1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
2 /*
3 * Copyright (C) 2012-2014, 2018-2025 Intel Corporation
4 * Copyright (C) 2013-2015 Intel Mobile Communications GmbH
5 * Copyright (C) 2017 Intel Deutschland GmbH
6 */
7 #include <linux/jiffies.h>
8 #include <net/mac80211.h>
9
10 #include "fw/notif-wait.h"
11 #include "iwl-trans.h"
12 #include "fw-api.h"
13 #include "time-event.h"
14 #include "mvm.h"
15 #include "iwl-io.h"
16 #include "iwl-prph.h"
17
18 /*
19 * For the high priority TE use a time event type that has similar priority to
20 * the FW's action scan priority.
21 */
22 #define IWL_MVM_ROC_TE_TYPE_NORMAL TE_P2P_DEVICE_DISCOVERABLE
23 #define IWL_MVM_ROC_TE_TYPE_MGMT_TX TE_P2P_CLIENT_ASSOC
24
iwl_mvm_te_clear_data(struct iwl_mvm * mvm,struct iwl_mvm_time_event_data * te_data)25 void iwl_mvm_te_clear_data(struct iwl_mvm *mvm,
26 struct iwl_mvm_time_event_data *te_data)
27 {
28 lockdep_assert_held(&mvm->time_event_lock);
29
30 if (!te_data || !te_data->vif)
31 return;
32
33 list_del(&te_data->list);
34
35 /*
36 * the list is only used for AUX ROC events so make sure it is always
37 * initialized
38 */
39 INIT_LIST_HEAD(&te_data->list);
40
41 te_data->running = false;
42 te_data->uid = 0;
43 te_data->id = TE_MAX;
44 te_data->vif = NULL;
45 }
46
iwl_mvm_cleanup_roc(struct iwl_mvm * mvm)47 static void iwl_mvm_cleanup_roc(struct iwl_mvm *mvm)
48 {
49 struct ieee80211_vif *vif = mvm->p2p_device_vif;
50
51 lockdep_assert_held(&mvm->mutex);
52
53 /*
54 * Clear the ROC_P2P_RUNNING status bit.
55 * This will cause the TX path to drop offchannel transmissions.
56 * That would also be done by mac80211, but it is racy, in particular
57 * in the case that the time event actually completed in the firmware.
58 *
59 * Also flush the offchannel queue -- this is called when the time
60 * event finishes or is canceled, so that frames queued for it
61 * won't get stuck on the queue and be transmitted in the next
62 * time event.
63 */
64 if (test_and_clear_bit(IWL_MVM_STATUS_ROC_P2P_RUNNING, &mvm->status)) {
65 struct iwl_mvm_vif *mvmvif;
66
67 synchronize_net();
68
69 /*
70 * NB: access to this pointer would be racy, but the flush bit
71 * can only be set when we had a P2P-Device VIF, and we have a
72 * flush of this work in iwl_mvm_prepare_mac_removal() so it's
73 * not really racy.
74 */
75
76 if (!WARN_ON(!vif)) {
77 mvmvif = iwl_mvm_vif_from_mac80211(vif);
78 iwl_mvm_flush_sta(mvm, mvmvif->deflink.bcast_sta.sta_id,
79 mvmvif->deflink.bcast_sta.tfd_queue_msk);
80
81 if (mvm->mld_api_is_used) {
82 iwl_mvm_mld_rm_bcast_sta(mvm, vif,
83 &vif->bss_conf);
84
85 iwl_mvm_link_changed(mvm, vif, &vif->bss_conf,
86 LINK_CONTEXT_MODIFY_ACTIVE,
87 false);
88 } else {
89 iwl_mvm_rm_p2p_bcast_sta(mvm, vif);
90 iwl_mvm_binding_remove_vif(mvm, vif);
91 }
92
93 /* Do not remove the PHY context as removing and adding
94 * a PHY context has timing overheads. Leaving it
95 * configured in FW would be useful in case the next ROC
96 * is with the same channel.
97 */
98 }
99 }
100
101 /*
102 * P2P AUX ROC and HS2.0 ROC do not run simultaneously.
103 * Clear the ROC_AUX_RUNNING status bit.
104 * This will cause the TX path to drop offchannel transmissions.
105 * That would also be done by mac80211, but it is racy, in particular
106 * in the case that the time event actually completed in the firmware
107 * (which is handled in iwl_mvm_te_handle_notif).
108 */
109 if (test_and_clear_bit(IWL_MVM_STATUS_ROC_AUX_RUNNING, &mvm->status)) {
110 synchronize_net();
111
112 iwl_mvm_flush_sta(mvm, mvm->aux_sta.sta_id,
113 mvm->aux_sta.tfd_queue_msk);
114
115 /* In newer version of this command an aux station is added only
116 * in cases of dedicated tx queue and need to be removed in end
117 * of use. For the even newer mld api, use the appropriate
118 * function.
119 */
120 if (mvm->mld_api_is_used)
121 iwl_mvm_mld_rm_aux_sta(mvm);
122 else if (iwl_mvm_has_new_station_api(mvm->fw))
123 iwl_mvm_rm_aux_sta(mvm);
124 }
125
126 mutex_unlock(&mvm->mutex);
127 }
128
iwl_mvm_roc_done_wk(struct work_struct * wk)129 void iwl_mvm_roc_done_wk(struct work_struct *wk)
130 {
131 struct iwl_mvm *mvm = container_of(wk, struct iwl_mvm, roc_done_wk);
132
133 mutex_lock(&mvm->mutex);
134 /* Mutex is released inside */
135 iwl_mvm_cleanup_roc(mvm);
136 }
137
iwl_mvm_roc_finished(struct iwl_mvm * mvm)138 static void iwl_mvm_roc_finished(struct iwl_mvm *mvm)
139 {
140 /*
141 * Of course, our status bit is just as racy as mac80211, so in
142 * addition, fire off the work struct which will drop all frames
143 * from the hardware queues that made it through the race. First
144 * it will of course synchronize the TX path to make sure that
145 * any *new* TX will be rejected.
146 */
147 schedule_work(&mvm->roc_done_wk);
148 }
149
iwl_mvm_csa_noa_start(struct iwl_mvm * mvm)150 static void iwl_mvm_csa_noa_start(struct iwl_mvm *mvm)
151 {
152 struct ieee80211_vif *csa_vif;
153
154 rcu_read_lock();
155
156 csa_vif = rcu_dereference(mvm->csa_vif);
157 if (!csa_vif || !csa_vif->bss_conf.csa_active)
158 goto out_unlock;
159
160 IWL_DEBUG_TE(mvm, "CSA NOA started\n");
161
162 /*
163 * CSA NoA is started but we still have beacons to
164 * transmit on the current channel.
165 * So we just do nothing here and the switch
166 * will be performed on the last TBTT.
