linux/drivers/net/wireless/intel/iwlwifi/mvm/scan.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
   2/*
   3 * Copyright (C) 2012-2014, 2018-2021 Intel Corporation
   4 * Copyright (C) 2013-2015 Intel Mobile Communications GmbH
   5 * Copyright (C) 2016-2017 Intel Deutschland GmbH
   6 */
   7#include <linux/etherdevice.h>
   8#include <net/mac80211.h>
   9#include <linux/crc32.h>
  10
  11#include "mvm.h"
  12#include "fw/api/scan.h"
  13#include "iwl-io.h"
  14
  15#define IWL_DENSE_EBS_SCAN_RATIO 5
  16#define IWL_SPARSE_EBS_SCAN_RATIO 1
  17
  18#define IWL_SCAN_DWELL_ACTIVE           10
  19#define IWL_SCAN_DWELL_PASSIVE          110
  20#define IWL_SCAN_DWELL_FRAGMENTED       44
  21#define IWL_SCAN_DWELL_EXTENDED         90
  22#define IWL_SCAN_NUM_OF_FRAGS           3
  23#define IWL_SCAN_LAST_2_4_CHN           14
  24
  25/* adaptive dwell max budget time [TU] for full scan */
  26#define IWL_SCAN_ADWELL_MAX_BUDGET_FULL_SCAN 300
  27/* adaptive dwell max budget time [TU] for directed scan */
  28#define IWL_SCAN_ADWELL_MAX_BUDGET_DIRECTED_SCAN 100
  29/* adaptive dwell default high band APs number */
  30#define IWL_SCAN_ADWELL_DEFAULT_HB_N_APS 8
  31/* adaptive dwell default low band APs number */
  32#define IWL_SCAN_ADWELL_DEFAULT_LB_N_APS 2
  33/* adaptive dwell default APs number in social channels (1, 6, 11) */
  34#define IWL_SCAN_ADWELL_DEFAULT_N_APS_SOCIAL 10
  35/* number of scan channels */
  36#define IWL_SCAN_NUM_CHANNELS 112
  37/* adaptive dwell number of APs override mask for p2p friendly GO */
  38#define IWL_SCAN_ADWELL_N_APS_GO_FRIENDLY_BIT BIT(20)
  39/* adaptive dwell number of APs override mask for social channels */
  40#define IWL_SCAN_ADWELL_N_APS_SOCIAL_CHS_BIT BIT(21)
  41/* adaptive dwell number of APs override for p2p friendly GO channels */
  42#define IWL_SCAN_ADWELL_N_APS_GO_FRIENDLY 10
  43/* adaptive dwell number of APs override for social channels */
  44#define IWL_SCAN_ADWELL_N_APS_SOCIAL_CHS 2
  45
  46/* minimal number of 2GHz and 5GHz channels in the regular scan request */
  47#define IWL_MVM_6GHZ_PASSIVE_SCAN_MIN_CHANS 4
  48
  49struct iwl_mvm_scan_timing_params {
  50        u32 suspend_time;
  51        u32 max_out_time;
  52};
  53
  54static struct iwl_mvm_scan_timing_params scan_timing[] = {
  55        [IWL_SCAN_TYPE_UNASSOC] = {
  56                .suspend_time = 0,
  57                .max_out_time = 0,
  58        },
  59        [IWL_SCAN_TYPE_WILD] = {
  60                .suspend_time = 30,
  61                .max_out_time = 120,
  62        },
  63        [IWL_SCAN_TYPE_MILD] = {
  64                .suspend_time = 120,
  65                .max_out_time = 120,
  66        },
  67        [IWL_SCAN_TYPE_FRAGMENTED] = {
  68                .suspend_time = 95,
  69                .max_out_time = 44,
  70        },
  71        [IWL_SCAN_TYPE_FAST_BALANCE] = {
  72                .suspend_time = 30,
  73                .max_out_time = 37,
  74        },
  75};
  76
  77struct iwl_mvm_scan_params {
  78        /* For CDB this is low band scan type, for non-CDB - type. */
  79        enum iwl_mvm_scan_type type;
  80        enum iwl_mvm_scan_type hb_type;
  81        u32 n_channels;
  82        u16 delay;
  83        int n_ssids;
  84        struct cfg80211_ssid *ssids;
  85        struct ieee80211_channel **channels;
  86        u32 flags;
  87        u8 *mac_addr;
  88        u8 *mac_addr_mask;
  89        bool no_cck;
  90        bool pass_all;
  91        int n_match_sets;
  92        struct iwl_scan_probe_req preq;
  93        struct cfg80211_match_set *match_sets;
  94        int n_scan_plans;
  95        struct cfg80211_sched_scan_plan *scan_plans;
  96        bool iter_notif;
  97        struct cfg80211_scan_6ghz_params *scan_6ghz_params;
  98        u32 n_6ghz_params;
  99        bool scan_6ghz;
 100        bool enable_6ghz_passive;
 101};
 102
 103static inline void *iwl_mvm_get_scan_req_umac_data(struct iwl_mvm *mvm)
 104{
 105        struct iwl_scan_req_umac *cmd = mvm->scan_cmd;
 106
 107        if (iwl_mvm_is_adaptive_dwell_v2_supported(mvm))
 108                return (void *)&cmd->v8.data;
 109
 110        if (iwl_mvm_is_adaptive_dwell_supported(mvm))
 111                return (void *)&cmd->v7.data;
 112
 113        if (iwl_mvm_cdb_scan_api(mvm))
 114                return (void *)&cmd->v6.data;
 115
 116        return (void *)&cmd->v1.data;
 117}
 118
 119static inline struct iwl_scan_umac_chan_param *
 120iwl_mvm_get_scan_req_umac_channel(struct iwl_mvm *mvm)
 121{
 122        struct iwl_scan_req_umac *cmd = mvm->scan_cmd;
 123
 124        if (iwl_mvm_is_adaptive_dwell_v2_supported(mvm))
 125                return &cmd->v8.channel;
 126
 127        if (iwl_mvm_is_adaptive_dwell_supported(mvm))
 128                return &cmd->v7.channel;
 129
 130        if (iwl_mvm_cdb_scan_api(mvm))
 131                return &cmd->v6.channel;
 132
 133        return &cmd->v1.channel;
 134}
 135
 136static u8 iwl_mvm_scan_rx_ant(struct iwl_mvm *mvm)
 137{
 138        if (mvm->scan_rx_ant != ANT_NONE)
 139                return mvm->scan_rx_ant;
 140        return iwl_mvm_get_valid_rx_ant(mvm);
 141}
 142
 143static inline __le16 iwl_mvm_scan_rx_chain(struct iwl_mvm *mvm)
 144{
 145        u16 rx_chain;
 146        u8 rx_ant;
 147
 148        rx_ant = iwl_mvm_scan_rx_ant(mvm);
 149        rx_chain = rx_ant << PHY_RX_CHAIN_VALID_POS;
 150        rx_chain |= rx_ant << PHY_RX_CHAIN_FORCE_MIMO_SEL_POS;
 151        rx_chain |= rx_ant << PHY_RX_CHAIN_FORCE_SEL_POS;
 152        rx_chain |= 0x1 << PHY_RX_CHAIN_DRIVER_FORCE_POS;
 153        return cpu_to_le16(rx_chain);
 154}
 155
 156static inline __le32
 157iwl_mvm_scan_rate_n_flags(struct iwl_mvm *mvm, enum nl80211_band band,
 158                          bool no_cck)
 159{
 160        u32 tx_ant;
 161
 162        iwl_mvm_toggle_tx_ant(mvm, &mvm->scan_last_antenna_idx);
 163        tx_ant = BIT(mvm->scan_last_antenna_idx) << RATE_MCS_ANT_POS;
 164
 165        if (band == NL80211_BAND_2GHZ && !no_cck)
 166                return cpu_to_le32(IWL_RATE_1M_PLCP | RATE_MCS_CCK_MSK |
 167                                   tx_ant);
 168        else
 169                return cpu_to_le32(IWL_RATE_6M_PLCP | tx_ant);
 170}
 171
 172static void iwl_mvm_scan_condition_iterator(void *data, u8 *mac,
 173                                            struct ieee80211_vif *vif)
 174{
 175        struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
 176        int *global_cnt = data;
 177
 178        if (vif->type != NL80211_IFTYPE_P2P_DEVICE && mvmvif->phy_ctxt &&
 179            mvmvif->phy_ctxt->id < NUM_PHY_CTX)
 180                *global_cnt += 1;
 181}
 182
 183static enum iwl_mvm_traffic_load iwl_mvm_get_traffic_load(struct iwl_mvm *mvm)
 184{
 185        return mvm->tcm.result.global_load;
 186}
 187
 188static enum iwl_mvm_traffic_load
 189iwl_mvm_get_traffic_load_band(struct iwl_mvm *mvm, enum nl80211_band band)
 190{
 191        return mvm->tcm.result.band_load[band];
 192}
 193
 194struct iwl_is_dcm_with_go_iterator_data {
 195        struct ieee80211_vif *current_vif;
 196        bool is_dcm_with_p2p_go;
 197};
 198
 199static void iwl_mvm_is_dcm_with_go_iterator(void *_data, u8 *mac,
 200                                            struct ieee80211_vif *vif)
 201{
 202        struct iwl_is_dcm_with_go_iterator_data *data = _data;
 203        struct iwl_mvm_vif *other_mvmvif = iwl_mvm_vif_from_mac80211(vif);
 204        struct iwl_mvm_vif *curr_mvmvif =
 205                iwl_mvm_vif_from_mac80211(data->current_vif);
 206
 207        /* exclude the given vif */
 208        if (vif == data->current_vif)
 209                return;
 210
 211        if (vif->type == NL80211_IFTYPE_AP && vif->p2p &&
 212            other_mvmvif->phy_ctxt && curr_mvmvif->phy_ctxt &&
 213            other_mvmvif->phy_ctxt->id != curr_mvmvif->phy_ctxt->id)
 214                data->is_dcm_with_p2p_go = true;
 215}
 216
 217static enum
 218iwl_mvm_scan_type _iwl_mvm_get_scan_type(struct iwl_mvm *mvm,
 219                                         struct ieee80211_vif *vif,
 220                                         enum iwl_mvm_traffic_load load,
 221                                         bool low_latency)
 222{
 223        int global_cnt = 0;
 224
 225        ieee80211_iterate_active_interfaces_atomic(mvm->hw,
 226                                            IEEE80211_IFACE_ITER_NORMAL,
 227                                            iwl_mvm_scan_condition_iterator,
 228                                            &global_cnt);
 229        if (!global_cnt)
 230                return IWL_SCAN_TYPE_UNASSOC;
 231
 232        if (fw_has_api(&mvm->fw->ucode_capa,
 233                       IWL_UCODE_TLV_API_FRAGMENTED_SCAN)) {
 234                if ((load == IWL_MVM_TRAFFIC_HIGH || low_latency) &&
 235                    (!vif || vif->type != NL80211_IFTYPE_P2P_DEVICE))
 236                        return IWL_SCAN_TYPE_FRAGMENTED;
 237
 238                /* in case of DCM with GO where BSS DTIM interval < 220msec
 239                 * set all scan requests as fast-balance scan
 240                 * */
 241                if (vif && vif->type == NL80211_IFTYPE_STATION &&
 242                    vif->bss_conf.dtim_period < 220) {
 243                        struct iwl_is_dcm_with_go_iterator_data data = {
 244                                .current_vif = vif,
 245                                .is_dcm_with_p2p_go = false,
 246                        };
 247
 248                        ieee80211_iterate_active_interfaces_atomic(mvm->hw,
 249                                                IEEE80211_IFACE_ITER_NORMAL,
