1/****************************************************************************** 2 * 3 * This file is provided under a dual BSD/GPLv2 license. When using or 4 * redistributing this file, you may do so under either license. 5 * 6 * GPL LICENSE SUMMARY 7 * 8 * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved. 9 * Copyright(c) 2013 - 2014 Intel Mobile Communications GmbH 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of version 2 of the GNU General Public License as 13 * published by the Free Software Foundation. 14 * 15 * This program is distributed in the hope that it will be useful, but 16 * WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 * General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with this program; if not, write to the Free Software 22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110, 23 * USA 24 * 25 * The full GNU General Public License is included in this distribution 26 * in the file called COPYING. 27 * 28 * Contact Information: 29 * Intel Linux Wireless <ilw@linux.intel.com> 30 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 31 * 32 * BSD LICENSE 33 * 34 * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved. 35 * Copyright(c) 2013 - 2014 Intel Mobile Communications GmbH 36 * All rights reserved. 37 * 38 * Redistribution and use in source and binary forms, with or without 39 * modification, are permitted provided that the following conditions 40 * are met: 41 * 42 * * Redistributions of source code must retain the above copyright 43 * notice, this list of conditions and the following disclaimer. 44 * * Redistributions in binary form must reproduce the above copyright 45 * notice, this list of conditions and the following disclaimer in 46 * the documentation and/or other materials provided with the 47 * distribution. 48 * * Neither the name Intel Corporation nor the names of its 49 * contributors may be used to endorse or promote products derived 50 * from this software without specific prior written permission. 51 * 52 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 53 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 54 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 55 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 56 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 57 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 58 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 59 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 60 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 61 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 62 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 63 * 64 *****************************************************************************/ 65#include <net/mac80211.h> 66 67#include "mvm.h" 68#include "sta.h" 69#include "rs.h" 70 71static int iwl_mvm_find_free_sta_id(struct iwl_mvm *mvm, 72 enum nl80211_iftype iftype) 73{ 74 int sta_id; 75 u32 reserved_ids = 0; 76 77 BUILD_BUG_ON(IWL_MVM_STATION_COUNT > 32); 78 WARN_ON_ONCE(test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status)); 79 80 lockdep_assert_held(&mvm->mutex); 81 82 /* d0i3/d3 assumes the AP's sta_id (of sta vif) is 0. reserve it. */ 83 if (iftype != NL80211_IFTYPE_STATION) 84 reserved_ids = BIT(0); 85 86 /* Don't take rcu_read_lock() since we are protected by mvm->mutex */ 87 for (sta_id = 0; sta_id < IWL_MVM_STATION_COUNT; sta_id++) { 88 if (BIT(sta_id) & reserved_ids) 89 continue; 90 91 if (!rcu_dereference_protected(mvm->fw_id_to_mac_id[sta_id], 92 lockdep_is_held(&mvm->mutex))) 93 return sta_id; 94 } 95 return IWL_MVM_STATION_COUNT; 96} 97 98/* send station add/update command to firmware */ 99int iwl_mvm_sta_send_to_fw(struct iwl_mvm *mvm, struct ieee80211_sta *sta, 100 bool update) 101{ 102 struct iwl_mvm_sta *mvm_sta = (void *)sta->drv_priv; 103 struct iwl_mvm_add_sta_cmd add_sta_cmd = { 104 .sta_id = mvm_sta->sta_id, 105 .mac_id_n_color = cpu_to_le32(mvm_sta->mac_id_n_color), 106 .add_modify = update ? 1 : 0, 107 .station_flags_msk = cpu_to_le32(STA_FLG_FAT_EN_MSK | 108 STA_FLG_MIMO_EN_MSK), 109 }; 110 int ret; 111 u32 status; 112 u32 agg_size = 0, mpdu_dens = 0; 113 114 if (!update) { 115 add_sta_cmd.tfd_queue_msk = cpu_to_le32(mvm_sta->tfd_queue_msk); 116 memcpy(&add_sta_cmd.addr, sta->addr, ETH_ALEN); 117 } 118 119 switch (sta->bandwidth) { 120 case IEEE80211_STA_RX_BW_160: 121 add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_FAT_EN_160MHZ); 122 /* fall through */ 123 case IEEE80211_STA_RX_BW_80: 124 add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_FAT_EN_80MHZ); 125 /* fall through */ 126 case IEEE80211_STA_RX_BW_40: 127 add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_FAT_EN_40MHZ); 128 /* fall through */ 129 case IEEE80211_STA_RX_BW_20: 130 if (sta->ht_cap.ht_supported) 131 add_sta_cmd.station_flags |= 132 cpu_to_le32(STA_FLG_FAT_EN_20MHZ); 133 break; 134 } 135 136 switch (sta->rx_nss) { 137 case 1: 138 add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_MIMO_EN_SISO); 139 break; 140 case 2: 141 add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_MIMO_EN_MIMO2); 142 break; 143 case 3 ... 