167 */
168 if (!ieee80211_beacon_cntdwn_is_complete(csa_vif, 0)) {
169 IWL_WARN(mvm, "CSA NOA started too early\n");
170 goto out_unlock;
171 }
172
173 ieee80211_csa_finish(csa_vif, 0);
174
175 rcu_read_unlock();
176
177 RCU_INIT_POINTER(mvm->csa_vif, NULL);
178
179 return;
180
181 out_unlock:
182 rcu_read_unlock();
183 }
184
iwl_mvm_te_check_disconnect(struct iwl_mvm * mvm,struct ieee80211_vif * vif,const char * errmsg)185 static bool iwl_mvm_te_check_disconnect(struct iwl_mvm *mvm,
186 struct ieee80211_vif *vif,
187 const char *errmsg)
188 {
189 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
190
191 if (vif->type != NL80211_IFTYPE_STATION)
192 return false;
193
194 if (!mvmvif->csa_bcn_pending && vif->cfg.assoc &&
195 vif->bss_conf.dtim_period)
196 return false;
197 if (errmsg)
198 IWL_ERR(mvm, "%s\n", errmsg);
199
200 if (mvmvif->csa_bcn_pending) {
201 struct iwl_mvm_sta *mvmsta;
202
203 rcu_read_lock();
204 mvmsta = iwl_mvm_sta_from_staid_rcu(mvm,
205 mvmvif->deflink.ap_sta_id);
206 if (!WARN_ON(!mvmsta))
207 iwl_mvm_sta_modify_disable_tx(mvm, mvmsta, false);
208 rcu_read_unlock();
209 }
210
211 if (vif->cfg.assoc) {
212 /*
213 * When not associated, this will be called from
214 * iwl_mvm_event_mlme_callback_ini()
215 */
216 iwl_dbg_tlv_time_point(&mvm->fwrt,
217 IWL_FW_INI_TIME_POINT_ASSOC_FAILED,
218 NULL);
219
220 mvmvif->session_prot_connection_loss = true;
221 }
222
223 iwl_mvm_connection_loss(mvm, vif, errmsg);
224 return true;
225 }
226
227 static void
iwl_mvm_te_handle_notify_csa(struct iwl_mvm * mvm,struct iwl_mvm_time_event_data * te_data,struct iwl_time_event_notif * notif)228 iwl_mvm_te_handle_notify_csa(struct iwl_mvm *mvm,
229 struct iwl_mvm_time_event_data *te_data,
230 struct iwl_time_event_notif *notif)
231 {
232 struct ieee80211_vif *vif = te_data->vif;
233 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
234
235 if (!notif->status)
236 IWL_DEBUG_TE(mvm, "CSA time event failed to start\n");
237
238 switch (te_data->vif->type) {
239 case NL80211_IFTYPE_AP:
240 if (!notif->status)
241 mvmvif->csa_failed = true;
242 iwl_mvm_csa_noa_start(mvm);
243 break;
244 case NL80211_IFTYPE_STATION:
245 if (!notif->status) {
246 iwl_mvm_connection_loss(mvm, vif,
247 "CSA TE failed to start");
248 break;
249 }
250 iwl_mvm_csa_client_absent(mvm, te_data->vif);
251 cancel_delayed_work(&mvmvif->csa_work);
252 ieee80211_chswitch_done(te_data->vif, true, 0);
253 break;
254 default:
255 /* should never happen */
256 WARN_ON_ONCE(1);
257 break;
258 }
259
260 /* we don't need it anymore */
261 iwl_mvm_te_clear_data(mvm, te_data);
262 }
263
iwl_mvm_te_check_trigger(struct iwl_mvm * mvm,struct iwl_time_event_notif * notif,struct iwl_mvm_time_event_data * te_data)264 static void iwl_mvm_te_check_trigger(struct iwl_mvm *mvm,
265 struct iwl_time_event_notif *notif,
266 struct iwl_mvm_time_event_data *te_data)
267 {
268 struct iwl_fw_dbg_trigger_tlv *trig;
269 struct iwl_fw_dbg_trigger_time_event *te_trig;
270 int i;
271
272 trig = iwl_fw_dbg_trigger_on(&mvm->fwrt,
273 ieee80211_vif_to_wdev(te_data->vif),
274 FW_DBG_TRIGGER_TIME_EVENT);
275 if (!trig)
276 return;
277
278 te_trig = (void *)trig->data;
279
280 for (i = 0; i < ARRAY_SIZE(te_trig->time_events); i++) {
281 u32 trig_te_id = le32_to_cpu(te_trig->time_events[i].id);
282 u32 trig_action_bitmap =
283 le32_to_cpu(te_trig->time_events[i].action_bitmap);
284 u32 trig_status_bitmap =
285 le32_to_cpu(te_trig->time_events[i].status_bitmap);
286
287 if (trig_te_id != te_data->id ||
288 !(trig_action_bitmap & le32_to_cpu(notif->action)) ||
289 !(trig_status_bitmap & BIT(le32_to_cpu(notif->status))))
290 continue;
291
292 iwl_fw_dbg_collect_trig(&mvm->fwrt, trig,
293 "Time event %d Action 0x%x received status: %d",
294 te_data->id,
295 le32_to_cpu(notif->action),
296 le32_to_cpu(notif->status));
297 break;
298 }
299 }
300
301 /*
302 * Handles a FW notification for an event that is known to the driver.
303 *
304 * @mvm: the mvm component
305 * @te_data: the time event data
306 * @notif: the notification data corresponding the time event data.
307 */
iwl_mvm_te_handle_notif(struct iwl_mvm * mvm,struct iwl_mvm_time_event_data * te_data,struct iwl_time_event_notif * notif)308 static void iwl_mvm_te_handle_notif(struct iwl_mvm *mvm,
309 struct iwl_mvm_time_event_data *te_data,
310 struct iwl_time_event_notif *notif)
311 {
312 lockdep_assert_held(&mvm->time_event_lock);
313
314 IWL_DEBUG_TE(mvm, "Handle time event notif - UID = 0x%x action %d\n",
315 le32_to_cpu(notif->unique_id),
316 le32_to_cpu(notif->action));
317
318 iwl_mvm_te_check_trigger(mvm, notif, te_data);
319
320 /*
321 * The FW sends the start/end time event notifications even for events
322 * that it fails to schedule. This is indicated in the status field of
323 * the notification. This happens in cases that the scheduler cannot
324 * find a schedule that can handle the event (for example requesting a
325 * P2P Device discoveribility, while there are other higher priority
326 * events in the system).
327 */
328 if (!le32_to_cpu(notif->status)) {
329 const char *msg;
330
331 if (notif->action & cpu_to_le32(TE_V2_NOTIF_HOST_EVENT_START))
332 msg = "Time Event start notification failure";
333 else
334 msg = "Time Event end notification failure";
335
336 IWL_DEBUG_TE(mvm, "%s\n", msg);
337
338 if (iwl_mvm_te_check_disconnect(mvm, te_data->vif, msg)) {
339 iwl_mvm_te_clear_data(mvm, te_data);
340 return;
341 }
342 }
343
344 if (le32_to_cpu(notif->action) & TE_V2_NOTIF_HOST_EVENT_END) {
345 IWL_DEBUG_TE(mvm,
346 "TE ended - current time %lu, estimated end %lu\n",
347 jiffies, te_data->end_jiffies);
348
349 switch (te_data->vif->type) {
350 case NL80211_IFTYPE_P2P_DEVICE:
351 ieee80211_remain_on_channel_expired(mvm->hw);
352 iwl_mvm_roc_finished(mvm);
353 break;
354 case NL80211_IFTYPE_STATION:
355 /*
356 * If we are switching channel, don't disconnect
357 * if the time event is already done. Beacons can
358 * be delayed a bit after the switch.
359 */
360 if (te_data->id == TE_CHANNEL_SWITCH_PERIOD) {
361 IWL_DEBUG_TE(mvm,
362 "No beacon heard and the CS time event is over, don't disconnect\n");
363 break;
364 }
365
366 /*
367 * By now, we should have finished association
368 * and know the dtim period.
369 */
370 iwl_mvm_te_check_disconnect(mvm, te_data->vif,
371 !te_data->vif->cfg.assoc ?
372 "Not associated and the time event is over already..." :
373 "No beacon heard and the time event is over already...");
374 break;
375 default:
376 break;
377 }
378
379 iwl_mvm_te_clear_data(mvm, te_data);
380 } else if (le32_to_cpu(notif->action) & TE_V2_NOTIF_HOST_EVENT_START) {
381 te_data->running = true;
382 te_data->end_jiffies = TU_TO_EXP_TIME(te_data->duration);
383
384 if (te_data->vif->type == NL80211_IFTYPE_P2P_DEVICE) {
385 set_bit(IWL_MVM_STATUS_ROC_P2P_RUNNING, &mvm->status);
386 ieee80211_ready_on_channel(mvm->hw);
387 } else if (te_data->id == TE_CHANNEL_SWITCH_PERIOD) {
388 iwl_mvm_te_handle_notify_csa(mvm, te_data, notif);
389 }
390 } else {
391 IWL_WARN(mvm, "Got TE with unknown action\n");
392 }
393 }
394
395 struct iwl_mvm_rx_roc_iterator_data {
396 u32 activity;
397 bool end_activity;
398 bool found;
399 };
400
iwl_mvm_rx_roc_iterator(void * _data,u8 * mac,struct ieee80211_vif * vif)401 static void iwl_mvm_rx_roc_iterator(void *_data, u8 *mac,
402 struct ieee80211_vif *vif)
403 {
404 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
405 struct iwl_mvm_rx_roc_iterator_data *data = _data;
406
407 if (mvmvif->roc_activity == data->activity) {
408 data->found = true;
409 if (data->end_activity)
410 mvmvif->roc_activity = ROC_NUM_ACTIVITIES;
411 }
412 }
413
iwl_mvm_rx_roc_notif(struct iwl_mvm * mvm,struct iwl_rx_cmd_buffer * rxb)414 void iwl_mvm_rx_roc_notif(struct iwl_mvm *mvm,
415 struct iwl_rx_cmd_buffer *rxb)
416 {
417 struct iwl_rx_packet *pkt = rxb_addr(rxb);
418 struct iwl_roc_notif *notif = (void *)pkt->data;
419 u32 activity = le32_to_cpu(notif->activity);
420 bool started = le32_to_cpu(notif->success) &&
421 le32_to_cpu(notif->started);
422 struct iwl_mvm_rx_roc_iterator_data data = {
423 .activity = activity,
424 .end_activity = !started,
425 };
426
427 /* Clear vif roc_activity if done (set to ROC_NUM_ACTIVITIES) */
428 ieee80211_iterate_active_interfaces_atomic(mvm->hw,
429 IEEE80211_IFACE_ITER_NORMAL,
430 iwl_mvm_rx_roc_iterator,
431 &data);
432 /*
433 * It is possible that the ROC was canceled
434 * but the notification was already fired.