 250                                                iwl_mvm_is_dcm_with_go_iterator,
 251                                                &data);
 252                        if (data.is_dcm_with_p2p_go)
 253                                return IWL_SCAN_TYPE_FAST_BALANCE;
 254                }
 255        }
 256
 257        if (load >= IWL_MVM_TRAFFIC_MEDIUM || low_latency)
 258                return IWL_SCAN_TYPE_MILD;
 259
 260        return IWL_SCAN_TYPE_WILD;
 261}
 262
 263static enum
 264iwl_mvm_scan_type iwl_mvm_get_scan_type(struct iwl_mvm *mvm,
 265                                        struct ieee80211_vif *vif)
 266{
 267        enum iwl_mvm_traffic_load load;
 268        bool low_latency;
 269
 270        load = iwl_mvm_get_traffic_load(mvm);
 271        low_latency = iwl_mvm_low_latency(mvm);
 272
 273        return _iwl_mvm_get_scan_type(mvm, vif, load, low_latency);
 274}
 275
 276static enum
 277iwl_mvm_scan_type iwl_mvm_get_scan_type_band(struct iwl_mvm *mvm,
 278                                             struct ieee80211_vif *vif,
 279                                             enum nl80211_band band)
 280{
 281        enum iwl_mvm_traffic_load load;
 282        bool low_latency;
 283
 284        load = iwl_mvm_get_traffic_load_band(mvm, band);
 285        low_latency = iwl_mvm_low_latency_band(mvm, band);
 286
 287        return _iwl_mvm_get_scan_type(mvm, vif, load, low_latency);
 288}
 289
 290static inline bool iwl_mvm_rrm_scan_needed(struct iwl_mvm *mvm)
 291{
 292        /* require rrm scan whenever the fw supports it */
 293        return fw_has_capa(&mvm->fw->ucode_capa,
 294                           IWL_UCODE_TLV_CAPA_DS_PARAM_SET_IE_SUPPORT);
 295}
 296
 297static int iwl_mvm_max_scan_ie_fw_cmd_room(struct iwl_mvm *mvm)
 298{
 299        int max_probe_len;
 300
 301        max_probe_len = SCAN_OFFLOAD_PROBE_REQ_SIZE;
 302
 303        /* we create the 802.11 header and SSID element */
 304        max_probe_len -= 24 + 2;
 305
 306        /* DS parameter set element is added on 2.4GHZ band if required */
 307        if (iwl_mvm_rrm_scan_needed(mvm))
 308                max_probe_len -= 3;
 309
 310        return max_probe_len;
 311}
 312
 313int iwl_mvm_max_scan_ie_len(struct iwl_mvm *mvm)
 314{
 315        int max_ie_len = iwl_mvm_max_scan_ie_fw_cmd_room(mvm);
 316
 317        /* TODO: [BUG] This function should return the maximum allowed size of
 318         * scan IEs, however the LMAC scan api contains both 2GHZ and 5GHZ IEs
 319         * in the same command. So the correct implementation of this function
 320         * is just iwl_mvm_max_scan_ie_fw_cmd_room() / 2. Currently the scan
 321         * command has only 512 bytes and it would leave us with about 240
 322         * bytes for scan IEs, which is clearly not enough. So meanwhile
 323         * we will report an incorrect value. This may result in a failure to
 324         * issue a scan in unified_scan_lmac and unified_sched_scan_lmac
 325         * functions with -ENOBUFS, if a large enough probe will be provided.
 326         */
 327        return max_ie_len;
 328}
 329
 330void iwl_mvm_rx_lmac_scan_iter_complete_notif(struct iwl_mvm *mvm,
 331                                              struct iwl_rx_cmd_buffer *rxb)
 332{
 333        struct iwl_rx_packet *pkt = rxb_addr(rxb);
 334        struct iwl_lmac_scan_complete_notif *notif = (void *)pkt->data;
 335
 336        IWL_DEBUG_SCAN(mvm,
 337                       "Scan offload iteration complete: status=0x%x scanned channels=%d\n",
 338                       notif->status, notif->scanned_channels);
 339
 340        if (mvm->sched_scan_pass_all == SCHED_SCAN_PASS_ALL_FOUND) {
 341                IWL_DEBUG_SCAN(mvm, "Pass all scheduled scan results found\n");
 342                ieee80211_sched_scan_results(mvm->hw);
 343                mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_ENABLED;
 344        }
 345}
 346
 347void iwl_mvm_rx_scan_match_found(struct iwl_mvm *mvm,
 348                                 struct iwl_rx_cmd_buffer *rxb)
 349{
 350        IWL_DEBUG_SCAN(mvm, "Scheduled scan results\n");
 351        ieee80211_sched_scan_results(mvm->hw);
 352}
 353
 354static const char *iwl_mvm_ebs_status_str(enum iwl_scan_ebs_status status)
 355{
 356        switch (status) {
 357        case IWL_SCAN_EBS_SUCCESS:
 358                return "successful";
 359        case IWL_SCAN_EBS_INACTIVE:
 360                return "inactive";
 361        case IWL_SCAN_EBS_FAILED:
 362        case IWL_SCAN_EBS_CHAN_NOT_FOUND:
 363        default:
 364                return "failed";
 365        }
 366}
 367
 368void iwl_mvm_rx_lmac_scan_complete_notif(struct iwl_mvm *mvm,
 369                                         struct iwl_rx_cmd_buffer *rxb)
 370{
 371        struct iwl_rx_packet *pkt = rxb_addr(rxb);
 372        struct iwl_periodic_scan_complete *scan_notif = (void *)pkt->data;
 373        bool aborted = (scan_notif->status == IWL_SCAN_OFFLOAD_ABORTED);
 374
 375        /* If this happens, the firmware has mistakenly sent an LMAC
 376         * notification during UMAC scans -- warn and ignore it.
 377         */
 378        if (WARN_ON_ONCE(fw_has_capa(&mvm->fw->ucode_capa,
 379                                     IWL_UCODE_TLV_CAPA_UMAC_SCAN)))
 380                return;
 381
 382        /* scan status must be locked for proper checking */
 383        lockdep_assert_held(&mvm->mutex);
 384
 385        /* We first check if we were stopping a scan, in which case we
 386         * just clear the stopping flag.  Then we check if it was a
 387         * firmware initiated stop, in which case we need to inform
 388         * mac80211.
 389         * Note that we can have a stopping and a running scan
 390         * simultaneously, but we can't have two different types of
 391         * scans stopping or running at the same time (since LMAC
 392         * doesn't support it).
 393         */
 394
 395        if (mvm->scan_status & IWL_MVM_SCAN_STOPPING_SCHED) {
 396                WARN_ON_ONCE(mvm->scan_status & IWL_MVM_SCAN_STOPPING_REGULAR);
 397
 398                IWL_DEBUG_SCAN(mvm, "Scheduled scan %s, EBS status %s\n",
 399                               aborted ? "aborted" : "completed",
 400                               iwl_mvm_ebs_status_str(scan_notif->ebs_status));
 401                IWL_DEBUG_SCAN(mvm,
 402                               "Last line %d, Last iteration %d, Time after last iteration %d\n",
 403                               scan_notif->last_schedule_line,
 404                               scan_notif->last_schedule_iteration,
 405                               __le32_to_cpu(scan_notif->time_after_last_iter));
 406
 407                mvm->scan_status &= ~IWL_MVM_SCAN_STOPPING_SCHED;
 408        } else if (mvm->scan_status & IWL_MVM_SCAN_STOPPING_REGULAR) {
 409                IWL_DEBUG_SCAN(mvm, "Regular scan %s, EBS status %s\n",
 410                               aborted ? "aborted" : "completed",
 411                               iwl_mvm_ebs_status_str(scan_notif->ebs_status));
 412
 413                mvm->scan_status &= ~IWL_MVM_SCAN_STOPPING_REGULAR;
 414        } else if (mvm->scan_status & IWL_MVM_SCAN_SCHED) {
 415                WARN_ON_ONCE(mvm->scan_status & IWL_MVM_SCAN_REGULAR);
 416
 417                IWL_DEBUG_SCAN(mvm, "Scheduled scan %s, EBS status %s\n",
 418                               aborted ? "aborted" : "completed",
 419                               iwl_mvm_ebs_status_str(scan_notif->ebs_status));
 420                IWL_DEBUG_SCAN(mvm,
 421                               "Last line %d, Last iteration %d, Time after last iteration %d (FW)\n",
 422                               scan_notif->last_schedule_line,
 423                               scan_notif->last_schedule_iteration,
 424                               __le32_to_cpu(scan_notif->time_after_last_iter));
 425
 426                mvm->scan_status &= ~IWL_MVM_SCAN_SCHED;
 427                ieee80211_sched_scan_stopped(mvm->hw);
 428                mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED;
 429        } else if (mvm->scan_status & IWL_MVM_SCAN_REGULAR) {
 430                struct cfg80211_scan_info info = {
 431                        .aborted = aborted,
 432                };
 433
 434                IWL_DEBUG_SCAN(mvm, "Regular scan %s, EBS status %s (FW)\n",
 435                               aborted ? "aborted" : "completed",
 436                               iwl_mvm_ebs_status_str(scan_notif->ebs_status));
 437
 438                mvm->scan_status &= ~IWL_MVM_SCAN_REGULAR;
 439                ieee80211_scan_completed(mvm->hw, &info);
 440                cancel_delayed_work(&mvm->scan_timeout_dwork);
 441                iwl_mvm_resume_tcm(mvm);
 442        } else {
 443                IWL_ERR(mvm,
 444                        "got scan complete notification but no scan is running\n");
 445        }
 446
 447        mvm->last_ebs_successful =
 448                        scan_notif->ebs_status == IWL_SCAN_EBS_SUCCESS ||
 449                        scan_notif->ebs_status == IWL_SCAN_EBS_INACTIVE;
 450}
 451
 452static int iwl_ssid_exist(u8 *ssid, u8 ssid_len, struct iwl_ssid_ie *ssid_list)
 453{
 454        int i;
 455
 456        for (i = 0; i < PROBE_OPTION_MAX; i++) {
 457                if (!ssid_list[i].len)
 458                        break;
 459                if (ssid_list[i].len == ssid_len &&
 460                    !memcmp(ssid_list->ssid, ssid, ssid_len))
 461                        return i;
 462        }
 463        return -1;
 464}
 465
 466/* We insert the SSIDs in an inverted order, because the FW will
 467 * invert it back.
