scan.c (29329B)
1// SPDX-License-Identifier: GPL-2.0-only 2/****************************************************************************** 3 * 4 * Copyright(c) 2008 - 2014 Intel Corporation. All rights reserved. 5 * Copyright(c) 2018 Intel Corporation 6 *****************************************************************************/ 7#include <linux/slab.h> 8#include <linux/types.h> 9#include <linux/etherdevice.h> 10#include <net/mac80211.h> 11 12#include "dev.h" 13#include "agn.h" 14 15/* For active scan, listen ACTIVE_DWELL_TIME (msec) on each channel after 16 * sending probe req. This should be set long enough to hear probe responses 17 * from more than one AP. */ 18#define IWL_ACTIVE_DWELL_TIME_24 (30) /* all times in msec */ 19#define IWL_ACTIVE_DWELL_TIME_52 (20) 20 21#define IWL_ACTIVE_DWELL_FACTOR_24GHZ (3) 22#define IWL_ACTIVE_DWELL_FACTOR_52GHZ (2) 23 24/* For passive scan, listen PASSIVE_DWELL_TIME (msec) on each channel. 25 * Must be set longer than active dwell time. 26 * For the most reliable scan, set > AP beacon interval (typically 100msec). */ 27#define IWL_PASSIVE_DWELL_TIME_24 (20) /* all times in msec */ 28#define IWL_PASSIVE_DWELL_TIME_52 (10) 29#define IWL_PASSIVE_DWELL_BASE (100) 30#define IWL_CHANNEL_TUNE_TIME 5 31#define MAX_SCAN_CHANNEL 50 32 33/* For reset radio, need minimal dwell time only */ 34#define IWL_RADIO_RESET_DWELL_TIME 5 35 36static int iwl_send_scan_abort(struct iwl_priv *priv) 37{ 38 int ret; 39 struct iwl_host_cmd cmd = { 40 .id = REPLY_SCAN_ABORT_CMD, 41 .flags = CMD_WANT_SKB, 42 }; 43 __le32 *status; 44 45 /* Exit instantly with error when device is not ready 46 * to receive scan abort command or it does not perform 47 * hardware scan currently */ 48 if (!test_bit(STATUS_READY, &priv->status) || 49 !test_bit(STATUS_SCAN_HW, &priv->status) || 50 test_bit(STATUS_FW_ERROR, &priv->status)) 51 return -EIO; 52 53 ret = iwl_dvm_send_cmd(priv, &cmd); 54 if (ret) 55 return ret; 56 57 status = (void *)cmd.resp_pkt->data; 58 if (*status != CAN_ABORT_STATUS) { 59 /* The scan abort will return 1 for success or 60 * 2 for "failure". A failure condition can be 61 * due to simply not being in an active scan which 62 * can occur if we send the scan abort before we 63 * the microcode has notified us that a scan is 64 * completed. */ 65 IWL_DEBUG_SCAN(priv, "SCAN_ABORT ret %d.\n", 66 le32_to_cpu(*status)); 67 ret = -EIO; 68 } 69 70 iwl_free_resp(&cmd); 71 return ret; 72} 73 74static void iwl_complete_scan(struct iwl_priv *priv, bool aborted) 75{ 76 struct cfg80211_scan_info info = { 77 .aborted = aborted, 78 }; 79 80 /* check if scan was requested from mac80211 */ 81 if (priv->scan_request) { 82 IWL_DEBUG_SCAN(priv, "Complete scan in mac80211\n"); 83 ieee80211_scan_completed(priv->hw, &info); 84 } 85 86 priv->scan_type = IWL_SCAN_NORMAL; 87 priv->scan_vif = NULL; 88 priv->scan_request = NULL; 89} 90 91static void iwl_process_scan_complete(struct iwl_priv *priv) 92{ 93 bool aborted; 94 95 lockdep_assert_held(&priv->mutex); 96 97 if (!test_and_clear_bit(STATUS_SCAN_COMPLETE, &priv->status)) 98 return; 99 100 IWL_DEBUG_SCAN(priv, "Completed scan.\n"); 101 102 cancel_delayed_work(&priv->scan_check); 103 104 aborted = test_and_clear_bit(STATUS_SCAN_ABORTING, &priv->status); 105 if (aborted) 106 IWL_DEBUG_SCAN(priv, "Aborted scan completed.\n"); 107 108 if (!test_and_clear_bit(STATUS_SCANNING, &priv->status)) { 109 IWL_DEBUG_SCAN(priv, "Scan already completed.