1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause 2 /* 3 * Copyright (C) 2012-2015, 2018-2020 Intel Corporation 4 * Copyright (C) 2013-2015 Intel Mobile Communications GmbH 5 * Copyright (C) 2016-2017 Intel Deutschland GmbH 6 */ 7 #include <net/mac80211.h> 8 9 #include "mvm.h" 10 #include "sta.h" 11 #include "rs.h" 12 13 /* 14 * New version of ADD_STA_sta command added new fields at the end of the 15 * structure, so sending the size of the relevant API's structure is enough to 16 * support both API versions. 17 */ 18 static inline int iwl_mvm_add_sta_cmd_size(struct iwl_mvm *mvm) 19 { 20 if (iwl_mvm_has_new_rx_api(mvm) || 21 fw_has_api(&mvm->fw->ucode_capa, IWL_UCODE_TLV_API_STA_TYPE)) 22 return sizeof(struct iwl_mvm_add_sta_cmd); 23 else 24 return sizeof(struct iwl_mvm_add_sta_cmd_v7); 25 } 26 27 static int iwl_mvm_find_free_sta_id(struct iwl_mvm *mvm, 28 enum nl80211_iftype iftype) 29 { 30 int sta_id; 31 u32 reserved_ids = 0; 32 33 BUILD_BUG_ON(IWL_MVM_STATION_COUNT_MAX > 32); 34 WARN_ON_ONCE(test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status)); 35 36 lockdep_assert_held(&mvm->mutex); 37 38 /* d0i3/d3 assumes the AP's sta_id (of sta vif) is 0. reserve it. */ 39 if (iftype != NL80211_IFTYPE_STATION) 40 reserved_ids = BIT(0); 41 42 /* Don't take rcu_read_lock() since we are protected by mvm->mutex */ 43 for (sta_id = 0; sta_id < mvm->fw->ucode_capa.num_stations; sta_id++) { 44 if (BIT(sta_id) & reserved_ids) 45 continue; 46 47 if (!rcu_dereference_protected(mvm->fw_id_to_mac_id[sta_id], 48 lockdep_is_held(&mvm->mutex))) 49 return sta_id; 50 } 51 return IWL_MVM_INVALID_STA; 52 } 53 54 /* send station add/update command to firmware */ 55 int iwl_mvm_sta_send_to_fw(struct iwl_mvm *mvm, struct ieee80211_sta *sta, 56 bool update, unsigned int flags) 57 { 58 struct iwl_mvm_sta *mvm_sta = iwl_mvm_sta_from_mac80211(sta); 59 struct iwl_mvm_add_sta_cmd add_sta_cmd = { 60 .sta_id = mvm_sta->sta_id, 61 .mac_id_n_color = cpu_to_le32(mvm_sta->mac_id_n_color), 62 .add_modify = update ? 1 : 0, 63 .station_flags_msk = cpu_to_le32(STA_FLG_FAT_EN_MSK | 64 STA_FLG_MIMO_EN_MSK | 65 STA_FLG_RTS_MIMO_PROT), 66 .tid_disable_tx = cpu_to_le16(mvm_sta->tid_disable_agg), 67 }; 68 int ret; 69 u32 status; 70 u32 agg_size = 0, mpdu_dens = 0; 71 72 if (fw_has_api(&mvm->fw->ucode_capa, IWL_UCODE_TLV_API_STA_TYPE)) 73 add_sta_cmd.station_type = mvm_sta->sta_type; 74 75 if (!update || (flags & STA_MODIFY_QUEUES)) { 76 memcpy(&add_sta_cmd.addr, sta->addr, ETH_ALEN); 77 78 if (!iwl_mvm_has_new_tx_api(mvm)) { 79 add_sta_cmd.tfd_queue_msk = 80 cpu_to_le32(mvm_sta->tfd_queue_msk); 81 82 if (flags & STA_MODIFY_QUEUES) 83 add_sta_cmd.modify_mask |= STA_MODIFY_QUEUES; 84 } else { 85 WARN_ON(flags & STA_MODIFY_QUEUES); 86 } 87 } 88 89 switch (sta->bandwidth) { 90 case IEEE80211_STA_RX_BW_160: 91 add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_FAT_EN_160MHZ); 92 fallthrough; 93 case IEEE80211_STA_RX_BW_80: 94 add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_FAT_EN_80MHZ); 95 fallthrough; 96 case IEEE80211_STA_RX_BW_40: 97 add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_FAT_EN_40MHZ); 98 fallthrough; 99 case IEEE80211_STA_RX_BW_20: 100 if (sta->ht_cap.ht_supported) 101 add_sta_cmd.station_flags |= 102 cpu_to_le32(STA_FLG_FAT_EN_20MHZ); 103 break; 104 } 105 106 switch (sta->rx_nss) { 107 case 1: 108 add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_MIMO_EN_SISO); 109 break; 110 case 2: 111 add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_MIMO_EN_MIMO2); 112 break; 113 case 3 ... 8: 114 add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_MIMO_EN_MIMO3); 115 break; 116 } 117 118 switch (sta->smps_mode) { 119 case IEEE80211_SMPS_AUTOMATIC: 120 case IEEE80211_SMPS_NUM_MODES: 121 WARN_ON(1); 122 break; 123 case IEEE80211_SMPS_STATIC: 124 /* override NSS */ 125 add_sta_cmd.station_flags &= ~cpu_to_le32(STA_FLG_MIMO_EN_MSK); 126 add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_MIMO_EN_SISO); 127 break; 128 case IEEE80211_SMPS_DYNAMIC: 129 add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_RTS_MIMO_PROT); 130 break; 131 case IEEE80211_SMPS_OFF: 132 /* nothing */ 133 break; 134 } 135 136 if (sta->ht_cap.ht_supported) { 137 add_sta_cmd.station_flags_msk |= 138 cpu_to_le32(STA_FLG_MAX_AGG_SIZE_MSK | 139 STA_FLG_AGG_MPDU_DENS_MSK); 140 141 mpdu_dens = sta->ht_cap.ampdu_density; 142 } 143 144 if (mvm_sta->vif->bss_conf.chandef.chan->band == NL80211_BAND_6GHZ) { 145 add_sta_cmd.station_flags_msk |= 146 cpu_to_le32(STA_FLG_MAX_AGG_SIZE_MSK | 147 STA_FLG_AGG_MPDU_DENS_MSK); 148 149 mpdu_dens = le16_get_bits(sta->he_6ghz_capa.capa, 150 IEEE80211_HE_6GHZ_CAP_MIN_MPDU_START); 151 agg_size = le16_get_bits(sta->he_6ghz_capa.capa, 152 IEEE80211_HE_6GHZ_CAP_MAX_AMPDU_LEN_EXP); 153 } else 154 if (sta->vht_cap.vht_supported) { 155 agg_size = sta->vht_cap.cap & 156 IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK; 157 agg_size >>= 158 IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT; 159 } else if (sta->ht_cap.ht_supported) { 160 agg_size = sta->ht_cap.ampdu_factor; 161 } 162 163 /* D6.0 10.12.2 A-MPDU length limit rules 164 * A STA indicates the maximum length of the A-MPDU preEOF padding 165 * that it can receive in an HE PPDU in the Maximum A-MPDU Length 166 * Exponent field in its HT Capabilities, VHT Capabilities, 167 * and HE 6 GHz Band Capabilities elements (if present) and the 168 * Maximum AMPDU Length Exponent Extension field in its HE 169 * Capabilities element 170 */ 171 if (sta->he_cap.has_he) 172 agg_size += u8_get_bits(sta->he_cap.he_cap_elem.mac_cap_info[3], 173 IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_MASK); 174 175 /* Limit to max A-MPDU supported by FW */ 176 if (agg_size > (STA_FLG_MAX_AGG_SIZE_4M >> STA_FLG_MAX_AGG_SIZE_SHIFT)) 177 agg_size = (STA_FLG_MAX_AGG_SIZE_4M >> 178 STA_FLG_MAX_AGG_SIZE_SHIFT); 179 180 add_sta_cmd.station_flags |= 181 cpu_to_le32(agg_size << STA_FLG_MAX_AGG_SIZE_SHIFT); 182 add_sta_cmd.station_flags |= 183 cpu_to_le32(mpdu_dens << STA_FLG_AGG_MPDU_DENS_SHIFT); 184 if (mvm_sta->sta_state >= IEEE80211_STA_ASSOC) 185 add_sta_cmd.assoc_id = cpu_to_le16(sta->aid); 186 187 if (sta->wme) { 188 add_sta_cmd.modify_mask |= STA_MODIFY_UAPSD_ACS; 189 190 if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 191 add_sta_cmd.uapsd_acs |= BIT(AC_BK); 192 if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 193 add_sta_cmd.uapsd_acs |= BIT(AC_BE); 194 if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 195 add_sta_cmd.uapsd_acs |= BIT(AC_VI); 196 if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 197 add_sta_cmd.uapsd_acs |= BIT(AC_VO); 198 add_sta_cmd.uapsd_acs |= add_sta_cmd.uapsd_acs << 4; 199 add_sta_cmd.sp_length = sta->max_sp ? sta->max_sp * 2 : 128; 200 } 201 202 status = ADD_STA_SUCCESS; 203 ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA, 204 iwl_mvm_add_sta_cmd_size(mvm), 205 &add_sta_cmd, &status); 206 if (ret) 207 return ret; 208 209 switch (status & IWL_ADD_STA_STATUS_MASK) { 210 case ADD_STA_SUCCESS: 211 IWL_DEBUG_ASSOC(mvm, "ADD_STA PASSED\n"); 212 break; 213 default: 214 ret = -EIO; 215 IWL_ERR(mvm, "ADD_STA failed\n"); 216 break; 217 } 218 219 return ret; 220 } 221 222 static void iwl_mvm_rx_agg_session_expired(struct timer_list *t) 223 { 224 struct iwl_mvm_baid_data *data = 225 from_timer(data, t, session_timer); 226 struct iwl_mvm_baid_data __rcu **rcu_ptr = data->rcu_ptr; 227 struct iwl_mvm_baid_data *ba_data; 228 struct ieee80211_sta *sta; 229 struct iwl_mvm_sta *mvm_sta; 230 unsigned long timeout; 231 232 rcu_read_lock(); 233 234 ba_data = rcu_dereference(*rcu_ptr); 235 236 if (WARN_ON(!ba_data)) 237 goto unlock; 238 239 if (!ba_data->timeout) 240 goto unlock; 241 242 timeout = ba_data->last_rx + TU_TO_JIFFIES(ba_data->timeout * 2); 243 if (time_is_after_jiffies(timeout)) { 244 mod_timer(&ba_data->session_timer, timeout); 245 goto unlock; 246 } 247 248 /* Timer expired */ 249 sta = rcu_dereference(ba_data->mvm->fw_id_to_mac_id[ba_data->sta_id]); 250 251 /* 252 * sta should be valid unless the following happens: 253 * The firmware asserts which triggers a reconfig flow, but 254 * the reconfig fails before we set the pointer to sta into 255 * the fw_id_to_mac_id pointer table. Mac80211 can't stop 256 * A-MDPU and hence the timer continues to run. Then, the 257 * timer expires and sta is NULL. 258 */ 259 if (!sta) 260 goto unlock; 261 262 mvm_sta = iwl_mvm_sta_from_mac80211(sta); 263 ieee80211_rx_ba_timer_expired(mvm_sta->vif, 264 sta->addr, ba_data->tid); 265 unlock: 266 rcu_read_unlock(); 267 } 268 269 /* Disable aggregations for a bitmap of TIDs for a given station */ 270 static int iwl_mvm_invalidate_sta_queue(struct iwl_mvm *mvm, int queue, 271 unsigned long disable_agg_tids, 272 bool remove_queue) 273 { 274 struct iwl_mvm_add_sta_cmd cmd = {}; 275 struct ieee80211_sta *sta; 276 struct iwl_mvm_sta *mvmsta; 277 u32 status; 278 u8 sta_id; 279 280 if (WARN_ON(iwl_mvm_has_new_tx_api(mvm))) 281 return -EINVAL; 282 283 sta_id = mvm->queue_info[queue].ra_sta_id; 284 285 rcu_read_lock(); 286 287 sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]); 288 289 if (WARN_ON_ONCE(IS_ERR_OR_NULL(sta))) { 290 rcu_read_unlock(); 291 return -EINVAL; 292 } 293 294 mvmsta = iwl_mvm_sta_from_mac80211(sta); 295 296 mvmsta->tid_disable_agg |= disable_agg_tids; 297 298 cmd.mac_id_n_color = cpu_to_le32(mvmsta->mac_id_n_color); 299 cmd.sta_id = mvmsta->sta_id; 300 cmd.add_modify = STA_MODE_MODIFY; 301 cmd.modify_mask = STA_MODIFY_QUEUES; 302 if (disable_agg_tids) 303 cmd.modify_mask |= STA_MODIFY_TID_DISABLE_TX; 304 if (remove_queue) 305 cmd.modify_mask |= STA_MODIFY_QUEUE_REMOVAL; 306 cmd.tfd_queue_msk = cpu_to_le32(mvmsta->tfd_queue_msk); 307 cmd.tid_disable_tx = cpu_to_le16(mvmsta->tid_disable_agg); 308 309 rcu_read_unlock(); 310 311 /* Notify FW of queue removal from the STA queues */ 312 status = ADD_STA_SUCCESS; 313 return iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA, 314 iwl_mvm_add_sta_cmd_size(mvm), 315 &cmd, &status); 316 } 317 318 static int iwl_mvm_disable_txq(struct iwl_mvm *mvm, struct ieee80211_sta *sta, 319 int queue, u8 tid, u8 flags) 320 { 321 struct iwl_scd_txq_cfg_cmd cmd = { 322 .scd_queue = queue, 323 .action = SCD_CFG_DISABLE_QUEUE, 324 }; 325 int ret; 326 327 if (iwl_mvm_has_new_tx_api(mvm)) { 328 iwl_trans_txq_free(mvm->trans, queue); 329 330 return 0; 331 } 332 333 if (WARN_ON(mvm->queue_info[queue].tid_bitmap == 0)) 334 return 0; 335 336 mvm->queue_info[queue].tid_bitmap &= ~BIT(tid); 337 338 cmd.action = mvm->queue_info[queue].tid_bitmap ? 339 SCD_CFG_ENABLE_QUEUE : SCD_CFG_DISABLE_QUEUE; 340 if (cmd.action == SCD_CFG_DISABLE_QUEUE) 341 mvm->queue_info[queue].status = IWL_MVM_QUEUE_FREE; 342 343 IWL_DEBUG_TX_QUEUES(mvm, 344 "Disabling TXQ #%d tids=0x%x\n", 345 queue, 346 mvm->queue_info[queue].tid_bitmap); 347 348 /* If the queue is still enabled - nothing left to do in this func */ 349 if (cmd.action == SCD_CFG_ENABLE_QUEUE) 350 return 0; 351 352 cmd.sta_id = mvm->queue_info[queue].ra_sta_id; 353 cmd.tid = mvm->queue_info[queue].txq_tid; 354 355 /* Make sure queue info is correct even though we overwrite it */ 356 WARN(mvm->queue_info[queue].tid_bitmap, 357 "TXQ #%d info out-of-sync - tids=0x%x\n", 358 queue, mvm->queue_info[queue].tid_bitmap); 359 360 /* If we are here - the queue is freed and we can zero out these vals */ 361 mvm->queue_info[queue].tid_bitmap = 0; 362 363 if (sta) { 364 struct iwl_mvm_txq *mvmtxq = 365 iwl_mvm_txq_from_tid(sta, tid); 366 367 mvmtxq->txq_id = IWL_MVM_INVALID_QUEUE; 368 } 369 370 /* Regardless if this is a reserved TXQ for a STA - mark it as false */ 371 mvm->queue_info[queue].reserved = false; 372 373 iwl_trans_txq_disable(mvm->trans, queue, false); 374 ret = iwl_mvm_send_cmd_pdu(mvm, SCD_QUEUE_CFG, flags, 375 sizeof(struct iwl_scd_txq_cfg_cmd), &cmd); 376 377 if (ret) 378 IWL_ERR(mvm, "Failed to disable queue %d (ret=%d)\n", 379 queue, ret); 380 return ret; 381 } 382 383 static int iwl_mvm_get_queue_agg_tids(struct iwl_mvm *mvm, int queue) 384 { 385 struct ieee80211_sta *sta; 386 struct iwl_mvm_sta *mvmsta; 387 unsigned long tid_bitmap; 388 unsigned long agg_tids = 0; 389 u8 sta_id; 390 int tid; 391 392 lockdep_assert_held(&mvm->mutex); 393 394 if (WARN_ON(iwl_mvm_has_new_tx_api(mvm))) 395 return -EINVAL; 396 397 sta_id = mvm->queue_info[queue].ra_sta_id; 398 tid_bitmap = mvm->queue_info[queue].tid_bitmap; 399 400 sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[sta_id], 401 lockdep_is_held(&mvm->mutex)); 402 403 if (WARN_ON_ONCE(IS_ERR_OR_NULL(sta))) 404 return -EINVAL; 405 406 mvmsta = iwl_mvm_sta_from_mac80211(sta); 407 408 spin_lock_bh(&mvmsta->lock); 409 for_each_set_bit(tid, &tid_bitmap, IWL_MAX_TID_COUNT + 1) { 410 if (mvmsta->tid_data[tid].state == IWL_AGG_ON) 411 agg_tids |= BIT(tid); 412 } 413 spin_unlock_bh(&mvmsta->lock); 414 415 return agg_tids; 416 } 417 418 /* 419 * Remove a queue from a station's resources. 420 * Note that this only marks as free. It DOESN'T delete a BA agreement, and 421 * doesn't disable the queue 422 */ 423 static int iwl_mvm_remove_sta_queue_marking(struct iwl_mvm *mvm, int queue) 424 { 425 struct ieee80211_sta *sta; 426 struct iwl_mvm_sta *mvmsta; 427 unsigned long tid_bitmap; 428 unsigned long disable_agg_tids = 0; 429 u8 sta_id; 430 int tid; 431 432 lockdep_assert_held(&mvm->mutex); 433 434 if (WARN_ON(iwl_mvm_has_new_tx_api(mvm))) 435 return -EINVAL; 436 437 sta_id = mvm->queue_info[queue].ra_sta_id; 438 tid_bitmap = mvm->queue_info[queue].tid_bitmap; 439 440 rcu_read_lock(); 441 442 sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]); 443 444 if (WARN_ON_ONCE(IS_ERR_OR_NULL(sta))) { 445 rcu_read_unlock(); 446 return 0; 447 } 448 449 mvmsta = iwl_mvm_sta_from_mac80211(sta); 450 451 spin_lock_bh(&mvmsta->lock); 452 /* Unmap MAC queues and TIDs from this queue */ 453 for_each_set_bit(tid, &tid_bitmap, IWL_MAX_TID_COUNT + 1) { 454 struct iwl_mvm_txq *mvmtxq = 455 iwl_mvm_txq_from_tid(sta, tid); 456 457 if (mvmsta->tid_data[tid].state == IWL_AGG_ON) 458 disable_agg_tids |= BIT(tid); 459 mvmsta->tid_data[tid].txq_id = IWL_MVM_INVALID_QUEUE; 460 461 mvmtxq->txq_id = IWL_MVM_INVALID_QUEUE; 462 } 463 464 mvmsta->tfd_queue_msk &= ~BIT(queue); /* Don't use this queue anymore */ 465 spin_unlock_bh(&mvmsta->lock); 466 467 rcu_read_unlock(); 468 469 /* 470 * The TX path may have been using this TXQ_ID from the tid_data, 471 * so make sure it's no longer running so that we can safely reuse 472 * this TXQ later. We've set all the TIDs to IWL_MVM_INVALID_QUEUE 473 * above, but nothing guarantees we've stopped using them. Thus, 474 * without this, we could get to iwl_mvm_disable_txq() and remove 475 * the queue while still sending frames to it. 476 */ 477 synchronize_net(); 478 479 return disable_agg_tids; 480 } 481 482 static int iwl_mvm_free_inactive_queue(struct iwl_mvm *mvm, int queue, 483 struct ieee80211_sta *old_sta, 484 u8 new_sta_id) 485 { 486 struct iwl_mvm_sta *mvmsta; 487 u8 sta_id, tid; 488 unsigned long disable_agg_tids = 0; 489 bool same_sta; 490 int ret; 491 492 lockdep_assert_held(&mvm->mutex); 493 494 if (WARN_ON(iwl_mvm_has_new_tx_api(mvm))) 495 return -EINVAL; 496 497 sta_id = mvm->queue_info[queue].ra_sta_id; 498 tid = mvm->queue_info[queue].txq_tid; 499 500 same_sta = sta_id == new_sta_id; 501 502 mvmsta = iwl_mvm_sta_from_staid_protected(mvm, sta_id); 503 if (WARN_ON(!mvmsta)) 504 return -EINVAL; 505 506 disable_agg_tids = iwl_mvm_remove_sta_queue_marking(mvm, queue); 507 /* Disable the queue */ 508 if (disable_agg_tids) 509 iwl_mvm_invalidate_sta_queue(mvm, queue, 510 disable_agg_tids, false); 511 512 ret = iwl_mvm_disable_txq(mvm, old_sta, queue, tid, 0); 513 if (ret) { 514 IWL_ERR(mvm, 515 "Failed to free inactive queue %d (ret=%d)\n", 516 queue, ret); 517 518 return ret; 519 } 520 521 /* If TXQ is allocated to another STA, update removal in FW */ 522 if (!same_sta) 523 iwl_mvm_invalidate_sta_queue(mvm, queue, 0, true); 524 525 return 0; 526 } 527 528 static int iwl_mvm_get_shared_queue(struct iwl_mvm *mvm, 529 unsigned long tfd_queue_mask, u8 ac) 530 { 531 int queue = 0; 532 u8 ac_to_queue[IEEE80211_NUM_ACS]; 533 int i; 534 535 /* 536 * This protects us against grabbing a queue that's being reconfigured 537 * by the inactivity checker. 