 468 */
 469static void iwl_scan_build_ssids(struct iwl_mvm_scan_params *params,
 470                                 struct iwl_ssid_ie *ssids,
 471                                 u32 *ssid_bitmap)
 472{
 473        int i, j;
 474        int index;
 475        u32 tmp_bitmap = 0;
 476
 477        /*
 478         * copy SSIDs from match list.
 479         * iwl_config_sched_scan_profiles() uses the order of these ssids to
 480         * config match list.
 481         */
 482        for (i = 0, j = params->n_match_sets - 1;
 483             j >= 0 && i < PROBE_OPTION_MAX;
 484             i++, j--) {
 485                /* skip empty SSID matchsets */
 486                if (!params->match_sets[j].ssid.ssid_len)
 487                        continue;
 488                ssids[i].id = WLAN_EID_SSID;
 489                ssids[i].len = params->match_sets[j].ssid.ssid_len;
 490                memcpy(ssids[i].ssid, params->match_sets[j].ssid.ssid,
 491                       ssids[i].len);
 492        }
 493
 494        /* add SSIDs from scan SSID list */
 495        for (j = params->n_ssids - 1;
 496             j >= 0 && i < PROBE_OPTION_MAX;
 497             i++, j--) {
 498                index = iwl_ssid_exist(params->ssids[j].ssid,
 499                                       params->ssids[j].ssid_len,
 500                                       ssids);
 501                if (index < 0) {
 502                        ssids[i].id = WLAN_EID_SSID;
 503                        ssids[i].len = params->ssids[j].ssid_len;
 504                        memcpy(ssids[i].ssid, params->ssids[j].ssid,
 505                               ssids[i].len);
 506                        tmp_bitmap |= BIT(i);
 507                } else {
 508                        tmp_bitmap |= BIT(index);
 509                }
 510        }
 511        if (ssid_bitmap)
 512                *ssid_bitmap = tmp_bitmap;
 513}
 514
 515static int
 516iwl_mvm_config_sched_scan_profiles(struct iwl_mvm *mvm,
 517                                   struct cfg80211_sched_scan_request *req)
 518{
 519        struct iwl_scan_offload_profile *profile;
 520        struct iwl_scan_offload_profile_cfg_v1 *profile_cfg_v1;
 521        struct iwl_scan_offload_blocklist *blocklist;
 522        struct iwl_scan_offload_profile_cfg_data *data;
 523        int max_profiles = iwl_umac_scan_get_max_profiles(mvm->fw);
 524        int profile_cfg_size = sizeof(*data) +
 525                sizeof(*profile) * max_profiles;
 526        struct iwl_host_cmd cmd = {
 527                .id = SCAN_OFFLOAD_UPDATE_PROFILES_CMD,
 528                .len[1] = profile_cfg_size,
 529                .dataflags[0] = IWL_HCMD_DFL_NOCOPY,
 530                .dataflags[1] = IWL_HCMD_DFL_NOCOPY,
 531        };
 532        int blocklist_len;
 533        int i;
 534        int ret;
 535
 536        if (WARN_ON(req->n_match_sets > max_profiles))
 537                return -EIO;
 538
 539        if (mvm->fw->ucode_capa.flags & IWL_UCODE_TLV_FLAGS_SHORT_BL)
 540                blocklist_len = IWL_SCAN_SHORT_BLACKLIST_LEN;
 541        else
 542                blocklist_len = IWL_SCAN_MAX_BLACKLIST_LEN;
 543
 544        blocklist = kcalloc(blocklist_len, sizeof(*blocklist), GFP_KERNEL);
 545        if (!blocklist)
 546                return -ENOMEM;
 547
 548        profile_cfg_v1 = kzalloc(profile_cfg_size, GFP_KERNEL);
 549        if (!profile_cfg_v1) {
 550                ret = -ENOMEM;
 551                goto free_blocklist;
 552        }
 553
 554        cmd.data[0] = blocklist;
 555        cmd.len[0] = sizeof(*blocklist) * blocklist_len;
 556        cmd.data[1] = profile_cfg_v1;
 557
 558        /* if max_profile is MAX_PROFILES_V2, we have the new API */
 559        if (max_profiles == IWL_SCAN_MAX_PROFILES_V2) {
 560                struct iwl_scan_offload_profile_cfg *profile_cfg =
 561                        (struct iwl_scan_offload_profile_cfg *)profile_cfg_v1;
 562
 563                data = &profile_cfg->data;
 564        } else {
 565                data = &profile_cfg_v1->data;
 566        }
 567
 568        /* No blocklist configuration */
 569        data->num_profiles = req->n_match_sets;
 570        data->active_clients = SCAN_CLIENT_SCHED_SCAN;
 571        data->pass_match = SCAN_CLIENT_SCHED_SCAN;
 572        data->match_notify = SCAN_CLIENT_SCHED_SCAN;
 573
 574        if (!req->n_match_sets || !req->match_sets[0].ssid.ssid_len)
 575                data->any_beacon_notify = SCAN_CLIENT_SCHED_SCAN;
 576
 577        for (i = 0; i < req->n_match_sets; i++) {
 578                profile = &profile_cfg_v1->profiles[i];
 579                profile->ssid_index = i;
 580                /* Support any cipher and auth algorithm */
 581                profile->unicast_cipher = 0xff;
 582                profile->auth_alg = 0xff;
 583                profile->network_type = IWL_NETWORK_TYPE_ANY;
 584                profile->band_selection = IWL_SCAN_OFFLOAD_SELECT_ANY;
 585                profile->client_bitmap = SCAN_CLIENT_SCHED_SCAN;
 586        }
 587
 588        IWL_DEBUG_SCAN(mvm, "Sending scheduled scan profile config\n");
 589
 590        ret = iwl_mvm_send_cmd(mvm, &cmd);
 591        kfree(profile_cfg_v1);
 592free_blocklist:
 593        kfree(blocklist);
 594
 595        return ret;
 596}
 597
 598static bool iwl_mvm_scan_pass_all(struct iwl_mvm *mvm,
 599                                  struct cfg80211_sched_scan_request *req)
 600{
 601        if (req->n_match_sets && req->match_sets[0].ssid.ssid_len) {
 602                IWL_DEBUG_SCAN(mvm,
 603                               "Sending scheduled scan with filtering, n_match_sets %d\n",
 604                               req->n_match_sets);
 605                mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED;
 606                return false;
 607        }
 608
 609        IWL_DEBUG_SCAN(mvm, "Sending Scheduled scan without filtering\n");
 610
 611        mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_ENABLED;
 612        return true;
 613}
 614
 615static int iwl_mvm_lmac_scan_abort(struct iwl_mvm *mvm)
 616{
 617        int ret;
 618        struct iwl_host_cmd cmd = {
 619                .id = SCAN_OFFLOAD_ABORT_CMD,
 620        };
 621        u32 status = CAN_ABORT_STATUS;
 622
 623        ret = iwl_mvm_send_cmd_status(mvm, &cmd, &status);
 624        if (ret)
 625                return ret;
 626
 627        if (status != CAN_ABORT_STATUS) {
 628                /*
 629                 * The scan abort will return 1 for success or
 630                 * 2 for "failure".  A failure condition can be
 631                 * due to simply not being in an active scan which
 632                 * can occur if we send the scan abort before the
 633                 * microcode has notified us that a scan is completed.