\n"); 110 goto out_settings; 111 } 112 113 if (priv->scan_type != IWL_SCAN_NORMAL && !aborted) { 114 int err; 115 116 /* Check if mac80211 requested scan during our internal scan */ 117 if (priv->scan_request == NULL) 118 goto out_complete; 119 120 /* If so request a new scan */ 121 err = iwl_scan_initiate(priv, priv->scan_vif, IWL_SCAN_NORMAL, 122 priv->scan_request->channels[0]->band); 123 if (err) { 124 IWL_DEBUG_SCAN(priv, 125 "failed to initiate pending scan: %d\n", err); 126 aborted = true; 127 goto out_complete; 128 } 129 130 return; 131 } 132 133out_complete: 134 iwl_complete_scan(priv, aborted); 135 136out_settings: 137 /* Can we still talk to firmware ? */ 138 if (!iwl_is_ready_rf(priv)) 139 return; 140 141 iwlagn_post_scan(priv); 142} 143 144void iwl_force_scan_end(struct iwl_priv *priv) 145{ 146 lockdep_assert_held(&priv->mutex); 147 148 if (!test_bit(STATUS_SCANNING, &priv->status)) { 149 IWL_DEBUG_SCAN(priv, "Forcing scan end while not scanning\n"); 150 return; 151 } 152 153 IWL_DEBUG_SCAN(priv, "Forcing scan end\n"); 154 clear_bit(STATUS_SCANNING, &priv->status); 155 clear_bit(STATUS_SCAN_HW, &priv->status); 156 clear_bit(STATUS_SCAN_ABORTING, &priv->status); 157 clear_bit(STATUS_SCAN_COMPLETE, &priv->status); 158 iwl_complete_scan(priv, true); 159} 160 161static void iwl_do_scan_abort(struct iwl_priv *priv) 162{ 163 int ret; 164 165 lockdep_assert_held(&priv->mutex); 166 167 if (!test_bit(STATUS_SCANNING, &priv->status)) { 168 IWL_DEBUG_SCAN(priv, "Not performing scan to abort\n"); 169 return; 170 } 171 172 if (test_and_set_bit(STATUS_SCAN_ABORTING, &priv->status)) { 173 IWL_DEBUG_SCAN(priv, "Scan abort in progress\n"); 174 return; 175 } 176 177 ret = iwl_send_scan_abort(priv); 178 if (ret) { 179 IWL_DEBUG_SCAN(priv, "Send scan abort failed %d\n", ret); 180 iwl_force_scan_end(priv); 181 } else 182 IWL_DEBUG_SCAN(priv, "Successfully send scan abort\n"); 183} 184 185/* 186 * iwl_scan_cancel - Cancel any currently executing HW scan 187 */ 188int iwl_scan_cancel(struct iwl_priv *priv) 189{ 190 IWL_DEBUG_SCAN(priv, "Queuing abort scan\n"); 191 queue_work(priv->workqueue, &priv->abort_scan); 192 return 0; 193} 194 195/* 196 * iwl_scan_cancel_timeout - Cancel any currently executing HW scan 197 * @ms: amount of time to wait (in milliseconds) for scan to abort 198 */ 199void iwl_scan_cancel_timeout(struct iwl_priv *priv, unsigned long ms) 200{ 201 unsigned long timeout = jiffies + msecs_to_jiffies(ms); 202 203 lockdep_assert_held(&priv->mutex); 204 205 IWL_DEBUG_SCAN(priv, "Scan cancel timeout\n"); 206 207 iwl_do_scan_abort(priv); 208 209 while (time_before_eq(jiffies, timeout)) { 210 if (!test_bit(STATUS_SCAN_HW, &priv->status)) 211 goto finished; 212 msleep(20); 213 } 214 215 return; 216 217 finished: 218 /* 219 * Now STATUS_SCAN_HW is clear. This means that the 220 * device finished, but the background work is going 221 * to execute at best as soon as we release the mutex. 222 * Since we need to be able to issue a new scan right 223 * after this function returns, run the complete here. 224 * The STATUS_SCAN_COMPLETE bit will then be cleared 225 * and prevent the background work from "completing" 226 * a possible new scan. 227 */ 228 iwl_process_scan_complete(priv); 229} 230 231/* Service response to REPLY_SCAN_CMD (0x80) */ 232static void iwl_rx_reply_scan(struct iwl_priv *priv, 233 struct iwl_rx_cmd_buffer *rxb) 234{ 235#ifdef CONFIG_IWLWIFI_DEBUG 236 struct iwl_rx_packet *pkt = rxb_addr(rxb); 237 struct iwl_scanreq_notification *notif = (void *)pkt->data; 238 239 IWL_DEBUG_SCAN(priv, "Scan request status = 0x%x\n", notif->status); 240#endif 241} 242 243/* Service SCAN_START_NOTIFICATION (0x82) */ 244static void iwl_rx_scan_start_notif(struct iwl_priv *priv, 245 struct iwl_rx_cmd_buffer *rxb) 246{ 247 struct iwl_rx_packet *pkt = rxb_addr(rxb); 248 struct iwl_scanstart_notification *notif = (void *)pkt->data; 249 250 priv->scan_start_tsf = le32_to_cpu(notif->tsf_low); 251 IWL_DEBUG_SCAN(priv, "Scan start: " 252 "%d [802.11%s] " 253 "(TSF: 0x%08X:%08X) - %d (beacon timer %u)\n", 254 notif->channel, 255 notif->band ? "bg" : "a", 256 le32_to_cpu(notif->tsf_high), 257 le32_to_cpu(notif->tsf_low), 258 notif->status, notif->beacon_timer); 259} 260 261/* Service SCAN_RESULTS_NOTIFICATION (0x83) */ 262static void iwl_rx_scan_results_notif(struct iwl_priv *priv, 263 struct iwl_rx_cmd_buffer *rxb) 264{ 