435 */
436 if (!data.found)
437 return;
438
439 if (started) {
440 set_bit(IWL_MVM_STATUS_ROC_AUX_RUNNING, &mvm->status);
441 ieee80211_ready_on_channel(mvm->hw);
442 } else {
443 iwl_mvm_roc_finished(mvm);
444 ieee80211_remain_on_channel_expired(mvm->hw);
445 }
446 }
447
448 /*
449 * Handle A Aux ROC time event
450 */
iwl_mvm_aux_roc_te_handle_notif(struct iwl_mvm * mvm,struct iwl_time_event_notif * notif)451 static int iwl_mvm_aux_roc_te_handle_notif(struct iwl_mvm *mvm,
452 struct iwl_time_event_notif *notif)
453 {
454 struct iwl_mvm_time_event_data *aux_roc_te = NULL, *te_data;
455
456 list_for_each_entry(te_data, &mvm->aux_roc_te_list, list) {
457 if (le32_to_cpu(notif->unique_id) == te_data->uid) {
458 aux_roc_te = te_data;
459 break;
460 }
461 }
462 if (!aux_roc_te) /* Not a Aux ROC time event */
463 return -EINVAL;
464
465 iwl_mvm_te_check_trigger(mvm, notif, aux_roc_te);
466
467 IWL_DEBUG_TE(mvm,
468 "Aux ROC time event notification - UID = 0x%x action %d (error = %d)\n",
469 le32_to_cpu(notif->unique_id),
470 le32_to_cpu(notif->action), le32_to_cpu(notif->status));
471
472 if (!le32_to_cpu(notif->status) ||
473 le32_to_cpu(notif->action) == TE_V2_NOTIF_HOST_EVENT_END) {
474 /* End TE, notify mac80211 */
475 ieee80211_remain_on_channel_expired(mvm->hw);
476 iwl_mvm_roc_finished(mvm); /* flush aux queue */
477 list_del(&aux_roc_te->list); /* remove from list */
478 aux_roc_te->running = false;
479 aux_roc_te->vif = NULL;
480 aux_roc_te->uid = 0;
481 aux_roc_te->id = TE_MAX;
482 } else if (le32_to_cpu(notif->action) == TE_V2_NOTIF_HOST_EVENT_START) {
483 set_bit(IWL_MVM_STATUS_ROC_AUX_RUNNING, &mvm->status);
484 aux_roc_te->running = true;
485 ieee80211_ready_on_channel(mvm->hw); /* Start TE */
486 } else {
487 IWL_DEBUG_TE(mvm,
488 "ERROR: Unknown Aux ROC Time Event (action = %d)\n",
489 le32_to_cpu(notif->action));
490 return -EINVAL;
491 }
492
493 return 0;
494 }
495
496 /*
497 * The Rx handler for time event notifications
498 */
iwl_mvm_rx_time_event_notif(struct iwl_mvm * mvm,struct iwl_rx_cmd_buffer * rxb)499 void iwl_mvm_rx_time_event_notif(struct iwl_mvm *mvm,
500 struct iwl_rx_cmd_buffer *rxb)
501 {
502 struct iwl_rx_packet *pkt = rxb_addr(rxb);
503 struct iwl_time_event_notif *notif = (void *)pkt->data;
504 struct iwl_mvm_time_event_data *te_data, *tmp;
505
506 IWL_DEBUG_TE(mvm, "Time event notification - UID = 0x%x action %d\n",
507 le32_to_cpu(notif->unique_id),
508 le32_to_cpu(notif->action));
509
510 spin_lock_bh(&mvm->time_event_lock);
511 /* This time event is triggered for Aux ROC request */
512 if (!iwl_mvm_aux_roc_te_handle_notif(mvm, notif))
513 goto unlock;
514
515 list_for_each_entry_safe(te_data, tmp, &mvm->time_event_list, list) {
516 if (le32_to_cpu(notif->unique_id) == te_data->uid)
517 iwl_mvm_te_handle_notif(mvm, te_data, notif);
518 }
519 unlock:
520 spin_unlock_bh(&mvm->time_event_lock);
521 }
522
iwl_mvm_te_notif(struct iwl_notif_wait_data * notif_wait,struct iwl_rx_packet * pkt,void * data)523 static bool iwl_mvm_te_notif(struct iwl_notif_wait_data *notif_wait,
524 struct iwl_rx_packet *pkt, void *data)
525 {
526 struct iwl_mvm *mvm =
527 container_of(notif_wait, struct iwl_mvm, notif_wait);
528 struct iwl_mvm_time_event_data *te_data = data;
529 struct iwl_time_event_notif *resp;
530 int resp_len = iwl_rx_packet_payload_len(pkt);
531
532 if (WARN_ON(pkt->hdr.cmd != TIME_EVENT_NOTIFICATION))
533 return true;
534
535 if (WARN_ON_ONCE(resp_len != sizeof(*resp))) {
536 IWL_ERR(mvm, "Invalid TIME_EVENT_NOTIFICATION response\n");
537 return true;
538 }
539
540 resp = (void *)pkt->data;
541
542 /* te_data->uid is already set in the TIME_EVENT_CMD response */
543 if (le32_to_cpu(resp->unique_id) != te_data->uid)
544 return false;
545
546 IWL_DEBUG_TE(mvm, "TIME_EVENT_NOTIFICATION response - UID = 0x%x\n",
547 te_data->uid);
548 if (!resp->status)
549 IWL_ERR(mvm,
550 "TIME_EVENT_NOTIFICATION received but not executed\n");
551
552 return true;
553 }
554
iwl_mvm_time_event_response(struct iwl_notif_wait_data * notif_wait,struct iwl_rx_packet * pkt,void * data)555 static bool iwl_mvm_time_event_response(struct iwl_notif_wait_data *notif_wait,
556 struct iwl_rx_packet *pkt, void *data)
557 {
558 struct iwl_mvm *mvm =
559 container_of(notif_wait, struct iwl_mvm, notif_wait);
560 struct iwl_mvm_time_event_data *te_data = data;
561 struct iwl_time_event_resp *resp;
562 int resp_len = iwl_rx_packet_payload_len(pkt);
563
564 if (WARN_ON(pkt->hdr.cmd != TIME_EVENT_CMD))
565 return true;
566
567 if (WARN_ON_ONCE(resp_len != sizeof(*resp))) {
568 IWL_ERR(mvm, "Invalid TIME_EVENT_CMD response\n");
569 return true;
570 }
571
572 resp = (void *)pkt->data;
573
574 /* we should never get a response to another TIME_EVENT_CMD here */
575 if (WARN_ON_ONCE(le32_to_cpu(resp->id) != te_data->id))
576 return false;
577
578 te_data->uid = le32_to_cpu(resp->unique_id);
579 IWL_DEBUG_TE(mvm, "TIME_EVENT_CMD response - UID = 0x%x\n",
580 te_data->uid);
581 return true;
582 }
583
iwl_mvm_time_event_send_add(struct iwl_mvm * mvm,struct ieee80211_vif * vif,struct iwl_mvm_time_event_data * te_data,struct iwl_time_event_cmd * te_cmd)584 static int iwl_mvm_time_event_send_add(struct iwl_mvm *mvm,
585 struct ieee80211_vif *vif,
586 struct iwl_mvm_time_event_data *te_data,
587 struct iwl_time_event_cmd *te_cmd)
588 {
589 static const u16 time_event_response[] = { TIME_EVENT_CMD };
590 struct iwl_notification_wait wait_time_event;
591 int ret;
592
593 lockdep_assert_held(&mvm->mutex);
594
595 IWL_DEBUG_TE(mvm, "Add new TE, duration %d TU\n",
596 le32_to_cpu(te_cmd->duration));
597
598 spin_lock_bh(&mvm->time_event_lock);
599 if (WARN_ON(te_data->id != TE_MAX)) {
600 spin_unlock_bh(&mvm->time_event_lock);
601 return -EIO;
602 }
603 te_data->vif = vif;
604 te_data->duration = le32_to_cpu(te_cmd->duration);
605 te_data->id = le32_to_cpu(te_cmd->id);
606 list_add_tail(&te_data->list, &mvm->time_event_list);
607 spin_unlock_bh(&mvm->time_event_lock);
608
609 /*
610 * Use a notification wait, which really just processes the
611 * command response and doesn't wait for anything, in order
612 * to be able to process the response and get the UID inside
613 * the RX path. Using CMD_WANT_SKB doesn't work because it
614 * stores the buffer and then wakes up this thread, by which
615 * time another notification (that the time event started)
616 * might already be processed unsuccessfully.