 634                 */
 635                IWL_DEBUG_SCAN(mvm, "SCAN OFFLOAD ABORT ret %d.\n", status);
 636                ret = -ENOENT;
 637        }
 638
 639        return ret;
 640}
 641
 642static void iwl_mvm_scan_fill_tx_cmd(struct iwl_mvm *mvm,
 643                                     struct iwl_scan_req_tx_cmd *tx_cmd,
 644                                     bool no_cck)
 645{
 646        tx_cmd[0].tx_flags = cpu_to_le32(TX_CMD_FLG_SEQ_CTL |
 647                                         TX_CMD_FLG_BT_DIS);
 648        tx_cmd[0].rate_n_flags = iwl_mvm_scan_rate_n_flags(mvm,
 649                                                           NL80211_BAND_2GHZ,
 650                                                           no_cck);
 651
 652        if (iwl_fw_lookup_cmd_ver(mvm->fw, LONG_GROUP,
 653                                  ADD_STA,
 654                                  0) < 12) {
 655                tx_cmd[0].sta_id = mvm->aux_sta.sta_id;
 656                tx_cmd[1].sta_id = mvm->aux_sta.sta_id;
 657
 658        /*
 659         * Fw doesn't use this sta anymore, pending deprecation via HOST API
 660         * change
 661         */
 662        } else {
 663                tx_cmd[0].sta_id = 0xff;
 664                tx_cmd[1].sta_id = 0xff;
 665        }
 666
 667        tx_cmd[1].tx_flags = cpu_to_le32(TX_CMD_FLG_SEQ_CTL |
 668                                         TX_CMD_FLG_BT_DIS);
 669
 670        tx_cmd[1].rate_n_flags = iwl_mvm_scan_rate_n_flags(mvm,
 671                                                           NL80211_BAND_5GHZ,
 672                                                           no_cck);
 673}
 674
 675static void
 676iwl_mvm_lmac_scan_cfg_channels(struct iwl_mvm *mvm,
 677                               struct ieee80211_channel **channels,
 678                               int n_channels, u32 ssid_bitmap,
 679                               struct iwl_scan_req_lmac *cmd)
 680{
 681        struct iwl_scan_channel_cfg_lmac *channel_cfg = (void *)&cmd->data;
 682        int i;
 683
 684        for (i = 0; i < n_channels; i++) {
 685                channel_cfg[i].channel_num =
 686                        cpu_to_le16(channels[i]->hw_value);
 687                channel_cfg[i].iter_count = cpu_to_le16(1);
 688                channel_cfg[i].iter_interval = 0;
 689                channel_cfg[i].flags =
 690                        cpu_to_le32(IWL_UNIFIED_SCAN_CHANNEL_PARTIAL |
 691                                    ssid_bitmap);
 692        }
 693}
 694
 695static u8 *iwl_mvm_copy_and_insert_ds_elem(struct iwl_mvm *mvm, const u8 *ies,
 696                                           size_t len, u8 *const pos)
 697{
 698        static const u8 before_ds_params[] = {
 699                        WLAN_EID_SSID,
 700                        WLAN_EID_SUPP_RATES,
 701                        WLAN_EID_REQUEST,
 702                        WLAN_EID_EXT_SUPP_RATES,
 703        };
 704        size_t offs;
 705        u8 *newpos = pos;
 706
 707        if (!iwl_mvm_rrm_scan_needed(mvm)) {
 708                memcpy(newpos, ies, len);
 709                return newpos + len;
 710        }
 711
 712        offs = ieee80211_ie_split(ies, len,
 713                                  before_ds_params,
 714                                  ARRAY_SIZE(before_ds_params),
 715                                  0);
 716
 717        memcpy(newpos, ies, offs);
 718        newpos += offs;
 719
 720        /* Add a placeholder for DS Parameter Set element */
 721        *newpos++ = WLAN_EID_DS_PARAMS;
 722        *newpos++ = 1;
 723        *newpos++ = 0;
 724
 725        memcpy(newpos, ies + offs, len - offs);
 726        newpos += len - offs;
 727
 728        return newpos;
 729}
 730
 731#define WFA_TPC_IE_LEN  9
 732
 733static void iwl_mvm_add_tpc_report_ie(u8 *pos)
 734{
 735        pos[0] = WLAN_EID_VENDOR_SPECIFIC;
 736        pos[1] = WFA_TPC_IE_LEN - 2;
 737        pos[2] = (WLAN_OUI_MICROSOFT >> 16) & 0xff;
 738        pos[3] = (WLAN_OUI_MICROSOFT >> 8) & 0xff;
 739        pos[4] = WLAN_OUI_MICROSOFT & 0xff;
 740        pos[5] = WLAN_OUI_TYPE_MICROSOFT_TPC;
 741        pos[6] = 0;
 742        /* pos[7] - tx power will be inserted by the FW */
 743        pos[7] = 0;
 744        pos[8] = 0;
 745}
 746
 747static void
 748iwl_mvm_build_scan_probe(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
 749                         struct ieee80211_scan_ies *ies,
 750                         struct iwl_mvm_scan_params *params)
 751{
 752        struct ieee80211_mgmt *frame = (void *)params->preq.buf;
 753        u8 *pos, *newpos;
 754        const u8 *mac_addr = params->flags & NL80211_SCAN_FLAG_RANDOM_ADDR ?
 755                params->mac_addr : NULL;
 756
 757        /*
 758         * Unfortunately, right now the offload scan doesn't support randomising
 759         * within the firmware, so until the firmware API is ready we implement
 760         * it in the driver. This means that the scan iterations won't really be
 761         * random, only when it's restarted, but at least that helps a bit.
 762         */
 763        if (mac_addr)
 764                get_random_mask_addr(frame->sa, mac_addr,
 765                                     params->mac_addr_mask);
 766        else
 767                memcpy(frame->sa, vif->addr, ETH_ALEN);
 768
 769        frame->frame_control = cpu_to_le16(IEEE80211_STYPE_PROBE_REQ);
 770        eth_broadcast_addr(frame->da);
 771        eth_broadcast_addr(frame->bssid);
 772        frame->seq_ctrl = 0;
 773
 774        pos = frame->u.probe_req.variable;
 775        *pos++ = WLAN_EID_SSID;
 776        *pos++ = 0;
 777
 778        params->preq.mac_header.offset = 0;
 779        params->preq.mac_header.len = cpu_to_le16(24 + 2);
 780
 781        /* Insert ds parameter set element on 2.4 GHz band */
 782        newpos = iwl_mvm_copy_and_insert_ds_elem(mvm,
 783                                                 ies->ies[NL80211_BAND_2GHZ],
 784                                                 ies->len[NL80211_BAND_2GHZ],
 785                                                 pos);
 786        params->preq.band_data[0].offset = cpu_to_le16(pos - params->preq.buf);
 787        params->preq.band_data[0].len = cpu_to_le16(newpos - pos);
 788        pos = newpos;
 789
 790        memcpy(pos, ies->ies[NL80211_BAND_5GHZ],
 791               ies->len[NL80211_BAND_5GHZ]);
 792        params->preq.band_data[1].offset = cpu_to_le16(pos - params->preq.buf);
 793        params->preq.band_data[1].len =
 794                cpu_to_le16(ies->len[NL80211_BAND_5GHZ]);
 795        pos += ies->len[NL80211_BAND_5GHZ];
 796
 797        memcpy(pos, ies->ies[NL80211_BAND_6GHZ],
 798               ies->len[NL80211_BAND_6GHZ]);
 799        params->preq.band_data[2].offset = cpu_to_le16(pos - params->preq.buf);
 800        params->preq.band_data[2].len =
 801                cpu_to_le16(ies->len[NL80211_BAND_6GHZ]);
 802        pos += ies->len[NL80211_BAND_6GHZ];
 803        memcpy(pos, ies->common_ies, ies->common_ie_len);
 804        params->preq.common_data.offset = cpu_to_le16(pos - params->preq.buf);
 805
 806        if (iwl_mvm_rrm_scan_needed(mvm) &&
 807            !fw_has_capa(&mvm->fw->ucode_capa,
 808                         IWL_UCODE_TLV_CAPA_WFA_TPC_REP_IE_SUPPORT)) {
 809                iwl_mvm_add_tpc_report_ie(pos + ies->common_ie_len);
 810                params->preq.common_data.len = cpu_to_le16(ies->common_ie_len +
 811                                                           WFA_TPC_IE_LEN);
 812        } else {
 813                params->preq.common_data.len = cpu_to_le16(ies->common_ie_len);
 814        }
 815}
 816
 817static void iwl_mvm_scan_lmac_dwell(struct iwl_mvm *mvm,
 818                                    struct iwl_scan_req_lmac *cmd,
 819                                    struct iwl_mvm_scan_params *params)
 820{
 821        cmd->active_dwell = IWL_SCAN_DWELL_ACTIVE;
 822        cmd->passive_dwell = IWL_SCAN_DWELL_PASSIVE;
 823        cmd->fragmented_dwell = IWL_SCAN_DWELL_FRAGMENTED;
 824        cmd->extended_dwell = IWL_SCAN_DWELL_EXTENDED;
 825        cmd->max_out_time = cpu_to_le32(scan_timing[params->type].max_out_time);
 826        cmd->suspend_time = cpu_to_le32(scan_timing[params->type].suspend_time);
 827        cmd->scan_prio = cpu_to_le32(IWL_SCAN_PRIORITY_EXT_6);
 828}
 829
 830static inline bool iwl_mvm_scan_fits(struct iwl_mvm *mvm, int n_ssids,
 831                                     struct ieee80211_scan_ies *ies,
 832                                     int n_channels)
 833{
 834        return ((n_ssids <= PROBE_OPTION_MAX) &&
 835                (n_channels <= mvm->fw->ucode_capa.n_scan_channels) &
 836                (ies->common_ie_len +
 837                 ies->len[NL80211_BAND_2GHZ] +
 838                 ies->len[NL80211_BAND_5GHZ] <=
 839                 iwl_mvm_max_scan_ie_fw_cmd_room(mvm)));
 840}
 841
 842static inline bool iwl_mvm_scan_use_ebs(struct iwl_mvm *mvm,
 843                                        struct ieee80211_vif *vif)
 844{
 845        const struct iwl_ucode_capabilities *capa = &mvm->fw->ucode_capa;
 846        bool low_latency;
 847
 848        if (iwl_mvm_is_cdb_supported(mvm))
 849                low_latency = iwl_mvm_low_latency_band(mvm, NL80211_BAND_5GHZ);
 850        else
 851                low_latency = iwl_mvm_low_latency(mvm);
 852
 853        /* We can only use EBS if:
 854         *      1. the feature is supported;
 855         *      2. the last EBS was successful;
 856         *      3. if only single scan, the single scan EBS API is supported;
 857         *      4. it's not a p2p find operation.