8: 144 add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_MIMO_EN_MIMO3); 145 break; 146 } 147 148 switch (sta->smps_mode) { 149 case IEEE80211_SMPS_AUTOMATIC: 150 case IEEE80211_SMPS_NUM_MODES: 151 WARN_ON(1); 152 break; 153 case IEEE80211_SMPS_STATIC: 154 /* override NSS */ 155 add_sta_cmd.station_flags &= ~cpu_to_le32(STA_FLG_MIMO_EN_MSK); 156 add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_MIMO_EN_SISO); 157 break; 158 case IEEE80211_SMPS_DYNAMIC: 159 add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_RTS_MIMO_PROT); 160 break; 161 case IEEE80211_SMPS_OFF: 162 /* nothing */ 163 break; 164 } 165 166 if (sta->ht_cap.ht_supported) { 167 add_sta_cmd.station_flags_msk |= 168 cpu_to_le32(STA_FLG_MAX_AGG_SIZE_MSK | 169 STA_FLG_AGG_MPDU_DENS_MSK); 170 171 mpdu_dens = sta->ht_cap.ampdu_density; 172 } 173 174 if (sta->vht_cap.vht_supported) { 175 agg_size = sta->vht_cap.cap & 176 IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK; 177 agg_size >>= 178 IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT; 179 } else if (sta->ht_cap.ht_supported) { 180 agg_size = sta->ht_cap.ampdu_factor; 181 } 182 183 add_sta_cmd.station_flags |= 184 cpu_to_le32(agg_size << STA_FLG_MAX_AGG_SIZE_SHIFT); 185 add_sta_cmd.station_flags |= 186 cpu_to_le32(mpdu_dens << STA_FLG_AGG_MPDU_DENS_SHIFT); 187 188 status = ADD_STA_SUCCESS; 189 ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA, sizeof(add_sta_cmd), 190 &add_sta_cmd, &status); 191 if (ret) 192 return ret; 193 194 switch (status) { 195 case ADD_STA_SUCCESS: 196 IWL_DEBUG_ASSOC(mvm, "ADD_STA PASSED\n"); 197 break; 198 default: 199 ret = -EIO; 200 IWL_ERR(mvm, "ADD_STA failed\n"); 201 break; 202 } 203 204 return ret; 205} 206 207int iwl_mvm_add_sta(struct iwl_mvm *mvm, 208 struct ieee80211_vif *vif, 209 struct ieee80211_sta *sta) 210{ 211 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 212 struct iwl_mvm_sta *mvm_sta = (void *)sta->drv_priv; 213 int i, ret, sta_id; 214 215 lockdep_assert_held(&mvm->mutex); 216 217 if (!test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status)) 218 sta_id = iwl_mvm_find_free_sta_id(mvm, 219 ieee80211_vif_type_p2p(vif)); 220 else 221 sta_id = mvm_sta->sta_id; 222 223 if (WARN_ON_ONCE(sta_id == IWL_MVM_STATION_COUNT)) 224 return -ENOSPC; 225 226 spin_lock_init(&mvm_sta->lock); 227 228 mvm_sta->sta_id = sta_id; 229 mvm_sta->mac_id_n_color = FW_CMD_ID_AND_COLOR(mvmvif->id, 230 mvmvif->color); 231 mvm_sta->vif = vif; 232 mvm_sta->max_agg_bufsize = LINK_QUAL_AGG_FRAME_LIMIT_DEF; 233 mvm_sta->tx_protection = 0; 234 mvm_sta->tt_tx_protection = false; 235 236 /* HW restart, don't assume the memory has been zeroed */ 237 atomic_set(&mvm->pending_frames[sta_id], 0); 238 mvm_sta->tid_disable_agg = 0; 239 mvm_sta->tfd_queue_msk = 0; 240 for (i = 0; i < IEEE80211_NUM_ACS; i++) 241 if (vif->hw_queue[i] != IEEE80211_INVAL_HW_QUEUE) 242 mvm_sta->tfd_queue_msk |= BIT(vif->hw_queue[i]); 243 244 /* for HW restart - reset everything but the sequence number */ 245 for (i = 0; i < IWL_MAX_TID_COUNT; i++) { 246 u16 seq = mvm_sta->tid_data[i].seq_number; 247 memset(&mvm_sta->tid_data[i], 0, sizeof(mvm_sta->tid_data[i])); 248 mvm_sta->tid_data[i].seq_number = seq; 249 } 250 mvm_sta->agg_tids = 0; 251 252 ret = iwl_mvm_sta_send_to_fw(mvm, sta, false); 253 if (ret) 254 return ret; 255 256 if (vif->type == NL80211_IFTYPE_STATION) { 257 if (!sta->tdls) { 258 WARN_ON(mvmvif->ap_sta_id != IWL_MVM_STATION_COUNT); 259 mvmvif->ap_sta_id = sta_id; 260 } else { 261 WARN_ON(mvmvif->ap_sta_id == IWL_MVM_STATION_COUNT); 262 } 263 } 264 265 rcu_assign_pointer(mvm->fw_id_to_mac_id[sta_id], sta); 266 267 return 0; 268} 269 270int iwl_mvm_update_sta(struct iwl_mvm *mvm, 271 struct ieee80211_vif *vif, 272 struct ieee80211_sta *sta) 273{ 274 return iwl_mvm_sta_send_to_fw(mvm, sta, true); 275} 276 277int iwl_mvm_drain_sta(struct iwl_mvm *mvm, struct iwl_mvm_sta *mvmsta, 278 bool drain) 279{ 280 struct iwl_mvm_add_sta_cmd cmd = {}; 281 int ret; 282 u32 status; 283 284 lockdep_assert_held(&mvm->mutex); 285 286 cmd.mac_id_n_color = cpu_to_le32(mvmsta->mac_id_n_color); 287 cmd.sta_id = mvmsta->sta_id; 288 cmd.add_modify = STA_MODE_MODIFY; 289 cmd.station_flags = drain ? cpu_to_le32(STA_FLG_DRAIN_FLOW) : 0; 290 cmd.station_flags_msk = cpu_to_le32(STA_FLG_DRAIN_FLOW); 291 292 status = ADD_STA_SUCCESS; 293 ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA, sizeof(cmd), 294 &cmd, &status); 295 if (ret) 296 return ret; 297 298 switch (status) { 299 case ADD_STA_SUCCESS: 300 IWL_DEBUG_INFO(mvm, "Frames for staid %d will drained in fw\n", 301 mvmsta->sta_id); 302 break; 303 default: 304 ret = -EIO; 305 IWL_ERR(mvm, "Couldn't drain frames for staid %d\n", 306 mvmsta->sta_id); 307 break; 308 } 309 310 return ret; 311} 312 313/* 314 * Remove a station from the FW table. Before sending the command to remove 315 * the station validate that the station is indeed known to the driver (sanity 316 * only). 317 */ 318static int iwl_mvm_rm_sta_common(struct iwl_mvm *mvm, u8 sta_id) 319{ 320 struct ieee80211_sta *sta; 321 struct iwl_mvm_rm_sta_cmd rm_sta_cmd = { 322 .sta_id = sta_id, 323 }; 324 int ret; 325 326 sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[sta_id], 327 lockdep_is_held(&mvm->mutex)); 328 329 /* Note: internal stations are marked as error values */ 330 if (!sta) { 331 IWL_ERR(mvm, "Invalid station id\n"); 332 return -EINVAL; 333 } 334 335 ret = iwl_mvm_send_cmd_pdu(mvm, REMOVE_STA, 0, 336 sizeof(rm_sta_cmd), &rm_sta_cmd); 337 if (ret) { 338 IWL_ERR(mvm, "Failed to remove station. Id=%d\n", sta_id); 339 return ret; 340 } 341 342 return 0; 343} 344 345void iwl_mvm_sta_drained_wk(struct work_struct *wk) 346{ 347 struct iwl_mvm *mvm = container_of(wk, struct iwl_mvm, sta_drained_wk); 348 u8 sta_id; 349 350 /* 351 * The mutex is needed because of the SYNC cmd, but not only: if the 352 * work would run concurrently with iwl_mvm_rm_sta, it would run before 353 * iwl_mvm_rm_sta sets the station as busy, and exit. Then 354 * iwl_mvm_rm_sta would set the station as busy, and nobody will clean 355 * that later. 356 */ 357 mutex_lock(&mvm->mutex); 358 359 for_each_set_bit(sta_id, mvm->sta_drained, IWL_MVM_STATION_COUNT) { 360 int ret; 361 struct ieee80211_sta *sta = 362 rcu_dereference_protected(mvm->fw_id_to_mac_id[sta_id], 363 lockdep_is_held(&mvm->mutex)); 364 365 /* 366 * This station is in use or RCU-removed; the latter happens in 367 * managed mode, where mac80211 removes the station before we 368 * can remove it from firmware (we can only do that after the 369 * MAC is marked unassociated), and possibly while the deauth 370 * frame to disconnect from the AP is still queued. Then, the 371 * station pointer is -ENOENT when the last skb is reclaimed. 