617 */
618 iwl_init_notification_wait(&mvm->notif_wait, &wait_time_event,
619 time_event_response,
620 ARRAY_SIZE(time_event_response),
621 iwl_mvm_time_event_response, te_data);
622
623 ret = iwl_mvm_send_cmd_pdu(mvm, TIME_EVENT_CMD, 0,
624 sizeof(*te_cmd), te_cmd);
625 if (ret) {
626 IWL_ERR(mvm, "Couldn't send TIME_EVENT_CMD: %d\n", ret);
627 iwl_remove_notification(&mvm->notif_wait, &wait_time_event);
628 goto out_clear_te;
629 }
630
631 /* No need to wait for anything, so just pass 1 (0 isn't valid) */
632 ret = iwl_wait_notification(&mvm->notif_wait, &wait_time_event, 1);
633 /* should never fail */
634 WARN_ON_ONCE(ret);
635
636 if (ret) {
637 out_clear_te:
638 spin_lock_bh(&mvm->time_event_lock);
639 iwl_mvm_te_clear_data(mvm, te_data);
640 spin_unlock_bh(&mvm->time_event_lock);
641 }
642 return ret;
643 }
644
iwl_mvm_protect_session(struct iwl_mvm * mvm,struct ieee80211_vif * vif,u32 duration,u32 min_duration,u32 max_delay,bool wait_for_notif)645 void iwl_mvm_protect_session(struct iwl_mvm *mvm,
646 struct ieee80211_vif *vif,
647 u32 duration, u32 min_duration,
648 u32 max_delay, bool wait_for_notif)
649 {
650 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
651 struct iwl_mvm_time_event_data *te_data = &mvmvif->time_event_data;
652 const u16 te_notif_response[] = { TIME_EVENT_NOTIFICATION };
653 struct iwl_notification_wait wait_te_notif;
654 struct iwl_time_event_cmd time_cmd = {};
655
656 lockdep_assert_held(&mvm->mutex);
657
658 if (te_data->running &&
659 time_after(te_data->end_jiffies, TU_TO_EXP_TIME(min_duration))) {
660 IWL_DEBUG_TE(mvm, "We have enough time in the current TE: %u\n",
661 jiffies_to_msecs(te_data->end_jiffies - jiffies));
662 return;
663 }
664
665 if (te_data->running) {
666 IWL_DEBUG_TE(mvm, "extend 0x%x: only %u ms left\n",
667 te_data->uid,
668 jiffies_to_msecs(te_data->end_jiffies - jiffies));
669 /*
670 * we don't have enough time
671 * cancel the current TE and issue a new one
672 * Of course it would be better to remove the old one only
673 * when the new one is added, but we don't care if we are off
674 * channel for a bit. All we need to do, is not to return
675 * before we actually begin to be on the channel.
676 */
677 iwl_mvm_stop_session_protection(mvm, vif);
678 }
679
680 time_cmd.action = cpu_to_le32(FW_CTXT_ACTION_ADD);
681 time_cmd.id_and_color =
682 cpu_to_le32(FW_CMD_ID_AND_COLOR(mvmvif->id, mvmvif->color));
683 time_cmd.id = cpu_to_le32(TE_BSS_STA_AGGRESSIVE_ASSOC);
684
685 time_cmd.apply_time = cpu_to_le32(0);
686
687 time_cmd.max_frags = TE_V2_FRAG_NONE;
688 time_cmd.max_delay = cpu_to_le32(max_delay);
689 /* TODO: why do we need to interval = bi if it is not periodic? */
690 time_cmd.interval = cpu_to_le32(1);
691 time_cmd.duration = cpu_to_le32(duration);
692 time_cmd.repeat = 1;
693 time_cmd.policy = cpu_to_le16(TE_V2_NOTIF_HOST_EVENT_START |
694 TE_V2_NOTIF_HOST_EVENT_END |
695 TE_V2_START_IMMEDIATELY);
696
697 if (!wait_for_notif) {
698 iwl_mvm_time_event_send_add(mvm, vif, te_data, &time_cmd);
699 return;
700 }
701
702 /*
703 * Create notification_wait for the TIME_EVENT_NOTIFICATION to use
704 * right after we send the time event
705 */
706 iwl_init_notification_wait(&mvm->notif_wait, &wait_te_notif,
707 te_notif_response,
708 ARRAY_SIZE(te_notif_response),
709 iwl_mvm_te_notif, te_data);
710
711 /* If TE was sent OK - wait for the notification that started */
712 if (iwl_mvm_time_event_send_add(mvm, vif, te_data, &time_cmd)) {
713 IWL_ERR(mvm, "Failed to add TE to protect session\n");
714 iwl_remove_notification(&mvm->notif_wait, &wait_te_notif);
715 } else if (iwl_wait_notification(&mvm->notif_wait, &wait_te_notif,
716 TU_TO_JIFFIES(max_delay))) {
717 IWL_ERR(mvm, "Failed to protect session until TE\n");
718 }
719 }
720
721 /* Determine whether mac or link id should be used, and validate the link id */
iwl_mvm_get_session_prot_id(struct iwl_mvm * mvm,struct ieee80211_vif * vif)722 static int iwl_mvm_get_session_prot_id(struct iwl_mvm *mvm,
723 struct ieee80211_vif *vif)
724 {
725 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
726 int ver = iwl_fw_lookup_cmd_ver(mvm->fw,
727 WIDE_ID(MAC_CONF_GROUP,
728 SESSION_PROTECTION_CMD), 1);
729
730 if (ver < 2)
731 return mvmvif->id;
732
733 if (WARN(!mvmvif->deflink.active,
734 "Session Protection on an inactive link\n"))
735 return -EINVAL;
736
737 return mvmvif->deflink.fw_link_id;
738 }
739
iwl_mvm_cancel_session_protection(struct iwl_mvm * mvm,struct ieee80211_vif * vif,u32 id)740 static void iwl_mvm_cancel_session_protection(struct iwl_mvm *mvm,
741 struct ieee80211_vif *vif,
742 u32 id)
743 {
744 int mac_link_id = iwl_mvm_get_session_prot_id(mvm, vif);
745 struct iwl_session_prot_cmd cmd = {
746 .id_and_color = cpu_to_le32(mac_link_id),
747 .action = cpu_to_le32(FW_CTXT_ACTION_REMOVE),
748 .conf_id = cpu_to_le32(id),
749 };
750 int ret;
751
752 if (mac_link_id < 0)
753 return;
754
755 ret = iwl_mvm_send_cmd_pdu(mvm,
756 WIDE_ID(MAC_CONF_GROUP, SESSION_PROTECTION_CMD),
757 0, sizeof(cmd), &cmd);
758 if (ret)
759 IWL_ERR(mvm,
760 "Couldn't send the SESSION_PROTECTION_CMD: %d\n", ret);
761 }
762
iwl_mvm_roc_rm_cmd(struct iwl_mvm * mvm,u32 activity)763 static void iwl_mvm_roc_rm_cmd(struct iwl_mvm *mvm, u32 activity)
764 {
765 struct iwl_roc_req roc_cmd = {
766 .action = cpu_to_le32(FW_CTXT_ACTION_REMOVE),
767 .activity = cpu_to_le32(activity),
768 };
769 u8 ver = iwl_fw_lookup_cmd_ver(mvm->fw, WIDE_ID(MAC_CONF_GROUP, ROC_CMD), 0);
770 u16 cmd_len = ver < 6 ? sizeof(struct iwl_roc_req_v5) : sizeof(roc_cmd);
771 int ret;
772
773 lockdep_assert_held(&mvm->mutex);
774 ret = iwl_mvm_send_cmd_pdu(mvm, WIDE_ID(MAC_CONF_GROUP, ROC_CMD), 0,
775 cmd_len, &roc_cmd);
776 if (ret)
777 IWL_ERR(mvm, "Couldn't send the ROC_CMD: %d\n", ret);
778 }
779
__iwl_mvm_remove_time_event(struct iwl_mvm * mvm,struct iwl_mvm_time_event_data * te_data,u32 * uid)780 static bool __iwl_mvm_remove_time_event(struct iwl_mvm *mvm,
781 struct iwl_mvm_time_event_data *te_data,
782 u32 *uid)
783 {
784 u32 id;
785 struct ieee80211_vif *vif = te_data->vif;
786 struct iwl_mvm_vif *mvmvif;
787 enum nl80211_iftype iftype;
788 bool p2p_aux = iwl_mvm_has_p2p_over_aux(mvm);
789 u8 roc_ver = iwl_fw_lookup_cmd_ver(mvm->fw,
790 WIDE_ID(MAC_CONF_GROUP, ROC_CMD), 0);
791
792 if (!vif)
793 return false;
794
795 mvmvif = iwl_mvm_vif_from_mac80211(te_data->vif);
796 iftype = te_data->vif->type;
797
798 /*
799 * It is possible that by the time we got to this point the time
800 * event was already removed.