 858         *      5. we are not in low latency mode,
 859         *         or if fragmented ebs is supported by the FW
 860         */
 861        return ((capa->flags & IWL_UCODE_TLV_FLAGS_EBS_SUPPORT) &&
 862                mvm->last_ebs_successful && IWL_MVM_ENABLE_EBS &&
 863                vif->type != NL80211_IFTYPE_P2P_DEVICE &&
 864                (!low_latency || iwl_mvm_is_frag_ebs_supported(mvm)));
 865}
 866
 867static inline bool iwl_mvm_is_regular_scan(struct iwl_mvm_scan_params *params)
 868{
 869        return params->n_scan_plans == 1 &&
 870                params->scan_plans[0].iterations == 1;
 871}
 872
 873static bool iwl_mvm_is_scan_fragmented(enum iwl_mvm_scan_type type)
 874{
 875        return (type == IWL_SCAN_TYPE_FRAGMENTED ||
 876                type == IWL_SCAN_TYPE_FAST_BALANCE);
 877}
 878
 879static int iwl_mvm_scan_lmac_flags(struct iwl_mvm *mvm,
 880                                   struct iwl_mvm_scan_params *params,
 881                                   struct ieee80211_vif *vif)
 882{
 883        int flags = 0;
 884
 885        if (params->n_ssids == 0)
 886                flags |= IWL_MVM_LMAC_SCAN_FLAG_PASSIVE;
 887
 888        if (params->n_ssids == 1 && params->ssids[0].ssid_len != 0)
 889                flags |= IWL_MVM_LMAC_SCAN_FLAG_PRE_CONNECTION;
 890
 891        if (iwl_mvm_is_scan_fragmented(params->type))
 892                flags |= IWL_MVM_LMAC_SCAN_FLAG_FRAGMENTED;
 893
 894        if (iwl_mvm_rrm_scan_needed(mvm) &&
 895            fw_has_capa(&mvm->fw->ucode_capa,
 896                        IWL_UCODE_TLV_CAPA_WFA_TPC_REP_IE_SUPPORT))
 897                flags |= IWL_MVM_LMAC_SCAN_FLAGS_RRM_ENABLED;
 898
 899        if (params->pass_all)
 900                flags |= IWL_MVM_LMAC_SCAN_FLAG_PASS_ALL;
 901        else
 902                flags |= IWL_MVM_LMAC_SCAN_FLAG_MATCH;
 903
 904#ifdef CONFIG_IWLWIFI_DEBUGFS
 905        if (mvm->scan_iter_notif_enabled)
 906                flags |= IWL_MVM_LMAC_SCAN_FLAG_ITER_COMPLETE;
 907#endif
 908
 909        if (mvm->sched_scan_pass_all == SCHED_SCAN_PASS_ALL_ENABLED)
 910                flags |= IWL_MVM_LMAC_SCAN_FLAG_ITER_COMPLETE;
 911
 912        if (iwl_mvm_is_regular_scan(params) &&
 913            vif->type != NL80211_IFTYPE_P2P_DEVICE &&
 914            !iwl_mvm_is_scan_fragmented(params->type))
 915                flags |= IWL_MVM_LMAC_SCAN_FLAG_EXTENDED_DWELL;
 916
 917        return flags;
 918}
 919
 920static void
 921iwl_mvm_scan_set_legacy_probe_req(struct iwl_scan_probe_req_v1 *p_req,
 922                                  struct iwl_scan_probe_req *src_p_req)
 923{
 924        int i;
 925
 926        p_req->mac_header = src_p_req->mac_header;
 927        for (i = 0; i < SCAN_NUM_BAND_PROBE_DATA_V_1; i++)
 928                p_req->band_data[i] = src_p_req->band_data[i];
 929        p_req->common_data = src_p_req->common_data;
 930        memcpy(p_req->buf, src_p_req->buf, sizeof(p_req->buf));
 931}
 932
 933static int iwl_mvm_scan_lmac(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
 934                             struct iwl_mvm_scan_params *params)
 935{
 936        struct iwl_scan_req_lmac *cmd = mvm->scan_cmd;
 937        struct iwl_scan_probe_req_v1 *preq =
 938                (void *)(cmd->data + sizeof(struct iwl_scan_channel_cfg_lmac) *
 939                         mvm->fw->ucode_capa.n_scan_channels);
 940        u32 ssid_bitmap = 0;
 941        int i;
 942        u8 band;
 943
 944        if (WARN_ON(params->n_scan_plans > IWL_MAX_SCHED_SCAN_PLANS))
 945                return -EINVAL;
 946
 947        iwl_mvm_scan_lmac_dwell(mvm, cmd, params);
 948
 949        cmd->rx_chain_select = iwl_mvm_scan_rx_chain(mvm);
 950        cmd->iter_num = cpu_to_le32(1);
 951        cmd->n_channels = (u8)params->n_channels;
 952
 953        cmd->delay = cpu_to_le32(params->delay);
 954
 955        cmd->scan_flags = cpu_to_le32(iwl_mvm_scan_lmac_flags(mvm, params,
 956                                                              vif));
 957
 958        band = iwl_mvm_phy_band_from_nl80211(params->channels[0]->band);
 959        cmd->flags = cpu_to_le32(band);
 960        cmd->filter_flags = cpu_to_le32(MAC_FILTER_ACCEPT_GRP |
 961                                        MAC_FILTER_IN_BEACON);
 962        iwl_mvm_scan_fill_tx_cmd(mvm, cmd->tx_cmd, params->no_cck);
 963        iwl_scan_build_ssids(params, cmd->direct_scan, &ssid_bitmap);
 964
 965        /* this API uses bits 1-20 instead of 0-19 */
 966        ssid_bitmap <<= 1;
 967
 968        for (i = 0; i < params->n_scan_plans; i++) {
 969                struct cfg80211_sched_scan_plan *scan_plan =
 970                        &params->scan_plans[i];
 971
 972                cmd->schedule[i].delay =
 973                        cpu_to_le16(scan_plan->interval);
 974                cmd->schedule[i].iterations = scan_plan->iterations;
 975                cmd->schedule[i].full_scan_mul = 1;
 976        }
 977
 978        /*
 979         * If the number of iterations of the last scan plan is set to
 980         * zero, it should run infinitely. However, this is not always the case.
 981         * For example, when regular scan is requested the driver sets one scan
 982         * plan with one iteration.
 983         */
 984        if (!cmd->schedule[i - 1].iterations)
 985                cmd->schedule[i - 1].iterations = 0xff;
 986
 987        if (iwl_mvm_scan_use_ebs(mvm, vif)) {
 988                cmd->channel_opt[0].flags =
 989                        cpu_to_le16(IWL_SCAN_CHANNEL_FLAG_EBS |
 990                                    IWL_SCAN_CHANNEL_FLAG_EBS_ACCURATE |
 991                                    IWL_SCAN_CHANNEL_FLAG_CACHE_ADD);
 992                cmd->channel_opt[0].non_ebs_ratio =
 993                        cpu_to_le16(IWL_DENSE_EBS_SCAN_RATIO);
 994                cmd->channel_opt[1].flags =
 995                        cpu_to_le16(IWL_SCAN_CHANNEL_FLAG_EBS |
 996                                    IWL_SCAN_CHANNEL_FLAG_EBS_ACCURATE |
 997                                    IWL_SCAN_CHANNEL_FLAG_CACHE_ADD);
 998                cmd->channel_opt[1].non_ebs_ratio =
 999                        cpu_to_le16(IWL_SPARSE_EBS_SCAN_RATIO);
1000        }
1001
1002        iwl_mvm_lmac_scan_cfg_channels(mvm, params->channels,
1003                                       params->n_channels, ssid_bitmap, cmd);
1004
1005        iwl_mvm_scan_set_legacy_probe_req(preq, &params->preq);
1006
1007        return 0;
1008}
1009
1010static int rate_to_scan_rate_flag(unsigned int rate)
1011{
1012        static const int rate_to_scan_rate[IWL_RATE_COUNT] = {
1013                [IWL_RATE_1M_INDEX]     = SCAN_CONFIG_RATE_1M,
1014                [IWL_RATE_2M_INDEX]     = SCAN_CONFIG_RATE_2M,
1015                [IWL_RATE_5M_INDEX]     = SCAN_CONFIG_RATE_5M,
1016                [IWL_RATE_11M_INDEX]    = SCAN_CONFIG_RATE_11M,
1017                [IWL_RATE_6M_INDEX]     = SCAN_CONFIG_RATE_6M,
1018                [IWL_RATE_9M_INDEX]     = SCAN_CONFIG_RATE_9M,
1019                [IWL_RATE_12M_INDEX]    = SCAN_CONFIG_RATE_12M,
1020                [IWL_RATE_18M_INDEX]    = SCAN_CONFIG_RATE_18M,
1021                [IWL_RATE_24M_INDEX]    = SCAN_CONFIG_RATE_24M,
1022                [IWL_RATE_36M_INDEX]    = SCAN_CONFIG_RATE_36M,
1023                [IWL_RATE_48M_INDEX]    = SCAN_CONFIG_RATE_48M,
1024                [IWL_RATE_54M_INDEX]    = SCAN_CONFIG_RATE_54M,
1025        };
1026
1027        return rate_to_scan_rate[rate];
1028}
1029
1030static __le32 iwl_mvm_scan_config_rates(struct iwl_mvm *mvm)
1031{
1032        struct ieee80211_supported_band *band;
1033        unsigned int rates = 0;
1034        int i;
1035
1036        band = &mvm->nvm_data->bands[NL80211_BAND_2GHZ];
1037        for (i = 0; i < band->n_bitrates; i++)
1038                rates |= rate_to_scan_rate_flag(band->bitrates[i].hw_value);
1039        band = &mvm->nvm_data->bands[NL80211_BAND_5GHZ];
1040        for (i = 0; i < band->n_bitrates; i++)
1041                rates |= rate_to_scan_rate_flag(band->bitrates[i].hw_value);
1042
1043        /* Set both basic rates and supported rates */
1044        rates |= SCAN_CONFIG_SUPPORTED_RATE(rates);
1045
1046        return cpu_to_le32(rates);
1047}
1048
1049static void iwl_mvm_fill_scan_dwell(struct iwl_mvm *mvm,
1050                                    struct iwl_scan_dwell *dwell)
1051{
1052        dwell->active = IWL_SCAN_DWELL_ACTIVE;
1053        dwell->passive = IWL_SCAN_DWELL_PASSIVE;
1054        dwell->fragmented = IWL_SCAN_DWELL_FRAGMENTED;
1055        dwell->extended = IWL_SCAN_DWELL_EXTENDED;
1056}
1057
1058static void iwl_mvm_fill_channels(struct iwl_mvm *mvm, u8 *channels,
1059                                  u32 max_channels)
1060{
1061        struct ieee80211_supported_band *band;
1062        int i, j = 0;
1063
1064        band = &mvm->nvm_data->bands[NL80211_BAND_2GHZ];
1065        for (i = 0; i < band->n_channels && j < max_channels; i++, j++)
