1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause 2 /* 3 * Copyright (C) 2012-2014, 2018-2025 Intel Corporation 4 * Copyright (C) 2013-2015 Intel Mobile Communications GmbH 5 * Copyright (C) 2016-2017 Intel Deutschland GmbH 6 */ 7 #include <linux/etherdevice.h> 8 #include <net/mac80211.h> 9 #include <linux/crc32.h> 10 11 #include "mvm.h" 12 #include "fw/api/scan.h" 13 #include "iwl-io.h" 14 #include "iwl-utils.h" 15 16 #define IWL_DENSE_EBS_SCAN_RATIO 5 17 #define IWL_SPARSE_EBS_SCAN_RATIO 1 18 19 #define IWL_SCAN_DWELL_ACTIVE 10 20 #define IWL_SCAN_DWELL_PASSIVE 110 21 #define IWL_SCAN_DWELL_FRAGMENTED 44 22 #define IWL_SCAN_DWELL_EXTENDED 90 23 #define IWL_SCAN_NUM_OF_FRAGS 3 24 25 /* adaptive dwell max budget time [TU] for full scan */ 26 #define IWL_SCAN_ADWELL_MAX_BUDGET_FULL_SCAN 300 27 /* adaptive dwell max budget time [TU] for directed scan */ 28 #define IWL_SCAN_ADWELL_MAX_BUDGET_DIRECTED_SCAN 100 29 /* adaptive dwell default high band APs number */ 30 #define IWL_SCAN_ADWELL_DEFAULT_HB_N_APS 8 31 /* adaptive dwell default low band APs number */ 32 #define IWL_SCAN_ADWELL_DEFAULT_LB_N_APS 2 33 /* adaptive dwell default APs number in social channels (1, 6, 11) */ 34 #define IWL_SCAN_ADWELL_DEFAULT_N_APS_SOCIAL 10 35 /* number of scan channels */ 36 #define IWL_SCAN_NUM_CHANNELS 112 37 /* adaptive dwell number of APs override mask for p2p friendly GO */ 38 #define IWL_SCAN_ADWELL_N_APS_GO_FRIENDLY_BIT BIT(20) 39 /* adaptive dwell number of APs override mask for social channels */ 40 #define IWL_SCAN_ADWELL_N_APS_SOCIAL_CHS_BIT BIT(21) 41 /* adaptive dwell number of APs override for p2p friendly GO channels */ 42 #define IWL_SCAN_ADWELL_N_APS_GO_FRIENDLY 10 43 /* adaptive dwell number of APs override for social channels */ 44 #define IWL_SCAN_ADWELL_N_APS_SOCIAL_CHS 2 45 46 /* minimal number of 2GHz and 5GHz channels in the regular scan request */ 47 #define IWL_MVM_6GHZ_PASSIVE_SCAN_MIN_CHANS 4 48 49 /* Number of iterations on the channel for mei filtered scan */ 50 #define IWL_MEI_SCAN_NUM_ITER 5U 51 52 #define WFA_TPC_IE_LEN 9 53 54 struct iwl_mvm_scan_timing_params { 55 u32 suspend_time; 56 u32 max_out_time; 57 }; 58 59 static struct iwl_mvm_scan_timing_params scan_timing[] = { 60 [IWL_SCAN_TYPE_UNASSOC] = { 61 .suspend_time = 0, 62 .max_out_time = 0, 63 }, 64 [IWL_SCAN_TYPE_WILD] = { 65 .suspend_time = 30, 66 .max_out_time = 120, 67 }, 68 [IWL_SCAN_TYPE_MILD] = { 69 .suspend_time = 120, 70 .max_out_time = 120, 71 }, 72 [IWL_SCAN_TYPE_FRAGMENTED] = { 73 .suspend_time = 95, 74 .max_out_time = 44, 75 }, 76 [IWL_SCAN_TYPE_FAST_BALANCE] = { 77 .suspend_time = 30, 78 .max_out_time = 37, 79 }, 80 }; 81 82 struct iwl_mvm_scan_params { 83 /* For CDB this is low band scan type, for non-CDB - type. */ 84 enum iwl_mvm_scan_type type; 85 enum iwl_mvm_scan_type hb_type; 86 u32 n_channels; 87 u16 delay; 88 int n_ssids; 89 struct cfg80211_ssid *ssids; 90 struct ieee80211_channel **channels; 91 u32 flags; 92 u8 *mac_addr; 93 u8 *mac_addr_mask; 94 bool no_cck; 95 bool pass_all; 96 int n_match_sets; 97 struct iwl_scan_probe_req preq; 98 struct cfg80211_match_set *match_sets; 99 int n_scan_plans; 100 struct cfg80211_sched_scan_plan *scan_plans; 101 bool iter_notif; 102 struct cfg80211_scan_6ghz_params *scan_6ghz_params; 103 u32 n_6ghz_params; 104 bool scan_6ghz; 105 bool enable_6ghz_passive; 106 bool respect_p2p_go, respect_p2p_go_hb; 107 s8 tsf_report_link_id; 108 u8 bssid[ETH_ALEN] __aligned(2); 109 }; 110 111 static inline void *iwl_mvm_get_scan_req_umac_data(struct iwl_mvm *mvm) 112 { 113 struct iwl_scan_req_umac *cmd = mvm->scan_cmd; 114 115 if (iwl_mvm_is_adaptive_dwell_v2_supported(mvm)) 116 return (void *)&cmd->v8.data; 117 118 if (iwl_mvm_is_adaptive_dwell_supported(mvm)) 119 return (void *)&cmd->v7.data; 120 121 if (iwl_mvm_cdb_scan_api(mvm)) 122 return (void *)&cmd->v6.data; 123 124 return (void *)&cmd->v1.data; 125 } 126 127 static inline struct iwl_scan_umac_chan_param * 128 iwl_mvm_get_scan_req_umac_channel(struct iwl_mvm *mvm) 129 { 130 struct iwl_scan_req_umac *cmd = mvm->scan_cmd; 131 132 if (iwl_mvm_is_adaptive_dwell_v2_supported(mvm)) 133 return &cmd->v8.channel; 134 135 if (iwl_mvm_is_adaptive_dwell_supported(mvm)) 136 return &cmd->v7.channel; 137 138 if (iwl_mvm_cdb_scan_api(mvm)) 139 return &cmd->v6.channel; 140 141 return &cmd->v1.channel; 142 } 143 144 static u8 iwl_mvm_scan_rx_ant(struct iwl_mvm *mvm) 145 { 146 if (mvm->scan_rx_ant != ANT_NONE) 147 return mvm->scan_rx_ant; 148 return iwl_mvm_get_valid_rx_ant(mvm); 149 } 150 151 static inline __le16 iwl_mvm_scan_rx_chain(struct iwl_mvm *mvm) 152 { 153 u16 rx_chain; 154 u8 rx_ant; 155 156 rx_ant = iwl_mvm_scan_rx_ant(mvm); 157 rx_chain = rx_ant << PHY_RX_CHAIN_VALID_POS; 158 rx_chain |= rx_ant << PHY_RX_CHAIN_FORCE_MIMO_SEL_POS; 159 rx_chain |= rx_ant << PHY_RX_CHAIN_FORCE_SEL_POS; 160 rx_chain |= 0x1 << PHY_RX_CHAIN_DRIVER_FORCE_POS; 161 return cpu_to_le16(rx_chain); 162 } 163 164 static inline __le32 165 iwl_mvm_scan_rate_n_flags(struct iwl_mvm *mvm, enum nl80211_band band, 166 bool no_cck) 167 { 168 u32 tx_ant; 169 170 iwl_mvm_toggle_tx_ant(mvm, &mvm->scan_last_antenna_idx); 171 tx_ant = BIT(mvm->scan_last_antenna_idx) << RATE_MCS_ANT_POS; 172 173 if (band == NL80211_BAND_2GHZ && !no_cck) 174 return cpu_to_le32(IWL_RATE_1M_PLCP | RATE_MCS_CCK_MSK_V1 | 175 tx_ant); 176 else 177 return cpu_to_le32(IWL_RATE_6M_PLCP | tx_ant); 178 } 179 180 static enum iwl_mvm_traffic_load iwl_mvm_get_traffic_load(struct iwl_mvm *mvm) 181 { 182 return mvm->tcm.result.global_load; 183 } 184 185 static enum iwl_mvm_traffic_load 186 iwl_mvm_get_traffic_load_band(struct iwl_mvm *mvm, enum nl80211_band band) 187 { 188 return mvm->tcm.result.band_load[band]; 189 } 190 191 struct iwl_mvm_scan_iter_data { 192 u32 global_cnt; 193 struct ieee80211_vif *current_vif; 194 bool is_dcm_with_p2p_go; 195 }; 196 197 static void iwl_mvm_scan_iterator(void *_data, u8 *mac, 198 struct ieee80211_vif *vif) 199 { 200 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 201 struct iwl_mvm_scan_iter_data *data = _data; 202 struct iwl_mvm_vif *curr_mvmvif; 203 204 if (vif->type != NL80211_IFTYPE_P2P_DEVICE && 205 mvmvif->deflink.phy_ctxt && 206 mvmvif->deflink.phy_ctxt->id < NUM_PHY_CTX) 207 data->global_cnt += 1; 208 209 if (!data->current_vif || vif == data->current_vif) 210 return; 211 212 curr_mvmvif = iwl_mvm_vif_from_mac80211(data->current_vif); 213 214 if (ieee80211_vif_type_p2p(vif) == NL80211_IFTYPE_P2P_GO && 215 mvmvif->deflink.phy_ctxt && curr_mvmvif->deflink.phy_ctxt && 216 mvmvif->deflink.phy_ctxt->id != curr_mvmvif->deflink.phy_ctxt->id) 217 data->is_dcm_with_p2p_go = true; 218 } 219 220 static enum 221 iwl_mvm_scan_type _iwl_mvm_get_scan_type(struct iwl_mvm *mvm, 222 struct ieee80211_vif *vif, 223 enum iwl_mvm_traffic_load load, 224 bool low_latency) 225 { 226 struct iwl_mvm_scan_iter_data data = { 227 .current_vif = vif, 228 .is_dcm_with_p2p_go = false, 229 .global_cnt = 0, 230 }; 231 232 /* 233 * A scanning AP interface probably wants to generate a survey to do 234 * ACS (automatic channel selection). 235 * Force a non-fragmented scan in that case. 236 */ 237 if (vif && ieee80211_vif_type_p2p(vif) == NL80211_IFTYPE_AP) 238 return IWL_SCAN_TYPE_WILD; 239 240 ieee80211_iterate_active_interfaces_atomic(mvm->hw, 241 IEEE80211_IFACE_ITER_NORMAL, 242 iwl_mvm_scan_iterator, 243 &data); 244 245 if (!data.global_cnt) 246 return IWL_SCAN_TYPE_UNASSOC; 247 248 if (fw_has_api(&mvm->fw->ucode_capa, 249 IWL_UCODE_TLV_API_FRAGMENTED_SCAN)) { 250 if ((load == IWL_MVM_TRAFFIC_HIGH || low_latency) && 251 (!vif || vif->type != NL80211_IFTYPE_P2P_DEVICE)) 252 return IWL_SCAN_TYPE_FRAGMENTED; 253 254 /* 255 * in case of DCM with P2P GO set all scan requests as 256 * fast-balance scan 257 */ 258 if (vif && vif->type == NL80211_IFTYPE_STATION && 259 data.is_dcm_with_p2p_go) 260 return IWL_SCAN_TYPE_FAST_BALANCE; 261 } 262 263 if (load >= IWL_MVM_TRAFFIC_MEDIUM || low_latency) 264 return IWL_SCAN_TYPE_MILD; 265 266 return IWL_SCAN_TYPE_WILD; 267 } 268 269 static enum 270 iwl_mvm_scan_type iwl_mvm_get_scan_type(struct iwl_mvm *mvm, 271 struct ieee80211_vif *vif) 272 { 273 enum iwl_mvm_traffic_load load; 274 bool low_latency; 275 276 load = iwl_mvm_get_traffic_load(mvm); 277 low_latency = iwl_mvm_low_latency(mvm); 278 279 return _iwl_mvm_get_scan_type(mvm, vif, load, low_latency); 280 } 281 282 static enum 283 iwl_mvm_scan_type iwl_mvm_get_scan_type_band(struct iwl_mvm *mvm, 284 struct ieee80211_vif *vif, 285 enum nl80211_band band) 286 { 287 enum iwl_mvm_traffic_load load; 288 bool low_latency; 289 290 load = iwl_mvm_get_traffic_load_band(mvm, band); 291 low_latency = iwl_mvm_low_latency_band(mvm, band); 292 293 return _iwl_mvm_get_scan_type(mvm, vif, load, low_latency); 294 } 295 296 static inline bool iwl_mvm_rrm_scan_needed(struct iwl_mvm *mvm) 297 { 298 /* require rrm scan whenever the fw supports it */ 299 return fw_has_capa(&mvm->fw->ucode_capa, 300 IWL_UCODE_TLV_CAPA_DS_PARAM_SET_IE_SUPPORT); 301 } 302 303 static int iwl_mvm_max_scan_ie_fw_cmd_room(struct iwl_mvm *mvm) 304 { 305 int max_probe_len; 306 307 max_probe_len = SCAN_OFFLOAD_PROBE_REQ_SIZE; 308 309 /* we create the 802.11 header SSID element and WFA TPC element */ 310 max_probe_len -= 24 + 2 + WFA_TPC_IE_LEN; 311 312 /* DS parameter set element is added on 2.4GHZ band if required */ 313 if (iwl_mvm_rrm_scan_needed(mvm)) 314 max_probe_len -= 3; 315 316 return max_probe_len; 317 } 318 319 int iwl_mvm_max_scan_ie_len(struct iwl_mvm *mvm) 320 { 321 int max_ie_len = iwl_mvm_max_scan_ie_fw_cmd_room(mvm); 322 323 /* TODO: [BUG] This function should return the maximum allowed size of 324 * scan IEs, however the LMAC scan api contains both 2GHZ and 5GHZ IEs 325 * in the same command. So the correct implementation of this function 326 * is just iwl_mvm_max_scan_ie_fw_cmd_room() / 2. Currently the scan 327 * command has only 512 bytes and it would leave us with about 240 328 * bytes for scan IEs, which is clearly not enough. So meanwhile 329 * we will report an incorrect value. This may result in a failure to 330 * issue a scan in unified_scan_lmac and unified_sched_scan_lmac 331 * functions with -ENOBUFS, if a large enough probe will be provided. 332 */ 333 return max_ie_len; 334 } 335 336 void iwl_mvm_rx_lmac_scan_iter_complete_notif(struct iwl_mvm *mvm, 337 struct iwl_rx_cmd_buffer *rxb) 338 { 339 struct iwl_rx_packet *pkt = rxb_addr(rxb); 340 struct iwl_lmac_scan_complete_notif *notif = (void *)pkt->data; 341 342 IWL_DEBUG_SCAN(mvm, 343 "Scan offload iteration complete: status=0x%x scanned channels=%d\n", 344 notif->status, notif->scanned_channels); 345 346 if (mvm->sched_scan_pass_all == SCHED_SCAN_PASS_ALL_FOUND) { 347 IWL_DEBUG_SCAN(mvm, "Pass all scheduled scan results found\n"); 348 ieee80211_sched_scan_results(mvm->hw); 349 mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_ENABLED; 350 } 351 } 352 353 void iwl_mvm_rx_scan_match_found(struct iwl_mvm *mvm, 354 struct iwl_rx_cmd_buffer *rxb) 355 { 356 IWL_DEBUG_SCAN(mvm, "Scheduled scan results\n"); 357 ieee80211_sched_scan_results(mvm->hw); 358 } 359 360 static const char *iwl_mvm_ebs_status_str(enum iwl_scan_ebs_status status) 361 { 362 switch (status) { 363 case IWL_SCAN_EBS_SUCCESS: 364 return "successful"; 365 case IWL_SCAN_EBS_INACTIVE: 366 return "inactive"; 367 case IWL_SCAN_EBS_FAILED: 368 case IWL_SCAN_EBS_CHAN_NOT_FOUND: 369 default: 370 return "failed"; 371 } 372 } 373 374 void iwl_mvm_rx_lmac_scan_complete_notif(struct iwl_mvm *mvm, 375 struct iwl_rx_cmd_buffer *rxb) 376 { 377 struct iwl_rx_packet *pkt = rxb_addr(rxb); 378 struct iwl_periodic_scan_complete *scan_notif = (void *)pkt->data; 379 bool aborted = (scan_notif->status == IWL_SCAN_OFFLOAD_ABORTED); 380 381 /* If this happens, the firmware has mistakenly sent an LMAC 382 * notification during UMAC scans -- warn and ignore it. 383 */ 384 if (WARN_ON_ONCE(fw_has_capa(&mvm->fw->ucode_capa, 385 IWL_UCODE_TLV_CAPA_UMAC_SCAN))) 386 return; 387 388 /* scan status must be locked for proper checking */ 389 lockdep_assert_held(&mvm->mutex); 390 391 /* We first check if we were stopping a scan, in which case we 392 * just clear the stopping flag. Then we check if it was a 393 * firmware initiated stop, in which case we need to inform 394 * mac80211. 395 * Note that we can have a stopping and a running scan 396 * simultaneously, but we can't have two different types of 397 * scans stopping or running at the same time (since LMAC 398 * doesn't support it). 