801 */
802 spin_lock_bh(&mvm->time_event_lock);
803
804 /* Save time event uid before clearing its data */
805 *uid = te_data->uid;
806 id = te_data->id;
807
808 /*
809 * The clear_data function handles time events that were already removed
810 */
811 iwl_mvm_te_clear_data(mvm, te_data);
812 spin_unlock_bh(&mvm->time_event_lock);
813
814 if ((p2p_aux && iftype == NL80211_IFTYPE_P2P_DEVICE) ||
815 (roc_ver >= 3 && mvmvif->roc_activity == ROC_ACTIVITY_HOTSPOT)) {
816 if (mvmvif->roc_activity < ROC_NUM_ACTIVITIES) {
817 iwl_mvm_roc_rm_cmd(mvm, mvmvif->roc_activity);
818 mvmvif->roc_activity = ROC_NUM_ACTIVITIES;
819 iwl_mvm_roc_finished(mvm);
820 }
821 return false;
822 } else if (fw_has_capa(&mvm->fw->ucode_capa,
823 IWL_UCODE_TLV_CAPA_SESSION_PROT_CMD) &&
824 id != HOT_SPOT_CMD) {
825 /* When session protection is used, the te_data->id field
826 * is reused to save session protection's configuration.
827 * For AUX ROC, HOT_SPOT_CMD is used and the te_data->id
828 * field is set to HOT_SPOT_CMD.
829 */
830 if (mvmvif && id < SESSION_PROTECT_CONF_MAX_ID) {
831 /* Session protection is still ongoing. Cancel it */
832 iwl_mvm_cancel_session_protection(mvm, vif, id);
833 if (iftype == NL80211_IFTYPE_P2P_DEVICE) {
834 iwl_mvm_roc_finished(mvm);
835 }
836 }
837 return false;
838 } else {
839 /* It is possible that by the time we try to remove it, the
840 * time event has already ended and removed. In such a case
841 * there is no need to send a removal command.
842 */
843 if (id == TE_MAX) {
844 IWL_DEBUG_TE(mvm, "TE 0x%x has already ended\n", *uid);
845 return false;
846 }
847 }
848
849 return true;
850 }
851
852 /*
853 * Explicit request to remove a aux roc time event. The removal of a time
854 * event needs to be synchronized with the flow of a time event's end
855 * notification, which also removes the time event from the op mode
856 * data structures.
857 */
iwl_mvm_remove_aux_roc_te(struct iwl_mvm * mvm,struct iwl_mvm_vif * mvmvif,struct iwl_mvm_time_event_data * te_data)858 static void iwl_mvm_remove_aux_roc_te(struct iwl_mvm *mvm,
859 struct iwl_mvm_vif *mvmvif,
860 struct iwl_mvm_time_event_data *te_data)
861 {
862 struct iwl_hs20_roc_req aux_cmd = {};
863 u16 len = sizeof(aux_cmd) - iwl_mvm_chan_info_padding(mvm);
864
865 u32 uid;
866 int ret;
867
868 if (!__iwl_mvm_remove_time_event(mvm, te_data, &uid))
869 return;
870
871 aux_cmd.event_unique_id = cpu_to_le32(uid);
872 aux_cmd.action = cpu_to_le32(FW_CTXT_ACTION_REMOVE);
873 aux_cmd.id_and_color =
874 cpu_to_le32(FW_CMD_ID_AND_COLOR(mvmvif->id, mvmvif->color));
875 IWL_DEBUG_TE(mvm, "Removing BSS AUX ROC TE 0x%x\n",
876 le32_to_cpu(aux_cmd.event_unique_id));
877 ret = iwl_mvm_send_cmd_pdu(mvm, HOT_SPOT_CMD, 0,
878 len, &aux_cmd);
879
880 if (WARN_ON(ret))
881 return;
882 }
883
884 /*
885 * Explicit request to remove a time event. The removal of a time event needs to
886 * be synchronized with the flow of a time event's end notification, which also
887 * removes the time event from the op mode data structures.
888 */
iwl_mvm_remove_time_event(struct iwl_mvm * mvm,struct iwl_mvm_vif * mvmvif,struct iwl_mvm_time_event_data * te_data)889 void iwl_mvm_remove_time_event(struct iwl_mvm *mvm,
890 struct iwl_mvm_vif *mvmvif,
891 struct iwl_mvm_time_event_data *te_data)
892 {
893 struct iwl_time_event_cmd time_cmd = {};
894 u32 uid;
895 int ret;
896
897 if (!__iwl_mvm_remove_time_event(mvm, te_data, &uid))
898 return;
899
900 /* When we remove a TE, the UID is to be set in the id field */
901 time_cmd.id = cpu_to_le32(uid);
902 time_cmd.action = cpu_to_le32(FW_CTXT_ACTION_REMOVE);
903 time_cmd.id_and_color =
904 cpu_to_le32(FW_CMD_ID_AND_COLOR(mvmvif->id, mvmvif->color));
905
906 IWL_DEBUG_TE(mvm, "Removing TE 0x%x\n", le32_to_cpu(time_cmd.id));
907 ret = iwl_mvm_send_cmd_pdu(mvm, TIME_EVENT_CMD, 0,
908 sizeof(time_cmd), &time_cmd);
909 if (ret)
910 IWL_ERR(mvm, "Couldn't remove the time event\n");
911 }
912
iwl_mvm_stop_session_protection(struct iwl_mvm * mvm,struct ieee80211_vif * vif)913 void iwl_mvm_stop_session_protection(struct iwl_mvm *mvm,
914 struct ieee80211_vif *vif)
915 {
916 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
917 struct iwl_mvm_time_event_data *te_data = &mvmvif->time_event_data;
918 u32 id;
919
920 lockdep_assert_held(&mvm->mutex);
921
922 spin_lock_bh(&mvm->time_event_lock);
923 id = te_data->id;
924 spin_unlock_bh(&mvm->time_event_lock);
925
926 if (fw_has_capa(&mvm->fw->ucode_capa,
927 IWL_UCODE_TLV_CAPA_SESSION_PROT_CMD)) {
928 if (id != SESSION_PROTECT_CONF_ASSOC) {
929 IWL_DEBUG_TE(mvm,
930 "don't remove session protection id=%u\n",
931 id);
932 return;
933 }
934 } else if (id != TE_BSS_STA_AGGRESSIVE_ASSOC) {
935 IWL_DEBUG_TE(mvm,
936 "don't remove TE with id=%u (not session protection)\n",
937 id);
938 return;
939 }
940
941 iwl_mvm_remove_time_event(mvm, mvmvif, te_data);
942 }
943
iwl_mvm_rx_session_protect_notif(struct iwl_mvm * mvm,struct iwl_rx_cmd_buffer * rxb)944 void iwl_mvm_rx_session_protect_notif(struct iwl_mvm *mvm,
945 struct iwl_rx_cmd_buffer *rxb)
946 {
947 struct iwl_rx_packet *pkt = rxb_addr(rxb);
948 struct iwl_session_prot_notif *notif = (void *)pkt->data;
949 int id = le32_to_cpu(notif->mac_link_id);
950 struct ieee80211_vif *vif;
951 struct iwl_mvm_vif *mvmvif;
952
953 rcu_read_lock();
954
955 /* note we use link ID == MAC ID */
956 vif = iwl_mvm_rcu_dereference_vif_id(mvm, id, true);
957 if (!vif)
958 goto out_unlock;
959
960 mvmvif = iwl_mvm_vif_from_mac80211(vif);
961
962 /* The vif is not a P2P_DEVICE, maintain its time_event_data */
963 if (vif->type != NL80211_IFTYPE_P2P_DEVICE) {
964 struct iwl_mvm_time_event_data *te_data =
965 &mvmvif->time_event_data;
966
967 if (!le32_to_cpu(notif->status)) {
968 iwl_mvm_te_check_disconnect(mvm, vif,
969 "Session protection failure");
970 spin_lock_bh(&mvm->time_event_lock);
971 iwl_mvm_te_clear_data(mvm, te_data);
972 spin_unlock_bh(&mvm->time_event_lock);
973 }
974
975 if (le32_to_cpu(notif->start)) {
976 spin_lock_bh(&mvm->time_event_lock);
977 te_data->running = le32_to_cpu(notif->start);
978 te_data->end_jiffies =
979 TU_TO_EXP_TIME(te_data->duration);
980 spin_unlock_bh(&mvm->time_event_lock);
981 } else {
982 /*
983 * By now, we should have finished association
984 * and know the dtim period.