372 */ 373 if (!IS_ERR(sta) || PTR_ERR(sta) == -ENOENT) 374 continue; 375 376 if (PTR_ERR(sta) == -EINVAL) { 377 IWL_ERR(mvm, "Drained sta %d, but it is internal?\n", 378 sta_id); 379 continue; 380 } 381 382 if (!sta) { 383 IWL_ERR(mvm, "Drained sta %d, but it was NULL?\n", 384 sta_id); 385 continue; 386 } 387 388 WARN_ON(PTR_ERR(sta) != -EBUSY); 389 /* This station was removed and we waited until it got drained, 390 * we can now proceed and remove it. 391 */ 392 ret = iwl_mvm_rm_sta_common(mvm, sta_id); 393 if (ret) { 394 IWL_ERR(mvm, 395 "Couldn't remove sta %d after it was drained\n", 396 sta_id); 397 continue; 398 } 399 RCU_INIT_POINTER(mvm->fw_id_to_mac_id[sta_id], NULL); 400 clear_bit(sta_id, mvm->sta_drained); 401 } 402 403 mutex_unlock(&mvm->mutex); 404} 405 406int iwl_mvm_rm_sta(struct iwl_mvm *mvm, 407 struct ieee80211_vif *vif, 408 struct ieee80211_sta *sta) 409{ 410 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 411 struct iwl_mvm_sta *mvm_sta = (void *)sta->drv_priv; 412 int ret; 413 414 lockdep_assert_held(&mvm->mutex); 415 416 if (vif->type == NL80211_IFTYPE_STATION && 417 mvmvif->ap_sta_id == mvm_sta->sta_id) { 418 /* flush its queues here since we are freeing mvm_sta */ 419 ret = iwl_mvm_flush_tx_path(mvm, mvm_sta->tfd_queue_msk, true); 420 421 /* if we are associated - we can't remove the AP STA now */ 422 if (vif->bss_conf.assoc) 423 return ret; 424 425 /* unassoc - go ahead - remove the AP STA now */ 426 mvmvif->ap_sta_id = IWL_MVM_STATION_COUNT; 427 428 /* clear d0i3_ap_sta_id if no longer relevant */ 429 if (mvm->d0i3_ap_sta_id == mvm_sta->sta_id) 430 mvm->d0i3_ap_sta_id = IWL_MVM_STATION_COUNT; 431 } 432 433 /* 434 * Make sure that the tx response code sees the station as -EBUSY and 435 * calls the drain worker. 436 */ 437 spin_lock_bh(&mvm_sta->lock); 438 /* 439 * There are frames pending on the AC queues for this station. 440 * We need to wait until all the frames are drained... 441 */ 442 if (atomic_read(&mvm->pending_frames[mvm_sta->sta_id])) { 443 rcu_assign_pointer(mvm->fw_id_to_mac_id[mvm_sta->sta_id], 444 ERR_PTR(-EBUSY)); 445 spin_unlock_bh(&mvm_sta->lock); 446 ret = iwl_mvm_drain_sta(mvm, mvm_sta, true); 447 } else { 448 spin_unlock_bh(&mvm_sta->lock); 449 ret = iwl_mvm_rm_sta_common(mvm, mvm_sta->sta_id); 450 RCU_INIT_POINTER(mvm->fw_id_to_mac_id[mvm_sta->sta_id], NULL); 451 } 452 453 return ret; 454} 455 456int iwl_mvm_rm_sta_id(struct iwl_mvm *mvm, 457 struct ieee80211_vif *vif, 458 u8 sta_id) 459{ 460 int ret = iwl_mvm_rm_sta_common(mvm, sta_id); 461 462 lockdep_assert_held(&mvm->mutex); 463 464 RCU_INIT_POINTER(mvm->fw_id_to_mac_id[sta_id], NULL); 465 return ret; 466} 467 468static int iwl_mvm_allocate_int_sta(struct iwl_mvm *mvm, 469 struct iwl_mvm_int_sta *sta, 470 u32 qmask, enum nl80211_iftype iftype) 471{ 472 if (!test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status)) { 473 sta->sta_id = iwl_mvm_find_free_sta_id(mvm, iftype); 474 if (WARN_ON_ONCE(sta->sta_id == IWL_MVM_STATION_COUNT)) 475 return -ENOSPC; 476 } 477 478 sta->tfd_queue_msk = qmask; 479 480 /* put a non-NULL value so iterating over the stations won't stop */ 481 rcu_assign_pointer(mvm->fw_id_to_mac_id[sta->sta_id], ERR_PTR(-EINVAL)); 482 return 0; 483} 484 485static void iwl_mvm_dealloc_int_sta(struct iwl_mvm *mvm, 486 struct iwl_mvm_int_sta *sta) 487{ 488 RCU_INIT_POINTER(mvm->fw_id_to_mac_id[sta->sta_id], NULL); 489 memset(sta, 0, sizeof(struct iwl_mvm_int_sta)); 490 sta->sta_id = IWL_MVM_STATION_COUNT; 491} 492 493static int iwl_mvm_add_int_sta_common(struct iwl_mvm *mvm, 494 struct iwl_mvm_int_sta *sta, 495 const u8 *addr, 496 u16 mac_id, u16 color) 497{ 498 struct iwl_mvm_add_sta_cmd cmd; 499 int ret; 500 u32 status; 501 502 lockdep_assert_held(&mvm->mutex); 503 504 memset(&cmd, 0, sizeof(cmd)); 505 cmd.sta_id = sta->sta_id; 506 cmd.mac_id_n_color = cpu_to_le32(FW_CMD_ID_AND_COLOR(mac_id, 507 color)); 508 509 cmd.tfd_queue_msk = cpu_to_le32(sta->tfd_queue_msk); 510 511 if (addr) 512 memcpy(cmd.addr, addr, ETH_ALEN); 513 514 ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA, sizeof(cmd), 515 &cmd, &status); 516 if (ret) 517 return ret; 518 519 switch (status) { 520 case ADD_STA_SUCCESS: 521 IWL_DEBUG_INFO(mvm, "Internal station added.\n"); 522 return 0; 523 default: 524 ret = -EIO; 525 IWL_ERR(mvm, "Add internal station failed, status=0x%x\n", 526 status); 527 break; 528 } 529 return ret; 530} 531 532int iwl_mvm_add_aux_sta(struct iwl_mvm *mvm) 533{ 534 int ret; 535 536 lockdep_assert_held(&mvm->mutex); 537 538 /* Map Aux queue to fifo - needs to happen before adding Aux station */ 539 iwl_mvm_enable_ac_txq(mvm, mvm->aux_queue, 540 IWL_MVM_TX_FIFO_MCAST); 541 542 /* Allocate aux station and assign to it the aux queue */ 543 ret = iwl_mvm_allocate_int_sta(mvm, &mvm->aux_sta, BIT(mvm->aux_queue), 544 NL80211_IFTYPE_UNSPECIFIED); 545 if (ret) 546 return ret; 547 548 ret = iwl_mvm_add_int_sta_common(mvm, &mvm->aux_sta, NULL, 549 MAC_INDEX_AUX, 0); 550 551 if (ret) 552 iwl_mvm_dealloc_int_sta(mvm, &mvm->aux_sta); 553 return ret; 554} 555 556void iwl_mvm_del_aux_sta(struct iwl_mvm *mvm) 557{ 558 lockdep_assert_held(&mvm->mutex); 559 560 iwl_mvm_dealloc_int_sta(mvm, &mvm->aux_sta); 561} 562 563/* 564 * Send the add station command for the vif's broadcast station. 565 * Assumes that the station was already allocated. 