538 */ 539 lockdep_assert_held(&mvm->mutex); 540 541 if (WARN_ON(iwl_mvm_has_new_tx_api(mvm))) 542 return -EINVAL; 543 544 memset(&ac_to_queue, IEEE80211_INVAL_HW_QUEUE, sizeof(ac_to_queue)); 545 546 /* See what ACs the existing queues for this STA have */ 547 for_each_set_bit(i, &tfd_queue_mask, IWL_MVM_DQA_MAX_DATA_QUEUE) { 548 /* Only DATA queues can be shared */ 549 if (i < IWL_MVM_DQA_MIN_DATA_QUEUE && 550 i != IWL_MVM_DQA_BSS_CLIENT_QUEUE) 551 continue; 552 553 ac_to_queue[mvm->queue_info[i].mac80211_ac] = i; 554 } 555 556 /* 557 * The queue to share is chosen only from DATA queues as follows (in 558 * descending priority): 559 * 1. An AC_BE queue 560 * 2. Same AC queue 561 * 3. Highest AC queue that is lower than new AC 562 * 4. Any existing AC (there always is at least 1 DATA queue) 563 */ 564 565 /* Priority 1: An AC_BE queue */ 566 if (ac_to_queue[IEEE80211_AC_BE] != IEEE80211_INVAL_HW_QUEUE) 567 queue = ac_to_queue[IEEE80211_AC_BE]; 568 /* Priority 2: Same AC queue */ 569 else if (ac_to_queue[ac] != IEEE80211_INVAL_HW_QUEUE) 570 queue = ac_to_queue[ac]; 571 /* Priority 3a: If new AC is VO and VI exists - use VI */ 572 else if (ac == IEEE80211_AC_VO && 573 ac_to_queue[IEEE80211_AC_VI] != IEEE80211_INVAL_HW_QUEUE) 574 queue = ac_to_queue[IEEE80211_AC_VI]; 575 /* Priority 3b: No BE so only AC less than the new one is BK */ 576 else if (ac_to_queue[IEEE80211_AC_BK] != IEEE80211_INVAL_HW_QUEUE) 577 queue = ac_to_queue[IEEE80211_AC_BK]; 578 /* Priority 4a: No BE nor BK - use VI if exists */ 579 else if (ac_to_queue[IEEE80211_AC_VI] != IEEE80211_INVAL_HW_QUEUE) 580 queue = ac_to_queue[IEEE80211_AC_VI]; 581 /* Priority 4b: No BE, BK nor VI - use VO if exists */ 582 else if (ac_to_queue[IEEE80211_AC_VO] != IEEE80211_INVAL_HW_QUEUE) 583 queue = ac_to_queue[IEEE80211_AC_VO]; 584 585 /* Make sure queue found (or not) is legal */ 586 if (!iwl_mvm_is_dqa_data_queue(mvm, queue) && 587 !iwl_mvm_is_dqa_mgmt_queue(mvm, queue) && 588 (queue != IWL_MVM_DQA_BSS_CLIENT_QUEUE)) { 589 IWL_ERR(mvm, "No DATA queues available to share\n"); 590 return -ENOSPC; 591 } 592 593 return queue; 594 } 595 596 /* 597 * If a given queue has a higher AC than the TID stream that is being compared 598 * to, the queue needs to be redirected to the lower AC. This function does that 599 * in such a case, otherwise - if no redirection required - it does nothing, 600 * unless the %force param is true. 601 */ 602 static int iwl_mvm_redirect_queue(struct iwl_mvm *mvm, int queue, int tid, 603 int ac, int ssn, unsigned int wdg_timeout, 604 bool force, struct iwl_mvm_txq *txq) 605 { 606 struct iwl_scd_txq_cfg_cmd cmd = { 607 .scd_queue = queue, 608 .action = SCD_CFG_DISABLE_QUEUE, 609 }; 610 bool shared_queue; 611 int ret; 612 613 if (WARN_ON(iwl_mvm_has_new_tx_api(mvm))) 614 return -EINVAL; 615 616 /* 617 * If the AC is lower than current one - FIFO needs to be redirected to 618 * the lowest one of the streams in the queue. Check if this is needed 619 * here. 620 * Notice that the enum ieee80211_ac_numbers is "flipped", so BK is with 621 * value 3 and VO with value 0, so to check if ac X is lower than ac Y 622 * we need to check if the numerical value of X is LARGER than of Y. 623 */ 624 if (ac <= mvm->queue_info[queue].mac80211_ac && !force) { 625 IWL_DEBUG_TX_QUEUES(mvm, 626 "No redirection needed on TXQ #%d\n", 627 queue); 628 return 0; 629 } 630 631 cmd.sta_id = mvm->queue_info[queue].ra_sta_id; 632 cmd.tx_fifo = iwl_mvm_ac_to_tx_fifo[mvm->queue_info[queue].mac80211_ac]; 633 cmd.tid = mvm->queue_info[queue].txq_tid; 634 shared_queue = hweight16(mvm->queue_info[queue].tid_bitmap) > 1; 635 636 IWL_DEBUG_TX_QUEUES(mvm, "Redirecting TXQ #%d to FIFO #%d\n", 637 queue, iwl_mvm_ac_to_tx_fifo[ac]); 638 639 /* Stop the queue and wait for it to empty */ 640 txq->stopped = true; 641 642 ret = iwl_trans_wait_tx_queues_empty(mvm->trans, BIT(queue)); 643 if (ret) { 644 IWL_ERR(mvm, "Error draining queue %d before reconfig\n", 645 queue); 646 ret = -EIO; 647 goto out; 648 } 649 650 /* Before redirecting the queue we need to de-activate it */ 651 iwl_trans_txq_disable(mvm->trans, queue, false); 652 ret = iwl_mvm_send_cmd_pdu(mvm, SCD_QUEUE_CFG, 0, sizeof(cmd), &cmd); 653 if (ret) 654 IWL_ERR(mvm, "Failed SCD disable TXQ %d (ret=%d)\n", queue, 655 ret); 656 657 /* Make sure the SCD wrptr is correctly set before reconfiguring */ 658 iwl_trans_txq_enable_cfg(mvm->trans, queue, ssn, NULL, wdg_timeout); 659 660 /* Update the TID "owner" of the queue */ 661 mvm->queue_info[queue].txq_tid = tid; 662 663 /* TODO: Work-around SCD bug when moving back by multiples of 0x40 */ 664 665 /* Redirect to lower AC */ 666 iwl_mvm_reconfig_scd(mvm, queue, iwl_mvm_ac_to_tx_fifo[ac], 667 cmd.sta_id, tid, IWL_FRAME_LIMIT, ssn); 668 669 /* Update AC marking of the queue */ 670 mvm->queue_info[queue].mac80211_ac = ac; 671 672 /* 673 * Mark queue as shared in transport if shared 674 * Note this has to be done after queue enablement because enablement 675 * can also set this value, and there is no indication there to shared 676 * queues 677 */ 678 if (shared_queue) 679 iwl_trans_txq_set_shared_mode(mvm->trans, queue, true); 680 681 out: 682 /* Continue using the queue */ 683 txq->stopped = false; 684 685 return ret; 686 } 687 688 static int iwl_mvm_find_free_queue(struct iwl_mvm *mvm, u8 sta_id, 689 u8 minq, u8 maxq) 690 { 691 int i; 692 693 lockdep_assert_held(&mvm->mutex); 694 695 if (WARN(maxq >= mvm->trans->trans_cfg->base_params->num_of_queues, 696 "max queue %d >= num_of_queues (%d)", maxq, 697 mvm->trans->trans_cfg->base_params->num_of_queues)) 698 maxq = mvm->trans->trans_cfg->base_params->num_of_queues - 1; 699 700 /* This should not be hit with new TX path */ 701 if (WARN_ON(iwl_mvm_has_new_tx_api(mvm))) 702 return -ENOSPC; 703 704 /* Start by looking for a free queue */ 705 for (i = minq; i <= maxq; i++) 706 if (mvm->queue_info[i].tid_bitmap == 0 && 707 mvm->queue_info[i].status == IWL_MVM_QUEUE_FREE) 708 return i; 709 710 return -ENOSPC; 711 } 712 713 static int iwl_mvm_tvqm_enable_txq(struct iwl_mvm *mvm, 714 u8 sta_id, u8 tid, unsigned int timeout) 715 { 716 int queue, size = max_t(u32, IWL_DEFAULT_QUEUE_SIZE, 717 mvm->trans->cfg->min_256_ba_txq_size); 718 719 if (tid == IWL_MAX_TID_COUNT) { 720 tid = IWL_MGMT_TID; 721 size = max_t(u32, IWL_MGMT_QUEUE_SIZE, 722 mvm->trans->cfg->min_txq_size); 723 } 724 725 do { 726 __le16 enable = cpu_to_le16(TX_QUEUE_CFG_ENABLE_QUEUE); 727 728 queue = iwl_trans_txq_alloc(mvm->trans, enable, 729 sta_id, tid, SCD_QUEUE_CFG, 730 size, timeout); 731 732 if (queue < 0) 733 IWL_DEBUG_TX_QUEUES(mvm, 734 "Failed allocating TXQ of size %d for sta %d tid %d, ret: %d\n", 735 size, sta_id, tid, queue); 736 size /= 2; 737 } while (queue < 0 && size >= 16); 738 739 if (queue < 0) 740 return queue; 741 742 IWL_DEBUG_TX_QUEUES(mvm, "Enabling TXQ #%d for sta %d tid %d\n", 743 queue, sta_id, tid); 744 745 return queue; 746 } 747 748 static int iwl_mvm_sta_alloc_queue_tvqm(struct iwl_mvm *mvm, 749 struct ieee80211_sta *sta, u8 ac, 750 int tid) 751 { 752 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 753 struct iwl_mvm_txq *mvmtxq = 754 iwl_mvm_txq_from_tid(sta, tid); 755 unsigned int wdg_timeout = 756 iwl_mvm_get_wd_timeout(mvm, mvmsta->vif, false, false); 757 int queue = -1; 758 759 lockdep_assert_held(&mvm->mutex); 760 761 IWL_DEBUG_TX_QUEUES(mvm, 762 "Allocating queue for sta %d on tid %d\n", 763 mvmsta->sta_id, tid); 764 queue = iwl_mvm_tvqm_enable_txq(mvm, mvmsta->sta_id, tid, wdg_timeout); 765 if (queue < 0) 766 return queue; 767 768 mvmtxq->txq_id = queue; 769 mvm->tvqm_info[queue].txq_tid = tid; 770 mvm->tvqm_info[queue].sta_id = mvmsta->sta_id; 771 772 IWL_DEBUG_TX_QUEUES(mvm, "Allocated queue is %d\n", queue); 773 774 spin_lock_bh(&mvmsta->lock); 775 mvmsta->tid_data[tid].txq_id = queue; 776 spin_unlock_bh(&mvmsta->lock); 777 778 return 0; 779 } 780 781 static bool iwl_mvm_update_txq_mapping(struct iwl_mvm *mvm, 782 struct ieee80211_sta *sta, 783 int queue, u8 sta_id, u8 tid) 784 { 785 bool enable_queue = true; 786 787 /* Make sure this TID isn't already enabled */ 788 if (mvm->queue_info[queue].tid_bitmap & BIT(tid)) { 789 IWL_ERR(mvm, "Trying to enable TXQ %d with existing TID %d\n", 790 queue, tid); 791 return false; 792 } 793 794 /* Update mappings and refcounts */ 795 if (mvm->queue_info[queue].tid_bitmap) 796 enable_queue = false; 797 798 mvm->queue_info[queue].tid_bitmap |= BIT(tid); 799 mvm->queue_info[queue].ra_sta_id = sta_id; 800 801 if (enable_queue) { 802 if (tid != IWL_MAX_TID_COUNT) 803 mvm->queue_info[queue].mac80211_ac = 804 tid_to_mac80211_ac[tid]; 805 else 806 mvm->queue_info[queue].mac80211_ac = IEEE80211_AC_VO; 807 808 mvm->queue_info[queue].txq_tid = tid; 809 } 810 811 if (sta) { 812 struct iwl_mvm_txq *mvmtxq = 813 iwl_mvm_txq_from_tid(sta, tid); 814 815 mvmtxq->txq_id = queue; 816 } 817 818 IWL_DEBUG_TX_QUEUES(mvm, 819 "Enabling TXQ #%d tids=0x%x\n", 820 queue, mvm->queue_info[queue].tid_bitmap); 821 822 return enable_queue; 823 } 824 825 static bool iwl_mvm_enable_txq(struct iwl_mvm *mvm, struct ieee80211_sta *sta, 826 int queue, u16 ssn, 827 const struct iwl_trans_txq_scd_cfg *cfg, 828 unsigned int wdg_timeout) 829 { 830 struct iwl_scd_txq_cfg_cmd cmd = { 831 .scd_queue = queue, 832 .action = SCD_CFG_ENABLE_QUEUE, 833 .window = cfg->frame_limit, 834 .sta_id = cfg->sta_id, 835 .ssn = cpu_to_le16(ssn), 836 .tx_fifo = cfg->fifo, 837 .aggregate = cfg->aggregate, 838 .tid = cfg->tid, 839 }; 840 bool inc_ssn; 841 842 if (WARN_ON(iwl_mvm_has_new_tx_api(mvm))) 843 return false; 844 845 /* Send the enabling command if we need to */ 846 if (!iwl_mvm_update_txq_mapping(mvm, sta, queue, cfg->sta_id, cfg->tid)) 847 return false; 848 849 inc_ssn = iwl_trans_txq_enable_cfg(mvm->trans, queue, ssn, 850 NULL, wdg_timeout); 851 if (inc_ssn) 852 le16_add_cpu(&cmd.ssn, 1); 853 854 WARN(iwl_mvm_send_cmd_pdu(mvm, SCD_QUEUE_CFG, 0, sizeof(cmd), &cmd), 855 "Failed to configure queue %d on FIFO %d\n", queue, cfg->fifo); 856 857 return inc_ssn; 858 } 859 860 static void iwl_mvm_change_queue_tid(struct iwl_mvm *mvm, int queue) 861 { 862 struct iwl_scd_txq_cfg_cmd cmd = { 863 .scd_queue = queue, 864 .action = SCD_CFG_UPDATE_QUEUE_TID, 865 }; 866 int tid; 867 unsigned long tid_bitmap; 868 int ret; 869 870 lockdep_assert_held(&mvm->mutex); 871 872 if (WARN_ON(iwl_mvm_has_new_tx_api(mvm))) 873 return; 874 875 tid_bitmap = mvm->queue_info[queue].tid_bitmap; 876 877 if (WARN(!tid_bitmap, "TXQ %d has no tids assigned to it\n", queue)) 878 return; 879 880 /* Find any TID for queue */ 881 tid = find_first_bit(&tid_bitmap, IWL_MAX_TID_COUNT + 1); 882 cmd.tid = tid; 883 cmd.tx_fifo = iwl_mvm_ac_to_tx_fifo[tid_to_mac80211_ac[tid]]; 884 885 ret = iwl_mvm_send_cmd_pdu(mvm, SCD_QUEUE_CFG, 0, sizeof(cmd), &cmd); 886 if (ret) { 887 IWL_ERR(mvm, "Failed to update owner of TXQ %d (ret=%d)\n", 888 queue, ret); 889 return; 890 } 891 892 mvm->queue_info[queue].txq_tid = tid; 893 IWL_DEBUG_TX_QUEUES(mvm, "Changed TXQ %d ownership to tid %d\n", 894 queue, tid); 895 } 896 897 static void iwl_mvm_unshare_queue(struct iwl_mvm *mvm, int queue) 898 { 899 struct ieee80211_sta *sta; 900 struct iwl_mvm_sta *mvmsta; 901 u8 sta_id; 902 int tid = -1; 903 unsigned long tid_bitmap; 904 unsigned int wdg_timeout; 905 int ssn; 906 int ret = true; 907 908 /* queue sharing is disabled on new TX path */ 909 if (WARN_ON(iwl_mvm_has_new_tx_api(mvm))) 910 return; 911 912 lockdep_assert_held(&mvm->mutex); 913 914 sta_id = mvm->queue_info[queue].ra_sta_id; 915 tid_bitmap = mvm->queue_info[queue].tid_bitmap; 916 917 /* Find TID for queue, and make sure it is the only one on the queue */ 918 tid = find_first_bit(&tid_bitmap, IWL_MAX_TID_COUNT + 1); 919 if (tid_bitmap != BIT(tid)) { 920 IWL_ERR(mvm, "Failed to unshare q %d, active tids=0x%lx\n", 921 queue, tid_bitmap); 922 return; 923 } 924 925 IWL_DEBUG_TX_QUEUES(mvm, "Unsharing TXQ %d, keeping tid %d\n", queue, 926 tid); 927 928 sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[sta_id], 929 lockdep_is_held(&mvm->mutex)); 930 931 if (WARN_ON_ONCE(IS_ERR_OR_NULL(sta))) 932 return; 933 934 mvmsta = iwl_mvm_sta_from_mac80211(sta); 935 wdg_timeout = iwl_mvm_get_wd_timeout(mvm, mvmsta->vif, false, false); 936 937 ssn = IEEE80211_SEQ_TO_SN(mvmsta->tid_data[tid].seq_number); 938 939 ret = iwl_mvm_redirect_queue(mvm, queue, tid, 940 tid_to_mac80211_ac[tid], ssn, 941 wdg_timeout, true, 942 iwl_mvm_txq_from_tid(sta, tid)); 943 if (ret) { 944 IWL_ERR(mvm, "Failed to redirect TXQ %d\n", queue); 945 return; 946 } 947 948 /* If aggs should be turned back on - do it */ 949 if (mvmsta->tid_data[tid].state == IWL_AGG_ON) { 950 struct iwl_mvm_add_sta_cmd cmd = {0}; 951 952 mvmsta->tid_disable_agg &= ~BIT(tid); 953 954 cmd.mac_id_n_color = cpu_to_le32(mvmsta->mac_id_n_color); 955 cmd.sta_id = mvmsta->sta_id; 956 cmd.add_modify = STA_MODE_MODIFY; 957 cmd.modify_mask = STA_MODIFY_TID_DISABLE_TX; 958 cmd.tfd_queue_msk = cpu_to_le32(mvmsta->tfd_queue_msk); 959 cmd.tid_disable_tx = cpu_to_le16(mvmsta->tid_disable_agg); 960 961 ret = iwl_mvm_send_cmd_pdu(mvm, ADD_STA, CMD_ASYNC, 962 iwl_mvm_add_sta_cmd_size(mvm), &cmd); 963 if (!ret) { 964 IWL_DEBUG_TX_QUEUES(mvm, 965 "TXQ #%d is now aggregated again\n", 966 queue); 967 968 /* Mark queue intenally as aggregating again */ 969 iwl_trans_txq_set_shared_mode(mvm->trans, queue, false); 970 } 971 } 972 973 mvm->queue_info[queue].status = IWL_MVM_QUEUE_READY; 974 } 975 976 /* 977 * Remove inactive TIDs of a given queue. 978 * If all queue TIDs are inactive - mark the queue as inactive 979 * If only some the queue TIDs are inactive - unmap them from the queue 980 * 981 * Returns %true if all TIDs were removed and the queue could be reused. 