985 */
986 iwl_mvm_te_check_disconnect(mvm, vif,
987 !vif->cfg.assoc ?
988 "Not associated and the session protection is over already..." :
989 "No beacon heard and the session protection is over already...");
990 spin_lock_bh(&mvm->time_event_lock);
991 iwl_mvm_te_clear_data(mvm, te_data);
992 spin_unlock_bh(&mvm->time_event_lock);
993 }
994
995 goto out_unlock;
996 }
997
998 if (!le32_to_cpu(notif->status) || !le32_to_cpu(notif->start)) {
999 /* End TE, notify mac80211 */
1000 mvmvif->time_event_data.id = SESSION_PROTECT_CONF_MAX_ID;
1001 /* set the bit so the ROC cleanup will actually clean up */
1002 set_bit(IWL_MVM_STATUS_ROC_P2P_RUNNING, &mvm->status);
1003 iwl_mvm_roc_finished(mvm);
1004 ieee80211_remain_on_channel_expired(mvm->hw);
1005 } else if (le32_to_cpu(notif->start)) {
1006 if (WARN_ON(mvmvif->time_event_data.id !=
1007 le32_to_cpu(notif->conf_id)))
1008 goto out_unlock;
1009 set_bit(IWL_MVM_STATUS_ROC_P2P_RUNNING, &mvm->status);
1010 ieee80211_ready_on_channel(mvm->hw); /* Start TE */
1011 }
1012
1013 out_unlock:
1014 rcu_read_unlock();
1015 }
1016
1017 #define AUX_ROC_MIN_DURATION MSEC_TO_TU(100)
1018 #define AUX_ROC_MIN_DELAY MSEC_TO_TU(200)
1019 #define AUX_ROC_MAX_DELAY MSEC_TO_TU(600)
1020 #define AUX_ROC_SAFETY_BUFFER MSEC_TO_TU(20)
1021 #define AUX_ROC_MIN_SAFETY_BUFFER MSEC_TO_TU(10)
1022
iwl_mvm_roc_duration_and_delay(struct ieee80211_vif * vif,u32 duration_ms,u32 * duration_tu,u32 * delay)1023 void iwl_mvm_roc_duration_and_delay(struct ieee80211_vif *vif,
1024 u32 duration_ms,
1025 u32 *duration_tu,
1026 u32 *delay)
1027 {
1028 struct ieee80211_bss_conf *link_conf;
1029 unsigned int link_id;
1030 u32 dtim_interval = 0;
1031
1032 *delay = AUX_ROC_MIN_DELAY;
1033 *duration_tu = MSEC_TO_TU(duration_ms);
1034
1035 rcu_read_lock();
1036 for_each_vif_active_link(vif, link_conf, link_id) {
1037 dtim_interval =
1038 max_t(u32, dtim_interval,
1039 link_conf->dtim_period * link_conf->beacon_int);
1040 }
1041 rcu_read_unlock();
1042
1043 /*
1044 * If we are associated we want the delay time to be at least one
1045 * dtim interval so that the FW can wait until after the DTIM and
1046 * then start the time event, this will potentially allow us to
1047 * remain off-channel for the max duration.
1048 * Since we want to use almost a whole dtim interval we would also
1049 * like the delay to be for 2-3 dtim intervals, in case there are
1050 * other time events with higher priority.
1051 * dtim_interval should never be 0, it can be 1 if we don't know it
1052 * (we haven't heard any beacon yet).
1053 */
1054 if (vif->cfg.assoc && !WARN_ON(!dtim_interval)) {
1055 *delay = min_t(u32, dtim_interval * 3, AUX_ROC_MAX_DELAY);
1056 /* We cannot remain off-channel longer than the DTIM interval */
1057 if (dtim_interval <= *duration_tu) {
1058 *duration_tu = dtim_interval - AUX_ROC_SAFETY_BUFFER;
1059 if (*duration_tu <= AUX_ROC_MIN_DURATION)
1060 *duration_tu = dtim_interval -
1061 AUX_ROC_MIN_SAFETY_BUFFER;
1062 }
1063 }
1064 }
1065
iwl_mvm_roc_add_cmd(struct iwl_mvm * mvm,struct ieee80211_channel * channel,struct ieee80211_vif * vif,int duration,enum iwl_roc_activity activity)1066 int iwl_mvm_roc_add_cmd(struct iwl_mvm *mvm,
1067 struct ieee80211_channel *channel,
1068 struct ieee80211_vif *vif,
1069 int duration, enum iwl_roc_activity activity)
1070 {
1071 int res;
1072 u32 duration_tu, delay;
1073 struct iwl_roc_req roc_req = {
1074 .action = cpu_to_le32(FW_CTXT_ACTION_ADD),
1075 .activity = cpu_to_le32(activity),
1076 .sta_id = cpu_to_le32(mvm->aux_sta.sta_id),
1077 };
1078 u8 ver = iwl_fw_lookup_cmd_ver(mvm->fw, WIDE_ID(MAC_CONF_GROUP, ROC_CMD), 0);
1079 u16 cmd_len = ver < 6 ? sizeof(struct iwl_roc_req_v5) : sizeof(roc_req);
1080 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
1081
1082 lockdep_assert_held(&mvm->mutex);
1083
1084 if (WARN_ON(mvmvif->roc_activity != ROC_NUM_ACTIVITIES))
1085 return -EBUSY;
1086
1087 /* Set the channel info data */
1088 iwl_mvm_set_chan_info(mvm, &roc_req.channel_info,
1089 channel->hw_value,
1090 iwl_mvm_phy_band_from_nl80211(channel->band),
1091 IWL_PHY_CHANNEL_MODE20, 0);
1092
1093 iwl_mvm_roc_duration_and_delay(vif, duration, &duration_tu,
1094 &delay);
1095 roc_req.duration = cpu_to_le32(duration_tu);
1096 roc_req.max_delay = cpu_to_le32(delay);
1097
1098 IWL_DEBUG_TE(mvm,
1099 "\t(requested = %ums, max_delay = %ums)\n",
1100 duration, delay);
1101 IWL_DEBUG_TE(mvm,
1102 "Requesting to remain on channel %u for %utu. activity %u\n",
1103 channel->hw_value, duration_tu, activity);
1104
1105 /* Set the node address */
1106 memcpy(roc_req.node_addr, vif->addr, ETH_ALEN);
1107
1108 res = iwl_mvm_send_cmd_pdu(mvm, WIDE_ID(MAC_CONF_GROUP, ROC_CMD),
1109 0, cmd_len, &roc_req);
1110 if (!res)
1111 mvmvif->roc_activity = activity;
1112
1113 return res;
1114 }
1115
1116 static int
iwl_mvm_start_p2p_roc_session_protection(struct iwl_mvm * mvm,struct ieee80211_vif * vif,int duration,enum ieee80211_roc_type type)1117 iwl_mvm_start_p2p_roc_session_protection(struct iwl_mvm *mvm,
1118 struct ieee80211_vif *vif,
1119 int duration,
1120 enum ieee80211_roc_type type)
1121 {
1122 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
1123 struct iwl_session_prot_cmd cmd = {
1124 .id_and_color =
1125 cpu_to_le32(iwl_mvm_get_session_prot_id(mvm, vif)),
1126 .action = cpu_to_le32(FW_CTXT_ACTION_ADD),
1127 .duration_tu = cpu_to_le32(MSEC_TO_TU(duration)),
1128 };
1129
1130 lockdep_assert_held(&mvm->mutex);
1131
1132 /* The time_event_data.id field is reused to save session
1133 * protection's configuration.