1066                channels[j] = band->channels[i].hw_value;
1067        band = &mvm->nvm_data->bands[NL80211_BAND_5GHZ];
1068        for (i = 0; i < band->n_channels && j < max_channels; i++, j++)
1069                channels[j] = band->channels[i].hw_value;
1070}
1071
1072static void iwl_mvm_fill_scan_config_v1(struct iwl_mvm *mvm, void *config,
1073                                        u32 flags, u8 channel_flags,
1074                                        u32 max_channels)
1075{
1076        enum iwl_mvm_scan_type type = iwl_mvm_get_scan_type(mvm, NULL);
1077        struct iwl_scan_config_v1 *cfg = config;
1078
1079        cfg->flags = cpu_to_le32(flags);
1080        cfg->tx_chains = cpu_to_le32(iwl_mvm_get_valid_tx_ant(mvm));
1081        cfg->rx_chains = cpu_to_le32(iwl_mvm_scan_rx_ant(mvm));
1082        cfg->legacy_rates = iwl_mvm_scan_config_rates(mvm);
1083        cfg->out_of_channel_time = cpu_to_le32(scan_timing[type].max_out_time);
1084        cfg->suspend_time = cpu_to_le32(scan_timing[type].suspend_time);
1085
1086        iwl_mvm_fill_scan_dwell(mvm, &cfg->dwell);
1087
1088        memcpy(&cfg->mac_addr, &mvm->addresses[0].addr, ETH_ALEN);
1089
1090        /* This function should not be called when using ADD_STA ver >=12 */
1091        WARN_ON_ONCE(iwl_fw_lookup_cmd_ver(mvm->fw, LONG_GROUP,
1092                                           ADD_STA, 0) >= 12);
1093
1094        cfg->bcast_sta_id = mvm->aux_sta.sta_id;
1095        cfg->channel_flags = channel_flags;
1096
1097        iwl_mvm_fill_channels(mvm, cfg->channel_array, max_channels);
1098}
1099
1100static void iwl_mvm_fill_scan_config_v2(struct iwl_mvm *mvm, void *config,
1101                                        u32 flags, u8 channel_flags,
1102                                        u32 max_channels)
1103{
1104        struct iwl_scan_config_v2 *cfg = config;
1105
1106        cfg->flags = cpu_to_le32(flags);
1107        cfg->tx_chains = cpu_to_le32(iwl_mvm_get_valid_tx_ant(mvm));
1108        cfg->rx_chains = cpu_to_le32(iwl_mvm_scan_rx_ant(mvm));
1109        cfg->legacy_rates = iwl_mvm_scan_config_rates(mvm);
1110
1111        if (iwl_mvm_is_cdb_supported(mvm)) {
1112                enum iwl_mvm_scan_type lb_type, hb_type;
1113
1114                lb_type = iwl_mvm_get_scan_type_band(mvm, NULL,
1115                                                     NL80211_BAND_2GHZ);
1116                hb_type = iwl_mvm_get_scan_type_band(mvm, NULL,
1117                                                     NL80211_BAND_5GHZ);
1118
1119                cfg->out_of_channel_time[SCAN_LB_LMAC_IDX] =
1120                        cpu_to_le32(scan_timing[lb_type].max_out_time);
1121                cfg->suspend_time[SCAN_LB_LMAC_IDX] =
1122                        cpu_to_le32(scan_timing[lb_type].suspend_time);
1123
1124                cfg->out_of_channel_time[SCAN_HB_LMAC_IDX] =
1125                        cpu_to_le32(scan_timing[hb_type].max_out_time);
1126                cfg->suspend_time[SCAN_HB_LMAC_IDX] =
1127                        cpu_to_le32(scan_timing[hb_type].suspend_time);
1128        } else {
1129                enum iwl_mvm_scan_type type =
1130                        iwl_mvm_get_scan_type(mvm, NULL);
1131
1132                cfg->out_of_channel_time[SCAN_LB_LMAC_IDX] =
1133                        cpu_to_le32(scan_timing[type].max_out_time);
1134                cfg->suspend_time[SCAN_LB_LMAC_IDX] =
1135                        cpu_to_le32(scan_timing[type].suspend_time);
1136        }
1137
1138        iwl_mvm_fill_scan_dwell(mvm, &cfg->dwell);
1139
1140        memcpy(&cfg->mac_addr, &mvm->addresses[0].addr, ETH_ALEN);
1141
1142        /* This function should not be called when using ADD_STA ver >=12 */
1143        WARN_ON_ONCE(iwl_fw_lookup_cmd_ver(mvm->fw, LONG_GROUP,
1144                                           ADD_STA, 0) >= 12);
1145
1146        cfg->bcast_sta_id = mvm->aux_sta.sta_id;
1147        cfg->channel_flags = channel_flags;
1148
1149        iwl_mvm_fill_channels(mvm, cfg->channel_array, max_channels);
1150}
1151
1152static int iwl_mvm_legacy_config_scan(struct iwl_mvm *mvm)
1153{
1154        void *cfg;
1155        int ret, cmd_size;
1156        struct iwl_host_cmd cmd = {
1157                .id = iwl_cmd_id(SCAN_CFG_CMD, IWL_ALWAYS_LONG_GROUP, 0),
1158        };
1159        enum iwl_mvm_scan_type type;
1160        enum iwl_mvm_scan_type hb_type = IWL_SCAN_TYPE_NOT_SET;
1161        int num_channels =
1162                mvm->nvm_data->bands[NL80211_BAND_2GHZ].n_channels +
1163                mvm->nvm_data->bands[NL80211_BAND_5GHZ].n_channels;
1164        u32 flags;
1165        u8 channel_flags;
1166
1167        if (WARN_ON(num_channels > mvm->fw->ucode_capa.n_scan_channels))
1168                num_channels = mvm->fw->ucode_capa.n_scan_channels;
1169
1170        if (iwl_mvm_is_cdb_supported(mvm)) {
1171                type = iwl_mvm_get_scan_type_band(mvm, NULL,
1172                                                  NL80211_BAND_2GHZ);
1173                hb_type = iwl_mvm_get_scan_type_band(mvm, NULL,
1174                                                     NL80211_BAND_5GHZ);
1175                if (type == mvm->scan_type && hb_type == mvm->hb_scan_type)
1176                        return 0;
1177        } else {
1178                type = iwl_mvm_get_scan_type(mvm, NULL);
1179                if (type == mvm->scan_type)
1180                        return 0;
1181        }
1182
1183        if (iwl_mvm_cdb_scan_api(mvm))
1184                cmd_size = sizeof(struct iwl_scan_config_v2);
1185        else
1186                cmd_size = sizeof(struct iwl_scan_config_v1);
1187        cmd_size += mvm->fw->ucode_capa.n_scan_channels;
1188
1189        cfg = kzalloc(cmd_size, GFP_KERNEL);
1190        if (!cfg)
1191                return -ENOMEM;
1192
1193        flags = SCAN_CONFIG_FLAG_ACTIVATE |
1194                 SCAN_CONFIG_FLAG_ALLOW_CHUB_REQS |
1195                 SCAN_CONFIG_FLAG_SET_TX_CHAINS |
1196                 SCAN_CONFIG_FLAG_SET_RX_CHAINS |
1197                 SCAN_CONFIG_FLAG_SET_AUX_STA_ID |
1198                 SCAN_CONFIG_FLAG_SET_ALL_TIMES |
1199                 SCAN_CONFIG_FLAG_SET_LEGACY_RATES |
1200                 SCAN_CONFIG_FLAG_SET_MAC_ADDR |
1201                 SCAN_CONFIG_FLAG_SET_CHANNEL_FLAGS |
1202                 SCAN_CONFIG_N_CHANNELS(num_channels) |
1203                 (iwl_mvm_is_scan_fragmented(type) ?
1204                  SCAN_CONFIG_FLAG_SET_FRAGMENTED :
1205                  SCAN_CONFIG_FLAG_CLEAR_FRAGMENTED);
1206
1207        channel_flags = IWL_CHANNEL_FLAG_EBS |
1208                        IWL_CHANNEL_FLAG_ACCURATE_EBS |
1209                        IWL_CHANNEL_FLAG_EBS_ADD |
1210                        IWL_CHANNEL_FLAG_PRE_SCAN_PASSIVE2ACTIVE;
1211
1212        /*
1213         * Check for fragmented scan on LMAC2 - high band.
1214         * LMAC1 - low band is checked above.
1215         */
1216        if (iwl_mvm_cdb_scan_api(mvm)) {
1217                if (iwl_mvm_is_cdb_supported(mvm))
1218                        flags |= (iwl_mvm_is_scan_fragmented(hb_type)) ?
1219                                 SCAN_CONFIG_FLAG_SET_LMAC2_FRAGMENTED :
1220                                 SCAN_CONFIG_FLAG_CLEAR_LMAC2_FRAGMENTED;
1221                iwl_mvm_fill_scan_config_v2(mvm, cfg, flags, channel_flags,
1222                                            num_channels);
1223        } else {
1224                iwl_mvm_fill_scan_config_v1(mvm, cfg, flags, channel_flags,
1225                                            num_channels);
1226        }
1227
1228        cmd.data[0] = cfg;
1229        cmd.len[0] = cmd_size;
1230        cmd.dataflags[0] = IWL_HCMD_DFL_NOCOPY;
1231
1232        IWL_DEBUG_SCAN(mvm, "Sending UMAC scan config\n");
1233
1234        ret = iwl_mvm_send_cmd(mvm, &cmd);
1235        if (!ret) {
1236                mvm->scan_type = type;
1237                mvm->hb_scan_type = hb_type;
1238        }
1239
1240        kfree(cfg);
1241        return ret;
1242}
1243
1244int iwl_mvm_config_scan(struct iwl_mvm *mvm)
1245{
1246        struct iwl_scan_config cfg;
1247        struct iwl_host_cmd cmd = {
1248                .id = iwl_cmd_id(SCAN_CFG_CMD, IWL_ALWAYS_LONG_GROUP, 0),
1249                .len[0] = sizeof(cfg),
1250                .data[0] = &cfg,
1251                .dataflags[0] = IWL_HCMD_DFL_NOCOPY,
1252        };
1253
1254        if (!iwl_mvm_is_reduced_config_scan_supported(mvm))
1255                return iwl_mvm_legacy_config_scan(mvm);
1256
1257        memset(&cfg, 0, sizeof(cfg));
1258
1259        if (iwl_fw_lookup_cmd_ver(mvm->fw, LONG_GROUP,
1260                                  ADD_STA, 0) < 12) {
1261                cfg.bcast_sta_id = mvm->aux_sta.sta_id;
1262        } else if (iwl_fw_lookup_cmd_ver(mvm->fw, LONG_GROUP,
1263                                         SCAN_CFG_CMD, 0) < 5) {
1264                /*
1265                 * Fw doesn't use this sta anymore. Deprecated on SCAN_CFG_CMD
1266                 * version 5.