399 */ 400 401 if (mvm->scan_status & IWL_MVM_SCAN_STOPPING_SCHED) { 402 WARN_ON_ONCE(mvm->scan_status & IWL_MVM_SCAN_STOPPING_REGULAR); 403 404 IWL_DEBUG_SCAN(mvm, "Scheduled scan %s, EBS status %s\n", 405 aborted ? "aborted" : "completed", 406 iwl_mvm_ebs_status_str(scan_notif->ebs_status)); 407 IWL_DEBUG_SCAN(mvm, 408 "Last line %d, Last iteration %d, Time after last iteration %d\n", 409 scan_notif->last_schedule_line, 410 scan_notif->last_schedule_iteration, 411 __le32_to_cpu(scan_notif->time_after_last_iter)); 412 413 mvm->scan_status &= ~IWL_MVM_SCAN_STOPPING_SCHED; 414 } else if (mvm->scan_status & IWL_MVM_SCAN_STOPPING_REGULAR) { 415 IWL_DEBUG_SCAN(mvm, "Regular scan %s, EBS status %s\n", 416 aborted ? "aborted" : "completed", 417 iwl_mvm_ebs_status_str(scan_notif->ebs_status)); 418 419 mvm->scan_status &= ~IWL_MVM_SCAN_STOPPING_REGULAR; 420 } else if (mvm->scan_status & IWL_MVM_SCAN_SCHED) { 421 WARN_ON_ONCE(mvm->scan_status & IWL_MVM_SCAN_REGULAR); 422 423 IWL_DEBUG_SCAN(mvm, "Scheduled scan %s, EBS status %s\n", 424 aborted ? "aborted" : "completed", 425 iwl_mvm_ebs_status_str(scan_notif->ebs_status)); 426 IWL_DEBUG_SCAN(mvm, 427 "Last line %d, Last iteration %d, Time after last iteration %d (FW)\n", 428 scan_notif->last_schedule_line, 429 scan_notif->last_schedule_iteration, 430 __le32_to_cpu(scan_notif->time_after_last_iter)); 431 432 mvm->scan_status &= ~IWL_MVM_SCAN_SCHED; 433 ieee80211_sched_scan_stopped(mvm->hw); 434 mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED; 435 } else if (mvm->scan_status & IWL_MVM_SCAN_REGULAR) { 436 struct cfg80211_scan_info info = { 437 .aborted = aborted, 438 }; 439 440 IWL_DEBUG_SCAN(mvm, "Regular scan %s, EBS status %s (FW)\n", 441 aborted ? "aborted" : "completed", 442 iwl_mvm_ebs_status_str(scan_notif->ebs_status)); 443 444 mvm->scan_status &= ~IWL_MVM_SCAN_REGULAR; 445 ieee80211_scan_completed(mvm->hw, &info); 446 cancel_delayed_work(&mvm->scan_timeout_dwork); 447 iwl_mvm_resume_tcm(mvm); 448 } else { 449 IWL_ERR(mvm, 450 "got scan complete notification but no scan is running\n"); 451 } 452 453 mvm->last_ebs_successful = 454 scan_notif->ebs_status == IWL_SCAN_EBS_SUCCESS || 455 scan_notif->ebs_status == IWL_SCAN_EBS_INACTIVE; 456 } 457 458 static int iwl_ssid_exist(u8 *ssid, u8 ssid_len, struct iwl_ssid_ie *ssid_list) 459 { 460 int i; 461 462 for (i = 0; i < PROBE_OPTION_MAX; i++) { 463 if (!ssid_list[i].len) 464 break; 465 if (ssid_list[i].len == ssid_len && 466 !memcmp(ssid_list[i].ssid, ssid, ssid_len)) 467 return i; 468 } 469 return -1; 470 } 471 472 /* We insert the SSIDs in an inverted order, because the FW will 473 * invert it back. 474 */ 475 static void iwl_scan_build_ssids(struct iwl_mvm_scan_params *params, 476 struct iwl_ssid_ie *ssids, 477 u32 *ssid_bitmap) 478 { 479 int i, j; 480 int index; 481 u32 tmp_bitmap = 0; 482 483 /* 484 * copy SSIDs from match list. 485 * iwl_config_sched_scan_profiles() uses the order of these ssids to 486 * config match list. 487 */ 488 for (i = 0, j = params->n_match_sets - 1; 489 j >= 0 && i < PROBE_OPTION_MAX; 490 i++, j--) { 491 /* skip empty SSID matchsets */ 492 if (!params->match_sets[j].ssid.ssid_len) 493 continue; 494 ssids[i].id = WLAN_EID_SSID; 495 ssids[i].len = params->match_sets[j].ssid.ssid_len; 496 memcpy(ssids[i].ssid, params->match_sets[j].ssid.ssid, 497 ssids[i].len); 498 } 499 500 /* add SSIDs from scan SSID list */ 501 for (j = params->n_ssids - 1; 502 j >= 0 && i < PROBE_OPTION_MAX; 503 i++, j--) { 504 index = iwl_ssid_exist(params->ssids[j].ssid, 505 params->ssids[j].ssid_len, 506 ssids); 507 if (index < 0) { 508 ssids[i].id = WLAN_EID_SSID; 509 ssids[i].len = params->ssids[j].ssid_len; 510 memcpy(ssids[i].ssid, params->ssids[j].ssid, 511 ssids[i].len); 512 tmp_bitmap |= BIT(i); 513 } else { 514 tmp_bitmap |= BIT(index); 515 } 516 } 517 if (ssid_bitmap) 518 *ssid_bitmap = tmp_bitmap; 519 } 520 521 static int 522 iwl_mvm_config_sched_scan_profiles(struct iwl_mvm *mvm, 523 struct cfg80211_sched_scan_request *req) 524 { 525 struct iwl_scan_offload_profile *profile; 526 struct iwl_scan_offload_profile_cfg_v1 *profile_cfg_v1; 527 struct iwl_scan_offload_blocklist *blocklist; 528 struct iwl_scan_offload_profile_cfg_data *data; 529 int max_profiles = iwl_umac_scan_get_max_profiles(mvm->fw); 530 int profile_cfg_size = sizeof(*data) + 531 sizeof(*profile) * max_profiles; 532 struct iwl_host_cmd cmd = { 533 .id = SCAN_OFFLOAD_UPDATE_PROFILES_CMD, 534 .len[1] = profile_cfg_size, 535 .dataflags[0] = IWL_HCMD_DFL_NOCOPY, 536 .dataflags[1] = IWL_HCMD_DFL_NOCOPY, 537 }; 538 int blocklist_len; 539 int i; 540 int ret; 541 542 if (WARN_ON(req->n_match_sets > max_profiles)) 543 return -EIO; 544 545 if (mvm->fw->ucode_capa.flags & IWL_UCODE_TLV_FLAGS_SHORT_BL) 546 blocklist_len = IWL_SCAN_SHORT_BLACKLIST_LEN; 547 else 548 blocklist_len = IWL_SCAN_MAX_BLACKLIST_LEN; 549 550 blocklist = kcalloc(blocklist_len, sizeof(*blocklist), GFP_KERNEL); 551 if (!blocklist) 552 return -ENOMEM; 553 554 profile_cfg_v1 = kzalloc(profile_cfg_size, GFP_KERNEL); 555 if (!profile_cfg_v1) { 556 ret = -ENOMEM; 557 goto free_blocklist; 558 } 559 560 cmd.data[0] = blocklist; 561 cmd.len[0] = sizeof(*blocklist) * blocklist_len; 562 cmd.data[1] = profile_cfg_v1; 563 564 /* if max_profile is MAX_PROFILES_V2, we have the new API */ 565 if (max_profiles == IWL_SCAN_MAX_PROFILES_V2) { 566 struct iwl_scan_offload_profile_cfg *profile_cfg = 567 (struct iwl_scan_offload_profile_cfg *)profile_cfg_v1; 568 569 data = &profile_cfg->data; 570 } else { 571 data = &profile_cfg_v1->data; 572 } 573 574 /* No blocklist configuration */ 575 data->num_profiles = req->n_match_sets; 576 data->active_clients = SCAN_CLIENT_SCHED_SCAN; 577 data->pass_match = SCAN_CLIENT_SCHED_SCAN; 578 data->match_notify = SCAN_CLIENT_SCHED_SCAN; 579 580 if (!req->n_match_sets || !req->match_sets[0].ssid.ssid_len) 581 data->any_beacon_notify = SCAN_CLIENT_SCHED_SCAN; 582 583 for (i = 0; i < req->n_match_sets; i++) { 584 profile = &profile_cfg_v1->profiles[i]; 585 profile->ssid_index = i; 586 /* Support any cipher and auth algorithm */ 587 profile->unicast_cipher = 0xff; 588 profile->auth_alg = IWL_AUTH_ALGO_UNSUPPORTED | 589 IWL_AUTH_ALGO_NONE | IWL_AUTH_ALGO_PSK | IWL_AUTH_ALGO_8021X | 590 IWL_AUTH_ALGO_SAE | IWL_AUTH_ALGO_8021X_SHA384 | IWL_AUTH_ALGO_OWE; 591 profile->network_type = IWL_NETWORK_TYPE_ANY; 592 profile->band_selection = IWL_SCAN_OFFLOAD_SELECT_ANY; 593 profile->client_bitmap = SCAN_CLIENT_SCHED_SCAN; 594 } 595 596 IWL_DEBUG_SCAN(mvm, "Sending scheduled scan profile config\n"); 597 598 ret = iwl_mvm_send_cmd(mvm, &cmd); 599 kfree(profile_cfg_v1); 600 free_blocklist: 601 kfree(blocklist); 602 603 return ret; 604 } 605 606 static bool iwl_mvm_scan_pass_all(struct iwl_mvm *mvm, 607 struct cfg80211_sched_scan_request *req) 608 { 609 if (req->n_match_sets && req->match_sets[0].ssid.ssid_len) { 610 IWL_DEBUG_SCAN(mvm, 611 "Sending scheduled scan with filtering, n_match_sets %d\n", 612 req->n_match_sets); 613 mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED; 614 return false; 615 } 616 617 IWL_DEBUG_SCAN(mvm, "Sending Scheduled scan without filtering\n"); 618 619 mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_ENABLED; 620 return true; 621 } 622 623 static int iwl_mvm_lmac_scan_abort(struct iwl_mvm *mvm) 624 { 625 int ret; 626 struct iwl_host_cmd cmd = { 627 .id = SCAN_OFFLOAD_ABORT_CMD, 628 }; 629 u32 status = CAN_ABORT_STATUS; 630 631 ret = iwl_mvm_send_cmd_status(mvm, &cmd, &status); 632 if (ret) 633 return ret; 634 635 if (status != CAN_ABORT_STATUS) { 636 /* 637 * The scan abort will return 1 for success or 638 * 2 for "failure". A failure condition can be 639 * due to simply not being in an active scan which 640 * can occur if we send the scan abort before the 641 * microcode has notified us that a scan is completed. 642 */ 643 IWL_DEBUG_SCAN(mvm, "SCAN OFFLOAD ABORT ret %d.\n", status); 644 ret = -ENOENT; 645 } 646 647 return ret; 648 } 649 650 static void iwl_mvm_scan_fill_tx_cmd(struct iwl_mvm *mvm, 651 struct iwl_scan_req_tx_cmd *tx_cmd, 652 bool no_cck) 653 { 654 tx_cmd[0].tx_flags = cpu_to_le32(TX_CMD_FLG_SEQ_CTL | 655 TX_CMD_FLG_BT_DIS); 656 tx_cmd[0].rate_n_flags = iwl_mvm_scan_rate_n_flags(mvm, 657 NL80211_BAND_2GHZ, 658 no_cck); 659 660 if (!iwl_mvm_has_new_station_api(mvm->fw)) { 661 tx_cmd[0].sta_id = mvm->aux_sta.sta_id; 662 tx_cmd[1].sta_id = mvm->aux_sta.sta_id; 663 664 /* 665 * Fw doesn't use this sta anymore, pending deprecation via HOST API 666 * change 667 */ 668 } else { 669 tx_cmd[0].sta_id = 0xff; 670 tx_cmd[1].sta_id = 0xff; 671 } 672 673 tx_cmd[1].tx_flags = cpu_to_le32(TX_CMD_FLG_SEQ_CTL | 674 TX_CMD_FLG_BT_DIS); 675 676 tx_cmd[1].rate_n_flags = iwl_mvm_scan_rate_n_flags(mvm, 677 NL80211_BAND_5GHZ, 678 no_cck); 679 } 680 681 static void 682 iwl_mvm_lmac_scan_cfg_channels(struct iwl_mvm *mvm, 683 struct ieee80211_channel **channels, 684 int n_channels, u32 ssid_bitmap, 685 struct iwl_scan_req_lmac *cmd) 686 { 687 struct iwl_scan_channel_cfg_lmac *channel_cfg = (void *)&cmd->data; 688 int i; 689 690 for (i = 0; i < n_channels; i++) { 691 channel_cfg[i].channel_num = 692 cpu_to_le16(channels[i]->hw_value); 693 channel_cfg[i].iter_count = cpu_to_le16(1); 694 channel_cfg[i].iter_interval = 0; 695 channel_cfg[i].flags = 696 cpu_to_le32(IWL_UNIFIED_SCAN_CHANNEL_PARTIAL | 697 ssid_bitmap); 698 } 699 } 700 701 static u8 *iwl_mvm_copy_and_insert_ds_elem(struct iwl_mvm *mvm, const u8 *ies, 702 size_t len, u8 *const pos) 703 { 704 static const u8 before_ds_params[] = { 705 WLAN_EID_SSID, 706 WLAN_EID_SUPP_RATES, 707 WLAN_EID_REQUEST, 708 WLAN_EID_EXT_SUPP_RATES, 709 }; 710 size_t offs; 711 u8 *newpos = pos; 712 713 if (!iwl_mvm_rrm_scan_needed(mvm)) { 714 memcpy(newpos, ies, len); 715 return newpos + len; 716 } 717 718 offs = ieee80211_ie_split(ies, len, 719 before_ds_params, 720 ARRAY_SIZE(before_ds_params), 721 0); 722 723 memcpy(newpos, ies, offs); 724 newpos += offs; 725 726 /* Add a placeholder for DS Parameter Set element */ 727 *newpos++ = WLAN_EID_DS_PARAMS; 728 *newpos++ = 1; 729 *newpos++ = 0; 730 731 memcpy(newpos, ies + offs, len - offs); 732 newpos += len - offs; 733 734 return newpos; 735 } 736 737 static void iwl_mvm_add_tpc_report_ie(u8 *pos) 738 { 739 pos[0] = WLAN_EID_VENDOR_SPECIFIC; 740 pos[1] = WFA_TPC_IE_LEN - 2; 741 pos[2] = (WLAN_OUI_MICROSOFT >> 16) & 0xff; 742 pos[3] = (WLAN_OUI_MICROSOFT >> 8) & 0xff; 743 pos[4] = WLAN_OUI_MICROSOFT & 0xff; 744 pos[5] = WLAN_OUI_TYPE_MICROSOFT_TPC; 745 pos[6] = 0; 746 /* pos[7] - tx power will be inserted by the FW */ 747 pos[7] = 0; 748 pos[8] = 0; 749 } 750 751 static void 752 iwl_mvm_build_scan_probe(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 753 struct ieee80211_scan_ies *ies, 754 struct iwl_mvm_scan_params *params) 755 { 756 struct ieee80211_mgmt *frame = (void *)params->preq.buf; 757 u8 *pos, *newpos; 758 const u8 *mac_addr = params->flags & NL80211_SCAN_FLAG_RANDOM_ADDR ? 759 params->mac_addr : NULL; 760 761 /* 762 * Unfortunately, right now the offload scan doesn't support randomising 763 * within the firmware, so until the firmware API is ready we implement 764 * it in the driver. This means that the scan iterations won't really be 765 * random, only when it's restarted, but at least that helps a bit. 766 */ 767 if (mac_addr) 768 get_random_mask_addr(frame->sa, mac_addr, 769 params->mac_addr_mask); 770 else 771 memcpy(frame->sa, vif->addr, ETH_ALEN); 772 773 frame->frame_control = cpu_to_le16(IEEE80211_STYPE_PROBE_REQ); 774 eth_broadcast_addr(frame->da); 775 ether_addr_copy(frame->bssid, params->bssid); 776 frame->seq_ctrl = 0; 777 778 pos = frame->u.probe_req.variable; 779 *pos++ = WLAN_EID_SSID; 780 *pos++ = 0; 781 782 params->preq.mac_header.offset = 0; 783 params->preq.mac_header.len = cpu_to_le16(24 + 2); 784 785 /* Insert ds parameter set element on 2.4 GHz band */ 786 newpos = iwl_mvm_copy_and_insert_ds_elem(mvm, 787 ies->ies[NL80211_BAND_2GHZ], 788 ies->len[NL80211_BAND_2GHZ], 789 pos); 790 params->preq.band_data[0].offset = cpu_to_le16(pos - params->preq.buf); 791 params->preq.band_data[0].len = cpu_to_le16(newpos - pos); 792 pos = newpos; 793 794 memcpy(pos, ies->ies[NL80211_BAND_5GHZ], 795 ies->len[NL80211_BAND_5GHZ]); 796 params->preq.band_data[1].offset = cpu_to_le16(pos - params->preq.buf); 797 params->preq.band_data[1].len = 798 cpu_to_le16(ies->len[NL80211_BAND_5GHZ]); 799 pos += ies->len[NL80211_BAND_5GHZ]; 800 801 memcpy(pos, ies->ies[NL80211_BAND_6GHZ], 802 ies->len[NL80211_BAND_6GHZ]); 803 params->preq.band_data[2].offset = cpu_to_le16(pos - params->preq.buf); 804 params->preq.band_data[2].len = 805 cpu_to_le16(ies->len[NL80211_BAND_6GHZ]); 806 pos += ies->len[NL80211_BAND_6GHZ]; 807 memcpy(pos, ies->common_ies, ies->common_ie_len); 808 params->preq.common_data.offset = cpu_to_le16(pos - params->preq.buf); 809 810 if (iwl_mvm_rrm_scan_needed(mvm) && 811 !fw_has_capa(&mvm->fw->ucode_capa, 812 IWL_UCODE_TLV_CAPA_WFA_TPC_REP_IE_SUPPORT)) { 813 iwl_mvm_add_tpc_report_ie(pos + ies->common_ie_len); 814 params->preq.common_data.len = cpu_to_le16(ies->common_ie_len + 815 WFA_TPC_IE_LEN); 816 } else { 817 params->preq.common_data.len = cpu_to_le16(ies->common_ie_len); 818 } 819 } 820 821 static void iwl_mvm_scan_lmac_dwell(struct iwl_mvm *mvm, 822 struct iwl_scan_req_lmac *cmd, 823 struct iwl_mvm_scan_params *params) 824 { 825 cmd->active_dwell = IWL_SCAN_DWELL_ACTIVE; 826 cmd->passive_dwell = IWL_SCAN_DWELL_PASSIVE; 827 cmd->fragmented_dwell = IWL_SCAN_DWELL_FRAGMENTED; 828 cmd->extended_dwell = IWL_SCAN_DWELL_EXTENDED; 829 cmd->max_out_time = cpu_to_le32(scan_timing[params->type].max_out_time); 830 cmd->suspend_time = cpu_to_le32(scan_timing[params->type].suspend_time); 831 cmd->scan_prio = cpu_to_le32(IWL_SCAN_PRIORITY_EXT_6); 832 } 833 834 static inline bool iwl_mvm_scan_fits(struct iwl_mvm *mvm, int n_ssids, 835 struct ieee80211_scan_ies *ies, 836 int n_channels) 837 { 838 return ((n_ssids <= PROBE_OPTION_MAX) && 839 (n_channels <= mvm->fw->ucode_capa.n_scan_channels) && 840 (ies->common_ie_len + 841 ies->len[NL80211_BAND_2GHZ] + ies->len[NL80211_BAND_5GHZ] + 842 ies->len[NL80211_BAND_6GHZ] <= 843 iwl_mvm_max_scan_ie_fw_cmd_room(mvm))); 844 } 845 846 static inline bool iwl_mvm_scan_use_ebs(struct iwl_mvm *mvm, 847 struct ieee80211_vif *vif) 848 { 849 const struct iwl_ucode_capabilities *capa = &mvm->fw->ucode_capa; 850 bool low_latency; 851 852 if (iwl_mvm_is_cdb_supported(mvm)) 853 low_latency = iwl_mvm_low_latency_band(mvm, NL80211_BAND_5GHZ); 854 else 855 low_latency = iwl_mvm_low_latency(mvm); 856 857 /* We can only use EBS if: 858 * 1. the feature is supported; 859 * 2. the last EBS was successful; 860 * 3. if only single scan, the single scan EBS API is supported; 861 * 4. it's not a p2p find operation. 