1134 */
1135
1136 switch (type) {
1137 case IEEE80211_ROC_TYPE_NORMAL:
1138 mvmvif->time_event_data.id =
1139 SESSION_PROTECT_CONF_P2P_DEVICE_DISCOV;
1140 break;
1141 case IEEE80211_ROC_TYPE_MGMT_TX:
1142 mvmvif->time_event_data.id =
1143 SESSION_PROTECT_CONF_P2P_GO_NEGOTIATION;
1144 break;
1145 default:
1146 WARN_ONCE(1, "Got an invalid ROC type\n");
1147 return -EINVAL;
1148 }
1149
1150 cmd.conf_id = cpu_to_le32(mvmvif->time_event_data.id);
1151 return iwl_mvm_send_cmd_pdu(mvm,
1152 WIDE_ID(MAC_CONF_GROUP, SESSION_PROTECTION_CMD),
1153 0, sizeof(cmd), &cmd);
1154 }
1155
iwl_mvm_start_p2p_roc(struct iwl_mvm * mvm,struct ieee80211_vif * vif,int duration,enum ieee80211_roc_type type)1156 int iwl_mvm_start_p2p_roc(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
1157 int duration, enum ieee80211_roc_type type)
1158 {
1159 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
1160 struct iwl_mvm_time_event_data *te_data = &mvmvif->time_event_data;
1161 struct iwl_time_event_cmd time_cmd = {};
1162
1163 lockdep_assert_held(&mvm->mutex);
1164 if (te_data->running) {
1165 IWL_WARN(mvm, "P2P_DEVICE remain on channel already running\n");
1166 return -EBUSY;
1167 }
1168
1169 if (fw_has_capa(&mvm->fw->ucode_capa,
1170 IWL_UCODE_TLV_CAPA_SESSION_PROT_CMD))
1171 return iwl_mvm_start_p2p_roc_session_protection(mvm, vif,
1172 duration,
1173 type);
1174
1175 time_cmd.action = cpu_to_le32(FW_CTXT_ACTION_ADD);
1176 time_cmd.id_and_color =
1177 cpu_to_le32(FW_CMD_ID_AND_COLOR(mvmvif->id, mvmvif->color));
1178
1179 switch (type) {
1180 case IEEE80211_ROC_TYPE_NORMAL:
1181 time_cmd.id = cpu_to_le32(IWL_MVM_ROC_TE_TYPE_NORMAL);
1182 break;
1183 case IEEE80211_ROC_TYPE_MGMT_TX:
1184 time_cmd.id = cpu_to_le32(IWL_MVM_ROC_TE_TYPE_MGMT_TX);
1185 break;
1186 default:
1187 WARN_ONCE(1, "Got an invalid ROC type\n");
1188 return -EINVAL;
1189 }
1190
1191 time_cmd.apply_time = cpu_to_le32(0);
1192 time_cmd.interval = cpu_to_le32(1);
1193
1194 /*
1195 * The P2P Device TEs can have lower priority than other events
1196 * that are being scheduled by the driver/fw, and thus it might not be
1197 * scheduled. To improve the chances of it being scheduled, allow them
1198 * to be fragmented, and in addition allow them to be delayed.
1199 */
1200 time_cmd.max_frags = min(MSEC_TO_TU(duration)/50, TE_V2_FRAG_ENDLESS);
1201 time_cmd.max_delay = cpu_to_le32(MSEC_TO_TU(duration/2));
1202 time_cmd.duration = cpu_to_le32(MSEC_TO_TU(duration));
1203 time_cmd.repeat = 1;
1204 time_cmd.policy = cpu_to_le16(TE_V2_NOTIF_HOST_EVENT_START |
1205 TE_V2_NOTIF_HOST_EVENT_END |
1206 TE_V2_START_IMMEDIATELY);
1207
1208 return iwl_mvm_time_event_send_add(mvm, vif, te_data, &time_cmd);
1209 }
1210
iwl_mvm_get_roc_te(struct iwl_mvm * mvm)1211 static struct iwl_mvm_time_event_data *iwl_mvm_get_roc_te(struct iwl_mvm *mvm)
1212 {
1213 struct iwl_mvm_time_event_data *te_data;
1214
1215 lockdep_assert_held(&mvm->mutex);
1216
1217 spin_lock_bh(&mvm->time_event_lock);
1218
1219 /*
1220 * Iterate over the list of time events and find the time event that is
1221 * associated with a P2P_DEVICE interface.
1222 * This assumes that a P2P_DEVICE interface can have only a single time
1223 * event at any given time and this time event coresponds to a ROC
1224 * request
1225 */
1226 list_for_each_entry(te_data, &mvm->time_event_list, list) {
1227 if (te_data->vif->type == NL80211_IFTYPE_P2P_DEVICE)
1228 goto out;
1229 }
1230
1231 /* There can only be at most one AUX ROC time event, we just use the
1232 * list to simplify/unify code. Remove it if it exists.
1233 */
1234 te_data = list_first_entry_or_null(&mvm->aux_roc_te_list,
1235 struct iwl_mvm_time_event_data,
1236 list);
1237 out:
1238 spin_unlock_bh(&mvm->time_event_lock);
1239 return te_data;
1240 }
1241
iwl_mvm_cleanup_roc_te(struct iwl_mvm * mvm)1242 void iwl_mvm_cleanup_roc_te(struct iwl_mvm *mvm)
1243 {
1244 struct iwl_mvm_time_event_data *te_data;
1245 u32 uid;
1246
1247 te_data = iwl_mvm_get_roc_te(mvm);
1248 if (te_data)
1249 __iwl_mvm_remove_time_event(mvm, te_data, &uid);
1250 }
1251
iwl_mvm_stop_roc(struct iwl_mvm * mvm,struct ieee80211_vif * vif)1252 void iwl_mvm_stop_roc(struct iwl_mvm *mvm, struct ieee80211_vif *vif)
1253 {
1254 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
1255 struct iwl_mvm_time_event_data *te_data;
1256 bool p2p_aux = iwl_mvm_has_p2p_over_aux(mvm);
1257 u8 roc_ver = iwl_fw_lookup_cmd_ver(mvm->fw,
1258 WIDE_ID(MAC_CONF_GROUP, ROC_CMD), 0);
1259 int iftype = vif->type;
1260
1261 mutex_lock(&mvm->mutex);
1262
1263 if (p2p_aux || (roc_ver >= 3 && iftype != NL80211_IFTYPE_P2P_DEVICE)) {
1264 if (mvmvif->roc_activity < ROC_NUM_ACTIVITIES) {
1265 iwl_mvm_roc_rm_cmd(mvm, mvmvif->roc_activity);
1266 mvmvif->roc_activity = ROC_NUM_ACTIVITIES;
1267 }
1268 goto cleanup_roc;
1269 } else if (fw_has_capa(&mvm->fw->ucode_capa,
1270 IWL_UCODE_TLV_CAPA_SESSION_PROT_CMD)) {
1271 te_data = &mvmvif->time_event_data;
1272
1273 if (iftype == NL80211_IFTYPE_P2P_DEVICE) {
1274 if (te_data->id >= SESSION_PROTECT_CONF_MAX_ID) {
1275 IWL_DEBUG_TE(mvm,
1276 "No remain on channel event\n");
1277 mutex_unlock(&mvm->mutex);
1278 return;
1279 }
1280 iwl_mvm_cancel_session_protection(mvm, vif,
1281 te_data->id);
1282 } else {
1283 iwl_mvm_remove_aux_roc_te(mvm, mvmvif,
1284 &mvmvif->hs_time_event_data);
1285 }
1286 goto cleanup_roc;
1287 }
1288
1289 te_data = iwl_mvm_get_roc_te(mvm);
1290 if (!te_data) {
1291 IWL_WARN(mvm, "No remain on channel event\n");
1292 mutex_unlock(&mvm->mutex);
1293 return;
1294 }
1295
1296 mvmvif = iwl_mvm_vif_from_mac80211(te_data->vif);
1297 iftype = te_data->vif->type;
1298 if (iftype == NL80211_IFTYPE_P2P_DEVICE)
1299 iwl_mvm_remove_time_event(mvm, mvmvif, te_data);
1300 else
1301 iwl_mvm_remove_aux_roc_te(mvm, mvmvif, te_data);
1302
1303 cleanup_roc:
1304 /*
1305 * In case we get here before the ROC event started,
1306 * (so the status bit isn't set) set it here so iwl_mvm_cleanup_roc will
1307 * cleanup things properly
1308 */
1309 if (p2p_aux || iftype != NL80211_IFTYPE_P2P_DEVICE)
1310 set_bit(IWL_MVM_STATUS_ROC_AUX_RUNNING, &mvm->status);
1311 else
1312 set_bit(IWL_MVM_STATUS_ROC_P2P_RUNNING, &mvm->status);
1313
1314 /* Mutex is released inside this function */
1315 iwl_mvm_cleanup_roc(mvm);
1316 }
1317
iwl_mvm_remove_csa_period(struct iwl_mvm * mvm,struct ieee80211_vif * vif)1318 void iwl_mvm_remove_csa_period(struct iwl_mvm *mvm,
1319 struct ieee80211_vif *vif)
1320 {
1321 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
1322 struct iwl_mvm_time_event_data *te_data = &mvmvif->time_event_data;
1323 u32 id;
1324
1325 lockdep_assert_held(&mvm->mutex);
1326
1327 spin_lock_bh(&mvm->time_event_lock);
1328 id = te_data->id;
1329 spin_unlock_bh(&mvm->time_event_lock);
1330
1331 if (id != TE_CHANNEL_SWITCH_PERIOD)
1332 return;
1333
1334 iwl_mvm_remove_time_event(mvm, mvmvif, te_data);
1335 }
1336
iwl_mvm_schedule_csa_period(struct iwl_mvm * mvm,struct ieee80211_vif * vif,u32 duration,u32 apply_time)1337 int iwl_mvm_schedule_csa_period(struct iwl_mvm *mvm,
1338 struct ieee80211_vif *vif,
1339 u32 duration, u32 apply_time)
1340 {
1341 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
1342 struct iwl_mvm_time_event_data *te_data = &mvmvif->time_event_data;
1343 struct iwl_time_event_cmd time_cmd = {};
1344
1345 lockdep_assert_held(&mvm->mutex);
1346
1347 if (te_data->running) {
1348 u32 id;
1349
1350 spin_lock_bh(&mvm->time_event_lock);
1351 id = te_data->id;
1352 spin_unlock_bh(&mvm->time_event_lock);
1353
1354 if (id == TE_CHANNEL_SWITCH_PERIOD) {
1355 IWL_DEBUG_TE(mvm, "CS period is already scheduled\n");
1356 return -EBUSY;
1357 }
1358
1359 /*
1360 * Remove the session protection time event to allow the
1361 * channel switch. If we got here, we just heard a beacon so
1362 * the session protection is not needed anymore anyway.