265#ifdef CONFIG_IWLWIFI_DEBUG 266 struct iwl_rx_packet *pkt = rxb_addr(rxb); 267 struct iwl_scanresults_notification *notif = (void *)pkt->data; 268 269 IWL_DEBUG_SCAN(priv, "Scan ch.res: " 270 "%d [802.11%s] " 271 "probe status: %u:%u " 272 "(TSF: 0x%08X:%08X) - %d " 273 "elapsed=%lu usec\n", 274 notif->channel, 275 notif->band ? "bg" : "a", 276 notif->probe_status, notif->num_probe_not_sent, 277 le32_to_cpu(notif->tsf_high), 278 le32_to_cpu(notif->tsf_low), 279 le32_to_cpu(notif->statistics[0]), 280 le32_to_cpu(notif->tsf_low) - priv->scan_start_tsf); 281#endif 282} 283 284/* Service SCAN_COMPLETE_NOTIFICATION (0x84) */ 285static void iwl_rx_scan_complete_notif(struct iwl_priv *priv, 286 struct iwl_rx_cmd_buffer *rxb) 287{ 288 struct iwl_rx_packet *pkt = rxb_addr(rxb); 289 struct iwl_scancomplete_notification *scan_notif = (void *)pkt->data; 290 291 IWL_DEBUG_SCAN(priv, "Scan complete: %d channels (TSF 0x%08X:%08X) - %d\n", 292 scan_notif->scanned_channels, 293 scan_notif->tsf_low, 294 scan_notif->tsf_high, scan_notif->status); 295 296 IWL_DEBUG_SCAN(priv, "Scan on %sGHz took %dms\n", 297 (priv->scan_band == NL80211_BAND_2GHZ) ? "2.4" : "5.2", 298 jiffies_to_msecs(jiffies - priv->scan_start)); 299 300 /* 301 * When aborting, we run the scan completed background work inline 302 * and the background work must then do nothing. The SCAN_COMPLETE 303 * bit helps implement that logic and thus needs to be set before 304 * queueing the work. Also, since the scan abort waits for SCAN_HW 305 * to clear, we need to set SCAN_COMPLETE before clearing SCAN_HW 306 * to avoid a race there. 307 */ 308 set_bit(STATUS_SCAN_COMPLETE, &priv->status); 309 clear_bit(STATUS_SCAN_HW, &priv->status); 310 queue_work(priv->workqueue, &priv->scan_completed); 311 312 if (priv->iw_mode != NL80211_IFTYPE_ADHOC && 313 iwl_advanced_bt_coexist(priv) && 314 priv->bt_status != scan_notif->bt_status) { 315 if (scan_notif->bt_status) { 316 /* BT on */ 317 if (!priv->bt_ch_announce) 318 priv->bt_traffic_load = 319 IWL_BT_COEX_TRAFFIC_LOAD_HIGH; 320 /* 321 * otherwise, no traffic load information provided 322 * no changes made 323 */ 324 } else { 325 /* BT off */ 326 priv->bt_traffic_load = 327 IWL_BT_COEX_TRAFFIC_LOAD_NONE; 328 } 329 priv->bt_status = scan_notif->bt_status; 330 queue_work(priv->workqueue, 331 &priv->bt_traffic_change_work); 332 } 333} 334 335void iwl_setup_rx_scan_handlers(struct iwl_priv *priv) 336{ 337 /* scan handlers */ 338 priv->rx_handlers[REPLY_SCAN_CMD] = iwl_rx_reply_scan; 339 priv->rx_handlers[SCAN_START_NOTIFICATION] = iwl_rx_scan_start_notif; 340 priv->rx_handlers[SCAN_RESULTS_NOTIFICATION] = 341 iwl_rx_scan_results_notif; 342 priv->rx_handlers[SCAN_COMPLETE_NOTIFICATION] = 343 iwl_rx_scan_complete_notif; 344} 345 346static u16 iwl_get_active_dwell_time(struct iwl_priv *priv, 347 enum nl80211_band band, u8 n_probes) 348{ 349 if (band == NL80211_BAND_5GHZ) 350 return IWL_ACTIVE_DWELL_TIME_52 + 351 IWL_ACTIVE_DWELL_FACTOR_52GHZ * (n_probes + 1); 352 else 353 return IWL_ACTIVE_DWELL_TIME_24 + 354 IWL_ACTIVE_DWELL_FACTOR_24GHZ * (n_probes + 1); 355} 356 357static u16 iwl_limit_dwell(struct iwl_priv *priv, u16 dwell_time) 358{ 359 struct iwl_rxon_context *ctx; 360 int limits[NUM_IWL_RXON_CTX] = {}; 361 int n_active = 0; 362 u16 limit; 363 364 BUILD_BUG_ON(NUM_IWL_RXON_CTX != 2); 365 366 /* 367 * If we're associated, we clamp the dwell time 98% 368 * of the beacon interval (minus 2 * channel tune time) 369 * If both contexts are active, we have to restrict to 370 * 1/2 of the minimum of them, because they might be in 371 * lock-step with the time inbetween only half of what 372 * time we'd have in each of them. 373 */ 374 for_each_context(priv, ctx) { 375 switch (ctx->staging.dev_type) { 376 case RXON_DEV_TYPE_P2P: 377 /* no timing constraints */ 378 continue; 379 case RXON_DEV_TYPE_ESS: 380 default: 381 /* timing constraints if associated */ 382 if (!iwl_is_associated_ctx(ctx)) 383 continue; 384 break; 385 case RXON_DEV_TYPE_CP: 386 case RXON_DEV_TYPE_2STA: 387 /* 388 * These seem to always have timers for TBTT 389 * active in uCode even when not associated yet. 390 */ 391 break; 392 } 393 394 limits[n_active++] = ctx->beacon_int ?: IWL_PASSIVE_DWELL_BASE; 395 } 396 397 switch (n_active) { 398 case 0: 399 return dwell_time; 400 case 2: 401 limit = (limits[1] * 98) / 100 - IWL_CHANNEL_TUNE_TIME * 2; 402 limit /= 2; 403 dwell_time = min(limit, dwell_time); 404 fallthrough; 405 case 1: 406 limit = (limits[0] * 98) / 100 - IWL_CHANNEL_TUNE_TIME * 2; 407 limit /= n_active; 408 return min(limit, dwell_time); 409 default: 410 WARN_ON_ONCE(1); 411 return dwell_time; 412 } 413} 414 415static u16 iwl_get_passive_dwell_time(struct iwl_priv *priv, 416 enum nl80211_band band) 417{ 418 u16 passive = (band == NL80211_BAND_2GHZ) ? 419 IWL_PASSIVE_DWELL_BASE + IWL_PASSIVE_DWELL_TIME_24 : 420 IWL_PASSIVE_DWELL_BASE + IWL_PASSIVE_DWELL_TIME_52; 421 422 return iwl_limit_dwell(priv, passive); 423} 424 425/* Return valid, unused, channel for a passive scan to reset the RF */ 426static u8 iwl_get_single_channel_number(struct iwl_priv *priv, 427 enum nl80211_band band) 428{ 429 struct ieee80211_supported_band *sband = priv->hw->wiphy->bands[band]; 430 struct iwl_rxon_context *ctx; 431 int i; 432 433 for (i = 0; i < sband->n_channels; i++) { 434 bool busy = false; 435 436 for_each_context(priv, ctx) { 437 busy = sband->channels[i].hw_value == 438 le16_to_cpu(ctx->staging.channel); 439 if (busy) 440 break; 441 } 442 443 if (busy) 444 continue; 445 446 if (!(sband->channels[i].flags & IEEE80211_CHAN_DISABLED)) 447 return sband->channels[i].hw_value; 448 } 449 450 return 0; 451} 452 453static int iwl_get_channel_for_reset_scan(struct iwl_priv *priv, 454 struct ieee80211_vif *vif, 455 enum nl80211_band band, 456 struct iwl_scan_channel *scan_ch) 457{ 458 const struct ieee80211_supported_band *sband; 459 u16 channel; 460 461 sband = iwl_get_hw_mode(priv, band); 462 if (!sband) { 463 IWL_ERR(priv, "invalid band\n"); 464 return 0; 465 } 466 467 channel = iwl_get_single_channel_number(priv, band); 468 if (channel) { 469 scan_ch->channel = cpu_to_le16(channel); 470 scan_ch->type = SCAN_CHANNEL_TYPE_PASSIVE; 471 scan_ch->active_dwell = 472 cpu_to_le16(IWL_RADIO_RESET_DWELL_TIME); 473 scan_ch->passive_dwell = 474 cpu_to_le16(IWL_RADIO_RESET_DWELL_TIME); 475 /* Set txpower levels to defaults */ 476 scan_ch->dsp_atten = 110; 477 if (band == NL80211_BAND_5GHZ) 478 scan_ch->tx_gain = ((1 << 5) | (3 << 3)) | 3; 479 else 480 scan_ch->tx_gain = ((1 << 5) | (5 << 3)); 481 return 1; 482 } 483 484 IWL_ERR(priv, "no valid channel found\n"); 485 return 0; 486} 487 488static int iwl_get_channels_for_scan(struct iwl_priv *priv, 489 struct ieee80211_vif *vif, 490 enum nl80211_band band, 491 u8 is_active, u8 n_probes, 492 struct iwl_scan_channel *scan_ch) 493{ 494 struct ieee80211_channel *chan; 495 const struct ieee80211_supported_band *sband; 496 u16 passive_dwell = 0; 497 u16 active_dwell = 0; 498 int added, i; 499 u16 channel; 500 501 sband = iwl_get_hw_mode(priv, band); 502 if (!sband) 503 return 0; 504 505 active_dwell = iwl_get_active_dwell_time(priv, band, n_probes); 506 passive_dwell = iwl_get_passive_dwell_time(priv, band); 507 508 if (passive_dwell <= active_dwell) 509 passive_dwell = active_dwell + 1; 510 511 for (i = 0, added = 0; i < priv->scan_request->n_channels; i++) { 512 chan = priv->scan_request->channels[i]; 513 514 if (chan->band != band) 515 continue; 516 517 channel = chan->hw_value; 518 scan_ch->channel = cpu_to_le16(channel); 519 520 if (!is_active || (chan->flags & IEEE80211_CHAN_NO_IR)) 521 scan_ch->type = SCAN_CHANNEL_TYPE_PASSIVE; 522 else 523 scan_ch->type = SCAN_CHANNEL_TYPE_ACTIVE; 524 525 if (n_probes) 526 scan_ch->type |= IWL_SCAN_PROBE_MASK(n_probes); 527 528 scan_ch->active_dwell = cpu_to_le16(active_dwell); 529 scan_ch->passive_dwell = cpu_to_le16(passive_dwell); 530 531 /* Set txpower levels to defaults */ 532 scan_ch->dsp_atten = 110; 533 534 /* NOTE: if we were doing 6Mb OFDM for scans we'd use 535 * power level: 536 * scan_ch->tx_gain = ((1 << 5) | (2 << 3)) | 3; 537 */ 538 if (band == NL80211_BAND_5GHZ) 539 scan_ch->tx_gain = ((1 << 5) | (3 << 3)) | 3; 540 else 541 scan_ch->tx_gain = ((1 << 5) | (5 << 3)); 542 543 IWL_DEBUG_SCAN(priv, "Scanning ch=%d prob=0x%X [%s %d]\n", 544 channel, le32_to_cpu(scan_ch->type), 545 (scan_ch->type & SCAN_CHANNEL_TYPE_ACTIVE) ? 