982 */ 983 static bool iwl_mvm_remove_inactive_tids(struct iwl_mvm *mvm, 984 struct iwl_mvm_sta *mvmsta, int queue, 985 unsigned long tid_bitmap, 986 unsigned long *unshare_queues, 987 unsigned long *changetid_queues) 988 { 989 int tid; 990 991 lockdep_assert_held(&mvmsta->lock); 992 lockdep_assert_held(&mvm->mutex); 993 994 if (WARN_ON(iwl_mvm_has_new_tx_api(mvm))) 995 return false; 996 997 /* Go over all non-active TIDs, incl. IWL_MAX_TID_COUNT (for mgmt) */ 998 for_each_set_bit(tid, &tid_bitmap, IWL_MAX_TID_COUNT + 1) { 999 /* If some TFDs are still queued - don't mark TID as inactive */ 1000 if (iwl_mvm_tid_queued(mvm, &mvmsta->tid_data[tid])) 1001 tid_bitmap &= ~BIT(tid); 1002 1003 /* Don't mark as inactive any TID that has an active BA */ 1004 if (mvmsta->tid_data[tid].state != IWL_AGG_OFF) 1005 tid_bitmap &= ~BIT(tid); 1006 } 1007 1008 /* If all TIDs in the queue are inactive - return it can be reused */ 1009 if (tid_bitmap == mvm->queue_info[queue].tid_bitmap) { 1010 IWL_DEBUG_TX_QUEUES(mvm, "Queue %d is inactive\n", queue); 1011 return true; 1012 } 1013 1014 /* 1015 * If we are here, this is a shared queue and not all TIDs timed-out. 1016 * Remove the ones that did. 1017 */ 1018 for_each_set_bit(tid, &tid_bitmap, IWL_MAX_TID_COUNT + 1) { 1019 u16 tid_bitmap; 1020 1021 mvmsta->tid_data[tid].txq_id = IWL_MVM_INVALID_QUEUE; 1022 mvm->queue_info[queue].tid_bitmap &= ~BIT(tid); 1023 1024 tid_bitmap = mvm->queue_info[queue].tid_bitmap; 1025 1026 /* 1027 * We need to take into account a situation in which a TXQ was 1028 * allocated to TID x, and then turned shared by adding TIDs y 1029 * and z. If TID x becomes inactive and is removed from the TXQ, 1030 * ownership must be given to one of the remaining TIDs. 1031 * This is mainly because if TID x continues - a new queue can't 1032 * be allocated for it as long as it is an owner of another TXQ. 1033 * 1034 * Mark this queue in the right bitmap, we'll send the command 1035 * to the firmware later. 1036 */ 1037 if (!(tid_bitmap & BIT(mvm->queue_info[queue].txq_tid))) 1038 set_bit(queue, changetid_queues); 1039 1040 IWL_DEBUG_TX_QUEUES(mvm, 1041 "Removing inactive TID %d from shared Q:%d\n", 1042 tid, queue); 1043 } 1044 1045 IWL_DEBUG_TX_QUEUES(mvm, 1046 "TXQ #%d left with tid bitmap 0x%x\n", queue, 1047 mvm->queue_info[queue].tid_bitmap); 1048 1049 /* 1050 * There may be different TIDs with the same mac queues, so make 1051 * sure all TIDs have existing corresponding mac queues enabled 1052 */ 1053 tid_bitmap = mvm->queue_info[queue].tid_bitmap; 1054 1055 /* If the queue is marked as shared - "unshare" it */ 1056 if (hweight16(mvm->queue_info[queue].tid_bitmap) == 1 && 1057 mvm->queue_info[queue].status == IWL_MVM_QUEUE_SHARED) { 1058 IWL_DEBUG_TX_QUEUES(mvm, "Marking Q:%d for reconfig\n", 1059 queue); 1060 set_bit(queue, unshare_queues); 1061 } 1062 1063 return false; 1064 } 1065 1066 /* 1067 * Check for inactivity - this includes checking if any queue 1068 * can be unshared and finding one (and only one) that can be 1069 * reused. 1070 * This function is also invoked as a sort of clean-up task, 1071 * in which case @alloc_for_sta is IWL_MVM_INVALID_STA. 1072 * 1073 * Returns the queue number, or -ENOSPC. 1074 */ 1075 static int iwl_mvm_inactivity_check(struct iwl_mvm *mvm, u8 alloc_for_sta) 1076 { 1077 unsigned long now = jiffies; 1078 unsigned long unshare_queues = 0; 1079 unsigned long changetid_queues = 0; 1080 int i, ret, free_queue = -ENOSPC; 1081 struct ieee80211_sta *queue_owner = NULL; 1082 1083 lockdep_assert_held(&mvm->mutex); 1084 1085 if (iwl_mvm_has_new_tx_api(mvm)) 1086 return -ENOSPC; 1087 1088 rcu_read_lock(); 1089 1090 /* we skip the CMD queue below by starting at 1 */ 1091 BUILD_BUG_ON(IWL_MVM_DQA_CMD_QUEUE != 0); 1092 1093 for (i = 1; i < IWL_MAX_HW_QUEUES; i++) { 1094 struct ieee80211_sta *sta; 1095 struct iwl_mvm_sta *mvmsta; 1096 u8 sta_id; 1097 int tid; 1098 unsigned long inactive_tid_bitmap = 0; 1099 unsigned long queue_tid_bitmap; 1100 1101 queue_tid_bitmap = mvm->queue_info[i].tid_bitmap; 1102 if (!queue_tid_bitmap) 1103 continue; 1104 1105 /* If TXQ isn't in active use anyway - nothing to do here... */ 1106 if (mvm->queue_info[i].status != IWL_MVM_QUEUE_READY && 1107 mvm->queue_info[i].status != IWL_MVM_QUEUE_SHARED) 1108 continue; 1109 1110 /* Check to see if there are inactive TIDs on this queue */ 1111 for_each_set_bit(tid, &queue_tid_bitmap, 1112 IWL_MAX_TID_COUNT + 1) { 1113 if (time_after(mvm->queue_info[i].last_frame_time[tid] + 1114 IWL_MVM_DQA_QUEUE_TIMEOUT, now)) 1115 continue; 1116 1117 inactive_tid_bitmap |= BIT(tid); 1118 } 1119 1120 /* If all TIDs are active - finish check on this queue */ 1121 if (!inactive_tid_bitmap) 1122 continue; 1123 1124 /* 1125 * If we are here - the queue hadn't been served recently and is 1126 * in use 1127 */ 1128 1129 sta_id = mvm->queue_info[i].ra_sta_id; 1130 sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]); 1131 1132 /* 1133 * If the STA doesn't exist anymore, it isn't an error. It could 1134 * be that it was removed since getting the queues, and in this 1135 * case it should've inactivated its queues anyway. 1136 */ 1137 if (IS_ERR_OR_NULL(sta)) 1138 continue; 1139 1140 mvmsta = iwl_mvm_sta_from_mac80211(sta); 1141 1142 spin_lock_bh(&mvmsta->lock); 1143 ret = iwl_mvm_remove_inactive_tids(mvm, mvmsta, i, 1144 inactive_tid_bitmap, 1145 &unshare_queues, 1146 &changetid_queues); 1147 if (ret && free_queue < 0) { 1148 queue_owner = sta; 1149 free_queue = i; 1150 } 1151 /* only unlock sta lock - we still need the queue info lock */ 1152 spin_unlock_bh(&mvmsta->lock); 1153 } 1154 1155 1156 /* Reconfigure queues requiring reconfiguation */ 1157 for_each_set_bit(i, &unshare_queues, IWL_MAX_HW_QUEUES) 1158 iwl_mvm_unshare_queue(mvm, i); 1159 for_each_set_bit(i, &changetid_queues, IWL_MAX_HW_QUEUES) 1160 iwl_mvm_change_queue_tid(mvm, i); 1161 1162 rcu_read_unlock(); 1163 1164 if (free_queue >= 0 && alloc_for_sta != IWL_MVM_INVALID_STA) { 1165 ret = iwl_mvm_free_inactive_queue(mvm, free_queue, queue_owner, 1166 alloc_for_sta); 1167 if (ret) 1168 return ret; 1169 } 1170 1171 return free_queue; 1172 } 1173 1174 static int iwl_mvm_sta_alloc_queue(struct iwl_mvm *mvm, 1175 struct ieee80211_sta *sta, u8 ac, int tid) 1176 { 1177 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 1178 struct iwl_trans_txq_scd_cfg cfg = { 1179 .fifo = iwl_mvm_mac_ac_to_tx_fifo(mvm, ac), 1180 .sta_id = mvmsta->sta_id, 1181 .tid = tid, 1182 .frame_limit = IWL_FRAME_LIMIT, 1183 }; 1184 unsigned int wdg_timeout = 1185 iwl_mvm_get_wd_timeout(mvm, mvmsta->vif, false, false); 1186 int queue = -1; 1187 unsigned long disable_agg_tids = 0; 1188 enum iwl_mvm_agg_state queue_state; 1189 bool shared_queue = false, inc_ssn; 1190 int ssn; 1191 unsigned long tfd_queue_mask; 1192 int ret; 1193 1194 lockdep_assert_held(&mvm->mutex); 1195 1196 if (iwl_mvm_has_new_tx_api(mvm)) 1197 return iwl_mvm_sta_alloc_queue_tvqm(mvm, sta, ac, tid); 1198 1199 spin_lock_bh(&mvmsta->lock); 1200 tfd_queue_mask = mvmsta->tfd_queue_msk; 1201 ssn = IEEE80211_SEQ_TO_SN(mvmsta->tid_data[tid].seq_number); 1202 spin_unlock_bh(&mvmsta->lock); 1203 1204 if (tid == IWL_MAX_TID_COUNT) { 1205 queue = iwl_mvm_find_free_queue(mvm, mvmsta->sta_id, 1206 IWL_MVM_DQA_MIN_MGMT_QUEUE, 1207 IWL_MVM_DQA_MAX_MGMT_QUEUE); 1208 if (queue >= IWL_MVM_DQA_MIN_MGMT_QUEUE) 1209 IWL_DEBUG_TX_QUEUES(mvm, "Found free MGMT queue #%d\n", 1210 queue); 1211 1212 /* If no such queue is found, we'll use a DATA queue instead */ 1213 } 1214 1215 if ((queue < 0 && mvmsta->reserved_queue != IEEE80211_INVAL_HW_QUEUE) && 1216 (mvm->queue_info[mvmsta->reserved_queue].status == 1217 IWL_MVM_QUEUE_RESERVED)) { 1218 queue = mvmsta->reserved_queue; 1219 mvm->queue_info[queue].reserved = true; 1220 IWL_DEBUG_TX_QUEUES(mvm, "Using reserved queue #%d\n", queue); 1221 } 1222 1223 if (queue < 0) 1224 queue = iwl_mvm_find_free_queue(mvm, mvmsta->sta_id, 1225 IWL_MVM_DQA_MIN_DATA_QUEUE, 1226 IWL_MVM_DQA_MAX_DATA_QUEUE); 1227 if (queue < 0) { 1228 /* try harder - perhaps kill an inactive queue */ 1229 queue = iwl_mvm_inactivity_check(mvm, mvmsta->sta_id); 1230 } 1231 1232 /* No free queue - we'll have to share */ 1233 if (queue <= 0) { 1234 queue = iwl_mvm_get_shared_queue(mvm, tfd_queue_mask, ac); 1235 if (queue > 0) { 1236 shared_queue = true; 1237 mvm->queue_info[queue].status = IWL_MVM_QUEUE_SHARED; 1238 } 1239 } 1240 1241 /* 1242 * Mark TXQ as ready, even though it hasn't been fully configured yet, 1243 * to make sure no one else takes it. 1244 * This will allow avoiding re-acquiring the lock at the end of the 1245 * configuration. On error we'll mark it back as free. 1246 */ 1247 if (queue > 0 && !shared_queue) 1248 mvm->queue_info[queue].status = IWL_MVM_QUEUE_READY; 1249 1250 /* This shouldn't happen - out of queues */ 1251 if (WARN_ON(queue <= 0)) { 1252 IWL_ERR(mvm, "No available queues for tid %d on sta_id %d\n", 1253 tid, cfg.sta_id); 1254 return queue; 1255 } 1256 1257 /* 1258 * Actual en/disablement of aggregations is through the ADD_STA HCMD, 1259 * but for configuring the SCD to send A-MPDUs we need to mark the queue 1260 * as aggregatable. 1261 * Mark all DATA queues as allowing to be aggregated at some point 1262 */ 1263 cfg.aggregate = (queue >= IWL_MVM_DQA_MIN_DATA_QUEUE || 1264 queue == IWL_MVM_DQA_BSS_CLIENT_QUEUE); 1265 1266 IWL_DEBUG_TX_QUEUES(mvm, 1267 "Allocating %squeue #%d to sta %d on tid %d\n", 1268 shared_queue ? "shared " : "", queue, 1269 mvmsta->sta_id, tid); 1270 1271 if (shared_queue) { 1272 /* Disable any open aggs on this queue */ 1273 disable_agg_tids = iwl_mvm_get_queue_agg_tids(mvm, queue); 1274 1275 if (disable_agg_tids) { 1276 IWL_DEBUG_TX_QUEUES(mvm, "Disabling aggs on queue %d\n", 1277 queue); 1278 iwl_mvm_invalidate_sta_queue(mvm, queue, 1279 disable_agg_tids, false); 1280 } 1281 } 1282 1283 inc_ssn = iwl_mvm_enable_txq(mvm, sta, queue, ssn, &cfg, wdg_timeout); 1284 1285 /* 1286 * Mark queue as shared in transport if shared 1287 * Note this has to be done after queue enablement because enablement 1288 * can also set this value, and there is no indication there to shared 1289 * queues 1290 */ 1291 if (shared_queue) 1292 iwl_trans_txq_set_shared_mode(mvm->trans, queue, true); 1293 1294 spin_lock_bh(&mvmsta->lock); 1295 /* 1296 * This looks racy, but it is not. We have only one packet for 1297 * this ra/tid in our Tx path since we stop the Qdisc when we 1298 * need to allocate a new TFD queue. 1299 */ 1300 if (inc_ssn) { 1301 mvmsta->tid_data[tid].seq_number += 0x10; 1302 ssn = (ssn + 1) & IEEE80211_SCTL_SEQ; 1303 } 1304 mvmsta->tid_data[tid].txq_id = queue; 1305 mvmsta->tfd_queue_msk |= BIT(queue); 1306 queue_state = mvmsta->tid_data[tid].state; 1307 1308 if (mvmsta->reserved_queue == queue) 1309 mvmsta->reserved_queue = IEEE80211_INVAL_HW_QUEUE; 1310 spin_unlock_bh(&mvmsta->lock); 1311 1312 if (!shared_queue) { 1313 ret = iwl_mvm_sta_send_to_fw(mvm, sta, true, STA_MODIFY_QUEUES); 1314 if (ret) 1315 goto out_err; 1316 1317 /* If we need to re-enable aggregations... */ 1318 if (queue_state == IWL_AGG_ON) { 1319 ret = iwl_mvm_sta_tx_agg(mvm, sta, tid, queue, true); 1320 if (ret) 1321 goto out_err; 1322 } 1323 } else { 1324 /* Redirect queue, if needed */ 1325 ret = iwl_mvm_redirect_queue(mvm, queue, tid, ac, ssn, 1326 wdg_timeout, false, 1327 iwl_mvm_txq_from_tid(sta, tid)); 1328 if (ret) 1329 goto out_err; 1330 } 1331 1332 return 0; 1333 1334 out_err: 1335 iwl_mvm_disable_txq(mvm, sta, queue, tid, 0); 1336 1337 return ret; 1338 } 1339 1340 void iwl_mvm_add_new_dqa_stream_wk(struct work_struct *wk) 1341 { 1342 struct iwl_mvm *mvm = container_of(wk, struct iwl_mvm, 1343 add_stream_wk); 1344 1345 mutex_lock(&mvm->mutex); 1346 1347 iwl_mvm_inactivity_check(mvm, IWL_MVM_INVALID_STA); 1348 1349 while (!list_empty(&mvm->add_stream_txqs)) { 1350 struct iwl_mvm_txq *mvmtxq; 1351 struct ieee80211_txq *txq; 1352 u8 tid; 1353 1354 mvmtxq = list_first_entry(&mvm->add_stream_txqs, 1355 struct iwl_mvm_txq, list); 1356 1357 txq = container_of((void *)mvmtxq, struct ieee80211_txq, 1358 drv_priv); 1359 tid = txq->tid; 1360 if (tid == IEEE80211_NUM_TIDS) 1361 tid = IWL_MAX_TID_COUNT; 1362 1363 /* 1364 * We can't really do much here, but if this fails we can't 1365 * transmit anyway - so just don't transmit the frame etc. 1366 * and let them back up ... we've tried our best to allocate 1367 * a queue in the function itself. 1368 */ 1369 if (iwl_mvm_sta_alloc_queue(mvm, txq->sta, txq->ac, tid)) { 1370 list_del_init(&mvmtxq->list); 1371 continue; 1372 } 1373 1374 list_del_init(&mvmtxq->list); 1375 local_bh_disable(); 1376 iwl_mvm_mac_itxq_xmit(mvm->hw, txq); 1377 local_bh_enable(); 1378 } 1379 1380 mutex_unlock(&mvm->mutex); 1381 } 1382 1383 static int iwl_mvm_reserve_sta_stream(struct iwl_mvm *mvm, 1384 struct ieee80211_sta *sta, 1385 enum nl80211_iftype vif_type) 1386 { 1387 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 1388 int queue; 1389 1390 /* queue reserving is disabled on new TX path */ 1391 if (WARN_ON(iwl_mvm_has_new_tx_api(mvm))) 1392 return 0; 1393 1394 /* run the general cleanup/unsharing of queues */ 1395 iwl_mvm_inactivity_check(mvm, IWL_MVM_INVALID_STA); 1396 1397 /* Make sure we have free resources for this STA */ 1398 if (vif_type == NL80211_IFTYPE_STATION && !sta->tdls && 1399 !mvm->queue_info[IWL_MVM_DQA_BSS_CLIENT_QUEUE].tid_bitmap && 1400 (mvm->queue_info[IWL_MVM_DQA_BSS_CLIENT_QUEUE].status == 1401 IWL_MVM_QUEUE_FREE)) 1402 queue = IWL_MVM_DQA_BSS_CLIENT_QUEUE; 1403 else 1404 queue = iwl_mvm_find_free_queue(mvm, mvmsta->sta_id, 1405 IWL_MVM_DQA_MIN_DATA_QUEUE, 1406 IWL_MVM_DQA_MAX_DATA_QUEUE); 1407 if (queue < 0) { 1408 /* try again - this time kick out a queue if needed */ 1409 queue = iwl_mvm_inactivity_check(mvm, mvmsta->sta_id); 1410 if (queue < 0) { 1411 IWL_ERR(mvm, "No available queues for new station\n"); 1412 return -ENOSPC; 1413 } 1414 } 1415 mvm->queue_info[queue].status = IWL_MVM_QUEUE_RESERVED; 1416 1417 mvmsta->reserved_queue = queue; 1418 1419 IWL_DEBUG_TX_QUEUES(mvm, "Reserving data queue #%d for sta_id %d\n", 1420 queue, mvmsta->sta_id); 1421 1422 return 0; 1423 } 1424 1425 /* 1426 * In DQA mode, after a HW restart the queues should be allocated as before, in 1427 * order to avoid race conditions when there are shared queues. This function 1428 * does the re-mapping and queue allocation. 1429 * 1430 * Note that re-enabling aggregations isn't done in this function. 