	}
388 
389 	ret = iwl_mvm_ftm_responder_dyn_cfg_v3(mvm, vif, NULL, hltk_data_ptr);
390 	if (ret && sta)
391 		iwl_mvm_resp_del_pasn_sta(mvm, vif, sta);
392 
393 	return ret;
394 }
395 
396 int iwl_mvm_ftm_resp_remove_pasn_sta(struct iwl_mvm *mvm,
397 				     struct ieee80211_vif *vif, u8 *addr)
398 {
399 	struct iwl_mvm_pasn_sta *sta, *prev;
400 
401 	lockdep_assert_held(&mvm->mutex);
402 
403 	list_for_each_entry_safe(sta, prev, &mvm->resp_pasn_list, list) {
404 		if (!memcmp(sta->addr, addr, ETH_ALEN)) {
405 			iwl_mvm_resp_del_pasn_sta(mvm, vif, sta);
406 			return 0;
407 		}
408 	}
409 
410 	IWL_ERR(mvm, "FTM: PASN station %pM not found\n", addr);
411 	return -EINVAL;
412 }
413 #endif
414 
415 int iwl_mvm_ftm_start_responder(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
416 				struct ieee80211_bss_conf *bss_conf)
417 {
418 	struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
419 	struct ieee80211_ftm_responder_params *params;
420 	struct ieee80211_chanctx_conf ctx, *pctx;
421 	u16 *phy_ctxt_id;
422 	struct iwl_mvm_phy_ctxt *phy_ctxt;
423 	int ret;
424 
425 	params = bss_conf->ftmr_params;
426 
427 	lockdep_assert_held(&mvm->mutex);
428 
429 	if (WARN_ON_ONCE(!bss_conf->ftm_responder))
430 		return -EINVAL;
431 
432 	if (vif->p2p || vif->type != NL80211_IFTYPE_AP ||
433 	    !mvmvif->ap_ibss_active) {
434 		IWL_ERR(mvm, "Cannot start responder, not in AP mode\n");
435 		return -EIO;
436 	}
437 
438 	rcu_read_lock();
439 	pctx = rcu_dereference(bss_conf->chanctx_conf);
440 	/* Copy the ctx to unlock the rcu and send the phy ctxt. We don't care
441 	 * about changes in the ctx after releasing the lock because the driver
442 	 * is still protected by the mutex. */
443 	ctx = *pctx;
444 	phy_ctxt_id  = (u16 *)pctx->drv_priv;
445 	rcu_read_unlock();
446 
447 	phy_ctxt = &mvm->phy_ctxts[*phy_ctxt_id];
448 	ret = iwl_mvm_phy_ctxt_changed(mvm, phy_ctxt, &ctx.def, &ctx.ap,
449 				       ctx.rx_chains_static,
450 				       ctx.rx_chains_dynamic);
451 	if (ret)
452 		return ret;
453 
454 	ret = iwl_mvm_ftm_responder_cmd(mvm, vif, &ctx.def, bss_conf);
455 	if (ret)
456 		return ret;
457 
458 	if (params)
459 		ret = iwl_mvm_ftm_responder_dyn_cfg_cmd(mvm, vif, params);
460 
461 	return ret;
462 }
463 
464 void iwl_mvm_ftm_responder_clear(struct iwl_mvm *mvm,
465 				 struct ieee80211_vif *vif)
466 {
467 	struct iwl_mvm_pasn_sta *sta, *prev;
468 
469 	lockdep_assert_held(&mvm->mutex);
470 
471 	list_for_each_entry_safe(sta, prev, &mvm->resp_pasn_list, list)
472 		iwl_mvm_resp_del_pasn_sta(mvm, vif, sta);
473 }
474 
475 void iwl_mvm_ftm_restart_responder(struct iwl_mvm *mvm,
476 				   struct ieee80211_vif *vif,
477 				   struct ieee80211_bss_conf *bss_conf)
478 {
479 	if (!bss_conf->ftm_responder)
480 		return;
481 
482 	iwl_mvm_ftm_responder_clear(mvm, vif);
483 	iwl_mvm_ftm_start_responder(mvm, vif, bss_conf);
484 }
485 
486 void iwl_mvm_ftm_responder_stats(struct iwl_mvm *mvm,
487 				 struct iwl_rx_cmd_buffer *rxb)
488 {
489 	struct iwl_rx_packet *pkt = rxb_addr(rxb);
490 	struct iwl_ftm_responder_stats *resp = (void *)pkt->data;
491 	struct cfg80211_ftm_responder_stats *stats = &mvm->ftm_resp_stats;
492 	u32 flags = le32_to_cpu(resp->flags);
493 
494 	if (resp->success_ftm == resp->ftm_per_burst)
495 		stats->success_num++;
496 	else if (resp->success_ftm >= 2)
497 		stats->partial_num++;
498 	else
499 		stats->failed_num++;
500 
501 	if ((flags & FTM_RESP_STAT_ASAP_REQ) &&
502 	    (flags & FTM_RESP_STAT_ASAP_RESP))
503 		stats->asap_num++;
504 
505 	if (flags & FTM_RESP_STAT_NON_ASAP_RESP)
506 		stats->non_asap_num++;
507 
508 	stats->total_duration_ms += le32_to_cpu(resp->duration) / USEC_PER_MSEC;
509 
510 	if (flags & FTM_RESP_STAT_TRIGGER_UNKNOWN)
511 		stats->unknown_triggers_num++;
512 
513 	if (flags & FTM_RESP_STAT_DUP)
514 		stats->reschedule_requests_num++;
515 
516 	if (flags & FTM_RESP_STAT_NON_ASAP_OUT_WIN)
517 		stats->out_of_window_triggers_num++;
518 }
519