546 "ACTIVE" : "PASSIVE", 547 (scan_ch->type & SCAN_CHANNEL_TYPE_ACTIVE) ? 548 active_dwell : passive_dwell); 549 550 scan_ch++; 551 added++; 552 } 553 554 IWL_DEBUG_SCAN(priv, "total channels to scan %d\n", added); 555 return added; 556} 557 558/* 559 * iwl_fill_probe_req - fill in all required fields and IE for probe request 560 */ 561static u16 iwl_fill_probe_req(struct ieee80211_mgmt *frame, const u8 *ta, 562 const u8 *ies, int ie_len, const u8 *ssid, 563 u8 ssid_len, int left) 564{ 565 int len = 0; 566 u8 *pos = NULL; 567 568 /* Make sure there is enough space for the probe request, 569 * two mandatory IEs and the data */ 570 left -= 24; 571 if (left < 0) 572 return 0; 573 574 frame->frame_control = cpu_to_le16(IEEE80211_STYPE_PROBE_REQ); 575 eth_broadcast_addr(frame->da); 576 memcpy(frame->sa, ta, ETH_ALEN); 577 eth_broadcast_addr(frame->bssid); 578 frame->seq_ctrl = 0; 579 580 len += 24; 581 582 /* ...next IE... */ 583 pos = &frame->u.probe_req.variable[0]; 584 585 /* fill in our SSID IE */ 586 left -= ssid_len + 2; 587 if (left < 0) 588 return 0; 589 *pos++ = WLAN_EID_SSID; 590 *pos++ = ssid_len; 591 if (ssid && ssid_len) { 592 memcpy(pos, ssid, ssid_len); 593 pos += ssid_len; 594 } 595 596 len += ssid_len + 2; 597 598 if (WARN_ON(left < ie_len)) 599 return len; 600 601 if (ies && ie_len) { 602 memcpy(pos, ies, ie_len); 603 len += ie_len; 604 } 605 606 return (u16)len; 607} 608 609static int iwlagn_request_scan(struct iwl_priv *priv, struct ieee80211_vif *vif) 610{ 611 struct iwl_host_cmd cmd = { 612 .id = REPLY_SCAN_CMD, 613 .len = { sizeof(struct iwl_scan_cmd), }, 614 }; 615 struct iwl_scan_cmd *scan; 616 struct iwl_rxon_context *ctx = &priv->contexts[IWL_RXON_CTX_BSS]; 617 u32 rate_flags = 0; 618 u16 cmd_len = 0; 619 u16 rx_chain = 0; 620 enum nl80211_band band; 621 u8 n_probes = 0; 622 u8 rx_ant = priv->nvm_data->valid_rx_ant; 623 u8 rate; 624 bool is_active = false; 625 int chan_mod; 626 u8 active_chains; 627 u8 scan_tx_antennas = priv->nvm_data->valid_tx_ant; 628 int ret; 629 int scan_cmd_size = sizeof(struct iwl_scan_cmd) + 630 MAX_SCAN_CHANNEL * sizeof(struct iwl_scan_channel) + 631 priv->fw->ucode_capa.max_probe_length; 632 const u8 *ssid = NULL; 633 u8 ssid_len = 0; 634 635 if (WARN_ON(priv->scan_type == IWL_SCAN_NORMAL && 636 (!priv->scan_request || 637 priv->scan_request->n_channels > MAX_SCAN_CHANNEL))) 638 return -EINVAL; 639 640 lockdep_assert_held(&priv->mutex); 641 642 if (vif) 643 ctx = iwl_rxon_ctx_from_vif(vif); 644 645 if (!priv->scan_cmd) { 646 priv->scan_cmd = kmalloc(scan_cmd_size, GFP_KERNEL); 647 if (!priv->scan_cmd) { 648 IWL_DEBUG_SCAN(priv, 649 "fail to allocate memory for scan\n"); 650 return -ENOMEM; 651 } 652 } 653 scan = priv->scan_cmd; 654 memset(scan, 0, scan_cmd_size); 655 656 scan->quiet_plcp_th = IWL_PLCP_QUIET_THRESH; 657 scan->quiet_time = IWL_ACTIVE_QUIET_TIME; 658 659 if (iwl_is_any_associated(priv)) { 660 u16 interval = 0; 661 u32 extra; 662 u32 suspend_time = 100; 663 u32 scan_suspend_time = 100; 664 665 IWL_DEBUG_INFO(priv, "Scanning while associated...