566 * 567 * @mvm: the mvm component 568 * @vif: the interface to which the broadcast station is added 569 * @bsta: the broadcast station to add. 570 */ 571int iwl_mvm_send_add_bcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif) 572{ 573 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 574 struct iwl_mvm_int_sta *bsta = &mvmvif->bcast_sta; 575 static const u8 _baddr[] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; 576 const u8 *baddr = _baddr; 577 578 lockdep_assert_held(&mvm->mutex); 579 580 if (vif->type == NL80211_IFTYPE_ADHOC) 581 baddr = vif->bss_conf.bssid; 582 583 if (WARN_ON_ONCE(bsta->sta_id == IWL_MVM_STATION_COUNT)) 584 return -ENOSPC; 585 586 return iwl_mvm_add_int_sta_common(mvm, bsta, baddr, 587 mvmvif->id, mvmvif->color); 588} 589 590/* Send the FW a request to remove the station from it's internal data 591 * structures, but DO NOT remove the entry from the local data structures. */ 592int iwl_mvm_send_rm_bcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif) 593{ 594 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 595 int ret; 596 597 lockdep_assert_held(&mvm->mutex); 598 599 ret = iwl_mvm_rm_sta_common(mvm, mvmvif->bcast_sta.sta_id); 600 if (ret) 601 IWL_WARN(mvm, "Failed sending remove station\n"); 602 return ret; 603} 604 605int iwl_mvm_alloc_bcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif) 606{ 607 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 608 u32 qmask; 609 610 lockdep_assert_held(&mvm->mutex); 611 612 qmask = iwl_mvm_mac_get_queues_mask(mvm, vif); 613 614 /* 615 * The firmware defines the TFD queue mask to only be relevant 616 * for *unicast* queues, so the multicast (CAB) queue shouldn't 617 * be included. 618 */ 619 if (vif->type == NL80211_IFTYPE_AP) 620 qmask &= ~BIT(vif->cab_queue); 621 622 return iwl_mvm_allocate_int_sta(mvm, &mvmvif->bcast_sta, qmask, 623 ieee80211_vif_type_p2p(vif)); 624} 625 626/* Allocate a new station entry for the broadcast station to the given vif, 627 * and send it to the FW. 628 * Note that each P2P mac should have its own broadcast station. 629 * 630 * @mvm: the mvm component 631 * @vif: the interface to which the broadcast station is added 632 * @bsta: the broadcast station to add. */ 633int iwl_mvm_add_bcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif) 634{ 635 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 636 struct iwl_mvm_int_sta *bsta = &mvmvif->bcast_sta; 637 int ret; 638 639 lockdep_assert_held(&mvm->mutex); 640 641 ret = iwl_mvm_alloc_bcast_sta(mvm, vif); 642 if (ret) 643 return ret; 644 645 ret = iwl_mvm_send_add_bcast_sta(mvm, vif); 646 647 if (ret) 648 iwl_mvm_dealloc_int_sta(mvm, bsta); 649 650 return ret; 651} 652 653void iwl_mvm_dealloc_bcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif) 654{ 655 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 656 657 iwl_mvm_dealloc_int_sta(mvm, &mvmvif->bcast_sta); 658} 659 660/* 661 * Send the FW a request to remove the station from it's internal data 662 * structures, and in addition remove it from the local data structure. 663 */ 664int iwl_mvm_rm_bcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif) 665{ 666 int ret; 667 668 lockdep_assert_held(&mvm->mutex); 669 670 ret = iwl_mvm_send_rm_bcast_sta(mvm, vif); 671 672 iwl_mvm_dealloc_bcast_sta(mvm, vif); 673 674 return ret; 675} 676 677#define IWL_MAX_RX_BA_SESSIONS 16 678 679int iwl_mvm_sta_rx_agg(struct iwl_mvm *mvm, struct ieee80211_sta *sta, 680 int tid, u16 ssn, bool start) 681{ 682 struct iwl_mvm_sta *mvm_sta = (void *)sta->drv_priv; 683 struct iwl_mvm_add_sta_cmd cmd = {}; 684 int ret; 685 u32 status; 686 687 lockdep_assert_held(&mvm->mutex); 688 689 if (start && mvm->rx_ba_sessions >= IWL_MAX_RX_BA_SESSIONS) { 690 IWL_WARN(mvm, "Not enough RX BA SESSIONS\n"); 691 return -ENOSPC; 692 } 693 694 cmd.mac_id_n_color = cpu_to_le32(mvm_sta->mac_id_n_color); 695 cmd.sta_id = mvm_sta->sta_id; 696 cmd.add_modify = STA_MODE_MODIFY; 697 if (start) { 698 cmd.add_immediate_ba_tid = (u8) tid; 699 cmd.add_immediate_ba_ssn = cpu_to_le16(ssn); 700 } else { 701 cmd.remove_immediate_ba_tid = (u8) tid; 702 } 703 cmd.modify_mask = start ? STA_MODIFY_ADD_BA_TID : 704 STA_MODIFY_REMOVE_BA_TID; 705 706 status = ADD_STA_SUCCESS; 707 ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA, sizeof(cmd), 708 &cmd, &status); 709 if (ret) 710 return ret; 711 712 switch (status) { 713 case ADD_STA_SUCCESS: 714 IWL_DEBUG_INFO(mvm, "RX BA Session %sed in fw\n", 715 start ? "start" : "stopp"); 716 break; 717 case ADD_STA_IMMEDIATE_BA_FAILURE: 718 IWL_WARN(mvm, "RX BA Session refused by fw\n"); 719 ret = -ENOSPC; 720 break; 721 default: 722 ret = -EIO; 723 IWL_ERR(mvm, "RX BA Session failed %sing, status 0x%x\n", 724 start ? "start" : "stopp", status); 725 break; 726 } 727 728 if (!ret) { 729 if (start) 730 mvm->rx_ba_sessions++; 731 else if (mvm->rx_ba_sessions > 0) 732 /* check that restart flow didn't zero the counter */ 733 mvm->rx_ba_sessions--; 734 } 735 736 return ret; 737} 738 739static int iwl_mvm_sta_tx_agg(struct iwl_mvm *mvm, struct ieee80211_sta *sta, 740 int tid, u8 queue, bool start) 741{ 742 struct iwl_mvm_sta *mvm_sta = (void *)sta->drv_priv; 743 struct iwl_mvm_add_sta_cmd cmd = {}; 744 int ret; 745 u32 status; 746 747 lockdep_assert_held(&mvm->mutex); 748 749 if (start) { 750 mvm_sta->tfd_queue_msk |= BIT(queue); 751 mvm_sta->tid_disable_agg &= ~BIT(tid); 752 } else { 753 mvm_sta->tfd_queue_msk &= ~BIT(queue); 754 mvm_sta->tid_disable_agg |= BIT(tid); 755 } 756 757 cmd.mac_id_n_color = cpu_to_le32(mvm_sta->mac_id_n_color); 758 cmd.sta_id = mvm_sta->sta_id; 759 cmd.add_modify = STA_MODE_MODIFY; 760 cmd.modify_mask = STA_MODIFY_QUEUES | STA_MODIFY_TID_DISABLE_TX; 761 cmd.tfd_queue_msk = cpu_to_le32(mvm_sta->tfd_queue_msk); 762 cmd.tid_disable_tx = cpu_to_le16(mvm_sta->tid_disable_agg); 763 764 status = ADD_STA_SUCCESS; 765 ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA, sizeof(cmd), 766 &cmd, &status); 767 if (ret) 768 return ret; 769 770 switch (status) { 771 case ADD_STA_SUCCESS: 772 break; 773 default: 774 ret = -EIO; 775 IWL_ERR(mvm, "TX BA Session failed %sing, status 0x%x\n", 776 start ? "start" : "stopp", status); 777 break; 778 } 779 780 return ret; 781} 782 783const u8 tid_to_mac80211_ac[] = { 784 IEEE80211_AC_BE, 785 IEEE80211_AC_BK, 786 IEEE80211_AC_BK, 787 IEEE80211_AC_BE, 788 IEEE80211_AC_VI, 789 IEEE80211_AC_VI, 790 IEEE80211_AC_VO, 791 IEEE80211_AC_VO, 792}; 793 794static const u8 tid_to_ucode_ac[] = { 795 AC_BE, 796 AC_BK, 797 AC_BK, 798 AC_BE, 799 AC_VI, 800 AC_VI, 801 AC_VO, 802 AC_VO, 803}; 804 805int iwl_mvm_sta_tx_agg_start(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 806 struct ieee80211_sta *sta, u16 tid, u16 *ssn) 807{ 808 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 809 struct iwl_mvm_tid_data *tid_data; 810 int txq_id; 811 812 if (WARN_ON_ONCE(tid >= IWL_MAX_TID_COUNT)) 813 return -EINVAL; 814 815 if (mvmsta->tid_data[tid].state != IWL_AGG_OFF) { 816 IWL_ERR(mvm, "Start AGG when state is not IWL_AGG_OFF %d!