1431 */ 1432 static void iwl_mvm_realloc_queues_after_restart(struct iwl_mvm *mvm, 1433 struct ieee80211_sta *sta) 1434 { 1435 struct iwl_mvm_sta *mvm_sta = iwl_mvm_sta_from_mac80211(sta); 1436 unsigned int wdg = 1437 iwl_mvm_get_wd_timeout(mvm, mvm_sta->vif, false, false); 1438 int i; 1439 struct iwl_trans_txq_scd_cfg cfg = { 1440 .sta_id = mvm_sta->sta_id, 1441 .frame_limit = IWL_FRAME_LIMIT, 1442 }; 1443 1444 /* Make sure reserved queue is still marked as such (if allocated) */ 1445 if (mvm_sta->reserved_queue != IEEE80211_INVAL_HW_QUEUE) 1446 mvm->queue_info[mvm_sta->reserved_queue].status = 1447 IWL_MVM_QUEUE_RESERVED; 1448 1449 for (i = 0; i <= IWL_MAX_TID_COUNT; i++) { 1450 struct iwl_mvm_tid_data *tid_data = &mvm_sta->tid_data[i]; 1451 int txq_id = tid_data->txq_id; 1452 int ac; 1453 1454 if (txq_id == IWL_MVM_INVALID_QUEUE) 1455 continue; 1456 1457 ac = tid_to_mac80211_ac[i]; 1458 1459 if (iwl_mvm_has_new_tx_api(mvm)) { 1460 IWL_DEBUG_TX_QUEUES(mvm, 1461 "Re-mapping sta %d tid %d\n", 1462 mvm_sta->sta_id, i); 1463 txq_id = iwl_mvm_tvqm_enable_txq(mvm, mvm_sta->sta_id, 1464 i, wdg); 1465 /* 1466 * on failures, just set it to IWL_MVM_INVALID_QUEUE 1467 * to try again later, we have no other good way of 1468 * failing here 1469 */ 1470 if (txq_id < 0) 1471 txq_id = IWL_MVM_INVALID_QUEUE; 1472 tid_data->txq_id = txq_id; 1473 1474 /* 1475 * Since we don't set the seq number after reset, and HW 1476 * sets it now, FW reset will cause the seq num to start 1477 * at 0 again, so driver will need to update it 1478 * internally as well, so it keeps in sync with real val 1479 */ 1480 tid_data->seq_number = 0; 1481 } else { 1482 u16 seq = IEEE80211_SEQ_TO_SN(tid_data->seq_number); 1483 1484 cfg.tid = i; 1485 cfg.fifo = iwl_mvm_mac_ac_to_tx_fifo(mvm, ac); 1486 cfg.aggregate = (txq_id >= IWL_MVM_DQA_MIN_DATA_QUEUE || 1487 txq_id == 1488 IWL_MVM_DQA_BSS_CLIENT_QUEUE); 1489 1490 IWL_DEBUG_TX_QUEUES(mvm, 1491 "Re-mapping sta %d tid %d to queue %d\n", 1492 mvm_sta->sta_id, i, txq_id); 1493 1494 iwl_mvm_enable_txq(mvm, sta, txq_id, seq, &cfg, wdg); 1495 mvm->queue_info[txq_id].status = IWL_MVM_QUEUE_READY; 1496 } 1497 } 1498 } 1499 1500 static int iwl_mvm_add_int_sta_common(struct iwl_mvm *mvm, 1501 struct iwl_mvm_int_sta *sta, 1502 const u8 *addr, 1503 u16 mac_id, u16 color) 1504 { 1505 struct iwl_mvm_add_sta_cmd cmd; 1506 int ret; 1507 u32 status = ADD_STA_SUCCESS; 1508 1509 lockdep_assert_held(&mvm->mutex); 1510 1511 memset(&cmd, 0, sizeof(cmd)); 1512 cmd.sta_id = sta->sta_id; 1513 1514 if (iwl_fw_lookup_cmd_ver(mvm->fw, LONG_GROUP, ADD_STA, 1515 0) >= 12 && 1516 sta->type == IWL_STA_AUX_ACTIVITY) 1517 cmd.mac_id_n_color = cpu_to_le32(mac_id); 1518 else 1519 cmd.mac_id_n_color = cpu_to_le32(FW_CMD_ID_AND_COLOR(mac_id, 1520 color)); 1521 1522 if (fw_has_api(&mvm->fw->ucode_capa, IWL_UCODE_TLV_API_STA_TYPE)) 1523 cmd.station_type = sta->type; 1524 1525 if (!iwl_mvm_has_new_tx_api(mvm)) 1526 cmd.tfd_queue_msk = cpu_to_le32(sta->tfd_queue_msk); 1527 cmd.tid_disable_tx = cpu_to_le16(0xffff); 1528 1529 if (addr) 1530 memcpy(cmd.addr, addr, ETH_ALEN); 1531 1532 ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA, 1533 iwl_mvm_add_sta_cmd_size(mvm), 1534 &cmd, &status); 1535 if (ret) 1536 return ret; 1537 1538 switch (status & IWL_ADD_STA_STATUS_MASK) { 1539 case ADD_STA_SUCCESS: 1540 IWL_DEBUG_INFO(mvm, "Internal station added.\n"); 1541 return 0; 1542 default: 1543 ret = -EIO; 1544 IWL_ERR(mvm, "Add internal station failed, status=0x%x\n", 1545 status); 1546 break; 1547 } 1548 return ret; 1549 } 1550 1551 int iwl_mvm_add_sta(struct iwl_mvm *mvm, 1552 struct ieee80211_vif *vif, 1553 struct ieee80211_sta *sta) 1554 { 1555 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 1556 struct iwl_mvm_sta *mvm_sta = iwl_mvm_sta_from_mac80211(sta); 1557 struct iwl_mvm_rxq_dup_data *dup_data; 1558 int i, ret, sta_id; 1559 bool sta_update = false; 1560 unsigned int sta_flags = 0; 1561 1562 lockdep_assert_held(&mvm->mutex); 1563 1564 if (!test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status)) 1565 sta_id = iwl_mvm_find_free_sta_id(mvm, 1566 ieee80211_vif_type_p2p(vif)); 1567 else 1568 sta_id = mvm_sta->sta_id; 1569 1570 if (sta_id == IWL_MVM_INVALID_STA) 1571 return -ENOSPC; 1572 1573 spin_lock_init(&mvm_sta->lock); 1574 1575 /* if this is a HW restart re-alloc existing queues */ 1576 if (test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status)) { 1577 struct iwl_mvm_int_sta tmp_sta = { 1578 .sta_id = sta_id, 1579 .type = mvm_sta->sta_type, 1580 }; 1581 1582 /* 1583 * First add an empty station since allocating 1584 * a queue requires a valid station 1585 */ 1586 ret = iwl_mvm_add_int_sta_common(mvm, &tmp_sta, sta->addr, 1587 mvmvif->id, mvmvif->color); 1588 if (ret) 1589 goto err; 1590 1591 iwl_mvm_realloc_queues_after_restart(mvm, sta); 1592 sta_update = true; 1593 sta_flags = iwl_mvm_has_new_tx_api(mvm) ? 0 : STA_MODIFY_QUEUES; 1594 goto update_fw; 1595 } 1596 1597 mvm_sta->sta_id = sta_id; 1598 mvm_sta->mac_id_n_color = FW_CMD_ID_AND_COLOR(mvmvif->id, 1599 mvmvif->color); 1600 mvm_sta->vif = vif; 1601 if (!mvm->trans->trans_cfg->gen2) 1602 mvm_sta->max_agg_bufsize = LINK_QUAL_AGG_FRAME_LIMIT_DEF; 1603 else 1604 mvm_sta->max_agg_bufsize = LINK_QUAL_AGG_FRAME_LIMIT_GEN2_DEF; 1605 mvm_sta->tx_protection = 0; 1606 mvm_sta->tt_tx_protection = false; 1607 mvm_sta->sta_type = sta->tdls ? IWL_STA_TDLS_LINK : IWL_STA_LINK; 1608 1609 /* HW restart, don't assume the memory has been zeroed */ 1610 mvm_sta->tid_disable_agg = 0xffff; /* No aggs at first */ 1611 mvm_sta->tfd_queue_msk = 0; 1612 1613 /* for HW restart - reset everything but the sequence number */ 1614 for (i = 0; i <= IWL_MAX_TID_COUNT; i++) { 1615 u16 seq = mvm_sta->tid_data[i].seq_number; 1616 memset(&mvm_sta->tid_data[i], 0, sizeof(mvm_sta->tid_data[i])); 1617 mvm_sta->tid_data[i].seq_number = seq; 1618 1619 /* 1620 * Mark all queues for this STA as unallocated and defer TX 1621 * frames until the queue is allocated 1622 */ 1623 mvm_sta->tid_data[i].txq_id = IWL_MVM_INVALID_QUEUE; 1624 } 1625 1626 for (i = 0; i < ARRAY_SIZE(sta->txq); i++) { 1627 struct iwl_mvm_txq *mvmtxq = 1628 iwl_mvm_txq_from_mac80211(sta->txq[i]); 1629 1630 mvmtxq->txq_id = IWL_MVM_INVALID_QUEUE; 1631 INIT_LIST_HEAD(&mvmtxq->list); 1632 atomic_set(&mvmtxq->tx_request, 0); 1633 } 1634 1635 mvm_sta->agg_tids = 0; 1636 1637 if (iwl_mvm_has_new_rx_api(mvm) && 1638 !test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status)) { 1639 int q; 1640 1641 dup_data = kcalloc(mvm->trans->num_rx_queues, 1642 sizeof(*dup_data), GFP_KERNEL); 1643 if (!dup_data) 1644 return -ENOMEM; 1645 /* 1646 * Initialize all the last_seq values to 0xffff which can never 1647 * compare equal to the frame's seq_ctrl in the check in 1648 * iwl_mvm_is_dup() since the lower 4 bits are the fragment 1649 * number and fragmented packets don't reach that function. 1650 * 1651 * This thus allows receiving a packet with seqno 0 and the 1652 * retry bit set as the very first packet on a new TID. 1653 */ 1654 for (q = 0; q < mvm->trans->num_rx_queues; q++) 1655 memset(dup_data[q].last_seq, 0xff, 1656 sizeof(dup_data[q].last_seq)); 1657 mvm_sta->dup_data = dup_data; 1658 } 1659 1660 if (!iwl_mvm_has_new_tx_api(mvm)) { 1661 ret = iwl_mvm_reserve_sta_stream(mvm, sta, 1662 ieee80211_vif_type_p2p(vif)); 1663 if (ret) 1664 goto err; 1665 } 1666 1667 /* 1668 * if rs is registered with mac80211, then "add station" will be handled 1669 * via the corresponding ops, otherwise need to notify rate scaling here 1670 */ 1671 if (iwl_mvm_has_tlc_offload(mvm)) 1672 iwl_mvm_rs_add_sta(mvm, mvm_sta); 1673 else 1674 spin_lock_init(&mvm_sta->lq_sta.rs_drv.pers.lock); 1675 1676 iwl_mvm_toggle_tx_ant(mvm, &mvm_sta->tx_ant); 1677 1678 update_fw: 1679 ret = iwl_mvm_sta_send_to_fw(mvm, sta, sta_update, sta_flags); 1680 if (ret) 1681 goto err; 1682 1683 if (vif->type == NL80211_IFTYPE_STATION) { 1684 if (!sta->tdls) { 1685 WARN_ON(mvmvif->ap_sta_id != IWL_MVM_INVALID_STA); 1686 mvmvif->ap_sta_id = sta_id; 1687 } else { 1688 WARN_ON(mvmvif->ap_sta_id == IWL_MVM_INVALID_STA); 1689 } 1690 } 1691 1692 rcu_assign_pointer(mvm->fw_id_to_mac_id[sta_id], sta); 1693 1694 return 0; 1695 1696 err: 1697 return ret; 1698 } 1699 1700 int iwl_mvm_drain_sta(struct iwl_mvm *mvm, struct iwl_mvm_sta *mvmsta, 1701 bool drain) 1702 { 1703 struct iwl_mvm_add_sta_cmd cmd = {}; 1704 int ret; 1705 u32 status; 1706 1707 lockdep_assert_held(&mvm->mutex); 1708 1709 cmd.mac_id_n_color = cpu_to_le32(mvmsta->mac_id_n_color); 1710 cmd.sta_id = mvmsta->sta_id; 1711 cmd.add_modify = STA_MODE_MODIFY; 1712 cmd.station_flags = drain ? cpu_to_le32(STA_FLG_DRAIN_FLOW) : 0; 1713 cmd.station_flags_msk = cpu_to_le32(STA_FLG_DRAIN_FLOW); 1714 1715 status = ADD_STA_SUCCESS; 1716 ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA, 1717 iwl_mvm_add_sta_cmd_size(mvm), 1718 &cmd, &status); 1719 if (ret) 1720 return ret; 1721 1722 switch (status & IWL_ADD_STA_STATUS_MASK) { 1723 case ADD_STA_SUCCESS: 1724 IWL_DEBUG_INFO(mvm, "Frames for staid %d will drained in fw\n", 1725 mvmsta->sta_id); 1726 break; 1727 default: 1728 ret = -EIO; 1729 IWL_ERR(mvm, "Couldn't drain frames for staid %d\n", 1730 mvmsta->sta_id); 1731 break; 1732 } 1733 1734 return ret; 1735 } 1736 1737 /* 1738 * Remove a station from the FW table. Before sending the command to remove 1739 * the station validate that the station is indeed known to the driver (sanity 1740 * only). 1741 */ 1742 static int iwl_mvm_rm_sta_common(struct iwl_mvm *mvm, u8 sta_id) 1743 { 1744 struct ieee80211_sta *sta; 1745 struct iwl_mvm_rm_sta_cmd rm_sta_cmd = { 1746 .sta_id = sta_id, 1747 }; 1748 int ret; 1749 1750 sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[sta_id], 1751 lockdep_is_held(&mvm->mutex)); 1752 1753 /* Note: internal stations are marked as error values */ 1754 if (!sta) { 1755 IWL_ERR(mvm, "Invalid station id\n"); 1756 return -EINVAL; 1757 } 1758 1759 ret = iwl_mvm_send_cmd_pdu(mvm, REMOVE_STA, 0, 1760 sizeof(rm_sta_cmd), &rm_sta_cmd); 1761 if (ret) { 1762 IWL_ERR(mvm, "Failed to remove station. Id=%d\n", sta_id); 1763 return ret; 1764 } 1765 1766 return 0; 1767 } 1768 1769 static void iwl_mvm_disable_sta_queues(struct iwl_mvm *mvm, 1770 struct ieee80211_vif *vif, 1771 struct ieee80211_sta *sta) 1772 { 1773 struct iwl_mvm_sta *mvm_sta = iwl_mvm_sta_from_mac80211(sta); 1774 int i; 1775 1776 lockdep_assert_held(&mvm->mutex); 1777 1778 for (i = 0; i < ARRAY_SIZE(mvm_sta->tid_data); i++) { 1779 if (mvm_sta->tid_data[i].txq_id == IWL_MVM_INVALID_QUEUE) 1780 continue; 1781 1782 iwl_mvm_disable_txq(mvm, sta, mvm_sta->tid_data[i].txq_id, i, 1783 0); 1784 mvm_sta->tid_data[i].txq_id = IWL_MVM_INVALID_QUEUE; 1785 } 1786 1787 for (i = 0; i < ARRAY_SIZE(sta->txq); i++) { 1788 struct iwl_mvm_txq *mvmtxq = 1789 iwl_mvm_txq_from_mac80211(sta->txq[i]); 1790 1791 mvmtxq->txq_id = IWL_MVM_INVALID_QUEUE; 1792 } 1793 } 1794 1795 int iwl_mvm_wait_sta_queues_empty(struct iwl_mvm *mvm, 1796 struct iwl_mvm_sta *mvm_sta) 1797 { 1798 int i; 1799 1800 for (i = 0; i < ARRAY_SIZE(mvm_sta->tid_data); i++) { 1801 u16 txq_id; 1802 int ret; 1803 1804 spin_lock_bh(&mvm_sta->lock); 1805 txq_id = mvm_sta->tid_data[i].txq_id; 1806 spin_unlock_bh(&mvm_sta->lock); 1807 1808 if (txq_id == IWL_MVM_INVALID_QUEUE) 1809 continue; 1810 1811 ret = iwl_trans_wait_txq_empty(mvm->trans, txq_id); 1812 if (ret) 1813 return ret; 1814 } 1815 1816 return 0; 1817 } 1818 1819 int iwl_mvm_rm_sta(struct iwl_mvm *mvm, 1820 struct ieee80211_vif *vif, 1821 struct ieee80211_sta *sta) 1822 { 1823 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 1824 struct iwl_mvm_sta *mvm_sta = iwl_mvm_sta_from_mac80211(sta); 1825 u8 sta_id = mvm_sta->sta_id; 1826 int ret; 1827 1828 lockdep_assert_held(&mvm->mutex); 1829 1830 if (iwl_mvm_has_new_rx_api(mvm)) 1831 kfree(mvm_sta->dup_data); 1832 1833 ret = iwl_mvm_drain_sta(mvm, mvm_sta, true); 1834 if (ret) 1835 return ret; 1836 1837 /* flush its queues here since we are freeing mvm_sta */ 1838 ret = iwl_mvm_flush_sta(mvm, mvm_sta, false); 1839 if (ret) 1840 return ret; 1841 if (iwl_mvm_has_new_tx_api(mvm)) { 1842 ret = iwl_mvm_wait_sta_queues_empty(mvm, mvm_sta); 1843 } else { 1844 u32 q_mask = mvm_sta->tfd_queue_msk; 1845 1846 ret = iwl_trans_wait_tx_queues_empty(mvm->trans, 1847 q_mask); 1848 } 1849 if (ret) 1850 return ret; 1851 1852 ret = iwl_mvm_drain_sta(mvm, mvm_sta, false); 1853 1854 iwl_mvm_disable_sta_queues(mvm, vif, sta); 1855 1856 /* If there is a TXQ still marked as reserved - free it */ 1857 if (mvm_sta->reserved_queue != IEEE80211_INVAL_HW_QUEUE) { 1858 u8 reserved_txq = mvm_sta->reserved_queue; 1859 enum iwl_mvm_queue_status *status; 1860 1861 /* 1862 * If no traffic has gone through the reserved TXQ - it 1863 * is still marked as IWL_MVM_QUEUE_RESERVED, and 1864 * should be manually marked as free again 1865 */ 1866 status = &mvm->queue_info[reserved_txq].status; 1867 if (WARN((*status != IWL_MVM_QUEUE_RESERVED) && 1868 (*status != IWL_MVM_QUEUE_FREE), 1869 "sta_id %d reserved txq %d status %d", 1870 sta_id, reserved_txq, *status)) 1871 return -EINVAL; 1872 1873 *status = IWL_MVM_QUEUE_FREE; 1874 } 1875 1876 if (vif->type == NL80211_IFTYPE_STATION && 1877 mvmvif->ap_sta_id == sta_id) { 1878 /* if associated - we can't remove the AP STA now */ 1879 if (vif->bss_conf.assoc) 1880 return ret; 1881 1882 /* unassoc - go ahead - remove the AP STA now */ 1883 mvmvif->ap_sta_id = IWL_MVM_INVALID_STA; 1884 } 1885 1886 /* 1887 * This shouldn't happen - the TDLS channel switch should be canceled 1888 * before the STA is removed. 1889 */ 1890 if (WARN_ON_ONCE(mvm->tdls_cs.peer.sta_id == sta_id)) { 1891 mvm->tdls_cs.peer.sta_id = IWL_MVM_INVALID_STA; 1892 cancel_delayed_work(&mvm->tdls_cs.dwork); 1893 } 1894 1895 /* 1896 * Make sure that the tx response code sees the station as -EBUSY and 1897 * calls the drain worker. 