862 * 5. we are not in low latency mode, 863 * or if fragmented ebs is supported by the FW 864 * 6. the VIF is not an AP interface (scan wants survey results) 865 */ 866 return ((capa->flags & IWL_UCODE_TLV_FLAGS_EBS_SUPPORT) && 867 mvm->last_ebs_successful && IWL_MVM_ENABLE_EBS && 868 vif->type != NL80211_IFTYPE_P2P_DEVICE && 869 (!low_latency || iwl_mvm_is_frag_ebs_supported(mvm)) && 870 ieee80211_vif_type_p2p(vif) != NL80211_IFTYPE_AP); 871 } 872 873 static inline bool iwl_mvm_is_regular_scan(struct iwl_mvm_scan_params *params) 874 { 875 return params->n_scan_plans == 1 && 876 params->scan_plans[0].iterations == 1; 877 } 878 879 static bool iwl_mvm_is_scan_fragmented(enum iwl_mvm_scan_type type) 880 { 881 return (type == IWL_SCAN_TYPE_FRAGMENTED || 882 type == IWL_SCAN_TYPE_FAST_BALANCE); 883 } 884 885 static int iwl_mvm_scan_lmac_flags(struct iwl_mvm *mvm, 886 struct iwl_mvm_scan_params *params, 887 struct ieee80211_vif *vif) 888 { 889 int flags = 0; 890 891 if (params->n_ssids == 0) 892 flags |= IWL_MVM_LMAC_SCAN_FLAG_PASSIVE; 893 894 if (params->n_ssids == 1 && params->ssids[0].ssid_len != 0) 895 flags |= IWL_MVM_LMAC_SCAN_FLAG_PRE_CONNECTION; 896 897 if (iwl_mvm_is_scan_fragmented(params->type)) 898 flags |= IWL_MVM_LMAC_SCAN_FLAG_FRAGMENTED; 899 900 if (iwl_mvm_rrm_scan_needed(mvm) && 901 fw_has_capa(&mvm->fw->ucode_capa, 902 IWL_UCODE_TLV_CAPA_WFA_TPC_REP_IE_SUPPORT)) 903 flags |= IWL_MVM_LMAC_SCAN_FLAGS_RRM_ENABLED; 904 905 if (params->pass_all) 906 flags |= IWL_MVM_LMAC_SCAN_FLAG_PASS_ALL; 907 else 908 flags |= IWL_MVM_LMAC_SCAN_FLAG_MATCH; 909 910 #ifdef CONFIG_IWLWIFI_DEBUGFS 911 if (mvm->scan_iter_notif_enabled) 912 flags |= IWL_MVM_LMAC_SCAN_FLAG_ITER_COMPLETE; 913 #endif 914 915 if (mvm->sched_scan_pass_all == SCHED_SCAN_PASS_ALL_ENABLED) 916 flags |= IWL_MVM_LMAC_SCAN_FLAG_ITER_COMPLETE; 917 918 if (iwl_mvm_is_regular_scan(params) && 919 vif->type != NL80211_IFTYPE_P2P_DEVICE && 920 !iwl_mvm_is_scan_fragmented(params->type)) 921 flags |= IWL_MVM_LMAC_SCAN_FLAG_EXTENDED_DWELL; 922 923 return flags; 924 } 925 926 static void 927 iwl_mvm_scan_set_legacy_probe_req(struct iwl_scan_probe_req_v1 *p_req, 928 struct iwl_scan_probe_req *src_p_req) 929 { 930 int i; 931 932 p_req->mac_header = src_p_req->mac_header; 933 for (i = 0; i < SCAN_NUM_BAND_PROBE_DATA_V_1; i++) 934 p_req->band_data[i] = src_p_req->band_data[i]; 935 p_req->common_data = src_p_req->common_data; 936 memcpy(p_req->buf, src_p_req->buf, sizeof(p_req->buf)); 937 } 938 939 static int iwl_mvm_scan_lmac(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 940 struct iwl_mvm_scan_params *params) 941 { 942 struct iwl_scan_req_lmac *cmd = mvm->scan_cmd; 943 struct iwl_scan_probe_req_v1 *preq = 944 (void *)(cmd->data + sizeof(struct iwl_scan_channel_cfg_lmac) * 945 mvm->fw->ucode_capa.n_scan_channels); 946 u32 ssid_bitmap = 0; 947 int i; 948 u8 band; 949 950 if (WARN_ON(params->n_scan_plans > IWL_MAX_SCHED_SCAN_PLANS)) 951 return -EINVAL; 952 953 iwl_mvm_scan_lmac_dwell(mvm, cmd, params); 954 955 cmd->rx_chain_select = iwl_mvm_scan_rx_chain(mvm); 956 cmd->iter_num = cpu_to_le32(1); 957 cmd->n_channels = (u8)params->n_channels; 958 959 cmd->delay = cpu_to_le32(params->delay); 960 961 cmd->scan_flags = cpu_to_le32(iwl_mvm_scan_lmac_flags(mvm, params, 962 vif)); 963 964 band = iwl_mvm_phy_band_from_nl80211(params->channels[0]->band); 965 cmd->flags = cpu_to_le32(band); 966 cmd->filter_flags = cpu_to_le32(MAC_FILTER_ACCEPT_GRP | 967 MAC_FILTER_IN_BEACON); 968 iwl_mvm_scan_fill_tx_cmd(mvm, cmd->tx_cmd, params->no_cck); 969 iwl_scan_build_ssids(params, cmd->direct_scan, &ssid_bitmap); 970 971 /* this API uses bits 1-20 instead of 0-19 */ 972 ssid_bitmap <<= 1; 973 974 for (i = 0; i < params->n_scan_plans; i++) { 975 struct cfg80211_sched_scan_plan *scan_plan = 976 ¶ms->scan_plans[i]; 977 978 cmd->schedule[i].delay = 979 cpu_to_le16(scan_plan->interval); 980 cmd->schedule[i].iterations = scan_plan->iterations; 981 cmd->schedule[i].full_scan_mul = 1; 982 } 983 984 /* 985 * If the number of iterations of the last scan plan is set to 986 * zero, it should run infinitely. However, this is not always the case. 987 * For example, when regular scan is requested the driver sets one scan 988 * plan with one iteration. 989 */ 990 if (!cmd->schedule[i - 1].iterations) 991 cmd->schedule[i - 1].iterations = 0xff; 992 993 if (iwl_mvm_scan_use_ebs(mvm, vif)) { 994 cmd->channel_opt[0].flags = 995 cpu_to_le16(IWL_SCAN_CHANNEL_FLAG_EBS | 996 IWL_SCAN_CHANNEL_FLAG_EBS_ACCURATE | 997 IWL_SCAN_CHANNEL_FLAG_CACHE_ADD); 998 cmd->channel_opt[0].non_ebs_ratio = 999 cpu_to_le16(IWL_DENSE_EBS_SCAN_RATIO); 1000 cmd->channel_opt[1].flags = 1001 cpu_to_le16(IWL_SCAN_CHANNEL_FLAG_EBS | 1002 IWL_SCAN_CHANNEL_FLAG_EBS_ACCURATE | 1003 IWL_SCAN_CHANNEL_FLAG_CACHE_ADD); 1004 cmd->channel_opt[1].non_ebs_ratio = 1005 cpu_to_le16(IWL_SPARSE_EBS_SCAN_RATIO); 1006 } 1007 1008 iwl_mvm_lmac_scan_cfg_channels(mvm, params->channels, 1009 params->n_channels, ssid_bitmap, cmd); 1010 1011 iwl_mvm_scan_set_legacy_probe_req(preq, ¶ms->preq); 1012 1013 return 0; 1014 } 1015 1016 static int rate_to_scan_rate_flag(unsigned int rate) 1017 { 1018 static const int rate_to_scan_rate[IWL_RATE_COUNT] = { 1019 [IWL_RATE_1M_INDEX] = SCAN_CONFIG_RATE_1M, 1020 [IWL_RATE_2M_INDEX] = SCAN_CONFIG_RATE_2M, 1021 [IWL_RATE_5M_INDEX] = SCAN_CONFIG_RATE_5M, 1022 [IWL_RATE_11M_INDEX] = SCAN_CONFIG_RATE_11M, 1023 [IWL_RATE_6M_INDEX] = SCAN_CONFIG_RATE_6M, 1024 [IWL_RATE_9M_INDEX] = SCAN_CONFIG_RATE_9M, 1025 [IWL_RATE_12M_INDEX] = SCAN_CONFIG_RATE_12M, 1026 [IWL_RATE_18M_INDEX] = SCAN_CONFIG_RATE_18M, 1027 [IWL_RATE_24M_INDEX] = SCAN_CONFIG_RATE_24M, 1028 [IWL_RATE_36M_INDEX] = SCAN_CONFIG_RATE_36M, 1029 [IWL_RATE_48M_INDEX] = SCAN_CONFIG_RATE_48M, 1030 [IWL_RATE_54M_INDEX] = SCAN_CONFIG_RATE_54M, 1031 }; 1032 1033 return rate_to_scan_rate[rate]; 1034 } 1035 1036 static __le32 iwl_mvm_scan_config_rates(struct iwl_mvm *mvm) 1037 { 1038 struct ieee80211_supported_band *band; 1039 unsigned int rates = 0; 1040 int i; 1041 1042 band = &mvm->nvm_data->bands[NL80211_BAND_2GHZ]; 1043 for (i = 0; i < band->n_bitrates; i++) 1044 rates |= rate_to_scan_rate_flag(band->bitrates[i].hw_value); 1045 band = &mvm->nvm_data->bands[NL80211_BAND_5GHZ]; 1046 for (i = 0; i < band->n_bitrates; i++) 1047 rates |= rate_to_scan_rate_flag(band->bitrates[i].hw_value); 1048 1049 /* Set both basic rates and supported rates */ 1050 rates |= SCAN_CONFIG_SUPPORTED_RATE(rates); 1051 1052 return cpu_to_le32(rates); 1053 } 1054 1055 static void iwl_mvm_fill_scan_dwell(struct iwl_mvm *mvm, 1056 struct iwl_scan_dwell *dwell) 1057 { 1058 dwell->active = IWL_SCAN_DWELL_ACTIVE; 1059 dwell->passive = IWL_SCAN_DWELL_PASSIVE; 1060 dwell->fragmented = IWL_SCAN_DWELL_FRAGMENTED; 1061 dwell->extended = IWL_SCAN_DWELL_EXTENDED; 1062 } 1063 1064 static void iwl_mvm_fill_channels(struct iwl_mvm *mvm, u8 *channels, 1065 u32 max_channels) 1066 { 1067 struct ieee80211_supported_band *band; 1068 int i, j = 0; 1069 1070 band = &mvm->nvm_data->bands[NL80211_BAND_2GHZ]; 1071 for (i = 0; i < band->n_channels && j < max_channels; i++, j++) 1072 channels[j] = band->channels[i].hw_value; 1073 band = &mvm->nvm_data->bands[NL80211_BAND_5GHZ]; 1074 for (i = 0; i < band->n_channels && j < max_channels; i++, j++) 1075 channels[j] = band->channels[i].hw_value; 1076 } 1077 1078 static void iwl_mvm_fill_scan_config_v1(struct iwl_mvm *mvm, void *config, 1079 u32 flags, u8 channel_flags, 1080 u32 max_channels) 1081 { 1082 enum iwl_mvm_scan_type type = iwl_mvm_get_scan_type(mvm, NULL); 1083 struct iwl_scan_config_v1 *cfg = config; 1084 1085 cfg->flags = cpu_to_le32(flags); 1086 cfg->tx_chains = cpu_to_le32(iwl_mvm_get_valid_tx_ant(mvm)); 1087 cfg->rx_chains = cpu_to_le32(iwl_mvm_scan_rx_ant(mvm)); 1088 cfg->legacy_rates = iwl_mvm_scan_config_rates(mvm); 1089 cfg->out_of_channel_time = cpu_to_le32(scan_timing[type].max_out_time); 1090 cfg->suspend_time = cpu_to_le32(scan_timing[type].suspend_time); 1091 1092 iwl_mvm_fill_scan_dwell(mvm, &cfg->dwell); 1093 1094 memcpy(&cfg->mac_addr, &mvm->addresses[0].addr, ETH_ALEN); 1095 1096 /* This function should not be called when using ADD_STA ver >=12 */ 1097 WARN_ON_ONCE(iwl_mvm_has_new_station_api(mvm->fw)); 1098 1099 cfg->bcast_sta_id = mvm->aux_sta.sta_id; 1100 cfg->channel_flags = channel_flags; 1101 1102 iwl_mvm_fill_channels(mvm, cfg->channel_array, max_channels); 1103 } 1104 1105 static void iwl_mvm_fill_scan_config_v2(struct iwl_mvm *mvm, void *config, 1106 u32 flags, u8 channel_flags, 1107 u32 max_channels) 1108 { 1109 struct iwl_scan_config_v2 *cfg = config; 1110 1111 cfg->flags = cpu_to_le32(flags); 1112 cfg->tx_chains = cpu_to_le32(iwl_mvm_get_valid_tx_ant(mvm)); 1113 cfg->rx_chains = cpu_to_le32(iwl_mvm_scan_rx_ant(mvm)); 1114 cfg->legacy_rates = iwl_mvm_scan_config_rates(mvm); 1115 1116 if (iwl_mvm_is_cdb_supported(mvm)) { 1117 enum iwl_mvm_scan_type lb_type, hb_type; 1118 1119 lb_type = iwl_mvm_get_scan_type_band(mvm, NULL, 1120 NL80211_BAND_2GHZ); 1121 hb_type = iwl_mvm_get_scan_type_band(mvm, NULL, 1122 NL80211_BAND_5GHZ); 1123 1124 cfg->out_of_channel_time[SCAN_LB_LMAC_IDX] = 1125 cpu_to_le32(scan_timing[lb_type].max_out_time); 1126 cfg->suspend_time[SCAN_LB_LMAC_IDX] = 1127 cpu_to_le32(scan_timing[lb_type].suspend_time); 1128 1129 cfg->out_of_channel_time[SCAN_HB_LMAC_IDX] = 1130 cpu_to_le32(scan_timing[hb_type].max_out_time); 1131 cfg->suspend_time[SCAN_HB_LMAC_IDX] = 1132 cpu_to_le32(scan_timing[hb_type].suspend_time); 1133 } else { 1134 enum iwl_mvm_scan_type type = 1135 iwl_mvm_get_scan_type(mvm, NULL); 1136 1137 cfg->out_of_channel_time[SCAN_LB_LMAC_IDX] = 1138 cpu_to_le32(scan_timing[type].max_out_time); 1139 cfg->suspend_time[SCAN_LB_LMAC_IDX] = 1140 cpu_to_le32(scan_timing[type].suspend_time); 1141 } 1142 1143 iwl_mvm_fill_scan_dwell(mvm, &cfg->dwell); 1144 1145 memcpy(&cfg->mac_addr, &mvm->addresses[0].addr, ETH_ALEN); 1146 1147 /* This function should not be called when using ADD_STA ver >=12 */ 1148 WARN_ON_ONCE(iwl_mvm_has_new_station_api(mvm->fw)); 1149 1150 cfg->bcast_sta_id = mvm->aux_sta.sta_id; 1151 cfg->channel_flags = channel_flags; 1152 1153 iwl_mvm_fill_channels(mvm, cfg->channel_array, max_channels); 1154 } 1155 1156 static int iwl_mvm_legacy_config_scan(struct iwl_mvm *mvm) 1157 { 1158 void *cfg; 1159 int ret, cmd_size; 1160 struct iwl_host_cmd cmd = { 1161 .id = WIDE_ID(IWL_ALWAYS_LONG_GROUP, SCAN_CFG_CMD), 1162 }; 1163 enum iwl_mvm_scan_type type; 1164 enum iwl_mvm_scan_type hb_type = IWL_SCAN_TYPE_NOT_SET; 1165 int num_channels = 1166 mvm->nvm_data->bands[NL80211_BAND_2GHZ].n_channels + 1167 mvm->nvm_data->bands[NL80211_BAND_5GHZ].n_channels; 1168 u32 flags; 1169 u8 channel_flags; 1170 1171 if (WARN_ON(num_channels > mvm->fw->ucode_capa.n_scan_channels)) 1172 num_channels = mvm->fw->ucode_capa.n_scan_channels; 1173 1174 if (iwl_mvm_is_cdb_supported(mvm)) { 1175 type = iwl_mvm_get_scan_type_band(mvm, NULL, 1176 NL80211_BAND_2GHZ); 1177 hb_type = iwl_mvm_get_scan_type_band(mvm, NULL, 1178 NL80211_BAND_5GHZ); 1179 if (type == mvm->scan_type && hb_type == mvm->hb_scan_type) 1180 return 0; 1181 } else { 1182 type = iwl_mvm_get_scan_type(mvm, NULL); 1183 if (type == mvm->scan_type) 1184 return 0; 1185 } 1186 1187 if (iwl_mvm_cdb_scan_api(mvm)) 1188 cmd_size = sizeof(struct iwl_scan_config_v2); 1189 else 1190 cmd_size = sizeof(struct iwl_scan_config_v1); 1191 cmd_size += mvm->fw->ucode_capa.n_scan_channels; 1192 1193 cfg = kzalloc(cmd_size, GFP_KERNEL); 1194 if (!cfg) 1195 return -ENOMEM; 1196 1197 flags = SCAN_CONFIG_FLAG_ACTIVATE | 1198 SCAN_CONFIG_FLAG_ALLOW_CHUB_REQS | 1199 SCAN_CONFIG_FLAG_SET_TX_CHAINS | 1200 SCAN_CONFIG_FLAG_SET_RX_CHAINS | 1201 SCAN_CONFIG_FLAG_SET_AUX_STA_ID | 1202 SCAN_CONFIG_FLAG_SET_ALL_TIMES | 1203 SCAN_CONFIG_FLAG_SET_LEGACY_RATES | 1204 SCAN_CONFIG_FLAG_SET_MAC_ADDR | 1205 SCAN_CONFIG_FLAG_SET_CHANNEL_FLAGS | 1206 SCAN_CONFIG_N_CHANNELS(num_channels) | 1207 (iwl_mvm_is_scan_fragmented(type) ? 1208 SCAN_CONFIG_FLAG_SET_FRAGMENTED : 1209 SCAN_CONFIG_FLAG_CLEAR_FRAGMENTED); 1210 1211 channel_flags = IWL_CHANNEL_FLAG_EBS | 1212 IWL_CHANNEL_FLAG_ACCURATE_EBS | 1213 IWL_CHANNEL_FLAG_EBS_ADD | 1214 IWL_CHANNEL_FLAG_PRE_SCAN_PASSIVE2ACTIVE; 1215 1216 /* 1217 * Check for fragmented scan on LMAC2 - high band. 1218 * LMAC1 - low band is checked above. 1219 */ 1220 if (iwl_mvm_cdb_scan_api(mvm)) { 1221 if (iwl_mvm_is_cdb_supported(mvm)) 1222 flags |= (iwl_mvm_is_scan_fragmented(hb_type)) ? 1223 SCAN_CONFIG_FLAG_SET_LMAC2_FRAGMENTED : 1224 SCAN_CONFIG_FLAG_CLEAR_LMAC2_FRAGMENTED; 1225 iwl_mvm_fill_scan_config_v2(mvm, cfg, flags, channel_flags, 1226 num_channels); 1227 } else { 1228 iwl_mvm_fill_scan_config_v1(mvm, cfg, flags, channel_flags, 1229 num_channels); 1230 } 1231 1232 cmd.data[0] = cfg; 1233 cmd.len[0] = cmd_size; 1234 cmd.dataflags[0] = IWL_HCMD_DFL_NOCOPY; 1235 1236 IWL_DEBUG_SCAN(mvm, "Sending UMAC scan config\n"); 1237 1238 ret = iwl_mvm_send_cmd(mvm, &cmd); 1239 if (!ret) { 1240 mvm->scan_type = type; 1241 mvm->hb_scan_type = hb_type; 1242 } 1243 1244 kfree(cfg); 1245 return ret; 1246 } 1247 1248 int iwl_mvm_config_scan(struct iwl_mvm *mvm) 1249 { 1250 struct iwl_scan_config cfg; 1251 struct iwl_host_cmd cmd = { 1252 .id = WIDE_ID(IWL_ALWAYS_LONG_GROUP, SCAN_CFG_CMD), 1253 .len[0] = sizeof(cfg), 1254 .data[0] = &cfg, 1255 .dataflags[0] = IWL_HCMD_DFL_NOCOPY, 1256 }; 1257 1258 if (!iwl_mvm_is_reduced_config_scan_supported(mvm)) 1259 return iwl_mvm_legacy_config_scan(mvm); 1260 1261 memset(&cfg, 0, sizeof(cfg)); 1262 1263 if (!iwl_mvm_has_new_station_api(mvm->fw)) { 1264 cfg.bcast_sta_id = mvm->aux_sta.sta_id; 1265 } else if (iwl_fw_lookup_cmd_ver(mvm->fw, SCAN_CFG_CMD, 0) < 5) { 1266 /* 1267 * Fw doesn't use this sta anymore. Deprecated on SCAN_CFG_CMD 1268 * version 5. 1269 */ 1270 cfg.bcast_sta_id = 0xff; 1271 } 1272 1273 cfg.tx_chains = cpu_to_le32(iwl_mvm_get_valid_tx_ant(mvm)); 1274 cfg.rx_chains = cpu_to_le32(iwl_mvm_scan_rx_ant(mvm)); 1275 1276 IWL_DEBUG_SCAN(mvm, "Sending UMAC scan config\n"); 1277 1278 return iwl_mvm_send_cmd(mvm, &cmd); 1279 } 1280 1281 static int iwl_mvm_scan_uid_by_status(struct iwl_mvm *mvm, int status) 1282 { 1283 int i; 1284 1285 for (i = 0; i < mvm->max_scans; i++) 1286 if (mvm->scan_uid_status[i] == status) 1287 return i; 1288 1289 return -ENOENT; 1290 } 1291 1292 static void iwl_mvm_scan_umac_dwell(struct iwl_mvm *mvm, 1293 struct iwl_scan_req_umac *cmd, 1294 struct iwl_mvm_scan_params *params) 1295 { 1296 struct iwl_mvm_scan_timing_params *timing, *hb_timing; 1297 u8 active_dwell, passive_dwell; 1298 1299 timing = &scan_timing[params->type]; 1300 active_dwell = IWL_SCAN_DWELL_ACTIVE; 1301 passive_dwell = IWL_SCAN_DWELL_PASSIVE; 1302 1303 if (iwl_mvm_is_adaptive_dwell_supported(mvm)) { 1304 cmd->v7.adwell_default_n_aps_social = 1305 IWL_SCAN_ADWELL_DEFAULT_N_APS_SOCIAL; 1306 cmd->v7.adwell_default_n_aps = 1307 IWL_SCAN_ADWELL_DEFAULT_LB_N_APS; 1308 1309 if (iwl_mvm_is_adwell_hb_ap_num_supported(mvm)) 1310 cmd->v9.adwell_default_hb_n_aps = 1311 IWL_SCAN_ADWELL_DEFAULT_HB_N_APS; 1312 1313 /* if custom max budget was configured with debugfs */ 1314 if (IWL_MVM_ADWELL_MAX_BUDGET) 1315 cmd->v7.adwell_max_budget = 1316 cpu_to_le16(IWL_MVM_ADWELL_MAX_BUDGET); 1317 else if (params->n_ssids && params->ssids[0].ssid_len) 1318 cmd->v7.adwell_max_budget = 1319 cpu_to_le16(IWL_SCAN_ADWELL_MAX_BUDGET_DIRECTED_SCAN); 1320 else 1321 cmd->v7.adwell_max_budget = 1322 cpu_to_le16(IWL_SCAN_ADWELL_MAX_BUDGET_FULL_SCAN); 1323 1324 cmd->v7.scan_priority = cpu_to_le32(IWL_SCAN_PRIORITY_EXT_6); 1325 cmd->v7.max_out_time[SCAN_LB_LMAC_IDX] = 1326 cpu_to_le32(timing->max_out_time); 1327 cmd->v7.suspend_time[SCAN_LB_LMAC_IDX] = 1328 cpu_to_le32(timing->suspend_time); 1329 1330 if (iwl_mvm_is_cdb_supported(mvm)) { 1331 hb_timing = &scan_timing[params->hb_type]; 1332 1333 cmd->v7.max_out_time[SCAN_HB_LMAC_IDX] = 1334 cpu_to_le32(hb_timing->max_out_time); 1335 cmd->v7.suspend_time[SCAN_HB_LMAC_IDX] = 1336 cpu_to_le32(hb_timing->suspend_time); 1337 } 1338 1339 if (!iwl_mvm_is_adaptive_dwell_v2_supported(mvm)) { 