\n", 817 mvmsta->tid_data[tid].state); 818 return -ENXIO; 819 } 820 821 lockdep_assert_held(&mvm->mutex); 822 823 for (txq_id = mvm->first_agg_queue; 824 txq_id <= mvm->last_agg_queue; txq_id++) 825 if (mvm->queue_to_mac80211[txq_id] == 826 IWL_INVALID_MAC80211_QUEUE) 827 break; 828 829 if (txq_id > mvm->last_agg_queue) { 830 IWL_ERR(mvm, "Failed to allocate agg queue\n"); 831 return -EIO; 832 } 833 834 spin_lock_bh(&mvmsta->lock); 835 836 /* possible race condition - we entered D0i3 while starting agg */ 837 if (test_bit(IWL_MVM_STATUS_IN_D0I3, &mvm->status)) { 838 spin_unlock_bh(&mvmsta->lock); 839 IWL_ERR(mvm, "Entered D0i3 while starting Tx agg\n"); 840 return -EIO; 841 } 842 843 /* the new tx queue is still connected to the same mac80211 queue */ 844 mvm->queue_to_mac80211[txq_id] = vif->hw_queue[tid_to_mac80211_ac[tid]]; 845 846 tid_data = &mvmsta->tid_data[tid]; 847 tid_data->ssn = IEEE80211_SEQ_TO_SN(tid_data->seq_number); 848 tid_data->txq_id = txq_id; 849 *ssn = tid_data->ssn; 850 851 IWL_DEBUG_TX_QUEUES(mvm, 852 "Start AGG: sta %d tid %d queue %d - ssn = %d, next_recl = %d\n", 853 mvmsta->sta_id, tid, txq_id, tid_data->ssn, 854 tid_data->next_reclaimed); 855 856 if (tid_data->ssn == tid_data->next_reclaimed) { 857 tid_data->state = IWL_AGG_STARTING; 858 ieee80211_start_tx_ba_cb_irqsafe(vif, sta->addr, tid); 859 } else { 860 tid_data->state = IWL_EMPTYING_HW_QUEUE_ADDBA; 861 } 862 863 spin_unlock_bh(&mvmsta->lock); 864 865 return 0; 866} 867 868int iwl_mvm_sta_tx_agg_oper(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 869 struct ieee80211_sta *sta, u16 tid, u8 buf_size) 870{ 871 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 872 struct iwl_mvm_tid_data *tid_data = &mvmsta->tid_data[tid]; 873 int queue, fifo, ret; 874 u16 ssn; 875 876 BUILD_BUG_ON((sizeof(mvmsta->agg_tids) * BITS_PER_BYTE) 877 != IWL_MAX_TID_COUNT); 878 879 buf_size = min_t(int, buf_size, LINK_QUAL_AGG_FRAME_LIMIT_DEF); 880 881 spin_lock_bh(&mvmsta->lock); 882 ssn = tid_data->ssn; 883 queue = tid_data->txq_id; 884 tid_data->state = IWL_AGG_ON; 885 mvmsta->agg_tids |= BIT(tid); 886 tid_data->ssn = 0xffff; 887 spin_unlock_bh(&mvmsta->lock); 888 889 fifo = iwl_mvm_ac_to_tx_fifo[tid_to_mac80211_ac[tid]]; 890 891 ret = iwl_mvm_sta_tx_agg(mvm, sta, tid, queue, true); 892 if (ret) 893 return -EIO; 894 895 iwl_mvm_enable_agg_txq(mvm, queue, fifo, mvmsta->sta_id, tid, 896 buf_size, ssn); 897 898 /* 899 * Even though in theory the peer could have different 900 * aggregation reorder buffer sizes for different sessions, 901 * our ucode doesn't allow for that and has a global limit 902 * for each station. Therefore, use the minimum of all the 903 * aggregation sessions and our default value. 904 */ 905 mvmsta->max_agg_bufsize = 906 min(mvmsta->max_agg_bufsize, buf_size); 907 mvmsta->lq_sta.lq.agg_frame_cnt_limit = mvmsta->max_agg_bufsize; 908 909 IWL_DEBUG_HT(mvm, "Tx aggregation enabled on ra = %pM tid = %d\n", 910 sta->addr, tid); 911 912 return iwl_mvm_send_lq_cmd(mvm, &mvmsta->lq_sta.lq, false); 913} 914 915int iwl_mvm_sta_tx_agg_stop(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 916 struct ieee80211_sta *sta, u16 tid) 917{ 918 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 919 struct iwl_mvm_tid_data *tid_data = &mvmsta->tid_data[tid]; 920 u16 txq_id; 921 int err; 922 923 924 /* 925 * If mac80211 is cleaning its state, then say that we finished since 926 * our state has been cleared anyway. 927 */ 928 if (test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status)) { 929 ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid); 930 return 0; 931 } 932 933 spin_lock_bh(&mvmsta->lock); 934 935 txq_id = tid_data->txq_id; 936 937 IWL_DEBUG_TX_QUEUES(mvm, "Stop AGG: sta %d tid %d q %d state %d\n", 938 mvmsta->sta_id, tid, txq_id, tid_data->state); 939 940 mvmsta->agg_tids &= ~BIT(tid); 941 942 switch (tid_data->state) { 943 case IWL_AGG_ON: 944 tid_data->ssn = IEEE80211_SEQ_TO_SN(tid_data->seq_number); 945 946 IWL_DEBUG_TX_QUEUES(mvm, 947 "ssn = %d, next_recl = %d\n", 948 tid_data->ssn, tid_data->next_reclaimed); 949 950 /* There are still packets for this RA / TID in the HW */ 951 if (tid_data->ssn != tid_data->next_reclaimed) { 952 tid_data->state = IWL_EMPTYING_HW_QUEUE_DELBA; 953 err = 0; 954 break; 955 } 956 957 tid_data->ssn = 0xffff; 958 tid_data->state = IWL_AGG_OFF; 959 mvm->queue_to_mac80211[txq_id] = IWL_INVALID_MAC80211_QUEUE; 960 spin_unlock_bh(&mvmsta->lock); 961 962 ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid); 963 964 iwl_mvm_sta_tx_agg(mvm, sta, tid, txq_id, false); 965 966 iwl_mvm_disable_txq(mvm, txq_id); 967 return 0; 968 case IWL_AGG_STARTING: 969 case IWL_EMPTYING_HW_QUEUE_ADDBA: 970 /* 971 * The agg session has been stopped before it was set up. This 972 * can happen when the AddBA timer times out for example. 973 */ 974 975 /* No barriers since we are under mutex */ 976 lockdep_assert_held(&mvm->mutex); 977 mvm->queue_to_mac80211[txq_id] = IWL_INVALID_MAC80211_QUEUE; 978 979 ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid); 980 tid_data->state = IWL_AGG_OFF; 981 err = 0; 982 break; 983 default: 984 IWL_ERR(mvm, 985 "Stopping AGG while state not ON or starting for %d on %d (%d)\n", 986 mvmsta->sta_id, tid, tid_data->state); 987 IWL_ERR(mvm, 988 "\ttid_data->txq_id = %d\n", tid_data->txq_id); 989 err = -EINVAL; 990 } 991 992 spin_unlock_bh(&mvmsta->lock); 993 994 return err; 995} 996 997int iwl_mvm_sta_tx_agg_flush(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 998 struct ieee80211_sta *sta, u16 tid) 999{ 1000 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 1001 struct iwl_mvm_tid_data *tid_data = &mvmsta->tid_data[tid]; 1002 u16 txq_id; 1003 enum iwl_mvm_agg_state old_state; 1004 1005 /* 1006 * First set the agg state to OFF to avoid calling 1007 * ieee80211_stop_tx_ba_cb in iwl_mvm_check_ratid_empty. 