1267                 */
1268                cfg.bcast_sta_id = 0xff;
1269        }
1270
1271        cfg.tx_chains = cpu_to_le32(iwl_mvm_get_valid_tx_ant(mvm));
1272        cfg.rx_chains = cpu_to_le32(iwl_mvm_scan_rx_ant(mvm));
1273
1274        IWL_DEBUG_SCAN(mvm, "Sending UMAC scan config\n");
1275
1276        return iwl_mvm_send_cmd(mvm, &cmd);
1277}
1278
1279static int iwl_mvm_scan_uid_by_status(struct iwl_mvm *mvm, int status)
1280{
1281        int i;
1282
1283        for (i = 0; i < mvm->max_scans; i++)
1284                if (mvm->scan_uid_status[i] == status)
1285                        return i;
1286
1287        return -ENOENT;
1288}
1289
1290static void iwl_mvm_scan_umac_dwell(struct iwl_mvm *mvm,
1291                                    struct iwl_scan_req_umac *cmd,
1292                                    struct iwl_mvm_scan_params *params)
1293{
1294        struct iwl_mvm_scan_timing_params *timing, *hb_timing;
1295        u8 active_dwell, passive_dwell;
1296
1297        timing = &scan_timing[params->type];
1298        active_dwell = IWL_SCAN_DWELL_ACTIVE;
1299        passive_dwell = IWL_SCAN_DWELL_PASSIVE;
1300
1301        if (iwl_mvm_is_adaptive_dwell_supported(mvm)) {
1302                cmd->v7.adwell_default_n_aps_social =
1303                        IWL_SCAN_ADWELL_DEFAULT_N_APS_SOCIAL;
1304                cmd->v7.adwell_default_n_aps =
1305                        IWL_SCAN_ADWELL_DEFAULT_LB_N_APS;
1306
1307                if (iwl_mvm_is_adwell_hb_ap_num_supported(mvm))
1308                        cmd->v9.adwell_default_hb_n_aps =
1309                                IWL_SCAN_ADWELL_DEFAULT_HB_N_APS;
1310
1311                /* if custom max budget was configured with debugfs */
1312                if (IWL_MVM_ADWELL_MAX_BUDGET)
1313                        cmd->v7.adwell_max_budget =
1314                                cpu_to_le16(IWL_MVM_ADWELL_MAX_BUDGET);
1315                else if (params->ssids && params->ssids[0].ssid_len)
1316                        cmd->v7.adwell_max_budget =
1317                                cpu_to_le16(IWL_SCAN_ADWELL_MAX_BUDGET_DIRECTED_SCAN);
1318                else
1319                        cmd->v7.adwell_max_budget =
1320                                cpu_to_le16(IWL_SCAN_ADWELL_MAX_BUDGET_FULL_SCAN);
1321
1322                cmd->v7.scan_priority = cpu_to_le32(IWL_SCAN_PRIORITY_EXT_6);
1323                cmd->v7.max_out_time[SCAN_LB_LMAC_IDX] =
1324                        cpu_to_le32(timing->max_out_time);
1325                cmd->v7.suspend_time[SCAN_LB_LMAC_IDX] =
1326                        cpu_to_le32(timing->suspend_time);
1327
1328                if (iwl_mvm_is_cdb_supported(mvm)) {
1329                        hb_timing = &scan_timing[params->hb_type];
1330
1331                        cmd->v7.max_out_time[SCAN_HB_LMAC_IDX] =
1332                                cpu_to_le32(hb_timing->max_out_time);
1333                        cmd->v7.suspend_time[SCAN_HB_LMAC_IDX] =
1334                                cpu_to_le32(hb_timing->suspend_time);
1335                }
1336
1337                if (!iwl_mvm_is_adaptive_dwell_v2_supported(mvm)) {
1338                        cmd->v7.active_dwell = active_dwell;
1339                        cmd->v7.passive_dwell = passive_dwell;
1340                        cmd->v7.fragmented_dwell = IWL_SCAN_DWELL_FRAGMENTED;
1341                } else {
1342                        cmd->v8.active_dwell[SCAN_LB_LMAC_IDX] = active_dwell;
1343                        cmd->v8.passive_dwell[SCAN_LB_LMAC_IDX] = passive_dwell;
1344                        if (iwl_mvm_is_cdb_supported(mvm)) {
1345                                cmd->v8.active_dwell[SCAN_HB_LMAC_IDX] =
1346                                        active_dwell;
1347                                cmd->v8.passive_dwell[SCAN_HB_LMAC_IDX] =
1348                                        passive_dwell;
1349                        }
1350                }
1351        } else {
1352                cmd->v1.extended_dwell = IWL_SCAN_DWELL_EXTENDED;
1353                cmd->v1.active_dwell = active_dwell;
1354                cmd->v1.passive_dwell = passive_dwell;
1355                cmd->v1.fragmented_dwell = IWL_SCAN_DWELL_FRAGMENTED;
1356
1357                if (iwl_mvm_is_cdb_supported(mvm)) {
1358                        hb_timing = &scan_timing[params->hb_type];
1359
1360                        cmd->v6.max_out_time[SCAN_HB_LMAC_IDX] =
1361                                        cpu_to_le32(hb_timing->max_out_time);
1362                        cmd->v6.suspend_time[SCAN_HB_LMAC_IDX] =
1363                                        cpu_to_le32(hb_timing->suspend_time);
1364                }
1365
1366                if (iwl_mvm_cdb_scan_api(mvm)) {
1367                        cmd->v6.scan_priority =
1368                                cpu_to_le32(IWL_SCAN_PRIORITY_EXT_6);
1369                        cmd->v6.max_out_time[SCAN_LB_LMAC_IDX] =
1370                                cpu_to_le32(timing->max_out_time);
1371                        cmd->v6.suspend_time[SCAN_LB_LMAC_IDX] =
1372                                cpu_to_le32(timing->suspend_time);
1373                } else {
1374                        cmd->v1.scan_priority =
1375                                cpu_to_le32(IWL_SCAN_PRIORITY_EXT_6);
1376                        cmd->v1.max_out_time =
1377                                cpu_to_le32(timing->max_out_time);
1378                        cmd->v1.suspend_time =
1379                                cpu_to_le32(timing->suspend_time);
1380                }
1381        }
1382
1383        if (iwl_mvm_is_regular_scan(params))
1384                cmd->ooc_priority = cpu_to_le32(IWL_SCAN_PRIORITY_EXT_6);
1385        else
1386                cmd->ooc_priority = cpu_to_le32(IWL_SCAN_PRIORITY_EXT_2);
1387}
1388
1389static u32 iwl_mvm_scan_umac_ooc_priority(struct iwl_mvm_scan_params *params)
1390{
1391        return iwl_mvm_is_regular_scan(params) ?
1392                IWL_SCAN_PRIORITY_EXT_6 :
1393                IWL_SCAN_PRIORITY_EXT_2;
1394}
1395
1396static void
1397iwl_mvm_scan_umac_dwell_v10(struct iwl_mvm *mvm,
1398                            struct iwl_scan_general_params_v10 *general_params,
1399                            struct iwl_mvm_scan_params *params)
1400{
1401        struct iwl_mvm_scan_timing_params *timing, *hb_timing;
1402        u8 active_dwell, passive_dwell;
1403
1404        timing = &scan_timing[params->type];
1405        active_dwell = IWL_SCAN_DWELL_ACTIVE;
1406        passive_dwell = IWL_SCAN_DWELL_PASSIVE;
1407
1408        general_params->adwell_default_social_chn =
1409                IWL_SCAN_ADWELL_DEFAULT_N_APS_SOCIAL;
1410        general_params->adwell_default_2g = IWL_SCAN_ADWELL_DEFAULT_LB_N_APS;
1411        general_params->adwell_default_5g = IWL_SCAN_ADWELL_DEFAULT_HB_N_APS;
1412
1413        /* if custom max budget was configured with debugfs */
1414        if (IWL_MVM_ADWELL_MAX_BUDGET)
1415                general_params->adwell_max_budget =
1416                        cpu_to_le16(IWL_MVM_ADWELL_MAX_BUDGET);
1417        else if (params->ssids && params->ssids[0].ssid_len)
1418                general_params->adwell_max_budget =
1419                        cpu_to_le16(IWL_SCAN_ADWELL_MAX_BUDGET_DIRECTED_SCAN);
1420        else
1421                general_params->adwell_max_budget =
1422                        cpu_to_le16(IWL_SCAN_ADWELL_MAX_BUDGET_FULL_SCAN);
1423
1424        general_params->scan_priority = cpu_to_le32(IWL_SCAN_PRIORITY_EXT_6);
1425        general_params->max_out_of_time[SCAN_LB_LMAC_IDX] =
1426                cpu_to_le32(timing->max_out_time);
1427        general_params->suspend_time[SCAN_LB_LMAC_IDX] =
1428                cpu_to_le32(timing->suspend_time);
1429
1430        hb_timing = &scan_timing[params->hb_type];
1431
1432        general_params->max_out_of_time[SCAN_HB_LMAC_IDX] =
1433                cpu_to_le32(hb_timing->max_out_time);
1434        general_params->suspend_time[SCAN_HB_LMAC_IDX] =
1435                cpu_to_le32(hb_timing->suspend_time);
1436
1437        general_params->active_dwell[SCAN_LB_LMAC_IDX] = active_dwell;
1438        general_params->passive_dwell[SCAN_LB_LMAC_IDX] = passive_dwell;
1439        general_params->active_dwell[SCAN_HB_LMAC_IDX] = active_dwell;
1440        general_params->passive_dwell[SCAN_HB_LMAC_IDX] = passive_dwell;
1441}
1442
1443struct iwl_mvm_scan_channel_segment {
1444        u8 start_idx;
1445        u8 end_idx;
1446        u8 first_channel_id;
1447        u8 last_channel_id;
1448        u8 channel_spacing_shift;
1449        u8 band;
1450};
1451
1452static const struct iwl_mvm_scan_channel_segment scan_channel_segments[] = {
1453        {
1454                .start_idx = 0,
1455                .end_idx = 13,
1456                .first_channel_id = 1,
1457                .last_channel_id = 14,
1458                .channel_spacing_shift = 0,
1459                .band = PHY_BAND_24
1460        },
1461        {
1462                .start_idx = 14,
1463                .end_idx = 41,
1464                .first_channel_id = 36,
1465                .last_channel_id = 144,
1466                .channel_spacing_shift = 2,
1467                .band = PHY_BAND_5
1468        },
1469        {
1470                .start_idx = 42,
1471                .end_idx = 50,
1472                .first_channel_id = 149,
1473                .last_channel_id = 181,
1474                .channel_spacing_shift = 2,
1475                .band = PHY_BAND_5
1476        },
1477        {
1478                .start_idx = 51,
1479                .end_idx = 111,
1480                .first_channel_id = 1,
1481                .last_channel_id = 241,
1482                .channel_spacing_shift = 2,
1483                .band = PHY_BAND_6
1484        },
1485};
1486
1487static int iwl_mvm_scan_ch_and_band_to_idx(u8 channel_id, u8 band)
1488{
1489        int i, index;
1490
1491        if (!channel_id)
1492                return -EINVAL;
1493
1494        for (i = 0; i < ARRAY_SIZE(scan_channel_segments); i++) {
1495                const struct iwl_mvm_scan_channel_segment *ch_segment =
1496                        &scan_channel_segments[i];
1497                u32 ch_offset;
1498
1499                if (ch_segment->band != band ||
1500                    ch_segment->first_channel_id > channel_id ||
1501                    ch_segment->last_channel_id < channel_id)
1502                        continue;
1503
1504                ch_offset = (channel_id - ch_segment->first_channel_id) >>