1340 cmd->v7.active_dwell = active_dwell; 1341 cmd->v7.passive_dwell = passive_dwell; 1342 cmd->v7.fragmented_dwell = IWL_SCAN_DWELL_FRAGMENTED; 1343 } else { 1344 cmd->v8.active_dwell[SCAN_LB_LMAC_IDX] = active_dwell; 1345 cmd->v8.passive_dwell[SCAN_LB_LMAC_IDX] = passive_dwell; 1346 if (iwl_mvm_is_cdb_supported(mvm)) { 1347 cmd->v8.active_dwell[SCAN_HB_LMAC_IDX] = 1348 active_dwell; 1349 cmd->v8.passive_dwell[SCAN_HB_LMAC_IDX] = 1350 passive_dwell; 1351 } 1352 } 1353 } else { 1354 cmd->v1.extended_dwell = IWL_SCAN_DWELL_EXTENDED; 1355 cmd->v1.active_dwell = active_dwell; 1356 cmd->v1.passive_dwell = passive_dwell; 1357 cmd->v1.fragmented_dwell = IWL_SCAN_DWELL_FRAGMENTED; 1358 1359 if (iwl_mvm_is_cdb_supported(mvm)) { 1360 hb_timing = &scan_timing[params->hb_type]; 1361 1362 cmd->v6.max_out_time[SCAN_HB_LMAC_IDX] = 1363 cpu_to_le32(hb_timing->max_out_time); 1364 cmd->v6.suspend_time[SCAN_HB_LMAC_IDX] = 1365 cpu_to_le32(hb_timing->suspend_time); 1366 } 1367 1368 if (iwl_mvm_cdb_scan_api(mvm)) { 1369 cmd->v6.scan_priority = 1370 cpu_to_le32(IWL_SCAN_PRIORITY_EXT_6); 1371 cmd->v6.max_out_time[SCAN_LB_LMAC_IDX] = 1372 cpu_to_le32(timing->max_out_time); 1373 cmd->v6.suspend_time[SCAN_LB_LMAC_IDX] = 1374 cpu_to_le32(timing->suspend_time); 1375 } else { 1376 cmd->v1.scan_priority = 1377 cpu_to_le32(IWL_SCAN_PRIORITY_EXT_6); 1378 cmd->v1.max_out_time = 1379 cpu_to_le32(timing->max_out_time); 1380 cmd->v1.suspend_time = 1381 cpu_to_le32(timing->suspend_time); 1382 } 1383 } 1384 1385 if (iwl_mvm_is_regular_scan(params)) 1386 cmd->ooc_priority = cpu_to_le32(IWL_SCAN_PRIORITY_EXT_6); 1387 else 1388 cmd->ooc_priority = cpu_to_le32(IWL_SCAN_PRIORITY_EXT_2); 1389 } 1390 1391 static u32 iwl_mvm_scan_umac_ooc_priority(int type) 1392 { 1393 if (type == IWL_MVM_SCAN_REGULAR) 1394 return IWL_SCAN_PRIORITY_EXT_6; 1395 1396 return IWL_SCAN_PRIORITY_EXT_2; 1397 } 1398 1399 static void 1400 iwl_mvm_scan_umac_dwell_v11(struct iwl_mvm *mvm, 1401 struct iwl_scan_general_params_v11 *general_params, 1402 struct iwl_mvm_scan_params *params) 1403 { 1404 struct iwl_mvm_scan_timing_params *timing, *hb_timing; 1405 u8 active_dwell, passive_dwell; 1406 1407 timing = &scan_timing[params->type]; 1408 active_dwell = IWL_SCAN_DWELL_ACTIVE; 1409 passive_dwell = IWL_SCAN_DWELL_PASSIVE; 1410 1411 general_params->adwell_default_social_chn = 1412 IWL_SCAN_ADWELL_DEFAULT_N_APS_SOCIAL; 1413 general_params->adwell_default_2g = IWL_SCAN_ADWELL_DEFAULT_LB_N_APS; 1414 general_params->adwell_default_5g = IWL_SCAN_ADWELL_DEFAULT_HB_N_APS; 1415 1416 /* if custom max budget was configured with debugfs */ 1417 if (IWL_MVM_ADWELL_MAX_BUDGET) 1418 general_params->adwell_max_budget = 1419 cpu_to_le16(IWL_MVM_ADWELL_MAX_BUDGET); 1420 else if (params->n_ssids && params->ssids[0].ssid_len) 1421 general_params->adwell_max_budget = 1422 cpu_to_le16(IWL_SCAN_ADWELL_MAX_BUDGET_DIRECTED_SCAN); 1423 else 1424 general_params->adwell_max_budget = 1425 cpu_to_le16(IWL_SCAN_ADWELL_MAX_BUDGET_FULL_SCAN); 1426 1427 general_params->scan_priority = cpu_to_le32(IWL_SCAN_PRIORITY_EXT_6); 1428 general_params->max_out_of_time[SCAN_LB_LMAC_IDX] = 1429 cpu_to_le32(timing->max_out_time); 1430 general_params->suspend_time[SCAN_LB_LMAC_IDX] = 1431 cpu_to_le32(timing->suspend_time); 1432 1433 hb_timing = &scan_timing[params->hb_type]; 1434 1435 general_params->max_out_of_time[SCAN_HB_LMAC_IDX] = 1436 cpu_to_le32(hb_timing->max_out_time); 1437 general_params->suspend_time[SCAN_HB_LMAC_IDX] = 1438 cpu_to_le32(hb_timing->suspend_time); 1439 1440 general_params->active_dwell[SCAN_LB_LMAC_IDX] = active_dwell; 1441 general_params->passive_dwell[SCAN_LB_LMAC_IDX] = passive_dwell; 1442 general_params->active_dwell[SCAN_HB_LMAC_IDX] = active_dwell; 1443 general_params->passive_dwell[SCAN_HB_LMAC_IDX] = passive_dwell; 1444 } 1445 1446 struct iwl_mvm_scan_channel_segment { 1447 u8 start_idx; 1448 u8 end_idx; 1449 u8 first_channel_id; 1450 u8 last_channel_id; 1451 u8 channel_spacing_shift; 1452 u8 band; 1453 }; 1454 1455 static const struct iwl_mvm_scan_channel_segment scan_channel_segments[] = { 1456 { 1457 .start_idx = 0, 1458 .end_idx = 13, 1459 .first_channel_id = 1, 1460 .last_channel_id = 14, 1461 .channel_spacing_shift = 0, 1462 .band = PHY_BAND_24 1463 }, 1464 { 1465 .start_idx = 14, 1466 .end_idx = 41, 1467 .first_channel_id = 36, 1468 .last_channel_id = 144, 1469 .channel_spacing_shift = 2, 1470 .band = PHY_BAND_5 1471 }, 1472 { 1473 .start_idx = 42, 1474 .end_idx = 50, 1475 .first_channel_id = 149, 1476 .last_channel_id = 181, 1477 .channel_spacing_shift = 2, 1478 .band = PHY_BAND_5 1479 }, 1480 { 1481 .start_idx = 51, 1482 .end_idx = 111, 1483 .first_channel_id = 1, 1484 .last_channel_id = 241, 1485 .channel_spacing_shift = 2, 1486 .band = PHY_BAND_6 1487 }, 1488 }; 1489 1490 static int iwl_mvm_scan_ch_and_band_to_idx(u8 channel_id, u8 band) 1491 { 1492 int i, index; 1493 1494 if (!channel_id) 1495 return -EINVAL; 1496 1497 for (i = 0; i < ARRAY_SIZE(scan_channel_segments); i++) { 1498 const struct iwl_mvm_scan_channel_segment *ch_segment = 1499 &scan_channel_segments[i]; 1500 u32 ch_offset; 1501 1502 if (ch_segment->band != band || 1503 ch_segment->first_channel_id > channel_id || 1504 ch_segment->last_channel_id < channel_id) 1505 continue; 1506 1507 ch_offset = (channel_id - ch_segment->first_channel_id) >> 1508 ch_segment->channel_spacing_shift; 1509 1510 index = scan_channel_segments[i].start_idx + ch_offset; 1511 if (index < IWL_SCAN_NUM_CHANNELS) 1512 return index; 1513 1514 break; 1515 } 1516 1517 return -EINVAL; 1518 } 1519 1520 static const u8 p2p_go_friendly_chs[] = { 1521 36, 40, 44, 48, 149, 153, 157, 161, 165, 1522 }; 1523 1524 static const u8 social_chs[] = { 1525 1, 6, 11 1526 }; 1527 1528 static void iwl_mvm_scan_ch_add_n_aps_override(enum nl80211_iftype vif_type, 1529 u8 ch_id, u8 band, u8 *ch_bitmap, 1530 size_t bitmap_n_entries) 1531 { 1532 int i; 1533 1534 if (vif_type != NL80211_IFTYPE_P2P_DEVICE) 1535 return; 1536 1537 for (i = 0; i < ARRAY_SIZE(p2p_go_friendly_chs); i++) { 1538 if (p2p_go_friendly_chs[i] == ch_id) { 1539 int ch_idx, bitmap_idx; 1540 1541 ch_idx = iwl_mvm_scan_ch_and_band_to_idx(ch_id, band); 1542 if (ch_idx < 0) 1543 return; 1544 1545 bitmap_idx = ch_idx / 8; 1546 if (bitmap_idx >= bitmap_n_entries) 1547 return; 1548 1549 ch_idx = ch_idx % 8; 1550 ch_bitmap[bitmap_idx] |= BIT(ch_idx); 1551 1552 return; 1553 } 1554 } 1555 } 1556 1557 static u32 iwl_mvm_scan_ch_n_aps_flag(enum nl80211_iftype vif_type, u8 ch_id) 1558 { 1559 int i; 1560 u32 flags = 0; 1561 1562 if (vif_type != NL80211_IFTYPE_P2P_DEVICE) 1563 goto out; 1564 1565 for (i = 0; i < ARRAY_SIZE(p2p_go_friendly_chs); i++) { 1566 if (p2p_go_friendly_chs[i] == ch_id) { 1567 flags |= IWL_SCAN_ADWELL_N_APS_GO_FRIENDLY_BIT; 1568 break; 1569 } 1570 } 1571 1572 if (flags) 1573 goto out; 1574 1575 for (i = 0; i < ARRAY_SIZE(social_chs); i++) { 1576 if (social_chs[i] == ch_id) { 1577 flags |= IWL_SCAN_ADWELL_N_APS_SOCIAL_CHS_BIT; 1578 break; 1579 } 1580 } 1581 1582 out: 1583 return flags; 1584 } 1585 1586 static void 1587 iwl_mvm_umac_scan_cfg_channels(struct iwl_mvm *mvm, 1588 struct ieee80211_channel **channels, 1589 int n_channels, u32 flags, 1590 struct iwl_scan_channel_cfg_umac *channel_cfg) 1591 { 1592 int i; 1593 1594 for (i = 0; i < n_channels; i++) { 1595 channel_cfg[i].flags = cpu_to_le32(flags); 1596 channel_cfg[i].channel_num = channels[i]->hw_value; 1597 if (iwl_mvm_is_scan_ext_chan_supported(mvm)) { 1598 enum nl80211_band band = channels[i]->band; 1599 1600 channel_cfg[i].v2.band = 1601 iwl_mvm_phy_band_from_nl80211(band); 1602 channel_cfg[i].v2.iter_count = 1; 1603 channel_cfg[i].v2.iter_interval = 0; 1604 } else { 1605 channel_cfg[i].v1.iter_count = 1; 1606 channel_cfg[i].v1.iter_interval = 0; 1607 } 1608 } 1609 } 1610 1611 static void 1612 iwl_mvm_umac_scan_cfg_channels_v4(struct iwl_mvm *mvm, 1613 struct ieee80211_channel **channels, 1614 struct iwl_scan_channel_params_v4 *cp, 1615 int n_channels, u32 flags, 1616 enum nl80211_iftype vif_type) 1617 { 1618 u8 *bitmap = cp->adwell_ch_override_bitmap; 1619 size_t bitmap_n_entries = ARRAY_SIZE(cp->adwell_ch_override_bitmap); 1620 int i; 1621 1622 for (i = 0; i < n_channels; i++) { 1623 enum nl80211_band band = channels[i]->band; 1624 struct iwl_scan_channel_cfg_umac *cfg = 1625 &cp->channel_config[i]; 1626 1627 cfg->flags = cpu_to_le32(flags); 1628 cfg->channel_num = channels[i]->hw_value; 1629 cfg->v2.band = iwl_mvm_phy_band_from_nl80211(band); 1630 cfg->v2.iter_count = 1; 1631 cfg->v2.iter_interval = 0; 1632 1633 iwl_mvm_scan_ch_add_n_aps_override(vif_type, 1634 cfg->channel_num, 1635 cfg->v2.band, bitmap, 1636 bitmap_n_entries); 1637 } 1638 } 1639 1640 static void 1641 iwl_mvm_umac_scan_cfg_channels_v7(struct iwl_mvm *mvm, 1642 struct ieee80211_channel **channels, 1643 struct iwl_scan_channel_params_v7 *cp, 1644 int n_channels, u32 flags, 1645 enum nl80211_iftype vif_type, u32 version) 1646 { 1647 int i; 1648 1649 for (i = 0; i < n_channels; i++) { 1650 enum nl80211_band band = channels[i]->band; 1651 struct iwl_scan_channel_cfg_umac *cfg = &cp->channel_config[i]; 1652 u32 n_aps_flag = 1653 iwl_mvm_scan_ch_n_aps_flag(vif_type, 1654 channels[i]->hw_value); 1655 u8 iwl_band = iwl_mvm_phy_band_from_nl80211(band); 1656 1657 cfg->flags = cpu_to_le32(flags | n_aps_flag); 1658 cfg->channel_num = channels[i]->hw_value; 1659 if (cfg80211_channel_is_psc(channels[i])) 1660 cfg->flags = 0; 1661 1662 if (band == NL80211_BAND_6GHZ) { 1663 /* 6 GHz channels should only appear in a scan request 1664 * that has scan_6ghz set. The only exception is MLO 1665 * scan, which has to be passive. 1666 */ 1667 WARN_ON_ONCE(cfg->flags != 0); 1668 cfg->flags = 1669 cpu_to_le32(IWL_UHB_CHAN_CFG_FLAG_FORCE_PASSIVE); 1670 } 1671 1672 cfg->v2.iter_count = 1; 1673 cfg->v2.iter_interval = 0; 1674 if (version < 17) 1675 cfg->v2.band = iwl_band; 1676 else 1677 cfg->flags |= cpu_to_le32((iwl_band << 1678 IWL_CHAN_CFG_FLAGS_BAND_POS)); 1679 } 1680 } 1681 1682 static void 1683 iwl_mvm_umac_scan_fill_6g_chan_list(struct iwl_mvm *mvm, 1684 struct iwl_mvm_scan_params *params, 1685 struct iwl_scan_probe_params_v4 *pp) 1686 { 1687 int j, idex_s = 0, idex_b = 0; 1688 struct cfg80211_scan_6ghz_params *scan_6ghz_params = 1689 params->scan_6ghz_params; 1690 bool hidden_supported = fw_has_capa(&mvm->fw->ucode_capa, 1691 IWL_UCODE_TLV_CAPA_HIDDEN_6GHZ_SCAN); 1692 1693 for (j = 0; j < params->n_ssids && idex_s < SCAN_SHORT_SSID_MAX_SIZE; 1694 j++) { 1695 if (!params->ssids[j].ssid_len) 1696 continue; 1697 1698 pp->short_ssid[idex_s] = 1699 cpu_to_le32(~crc32_le(~0, params->ssids[j].ssid, 1700 params->ssids[j].ssid_len)); 1701 1702 if (hidden_supported) { 1703 pp->direct_scan[idex_s].id = WLAN_EID_SSID; 1704 pp->direct_scan[idex_s].len = params->ssids[j].ssid_len; 1705 memcpy(pp->direct_scan[idex_s].ssid, params->ssids[j].ssid, 1706 params->ssids[j].ssid_len); 1707 } 1708 idex_s++; 1709 } 1710 1711 /* 1712 * Populate the arrays of the short SSIDs and the BSSIDs using the 6GHz 1713 * collocated parameters. This might not be optimal, as this processing 1714 * does not (yet) correspond to the actual channels, so it is possible 1715 * that some entries would be left out. 1716 * 1717 * TODO: improve this logic. 1718 */ 1719 for (j = 0; j < params->n_6ghz_params; j++) { 1720 int k; 1721 1722 /* First, try to place the short SSID */ 1723 if (scan_6ghz_params[j].short_ssid_valid) { 1724 for (k = 0; k < idex_s; k++) { 1725 if (pp->short_ssid[k] == 1726 cpu_to_le32(scan_6ghz_params[j].short_ssid)) 1727 break; 1728 } 1729 1730 if (k == idex_s && idex_s < SCAN_SHORT_SSID_MAX_SIZE) { 1731 pp->short_ssid[idex_s++] = 1732 cpu_to_le32(scan_6ghz_params[j].short_ssid); 1733 } 1734 } 1735 1736 /* try to place BSSID for the same entry */ 1737 for (k = 0; k < idex_b; k++) { 1738 if (!memcmp(&pp->bssid_array[k], 1739 scan_6ghz_params[j].bssid, ETH_ALEN)) 1740 break; 1741 } 1742 1743 if (k == idex_b && idex_b < SCAN_BSSID_MAX_SIZE && 1744 !WARN_ONCE(!is_valid_ether_addr(scan_6ghz_params[j].bssid), 1745 "scan: invalid BSSID at index %u, index_b=%u\n", 1746 j, idex_b)) { 1747 memcpy(&pp->bssid_array[idex_b++], 1748 scan_6ghz_params[j].bssid, ETH_ALEN); 1749 } 1750 } 1751 1752 pp->short_ssid_num = idex_s; 1753 pp->bssid_num = idex_b; 1754 } 1755 1756 /* TODO: this function can be merged with iwl_mvm_scan_umac_fill_ch_p_v7 */ 1757 static u32 1758 iwl_mvm_umac_scan_cfg_channels_v7_6g(struct iwl_mvm *mvm, 1759 struct iwl_mvm_scan_params *params, 1760 u32 n_channels, 1761 struct iwl_scan_probe_params_v4 *pp, 1762 struct iwl_scan_channel_params_v7 *cp, 1763 enum nl80211_iftype vif_type, 1764 u32 version) 1765 { 1766 int i; 1767 struct cfg80211_scan_6ghz_params *scan_6ghz_params = 1768 params->scan_6ghz_params; 1769 u32 ch_cnt; 1770 1771 for (i = 0, ch_cnt = 0; i < params->n_channels; i++) { 1772 struct iwl_scan_channel_cfg_umac *cfg = 1773 &cp->channel_config[ch_cnt]; 1774 1775 u32 s_ssid_bitmap = 0, bssid_bitmap = 0, flags = 0; 1776 u8 k, n_s_ssids = 0, n_bssids = 0; 1777 u8 max_s_ssids, max_bssids; 1778 bool force_passive = false, found = false, allow_passive = true, 1779 unsolicited_probe_on_chan = false, psc_no_listen = false; 1780 s8 psd_20 = IEEE80211_RNR_TBTT_PARAMS_PSD_RESERVED; 1781 1782 /* 1783 * Avoid performing passive scan on non PSC channels unless the 1784 * scan is specifically a passive scan, i.e., no SSIDs 1785 * configured in the scan command. 1786 */ 1787 if (!cfg80211_channel_is_psc(params->channels[i]) && 1788 !params->n_6ghz_params && params->n_ssids) 1789 continue; 1790 1791 cfg->channel_num = params->channels[i]->hw_value; 1792 if (version < 17) 1793 cfg->v2.band = PHY_BAND_6; 1794 else 1795 cfg->flags |= cpu_to_le32(PHY_BAND_6 << 1796 IWL_CHAN_CFG_FLAGS_BAND_POS); 1797 1798 cfg->v5.iter_count = 1; 1799 cfg->v5.iter_interval = 0; 1800 1801 for (u32 j = 0; j < params->n_6ghz_params; j++) { 1802 s8 tmp_psd_20; 1803 1804 if (!(scan_6ghz_params[j].channel_idx == i)) 1805 continue; 1806 1807 unsolicited_probe_on_chan |= 1808 scan_6ghz_params[j].unsolicited_probe; 1809 1810 /* Use the highest PSD value allowed as advertised by 1811 * APs for this channel 1812 */ 1813 tmp_psd_20 = scan_6ghz_params[j].psd_20; 1814 if (tmp_psd_20 != 1815 IEEE80211_RNR_TBTT_PARAMS_PSD_RESERVED && 1816 (psd_20 == 1817 IEEE80211_RNR_TBTT_PARAMS_PSD_RESERVED || 1818 psd_20 < tmp_psd_20)) 1819 psd_20 = tmp_psd_20; 1820 1821 psc_no_listen |= scan_6ghz_params[j].psc_no_listen; 1822 } 1823 1824 /* 1825 * In the following cases apply passive scan: 1826 * 1. Non fragmented scan: 1827 * - PSC channel with NO_LISTEN_FLAG on should be treated 1828 * like non PSC channel 1829 * - Non PSC channel with more than 3 short SSIDs or more 1830 * than 9 BSSIDs. 