1008 */ 1009 spin_lock_bh(&mvmsta->lock); 1010 txq_id = tid_data->txq_id; 1011 IWL_DEBUG_TX_QUEUES(mvm, "Flush AGG: sta %d tid %d q %d state %d\n", 1012 mvmsta->sta_id, tid, txq_id, tid_data->state); 1013 old_state = tid_data->state; 1014 tid_data->state = IWL_AGG_OFF; 1015 mvmsta->agg_tids &= ~BIT(tid); 1016 spin_unlock_bh(&mvmsta->lock); 1017 1018 if (old_state >= IWL_AGG_ON) { 1019 if (iwl_mvm_flush_tx_path(mvm, BIT(txq_id), true)) 1020 IWL_ERR(mvm, "Couldn't flush the AGG queue\n"); 1021 1022 iwl_mvm_sta_tx_agg(mvm, sta, tid, txq_id, false); 1023 1024 iwl_mvm_disable_txq(mvm, tid_data->txq_id); 1025 } 1026 1027 mvm->queue_to_mac80211[tid_data->txq_id] = 1028 IWL_INVALID_MAC80211_QUEUE; 1029 1030 return 0; 1031} 1032 1033static int iwl_mvm_set_fw_key_idx(struct iwl_mvm *mvm) 1034{ 1035 int i; 1036 1037 lockdep_assert_held(&mvm->mutex); 1038 1039 i = find_first_zero_bit(mvm->fw_key_table, STA_KEY_MAX_NUM); 1040 1041 if (i == STA_KEY_MAX_NUM) 1042 return STA_KEY_IDX_INVALID; 1043 1044 __set_bit(i, mvm->fw_key_table); 1045 1046 return i; 1047} 1048 1049static u8 iwl_mvm_get_key_sta_id(struct ieee80211_vif *vif, 1050 struct ieee80211_sta *sta) 1051{ 1052 struct iwl_mvm_vif *mvmvif = (void *)vif->drv_priv; 1053 1054 if (sta) { 1055 struct iwl_mvm_sta *mvm_sta = (void *)sta->drv_priv; 1056 1057 return mvm_sta->sta_id; 1058 } 1059 1060 /* 1061 * The device expects GTKs for station interfaces to be 1062 * installed as GTKs for the AP station. If we have no 1063 * station ID, then use AP's station ID. 1064 */ 1065 if (vif->type == NL80211_IFTYPE_STATION && 1066 mvmvif->ap_sta_id != IWL_MVM_STATION_COUNT) 1067 return mvmvif->ap_sta_id; 1068 1069 return IWL_MVM_STATION_COUNT; 1070} 1071 1072static int iwl_mvm_send_sta_key(struct iwl_mvm *mvm, 1073 struct iwl_mvm_sta *mvm_sta, 1074 struct ieee80211_key_conf *keyconf, 1075 u8 sta_id, u32 tkip_iv32, u16 *tkip_p1k, 1076 u32 cmd_flags) 1077{ 1078 struct iwl_mvm_add_sta_key_cmd cmd = {}; 1079 __le16 key_flags; 1080 int ret, status; 1081 u16 keyidx; 1082 int i; 1083 1084 keyidx = (keyconf->keyidx << STA_KEY_FLG_KEYID_POS) & 1085 STA_KEY_FLG_KEYID_MSK; 1086 key_flags = cpu_to_le16(keyidx); 1087 key_flags |= cpu_to_le16(STA_KEY_FLG_WEP_KEY_MAP); 1088 1089 switch (keyconf->cipher) { 1090 case WLAN_CIPHER_SUITE_TKIP: 1091 key_flags |= cpu_to_le16(STA_KEY_FLG_TKIP); 1092 cmd.tkip_rx_tsc_byte2 = tkip_iv32; 1093 for (i = 0; i < 5; i++) 1094 cmd.tkip_rx_ttak[i] = cpu_to_le16(tkip_p1k[i]); 1095 memcpy(cmd.key, keyconf->key, keyconf->keylen); 1096 break; 1097 case WLAN_CIPHER_SUITE_CCMP: 1098 key_flags |= cpu_to_le16(STA_KEY_FLG_CCM); 1099 memcpy(cmd.key, keyconf->key, keyconf->keylen); 1100 break; 1101 default: 1102 key_flags |= cpu_to_le16(STA_KEY_FLG_EXT); 1103 memcpy(cmd.key, keyconf->key, keyconf->keylen); 1104 } 1105 1106 if (!(keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE)) 1107 key_flags |= cpu_to_le16(STA_KEY_MULTICAST); 1108 1109 cmd.key_offset = keyconf->hw_key_idx; 1110 cmd.key_flags = key_flags; 1111 cmd.sta_id = sta_id; 1112 1113 status = ADD_STA_SUCCESS; 1114 if (cmd_flags & CMD_ASYNC) 1115 ret = iwl_mvm_send_cmd_pdu(mvm, ADD_STA_KEY, CMD_ASYNC, 1116 sizeof(cmd), &cmd); 1117 else 1118 ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA_KEY, sizeof(cmd), 1119 &cmd, &status); 1120 1121 switch (status) { 1122 case ADD_STA_SUCCESS: 1123 IWL_DEBUG_WEP(mvm, "MODIFY_STA: set dynamic key passed\n"); 1124 break; 1125 default: 1126 ret = -EIO; 1127 IWL_ERR(mvm, "MODIFY_STA: set dynamic key failed\n"); 1128 break; 1129 } 1130 1131 return ret; 1132} 1133 1134static int iwl_mvm_send_sta_igtk(struct iwl_mvm *mvm, 1135 struct ieee80211_key_conf *keyconf, 1136 u8 sta_id, bool remove_key) 1137{ 1138 struct iwl_mvm_mgmt_mcast_key_cmd igtk_cmd = {}; 1139 1140 /* verify the key details match the required command's expectations */ 1141 if (WARN_ON((keyconf->cipher != WLAN_CIPHER_SUITE_AES_CMAC) || 1142 (keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE) || 1143 (keyconf->keyidx != 4 && keyconf->keyidx != 5))) 1144 return -EINVAL; 1145 1146 igtk_cmd.key_id = cpu_to_le32(keyconf->keyidx); 1147 igtk_cmd.sta_id = cpu_to_le32(sta_id); 1148 1149 if (remove_key) { 1150 igtk_cmd.ctrl_flags |= cpu_to_le32(STA_KEY_NOT_VALID); 1151 } else { 1152 struct ieee80211_key_seq seq; 1153 const u8 *pn; 1154 1155 memcpy(igtk_cmd.IGTK, keyconf->key, keyconf->keylen); 1156 ieee80211_aes_cmac_calculate_k1_k2(keyconf, 1157 igtk_cmd.K1, igtk_cmd.K2); 1158 ieee80211_get_key_rx_seq(keyconf, 0, &seq); 1159 pn = seq.aes_cmac.pn; 1160 igtk_cmd.receive_seq_cnt = cpu_to_le64(((u64) pn[5] << 0) | 1161 ((u64) pn[4] << 8) | 1162 ((u64) pn[3] << 16) | 1163 ((u64) pn[2] << 24) | 1164 ((u64) pn[1] << 32) | 1165 ((u64) pn[0] << 40)); 1166 } 1167 1168 IWL_DEBUG_INFO(mvm, "%s igtk for sta %u\n", 1169 remove_key ? "removing" : "installing", 1170 igtk_cmd.sta_id); 1171 1172 return iwl_mvm_send_cmd_pdu(mvm, MGMT_MCAST_KEY, 0, 1173 sizeof(igtk_cmd), &igtk_cmd); 1174} 1175 1176 1177static inline u8 *iwl_mvm_get_mac_addr(struct iwl_mvm *mvm, 1178 struct ieee80211_vif *vif, 1179 struct ieee80211_sta *sta) 1180{ 1181 struct iwl_mvm_vif *mvmvif = (void *)vif->drv_priv; 1182 1183 if (sta) 1184 return sta->addr; 1185 1186 if (vif->type == NL80211_IFTYPE_STATION && 1187 mvmvif->ap_sta_id != IWL_MVM_STATION_COUNT) { 1188 u8 sta_id = mvmvif->ap_sta_id; 1189 sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[sta_id], 1190 lockdep_is_held(&mvm->mutex)); 1191 return sta->addr; 1192 } 1193 1194 1195 return NULL; 1196} 1197 1198int iwl_mvm_set_sta_key(struct iwl_mvm *mvm, 1199 struct ieee80211_vif *vif, 1200 struct ieee80211_sta *sta, 1201 struct ieee80211_key_conf *keyconf, 1202 bool have_key_offset) 1203{ 1204 struct iwl_mvm_sta *mvm_sta; 1205 int ret; 1206 u8 *addr, sta_id; 1207 struct ieee80211_key_seq seq; 1208 u16 p1k[5]; 1209 1210 lockdep_assert_held(&mvm->mutex); 1211 1212 /* Get the station id from the mvm local station table */ 1213 sta_id = iwl_mvm_get_key_sta_id(vif, sta); 1214 if (sta_id == IWL_MVM_STATION_COUNT) { 1215 IWL_ERR(mvm, "Failed to find station id\n"); 1216 return -EINVAL; 1217 } 1218 1219 if (keyconf->cipher == WLAN_CIPHER_SUITE_AES_CMAC) { 1220 ret = iwl_mvm_send_sta_igtk(mvm, keyconf, sta_id, false); 1221 goto end; 1222 } 1223 1224 /* 1225 * It is possible that the 'sta' parameter is NULL, and thus 1226 * there is a need to retrieve the sta from the local station table. 