1898 */ 1899 spin_lock_bh(&mvm_sta->lock); 1900 spin_unlock_bh(&mvm_sta->lock); 1901 1902 ret = iwl_mvm_rm_sta_common(mvm, mvm_sta->sta_id); 1903 RCU_INIT_POINTER(mvm->fw_id_to_mac_id[mvm_sta->sta_id], NULL); 1904 1905 return ret; 1906 } 1907 1908 int iwl_mvm_rm_sta_id(struct iwl_mvm *mvm, 1909 struct ieee80211_vif *vif, 1910 u8 sta_id) 1911 { 1912 int ret = iwl_mvm_rm_sta_common(mvm, sta_id); 1913 1914 lockdep_assert_held(&mvm->mutex); 1915 1916 RCU_INIT_POINTER(mvm->fw_id_to_mac_id[sta_id], NULL); 1917 return ret; 1918 } 1919 1920 int iwl_mvm_allocate_int_sta(struct iwl_mvm *mvm, 1921 struct iwl_mvm_int_sta *sta, 1922 u32 qmask, enum nl80211_iftype iftype, 1923 enum iwl_sta_type type) 1924 { 1925 if (!test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status) || 1926 sta->sta_id == IWL_MVM_INVALID_STA) { 1927 sta->sta_id = iwl_mvm_find_free_sta_id(mvm, iftype); 1928 if (WARN_ON_ONCE(sta->sta_id == IWL_MVM_INVALID_STA)) 1929 return -ENOSPC; 1930 } 1931 1932 sta->tfd_queue_msk = qmask; 1933 sta->type = type; 1934 1935 /* put a non-NULL value so iterating over the stations won't stop */ 1936 rcu_assign_pointer(mvm->fw_id_to_mac_id[sta->sta_id], ERR_PTR(-EINVAL)); 1937 return 0; 1938 } 1939 1940 void iwl_mvm_dealloc_int_sta(struct iwl_mvm *mvm, struct iwl_mvm_int_sta *sta) 1941 { 1942 RCU_INIT_POINTER(mvm->fw_id_to_mac_id[sta->sta_id], NULL); 1943 memset(sta, 0, sizeof(struct iwl_mvm_int_sta)); 1944 sta->sta_id = IWL_MVM_INVALID_STA; 1945 } 1946 1947 static void iwl_mvm_enable_aux_snif_queue(struct iwl_mvm *mvm, u16 queue, 1948 u8 sta_id, u8 fifo) 1949 { 1950 unsigned int wdg_timeout = 1951 mvm->trans->trans_cfg->base_params->wd_timeout; 1952 struct iwl_trans_txq_scd_cfg cfg = { 1953 .fifo = fifo, 1954 .sta_id = sta_id, 1955 .tid = IWL_MAX_TID_COUNT, 1956 .aggregate = false, 1957 .frame_limit = IWL_FRAME_LIMIT, 1958 }; 1959 1960 WARN_ON(iwl_mvm_has_new_tx_api(mvm)); 1961 1962 iwl_mvm_enable_txq(mvm, NULL, queue, 0, &cfg, wdg_timeout); 1963 } 1964 1965 static int iwl_mvm_enable_aux_snif_queue_tvqm(struct iwl_mvm *mvm, u8 sta_id) 1966 { 1967 unsigned int wdg_timeout = 1968 mvm->trans->trans_cfg->base_params->wd_timeout; 1969 1970 WARN_ON(!iwl_mvm_has_new_tx_api(mvm)); 1971 1972 return iwl_mvm_tvqm_enable_txq(mvm, sta_id, IWL_MAX_TID_COUNT, 1973 wdg_timeout); 1974 } 1975 1976 static int iwl_mvm_add_int_sta_with_queue(struct iwl_mvm *mvm, int macidx, 1977 int maccolor, u8 *addr, 1978 struct iwl_mvm_int_sta *sta, 1979 u16 *queue, int fifo) 1980 { 1981 int ret; 1982 1983 /* Map queue to fifo - needs to happen before adding station */ 1984 if (!iwl_mvm_has_new_tx_api(mvm)) 1985 iwl_mvm_enable_aux_snif_queue(mvm, *queue, sta->sta_id, fifo); 1986 1987 ret = iwl_mvm_add_int_sta_common(mvm, sta, addr, macidx, maccolor); 1988 if (ret) { 1989 if (!iwl_mvm_has_new_tx_api(mvm)) 1990 iwl_mvm_disable_txq(mvm, NULL, *queue, 1991 IWL_MAX_TID_COUNT, 0); 1992 return ret; 1993 } 1994 1995 /* 1996 * For 22000 firmware and on we cannot add queue to a station unknown 1997 * to firmware so enable queue here - after the station was added 1998 */ 1999 if (iwl_mvm_has_new_tx_api(mvm)) { 2000 int txq; 2001 2002 txq = iwl_mvm_enable_aux_snif_queue_tvqm(mvm, sta->sta_id); 2003 if (txq < 0) { 2004 iwl_mvm_rm_sta_common(mvm, sta->sta_id); 2005 return txq; 2006 } 2007 2008 *queue = txq; 2009 } 2010 2011 return 0; 2012 } 2013 2014 int iwl_mvm_add_aux_sta(struct iwl_mvm *mvm, u32 lmac_id) 2015 { 2016 int ret; 2017 2018 lockdep_assert_held(&mvm->mutex); 2019 2020 /* Allocate aux station and assign to it the aux queue */ 2021 ret = iwl_mvm_allocate_int_sta(mvm, &mvm->aux_sta, BIT(mvm->aux_queue), 2022 NL80211_IFTYPE_UNSPECIFIED, 2023 IWL_STA_AUX_ACTIVITY); 2024 if (ret) 2025 return ret; 2026 2027 /* 2028 * In CDB NICs we need to specify which lmac to use for aux activity 2029 * using the mac_id argument place to send lmac_id to the function 2030 */ 2031 ret = iwl_mvm_add_int_sta_with_queue(mvm, lmac_id, 0, NULL, 2032 &mvm->aux_sta, &mvm->aux_queue, 2033 IWL_MVM_TX_FIFO_MCAST); 2034 if (ret) { 2035 iwl_mvm_dealloc_int_sta(mvm, &mvm->aux_sta); 2036 return ret; 2037 } 2038 2039 return 0; 2040 } 2041 2042 int iwl_mvm_add_snif_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif) 2043 { 2044 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 2045 2046 lockdep_assert_held(&mvm->mutex); 2047 2048 return iwl_mvm_add_int_sta_with_queue(mvm, mvmvif->id, mvmvif->color, 2049 NULL, &mvm->snif_sta, 2050 &mvm->snif_queue, 2051 IWL_MVM_TX_FIFO_BE); 2052 } 2053 2054 int iwl_mvm_rm_snif_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif) 2055 { 2056 int ret; 2057 2058 lockdep_assert_held(&mvm->mutex); 2059 2060 iwl_mvm_disable_txq(mvm, NULL, mvm->snif_queue, IWL_MAX_TID_COUNT, 0); 2061 ret = iwl_mvm_rm_sta_common(mvm, mvm->snif_sta.sta_id); 2062 if (ret) 2063 IWL_WARN(mvm, "Failed sending remove station\n"); 2064 2065 return ret; 2066 } 2067 2068 int iwl_mvm_rm_aux_sta(struct iwl_mvm *mvm) 2069 { 2070 int ret; 2071 2072 lockdep_assert_held(&mvm->mutex); 2073 2074 iwl_mvm_disable_txq(mvm, NULL, mvm->aux_queue, IWL_MAX_TID_COUNT, 0); 2075 ret = iwl_mvm_rm_sta_common(mvm, mvm->aux_sta.sta_id); 2076 if (ret) 2077 IWL_WARN(mvm, "Failed sending remove station\n"); 2078 iwl_mvm_dealloc_int_sta(mvm, &mvm->aux_sta); 2079 2080 return ret; 2081 } 2082 2083 void iwl_mvm_dealloc_snif_sta(struct iwl_mvm *mvm) 2084 { 2085 iwl_mvm_dealloc_int_sta(mvm, &mvm->snif_sta); 2086 } 2087 2088 /* 2089 * Send the add station command for the vif's broadcast station. 2090 * Assumes that the station was already allocated. 2091 * 2092 * @mvm: the mvm component 2093 * @vif: the interface to which the broadcast station is added 2094 * @bsta: the broadcast station to add. 2095 */ 2096 int iwl_mvm_send_add_bcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif) 2097 { 2098 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 2099 struct iwl_mvm_int_sta *bsta = &mvmvif->bcast_sta; 2100 static const u8 _baddr[] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; 2101 const u8 *baddr = _baddr; 2102 int queue; 2103 int ret; 2104 unsigned int wdg_timeout = 2105 iwl_mvm_get_wd_timeout(mvm, vif, false, false); 2106 struct iwl_trans_txq_scd_cfg cfg = { 2107 .fifo = IWL_MVM_TX_FIFO_VO, 2108 .sta_id = mvmvif->bcast_sta.sta_id, 2109 .tid = IWL_MAX_TID_COUNT, 2110 .aggregate = false, 2111 .frame_limit = IWL_FRAME_LIMIT, 2112 }; 2113 2114 lockdep_assert_held(&mvm->mutex); 2115 2116 if (!iwl_mvm_has_new_tx_api(mvm)) { 2117 if (vif->type == NL80211_IFTYPE_AP || 2118 vif->type == NL80211_IFTYPE_ADHOC) { 2119 queue = mvm->probe_queue; 2120 } else if (vif->type == NL80211_IFTYPE_P2P_DEVICE) { 2121 queue = mvm->p2p_dev_queue; 2122 } else { 2123 WARN(1, "Missing required TXQ for adding bcast STA\n"); 2124 return -EINVAL; 2125 } 2126 2127 bsta->tfd_queue_msk |= BIT(queue); 2128 2129 iwl_mvm_enable_txq(mvm, NULL, queue, 0, &cfg, wdg_timeout); 2130 } 2131 2132 if (vif->type == NL80211_IFTYPE_ADHOC) 2133 baddr = vif->bss_conf.bssid; 2134 2135 if (WARN_ON_ONCE(bsta->sta_id == IWL_MVM_INVALID_STA)) 2136 return -ENOSPC; 2137 2138 ret = iwl_mvm_add_int_sta_common(mvm, bsta, baddr, 2139 mvmvif->id, mvmvif->color); 2140 if (ret) 2141 return ret; 2142 2143 /* 2144 * For 22000 firmware and on we cannot add queue to a station unknown 2145 * to firmware so enable queue here - after the station was added 2146 */ 2147 if (iwl_mvm_has_new_tx_api(mvm)) { 2148 queue = iwl_mvm_tvqm_enable_txq(mvm, bsta->sta_id, 2149 IWL_MAX_TID_COUNT, 2150 wdg_timeout); 2151 if (queue < 0) { 2152 iwl_mvm_rm_sta_common(mvm, bsta->sta_id); 2153 return queue; 2154 } 2155 2156 if (vif->type == NL80211_IFTYPE_AP || 2157 vif->type == NL80211_IFTYPE_ADHOC) 2158 mvm->probe_queue = queue; 2159 else if (vif->type == NL80211_IFTYPE_P2P_DEVICE) 2160 mvm->p2p_dev_queue = queue; 2161 } 2162 2163 return 0; 2164 } 2165 2166 static void iwl_mvm_free_bcast_sta_queues(struct iwl_mvm *mvm, 2167 struct ieee80211_vif *vif) 2168 { 2169 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 2170 int queue; 2171 2172 lockdep_assert_held(&mvm->mutex); 2173 2174 iwl_mvm_flush_sta(mvm, &mvmvif->bcast_sta, true); 2175 2176 switch (vif->type) { 2177 case NL80211_IFTYPE_AP: 2178 case NL80211_IFTYPE_ADHOC: 2179 queue = mvm->probe_queue; 2180 break; 2181 case NL80211_IFTYPE_P2P_DEVICE: 2182 queue = mvm->p2p_dev_queue; 2183 break; 2184 default: 2185 WARN(1, "Can't free bcast queue on vif type %d\n", 2186 vif->type); 2187 return; 2188 } 2189 2190 iwl_mvm_disable_txq(mvm, NULL, queue, IWL_MAX_TID_COUNT, 0); 2191 if (iwl_mvm_has_new_tx_api(mvm)) 2192 return; 2193 2194 WARN_ON(!(mvmvif->bcast_sta.tfd_queue_msk & BIT(queue))); 2195 mvmvif->bcast_sta.tfd_queue_msk &= ~BIT(queue); 2196 } 2197 2198 /* Send the FW a request to remove the station from it's internal data 2199 * structures, but DO NOT remove the entry from the local data structures. */ 2200 int iwl_mvm_send_rm_bcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif) 2201 { 2202 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 2203 int ret; 2204 2205 lockdep_assert_held(&mvm->mutex); 2206 2207 iwl_mvm_free_bcast_sta_queues(mvm, vif); 2208 2209 ret = iwl_mvm_rm_sta_common(mvm, mvmvif->bcast_sta.sta_id); 2210 if (ret) 2211 IWL_WARN(mvm, "Failed sending remove station\n"); 2212 return ret; 2213 } 2214 2215 int iwl_mvm_alloc_bcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif) 2216 { 2217 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 2218 2219 lockdep_assert_held(&mvm->mutex); 2220 2221 return iwl_mvm_allocate_int_sta(mvm, &mvmvif->bcast_sta, 0, 2222 ieee80211_vif_type_p2p(vif), 2223 IWL_STA_GENERAL_PURPOSE); 2224 } 2225 2226 /* Allocate a new station entry for the broadcast station to the given vif, 2227 * and send it to the FW. 2228 * Note that each P2P mac should have its own broadcast station. 2229 * 2230 * @mvm: the mvm component 2231 * @vif: the interface to which the broadcast station is added 2232 * @bsta: the broadcast station to add. */ 2233 int iwl_mvm_add_p2p_bcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif) 2234 { 2235 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 2236 struct iwl_mvm_int_sta *bsta = &mvmvif->bcast_sta; 2237 int ret; 2238 2239 lockdep_assert_held(&mvm->mutex); 2240 2241 ret = iwl_mvm_alloc_bcast_sta(mvm, vif); 2242 if (ret) 2243 return ret; 2244 2245 ret = iwl_mvm_send_add_bcast_sta(mvm, vif); 2246 2247 if (ret) 2248 iwl_mvm_dealloc_int_sta(mvm, bsta); 2249 2250 return ret; 2251 } 2252 2253 void iwl_mvm_dealloc_bcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif) 2254 { 2255 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 2256 2257 iwl_mvm_dealloc_int_sta(mvm, &mvmvif->bcast_sta); 2258 } 2259 2260 /* 2261 * Send the FW a request to remove the station from it's internal data 2262 * structures, and in addition remove it from the local data structure. 2263 */ 2264 int iwl_mvm_rm_p2p_bcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif) 2265 { 2266 int ret; 2267 2268 lockdep_assert_held(&mvm->mutex); 2269 2270 ret = iwl_mvm_send_rm_bcast_sta(mvm, vif); 2271 2272 iwl_mvm_dealloc_bcast_sta(mvm, vif); 2273 2274 return ret; 2275 } 2276 2277 /* 2278 * Allocate a new station entry for the multicast station to the given vif, 2279 * and send it to the FW. 2280 * Note that each AP/GO mac should have its own multicast station. 2281 * 2282 * @mvm: the mvm component 2283 * @vif: the interface to which the multicast station is added 2284 */ 2285 int iwl_mvm_add_mcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif) 2286 { 2287 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 2288 struct iwl_mvm_int_sta *msta = &mvmvif->mcast_sta; 2289 static const u8 _maddr[] = {0x03, 0x00, 0x00, 0x00, 0x00, 0x00}; 2290 const u8 *maddr = _maddr; 2291 struct iwl_trans_txq_scd_cfg cfg = { 2292 .fifo = vif->type == NL80211_IFTYPE_AP ? 2293 IWL_MVM_TX_FIFO_MCAST : IWL_MVM_TX_FIFO_BE, 2294 .sta_id = msta->sta_id, 2295 .tid = 0, 2296 .aggregate = false, 2297 .frame_limit = IWL_FRAME_LIMIT, 2298 }; 2299 unsigned int timeout = iwl_mvm_get_wd_timeout(mvm, vif, false, false); 2300 int ret; 2301 2302 lockdep_assert_held(&mvm->mutex); 2303 2304 if (WARN_ON(vif->type != NL80211_IFTYPE_AP && 2305 vif->type != NL80211_IFTYPE_ADHOC)) 2306 return -ENOTSUPP; 2307 2308 /* 2309 * In IBSS, ieee80211_check_queues() sets the cab_queue to be 2310 * invalid, so make sure we use the queue we want. 2311 * Note that this is done here as we want to avoid making DQA 2312 * changes in mac80211 layer. 2313 */ 2314 if (vif->type == NL80211_IFTYPE_ADHOC) 2315 mvmvif->cab_queue = IWL_MVM_DQA_GCAST_QUEUE; 2316 2317 /* 2318 * While in previous FWs we had to exclude cab queue from TFD queue 2319 * mask, now it is needed as any other queue. 2320 */ 2321 if (!iwl_mvm_has_new_tx_api(mvm) && 2322 fw_has_api(&mvm->fw->ucode_capa, IWL_UCODE_TLV_API_STA_TYPE)) { 2323 iwl_mvm_enable_txq(mvm, NULL, mvmvif->cab_queue, 0, &cfg, 2324 timeout); 2325 msta->tfd_queue_msk |= BIT(mvmvif->cab_queue); 2326 } 2327 ret = iwl_mvm_add_int_sta_common(mvm, msta, maddr, 2328 mvmvif->id, mvmvif->color); 2329 if (ret) 2330 goto err; 2331 2332 /* 2333 * Enable cab queue after the ADD_STA command is sent. 2334 * This is needed for 22000 firmware which won't accept SCD_QUEUE_CFG 2335 * command with unknown station id, and for FW that doesn't support 2336 * station API since the cab queue is not included in the 2337 * tfd_queue_mask. 2338 */ 2339 if (iwl_mvm_has_new_tx_api(mvm)) { 2340 int queue = iwl_mvm_tvqm_enable_txq(mvm, msta->sta_id, 2341 0, 2342 timeout); 2343 if (queue < 0) { 2344 ret = queue; 2345 goto err; 2346 } 2347 mvmvif->cab_queue = queue; 2348 } else if (!fw_has_api(&mvm->fw->ucode_capa, 2349 IWL_UCODE_TLV_API_STA_TYPE)) 2350 iwl_mvm_enable_txq(mvm, NULL, mvmvif->cab_queue, 0, &cfg, 2351 timeout); 2352 2353 return 0; 2354 err: 2355 iwl_mvm_dealloc_int_sta(mvm, msta); 2356 return ret; 2357 } 2358 2359 static int __iwl_mvm_remove_sta_key(struct iwl_mvm *mvm, u8 sta_id, 2360 struct ieee80211_key_conf *keyconf, 2361 bool mcast) 2362 { 2363 union { 2364 struct iwl_mvm_add_sta_key_cmd_v1 cmd_v1; 2365 struct iwl_mvm_add_sta_key_cmd cmd; 2366 } u = {}; 2367 bool new_api = fw_has_api(&mvm->fw->ucode_capa, 2368 IWL_UCODE_TLV_API_TKIP_MIC_KEYS); 2369 __le16 key_flags; 2370 int ret, size; 2371 u32 status; 2372 2373 /* This is a valid situation for GTK removal */ 2374 if (sta_id == IWL_MVM_INVALID_STA) 2375 return 0; 2376 2377 key_flags = cpu_to_le16((keyconf->keyidx << STA_KEY_FLG_KEYID_POS) & 2378 STA_KEY_FLG_KEYID_MSK); 2379 key_flags |= cpu_to_le16(STA_KEY_FLG_NO_ENC | STA_KEY_FLG_WEP_KEY_MAP); 2380 key_flags |= cpu_to_le16(STA_KEY_NOT_VALID); 2381 2382 if (mcast) 2383 key_flags |= cpu_to_le16(STA_KEY_MULTICAST); 2384 2385 /* 2386 * The fields assigned here are in the same location at the start 2387 * of the command, so we can do this union trick. 2388 */ 2389 u.cmd.common.key_flags = key_flags; 2390 u.cmd.common.key_offset = keyconf->hw_key_idx; 2391 u.cmd.common.sta_id = sta_id; 2392 2393 size = new_api ? sizeof(u.cmd) : sizeof(u.cmd_v1); 2394 2395 status = ADD_STA_SUCCESS; 2396 ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA_KEY, size, &u.cmd, 2397 &status); 2398 2399 switch (status) { 2400 case ADD_STA_SUCCESS: 2401 IWL_DEBUG_WEP(mvm, "MODIFY_STA: remove sta key passed\n"); 2402 break; 2403 default: 2404 ret = -EIO; 2405 IWL_ERR(mvm, "MODIFY_STA: remove sta key failed\n"); 2406 break; 2407 } 2408 2409 return ret; 2410 } 2411 2412 /* 2413 * Send the FW a request to remove the station from it's internal data 2414 * structures, and in addition remove it from the local data structure. 2415 */ 2416 int iwl_mvm_rm_mcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif) 2417 { 2418 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 2419 int ret; 2420 2421 lockdep_assert_held(&mvm->mutex); 2422 2423 iwl_mvm_flush_sta(mvm, &mvmvif->mcast_sta, true); 2424 2425 iwl_mvm_disable_txq(mvm, NULL, mvmvif->cab_queue, 0, 0); 2426 2427 ret = iwl_mvm_rm_sta_common(mvm, mvmvif->mcast_sta.sta_id); 2428 if (ret) 2429 IWL_WARN(mvm, "Failed sending remove station\n"); 2430 2431 return ret; 2432 } 2433 2434 #define IWL_MAX_RX_BA_SESSIONS 16 2435 2436 static void iwl_mvm_sync_rxq_del_ba(struct iwl_mvm *mvm, u8 baid) 2437 { 2438 struct iwl_mvm_rss_sync_notif notif = { 2439 .metadata.type = IWL_MVM_RXQ_NOTIF_DEL_BA, 2440 .metadata.sync = 1, 2441 .delba.baid = baid, 2442 }; 2443 iwl_mvm_sync_rx_queues_internal(mvm, (void *)¬if, sizeof(notif)); 2444 }; 2445 2446 static void iwl_mvm_free_reorder(struct iwl_mvm *mvm, 2447 struct iwl_mvm_baid_data *data) 2448 { 2449 int i; 2450 2451 iwl_mvm_sync_rxq_del_ba(mvm, data->baid); 2452 2453 for (i = 0; i < mvm->trans->num_rx_queues; i++) { 2454 int j; 2455 struct iwl_mvm_reorder_buffer *reorder_buf = 2456 &data->reorder_buf[i]; 2457 struct iwl_mvm_reorder_buf_entry *entries = 2458 &data->entries[i * data->entries_per_queue]; 2459 2460 spin_lock_bh(&reorder_buf->lock); 2461 if (likely(!reorder_buf->num_stored)) { 2462 spin_unlock_bh(&reorder_buf->lock); 2463 continue; 2464 } 2465 2466 /* 2467 * This shouldn't happen in regular DELBA since the internal 2468 * delBA notification should trigger a release of all frames in 2469 * the reorder buffer. 