\n"); 666 switch (priv->scan_type) { 667 case IWL_SCAN_RADIO_RESET: 668 interval = 0; 669 break; 670 case IWL_SCAN_NORMAL: 671 interval = vif->bss_conf.beacon_int; 672 break; 673 } 674 675 scan->suspend_time = 0; 676 scan->max_out_time = cpu_to_le32(200 * 1024); 677 if (!interval) 678 interval = suspend_time; 679 680 extra = (suspend_time / interval) << 22; 681 scan_suspend_time = (extra | 682 ((suspend_time % interval) * 1024)); 683 scan->suspend_time = cpu_to_le32(scan_suspend_time); 684 IWL_DEBUG_SCAN(priv, "suspend_time 0x%X beacon interval %d\n", 685 scan_suspend_time, interval); 686 } 687 688 switch (priv->scan_type) { 689 case IWL_SCAN_RADIO_RESET: 690 IWL_DEBUG_SCAN(priv, "Start internal passive scan.\n"); 691 /* 692 * Override quiet time as firmware checks that active 693 * dwell is >= quiet; since we use passive scan it'll 694 * not actually be used. 695 */ 696 scan->quiet_time = cpu_to_le16(IWL_RADIO_RESET_DWELL_TIME); 697 break; 698 case IWL_SCAN_NORMAL: 699 if (priv->scan_request->n_ssids) { 700 int i, p = 0; 701 IWL_DEBUG_SCAN(priv, "Kicking off active scan\n"); 702 /* 703 * The highest priority SSID is inserted to the 704 * probe request template. 705 */ 706 ssid_len = priv->scan_request->ssids[0].ssid_len; 707 ssid = priv->scan_request->ssids[0].ssid; 708 709 /* 710 * Invert the order of ssids, the firmware will invert 711 * it back. 712 */ 713 for (i = priv->scan_request->n_ssids - 1; i >= 1; i--) { 714 scan->direct_scan[p].id = WLAN_EID_SSID; 715 scan->direct_scan[p].len = 716 priv->scan_request->ssids[i].ssid_len; 717 memcpy(scan->direct_scan[p].ssid, 718 priv->scan_request->ssids[i].ssid, 719 priv->scan_request->ssids[i].ssid_len); 720 n_probes++; 721 p++; 722 } 723 is_active = true; 724 } else 725 IWL_DEBUG_SCAN(priv, "Start passive scan.\n"); 726 break; 727 } 728 729 scan->tx_cmd.tx_flags = TX_CMD_FLG_SEQ_CTL_MSK; 730 scan->tx_cmd.sta_id = ctx->bcast_sta_id; 731 scan->tx_cmd.stop_time.life_time = TX_CMD_LIFE_TIME_INFINITE; 732 733 switch (priv->scan_band) { 734 case NL80211_BAND_2GHZ: 735 scan->flags = RXON_FLG_BAND_24G_MSK | RXON_FLG_AUTO_DETECT_MSK; 736 chan_mod = le32_to_cpu( 737 priv->contexts[IWL_RXON_CTX_BSS].active.flags & 738 RXON_FLG_CHANNEL_MODE_MSK) 739 >> RXON_FLG_CHANNEL_MODE_POS; 740 if ((priv->scan_request && priv->scan_request->no_cck) || 741 chan_mod == CHANNEL_MODE_PURE_40) { 742 rate = IWL_RATE_6M_PLCP; 743 } else { 744 rate = IWL_RATE_1M_PLCP; 745 rate_flags = RATE_MCS_CCK_MSK; 746 } 747 /* 748 * Internal scans are passive, so we can indiscriminately set 749 * the BT ignore flag on 2.4 GHz since it applies to TX only. 750 */ 751 if (priv->lib->bt_params && 752 priv->lib->bt_params->advanced_bt_coexist) 753 scan->tx_cmd.tx_flags |= TX_CMD_FLG_IGNORE_BT; 754 break; 755 case NL80211_BAND_5GHZ: 756 rate = IWL_RATE_6M_PLCP; 757 break; 758 default: 759 IWL_WARN(priv, "Invalid scan band\n"); 760 return -EIO; 761 } 762 763 /* 764 * If active scanning is requested but a certain channel is 765 * marked passive, we can do active scanning if we detect 766 * transmissions. 767 * 768 * There is an issue with some firmware versions that triggers 769 * a sysassert on a "good CRC threshold" of zero (== disabled), 770 * on a radar channel even though this means that we should NOT 771 * send probes. 772 * 773 * The "good CRC threshold" is the number of frames that we 774 * need to receive during our dwell time on a channel before 775 * sending out probes -- setting this to a huge value will 776 * mean we never reach it, but at the same time work around 777 * the aforementioned issue. Thus use IWL_GOOD_CRC_TH_NEVER 778 * here instead of IWL_GOOD_CRC_TH_DISABLED. 779 * 780 * This was fixed in later versions along with some other 781 * scan changes, and the threshold behaves as a flag in those 782 * versions. 