1831 * - Non PSC Channel with unsolicited probe response and 1832 * more than 2 short SSIDs or more than 6 BSSIDs. 1833 * - PSC channel with more than 2 short SSIDs or more than 1834 * 6 BSSIDs. 1835 * 3. Fragmented scan: 1836 * - PSC channel with more than 1 SSID or 3 BSSIDs. 1837 * - Non PSC channel with more than 2 SSIDs or 6 BSSIDs. 1838 * - Non PSC channel with unsolicited probe response and 1839 * more than 1 SSID or more than 3 BSSIDs. 1840 */ 1841 if (!iwl_mvm_is_scan_fragmented(params->type)) { 1842 if (!cfg80211_channel_is_psc(params->channels[i]) || 1843 psc_no_listen) { 1844 if (unsolicited_probe_on_chan) { 1845 max_s_ssids = 2; 1846 max_bssids = 6; 1847 } else { 1848 max_s_ssids = 3; 1849 max_bssids = 9; 1850 } 1851 } else { 1852 max_s_ssids = 2; 1853 max_bssids = 6; 1854 } 1855 } else if (cfg80211_channel_is_psc(params->channels[i])) { 1856 max_s_ssids = 1; 1857 max_bssids = 3; 1858 } else { 1859 if (unsolicited_probe_on_chan) { 1860 max_s_ssids = 1; 1861 max_bssids = 3; 1862 } else { 1863 max_s_ssids = 2; 1864 max_bssids = 6; 1865 } 1866 } 1867 1868 /* 1869 * The optimize the scan time, i.e., reduce the scan dwell time 1870 * on each channel, the below logic tries to set 3 direct BSSID 1871 * probe requests for each broadcast probe request with a short 1872 * SSID. 1873 * TODO: improve this logic 1874 */ 1875 for (u32 j = 0; j < params->n_6ghz_params; j++) { 1876 if (!(scan_6ghz_params[j].channel_idx == i)) 1877 continue; 1878 1879 found = false; 1880 1881 for (k = 0; 1882 k < pp->short_ssid_num && n_s_ssids < max_s_ssids; 1883 k++) { 1884 if (!scan_6ghz_params[j].unsolicited_probe && 1885 le32_to_cpu(pp->short_ssid[k]) == 1886 scan_6ghz_params[j].short_ssid) { 1887 /* Relevant short SSID bit set */ 1888 if (s_ssid_bitmap & BIT(k)) { 1889 found = true; 1890 break; 1891 } 1892 1893 /* 1894 * Prefer creating BSSID entries unless 1895 * the short SSID probe can be done in 1896 * the same channel dwell iteration. 1897 * 1898 * We also need to create a short SSID 1899 * entry for any hidden AP. 1900 */ 1901 if (3 * n_s_ssids > n_bssids && 1902 !pp->direct_scan[k].len) 1903 break; 1904 1905 /* Hidden AP, cannot do passive scan */ 1906 if (pp->direct_scan[k].len) 1907 allow_passive = false; 1908 1909 s_ssid_bitmap |= BIT(k); 1910 n_s_ssids++; 1911 found = true; 1912 break; 1913 } 1914 } 1915 1916 if (found) 1917 continue; 1918 1919 for (k = 0; k < pp->bssid_num; k++) { 1920 if (!memcmp(&pp->bssid_array[k], 1921 scan_6ghz_params[j].bssid, 1922 ETH_ALEN)) { 1923 if (!(bssid_bitmap & BIT(k))) { 1924 if (n_bssids < max_bssids) { 1925 bssid_bitmap |= BIT(k); 1926 n_bssids++; 1927 } else { 1928 force_passive = TRUE; 1929 } 1930 } 1931 break; 1932 } 1933 } 1934 } 1935 1936 if (cfg80211_channel_is_psc(params->channels[i]) && 1937 psc_no_listen) 1938 flags |= IWL_UHB_CHAN_CFG_FLAG_PSC_CHAN_NO_LISTEN; 1939 1940 if (unsolicited_probe_on_chan) 1941 flags |= IWL_UHB_CHAN_CFG_FLAG_UNSOLICITED_PROBE_RES; 1942 1943 if ((allow_passive && force_passive) || 1944 (!(bssid_bitmap | s_ssid_bitmap) && 1945 !cfg80211_channel_is_psc(params->channels[i]))) 1946 flags |= IWL_UHB_CHAN_CFG_FLAG_FORCE_PASSIVE; 1947 else 1948 flags |= bssid_bitmap | (s_ssid_bitmap << 16); 1949 1950 cfg->flags |= cpu_to_le32(flags); 1951 if (version >= 17) 1952 cfg->v5.psd_20 = psd_20; 1953 1954 ch_cnt++; 1955 } 1956 1957 if (params->n_channels > ch_cnt) 1958 IWL_DEBUG_SCAN(mvm, 1959 "6GHz: reducing number channels: (%u->%u)\n", 1960 params->n_channels, ch_cnt); 1961 1962 return ch_cnt; 1963 } 1964 1965 static u8 iwl_mvm_scan_umac_chan_flags_v2(struct iwl_mvm *mvm, 1966 struct iwl_mvm_scan_params *params, 1967 struct ieee80211_vif *vif) 1968 { 1969 u8 flags = 0; 1970 1971 flags |= IWL_SCAN_CHANNEL_FLAG_ENABLE_CHAN_ORDER; 1972 1973 if (iwl_mvm_scan_use_ebs(mvm, vif)) 1974 flags |= IWL_SCAN_CHANNEL_FLAG_EBS | 1975 IWL_SCAN_CHANNEL_FLAG_EBS_ACCURATE | 1976 IWL_SCAN_CHANNEL_FLAG_CACHE_ADD; 1977 1978 /* set fragmented ebs for fragmented scan on HB channels */ 1979 if ((!iwl_mvm_is_cdb_supported(mvm) && 1980 iwl_mvm_is_scan_fragmented(params->type)) || 1981 (iwl_mvm_is_cdb_supported(mvm) && 1982 iwl_mvm_is_scan_fragmented(params->hb_type))) 1983 flags |= IWL_SCAN_CHANNEL_FLAG_EBS_FRAG; 1984 1985 /* 1986 * force EBS in case the scan is a fragmented and there is a need to take P2P 1987 * GO operation into consideration during scan operation. 1988 */ 1989 if ((!iwl_mvm_is_cdb_supported(mvm) && 1990 iwl_mvm_is_scan_fragmented(params->type) && params->respect_p2p_go) || 1991 (iwl_mvm_is_cdb_supported(mvm) && 1992 iwl_mvm_is_scan_fragmented(params->hb_type) && 1993 params->respect_p2p_go_hb)) { 1994 IWL_DEBUG_SCAN(mvm, "Respect P2P GO. Force EBS\n"); 1995 flags |= IWL_SCAN_CHANNEL_FLAG_FORCE_EBS; 1996 } 1997 1998 return flags; 1999 } 2000 2001 static void iwl_mvm_scan_6ghz_passive_scan(struct iwl_mvm *mvm, 2002 struct iwl_mvm_scan_params *params, 2003 struct ieee80211_vif *vif) 2004 { 2005 struct ieee80211_supported_band *sband = 2006 &mvm->nvm_data->bands[NL80211_BAND_6GHZ]; 2007 u32 n_disabled, i; 2008 2009 params->enable_6ghz_passive = false; 2010 2011 if (params->scan_6ghz) 2012 return; 2013 2014 if (!fw_has_capa(&mvm->fw->ucode_capa, 2015 IWL_UCODE_TLV_CAPA_PASSIVE_6GHZ_SCAN)) { 2016 IWL_DEBUG_SCAN(mvm, 2017 "6GHz passive scan: Not supported by FW\n"); 2018 return; 2019 } 2020 2021 /* 6GHz passive scan allowed only on station interface */ 2022 if (vif->type != NL80211_IFTYPE_STATION) { 2023 IWL_DEBUG_SCAN(mvm, 2024 "6GHz passive scan: not station interface\n"); 2025 return; 2026 } 2027 2028 /* 2029 * 6GHz passive scan is allowed in a defined time interval following HW 2030 * reset or resume flow, or while not associated and a large interval 2031 * has passed since the last 6GHz passive scan. 2032 */ 2033 if ((vif->cfg.assoc || 2034 time_after(mvm->last_6ghz_passive_scan_jiffies + 2035 (IWL_MVM_6GHZ_PASSIVE_SCAN_TIMEOUT * HZ), jiffies)) && 2036 (time_before(mvm->last_reset_or_resume_time_jiffies + 2037 (IWL_MVM_6GHZ_PASSIVE_SCAN_ASSOC_TIMEOUT * HZ), 2038 jiffies))) { 2039 IWL_DEBUG_SCAN(mvm, "6GHz passive scan: %s\n", 2040 vif->cfg.assoc ? "associated" : 2041 "timeout did not expire"); 2042 return; 2043 } 2044 2045 /* not enough channels in the regular scan request */ 2046 if (params->n_channels < IWL_MVM_6GHZ_PASSIVE_SCAN_MIN_CHANS) { 2047 IWL_DEBUG_SCAN(mvm, 2048 "6GHz passive scan: not enough channels\n"); 2049 return; 2050 } 2051 2052 for (i = 0; i < params->n_ssids; i++) { 2053 if (!params->ssids[i].ssid_len) 2054 break; 2055 } 2056 2057 /* not a wildcard scan, so cannot enable passive 6GHz scan */ 2058 if (i == params->n_ssids) { 2059 IWL_DEBUG_SCAN(mvm, 2060 "6GHz passive scan: no wildcard SSID\n"); 2061 return; 2062 } 2063 2064 if (!sband || !sband->n_channels) { 2065 IWL_DEBUG_SCAN(mvm, 2066 "6GHz passive scan: no 6GHz channels\n"); 2067 return; 2068 } 2069 2070 for (i = 0, n_disabled = 0; i < sband->n_channels; i++) { 2071 if (sband->channels[i].flags & (IEEE80211_CHAN_DISABLED)) 2072 n_disabled++; 2073 } 2074 2075 /* 2076 * Not all the 6GHz channels are disabled, so no need for 6GHz passive 2077 * scan 2078 */ 2079 if (n_disabled != sband->n_channels) { 2080 IWL_DEBUG_SCAN(mvm, 2081 "6GHz passive scan: 6GHz channels enabled\n"); 2082 return; 2083 } 2084 2085 /* all conditions to enable 6ghz passive scan are satisfied */ 2086 IWL_DEBUG_SCAN(mvm, "6GHz passive scan: can be enabled\n"); 2087 params->enable_6ghz_passive = true; 2088 } 2089 2090 static u16 iwl_mvm_scan_umac_flags_v2(struct iwl_mvm *mvm, 2091 struct iwl_mvm_scan_params *params, 2092 struct ieee80211_vif *vif, 2093 int type) 2094 { 2095 u16 flags = 0; 2096 2097 /* 2098 * If no direct SSIDs are provided perform a passive scan. Otherwise, 2099 * if there is a single SSID which is not the broadcast SSID, assume 2100 * that the scan is intended for roaming purposes and thus enable Rx on 2101 * all chains to improve chances of hearing the beacons/probe responses. 2102 */ 2103 if (params->n_ssids == 0) 2104 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_FORCE_PASSIVE; 2105 else if (params->n_ssids == 1 && params->ssids[0].ssid_len) 2106 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_USE_ALL_RX_CHAINS; 2107 2108 if (iwl_mvm_is_scan_fragmented(params->type)) 2109 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_FRAGMENTED_LMAC1; 2110 2111 if (iwl_mvm_is_scan_fragmented(params->hb_type)) 2112 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_FRAGMENTED_LMAC2; 2113 2114 if (params->pass_all) 2115 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_PASS_ALL; 2116 else 2117 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_MATCH; 2118 2119 if (!iwl_mvm_is_regular_scan(params)) 2120 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_PERIODIC; 2121 2122 if (params->iter_notif || 2123 mvm->sched_scan_pass_all == SCHED_SCAN_PASS_ALL_ENABLED) 2124 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_NTFY_ITER_COMPLETE; 2125 2126 if (IWL_MVM_ADWELL_ENABLE) 2127 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_ADAPTIVE_DWELL; 2128 2129 if (type == IWL_MVM_SCAN_SCHED || type == IWL_MVM_SCAN_NETDETECT) 2130 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_PREEMPTIVE; 2131 2132 if ((type == IWL_MVM_SCAN_SCHED || type == IWL_MVM_SCAN_NETDETECT) && 2133 params->flags & NL80211_SCAN_FLAG_COLOCATED_6GHZ) 2134 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_TRIGGER_UHB_SCAN; 2135 2136 if (params->enable_6ghz_passive) 2137 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_6GHZ_PASSIVE_SCAN; 2138 2139 if (iwl_mvm_is_oce_supported(mvm) && 2140 (params->flags & (NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP | 2141 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE | 2142 NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME))) 2143 flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_OCE; 2144 2145 return flags; 2146 } 2147 2148 static u8 iwl_mvm_scan_umac_flags2(struct iwl_mvm *mvm, 2149 struct iwl_mvm_scan_params *params, 2150 struct ieee80211_vif *vif, int type, 2151 u16 gen_flags) 2152 { 2153 u8 flags = 0; 2154 2155 if (iwl_mvm_is_cdb_supported(mvm)) { 2156 if (params->respect_p2p_go) 2157 flags |= IWL_UMAC_SCAN_GEN_PARAMS_FLAGS2_RESPECT_P2P_GO_LB; 2158 if (params->respect_p2p_go_hb) 2159 flags |= IWL_UMAC_SCAN_GEN_PARAMS_FLAGS2_RESPECT_P2P_GO_HB; 2160 } else { 2161 if (params->respect_p2p_go) 2162 flags = IWL_UMAC_SCAN_GEN_PARAMS_FLAGS2_RESPECT_P2P_GO_LB | 2163 IWL_UMAC_SCAN_GEN_PARAMS_FLAGS2_RESPECT_P2P_GO_HB; 2164 } 2165 2166 if (params->scan_6ghz && 2167 fw_has_capa(&mvm->fw->ucode_capa, 2168 IWL_UCODE_TLV_CAPA_SCAN_DONT_TOGGLE_ANT)) 2169 flags |= IWL_UMAC_SCAN_GEN_PARAMS_FLAGS2_DONT_TOGGLE_ANT; 2170 2171 /* Passive and AP interface -> ACS (automatic channel selection) */ 2172 if (gen_flags & IWL_UMAC_SCAN_GEN_FLAGS_V2_FORCE_PASSIVE && 2173 ieee80211_vif_type_p2p(vif) == NL80211_IFTYPE_AP && 2174 iwl_fw_lookup_notif_ver(mvm->fw, SCAN_GROUP, CHANNEL_SURVEY_NOTIF, 2175 0) >= 1) 2176 flags |= IWL_UMAC_SCAN_GEN_FLAGS2_COLLECT_CHANNEL_STATS; 2177 2178 return flags; 2179 } 2180 2181 static u16 iwl_mvm_scan_umac_flags(struct iwl_mvm *mvm, 2182 struct iwl_mvm_scan_params *params, 2183 struct ieee80211_vif *vif) 2184 { 2185 u16 flags = 0; 2186 2187 if (params->n_ssids == 0) 2188 flags = IWL_UMAC_SCAN_GEN_FLAGS_PASSIVE; 2189 2190 if (params->n_ssids == 1 && params->ssids[0].ssid_len != 0) 2191 flags |= IWL_UMAC_SCAN_GEN_FLAGS_PRE_CONNECT; 2192 2193 if (iwl_mvm_is_scan_fragmented(params->type)) 2194 flags |= IWL_UMAC_SCAN_GEN_FLAGS_FRAGMENTED; 2195 2196 if (iwl_mvm_is_cdb_supported(mvm) && 2197 iwl_mvm_is_scan_fragmented(params->hb_type)) 2198 flags |= IWL_UMAC_SCAN_GEN_FLAGS_LMAC2_FRAGMENTED; 2199 2200 if (iwl_mvm_rrm_scan_needed(mvm) && 2201 fw_has_capa(&mvm->fw->ucode_capa, 2202 IWL_UCODE_TLV_CAPA_WFA_TPC_REP_IE_SUPPORT)) 2203 flags |= IWL_UMAC_SCAN_GEN_FLAGS_RRM_ENABLED; 2204 2205 if (params->pass_all) 2206 flags |= IWL_UMAC_SCAN_GEN_FLAGS_PASS_ALL; 2207 else 2208 flags |= IWL_UMAC_SCAN_GEN_FLAGS_MATCH; 2209 2210 if (!iwl_mvm_is_regular_scan(params)) 2211 flags |= IWL_UMAC_SCAN_GEN_FLAGS_PERIODIC; 2212 2213 if (params->iter_notif) 2214 flags |= IWL_UMAC_SCAN_GEN_FLAGS_ITER_COMPLETE; 2215 2216 #ifdef CONFIG_IWLWIFI_DEBUGFS 2217 if (mvm->scan_iter_notif_enabled) 2218 flags |= IWL_UMAC_SCAN_GEN_FLAGS_ITER_COMPLETE; 2219 #endif 2220 2221 if (mvm->sched_scan_pass_all == SCHED_SCAN_PASS_ALL_ENABLED) 2222 flags |= IWL_UMAC_SCAN_GEN_FLAGS_ITER_COMPLETE; 2223 2224 if (iwl_mvm_is_adaptive_dwell_supported(mvm) && IWL_MVM_ADWELL_ENABLE) 2225 flags |= IWL_UMAC_SCAN_GEN_FLAGS_ADAPTIVE_DWELL; 2226 2227 /* 2228 * Extended dwell is relevant only for low band to start with, as it is 2229 * being used for social channles only (1, 6, 11), so we can check 2230 * only scan type on low band also for CDB. 2231 */ 2232 if (iwl_mvm_is_regular_scan(params) && 2233 vif->type != NL80211_IFTYPE_P2P_DEVICE && 2234 !iwl_mvm_is_scan_fragmented(params->type) && 2235 !iwl_mvm_is_adaptive_dwell_supported(mvm) && 2236 !iwl_mvm_is_oce_supported(mvm)) 2237 flags |= IWL_UMAC_SCAN_GEN_FLAGS_EXTENDED_DWELL; 2238 2239 if (iwl_mvm_is_oce_supported(mvm)) { 2240 if ((params->flags & 2241 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE)) 2242 flags |= IWL_UMAC_SCAN_GEN_FLAGS_PROB_REQ_HIGH_TX_RATE; 2243 /* Since IWL_UMAC_SCAN_GEN_FLAGS_EXTENDED_DWELL and 2244 * NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION shares 2245 * the same bit, we need to make sure that we use this bit here 2246 * only when IWL_UMAC_SCAN_GEN_FLAGS_EXTENDED_DWELL cannot be 2247 * used. */ 2248 if ((params->flags & 2249 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) && 2250 !WARN_ON_ONCE(!iwl_mvm_is_adaptive_dwell_supported(mvm))) 2251 flags |= IWL_UMAC_SCAN_GEN_FLAGS_PROB_REQ_DEFER_SUPP; 2252 if ((params->flags & NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME)) 2253 flags |= IWL_UMAC_SCAN_GEN_FLAGS_MAX_CHNL_TIME; 2254 } 2255 2256 return flags; 2257 } 2258 2259 static int 2260 iwl_mvm_fill_scan_sched_params(struct iwl_mvm_scan_params *params, 2261 struct iwl_scan_umac_schedule *schedule, 2262 __le16 *delay) 2263 { 2264 int i; 2265 if (WARN_ON(!params->n_scan_plans || 2266 params->n_scan_plans > IWL_MAX_SCHED_SCAN_PLANS)) 2267 return -EINVAL; 2268 2269 for (i = 0; i < params->n_scan_plans; i++) { 2270 struct cfg80211_sched_scan_plan *scan_plan = 2271 ¶ms->scan_plans[i]; 2272 2273 schedule[i].iter_count = scan_plan->iterations; 2274 schedule[i].interval = 2275 cpu_to_le16(scan_plan->interval); 2276 } 2277 2278 /* 2279 * If the number of iterations of the last scan plan is set to 2280 * zero, it should run infinitely. However, this is not always the case. 2281 * For example, when regular scan is requested the driver sets one scan 2282 * plan with one iteration. 