1363 */
1364 iwl_mvm_remove_time_event(mvm, mvmvif, te_data);
1365 }
1366
1367 time_cmd.action = cpu_to_le32(FW_CTXT_ACTION_ADD);
1368 time_cmd.id_and_color =
1369 cpu_to_le32(FW_CMD_ID_AND_COLOR(mvmvif->id, mvmvif->color));
1370 time_cmd.id = cpu_to_le32(TE_CHANNEL_SWITCH_PERIOD);
1371 time_cmd.apply_time = cpu_to_le32(apply_time);
1372 time_cmd.max_frags = TE_V2_FRAG_NONE;
1373 time_cmd.duration = cpu_to_le32(duration);
1374 time_cmd.repeat = 1;
1375 time_cmd.interval = cpu_to_le32(1);
1376 time_cmd.policy = cpu_to_le16(TE_V2_NOTIF_HOST_EVENT_START |
1377 TE_V2_ABSENCE);
1378 if (!apply_time)
1379 time_cmd.policy |= cpu_to_le16(TE_V2_START_IMMEDIATELY);
1380
1381 return iwl_mvm_time_event_send_add(mvm, vif, te_data, &time_cmd);
1382 }
1383
iwl_mvm_session_prot_notif(struct iwl_notif_wait_data * notif_wait,struct iwl_rx_packet * pkt,void * data)1384 static bool iwl_mvm_session_prot_notif(struct iwl_notif_wait_data *notif_wait,
1385 struct iwl_rx_packet *pkt, void *data)
1386 {
1387 struct iwl_mvm *mvm =
1388 container_of(notif_wait, struct iwl_mvm, notif_wait);
1389 struct iwl_session_prot_notif *resp;
1390 int resp_len = iwl_rx_packet_payload_len(pkt);
1391
1392 if (WARN_ON(pkt->hdr.cmd != SESSION_PROTECTION_NOTIF ||
1393 pkt->hdr.group_id != MAC_CONF_GROUP))
1394 return true;
1395
1396 if (WARN_ON_ONCE(resp_len != sizeof(*resp))) {
1397 IWL_ERR(mvm, "Invalid SESSION_PROTECTION_NOTIF response\n");
1398 return true;
1399 }
1400
1401 resp = (void *)pkt->data;
1402
1403 if (!resp->status)
1404 IWL_ERR(mvm,
1405 "TIME_EVENT_NOTIFICATION received but not executed\n");
1406
1407 return true;
1408 }
1409
iwl_mvm_schedule_session_protection(struct iwl_mvm * mvm,struct ieee80211_vif * vif,u32 duration,u32 min_duration,bool wait_for_notif)1410 void iwl_mvm_schedule_session_protection(struct iwl_mvm *mvm,
1411 struct ieee80211_vif *vif,
1412 u32 duration, u32 min_duration,
1413 bool wait_for_notif)
1414 {
1415 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
1416 struct iwl_mvm_time_event_data *te_data = &mvmvif->time_event_data;
1417 const u16 notif[] = { WIDE_ID(MAC_CONF_GROUP, SESSION_PROTECTION_NOTIF) };
1418 struct iwl_notification_wait wait_notif;
1419 int mac_link_id = iwl_mvm_get_session_prot_id(mvm, vif);
1420 struct iwl_session_prot_cmd cmd = {
1421 .id_and_color = cpu_to_le32(mac_link_id),
1422 .action = cpu_to_le32(FW_CTXT_ACTION_ADD),
1423 .conf_id = cpu_to_le32(SESSION_PROTECT_CONF_ASSOC),
1424 .duration_tu = cpu_to_le32(MSEC_TO_TU(duration)),
1425 };
1426
1427 if (mac_link_id < 0)
1428 return;
1429
1430 lockdep_assert_held(&mvm->mutex);
1431
1432 spin_lock_bh(&mvm->time_event_lock);
1433 if (te_data->running &&
1434 time_after(te_data->end_jiffies, TU_TO_EXP_TIME(min_duration))) {
1435 IWL_DEBUG_TE(mvm, "We have enough time in the current TE: %u\n",
1436 jiffies_to_msecs(te_data->end_jiffies - jiffies));
1437 spin_unlock_bh(&mvm->time_event_lock);
1438
1439 return;
1440 }
1441
1442 iwl_mvm_te_clear_data(mvm, te_data);
1443 /*
1444 * The time_event_data.id field is reused to save session
1445 * protection's configuration.
1446 */
1447 te_data->id = le32_to_cpu(cmd.conf_id);
1448 te_data->duration = le32_to_cpu(cmd.duration_tu);
1449 te_data->vif = vif;
1450 spin_unlock_bh(&mvm->time_event_lock);
1451
1452 IWL_DEBUG_TE(mvm, "Add new session protection, duration %d TU\n",
1453 le32_to_cpu(cmd.duration_tu));
1454
1455 if (!wait_for_notif) {
1456 if (iwl_mvm_send_cmd_pdu(mvm,
1457 WIDE_ID(MAC_CONF_GROUP, SESSION_PROTECTION_CMD),
1458 0, sizeof(cmd), &cmd)) {
1459 goto send_cmd_err;
1460 }
1461
1462 return;
1463 }
1464
1465 iwl_init_notification_wait(&mvm->notif_wait, &wait_notif,
1466 notif, ARRAY_SIZE(notif),
1467 iwl_mvm_session_prot_notif, NULL);
1468
1469 if (iwl_mvm_send_cmd_pdu(mvm,
1470 WIDE_ID(MAC_CONF_GROUP, SESSION_PROTECTION_CMD),
1471 0, sizeof(cmd), &cmd)) {
1472 iwl_remove_notification(&mvm->notif_wait, &wait_notif);
1473 goto send_cmd_err;
1474 } else if (iwl_wait_notification(&mvm->notif_wait, &wait_notif,
1475 TU_TO_JIFFIES(100))) {
1476 IWL_ERR(mvm,
1477 "Failed to protect session until session protection\n");
1478 }
1479 return;
1480
1481 send_cmd_err:
1482 IWL_ERR(mvm,
1483 "Couldn't send the SESSION_PROTECTION_CMD\n");
1484 spin_lock_bh(&mvm->time_event_lock);
1485 iwl_mvm_te_clear_data(mvm, te_data);
1486 spin_unlock_bh(&mvm->time_event_lock);
1487 }
1488