783 */ 784 if (priv->new_scan_threshold_behaviour) 785 scan->good_CRC_th = is_active ? IWL_GOOD_CRC_TH_DEFAULT : 786 IWL_GOOD_CRC_TH_DISABLED; 787 else 788 scan->good_CRC_th = is_active ? IWL_GOOD_CRC_TH_DEFAULT : 789 IWL_GOOD_CRC_TH_NEVER; 790 791 band = priv->scan_band; 792 793 if (band == NL80211_BAND_2GHZ && 794 priv->lib->bt_params && 795 priv->lib->bt_params->advanced_bt_coexist) { 796 /* transmit 2.4 GHz probes only on first antenna */ 797 scan_tx_antennas = first_antenna(scan_tx_antennas); 798 } 799 800 priv->scan_tx_ant[band] = iwl_toggle_tx_ant(priv, 801 priv->scan_tx_ant[band], 802 scan_tx_antennas); 803 rate_flags |= iwl_ant_idx_to_flags(priv->scan_tx_ant[band]); 804 scan->tx_cmd.rate_n_flags = iwl_hw_set_rate_n_flags(rate, rate_flags); 805 806 /* 807 * In power save mode while associated use one chain, 808 * otherwise use all chains 809 */ 810 if (test_bit(STATUS_POWER_PMI, &priv->status) && 811 !(priv->hw->conf.flags & IEEE80211_CONF_IDLE)) { 812 /* rx_ant has been set to all valid chains previously */ 813 active_chains = rx_ant & 814 ((u8)(priv->chain_noise_data.active_chains)); 815 if (!active_chains) 816 active_chains = rx_ant; 817 818 IWL_DEBUG_SCAN(priv, "chain_noise_data.active_chains: %u\n", 819 priv->chain_noise_data.active_chains); 820 821 rx_ant = first_antenna(active_chains); 822 } 823 if (priv->lib->bt_params && 824 priv->lib->bt_params->advanced_bt_coexist && 825 priv->bt_full_concurrent) { 826 /* operated as 1x1 in full concurrency mode */ 827 rx_ant = first_antenna(rx_ant); 828 } 829 830 /* MIMO is not used here, but value is required */ 831 rx_chain |= 832 priv->nvm_data->valid_rx_ant << RXON_RX_CHAIN_VALID_POS; 833 rx_chain |= rx_ant << RXON_RX_CHAIN_FORCE_MIMO_SEL_POS; 834 rx_chain |= rx_ant << RXON_RX_CHAIN_FORCE_SEL_POS; 835 rx_chain |= 0x1 << RXON_RX_CHAIN_DRIVER_FORCE_POS; 836 scan->rx_chain = cpu_to_le16(rx_chain); 837 switch (priv->scan_type) { 838 case IWL_SCAN_NORMAL: 839 cmd_len = iwl_fill_probe_req( 840 (struct ieee80211_mgmt *)scan->data, 841 vif->addr, 842 priv->scan_request->ie, 843 priv->scan_request->ie_len, 844 ssid, ssid_len, 845 scan_cmd_size - sizeof(*scan)); 846 break; 847 case IWL_SCAN_RADIO_RESET: 848 /* use bcast addr, will not be transmitted but must be valid */ 849 cmd_len = iwl_fill_probe_req( 850 (struct ieee80211_mgmt *)scan->data, 851 iwl_bcast_addr, NULL, 0, 852 NULL, 0, 853 scan_cmd_size - sizeof(*scan)); 854 break; 855 default: 856 BUG(); 857 } 858 scan->tx_cmd.len = cpu_to_le16(cmd_len); 859 860 scan->filter_flags |= (RXON_FILTER_ACCEPT_GRP_MSK | 861 RXON_FILTER_BCON_AWARE_MSK); 862 863 switch (priv->scan_type) { 864 case IWL_SCAN_RADIO_RESET: 865 scan->channel_count = 866 iwl_get_channel_for_reset_scan(priv, vif, band, 867 (void *)&scan->data[cmd_len]); 868 break; 869 case IWL_SCAN_NORMAL: 870 scan->channel_count = 871 iwl_get_channels_for_scan(priv, vif, band, 872 is_active, n_probes, 873 (void *)&scan->data[cmd_len]); 874 break; 875 } 876 877 if (scan->channel_count == 0) { 878 IWL_DEBUG_SCAN(priv, "channel count %d\n", scan->channel_count); 879 return -EIO; 880 } 881 882 cmd.len[0] += le16_to_cpu(scan->tx_cmd.len) + 883 scan->channel_count * sizeof(struct iwl_scan_channel); 884 cmd.data[0] = scan; 885 cmd.dataflags[0] = IWL_HCMD_DFL_NOCOPY; 886 scan->len = cpu_to_le16(cmd.len[0]); 887 888 /* set scan bit here for PAN params */ 889 set_bit(STATUS_SCAN_HW, &priv->status); 890 891 ret = iwlagn_set_pan_params(priv); 892 if (ret) { 893 clear_bit(STATUS_SCAN_HW, &priv->status); 894 return ret; 895 } 896 897 ret = iwl_dvm_send_cmd(priv, &cmd); 898 if (ret) { 899 clear_bit(STATUS_SCAN_HW, &priv->status); 900 iwlagn_set_pan_params(priv); 901 } 902 903 return ret; 904} 905 906void iwl_init_scan_params(struct iwl_priv *priv) 907{ 908 u8 ant_idx = fls(priv->nvm_data->valid_tx_ant) - 1; 909 if (!priv->scan_tx_ant[NL80211_BAND_5GHZ]) 910 priv->scan_tx_ant[NL80211_BAND_5GHZ] = ant_idx; 911 if (!priv->scan_tx_ant[NL80211_BAND_2GHZ]) 912 priv->scan_tx_ant[NL80211_BAND_2GHZ] = ant_idx; 913} 914 915int __must_check iwl_scan_initiate(struct iwl_priv *priv, 916 struct ieee80211_vif *vif, 917 enum iwl_scan_type scan_type, 918 enum nl80211_band band) 919{ 920 int ret; 921 922 lockdep_assert_held(&priv->mutex); 923 924 cancel_delayed_work(&priv->scan_check); 925 926 if (!iwl_is_ready_rf(priv)) { 927 IWL_WARN(priv, "Request scan called when driver not ready.