2283 */ 2284 if (!schedule[params->n_scan_plans - 1].iter_count) 2285 schedule[params->n_scan_plans - 1].iter_count = 0xff; 2286 2287 *delay = cpu_to_le16(params->delay); 2288 2289 return 0; 2290 } 2291 2292 static int iwl_mvm_scan_umac(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 2293 struct iwl_mvm_scan_params *params, 2294 int type, int uid) 2295 { 2296 struct iwl_scan_req_umac *cmd = mvm->scan_cmd; 2297 struct iwl_scan_umac_chan_param *chan_param; 2298 void *cmd_data = iwl_mvm_get_scan_req_umac_data(mvm); 2299 void *sec_part = (u8 *)cmd_data + sizeof(struct iwl_scan_channel_cfg_umac) * 2300 mvm->fw->ucode_capa.n_scan_channels; 2301 struct iwl_scan_req_umac_tail_v2 *tail_v2 = 2302 (struct iwl_scan_req_umac_tail_v2 *)sec_part; 2303 struct iwl_scan_req_umac_tail_v1 *tail_v1; 2304 struct iwl_ssid_ie *direct_scan; 2305 int ret = 0; 2306 u32 ssid_bitmap = 0; 2307 u8 channel_flags = 0; 2308 u16 gen_flags; 2309 struct iwl_mvm_vif *scan_vif = iwl_mvm_vif_from_mac80211(vif); 2310 2311 chan_param = iwl_mvm_get_scan_req_umac_channel(mvm); 2312 2313 iwl_mvm_scan_umac_dwell(mvm, cmd, params); 2314 2315 cmd->uid = cpu_to_le32(uid); 2316 gen_flags = iwl_mvm_scan_umac_flags(mvm, params, vif); 2317 cmd->general_flags = cpu_to_le16(gen_flags); 2318 if (iwl_mvm_is_adaptive_dwell_v2_supported(mvm)) { 2319 if (gen_flags & IWL_UMAC_SCAN_GEN_FLAGS_FRAGMENTED) 2320 cmd->v8.num_of_fragments[SCAN_LB_LMAC_IDX] = 2321 IWL_SCAN_NUM_OF_FRAGS; 2322 if (gen_flags & IWL_UMAC_SCAN_GEN_FLAGS_LMAC2_FRAGMENTED) 2323 cmd->v8.num_of_fragments[SCAN_HB_LMAC_IDX] = 2324 IWL_SCAN_NUM_OF_FRAGS; 2325 2326 cmd->v8.general_flags2 = 2327 IWL_UMAC_SCAN_GEN_FLAGS2_ALLOW_CHNL_REORDER; 2328 } 2329 2330 cmd->scan_start_mac_id = scan_vif->id; 2331 2332 if (type == IWL_MVM_SCAN_SCHED || type == IWL_MVM_SCAN_NETDETECT) 2333 cmd->flags = cpu_to_le32(IWL_UMAC_SCAN_FLAG_PREEMPTIVE); 2334 2335 if (iwl_mvm_scan_use_ebs(mvm, vif)) { 2336 channel_flags = IWL_SCAN_CHANNEL_FLAG_EBS | 2337 IWL_SCAN_CHANNEL_FLAG_EBS_ACCURATE | 2338 IWL_SCAN_CHANNEL_FLAG_CACHE_ADD; 2339 2340 /* set fragmented ebs for fragmented scan on HB channels */ 2341 if (iwl_mvm_is_frag_ebs_supported(mvm)) { 2342 if (gen_flags & 2343 IWL_UMAC_SCAN_GEN_FLAGS_LMAC2_FRAGMENTED || 2344 (!iwl_mvm_is_cdb_supported(mvm) && 2345 gen_flags & IWL_UMAC_SCAN_GEN_FLAGS_FRAGMENTED)) 2346 channel_flags |= IWL_SCAN_CHANNEL_FLAG_EBS_FRAG; 2347 } 2348 } 2349 2350 chan_param->flags = channel_flags; 2351 chan_param->count = params->n_channels; 2352 2353 ret = iwl_mvm_fill_scan_sched_params(params, tail_v2->schedule, 2354 &tail_v2->delay); 2355 if (ret) 2356 return ret; 2357 2358 if (iwl_mvm_is_scan_ext_chan_supported(mvm)) { 2359 tail_v2->preq = params->preq; 2360 direct_scan = tail_v2->direct_scan; 2361 } else { 2362 tail_v1 = (struct iwl_scan_req_umac_tail_v1 *)sec_part; 2363 iwl_mvm_scan_set_legacy_probe_req(&tail_v1->preq, 2364 ¶ms->preq); 2365 direct_scan = tail_v1->direct_scan; 2366 } 2367 iwl_scan_build_ssids(params, direct_scan, &ssid_bitmap); 2368 iwl_mvm_umac_scan_cfg_channels(mvm, params->channels, 2369 params->n_channels, ssid_bitmap, 2370 cmd_data); 2371 return 0; 2372 } 2373 2374 static void 2375 iwl_mvm_scan_umac_fill_general_p_v12(struct iwl_mvm *mvm, 2376 struct iwl_mvm_scan_params *params, 2377 struct ieee80211_vif *vif, 2378 struct iwl_scan_general_params_v11 *gp, 2379 u16 gen_flags, u8 gen_flags2, 2380 u32 version) 2381 { 2382 struct iwl_mvm_vif *scan_vif = iwl_mvm_vif_from_mac80211(vif); 2383 2384 iwl_mvm_scan_umac_dwell_v11(mvm, gp, params); 2385 2386 IWL_DEBUG_SCAN(mvm, "General: flags=0x%x, flags2=0x%x\n", 2387 gen_flags, gen_flags2); 2388 2389 gp->flags = cpu_to_le16(gen_flags); 2390 gp->flags2 = gen_flags2; 2391 2392 if (gen_flags & IWL_UMAC_SCAN_GEN_FLAGS_V2_FRAGMENTED_LMAC1) 2393 gp->num_of_fragments[SCAN_LB_LMAC_IDX] = IWL_SCAN_NUM_OF_FRAGS; 2394 if (gen_flags & IWL_UMAC_SCAN_GEN_FLAGS_V2_FRAGMENTED_LMAC2) 2395 gp->num_of_fragments[SCAN_HB_LMAC_IDX] = IWL_SCAN_NUM_OF_FRAGS; 2396 2397 mvm->scan_link_id = 0; 2398 2399 if (version < 16) { 2400 gp->scan_start_mac_or_link_id = scan_vif->id; 2401 } else { 2402 struct iwl_mvm_vif_link_info *link_info = 2403 scan_vif->link[params->tsf_report_link_id]; 2404 2405 mvm->scan_link_id = params->tsf_report_link_id; 2406 if (!WARN_ON(!link_info)) 2407 gp->scan_start_mac_or_link_id = link_info->fw_link_id; 2408 } 2409 } 2410 2411 static void 2412 iwl_mvm_scan_umac_fill_probe_p_v3(struct iwl_mvm_scan_params *params, 2413 struct iwl_scan_probe_params_v3 *pp) 2414 { 2415 pp->preq = params->preq; 2416 pp->ssid_num = params->n_ssids; 2417 iwl_scan_build_ssids(params, pp->direct_scan, NULL); 2418 } 2419 2420 static void 2421 iwl_mvm_scan_umac_fill_probe_p_v4(struct iwl_mvm_scan_params *params, 2422 struct iwl_scan_probe_params_v4 *pp, 2423 u32 *bitmap_ssid) 2424 { 2425 pp->preq = params->preq; 2426 iwl_scan_build_ssids(params, pp->direct_scan, bitmap_ssid); 2427 } 2428 2429 static void 2430 iwl_mvm_scan_umac_fill_ch_p_v4(struct iwl_mvm *mvm, 2431 struct iwl_mvm_scan_params *params, 2432 struct ieee80211_vif *vif, 2433 struct iwl_scan_channel_params_v4 *cp, 2434 u32 channel_cfg_flags) 2435 { 2436 cp->flags = iwl_mvm_scan_umac_chan_flags_v2(mvm, params, vif); 2437 cp->count = params->n_channels; 2438 cp->num_of_aps_override = IWL_SCAN_ADWELL_N_APS_GO_FRIENDLY; 2439 2440 iwl_mvm_umac_scan_cfg_channels_v4(mvm, params->channels, cp, 2441 params->n_channels, 2442 channel_cfg_flags, 2443 vif->type); 2444 } 2445 2446 static void 2447 iwl_mvm_scan_umac_fill_ch_p_v7(struct iwl_mvm *mvm, 2448 struct iwl_mvm_scan_params *params, 2449 struct ieee80211_vif *vif, 2450 struct iwl_scan_channel_params_v7 *cp, 2451 u32 channel_cfg_flags, 2452 u32 version) 2453 { 2454 cp->flags = iwl_mvm_scan_umac_chan_flags_v2(mvm, params, vif); 2455 cp->count = params->n_channels; 2456 cp->n_aps_override[0] = IWL_SCAN_ADWELL_N_APS_GO_FRIENDLY; 2457 cp->n_aps_override[1] = IWL_SCAN_ADWELL_N_APS_SOCIAL_CHS; 2458 2459 iwl_mvm_umac_scan_cfg_channels_v7(mvm, params->channels, cp, 2460 params->n_channels, 2461 channel_cfg_flags, 2462 vif->type, version); 2463 2464 if (params->enable_6ghz_passive) { 2465 struct ieee80211_supported_band *sband = 2466 &mvm->nvm_data->bands[NL80211_BAND_6GHZ]; 2467 u32 i; 2468 2469 for (i = 0; i < sband->n_channels; i++) { 2470 struct ieee80211_channel *channel = 2471 &sband->channels[i]; 2472 2473 struct iwl_scan_channel_cfg_umac *cfg = 2474 &cp->channel_config[cp->count]; 2475 2476 if (!cfg80211_channel_is_psc(channel)) 2477 continue; 2478 2479 cfg->channel_num = channel->hw_value; 2480 cfg->v5.iter_count = 1; 2481 cfg->v5.iter_interval = 0; 2482 2483 if (version < 17) { 2484 cfg->flags = 0; 2485 cfg->v2.band = PHY_BAND_6; 2486 } else { 2487 cfg->flags = cpu_to_le32(PHY_BAND_6 << 2488 IWL_CHAN_CFG_FLAGS_BAND_POS); 2489 cfg->v5.psd_20 = 2490 IEEE80211_RNR_TBTT_PARAMS_PSD_RESERVED; 2491 } 2492 cp->count++; 2493 } 2494 } 2495 } 2496 2497 static int iwl_mvm_scan_umac_v12(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 2498 struct iwl_mvm_scan_params *params, int type, 2499 int uid) 2500 { 2501 struct iwl_scan_req_umac_v12 *cmd = mvm->scan_cmd; 2502 struct iwl_scan_req_params_v12 *scan_p = &cmd->scan_params; 2503 int ret; 2504 u16 gen_flags; 2505 2506 cmd->ooc_priority = cpu_to_le32(iwl_mvm_scan_umac_ooc_priority(type)); 2507 cmd->uid = cpu_to_le32(uid); 2508 2509 gen_flags = iwl_mvm_scan_umac_flags_v2(mvm, params, vif, type); 2510 iwl_mvm_scan_umac_fill_general_p_v12(mvm, params, vif, 2511 &scan_p->general_params, 2512 gen_flags, 0, 12); 2513 2514 ret = iwl_mvm_fill_scan_sched_params(params, 2515 scan_p->periodic_params.schedule, 2516 &scan_p->periodic_params.delay); 2517 if (ret) 2518 return ret; 2519 2520 iwl_mvm_scan_umac_fill_probe_p_v3(params, &scan_p->probe_params); 2521 iwl_mvm_scan_umac_fill_ch_p_v4(mvm, params, vif, 2522 &scan_p->channel_params, 0); 2523 2524 return 0; 2525 } 2526 2527 static int iwl_mvm_scan_umac_v14_and_above(struct iwl_mvm *mvm, 2528 struct ieee80211_vif *vif, 2529 struct iwl_mvm_scan_params *params, 2530 int type, int uid, u32 version) 2531 { 2532 struct iwl_scan_req_umac_v17 *cmd = mvm->scan_cmd; 2533 struct iwl_scan_req_params_v17 *scan_p = &cmd->scan_params; 2534 struct iwl_scan_channel_params_v7 *cp = &scan_p->channel_params; 2535 struct iwl_scan_probe_params_v4 *pb = &scan_p->probe_params; 2536 int ret; 2537 u16 gen_flags; 2538 u8 gen_flags2; 2539 u32 bitmap_ssid = 0; 2540 2541 cmd->ooc_priority = cpu_to_le32(iwl_mvm_scan_umac_ooc_priority(type)); 2542 cmd->uid = cpu_to_le32(uid); 2543 2544 gen_flags = iwl_mvm_scan_umac_flags_v2(mvm, params, vif, type); 2545 2546 if (version >= 15) 2547 gen_flags2 = iwl_mvm_scan_umac_flags2(mvm, params, vif, type, 2548 gen_flags); 2549 else 2550 gen_flags2 = 0; 2551 2552 iwl_mvm_scan_umac_fill_general_p_v12(mvm, params, vif, 2553 &scan_p->general_params, 2554 gen_flags, gen_flags2, version); 2555 2556 ret = iwl_mvm_fill_scan_sched_params(params, 2557 scan_p->periodic_params.schedule, 2558 &scan_p->periodic_params.delay); 2559 if (ret) 2560 return ret; 2561 2562 if (!params->scan_6ghz) { 2563 iwl_mvm_scan_umac_fill_probe_p_v4(params, 2564 &scan_p->probe_params, 2565 &bitmap_ssid); 2566 iwl_mvm_scan_umac_fill_ch_p_v7(mvm, params, vif, 2567 &scan_p->channel_params, 2568 bitmap_ssid, 2569 version); 2570 return 0; 2571 } else { 2572 pb->preq = params->preq; 2573 } 2574 2575 cp->flags = iwl_mvm_scan_umac_chan_flags_v2(mvm, params, vif); 2576 cp->n_aps_override[0] = IWL_SCAN_ADWELL_N_APS_GO_FRIENDLY; 2577 cp->n_aps_override[1] = IWL_SCAN_ADWELL_N_APS_SOCIAL_CHS; 2578 2579 iwl_mvm_umac_scan_fill_6g_chan_list(mvm, params, pb); 2580 2581 cp->count = iwl_mvm_umac_scan_cfg_channels_v7_6g(mvm, params, 2582 params->n_channels, 2583 pb, cp, vif->type, 2584 version); 2585 if (!cp->count) 2586 return -EINVAL; 2587 2588 if (!params->n_ssids || 2589 (params->n_ssids == 1 && !params->ssids[0].ssid_len)) 2590 cp->flags |= IWL_SCAN_CHANNEL_FLAG_6G_PSC_NO_FILTER; 2591 2592 return 0; 2593 } 2594 2595 static int iwl_mvm_scan_umac_v14(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 2596 struct iwl_mvm_scan_params *params, int type, 2597 int uid) 2598 { 2599 return iwl_mvm_scan_umac_v14_and_above(mvm, vif, params, type, uid, 14); 2600 } 2601 2602 static int iwl_mvm_scan_umac_v15(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 2603 struct iwl_mvm_scan_params *params, int type, 2604 int uid) 2605 { 2606 return iwl_mvm_scan_umac_v14_and_above(mvm, vif, params, type, uid, 15); 2607 } 2608 2609 static int iwl_mvm_scan_umac_v16(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 2610 struct iwl_mvm_scan_params *params, int type, 2611 int uid) 2612 { 2613 return iwl_mvm_scan_umac_v14_and_above(mvm, vif, params, type, uid, 16); 2614 } 2615 2616 static int iwl_mvm_scan_umac_v17(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 2617 struct iwl_mvm_scan_params *params, int type, 2618 int uid) 2619 { 2620 return iwl_mvm_scan_umac_v14_and_above(mvm, vif, params, type, uid, 17); 2621 } 2622 2623 static int iwl_mvm_num_scans(struct iwl_mvm *mvm) 2624 { 2625 return hweight32(mvm->scan_status & IWL_MVM_SCAN_MASK); 2626 } 2627 2628 static int iwl_mvm_check_running_scans(struct iwl_mvm *mvm, int type) 2629 { 2630 bool unified_image = fw_has_capa(&mvm->fw->ucode_capa, 2631 IWL_UCODE_TLV_CAPA_CNSLDTD_D3_D0_IMG); 2632 2633 /* This looks a bit arbitrary, but the idea is that if we run 2634 * out of possible simultaneous scans and the userspace is 2635 * trying to run a scan type that is already running, we 2636 * return -EBUSY. But if the userspace wants to start a 2637 * different type of scan, we stop the opposite type to make 2638 * space for the new request. The reason is backwards 2639 * compatibility with old wpa_supplicant that wouldn't stop a 2640 * scheduled scan before starting a normal scan. 2641 */ 2642 2643 /* FW supports only a single periodic scan */ 2644 if ((type == IWL_MVM_SCAN_SCHED || type == IWL_MVM_SCAN_NETDETECT) && 2645 mvm->scan_status & (IWL_MVM_SCAN_SCHED | IWL_MVM_SCAN_NETDETECT)) 2646 return -EBUSY; 2647 2648 if (iwl_mvm_num_scans(mvm) < mvm->max_scans) 2649 return 0; 2650 2651 /* Use a switch, even though this is a bitmask, so that more 2652 * than one bits set will fall in default and we will warn. 2653 */ 2654 switch (type) { 2655 case IWL_MVM_SCAN_REGULAR: 2656 if (mvm->scan_status & IWL_MVM_SCAN_REGULAR_MASK) 2657 return -EBUSY; 2658 return iwl_mvm_scan_stop(mvm, IWL_MVM_SCAN_SCHED, true); 2659 case IWL_MVM_SCAN_SCHED: 2660 if (mvm->scan_status & IWL_MVM_SCAN_SCHED_MASK) 2661 return -EBUSY; 2662 return iwl_mvm_scan_stop(mvm, IWL_MVM_SCAN_REGULAR, true); 2663 case IWL_MVM_SCAN_NETDETECT: 2664 /* For non-unified images, there's no need to stop 2665 * anything for net-detect since the firmware is 2666 * restarted anyway. This way, any sched scans that 2667 * were running will be restarted when we resume. 2668 */ 2669 if (!unified_image) 2670 return 0; 2671 2672 /* If this is a unified image and we ran out of scans, 2673 * we need to stop something. Prefer stopping regular 2674 * scans, because the results are useless at this 2675 * point, and we should be able to keep running 2676 * another scheduled scan while suspended. 2677 */ 2678 if (mvm->scan_status & IWL_MVM_SCAN_REGULAR_MASK) 2679 return iwl_mvm_scan_stop(mvm, IWL_MVM_SCAN_REGULAR, 2680 true); 2681 if (mvm->scan_status & IWL_MVM_SCAN_SCHED_MASK) 2682 return iwl_mvm_scan_stop(mvm, IWL_MVM_SCAN_SCHED, 2683 true); 2684 /* Something is wrong if no scan was running but we 2685 * ran out of scans. 