1227 */ 1228 if (!sta) { 1229 sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[sta_id], 1230 lockdep_is_held(&mvm->mutex)); 1231 if (IS_ERR_OR_NULL(sta)) { 1232 IWL_ERR(mvm, "Invalid station id\n"); 1233 return -EINVAL; 1234 } 1235 } 1236 1237 mvm_sta = (struct iwl_mvm_sta *)sta->drv_priv; 1238 if (WARN_ON_ONCE(mvm_sta->vif != vif)) 1239 return -EINVAL; 1240 1241 if (!have_key_offset) { 1242 /* 1243 * The D3 firmware hardcodes the PTK offset to 0, so we have to 1244 * configure it there. As a result, this workaround exists to 1245 * let the caller set the key offset (hw_key_idx), see d3.c. 1246 */ 1247 keyconf->hw_key_idx = iwl_mvm_set_fw_key_idx(mvm); 1248 if (keyconf->hw_key_idx == STA_KEY_IDX_INVALID) 1249 return -ENOSPC; 1250 } 1251 1252 switch (keyconf->cipher) { 1253 case WLAN_CIPHER_SUITE_TKIP: 1254 addr = iwl_mvm_get_mac_addr(mvm, vif, sta); 1255 /* get phase 1 key from mac80211 */ 1256 ieee80211_get_key_rx_seq(keyconf, 0, &seq); 1257 ieee80211_get_tkip_rx_p1k(keyconf, addr, seq.tkip.iv32, p1k); 1258 ret = iwl_mvm_send_sta_key(mvm, mvm_sta, keyconf, sta_id, 1259 seq.tkip.iv32, p1k, 0); 1260 break; 1261 case WLAN_CIPHER_SUITE_CCMP: 1262 ret = iwl_mvm_send_sta_key(mvm, mvm_sta, keyconf, sta_id, 1263 0, NULL, 0); 1264 break; 1265 default: 1266 ret = iwl_mvm_send_sta_key(mvm, mvm_sta, keyconf, 1267 sta_id, 0, NULL, 0); 1268 } 1269 1270 if (ret) 1271 __clear_bit(keyconf->hw_key_idx, mvm->fw_key_table); 1272 1273end: 1274 IWL_DEBUG_WEP(mvm, "key: cipher=%x len=%d idx=%d sta=%pM ret=%d\n", 1275 keyconf->cipher, keyconf->keylen, keyconf->keyidx, 1276 sta->addr, ret); 1277 return ret; 1278} 1279 1280int iwl_mvm_remove_sta_key(struct iwl_mvm *mvm, 1281 struct ieee80211_vif *vif, 1282 struct ieee80211_sta *sta, 1283 struct ieee80211_key_conf *keyconf) 1284{ 1285 struct iwl_mvm_sta *mvm_sta; 1286 struct iwl_mvm_add_sta_key_cmd cmd = {}; 1287 __le16 key_flags; 1288 int ret, status; 1289 u8 sta_id; 1290 1291 lockdep_assert_held(&mvm->mutex); 1292 1293 /* Get the station id from the mvm local station table */ 1294 sta_id = iwl_mvm_get_key_sta_id(vif, sta); 1295 1296 IWL_DEBUG_WEP(mvm, "mvm remove dynamic key: idx=%d sta=%d\n", 1297 keyconf->keyidx, sta_id); 1298 1299 if (keyconf->cipher == WLAN_CIPHER_SUITE_AES_CMAC) 1300 return iwl_mvm_send_sta_igtk(mvm, keyconf, sta_id, true); 1301 1302 ret = __test_and_clear_bit(keyconf->hw_key_idx, mvm->fw_key_table); 1303 if (!ret) { 1304 IWL_ERR(mvm, "offset %d not used in fw key table.\n", 1305 keyconf->hw_key_idx); 1306 return -ENOENT; 1307 } 1308 1309 if (sta_id == IWL_MVM_STATION_COUNT) { 1310 IWL_DEBUG_WEP(mvm, "station non-existent, early return.\n"); 1311 return 0; 1312 } 1313 1314 /* 1315 * It is possible that the 'sta' parameter is NULL, and thus 1316 * there is a need to retrieve the sta from the local station table, 1317 * for example when a GTK is removed (where the sta_id will then be 1318 * the AP ID, and no station was passed by mac80211.) 1319 */ 1320 if (!sta) { 1321 sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[sta_id], 1322 lockdep_is_held(&mvm->mutex)); 1323 if (!sta) { 1324 IWL_ERR(mvm, "Invalid station id\n"); 1325 return -EINVAL; 1326 } 1327 } 1328 1329 mvm_sta = (struct iwl_mvm_sta *)sta->drv_priv; 1330 if (WARN_ON_ONCE(mvm_sta->vif != vif)) 1331 return -EINVAL; 1332 1333 key_flags = cpu_to_le16((keyconf->keyidx << STA_KEY_FLG_KEYID_POS) & 1334 STA_KEY_FLG_KEYID_MSK); 1335 key_flags |= cpu_to_le16(STA_KEY_FLG_NO_ENC | STA_KEY_FLG_WEP_KEY_MAP); 1336 key_flags |= cpu_to_le16(STA_KEY_NOT_VALID); 1337 1338 if (!(keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE)) 1339 key_flags |= cpu_to_le16(STA_KEY_MULTICAST); 1340 1341 cmd.key_flags = key_flags; 1342 cmd.key_offset = keyconf->hw_key_idx; 1343 cmd.sta_id = sta_id; 1344 1345 status = ADD_STA_SUCCESS; 1346 ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA_KEY, sizeof(cmd), 1347 &cmd, &status); 1348 1349 switch (status) { 1350 case ADD_STA_SUCCESS: 1351 IWL_DEBUG_WEP(mvm, "MODIFY_STA: remove sta key passed\n"); 1352 break; 1353 default: 1354 ret = -EIO; 1355 IWL_ERR(mvm, "MODIFY_STA: remove sta key failed\n"); 1356 break; 1357 } 1358 1359 return ret; 1360} 1361 1362void iwl_mvm_update_tkip_key(struct iwl_mvm *mvm, 1363 struct ieee80211_vif *vif, 1364 struct ieee80211_key_conf *keyconf, 1365 struct ieee80211_sta *sta, u32 iv32, 1366 u16 *phase1key) 1367{ 1368 struct iwl_mvm_sta *mvm_sta; 1369 u8 sta_id = iwl_mvm_get_key_sta_id(vif, sta); 1370 1371 if (WARN_ON_ONCE(sta_id == IWL_MVM_STATION_COUNT)) 1372 return; 1373 1374 rcu_read_lock(); 1375 1376 if (!sta) { 1377 sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]); 1378 if (WARN_ON(IS_ERR_OR_NULL(sta))) { 1379 rcu_read_unlock(); 1380 return; 1381 } 1382 } 1383 1384 mvm_sta = (void *)sta->drv_priv; 1385 iwl_mvm_send_sta_key(mvm, mvm_sta, keyconf, sta_id, 1386 iv32, phase1key, CMD_ASYNC); 1387 rcu_read_unlock(); 1388} 1389 1390void iwl_mvm_sta_modify_ps_wake(struct iwl_mvm *mvm, 1391 struct ieee80211_sta *sta) 1392{ 1393 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 1394 struct