2470 */ 2471 WARN_ON(1); 2472 2473 for (j = 0; j < reorder_buf->buf_size; j++) 2474 __skb_queue_purge(&entries[j].e.frames); 2475 /* 2476 * Prevent timer re-arm. This prevents a very far fetched case 2477 * where we timed out on the notification. There may be prior 2478 * RX frames pending in the RX queue before the notification 2479 * that might get processed between now and the actual deletion 2480 * and we would re-arm the timer although we are deleting the 2481 * reorder buffer. 2482 */ 2483 reorder_buf->removed = true; 2484 spin_unlock_bh(&reorder_buf->lock); 2485 del_timer_sync(&reorder_buf->reorder_timer); 2486 } 2487 } 2488 2489 static void iwl_mvm_init_reorder_buffer(struct iwl_mvm *mvm, 2490 struct iwl_mvm_baid_data *data, 2491 u16 ssn, u16 buf_size) 2492 { 2493 int i; 2494 2495 for (i = 0; i < mvm->trans->num_rx_queues; i++) { 2496 struct iwl_mvm_reorder_buffer *reorder_buf = 2497 &data->reorder_buf[i]; 2498 struct iwl_mvm_reorder_buf_entry *entries = 2499 &data->entries[i * data->entries_per_queue]; 2500 int j; 2501 2502 reorder_buf->num_stored = 0; 2503 reorder_buf->head_sn = ssn; 2504 reorder_buf->buf_size = buf_size; 2505 /* rx reorder timer */ 2506 timer_setup(&reorder_buf->reorder_timer, 2507 iwl_mvm_reorder_timer_expired, 0); 2508 spin_lock_init(&reorder_buf->lock); 2509 reorder_buf->mvm = mvm; 2510 reorder_buf->queue = i; 2511 reorder_buf->valid = false; 2512 for (j = 0; j < reorder_buf->buf_size; j++) 2513 __skb_queue_head_init(&entries[j].e.frames); 2514 } 2515 } 2516 2517 int iwl_mvm_sta_rx_agg(struct iwl_mvm *mvm, struct ieee80211_sta *sta, 2518 int tid, u16 ssn, bool start, u16 buf_size, u16 timeout) 2519 { 2520 struct iwl_mvm_sta *mvm_sta = iwl_mvm_sta_from_mac80211(sta); 2521 struct iwl_mvm_add_sta_cmd cmd = {}; 2522 struct iwl_mvm_baid_data *baid_data = NULL; 2523 int ret; 2524 u32 status; 2525 2526 lockdep_assert_held(&mvm->mutex); 2527 2528 if (start && mvm->rx_ba_sessions >= IWL_MAX_RX_BA_SESSIONS) { 2529 IWL_WARN(mvm, "Not enough RX BA SESSIONS\n"); 2530 return -ENOSPC; 2531 } 2532 2533 if (iwl_mvm_has_new_rx_api(mvm) && start) { 2534 u16 reorder_buf_size = buf_size * sizeof(baid_data->entries[0]); 2535 2536 /* sparse doesn't like the __align() so don't check */ 2537 #ifndef __CHECKER__ 2538 /* 2539 * The division below will be OK if either the cache line size 2540 * can be divided by the entry size (ALIGN will round up) or if 2541 * if the entry size can be divided by the cache line size, in 2542 * which case the ALIGN() will do nothing. 2543 */ 2544 BUILD_BUG_ON(SMP_CACHE_BYTES % sizeof(baid_data->entries[0]) && 2545 sizeof(baid_data->entries[0]) % SMP_CACHE_BYTES); 2546 #endif 2547 2548 /* 2549 * Upward align the reorder buffer size to fill an entire cache 2550 * line for each queue, to avoid sharing cache lines between 2551 * different queues. 2552 */ 2553 reorder_buf_size = ALIGN(reorder_buf_size, SMP_CACHE_BYTES); 2554 2555 /* 2556 * Allocate here so if allocation fails we can bail out early 2557 * before starting the BA session in the firmware 2558 */ 2559 baid_data = kzalloc(sizeof(*baid_data) + 2560 mvm->trans->num_rx_queues * 2561 reorder_buf_size, 2562 GFP_KERNEL); 2563 if (!baid_data) 2564 return -ENOMEM; 2565 2566 /* 2567 * This division is why we need the above BUILD_BUG_ON(), 2568 * if that doesn't hold then this will not be right. 2569 */ 2570 baid_data->entries_per_queue = 2571 reorder_buf_size / sizeof(baid_data->entries[0]); 2572 } 2573 2574 cmd.mac_id_n_color = cpu_to_le32(mvm_sta->mac_id_n_color); 2575 cmd.sta_id = mvm_sta->sta_id; 2576 cmd.add_modify = STA_MODE_MODIFY; 2577 if (start) { 2578 cmd.add_immediate_ba_tid = (u8) tid; 2579 cmd.add_immediate_ba_ssn = cpu_to_le16(ssn); 2580 cmd.rx_ba_window = cpu_to_le16(buf_size); 2581 } else { 2582 cmd.remove_immediate_ba_tid = (u8) tid; 2583 } 2584 cmd.modify_mask = start ? STA_MODIFY_ADD_BA_TID : 2585 STA_MODIFY_REMOVE_BA_TID; 2586 2587 status = ADD_STA_SUCCESS; 2588 ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA, 2589 iwl_mvm_add_sta_cmd_size(mvm), 2590 &cmd, &status); 2591 if (ret) 2592 goto out_free; 2593 2594 switch (status & IWL_ADD_STA_STATUS_MASK) { 2595 case ADD_STA_SUCCESS: 2596 IWL_DEBUG_HT(mvm, "RX BA Session %sed in fw\n", 2597 start ? "start" : "stopp"); 2598 break; 2599 case ADD_STA_IMMEDIATE_BA_FAILURE: 2600 IWL_WARN(mvm, "RX BA Session refused by fw\n"); 2601 ret = -ENOSPC; 2602 break; 2603 default: 2604 ret = -EIO; 2605 IWL_ERR(mvm, "RX BA Session failed %sing, status 0x%x\n", 2606 start ? "start" : "stopp", status); 2607 break; 2608 } 2609 2610 if (ret) 2611 goto out_free; 2612 2613 if (start) { 2614 u8 baid; 2615 2616 mvm->rx_ba_sessions++; 2617 2618 if (!iwl_mvm_has_new_rx_api(mvm)) 2619 return 0; 2620 2621 if (WARN_ON(!(status & IWL_ADD_STA_BAID_VALID_MASK))) { 2622 ret = -EINVAL; 2623 goto out_free; 2624 } 2625 baid = (u8)((status & IWL_ADD_STA_BAID_MASK) >> 2626 IWL_ADD_STA_BAID_SHIFT); 2627 baid_data->baid = baid; 2628 baid_data->timeout = timeout; 2629 baid_data->last_rx = jiffies; 2630 baid_data->rcu_ptr = &mvm->baid_map[baid]; 2631 timer_setup(&baid_data->session_timer, 2632 iwl_mvm_rx_agg_session_expired, 0); 2633 baid_data->mvm = mvm; 2634 baid_data->tid = tid; 2635 baid_data->sta_id = mvm_sta->sta_id; 2636 2637 mvm_sta->tid_to_baid[tid] = baid; 2638 if (timeout) 2639 mod_timer(&baid_data->session_timer, 2640 TU_TO_EXP_TIME(timeout * 2)); 2641 2642 iwl_mvm_init_reorder_buffer(mvm, baid_data, ssn, buf_size); 2643 /* 2644 * protect the BA data with RCU to cover a case where our 2645 * internal RX sync mechanism will timeout (not that it's 2646 * supposed to happen) and we will free the session data while 2647 * RX is being processed in parallel 2648 */ 2649 IWL_DEBUG_HT(mvm, "Sta %d(%d) is assigned to BAID %d\n", 2650 mvm_sta->sta_id, tid, baid); 2651 WARN_ON(rcu_access_pointer(mvm->baid_map[baid])); 2652 rcu_assign_pointer(mvm->baid_map[baid], baid_data); 2653 } else { 2654 u8 baid = mvm_sta->tid_to_baid[tid]; 2655 2656 if (mvm->rx_ba_sessions > 0) 2657 /* check that restart flow didn't zero the counter */ 2658 mvm->rx_ba_sessions--; 2659 if (!iwl_mvm_has_new_rx_api(mvm)) 2660 return 0; 2661 2662 if (WARN_ON(baid == IWL_RX_REORDER_DATA_INVALID_BAID)) 2663 return -EINVAL; 2664 2665 baid_data = rcu_access_pointer(mvm->baid_map[baid]); 2666 if (WARN_ON(!baid_data)) 2667 return -EINVAL; 2668 2669 /* synchronize all rx queues so we can safely delete */ 2670 iwl_mvm_free_reorder(mvm, baid_data); 2671 del_timer_sync(&baid_data->session_timer); 2672 RCU_INIT_POINTER(mvm->baid_map[baid], NULL); 2673 kfree_rcu(baid_data, rcu_head); 2674 IWL_DEBUG_HT(mvm, "BAID %d is free\n", baid); 2675 } 2676 return 0; 2677 2678 out_free: 2679 kfree(baid_data); 2680 return ret; 2681 } 2682 2683 int iwl_mvm_sta_tx_agg(struct iwl_mvm *mvm, struct ieee80211_sta *sta, 2684 int tid, u8 queue, bool start) 2685 { 2686 struct iwl_mvm_sta *mvm_sta = iwl_mvm_sta_from_mac80211(sta); 2687 struct iwl_mvm_add_sta_cmd cmd = {}; 2688 int ret; 2689 u32 status; 2690 2691 lockdep_assert_held(&mvm->mutex); 2692 2693 if (start) { 2694 mvm_sta->tfd_queue_msk |= BIT(queue); 2695 mvm_sta->tid_disable_agg &= ~BIT(tid); 2696 } else { 2697 /* In DQA-mode the queue isn't removed on agg termination */ 2698 mvm_sta->tid_disable_agg |= BIT(tid); 2699 } 2700 2701 cmd.mac_id_n_color = cpu_to_le32(mvm_sta->mac_id_n_color); 2702 cmd.sta_id = mvm_sta->sta_id; 2703 cmd.add_modify = STA_MODE_MODIFY; 2704 if (!iwl_mvm_has_new_tx_api(mvm)) 2705 cmd.modify_mask = STA_MODIFY_QUEUES; 2706 cmd.modify_mask |= STA_MODIFY_TID_DISABLE_TX; 2707 cmd.tfd_queue_msk = cpu_to_le32(mvm_sta->tfd_queue_msk); 2708 cmd.tid_disable_tx = cpu_to_le16(mvm_sta->tid_disable_agg); 2709 2710 status = ADD_STA_SUCCESS; 2711 ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA, 2712 iwl_mvm_add_sta_cmd_size(mvm), 2713 &cmd, &status); 2714 if (ret) 2715 return ret; 2716 2717 switch (status & IWL_ADD_STA_STATUS_MASK) { 2718 case ADD_STA_SUCCESS: 2719 break; 2720 default: 2721 ret = -EIO; 2722 IWL_ERR(mvm, "TX BA Session failed %sing, status 0x%x\n", 2723 start ? "start" : "stopp", status); 2724 break; 2725 } 2726 2727 return ret; 2728 } 2729 2730 const u8 tid_to_mac80211_ac[] = { 2731 IEEE80211_AC_BE, 2732 IEEE80211_AC_BK, 2733 IEEE80211_AC_BK, 2734 IEEE80211_AC_BE, 2735 IEEE80211_AC_VI, 2736 IEEE80211_AC_VI, 2737 IEEE80211_AC_VO, 2738 IEEE80211_AC_VO, 2739 IEEE80211_AC_VO, /* We treat MGMT as TID 8, which is set as AC_VO */ 2740 }; 2741 2742 static const u8 tid_to_ucode_ac[] = { 2743 AC_BE, 2744 AC_BK, 2745 AC_BK, 2746 AC_BE, 2747 AC_VI, 2748 AC_VI, 2749 AC_VO, 2750 AC_VO, 2751 }; 2752 2753 int iwl_mvm_sta_tx_agg_start(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 2754 struct ieee80211_sta *sta, u16 tid, u16 *ssn) 2755 { 2756 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 2757 struct iwl_mvm_tid_data *tid_data; 2758 u16 normalized_ssn; 2759 u16 txq_id; 2760 int ret; 2761 2762 if (WARN_ON_ONCE(tid >= IWL_MAX_TID_COUNT)) 2763 return -EINVAL; 2764 2765 if (mvmsta->tid_data[tid].state != IWL_AGG_QUEUED && 2766 mvmsta->tid_data[tid].state != IWL_AGG_OFF) { 2767 IWL_ERR(mvm, 2768 "Start AGG when state is not IWL_AGG_QUEUED or IWL_AGG_OFF %d!\n", 2769 mvmsta->tid_data[tid].state); 2770 return -ENXIO; 2771 } 2772 2773 lockdep_assert_held(&mvm->mutex); 2774 2775 if (mvmsta->tid_data[tid].txq_id == IWL_MVM_INVALID_QUEUE && 2776 iwl_mvm_has_new_tx_api(mvm)) { 2777 u8 ac = tid_to_mac80211_ac[tid]; 2778 2779 ret = iwl_mvm_sta_alloc_queue_tvqm(mvm, sta, ac, tid); 2780 if (ret) 2781 return ret; 2782 } 2783 2784 spin_lock_bh(&mvmsta->lock); 2785 2786 /* 2787 * Note the possible cases: 2788 * 1. An enabled TXQ - TXQ needs to become agg'ed 2789 * 2. The TXQ hasn't yet been enabled, so find a free one and mark 2790 * it as reserved 2791 */ 2792 txq_id = mvmsta->tid_data[tid].txq_id; 2793 if (txq_id == IWL_MVM_INVALID_QUEUE) { 2794 ret = iwl_mvm_find_free_queue(mvm, mvmsta->sta_id, 2795 IWL_MVM_DQA_MIN_DATA_QUEUE, 2796 IWL_MVM_DQA_MAX_DATA_QUEUE); 2797 if (ret < 0) { 2798 IWL_ERR(mvm, "Failed to allocate agg queue\n"); 2799 goto out; 2800 } 2801 2802 txq_id = ret; 2803 2804 /* TXQ hasn't yet been enabled, so mark it only as reserved */ 2805 mvm->queue_info[txq_id].status = IWL_MVM_QUEUE_RESERVED; 2806 } else if (WARN_ON(txq_id >= IWL_MAX_HW_QUEUES)) { 2807 ret = -ENXIO; 2808 IWL_ERR(mvm, "tid_id %d out of range (0, %d)!\n", 2809 tid, IWL_MAX_HW_QUEUES - 1); 2810 goto out; 2811 2812 } else if (unlikely(mvm->queue_info[txq_id].status == 2813 IWL_MVM_QUEUE_SHARED)) { 2814 ret = -ENXIO; 2815 IWL_DEBUG_TX_QUEUES(mvm, 2816 "Can't start tid %d agg on shared queue!\n", 2817 tid); 2818 goto out; 2819 } 2820 2821 IWL_DEBUG_TX_QUEUES(mvm, 2822 "AGG for tid %d will be on queue #%d\n", 2823 tid, txq_id); 2824 2825 tid_data = &mvmsta->tid_data[tid]; 2826 tid_data->ssn = IEEE80211_SEQ_TO_SN(tid_data->seq_number); 2827 tid_data->txq_id = txq_id; 2828 *ssn = tid_data->ssn; 2829 2830 IWL_DEBUG_TX_QUEUES(mvm, 2831 "Start AGG: sta %d tid %d queue %d - ssn = %d, next_recl = %d\n", 2832 mvmsta->sta_id, tid, txq_id, tid_data->ssn, 2833 tid_data->next_reclaimed); 2834 2835 /* 2836 * In 22000 HW, the next_reclaimed index is only 8 bit, so we'll need 2837 * to align the wrap around of ssn so we compare relevant values. 2838 */ 2839 normalized_ssn = tid_data->ssn; 2840 if (mvm->trans->trans_cfg->gen2) 2841 normalized_ssn &= 0xff; 2842 2843 if (normalized_ssn == tid_data->next_reclaimed) { 2844 tid_data->state = IWL_AGG_STARTING; 2845 ret = IEEE80211_AMPDU_TX_START_IMMEDIATE; 2846 } else { 2847 tid_data->state = IWL_EMPTYING_HW_QUEUE_ADDBA; 2848 ret = IEEE80211_AMPDU_TX_START_DELAY_ADDBA; 2849 } 2850 2851 out: 2852 spin_unlock_bh(&mvmsta->lock); 2853 2854 return ret; 2855 } 2856 2857 int iwl_mvm_sta_tx_agg_oper(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 2858 struct ieee80211_sta *sta, u16 tid, u16 buf_size, 2859 bool amsdu) 2860 { 2861 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 2862 struct iwl_mvm_tid_data *tid_data = &mvmsta->tid_data[tid]; 2863 unsigned int wdg_timeout = 2864 iwl_mvm_get_wd_timeout(mvm, vif, sta->tdls, false); 2865 int queue, ret; 2866 bool alloc_queue = true; 2867 enum iwl_mvm_queue_status queue_status; 2868 u16 ssn; 2869 2870 struct iwl_trans_txq_scd_cfg cfg = { 2871 .sta_id = mvmsta->sta_id, 2872 .tid = tid, 2873 .frame_limit = buf_size, 2874 .aggregate = true, 2875 }; 2876 2877 /* 2878 * When FW supports TLC_OFFLOAD, it also implements Tx aggregation 2879 * manager, so this function should never be called in this case. 2880 */ 2881 if (WARN_ON_ONCE(iwl_mvm_has_tlc_offload(mvm))) 2882 return -EINVAL; 2883 2884 BUILD_BUG_ON((sizeof(mvmsta->agg_tids) * BITS_PER_BYTE) 2885 != IWL_MAX_TID_COUNT); 2886 2887 spin_lock_bh(&mvmsta->lock); 2888 ssn = tid_data->ssn; 2889 queue = tid_data->txq_id; 2890 tid_data->state = IWL_AGG_ON; 2891 mvmsta->agg_tids |= BIT(tid); 2892 tid_data->ssn = 0xffff; 2893 tid_data->amsdu_in_ampdu_allowed = amsdu; 2894 spin_unlock_bh(&mvmsta->lock); 2895 2896 if (iwl_mvm_has_new_tx_api(mvm)) { 2897 /* 2898 * If there is no queue for this tid, iwl_mvm_sta_tx_agg_start() 2899 * would have failed, so if we are here there is no need to 2900 * allocate a queue. 2901 * However, if aggregation size is different than the default 2902 * size, the scheduler should be reconfigured. 2903 * We cannot do this with the new TX API, so return unsupported 2904 * for now, until it will be offloaded to firmware.. 2905 * Note that if SCD default value changes - this condition 2906 * should be updated as well. 2907 */ 2908 if (buf_size < IWL_FRAME_LIMIT) 2909 return -ENOTSUPP; 2910 2911 ret = iwl_mvm_sta_tx_agg(mvm, sta, tid, queue, true); 2912 if (ret) 2913 return -EIO; 2914 goto out; 2915 } 2916 2917 cfg.fifo = iwl_mvm_ac_to_tx_fifo[tid_to_mac80211_ac[tid]]; 2918 2919 queue_status = mvm->queue_info[queue].status; 2920 2921 /* Maybe there is no need to even alloc a queue... */ 2922 if (mvm->queue_info[queue].status == IWL_MVM_QUEUE_READY) 2923 alloc_queue = false; 2924 2925 /* 2926 * Only reconfig the SCD for the queue if the window size has 2927 * changed from current (become smaller) 2928 */ 2929 if (!alloc_queue && buf_size < IWL_FRAME_LIMIT) { 2930 /* 2931 * If reconfiguring an existing queue, it first must be 2932 * drained 2933 */ 2934 ret = iwl_trans_wait_tx_queues_empty(mvm->trans, 2935 BIT(queue)); 2936 if (ret) { 2937 IWL_ERR(mvm, 2938 "Error draining queue before reconfig\n"); 2939 return ret; 2940 } 2941 2942 ret = iwl_mvm_reconfig_scd(mvm, queue, cfg.fifo, 2943 mvmsta->sta_id, tid, 2944 buf_size, ssn); 2945 if (ret) { 2946 IWL_ERR(mvm, 2947 "Error reconfiguring TXQ #%d\n", queue); 2948 return ret; 2949 } 2950 } 2951 2952 if (alloc_queue) 2953 iwl_mvm_enable_txq(mvm, sta, queue, ssn, 2954 &cfg, wdg_timeout); 2955 2956 /* Send ADD_STA command to enable aggs only if the queue isn't shared */ 2957 if (queue_status != IWL_MVM_QUEUE_SHARED) { 2958 ret = iwl_mvm_sta_tx_agg(mvm, sta, tid, queue, true); 2959 if (ret) 2960 return -EIO; 2961 } 2962 2963 /* No need to mark as reserved */ 2964 mvm->queue_info[queue].status = IWL_MVM_QUEUE_READY; 2965 2966 out: 2967 /* 2968 * Even though in theory the peer could have different 2969 * aggregation reorder buffer sizes for different sessions, 2970 * our ucode doesn't allow for that and has a global limit 2971 * for each station. Therefore, use the minimum of all the 2972 * aggregation sessions and our default value. 