2686 */ 2687 fallthrough; 2688 default: 2689 WARN_ON(1); 2690 break; 2691 } 2692 2693 return -EIO; 2694 } 2695 2696 #define SCAN_TIMEOUT 30000 2697 2698 void iwl_mvm_scan_timeout_wk(struct work_struct *work) 2699 { 2700 struct delayed_work *delayed_work = to_delayed_work(work); 2701 struct iwl_mvm *mvm = container_of(delayed_work, struct iwl_mvm, 2702 scan_timeout_dwork); 2703 2704 IWL_ERR(mvm, "regular scan timed out\n"); 2705 2706 iwl_force_nmi(mvm->trans); 2707 } 2708 2709 static void iwl_mvm_fill_scan_type(struct iwl_mvm *mvm, 2710 struct iwl_mvm_scan_params *params, 2711 struct ieee80211_vif *vif) 2712 { 2713 if (iwl_mvm_is_cdb_supported(mvm)) { 2714 params->type = 2715 iwl_mvm_get_scan_type_band(mvm, vif, 2716 NL80211_BAND_2GHZ); 2717 params->hb_type = 2718 iwl_mvm_get_scan_type_band(mvm, vif, 2719 NL80211_BAND_5GHZ); 2720 } else { 2721 params->type = iwl_mvm_get_scan_type(mvm, vif); 2722 } 2723 } 2724 2725 struct iwl_scan_umac_handler { 2726 u8 version; 2727 int (*handler)(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 2728 struct iwl_mvm_scan_params *params, int type, int uid); 2729 }; 2730 2731 #define IWL_SCAN_UMAC_HANDLER(_ver) { \ 2732 .version = _ver, \ 2733 .handler = iwl_mvm_scan_umac_v##_ver, \ 2734 } 2735 2736 static const struct iwl_scan_umac_handler iwl_scan_umac_handlers[] = { 2737 /* set the newest version first to shorten the list traverse time */ 2738 IWL_SCAN_UMAC_HANDLER(17), 2739 IWL_SCAN_UMAC_HANDLER(16), 2740 IWL_SCAN_UMAC_HANDLER(15), 2741 IWL_SCAN_UMAC_HANDLER(14), 2742 IWL_SCAN_UMAC_HANDLER(12), 2743 }; 2744 2745 static void iwl_mvm_mei_scan_work(struct work_struct *wk) 2746 { 2747 struct iwl_mei_scan_filter *scan_filter = 2748 container_of(wk, struct iwl_mei_scan_filter, scan_work); 2749 struct iwl_mvm *mvm = 2750 container_of(scan_filter, struct iwl_mvm, mei_scan_filter); 2751 struct iwl_mvm_csme_conn_info *info; 2752 struct sk_buff *skb; 2753 u8 bssid[ETH_ALEN]; 2754 2755 mutex_lock(&mvm->mutex); 2756 info = iwl_mvm_get_csme_conn_info(mvm); 2757 memcpy(bssid, info->conn_info.bssid, ETH_ALEN); 2758 mutex_unlock(&mvm->mutex); 2759 2760 while ((skb = skb_dequeue(&scan_filter->scan_res))) { 2761 struct ieee80211_mgmt *mgmt = (void *)skb->data; 2762 2763 if (!memcmp(mgmt->bssid, bssid, ETH_ALEN)) 2764 ieee80211_rx_irqsafe(mvm->hw, skb); 2765 else 2766 kfree_skb(skb); 2767 } 2768 } 2769 2770 void iwl_mvm_mei_scan_filter_init(struct iwl_mei_scan_filter *mei_scan_filter) 2771 { 2772 skb_queue_head_init(&mei_scan_filter->scan_res); 2773 INIT_WORK(&mei_scan_filter->scan_work, iwl_mvm_mei_scan_work); 2774 } 2775 2776 /* In case CSME is connected and has link protection set, this function will 2777 * override the scan request to scan only the associated channel and only for 2778 * the associated SSID. 2779 */ 2780 static void iwl_mvm_mei_limited_scan(struct iwl_mvm *mvm, 2781 struct iwl_mvm_scan_params *params) 2782 { 2783 struct iwl_mvm_csme_conn_info *info = iwl_mvm_get_csme_conn_info(mvm); 2784 struct iwl_mei_conn_info *conn_info; 2785 struct ieee80211_channel *chan; 2786 int scan_iters, i; 2787 2788 if (!info) { 2789 IWL_DEBUG_SCAN(mvm, "mei_limited_scan: no connection info\n"); 2790 return; 2791 } 2792 2793 conn_info = &info->conn_info; 2794 if (!info->conn_info.lp_state || !info->conn_info.ssid_len) 2795 return; 2796 2797 if (!params->n_channels || !params->n_ssids) 2798 return; 2799 2800 mvm->mei_scan_filter.is_mei_limited_scan = true; 2801 2802 chan = ieee80211_get_channel(mvm->hw->wiphy, 2803 ieee80211_channel_to_frequency(conn_info->channel, 2804 conn_info->band)); 2805 if (!chan) { 2806 IWL_DEBUG_SCAN(mvm, 2807 "Failed to get CSME channel (chan=%u band=%u)\n", 2808 conn_info->channel, conn_info->band); 2809 return; 2810 } 2811 2812 /* The mei filtered scan must find the AP, otherwise CSME will 2813 * take the NIC ownership. Add several iterations on the channel to 2814 * make the scan more robust. 2815 */ 2816 scan_iters = min(IWL_MEI_SCAN_NUM_ITER, params->n_channels); 2817 params->n_channels = scan_iters; 2818 for (i = 0; i < scan_iters; i++) 2819 params->channels[i] = chan; 2820 2821 IWL_DEBUG_SCAN(mvm, "Mei scan: num iterations=%u\n", scan_iters); 2822 2823 params->n_ssids = 1; 2824 params->ssids[0].ssid_len = conn_info->ssid_len; 2825 memcpy(params->ssids[0].ssid, conn_info->ssid, conn_info->ssid_len); 2826 } 2827 2828 static int iwl_mvm_build_scan_cmd(struct iwl_mvm *mvm, 2829 struct ieee80211_vif *vif, 2830 struct iwl_host_cmd *hcmd, 2831 struct iwl_mvm_scan_params *params, 2832 int type) 2833 { 2834 int uid, i, err; 2835 u8 scan_ver; 2836 2837 lockdep_assert_held(&mvm->mutex); 2838 memset(mvm->scan_cmd, 0, mvm->scan_cmd_size); 2839 2840 iwl_mvm_mei_limited_scan(mvm, params); 2841 2842 if (!fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_UMAC_SCAN)) { 2843 hcmd->id = SCAN_OFFLOAD_REQUEST_CMD; 2844 2845 return iwl_mvm_scan_lmac(mvm, vif, params); 2846 } 2847 2848 uid = iwl_mvm_scan_uid_by_status(mvm, 0); 2849 if (uid < 0) 2850 return uid; 2851 2852 hcmd->id = WIDE_ID(IWL_ALWAYS_LONG_GROUP, SCAN_REQ_UMAC); 2853 2854 scan_ver = iwl_fw_lookup_cmd_ver(mvm->fw, SCAN_REQ_UMAC, 2855 IWL_FW_CMD_VER_UNKNOWN); 2856 2857 for (i = 0; i < ARRAY_SIZE(iwl_scan_umac_handlers); i++) { 2858 const struct iwl_scan_umac_handler *ver_handler = 2859 &iwl_scan_umac_handlers[i]; 2860 2861 if (ver_handler->version != scan_ver) 2862 continue; 2863 2864 err = ver_handler->handler(mvm, vif, params, type, uid); 2865 return err ? : uid; 2866 } 2867 2868 err = iwl_mvm_scan_umac(mvm, vif, params, type, uid); 2869 if (err) 2870 return err; 2871 2872 return uid; 2873 } 2874 2875 struct iwl_mvm_scan_respect_p2p_go_iter_data { 2876 struct ieee80211_vif *current_vif; 2877 bool p2p_go; 2878 enum nl80211_band band; 2879 }; 2880 2881 static void iwl_mvm_scan_respect_p2p_go_iter(void *_data, u8 *mac, 2882 struct ieee80211_vif *vif) 2883 { 2884 struct iwl_mvm_scan_respect_p2p_go_iter_data *data = _data; 2885 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 2886 2887 /* exclude the given vif */ 2888 if (vif == data->current_vif) 2889 return; 2890 2891 if (ieee80211_vif_type_p2p(vif) == NL80211_IFTYPE_P2P_GO) { 2892 u32 link_id; 2893 2894 for (link_id = 0; 2895 link_id < ARRAY_SIZE(mvmvif->link); 2896 link_id++) { 2897 struct iwl_mvm_vif_link_info *link = 2898 mvmvif->link[link_id]; 2899 2900 if (link && link->phy_ctxt->id < NUM_PHY_CTX && 2901 (data->band == NUM_NL80211_BANDS || 2902 link->phy_ctxt->channel->band == data->band)) { 2903 data->p2p_go = true; 2904 break; 2905 } 2906 } 2907 } 2908 } 2909 2910 static bool _iwl_mvm_get_respect_p2p_go(struct iwl_mvm *mvm, 2911 struct ieee80211_vif *vif, 2912 bool low_latency, 2913 enum nl80211_band band) 2914 { 2915 struct iwl_mvm_scan_respect_p2p_go_iter_data data = { 2916 .current_vif = vif, 2917 .p2p_go = false, 2918 .band = band, 2919 }; 2920 2921 if (!low_latency) 2922 return false; 2923 2924 ieee80211_iterate_active_interfaces_atomic(mvm->hw, 2925 IEEE80211_IFACE_ITER_NORMAL, 2926 iwl_mvm_scan_respect_p2p_go_iter, 2927 &data); 2928 2929 return data.p2p_go; 2930 } 2931 2932 static bool iwl_mvm_get_respect_p2p_go_band(struct iwl_mvm *mvm, 2933 struct ieee80211_vif *vif, 2934 enum nl80211_band band) 2935 { 2936 bool low_latency = iwl_mvm_low_latency_band(mvm, band); 2937 2938 return _iwl_mvm_get_respect_p2p_go(mvm, vif, low_latency, band); 2939 } 2940 2941 static bool iwl_mvm_get_respect_p2p_go(struct iwl_mvm *mvm, 2942 struct ieee80211_vif *vif) 2943 { 2944 bool low_latency = iwl_mvm_low_latency(mvm); 2945 2946 return _iwl_mvm_get_respect_p2p_go(mvm, vif, low_latency, 2947 NUM_NL80211_BANDS); 2948 } 2949 2950 static void iwl_mvm_fill_respect_p2p_go(struct iwl_mvm *mvm, 2951 struct iwl_mvm_scan_params *params, 2952 struct ieee80211_vif *vif) 2953 { 2954 if (iwl_mvm_is_cdb_supported(mvm)) { 2955 params->respect_p2p_go = 2956 iwl_mvm_get_respect_p2p_go_band(mvm, vif, 2957 NL80211_BAND_2GHZ); 2958 params->respect_p2p_go_hb = 2959 iwl_mvm_get_respect_p2p_go_band(mvm, vif, 2960 NL80211_BAND_5GHZ); 2961 } else { 2962 params->respect_p2p_go = iwl_mvm_get_respect_p2p_go(mvm, vif); 2963 } 2964 } 2965 2966 static int _iwl_mvm_single_scan_start(struct iwl_mvm *mvm, 2967 struct ieee80211_vif *vif, 2968 struct cfg80211_scan_request *req, 2969 struct ieee80211_scan_ies *ies, 2970 int type) 2971 { 2972 struct iwl_host_cmd hcmd = { 2973 .len = { iwl_mvm_scan_size(mvm), }, 2974 .data = { mvm->scan_cmd, }, 2975 .dataflags = { IWL_HCMD_DFL_NOCOPY, }, 2976 }; 2977 struct iwl_mvm_scan_params params = {}; 2978 int ret, uid; 2979 struct cfg80211_sched_scan_plan scan_plan = { .iterations = 1 }; 2980 2981 lockdep_assert_held(&mvm->mutex); 2982 2983 if (iwl_mvm_is_lar_supported(mvm) && !mvm->lar_regdom_set) { 2984 IWL_ERR(mvm, "scan while LAR regdomain is not set\n"); 2985 return -EBUSY; 2986 } 2987 2988 ret = iwl_mvm_check_running_scans(mvm, type); 2989 if (ret) 2990 return ret; 2991 2992 /* we should have failed registration if scan_cmd was NULL */ 2993 if (WARN_ON(!mvm->scan_cmd)) 2994 return -ENOMEM; 2995 2996 if (!iwl_mvm_scan_fits(mvm, req->n_ssids, ies, req->n_channels)) 2997 return -ENOBUFS; 2998 2999 params.n_ssids = req->n_ssids; 3000 params.flags = req->flags; 3001 params.n_channels = req->n_channels; 3002 params.delay = 0; 3003 params.ssids = req->ssids; 3004 params.channels = req->channels; 3005 params.mac_addr = req->mac_addr; 3006 params.mac_addr_mask = req->mac_addr_mask; 3007 params.no_cck = req->no_cck; 3008 params.pass_all = true; 3009 params.n_match_sets = 0; 3010 params.match_sets = NULL; 3011 ether_addr_copy(params.bssid, req->bssid); 3012 3013 params.scan_plans = &scan_plan; 3014 params.n_scan_plans = 1; 3015 3016 params.n_6ghz_params = req->n_6ghz_params; 3017 params.scan_6ghz_params = req->scan_6ghz_params; 3018 params.scan_6ghz = req->scan_6ghz; 3019 iwl_mvm_fill_scan_type(mvm, ¶ms, vif); 3020 iwl_mvm_fill_respect_p2p_go(mvm, ¶ms, vif); 3021 3022 if (req->duration) 3023 params.iter_notif = true; 3024 3025 params.tsf_report_link_id = req->tsf_report_link_id; 3026 if (params.tsf_report_link_id < 0) { 3027 if (vif->active_links) 3028 params.tsf_report_link_id = __ffs(vif->active_links); 3029 else 3030 params.tsf_report_link_id = 0; 3031 } 3032 3033 iwl_mvm_build_scan_probe(mvm, vif, ies, ¶ms); 3034 3035 iwl_mvm_scan_6ghz_passive_scan(mvm, ¶ms, vif); 3036 3037 uid = iwl_mvm_build_scan_cmd(mvm, vif, &hcmd, ¶ms, type); 3038 3039 if (uid < 0) 3040 return uid; 3041 3042 iwl_mvm_pause_tcm(mvm, false); 3043 3044 ret = iwl_mvm_send_cmd(mvm, &hcmd); 3045 if (ret) { 3046 /* If the scan failed, it usually means that the FW was unable 3047 * to allocate the time events. Warn on it, but maybe we 3048 * should try to send the command again with different params. 3049 */ 3050 IWL_ERR(mvm, "Scan failed! ret %d\n", ret); 3051 iwl_mvm_resume_tcm(mvm); 3052 return ret; 3053 } 3054 3055 IWL_DEBUG_SCAN(mvm, "Scan request send success: type=%u, uid=%u\n", 3056 type, uid); 3057 3058 mvm->scan_uid_status[uid] = type; 3059 mvm->scan_status |= type; 3060 3061 if (type == IWL_MVM_SCAN_REGULAR) { 3062 mvm->scan_vif = iwl_mvm_vif_from_mac80211(vif); 3063 schedule_delayed_work(&mvm->scan_timeout_dwork, 3064 msecs_to_jiffies(SCAN_TIMEOUT)); 3065 } 3066 3067 if (params.enable_6ghz_passive) 3068 mvm->last_6ghz_passive_scan_jiffies = jiffies; 3069 3070 return 0; 3071 } 3072 3073 int iwl_mvm_reg_scan_start(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 3074 struct cfg80211_scan_request *req, 3075 struct ieee80211_scan_ies *ies) 3076 { 3077 return _iwl_mvm_single_scan_start(mvm, vif, req, ies, 3078 IWL_MVM_SCAN_REGULAR); 3079 } 3080 3081 int iwl_mvm_sched_scan_start(struct iwl_mvm *mvm, 3082 struct ieee80211_vif *vif, 3083 struct cfg80211_sched_scan_request *req, 3084 struct ieee80211_scan_ies *ies, 3085 int type) 3086 { 3087 struct iwl_host_cmd hcmd = { 3088 .len = { iwl_mvm_scan_size(mvm), }, 3089 .data = { mvm->scan_cmd, }, 3090 .dataflags = { IWL_HCMD_DFL_NOCOPY, }, 3091 }; 3092 struct iwl_mvm_scan_params params = {}; 3093 int ret, uid; 3094 int i, j; 3095 bool non_psc_included = false; 3096 3097 lockdep_assert_held(&mvm->mutex); 3098 3099 if (iwl_mvm_is_lar_supported(mvm) && !mvm->lar_regdom_set) { 3100 IWL_ERR(mvm, "sched-scan while LAR regdomain is not set\n"); 3101 return -EBUSY; 3102 } 3103 3104 ret = iwl_mvm_check_running_scans(mvm, type); 3105 if (ret) 3106 return ret; 3107 3108 /* we should have failed registration if scan_cmd was NULL */ 3109 if (WARN_ON(!mvm->scan_cmd)) 3110 return -ENOMEM; 3111 3112 3113 params.n_ssids = req->n_ssids; 3114 params.flags = req->flags; 3115 params.n_channels = req->n_channels; 3116 params.ssids = req->ssids; 3117 params.channels = req->channels; 3118 params.mac_addr = req->mac_addr; 3119 params.mac_addr_mask = req->mac_addr_mask; 3120 params.no_cck = false; 3121 params.pass_all = iwl_mvm_scan_pass_all(mvm, req); 3122 params.n_match_sets = req->n_match_sets; 3123 params.match_sets = req->match_sets; 3124 eth_broadcast_addr(params.bssid); 3125 if (!req->n_scan_plans) 3126 return -EINVAL; 3127 3128 params.n_scan_plans = req->n_scan_plans; 3129 params.scan_plans = req->scan_plans; 3130 3131 iwl_mvm_fill_scan_type(mvm, ¶ms, vif); 3132 iwl_mvm_fill_respect_p2p_go(mvm, ¶ms, vif); 3133 3134 /* In theory, LMAC scans can handle a 32-bit delay, but since 3135 * waiting for over 18 hours to start the scan is a bit silly 3136 * and to keep it aligned with UMAC scans (which only support 3137 * 16-bit delays), trim it down to 16-bits. 3138 */ 3139 if (req->delay > U16_MAX) { 3140 IWL_DEBUG_SCAN(mvm, 3141 "delay value is > 16-bits, set to max possible\n"); 3142 params.delay = U16_MAX; 3143 } else { 3144 params.delay = req->delay; 3145 } 3146 3147 ret = iwl_mvm_config_sched_scan_profiles(mvm, req); 3148 if (ret) 3149 return ret; 3150 3151 iwl_mvm_build_scan_probe(mvm, vif, ies, ¶ms); 3152 3153 /* for 6 GHZ band only PSC channels need to be added */ 3154 for (i = 0; i < params.n_channels; i++) { 3155 struct ieee80211_channel *channel = params.channels[i]; 3156 3157 if (channel->band == NL80211_BAND_6GHZ && 3158 !cfg80211_channel_is_psc(channel)) { 3159 non_psc_included = true; 3160 break; 3161 } 3162 } 3163 3164 if (non_psc_included) { 3165 params.channels = kmemdup(params.channels, 3166 sizeof(params.channels[0]) * 3167 params.n_channels, 3168 GFP_KERNEL); 3169 if (!params.channels) 3170 return -ENOMEM; 3171 3172 for (i = j = 0; i < params.n_channels; i++) { 3173 if (params.channels[i]->band == NL80211_BAND_6GHZ && 3174 !cfg80211_channel_is_psc(params.channels[i])) 3175 continue; 3176 params.channels[j++] = params.channels[i]; 3177 } 3178 params.n_channels = j; 3179 } 3180 3181 if (!iwl_mvm_scan_fits(mvm, req->n_ssids, ies, params.n_channels)) { 3182 ret = -ENOBUFS; 3183 goto out; 3184 } 3185 3186 uid = iwl_mvm_build_scan_cmd(mvm, vif, &hcmd, ¶ms, type); 3187 if (uid < 0) { 3188 ret = uid; 3189 goto out; 3190 } 3191 3192 ret = iwl_mvm_send_cmd(mvm, &hcmd); 3193 if (!ret) { 3194 IWL_DEBUG_SCAN(mvm, 3195 "Sched scan request send success: type=%u, uid=%u\n", 3196 type, uid); 3197 mvm->scan_uid_status[uid] = type; 3198 mvm->scan_status |= type; 3199 } else { 3200 /* If the scan failed, it usually means that the FW was unable 3201 * to allocate the time events. Warn on it, but maybe we 3202 * should try to send the command again with different params. 