\n"); 928 return -EIO; 929 } 930 931 if (test_bit(STATUS_SCAN_HW, &priv->status)) { 932 IWL_DEBUG_SCAN(priv, 933 "Multiple concurrent scan requests in parallel.\n"); 934 return -EBUSY; 935 } 936 937 if (test_bit(STATUS_SCAN_ABORTING, &priv->status)) { 938 IWL_DEBUG_SCAN(priv, "Scan request while abort pending.\n"); 939 return -EBUSY; 940 } 941 942 IWL_DEBUG_SCAN(priv, "Starting %sscan...\n", 943 scan_type == IWL_SCAN_NORMAL ? "" : 944 "internal short "); 945 946 set_bit(STATUS_SCANNING, &priv->status); 947 priv->scan_type = scan_type; 948 priv->scan_start = jiffies; 949 priv->scan_band = band; 950 951 ret = iwlagn_request_scan(priv, vif); 952 if (ret) { 953 clear_bit(STATUS_SCANNING, &priv->status); 954 priv->scan_type = IWL_SCAN_NORMAL; 955 return ret; 956 } 957 958 queue_delayed_work(priv->workqueue, &priv->scan_check, 959 IWL_SCAN_CHECK_WATCHDOG); 960 961 return 0; 962} 963 964 965/* 966 * internal short scan, this function should only been called while associated. 967 * It will reset and tune the radio to prevent possible RF related problem 968 */ 969void iwl_internal_short_hw_scan(struct iwl_priv *priv) 970{ 971 queue_work(priv->workqueue, &priv->start_internal_scan); 972} 973 974static void iwl_bg_start_internal_scan(struct work_struct *work) 975{ 976 struct iwl_priv *priv = 977 container_of(work, struct iwl_priv, start_internal_scan); 978 979 IWL_DEBUG_SCAN(priv, "Start internal scan\n"); 980 981 mutex_lock(&priv->mutex); 982 983 if (priv->scan_type == IWL_SCAN_RADIO_RESET) { 984 IWL_DEBUG_SCAN(priv, "Internal scan already in progress\n"); 985 goto unlock; 986 } 987 988 if (test_bit(STATUS_SCANNING, &priv->status)) { 989 IWL_DEBUG_SCAN(priv, "Scan already in progress.\n"); 990 goto unlock; 991 } 992 993 if (iwl_scan_initiate(priv, NULL, IWL_SCAN_RADIO_RESET, priv->band)) 994 IWL_DEBUG_SCAN(priv, "failed to start internal short scan\n"); 995 unlock: 996 mutex_unlock(&priv->mutex); 997} 998 999static void iwl_bg_scan_check(struct work_struct *data) 1000{ 1001 struct iwl_priv *priv = 1002 container_of(data, struct iwl_priv, scan_check.work); 1003 1004 IWL_DEBUG_SCAN(priv, "Scan check work\n"); 1005 1006 /* Since we are here firmware does not finish scan and 1007 * most likely is in bad shape, so we don't bother to 1008 * send abort command, just force scan complete to mac80211 */ 1009 mutex_lock(&priv->mutex); 1010 iwl_force_scan_end(priv); 1011 mutex_unlock(&priv->mutex); 1012} 1013 1014static void iwl_bg_abort_scan(struct work_struct *work) 1015{ 1016 struct iwl_priv *priv = container_of(work, struct iwl_priv, abort_scan); 1017 1018 IWL_DEBUG_SCAN(priv, "Abort scan work\n"); 1019 1020 /* We keep scan_check work queued in case when firmware will not 1021 * report back scan completed notification */ 1022 mutex_lock(&priv->mutex); 1023 iwl_scan_cancel_timeout(priv, 200); 1024 mutex_unlock(&priv->mutex); 1025} 1026 1027static void iwl_bg_scan_completed(struct work_struct *work) 1028{ 1029 struct iwl_priv *priv = 1030 container_of(work, struct iwl_priv, scan_completed); 1031 1032 mutex_lock(&priv->mutex); 1033 iwl_process_scan_complete(priv); 1034 mutex_unlock(&priv->mutex); 1035} 1036 1037void iwl_setup_scan_deferred_work(struct iwl_priv *priv) 1038{ 1039 INIT_WORK(&priv->scan_completed, iwl_bg_scan_completed); 1040 INIT_WORK(&priv->abort_scan, iwl_bg_abort_scan); 1041 INIT_WORK(&priv->start_internal_scan, iwl_bg_start_internal_scan); 1042 INIT_DELAYED_WORK(&priv->scan_check, iwl_bg_scan_check); 1043} 1044 1045void iwl_cancel_scan_deferred_work(struct iwl_priv *priv) 1046{ 1047 cancel_work_sync(&priv->start_internal_scan); 1048 cancel_work_sync(&priv->abort_scan); 1049 cancel_work_sync(&priv->scan_completed); 1050 1051 if (cancel_delayed_work_sync(&priv->scan_check)) { 1052 mutex_lock(&priv->mutex); 1053 iwl_force_scan_end(priv); 1054 mutex_unlock(&priv->mutex); 1055 } 1056}