2973 */ 2974 mvmsta->max_agg_bufsize = 2975 min(mvmsta->max_agg_bufsize, buf_size); 2976 mvmsta->lq_sta.rs_drv.lq.agg_frame_cnt_limit = mvmsta->max_agg_bufsize; 2977 2978 IWL_DEBUG_HT(mvm, "Tx aggregation enabled on ra = %pM tid = %d\n", 2979 sta->addr, tid); 2980 2981 return iwl_mvm_send_lq_cmd(mvm, &mvmsta->lq_sta.rs_drv.lq); 2982 } 2983 2984 static void iwl_mvm_unreserve_agg_queue(struct iwl_mvm *mvm, 2985 struct iwl_mvm_sta *mvmsta, 2986 struct iwl_mvm_tid_data *tid_data) 2987 { 2988 u16 txq_id = tid_data->txq_id; 2989 2990 lockdep_assert_held(&mvm->mutex); 2991 2992 if (iwl_mvm_has_new_tx_api(mvm)) 2993 return; 2994 2995 /* 2996 * The TXQ is marked as reserved only if no traffic came through yet 2997 * This means no traffic has been sent on this TID (agg'd or not), so 2998 * we no longer have use for the queue. Since it hasn't even been 2999 * allocated through iwl_mvm_enable_txq, so we can just mark it back as 3000 * free. 3001 */ 3002 if (mvm->queue_info[txq_id].status == IWL_MVM_QUEUE_RESERVED) { 3003 mvm->queue_info[txq_id].status = IWL_MVM_QUEUE_FREE; 3004 tid_data->txq_id = IWL_MVM_INVALID_QUEUE; 3005 } 3006 } 3007 3008 int iwl_mvm_sta_tx_agg_stop(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 3009 struct ieee80211_sta *sta, u16 tid) 3010 { 3011 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 3012 struct iwl_mvm_tid_data *tid_data = &mvmsta->tid_data[tid]; 3013 u16 txq_id; 3014 int err; 3015 3016 /* 3017 * If mac80211 is cleaning its state, then say that we finished since 3018 * our state has been cleared anyway. 3019 */ 3020 if (test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status)) { 3021 ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid); 3022 return 0; 3023 } 3024 3025 spin_lock_bh(&mvmsta->lock); 3026 3027 txq_id = tid_data->txq_id; 3028 3029 IWL_DEBUG_TX_QUEUES(mvm, "Stop AGG: sta %d tid %d q %d state %d\n", 3030 mvmsta->sta_id, tid, txq_id, tid_data->state); 3031 3032 mvmsta->agg_tids &= ~BIT(tid); 3033 3034 iwl_mvm_unreserve_agg_queue(mvm, mvmsta, tid_data); 3035 3036 switch (tid_data->state) { 3037 case IWL_AGG_ON: 3038 tid_data->ssn = IEEE80211_SEQ_TO_SN(tid_data->seq_number); 3039 3040 IWL_DEBUG_TX_QUEUES(mvm, 3041 "ssn = %d, next_recl = %d\n", 3042 tid_data->ssn, tid_data->next_reclaimed); 3043 3044 tid_data->ssn = 0xffff; 3045 tid_data->state = IWL_AGG_OFF; 3046 spin_unlock_bh(&mvmsta->lock); 3047 3048 ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid); 3049 3050 iwl_mvm_sta_tx_agg(mvm, sta, tid, txq_id, false); 3051 return 0; 3052 case IWL_AGG_STARTING: 3053 case IWL_EMPTYING_HW_QUEUE_ADDBA: 3054 /* 3055 * The agg session has been stopped before it was set up. This 3056 * can happen when the AddBA timer times out for example. 3057 */ 3058 3059 /* No barriers since we are under mutex */ 3060 lockdep_assert_held(&mvm->mutex); 3061 3062 ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid); 3063 tid_data->state = IWL_AGG_OFF; 3064 err = 0; 3065 break; 3066 default: 3067 IWL_ERR(mvm, 3068 "Stopping AGG while state not ON or starting for %d on %d (%d)\n", 3069 mvmsta->sta_id, tid, tid_data->state); 3070 IWL_ERR(mvm, 3071 "\ttid_data->txq_id = %d\n", tid_data->txq_id); 3072 err = -EINVAL; 3073 } 3074 3075 spin_unlock_bh(&mvmsta->lock); 3076 3077 return err; 3078 } 3079 3080 int iwl_mvm_sta_tx_agg_flush(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 3081 struct ieee80211_sta *sta, u16 tid) 3082 { 3083 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 3084 struct iwl_mvm_tid_data *tid_data = &mvmsta->tid_data[tid]; 3085 u16 txq_id; 3086 enum iwl_mvm_agg_state old_state; 3087 3088 /* 3089 * First set the agg state to OFF to avoid calling 3090 * ieee80211_stop_tx_ba_cb in iwl_mvm_check_ratid_empty. 3091 */ 3092 spin_lock_bh(&mvmsta->lock); 3093 txq_id = tid_data->txq_id; 3094 IWL_DEBUG_TX_QUEUES(mvm, "Flush AGG: sta %d tid %d q %d state %d\n", 3095 mvmsta->sta_id, tid, txq_id, tid_data->state); 3096 old_state = tid_data->state; 3097 tid_data->state = IWL_AGG_OFF; 3098 mvmsta->agg_tids &= ~BIT(tid); 3099 spin_unlock_bh(&mvmsta->lock); 3100 3101 iwl_mvm_unreserve_agg_queue(mvm, mvmsta, tid_data); 3102 3103 if (old_state >= IWL_AGG_ON) { 3104 iwl_mvm_drain_sta(mvm, mvmsta, true); 3105 3106 if (iwl_mvm_has_new_tx_api(mvm)) { 3107 if (iwl_mvm_flush_sta_tids(mvm, mvmsta->sta_id, 3108 BIT(tid), 0)) 3109 IWL_ERR(mvm, "Couldn't flush the AGG queue\n"); 3110 iwl_trans_wait_txq_empty(mvm->trans, txq_id); 3111 } else { 3112 if (iwl_mvm_flush_tx_path(mvm, BIT(txq_id), 0)) 3113 IWL_ERR(mvm, "Couldn't flush the AGG queue\n"); 3114 iwl_trans_wait_tx_queues_empty(mvm->trans, BIT(txq_id)); 3115 } 3116 3117 iwl_mvm_drain_sta(mvm, mvmsta, false); 3118 3119 iwl_mvm_sta_tx_agg(mvm, sta, tid, txq_id, false); 3120 } 3121 3122 return 0; 3123 } 3124 3125 static int iwl_mvm_set_fw_key_idx(struct iwl_mvm *mvm) 3126 { 3127 int i, max = -1, max_offs = -1; 3128 3129 lockdep_assert_held(&mvm->mutex); 3130 3131 /* Pick the unused key offset with the highest 'deleted' 3132 * counter. Every time a key is deleted, all the counters 3133 * are incremented and the one that was just deleted is 3134 * reset to zero. Thus, the highest counter is the one 3135 * that was deleted longest ago. Pick that one. 3136 */ 3137 for (i = 0; i < STA_KEY_MAX_NUM; i++) { 3138 if (test_bit(i, mvm->fw_key_table)) 3139 continue; 3140 if (mvm->fw_key_deleted[i] > max) { 3141 max = mvm->fw_key_deleted[i]; 3142 max_offs = i; 3143 } 3144 } 3145 3146 if (max_offs < 0) 3147 return STA_KEY_IDX_INVALID; 3148 3149 return max_offs; 3150 } 3151 3152 static struct iwl_mvm_sta *iwl_mvm_get_key_sta(struct iwl_mvm *mvm, 3153 struct ieee80211_vif *vif, 3154 struct ieee80211_sta *sta) 3155 { 3156 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 3157 3158 if (sta) 3159 return iwl_mvm_sta_from_mac80211(sta); 3160 3161 /* 3162 * The device expects GTKs for station interfaces to be 3163 * installed as GTKs for the AP station. If we have no 3164 * station ID, then use AP's station ID. 3165 */ 3166 if (vif->type == NL80211_IFTYPE_STATION && 3167 mvmvif->ap_sta_id != IWL_MVM_INVALID_STA) { 3168 u8 sta_id = mvmvif->ap_sta_id; 3169 3170 sta = rcu_dereference_check(mvm->fw_id_to_mac_id[sta_id], 3171 lockdep_is_held(&mvm->mutex)); 3172 3173 /* 3174 * It is possible that the 'sta' parameter is NULL, 3175 * for example when a GTK is removed - the sta_id will then 3176 * be the AP ID, and no station was passed by mac80211. 3177 */ 3178 if (IS_ERR_OR_NULL(sta)) 3179 return NULL; 3180 3181 return iwl_mvm_sta_from_mac80211(sta); 3182 } 3183 3184 return NULL; 3185 } 3186 3187 static int iwl_mvm_send_sta_key(struct iwl_mvm *mvm, 3188 u32 sta_id, 3189 struct ieee80211_key_conf *key, bool mcast, 3190 u32 tkip_iv32, u16 *tkip_p1k, u32 cmd_flags, 3191 u8 key_offset, bool mfp) 3192 { 3193 union { 3194 struct iwl_mvm_add_sta_key_cmd_v1 cmd_v1; 3195 struct iwl_mvm_add_sta_key_cmd cmd; 3196 } u = {}; 3197 __le16 key_flags; 3198 int ret; 3199 u32 status; 3200 u16 keyidx; 3201 u64 pn = 0; 3202 int i, size; 3203 bool new_api = fw_has_api(&mvm->fw->ucode_capa, 3204 IWL_UCODE_TLV_API_TKIP_MIC_KEYS); 3205 3206 if (sta_id == IWL_MVM_INVALID_STA) 3207 return -EINVAL; 3208 3209 keyidx = (key->keyidx << STA_KEY_FLG_KEYID_POS) & 3210 STA_KEY_FLG_KEYID_MSK; 3211 key_flags = cpu_to_le16(keyidx); 3212 key_flags |= cpu_to_le16(STA_KEY_FLG_WEP_KEY_MAP); 3213 3214 switch (key->cipher) { 3215 case WLAN_CIPHER_SUITE_TKIP: 3216 key_flags |= cpu_to_le16(STA_KEY_FLG_TKIP); 3217 if (new_api) { 3218 memcpy((void *)&u.cmd.tx_mic_key, 3219 &key->key[NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY], 3220 IWL_MIC_KEY_SIZE); 3221 3222 memcpy((void *)&u.cmd.rx_mic_key, 3223 &key->key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY], 3224 IWL_MIC_KEY_SIZE); 3225 pn = atomic64_read(&key->tx_pn); 3226 3227 } else { 3228 u.cmd_v1.tkip_rx_tsc_byte2 = tkip_iv32; 3229 for (i = 0; i < 5; i++) 3230 u.cmd_v1.tkip_rx_ttak[i] = 3231 cpu_to_le16(tkip_p1k[i]); 3232 } 3233 memcpy(u.cmd.common.key, key->key, key->keylen); 3234 break; 3235 case WLAN_CIPHER_SUITE_CCMP: 3236 key_flags |= cpu_to_le16(STA_KEY_FLG_CCM); 3237 memcpy(u.cmd.common.key, key->key, key->keylen); 3238 if (new_api) 3239 pn = atomic64_read(&key->tx_pn); 3240 break; 3241 case WLAN_CIPHER_SUITE_WEP104: 3242 key_flags |= cpu_to_le16(STA_KEY_FLG_WEP_13BYTES); 3243 fallthrough; 3244 case WLAN_CIPHER_SUITE_WEP40: 3245 key_flags |= cpu_to_le16(STA_KEY_FLG_WEP); 3246 memcpy(u.cmd.common.key + 3, key->key, key->keylen); 3247 break; 3248 case WLAN_CIPHER_SUITE_GCMP_256: 3249 key_flags |= cpu_to_le16(STA_KEY_FLG_KEY_32BYTES); 3250 fallthrough; 3251 case WLAN_CIPHER_SUITE_GCMP: 3252 key_flags |= cpu_to_le16(STA_KEY_FLG_GCMP); 3253 memcpy(u.cmd.common.key, key->key, key->keylen); 3254 if (new_api) 3255 pn = atomic64_read(&key->tx_pn); 3256 break; 3257 default: 3258 key_flags |= cpu_to_le16(STA_KEY_FLG_EXT); 3259 memcpy(u.cmd.common.key, key->key, key->keylen); 3260 } 3261 3262 if (mcast) 3263 key_flags |= cpu_to_le16(STA_KEY_MULTICAST); 3264 if (mfp) 3265 key_flags |= cpu_to_le16(STA_KEY_MFP); 3266 3267 u.cmd.common.key_offset = key_offset; 3268 u.cmd.common.key_flags = key_flags; 3269 u.cmd.common.sta_id = sta_id; 3270 3271 if (new_api) { 3272 u.cmd.transmit_seq_cnt = cpu_to_le64(pn); 3273 size = sizeof(u.cmd); 3274 } else { 3275 size = sizeof(u.cmd_v1); 3276 } 3277 3278 status = ADD_STA_SUCCESS; 3279 if (cmd_flags & CMD_ASYNC) 3280 ret = iwl_mvm_send_cmd_pdu(mvm, ADD_STA_KEY, CMD_ASYNC, size, 3281 &u.cmd); 3282 else 3283 ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA_KEY, size, 3284 &u.cmd, &status); 3285 3286 switch (status) { 3287 case ADD_STA_SUCCESS: 3288 IWL_DEBUG_WEP(mvm, "MODIFY_STA: set dynamic key passed\n"); 3289 break; 3290 default: 3291 ret = -EIO; 3292 IWL_ERR(mvm, "MODIFY_STA: set dynamic key failed\n"); 3293 break; 3294 } 3295 3296 return ret; 3297 } 3298 3299 static int iwl_mvm_send_sta_igtk(struct iwl_mvm *mvm, 3300 struct ieee80211_key_conf *keyconf, 3301 u8 sta_id, bool remove_key) 3302 { 3303 struct iwl_mvm_mgmt_mcast_key_cmd igtk_cmd = {}; 3304 3305 /* verify the key details match the required command's expectations */ 3306 if (WARN_ON((keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE) || 3307 (keyconf->keyidx != 4 && keyconf->keyidx != 5) || 3308 (keyconf->cipher != WLAN_CIPHER_SUITE_AES_CMAC && 3309 keyconf->cipher != WLAN_CIPHER_SUITE_BIP_GMAC_128 && 3310 keyconf->cipher != WLAN_CIPHER_SUITE_BIP_GMAC_256))) 3311 return -EINVAL; 3312 3313 if (WARN_ON(!iwl_mvm_has_new_rx_api(mvm) && 3314 keyconf->cipher != WLAN_CIPHER_SUITE_AES_CMAC)) 3315 return -EINVAL; 3316 3317 igtk_cmd.key_id = cpu_to_le32(keyconf->keyidx); 3318 igtk_cmd.sta_id = cpu_to_le32(sta_id); 3319 3320 if (remove_key) { 3321 /* This is a valid situation for IGTK */ 3322 if (sta_id == IWL_MVM_INVALID_STA) 3323 return 0; 3324 3325 igtk_cmd.ctrl_flags |= cpu_to_le32(STA_KEY_NOT_VALID); 3326 } else { 3327 struct ieee80211_key_seq seq; 3328 const u8 *pn; 3329 3330 switch (keyconf->cipher) { 3331 case WLAN_CIPHER_SUITE_AES_CMAC: 3332 igtk_cmd.ctrl_flags |= cpu_to_le32(STA_KEY_FLG_CCM); 3333 break; 3334 case WLAN_CIPHER_SUITE_BIP_GMAC_128: 3335 case WLAN_CIPHER_SUITE_BIP_GMAC_256: 3336 igtk_cmd.ctrl_flags |= cpu_to_le32(STA_KEY_FLG_GCMP); 3337 break; 3338 default: 3339 return -EINVAL; 3340 } 3341 3342 memcpy(igtk_cmd.igtk, keyconf->key, keyconf->keylen); 3343 if (keyconf->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256) 3344 igtk_cmd.ctrl_flags |= 3345 cpu_to_le32(STA_KEY_FLG_KEY_32BYTES); 3346 ieee80211_get_key_rx_seq(keyconf, 0, &seq); 3347 pn = seq.aes_cmac.pn; 3348 igtk_cmd.receive_seq_cnt = cpu_to_le64(((u64) pn[5] << 0) | 3349 ((u64) pn[4] << 8) | 3350 ((u64) pn[3] << 16) | 3351 ((u64) pn[2] << 24) | 3352 ((u64) pn[1] << 32) | 3353 ((u64) pn[0] << 40)); 3354 } 3355 3356 IWL_DEBUG_INFO(mvm, "%s igtk for sta %u\n", 3357 remove_key ? "removing" : "installing", 3358 igtk_cmd.sta_id); 3359 3360 if (!iwl_mvm_has_new_rx_api(mvm)) { 3361 struct iwl_mvm_mgmt_mcast_key_cmd_v1 igtk_cmd_v1 = { 3362 .ctrl_flags = igtk_cmd.ctrl_flags, 3363 .key_id = igtk_cmd.key_id, 3364 .sta_id = igtk_cmd.sta_id, 3365 .receive_seq_cnt = igtk_cmd.receive_seq_cnt 3366 }; 3367 3368 memcpy(igtk_cmd_v1.igtk, igtk_cmd.igtk, 3369 ARRAY_SIZE(igtk_cmd_v1.igtk)); 3370 return iwl_mvm_send_cmd_pdu(mvm, MGMT_MCAST_KEY, 0, 3371 sizeof(igtk_cmd_v1), &igtk_cmd_v1); 3372 } 3373 return iwl_mvm_send_cmd_pdu(mvm, MGMT_MCAST_KEY, 0, 3374 sizeof(igtk_cmd), &igtk_cmd); 3375 } 3376 3377 3378 static inline u8 *iwl_mvm_get_mac_addr(struct iwl_mvm *mvm, 3379 struct ieee80211_vif *vif, 3380 struct ieee80211_sta *sta) 3381 { 3382 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 3383 3384 if (sta) 3385 return sta->addr; 3386 3387 if (vif->type == NL80211_IFTYPE_STATION && 3388 mvmvif->ap_sta_id != IWL_MVM_INVALID_STA) { 3389 u8 sta_id = mvmvif->ap_sta_id; 3390 sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[sta_id], 3391 lockdep_is_held(&mvm->mutex)); 3392 return sta->addr; 3393 } 3394 3395 3396 return NULL; 3397 } 3398 3399 static int __iwl_mvm_set_sta_key(struct iwl_mvm *mvm, 3400 struct ieee80211_vif *vif, 3401 struct ieee80211_sta *sta, 3402 struct ieee80211_key_conf *keyconf, 3403 u8 key_offset, 3404 bool mcast) 3405 { 3406 int ret; 3407 const u8 *addr; 3408 struct ieee80211_key_seq seq; 3409 u16 p1k[5]; 3410 u32 sta_id; 3411 bool mfp = false; 3412 3413 if (sta) { 3414 struct iwl_mvm_sta *mvm_sta = iwl_mvm_sta_from_mac80211(sta); 3415 3416 sta_id = mvm_sta->sta_id; 3417 mfp = sta->mfp; 3418 } else if (vif->type == NL80211_IFTYPE_AP && 3419 !(keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE)) { 3420 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 3421 3422 sta_id = mvmvif->mcast_sta.sta_id; 3423 } else { 3424 IWL_ERR(mvm, "Failed to find station id\n"); 3425 return -EINVAL; 3426 } 3427 3428 switch (keyconf->cipher) { 3429 case WLAN_CIPHER_SUITE_TKIP: 3430 addr = iwl_mvm_get_mac_addr(mvm, vif, sta); 3431 /* get phase 1 key from mac80211 */ 3432 ieee80211_get_key_rx_seq(keyconf, 0, &seq); 3433 ieee80211_get_tkip_rx_p1k(keyconf, addr, seq.tkip.iv32, p1k); 3434 ret = iwl_mvm_send_sta_key(mvm, sta_id, keyconf, mcast, 3435 seq.tkip.iv32, p1k, 0, key_offset, 3436 mfp); 3437 break; 3438 case WLAN_CIPHER_SUITE_CCMP: 3439 case WLAN_CIPHER_SUITE_WEP40: 3440 case WLAN_CIPHER_SUITE_WEP104: 3441 case WLAN_CIPHER_SUITE_GCMP: 3442 case WLAN_CIPHER_SUITE_GCMP_256: 3443 ret = iwl_mvm_send_sta_key(mvm, sta_id, keyconf, mcast, 3444 0, NULL, 0, key_offset, mfp); 3445 break; 3446 default: 3447 ret = iwl_mvm_send_sta_key(mvm, sta_id, keyconf, mcast, 3448 0, NULL, 0, key_offset, mfp); 3449 } 3450 3451 return ret; 3452 } 3453 3454 int iwl_mvm_set_sta_key(struct iwl_mvm *mvm, 3455 struct ieee80211_vif *vif, 3456 struct ieee80211_sta *sta, 3457 struct ieee80211_key_conf *keyconf, 3458 u8 key_offset) 3459 { 3460 bool mcast = !(keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE); 3461 struct iwl_mvm_sta *mvm_sta; 3462 u8 sta_id = IWL_MVM_INVALID_STA; 3463 int ret; 3464 static const u8 __maybe_unused zero_addr[ETH_ALEN] = {0}; 3465 3466 lockdep_assert_held(&mvm->mutex); 3467 3468 if (vif->type != NL80211_IFTYPE_AP || 3469 keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE) { 3470 /* Get the station id from the mvm local station table */ 3471 mvm_sta = iwl_mvm_get_key_sta(mvm, vif, sta); 3472 if (!mvm_sta) { 3473 IWL_ERR(mvm, "Failed to find station\n"); 3474 return -EINVAL; 3475 } 3476 sta_id = mvm_sta->sta_id; 3477 3478 /* 3479 * It is possible that the 'sta' parameter is NULL, and thus 3480 * there is a need to retrieve the sta from the local station 3481 * table. 3482 */ 3483 if (!sta) { 3484 sta = rcu_dereference_protected( 3485 mvm->fw_id_to_mac_id[sta_id], 3486 lockdep_is_held(&mvm->mutex)); 3487 if (IS_ERR_OR_NULL(sta)) { 3488 IWL_ERR(mvm, "Invalid station id\n"); 3489 return -EINVAL; 3490 } 3491 } 3492 3493 if (WARN_ON_ONCE(iwl_mvm_sta_from_mac80211(sta)->vif != vif)) 3494 return -EINVAL; 3495 } else { 3496 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 3497 3498 sta_id = mvmvif->mcast_sta.sta_id; 3499 } 3500 3501 if (keyconf->cipher == WLAN_CIPHER_SUITE_AES_CMAC || 3502 keyconf->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 || 3503 keyconf->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256) { 3504 ret = iwl_mvm_send_sta_igtk(mvm, keyconf, sta_id, false); 3505 goto end; 3506 } 3507 3508 /* If the key_offset is not pre-assigned, we need to find a 3509 * new offset to use. In normal cases, the offset is not 3510 * pre-assigned, but during HW_RESTART we want to reuse the 3511 * same indices, so we pass them when this function is called. 3512 * 3513 * In D3 entry, we need to hardcoded the indices (because the 3514 * firmware hardcodes the PTK offset to 0). In this case, we 3515 * need to make sure we don't overwrite the hw_key_idx in the 3516 * keyconf structure, because otherwise we cannot configure 3517 * the original ones back when resuming. 3518 */ 3519 if (key_offset == STA_KEY_IDX_INVALID) { 3520 key_offset = iwl_mvm_set_fw_key_idx(mvm); 3521 if (key_offset == STA_KEY_IDX_INVALID) 3522 return -ENOSPC; 3523 keyconf->hw_key_idx = key_offset; 3524 } 3525 3526 ret = __iwl_mvm_set_sta_key(mvm, vif, sta, keyconf, key_offset, mcast); 3527 if (ret) 3528 goto end; 3529 3530 /* 3531 * For WEP, the same key is used for multicast and unicast. Upload it 3532 * again, using the same key offset, and now pointing the other one 3533 * to the same key slot (offset). 3534 * If this fails, remove the original as well. 3535 */ 3536 if ((keyconf->cipher == WLAN_CIPHER_SUITE_WEP40 || 3537 keyconf->cipher == WLAN_CIPHER_SUITE_WEP104) && 3538 sta) { 3539 ret = __iwl_mvm_set_sta_key(mvm, vif, sta, keyconf, 3540 key_offset, !mcast); 3541 if (ret) { 3542 __iwl_mvm_remove_sta_key(mvm, sta_id, keyconf, mcast); 3543 goto end; 3544 } 3545 } 3546 3547 __set_bit(key_offset, mvm->fw_key_table); 3548 3549 end: 3550 IWL_DEBUG_WEP(mvm, "key: cipher=%x len=%d idx=%d sta=%pM ret=%d\n", 3551 keyconf->cipher, keyconf->keylen, keyconf->keyidx, 3552 sta ? sta->addr : zero_addr, ret); 3553 return ret; 3554 } 3555 3556 int iwl_mvm_remove_sta_key(struct iwl_mvm *mvm, 3557 struct ieee80211_vif *vif, 3558 struct ieee80211_sta *sta, 3559 struct ieee80211_key_conf *keyconf) 3560 { 3561 bool mcast = !(keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE); 3562 struct iwl_mvm_sta *mvm_sta; 3563 u8 sta_id = IWL_MVM_INVALID_STA; 3564 int ret, i; 3565 3566 lockdep_assert_held(&mvm->mutex); 3567 3568 /* Get the station from the mvm local station table */ 3569 mvm_sta = iwl_mvm_get_key_sta(mvm, vif, sta); 3570 if (mvm_sta) 3571 sta_id = mvm_sta->sta_id; 3572 else if (!sta && vif->type == NL80211_IFTYPE_AP && mcast) 3573 sta_id = iwl_mvm_vif_from_mac80211(vif)->mcast_sta.sta_id; 3574 3575 3576 IWL_DEBUG_WEP(mvm, "mvm remove dynamic key: idx=%d sta=%d\n", 3577 keyconf->keyidx, sta_id); 3578 3579 if (keyconf->cipher == WLAN_CIPHER_SUITE_AES_CMAC || 3580 keyconf->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 || 3581 keyconf->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256) 3582 return iwl_mvm_send_sta_igtk(mvm, keyconf, sta_id, true); 3583 3584 if (!__test_and_clear_bit(keyconf->hw_key_idx, mvm->fw_key_table)) { 3585 IWL_ERR(mvm, "offset %d not used in fw key table.\n", 3586 keyconf->hw_key_idx); 3587 return -ENOENT; 3588 } 3589 3590 /* track which key was deleted last */ 3591 for (i = 0; i < STA_KEY_MAX_NUM; i++) { 3592 if (mvm->fw_key_deleted[i] < U8_MAX) 3593 mvm->fw_key_deleted[i]++; 3594 } 3595 mvm->fw_key_deleted[keyconf->hw_key_idx] = 0; 3596 3597 if (sta && !mvm_sta) { 3598 IWL_DEBUG_WEP(mvm, "station non-existent, early return.\n"); 3599 return 0; 3600 } 3601 3602 ret = __iwl_mvm_remove_sta_key(mvm, sta_id, keyconf, mcast); 3603 if (ret) 3604 return ret; 3605 3606 /* delete WEP key twice to get rid of (now useless) offset */ 3607 if (keyconf->cipher == WLAN_CIPHER_SUITE_WEP40 || 3608 keyconf->cipher == WLAN_CIPHER_SUITE_WEP104) 3609 ret = __iwl_mvm_remove_sta_key(mvm, sta_id, keyconf, !mcast); 3610 3611 return ret; 3612 } 3613 3614 void iwl_mvm_update_tkip_key(struct iwl_mvm *mvm, 3615 struct ieee80211_vif *vif, 3616 struct ieee80211_key_conf *keyconf, 3617 struct ieee80211_sta *sta, u32 iv32, 3618 u16 *phase1key) 3619 { 3620 struct iwl_mvm_sta *mvm_sta; 3621 bool mcast = !(keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE); 3622 bool mfp = sta ? sta->mfp : false; 3623 3624 rcu_read_lock(); 3625 3626 mvm_sta = iwl_mvm_get_key_sta(mvm, vif, sta); 3627 if (WARN_ON_ONCE(!mvm_sta)) 3628 goto unlock; 3629 iwl_mvm_send_sta_key(mvm, mvm_sta->sta_id, keyconf, mcast, 3630 iv32, phase1key, CMD_ASYNC, keyconf->hw_key_idx, 3631 mfp); 3632 3633 unlock: 3634 rcu_read_unlock(); 3635 } 3636 3637 void iwl_mvm_sta_modify_ps_wake(struct iwl_mvm *mvm, 3638 struct ieee80211_sta *sta) 3639 { 3640 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 3641 struct iwl_mvm_add_sta_cmd cmd = { 3642 .add_modify = STA_MODE_MODIFY, 3643 .sta_id = mvmsta->sta_id, 3644 .station_flags_msk = cpu_to_le32(STA_FLG_PS), 3645 .mac_id_n_color = cpu_to_le32(mvmsta->mac_id_n_color), 3646 }; 3647 int ret; 3648 3649 ret = iwl_mvm_send_cmd_pdu(mvm, ADD_STA, CMD_ASYNC, 3650 iwl_mvm_add_sta_cmd_size(mvm), &cmd); 3651 if (ret) 3652 IWL_ERR(mvm, "Failed to send ADD_STA command (%d)\n", ret); 3653 } 3654 3655 void iwl_mvm_sta_modify_sleep_tx_count(struct iwl_mvm *mvm, 3656 struct ieee80211_sta *sta, 3657 enum ieee80211_frame_release_type reason, 3658 u16 cnt, u16 tids, bool more_data, 3659 bool single_sta_queue) 3660 { 3661 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 3662 struct iwl_mvm_add_sta_cmd cmd = { 3663 .add_modify = STA_MODE_MODIFY, 3664 .sta_id = mvmsta->sta_id, 3665 .modify_mask = STA_MODIFY_SLEEPING_STA_TX_COUNT, 3666 .sleep_tx_count = cpu_to_le16(cnt), 3667 .mac_id_n_color = cpu_to_le32(mvmsta->mac_id_n_color), 3668 }; 3669 int tid, ret; 3670 unsigned long _tids = tids; 3671 3672 /* convert TIDs to ACs - we don't support TSPEC so that's OK 3673 * Note that this field is reserved and unused by firmware not 3674 * supporting GO uAPSD, so it's safe to always do this. 3675 */ 3676 for_each_set_bit(tid, &_tids, IWL_MAX_TID_COUNT) 3677 cmd.awake_acs |= BIT(tid_to_ucode_ac[tid]); 3678 3679 /* If we're releasing frames from aggregation or dqa queues then check 3680 * if all the queues that we're releasing frames from, combined, have: 3681 * - more frames than the service period, in which case more_data 3682 * needs to be set 3683 * - fewer than 'cnt' frames, in which case we need to adjust the 3684 * firmware command (but do that unconditionally) 3685 */ 3686 if (single_sta_queue) { 3687 int remaining = cnt; 3688 int sleep_tx_count; 3689 3690 spin_lock_bh(&mvmsta->lock); 3691 for_each_set_bit(tid, &_tids, IWL_MAX_TID_COUNT) { 3692 struct iwl_mvm_tid_data *tid_data; 3693 u16 n_queued; 3694 3695 tid_data = &mvmsta->tid_data[tid]; 3696 3697 n_queued = iwl_mvm_tid_queued(mvm, tid_data); 3698 if (n_queued > remaining) { 3699 more_data = true; 3700 remaining = 0; 3701 break; 3702 } 3703 remaining -= n_queued; 3704 } 3705 sleep_tx_count = cnt - remaining; 3706 if (reason == IEEE80211_FRAME_RELEASE_UAPSD) 3707 mvmsta->sleep_tx_count = sleep_tx_count; 3708 spin_unlock_bh(&mvmsta->lock); 3709 3710 cmd.sleep_tx_count = cpu_to_le16(sleep_tx_count); 3711 if (WARN_ON(cnt - remaining == 0)) { 3712 ieee80211_sta_eosp(sta); 3713 return; 3714 } 3715 } 3716 3717 /* Note: this is ignored by firmware not supporting GO uAPSD */ 3718 if (more_data) 3719 cmd.sleep_state_flags |= STA_SLEEP_STATE_MOREDATA; 3720 3721 if (reason == IEEE80211_FRAME_RELEASE_PSPOLL) { 3722 mvmsta->next_status_eosp = true; 3723 cmd.sleep_state_flags |= STA_SLEEP_STATE_PS_POLL; 3724 } else { 3725 cmd.sleep_state_flags |= STA_SLEEP_STATE_UAPSD; 3726 } 3727 3728 /* block the Tx queues until the FW updated the sleep Tx count */ 3729 iwl_trans_block_txq_ptrs(mvm->trans, true); 3730 3731 ret = iwl_mvm_send_cmd_pdu(mvm, ADD_STA, 3732 CMD_ASYNC | CMD_WANT_ASYNC_CALLBACK, 3733 iwl_mvm_add_sta_cmd_size(mvm), &cmd); 3734 if (ret) 3735 IWL_ERR(mvm, "Failed to send ADD_STA command (%d)\n", ret); 3736 } 3737 3738 void iwl_mvm_rx_eosp_notif(struct iwl_mvm *mvm, 3739 struct iwl_rx_cmd_buffer *rxb) 3740 { 3741 struct iwl_rx_packet *pkt = rxb_addr(rxb); 3742 struct iwl_mvm_eosp_notification *notif = (void *)pkt->data; 3743 struct ieee80211_sta *sta; 3744 u32 sta_id = le32_to_cpu(notif->sta_id); 3745 3746 if (WARN_ON_ONCE(sta_id >= mvm->fw->ucode_capa.num_stations)) 3747 return; 3748 3749 rcu_read_lock(); 3750 sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]); 3751 if (!IS_ERR_OR_NULL(sta)) 3752 ieee80211_sta_eosp(sta); 3753 rcu_read_unlock(); 3754 } 3755 3756 void iwl_mvm_sta_modify_disable_tx(struct iwl_mvm *mvm, 3757 struct iwl_mvm_sta *mvmsta, bool disable) 3758 { 3759 struct iwl_mvm_add_sta_cmd cmd = { 3760 .add_modify = STA_MODE_MODIFY, 3761 .sta_id = mvmsta->sta_id, 3762 .station_flags = disable ? cpu_to_le32(STA_FLG_DISABLE_TX) : 0, 3763 .station_flags_msk = cpu_to_le32(STA_FLG_DISABLE_TX), 3764 .mac_id_n_color = cpu_to_le32(mvmsta->mac_id_n_color), 3765 }; 3766 int ret; 3767 3768 ret = iwl_mvm_send_cmd_pdu(mvm, ADD_STA, CMD_ASYNC, 3769 iwl_mvm_add_sta_cmd_size(mvm), &cmd); 3770 if (ret) 3771 IWL_ERR(mvm, "Failed to send ADD_STA command (%d)\n", ret); 3772 } 3773 3774 void iwl_mvm_sta_modify_disable_tx_ap(struct iwl_mvm *mvm, 3775 struct ieee80211_sta *sta, 3776 bool disable) 3777 { 3778 struct iwl_mvm_sta *mvm_sta = iwl_mvm_sta_from_mac80211(sta); 3779 3780 spin_lock_bh(&mvm_sta->lock); 3781 3782 if (mvm_sta->disable_tx == disable) { 3783 spin_unlock_bh(&mvm_sta->lock); 3784 return; 3785 } 3786 3787 mvm_sta->disable_tx = disable; 3788 3789 /* Tell mac80211 to start/stop queuing tx for this station */ 3790 ieee80211_sta_block_awake(mvm->hw, sta, disable); 3791 3792 iwl_mvm_sta_modify_disable_tx(mvm, mvm_sta, disable); 3793 3794 spin_unlock_bh(&mvm_sta->lock); 3795 } 3796 3797 static void iwl_mvm_int_sta_modify_disable_tx(struct iwl_mvm *mvm, 3798 struct iwl_mvm_vif *mvmvif, 3799 struct iwl_mvm_int_sta *sta, 3800 bool disable) 3801 { 3802 u32 id = FW_CMD_ID_AND_COLOR(mvmvif->id, mvmvif->color); 3803 struct iwl_mvm_add_sta_cmd cmd = { 3804 .add_modify = STA_MODE_MODIFY, 3805 .sta_id = sta->sta_id, 3806 .station_flags = disable ? cpu_to_le32(STA_FLG_DISABLE_TX) : 0, 3807 .station_flags_msk = cpu_to_le32(STA_FLG_DISABLE_TX), 3808 .mac_id_n_color = cpu_to_le32(id), 3809 }; 3810 int ret; 3811 3812 ret = iwl_mvm_send_cmd_pdu(mvm, ADD_STA, 0, 3813 iwl_mvm_add_sta_cmd_size(mvm), &cmd); 3814 if (ret) 3815 IWL_ERR(mvm, "Failed to send ADD_STA command (%d)\n", ret); 3816 } 3817 3818 void iwl_mvm_modify_all_sta_disable_tx(struct iwl_mvm *mvm, 3819 struct iwl_mvm_vif *mvmvif, 3820 bool disable) 3821 { 3822 struct ieee80211_sta *sta; 3823 struct iwl_mvm_sta *mvm_sta; 3824 int i; 3825 3826 lockdep_assert_held(&mvm->mutex); 3827 3828 /* Block/unblock all the stations of the given mvmvif */ 3829 for (i = 0; i < mvm->fw->ucode_capa.num_stations; i++) { 3830 sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[i], 3831 lockdep_is_held(&mvm->mutex)); 3832 if (IS_ERR_OR_NULL(sta)) 3833 continue; 3834 3835 mvm_sta = iwl_mvm_sta_from_mac80211(sta); 3836 if (mvm_sta->mac_id_n_color != 3837 FW_CMD_ID_AND_COLOR(mvmvif->id, mvmvif->color)) 3838 continue; 3839 3840 iwl_mvm_sta_modify_disable_tx_ap(mvm, sta, disable); 3841 } 3842 3843 if (!fw_has_api(&mvm->fw->ucode_capa, IWL_UCODE_TLV_API_STA_TYPE)) 3844 return; 3845 3846 /* Need to block/unblock also multicast station */ 3847 if (mvmvif->mcast_sta.sta_id != IWL_MVM_INVALID_STA) 3848 iwl_mvm_int_sta_modify_disable_tx(mvm, mvmvif, 3849 &mvmvif->mcast_sta, disable); 3850 3851 /* 3852 * Only unblock the broadcast station (FW blocks it for immediate 3853 * quiet, not the driver) 3854 */ 3855 if (!disable && mvmvif->bcast_sta.sta_id != IWL_MVM_INVALID_STA) 3856 iwl_mvm_int_sta_modify_disable_tx(mvm, mvmvif, 3857 &mvmvif->bcast_sta, disable); 3858 } 3859 3860 void iwl_mvm_csa_client_absent(struct iwl_mvm *mvm, struct ieee80211_vif *vif) 3861 { 3862 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 3863 struct iwl_mvm_sta *mvmsta; 3864 3865 rcu_read_lock(); 3866 3867 mvmsta = iwl_mvm_sta_from_staid_rcu(mvm, mvmvif->ap_sta_id); 3868 3869 if (!WARN_ON(!mvmsta)) 3870 iwl_mvm_sta_modify_disable_tx(mvm, mvmsta, true); 3871 3872 rcu_read_unlock(); 3873 } 3874 3875 u16 iwl_mvm_tid_queued(struct iwl_mvm *mvm, struct iwl_mvm_tid_data *tid_data) 3876 { 3877 u16 sn = IEEE80211_SEQ_TO_SN(tid_data->seq_number); 3878 3879 /* 3880 * In 22000 HW, the next_reclaimed index is only 8 bit, so we'll need 3881 * to align the wrap around of ssn so we compare relevant values. 3882 */ 3883 if (mvm->trans->trans_cfg->gen2) 3884 sn &= 0xff; 3885 3886 return ieee80211_sn_sub(sn, tid_data->next_reclaimed); 3887 } 3888 3889 int iwl_mvm_add_pasn_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 3890 struct iwl_mvm_int_sta *sta, u8 *addr, u32 cipher, 3891 u8 *key, u32 key_len) 3892 { 3893 int ret; 3894 u16 queue; 3895 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 3896 struct ieee80211_key_conf *keyconf; 3897 3898 ret = iwl_mvm_allocate_int_sta(mvm, sta, 0, 3899 NL80211_IFTYPE_UNSPECIFIED, 3900 IWL_STA_LINK); 3901 if (ret) 3902 return ret; 3903 3904 ret = iwl_mvm_add_int_sta_with_queue(mvm, mvmvif->id, mvmvif->color, 3905 addr, sta, &queue, 3906 IWL_MVM_TX_FIFO_BE); 3907 if (ret) 3908 goto out; 3909 3910 keyconf = kzalloc(sizeof(*keyconf) + key_len, GFP_KERNEL); 3911 if (!keyconf) { 3912 ret = -ENOBUFS; 3913 goto out; 3914 } 3915 3916 keyconf->cipher = cipher; 3917 memcpy(keyconf->key, key, key_len); 3918 keyconf->keylen = key_len; 3919 3920 ret = iwl_mvm_send_sta_key(mvm, sta->sta_id, keyconf, false, 3921 0, NULL, 0, 0, true); 3922 kfree(keyconf); 3923 return 0; 3924 out: 3925 iwl_mvm_dealloc_int_sta(mvm, sta); 3926 return ret; 3927 } 3928