3203 */ 3204 IWL_ERR(mvm, "Sched scan failed! ret %d\n", ret); 3205 mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED; 3206 } 3207 3208 out: 3209 if (non_psc_included) 3210 kfree(params.channels); 3211 return ret; 3212 } 3213 3214 void iwl_mvm_rx_umac_scan_complete_notif(struct iwl_mvm *mvm, 3215 struct iwl_rx_cmd_buffer *rxb) 3216 { 3217 struct iwl_rx_packet *pkt = rxb_addr(rxb); 3218 struct iwl_umac_scan_complete *notif = (void *)pkt->data; 3219 u32 uid = __le32_to_cpu(notif->uid); 3220 bool aborted = (notif->status == IWL_SCAN_OFFLOAD_ABORTED); 3221 3222 mvm->mei_scan_filter.is_mei_limited_scan = false; 3223 3224 IWL_DEBUG_SCAN(mvm, 3225 "Scan completed: uid=%u type=%u, status=%s, EBS=%s\n", 3226 uid, mvm->scan_uid_status[uid], 3227 notif->status == IWL_SCAN_OFFLOAD_COMPLETED ? 3228 "completed" : "aborted", 3229 iwl_mvm_ebs_status_str(notif->ebs_status)); 3230 3231 IWL_DEBUG_SCAN(mvm, "Scan completed: scan_status=0x%x\n", 3232 mvm->scan_status); 3233 3234 IWL_DEBUG_SCAN(mvm, 3235 "Scan completed: line=%u, iter=%u, elapsed time=%u\n", 3236 notif->last_schedule, notif->last_iter, 3237 __le32_to_cpu(notif->time_from_last_iter)); 3238 3239 if (WARN_ON(!(mvm->scan_uid_status[uid] & mvm->scan_status))) 3240 return; 3241 3242 /* if the scan is already stopping, we don't need to notify mac80211 */ 3243 if (mvm->scan_uid_status[uid] == IWL_MVM_SCAN_REGULAR) { 3244 struct cfg80211_scan_info info = { 3245 .aborted = aborted, 3246 .scan_start_tsf = mvm->scan_start, 3247 }; 3248 struct iwl_mvm_vif *scan_vif = mvm->scan_vif; 3249 struct iwl_mvm_vif_link_info *link_info = 3250 scan_vif->link[mvm->scan_link_id]; 3251 3252 /* It is possible that by the time the scan is complete the link 3253 * was already removed and is not valid. 3254 */ 3255 if (link_info) 3256 memcpy(info.tsf_bssid, link_info->bssid, ETH_ALEN); 3257 else 3258 IWL_DEBUG_SCAN(mvm, "Scan link is no longer valid\n"); 3259 3260 ieee80211_scan_completed(mvm->hw, &info); 3261 mvm->scan_vif = NULL; 3262 cancel_delayed_work(&mvm->scan_timeout_dwork); 3263 iwl_mvm_resume_tcm(mvm); 3264 } else if (mvm->scan_uid_status[uid] == IWL_MVM_SCAN_SCHED) { 3265 ieee80211_sched_scan_stopped(mvm->hw); 3266 mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED; 3267 } 3268 3269 mvm->scan_status &= ~mvm->scan_uid_status[uid]; 3270 3271 IWL_DEBUG_SCAN(mvm, "Scan completed: after update: scan_status=0x%x\n", 3272 mvm->scan_status); 3273 3274 if (notif->ebs_status != IWL_SCAN_EBS_SUCCESS && 3275 notif->ebs_status != IWL_SCAN_EBS_INACTIVE) 3276 mvm->last_ebs_successful = false; 3277 3278 mvm->scan_uid_status[uid] = 0; 3279 } 3280 3281 void iwl_mvm_rx_umac_scan_iter_complete_notif(struct iwl_mvm *mvm, 3282 struct iwl_rx_cmd_buffer *rxb) 3283 { 3284 struct iwl_rx_packet *pkt = rxb_addr(rxb); 3285 struct iwl_umac_scan_iter_complete_notif *notif = (void *)pkt->data; 3286 3287 mvm->scan_start = le64_to_cpu(notif->start_tsf); 3288 3289 IWL_DEBUG_SCAN(mvm, 3290 "UMAC Scan iteration complete: status=0x%x scanned_channels=%d\n", 3291 notif->status, notif->scanned_channels); 3292 3293 if (mvm->sched_scan_pass_all == SCHED_SCAN_PASS_ALL_FOUND) { 3294 IWL_DEBUG_SCAN(mvm, "Pass all scheduled scan results found\n"); 3295 ieee80211_sched_scan_results(mvm->hw); 3296 mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_ENABLED; 3297 } 3298 3299 IWL_DEBUG_SCAN(mvm, 3300 "UMAC Scan iteration complete: scan started at %llu (TSF)\n", 3301 mvm->scan_start); 3302 } 3303 3304 static int iwl_mvm_umac_scan_abort(struct iwl_mvm *mvm, int type, bool *wait) 3305 { 3306 struct iwl_umac_scan_abort abort_cmd = {}; 3307 struct iwl_host_cmd cmd = { 3308 .id = WIDE_ID(IWL_ALWAYS_LONG_GROUP, SCAN_ABORT_UMAC), 3309 .len = { sizeof(abort_cmd), }, 3310 .data = { &abort_cmd, }, 3311 .flags = CMD_SEND_IN_RFKILL, 3312 }; 3313 3314 int uid, ret; 3315 u32 status = IWL_UMAC_SCAN_ABORT_STATUS_NOT_FOUND; 3316 3317 lockdep_assert_held(&mvm->mutex); 3318 3319 *wait = true; 3320 3321 /* We should always get a valid index here, because we already 3322 * checked that this type of scan was running in the generic 3323 * code. 3324 */ 3325 uid = iwl_mvm_scan_uid_by_status(mvm, type); 3326 if (WARN_ON_ONCE(uid < 0)) 3327 return uid; 3328 3329 abort_cmd.uid = cpu_to_le32(uid); 3330 3331 IWL_DEBUG_SCAN(mvm, "Sending scan abort, uid %u\n", uid); 3332 3333 ret = iwl_mvm_send_cmd_status(mvm, &cmd, &status); 3334 3335 IWL_DEBUG_SCAN(mvm, "Scan abort: ret=%d, status=%u\n", ret, status); 3336 if (!ret) 3337 mvm->scan_uid_status[uid] = type << IWL_MVM_SCAN_STOPPING_SHIFT; 3338 3339 /* Handle the case that the FW is no longer familiar with the scan that 3340 * is to be stopped. In such a case, it is expected that the scan 3341 * complete notification was already received but not yet processed. 3342 * In such a case, there is no need to wait for a scan complete 3343 * notification and the flow should continue similar to the case that 3344 * the scan was really aborted. 3345 */ 3346 if (status == IWL_UMAC_SCAN_ABORT_STATUS_NOT_FOUND) { 3347 mvm->scan_uid_status[uid] = type << IWL_MVM_SCAN_STOPPING_SHIFT; 3348 *wait = false; 3349 } 3350 3351 return ret; 3352 } 3353 3354 static int iwl_mvm_scan_stop_wait(struct iwl_mvm *mvm, int type) 3355 { 3356 struct iwl_notification_wait wait_scan_done; 3357 static const u16 scan_done_notif[] = { SCAN_COMPLETE_UMAC, 3358 SCAN_OFFLOAD_COMPLETE, }; 3359 int ret; 3360 bool wait = true; 3361 3362 lockdep_assert_held(&mvm->mutex); 3363 3364 iwl_init_notification_wait(&mvm->notif_wait, &wait_scan_done, 3365 scan_done_notif, 3366 ARRAY_SIZE(scan_done_notif), 3367 NULL, NULL); 3368 3369 IWL_DEBUG_SCAN(mvm, "Preparing to stop scan, type %x\n", type); 3370 3371 if (fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_UMAC_SCAN)) 3372 ret = iwl_mvm_umac_scan_abort(mvm, type, &wait); 3373 else 3374 ret = iwl_mvm_lmac_scan_abort(mvm); 3375 3376 if (ret) { 3377 IWL_DEBUG_SCAN(mvm, "couldn't stop scan type %d\n", type); 3378 iwl_remove_notification(&mvm->notif_wait, &wait_scan_done); 3379 return ret; 3380 } else if (!wait) { 3381 IWL_DEBUG_SCAN(mvm, "no need to wait for scan type %d\n", type); 3382 iwl_remove_notification(&mvm->notif_wait, &wait_scan_done); 3383 return 0; 3384 } 3385 3386 return iwl_wait_notification(&mvm->notif_wait, &wait_scan_done, 3387 1 * HZ); 3388 } 3389 3390 static size_t iwl_scan_req_umac_get_size(u8 scan_ver) 3391 { 3392 switch (scan_ver) { 3393 case 12: 3394 return sizeof(struct iwl_scan_req_umac_v12); 3395 case 14: 3396 case 15: 3397 case 16: 3398 case 17: 3399 return sizeof(struct iwl_scan_req_umac_v17); 3400 } 3401 3402 return 0; 3403 } 3404 3405 size_t iwl_mvm_scan_size(struct iwl_mvm *mvm) 3406 { 3407 int base_size, tail_size; 3408 u8 scan_ver = iwl_fw_lookup_cmd_ver(mvm->fw, SCAN_REQ_UMAC, 3409 IWL_FW_CMD_VER_UNKNOWN); 3410 3411 base_size = iwl_scan_req_umac_get_size(scan_ver); 3412 if (base_size) 3413 return base_size; 3414 3415 3416 if (iwl_mvm_is_adaptive_dwell_v2_supported(mvm)) 3417 base_size = IWL_SCAN_REQ_UMAC_SIZE_V8; 3418 else if (iwl_mvm_is_adaptive_dwell_supported(mvm)) 3419 base_size = IWL_SCAN_REQ_UMAC_SIZE_V7; 3420 else if (iwl_mvm_cdb_scan_api(mvm)) 3421 base_size = IWL_SCAN_REQ_UMAC_SIZE_V6; 3422 else 3423 base_size = IWL_SCAN_REQ_UMAC_SIZE_V1; 3424 3425 if (fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_UMAC_SCAN)) { 3426 if (iwl_mvm_is_scan_ext_chan_supported(mvm)) 3427 tail_size = sizeof(struct iwl_scan_req_umac_tail_v2); 3428 else 3429 tail_size = sizeof(struct iwl_scan_req_umac_tail_v1); 3430 3431 return base_size + 3432 sizeof(struct iwl_scan_channel_cfg_umac) * 3433 mvm->fw->ucode_capa.n_scan_channels + 3434 tail_size; 3435 } 3436 return sizeof(struct iwl_scan_req_lmac) + 3437 sizeof(struct iwl_scan_channel_cfg_lmac) * 3438 mvm->fw->ucode_capa.n_scan_channels + 3439 sizeof(struct iwl_scan_probe_req_v1); 3440 } 3441 3442 /* 3443 * This function is used in nic restart flow, to inform mac80211 about scans 3444 * that was aborted by restart flow or by an assert. 3445 */ 3446 void iwl_mvm_report_scan_aborted(struct iwl_mvm *mvm) 3447 { 3448 if (fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_UMAC_SCAN)) { 3449 int uid, i; 3450 3451 uid = iwl_mvm_scan_uid_by_status(mvm, IWL_MVM_SCAN_REGULAR); 3452 if (uid >= 0) { 3453 struct cfg80211_scan_info info = { 3454 .aborted = true, 3455 }; 3456 3457 cancel_delayed_work(&mvm->scan_timeout_dwork); 3458 3459 ieee80211_scan_completed(mvm->hw, &info); 3460 mvm->scan_uid_status[uid] = 0; 3461 } 3462 uid = iwl_mvm_scan_uid_by_status(mvm, IWL_MVM_SCAN_SCHED); 3463 if (uid >= 0) { 3464 /* Sched scan will be restarted by mac80211 in 3465 * restart_hw, so do not report if FW is about to be 3466 * restarted. 3467 */ 3468 if (!iwlwifi_mod_params.fw_restart) 3469 ieee80211_sched_scan_stopped(mvm->hw); 3470 mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED; 3471 mvm->scan_uid_status[uid] = 0; 3472 } 3473 3474 uid = iwl_mvm_scan_uid_by_status(mvm, 3475 IWL_MVM_SCAN_STOPPING_REGULAR); 3476 if (uid >= 0) 3477 mvm->scan_uid_status[uid] = 0; 3478 3479 uid = iwl_mvm_scan_uid_by_status(mvm, 3480 IWL_MVM_SCAN_STOPPING_SCHED); 3481 if (uid >= 0) 3482 mvm->scan_uid_status[uid] = 0; 3483 3484 uid = iwl_mvm_scan_uid_by_status(mvm, 3485 IWL_MVM_SCAN_STOPPING_INT_MLO); 3486 if (uid >= 0) 3487 mvm->scan_uid_status[uid] = 0; 3488 3489 /* We shouldn't have any UIDs still set. Loop over all the 3490 * UIDs to make sure there's nothing left there and warn if 3491 * any is found. 3492 */ 3493 for (i = 0; i < mvm->max_scans; i++) { 3494 if (WARN_ONCE(mvm->scan_uid_status[i], 3495 "UMAC scan UID %d status was not cleaned\n", 3496 i)) 3497 mvm->scan_uid_status[i] = 0; 3498 } 3499 } else { 3500 if (mvm->scan_status & IWL_MVM_SCAN_REGULAR) { 3501 struct cfg80211_scan_info info = { 3502 .aborted = true, 3503 }; 3504 3505 cancel_delayed_work(&mvm->scan_timeout_dwork); 3506 ieee80211_scan_completed(mvm->hw, &info); 3507 } 3508 3509 /* Sched scan will be restarted by mac80211 in 3510 * restart_hw, so do not report if FW is about to be 3511 * restarted. 3512 */ 3513 if ((mvm->scan_status & IWL_MVM_SCAN_SCHED) && 3514 !iwlwifi_mod_params.fw_restart) { 3515 ieee80211_sched_scan_stopped(mvm->hw); 3516 mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED; 3517 } 3518 } 3519 } 3520 3521 int iwl_mvm_scan_stop(struct iwl_mvm *mvm, int type, bool notify) 3522 { 3523 int ret; 3524 3525 IWL_DEBUG_SCAN(mvm, 3526 "Request to stop scan: type=0x%x, status=0x%x\n", 3527 type, mvm->scan_status); 3528 3529 if (!(mvm->scan_status & type)) 3530 return 0; 3531 3532 if (!iwl_trans_device_enabled(mvm->trans)) { 3533 ret = 0; 3534 goto out; 3535 } 3536 3537 ret = iwl_mvm_scan_stop_wait(mvm, type); 3538 if (!ret) 3539 mvm->scan_status |= type << IWL_MVM_SCAN_STOPPING_SHIFT; 3540 else 3541 IWL_DEBUG_SCAN(mvm, "Failed to stop scan\n"); 3542 3543 out: 3544 /* Clear the scan status so the next scan requests will 3545 * succeed and mark the scan as stopping, so that the Rx 3546 * handler doesn't do anything, as the scan was stopped from 3547 * above. 3548 */ 3549 mvm->scan_status &= ~type; 3550 3551 if (type == IWL_MVM_SCAN_REGULAR) { 3552 cancel_delayed_work(&mvm->scan_timeout_dwork); 3553 if (notify) { 3554 struct cfg80211_scan_info info = { 3555 .aborted = true, 3556 }; 3557 3558 ieee80211_scan_completed(mvm->hw, &info); 3559 } 3560 } else if (notify) { 3561 ieee80211_sched_scan_stopped(mvm->hw); 3562 mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED; 3563 } 3564 3565 return ret; 3566 } 3567 3568 static int iwl_mvm_chanidx_from_phy(struct iwl_mvm *mvm, 3569 enum nl80211_band band, 3570 u16 phy_chan_num) 3571 { 3572 struct ieee80211_supported_band *sband = mvm->hw->wiphy->bands[band]; 3573 int chan_idx; 3574 3575 if (WARN_ON_ONCE(!sband)) 3576 return -EINVAL; 3577 3578 for (chan_idx = 0; chan_idx < sband->n_channels; chan_idx++) { 3579 struct ieee80211_channel *channel = &sband->channels[chan_idx]; 3580 3581 if (channel->hw_value == phy_chan_num) 3582 return chan_idx; 3583 } 3584 3585 return -EINVAL; 3586 } 3587 3588 void iwl_mvm_rx_channel_survey_notif(struct iwl_mvm *mvm, 3589 struct iwl_rx_cmd_buffer *rxb) 3590 { 3591 struct iwl_rx_packet *pkt = rxb_addr(rxb); 3592 const struct iwl_umac_scan_channel_survey_notif *notif = 3593 (void *)pkt->data; 3594 struct iwl_mvm_acs_survey_channel *info; 3595 enum nl80211_band band; 3596 int chan_idx; 3597 3598 lockdep_assert_held(&mvm->mutex); 3599 3600 if (!mvm->acs_survey) { 3601 size_t n_channels = 0; 3602 3603 for (band = 0; band < NUM_NL80211_BANDS; band++) { 3604 if (!mvm->hw->wiphy->bands[band]) 3605 continue; 3606 3607 n_channels += mvm->hw->wiphy->bands[band]->n_channels; 3608 } 3609 3610 mvm->acs_survey = kzalloc(struct_size(mvm->acs_survey, 3611 channels, n_channels), 3612 GFP_KERNEL); 3613 3614 if (!mvm->acs_survey) 3615 return; 3616 3617 mvm->acs_survey->n_channels = n_channels; 3618 n_channels = 0; 3619 for (band = 0; band < NUM_NL80211_BANDS; band++) { 3620 if (!mvm->hw->wiphy->bands[band]) 3621 continue; 3622 3623 mvm->acs_survey->bands[band] = 3624 &mvm->acs_survey->channels[n_channels]; 3625 n_channels += mvm->hw->wiphy->bands[band]->n_channels; 3626 } 3627 } 3628 3629 band = iwl_mvm_nl80211_band_from_phy(le32_to_cpu(notif->band)); 3630 chan_idx = iwl_mvm_chanidx_from_phy(mvm, band, 3631 le32_to_cpu(notif->channel)); 3632 if (WARN_ON_ONCE(chan_idx < 0)) 3633 return; 3634 3635 IWL_DEBUG_SCAN(mvm, "channel survey received for freq %d\n", 3636 mvm->hw->wiphy->bands[band]->channels[chan_idx].center_freq); 3637 3638 info = &mvm->acs_survey->bands[band][chan_idx]; 3639 3640 /* Times are all in ms */ 3641 info->time = le32_to_cpu(notif->active_time); 3642 info->time_busy = le32_to_cpu(notif->busy_time); 3643 info->time_rx = le32_to_cpu(notif->rx_time); 3644 info->time_tx = le32_to_cpu(notif->tx_time); 3645 info->noise = 3646 iwl_average_neg_dbm(notif->noise, ARRAY_SIZE(notif->noise)); 3647 } 3648