iwl_mvm_add_sta_cmd cmd = { 1395 .add_modify = STA_MODE_MODIFY, 1396 .sta_id = mvmsta->sta_id, 1397 .station_flags_msk = cpu_to_le32(STA_FLG_PS), 1398 .mac_id_n_color = cpu_to_le32(mvmsta->mac_id_n_color), 1399 }; 1400 int ret; 1401 1402 ret = iwl_mvm_send_cmd_pdu(mvm, ADD_STA, CMD_ASYNC, sizeof(cmd), &cmd); 1403 if (ret) 1404 IWL_ERR(mvm, "Failed to send ADD_STA command (%d)\n", ret); 1405} 1406 1407void iwl_mvm_sta_modify_sleep_tx_count(struct iwl_mvm *mvm, 1408 struct ieee80211_sta *sta, 1409 enum ieee80211_frame_release_type reason, 1410 u16 cnt, u16 tids, bool more_data, 1411 bool agg) 1412{ 1413 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 1414 struct iwl_mvm_add_sta_cmd cmd = { 1415 .add_modify = STA_MODE_MODIFY, 1416 .sta_id = mvmsta->sta_id, 1417 .modify_mask = STA_MODIFY_SLEEPING_STA_TX_COUNT, 1418 .sleep_tx_count = cpu_to_le16(cnt), 1419 .mac_id_n_color = cpu_to_le32(mvmsta->mac_id_n_color), 1420 }; 1421 int tid, ret; 1422 unsigned long _tids = tids; 1423 1424 /* convert TIDs to ACs - we don't support TSPEC so that's OK 1425 * Note that this field is reserved and unused by firmware not 1426 * supporting GO uAPSD, so it's safe to always do this. 1427 */ 1428 for_each_set_bit(tid, &_tids, IWL_MAX_TID_COUNT) 1429 cmd.awake_acs |= BIT(tid_to_ucode_ac[tid]); 1430 1431 /* If we're releasing frames from aggregation queues then check if the 1432 * all queues combined that we're releasing frames from have 1433 * - more frames than the service period, in which case more_data 1434 * needs to be set 1435 * - fewer than 'cnt' frames, in which case we need to adjust the 1436 * firmware command (but do that unconditionally) 1437 */ 1438 if (agg) { 1439 int remaining = cnt; 1440 1441 spin_lock_bh(&mvmsta->lock); 1442 for_each_set_bit(tid, &_tids, IWL_MAX_TID_COUNT) { 1443 struct iwl_mvm_tid_data *tid_data; 1444 u16 n_queued; 1445 1446 tid_data = &mvmsta->tid_data[tid]; 1447 if (WARN(tid_data->state != IWL_AGG_ON && 1448 tid_data->state != IWL_EMPTYING_HW_QUEUE_DELBA, 1449 "TID %d state is %d\n", 1450 tid, tid_data->state)) { 1451 spin_unlock_bh(&mvmsta->lock); 1452 ieee80211_sta_eosp(sta); 1453 return; 1454 } 1455 1456 n_queued = iwl_mvm_tid_queued(tid_data); 1457 if (n_queued > remaining) { 1458 more_data = true; 1459 remaining = 0; 1460 break; 1461 } 1462 remaining -= n_queued; 1463 } 1464 spin_unlock_bh(&mvmsta->lock); 1465 1466 cmd.sleep_tx_count = cpu_to_le16(cnt - remaining); 1467 if (WARN_ON(cnt - remaining == 0)) { 1468 ieee80211_sta_eosp(sta); 1469 return; 1470 } 1471 } 1472 1473 /* Note: this is ignored by firmware not supporting GO uAPSD */ 1474 if (more_data) 1475 cmd.sleep_state_flags |= cpu_to_le16(STA_SLEEP_STATE_MOREDATA); 1476 1477 if (reason == IEEE80211_FRAME_RELEASE_PSPOLL) { 1478 mvmsta->next_status_eosp = true; 1479 cmd.sleep_state_flags |= cpu_to_le16(STA_SLEEP_STATE_PS_POLL); 1480 } else { 1481 cmd.sleep_state_flags |= cpu_to_le16(STA_SLEEP_STATE_UAPSD); 1482 } 1483 1484 ret = iwl_mvm_send_cmd_pdu(mvm, ADD_STA, CMD_ASYNC, sizeof(cmd), &cmd); 1485 if (ret) 1486 IWL_ERR(mvm, "Failed to send ADD_STA command (%d)\n", ret); 1487} 1488 1489int iwl_mvm_rx_eosp_notif(struct iwl_mvm *mvm, 1490 struct iwl_rx_cmd_buffer *rxb, 1491 struct iwl_device_cmd *cmd) 1492{ 1493 struct iwl_rx_packet *pkt = rxb_addr(rxb); 1494 struct iwl_mvm_eosp_notification *notif = (void *)pkt->data; 1495 struct ieee80211_sta *sta; 1496 u32 sta_id = le32_to_cpu(notif->sta_id); 1497 1498 if (WARN_ON_ONCE(sta_id >= IWL_MVM_STATION_COUNT)) 1499 return 0; 1500 1501 rcu_read_lock(); 1502 sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]); 1503 if (!IS_ERR_OR_NULL(sta)) 1504 ieee80211_sta_eosp(sta); 1505 rcu_read_unlock(); 1506 1507 return 0; 1508} 1509 1510void iwl_mvm_sta_modify_disable_tx(struct iwl_mvm *mvm, 1511 struct iwl_mvm_sta *mvmsta, bool disable) 1512{ 1513 struct iwl_mvm_add_sta_cmd cmd = { 1514 .add_modify = STA_MODE_MODIFY, 1515 .sta_id = mvmsta->sta_id, 1516 .station_flags = disable ? cpu_to_le32(STA_FLG_DISABLE_TX) : 0, 1517 .station_flags_msk = cpu_to_le32(STA_FLG_DISABLE_TX), 1518 .mac_id_n_color = cpu_to_le32(mvmsta->mac_id_n_color), 1519 }; 1520 int ret; 1521 1522 if (!(mvm->fw->ucode_capa.api[0] & IWL_UCODE_TLV_API_DISABLE_STA_TX)) 1523 return; 1524 1525 ret = iwl_mvm_send_cmd_pdu(mvm, ADD_STA, CMD_ASYNC, sizeof(cmd), &cmd); 1526 if (ret) 1527 IWL_ERR(mvm, "Failed to send ADD_STA command (%d)\n", ret); 1528} 1529 1530void iwl_mvm_sta_modify_disable_tx_ap(struct iwl_mvm *mvm, 1531 struct ieee80211_sta *sta, 1532 bool disable) 1533{ 1534 struct iwl_mvm_sta *mvm_sta = iwl_mvm_sta_from_mac80211(sta); 1535 1536 spin_lock_bh(&mvm_sta->lock); 1537 1538 if (mvm_sta->disable_tx == disable) { 1539 spin_unlock_bh(&mvm_sta->lock); 1540 return; 1541 } 1542 1543 mvm_sta->disable_tx = disable; 1544 1545 /* 1546 * Tell mac80211 to start/stop queueing tx for this station, 1547 * but don't stop queueing if there are still pending frames 1548 * for this station. 1549 */ 1550 if (disable || !atomic_read(&mvm->pending_frames[mvm_sta->sta_id])) 1551 ieee80211_sta_block_awake(mvm->hw, sta, disable); 1552 1553 iwl_mvm_sta_modify_disable_tx(mvm, mvm_sta, disable); 1554 1555 spin_unlock_bh(&mvm_sta->lock); 1556} 1557 1558void iwl_mvm_modify_all_sta_disable_tx(struct iwl_mvm *mvm, 1559 struct iwl_mvm_vif *mvmvif, 1560 bool disable) 1561{ 1562 struct ieee80211_sta *sta; 1563 struct iwl_mvm_sta *mvm_sta; 1564 int i; 1565 1566 lockdep_assert_held(&mvm->mutex); 1567 1568 /* Block/unblock all the stations of the given mvmvif */ 1569 for (i = 0; i < IWL_MVM_STATION_COUNT; i++) { 1570 sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[i], 1571 lockdep_is_held(&mvm->mutex)); 1572 if (IS_ERR_OR_NULL(sta)) 1573 continue; 1574 1575 mvm_sta = iwl_mvm_sta_from_mac80211(sta); 1576 if (mvm_sta->mac_id_n_color != 1577 FW_CMD_ID_AND_COLOR(mvmvif->id, mvmvif->color)) 1578 continue; 1579 1580 iwl_mvm_sta_modify_disable_tx_ap(mvm, sta, disable); 1581 } 1582} 1583