1505                        ch_segment->channel_spacing_shift;
1506
1507                index = scan_channel_segments[i].start_idx + ch_offset;
1508                if (index < IWL_SCAN_NUM_CHANNELS)
1509                        return index;
1510
1511                break;
1512        }
1513
1514        return -EINVAL;
1515}
1516
1517static const u8 p2p_go_friendly_chs[] = {
1518        36, 40, 44, 48, 149, 153, 157, 161, 165,
1519};
1520
1521static const u8 social_chs[] = {
1522        1, 6, 11
1523};
1524
1525static void iwl_mvm_scan_ch_add_n_aps_override(enum nl80211_iftype vif_type,
1526                                               u8 ch_id, u8 band, u8 *ch_bitmap,
1527                                               size_t bitmap_n_entries)
1528{
1529        int i;
1530
1531        if (vif_type != NL80211_IFTYPE_P2P_DEVICE)
1532                return;
1533
1534        for (i = 0; i < ARRAY_SIZE(p2p_go_friendly_chs); i++) {
1535                if (p2p_go_friendly_chs[i] == ch_id) {
1536                        int ch_idx, bitmap_idx;
1537
1538                        ch_idx = iwl_mvm_scan_ch_and_band_to_idx(ch_id, band);
1539                        if (ch_idx < 0)
1540                                return;
1541
1542                        bitmap_idx = ch_idx / 8;
1543                        if (bitmap_idx >= bitmap_n_entries)
1544                                return;
1545
1546                        ch_idx = ch_idx % 8;
1547                        ch_bitmap[bitmap_idx] |= BIT(ch_idx);
1548
1549                        return;
1550                }
1551        }
1552}
1553
1554static u32 iwl_mvm_scan_ch_n_aps_flag(enum nl80211_iftype vif_type, u8 ch_id)
1555{
1556        int i;
1557        u32 flags = 0;
1558
1559        if (vif_type != NL80211_IFTYPE_P2P_DEVICE)
1560                goto out;
1561
1562        for (i = 0; i < ARRAY_SIZE(p2p_go_friendly_chs); i++) {
1563                if (p2p_go_friendly_chs[i] == ch_id) {
1564                        flags |= IWL_SCAN_ADWELL_N_APS_GO_FRIENDLY_BIT;
1565                        break;
1566                }
1567        }
1568
1569        if (flags)
1570                goto out;
1571
1572        for (i = 0; i < ARRAY_SIZE(social_chs); i++) {
1573                if (social_chs[i] == ch_id) {
1574                        flags |= IWL_SCAN_ADWELL_N_APS_SOCIAL_CHS_BIT;
1575                        break;
1576                }
1577        }
1578
1579out:
1580        return flags;
1581}
1582
1583static void
1584iwl_mvm_umac_scan_cfg_channels(struct iwl_mvm *mvm,
1585                               struct ieee80211_channel **channels,
1586                               int n_channels, u32 flags,
1587                               struct iwl_scan_channel_cfg_umac *channel_cfg)
1588{
1589        int i;
1590
1591        for (i = 0; i < n_channels; i++) {
1592                channel_cfg[i].flags = cpu_to_le32(flags);
1593                channel_cfg[i].v1.channel_num = channels[i]->hw_value;
1594                if (iwl_mvm_is_scan_ext_chan_supported(mvm)) {
1595                        enum nl80211_band band = channels[i]->band;
1596
1597                        channel_cfg[i].v2.band =
1598                                iwl_mvm_phy_band_from_nl80211(band);
1599                        channel_cfg[i].v2.iter_count = 1;
1600                        channel_cfg[i].v2.iter_interval = 0;
1601                } else {
1602                        channel_cfg[i].v1.iter_count = 1;
1603                        channel_cfg[i].v1.iter_interval = 0;
1604                }
1605        }
1606}
1607
1608static void
1609iwl_mvm_umac_scan_cfg_channels_v4(struct iwl_mvm *mvm,
1610                                  struct ieee80211_channel **channels,
1611                                  struct iwl_scan_channel_params_v4 *cp,
1612                                  int n_channels, u32 flags,
1613                                  enum nl80211_iftype vif_type)
1614{
1615        u8 *bitmap = cp->adwell_ch_override_bitmap;
1616        size_t bitmap_n_entries = ARRAY_SIZE(cp->adwell_ch_override_bitmap);
1617        int i;
1618
1619        for (i = 0; i < n_channels; i++) {
1620                enum nl80211_band band = channels[i]->band;
1621                struct iwl_scan_channel_cfg_umac *cfg =
1622                        &cp->channel_config[i];
1623
1624                cfg->flags = cpu_to_le32(flags);
1625                cfg->v2.channel_num = channels[i]->hw_value;
1626                cfg->v2.band = iwl_mvm_phy_band_from_nl80211(band);
1627                cfg->v2.iter_count = 1;
1628                cfg->v2.iter_interval = 0;
1629
1630                iwl_mvm_scan_ch_add_n_aps_override(vif_type,
1631                                                   cfg->v2.channel_num,
1632                                                   cfg->v2.band, bitmap,
1633                                                   bitmap_n_entries);
1634        }
1635}
1636
1637static void
1638iwl_mvm_umac_scan_cfg_channels_v6(struct iwl_mvm *mvm,
1639                                  struct ieee80211_channel **channels,
1640                                  struct iwl_scan_channel_params_v6 *cp,
1641                                  int n_channels, u32 flags,
1642                                  enum nl80211_iftype vif_type)
1643{
1644        int i;
1645
1646        for (i = 0; i < n_channels; i++) {
1647                enum nl80211_band band = channels[i]->band;
1648                struct iwl_scan_channel_cfg_umac *cfg = &cp->channel_config[i];
1649                u32 n_aps_flag =
1650                        iwl_mvm_scan_ch_n_aps_flag(vif_type,
1651                                                   cfg->v2.channel_num);
1652
1653                cfg->flags = cpu_to_le32(flags | n_aps_flag);
1654                cfg->v2.channel_num = channels[i]->hw_value;
1655                cfg->v2.band = iwl_mvm_phy_band_from_nl80211(band);
1656                if (cfg80211_channel_is_psc(channels[i]))
1657                        cfg->flags = 0;
1658                cfg->v2.iter_count = 1;
1659                cfg->v2.iter_interval = 0;
1660        }
1661}
1662
1663static int
1664iwl_mvm_umac_scan_fill_6g_chan_list(struct iwl_mvm_scan_params *params,
1665                                    __le32 *cmd_short_ssid, u8 *cmd_bssid,
1666                                    u8 *scan_ssid_num, u8 *bssid_num)
1667{
1668        int j, idex_s = 0, idex_b = 0;
1669        struct cfg80211_scan_6ghz_params *scan_6ghz_params =
1670                params->scan_6ghz_params;
1671
1672        if (!params->n_6ghz_params) {
1673                for (j = 0; j < params->n_ssids; j++) {
1674                        cmd_short_ssid[idex_s++] =
1675                                cpu_to_le32(~crc32_le(~0, params->ssids[j].ssid,
1676                                                      params->ssids[j].ssid_len));
1677                        (*scan_ssid_num)++;
1678                }
1679                return 0;
1680        }
1681
1682        /*
1683         * Populate the arrays of the short SSIDs and the BSSIDs using the 6GHz
1684         * collocated parameters. This might not be optimal, as this processing
1685         * does not (yet) correspond to the actual channels, so it is possible
1686         * that some entries would be left out.
1687         *
1688         * TODO: improve this logic.
1689         */
1690        for (j = 0; j < params->n_6ghz_params; j++) {
1691                int k;
1692
1693                /* First, try to place the short SSID */
1694                if (scan_6ghz_params[j].short_ssid_valid) {
1695                        for (k = 0; k < idex_s; k++) {
1696                                if (cmd_short_ssid[k] ==
1697                                    cpu_to_le32(scan_6ghz_params[j].short_ssid))
1698                                        break;
1699                        }
1700
1701                        if (k == idex_s && idex_s < SCAN_SHORT_SSID_MAX_SIZE) {
1702                                cmd_short_ssid[idex_s++] =
1703                                        cpu_to_le32(scan_6ghz_params[j].short_ssid);
1704                                (*scan_ssid_num)++;
1705                        }
1706                }
1707
1708                /* try to place BSSID for the same entry */
1709                for (k = 0; k < idex_b; k++) {
1710                        if (!memcmp(&cmd_bssid[ETH_ALEN * k],
1711                                    scan_6ghz_params[j].bssid, ETH_ALEN))
1712                                break;
1713                }
1714
1715                if (k == idex_b && idex_b < SCAN_BSSID_MAX_SIZE) {
1716                        memcpy(&cmd_bssid[ETH_ALEN * idex_b++],
1717                               scan_6ghz_params[j].bssid, ETH_ALEN);
1718                        (*bssid_num)++;
1719                }
1720        }
1721        return 0;
1722}
1723
1724/* TODO: this function can be merged with iwl_mvm_scan_umac_fill_ch_p_v6 */
1725static void
1726iwl_mvm_umac_scan_cfg_channels_v6_6g(struct iwl_mvm_scan_params *params,
1727                                     u32 n_channels, __le32 *cmd_short_ssid,
1728                                     u8 *cmd_bssid, u8 scan_ssid_num,
1729                                     u8 bssid_num,
1730                                     struct iwl_scan_channel_params_v6 *cp,
1731                                     enum nl80211_iftype vif_type)
1732{
1733        struct iwl_scan_channel_cfg_umac *channel_cfg = cp->channel_config;
1734        int i;
1735        struct cfg80211_scan_6ghz_params *scan_6ghz_params =
1736                params->scan_6ghz_params;
1737
1738        for (i = 0; i < params->n_channels; i++) {
1739                struct iwl_scan_channel_cfg_umac *cfg =
1740                        &cp->channel_config[i];
1741
1742                u32 s_ssid_bitmap = 0, bssid_bitmap = 0, flags = 0;
1743                u8 j, k, s_max = 0, b_max = 0, n_used_bssid_entries;
1744                bool force_passive, found = false,
1745                     unsolicited_probe_on_chan = false, psc_no_listen = false;
1746
1747                cfg->v1.channel_num = params->channels[i]->hw_value;
1748                cfg->v2.band = 2;
1749                cfg->v2.iter_count = 1;
1750                cfg->v2.iter_interval = 0;
1751
1752                /*
1753                 * The optimize the scan time, i.e., reduce the scan dwell time
1754                 * on each channel, the below logic tries to set 3 direct BSSID
1755                 * probe requests for each broadcast probe request with a short
1756                 * SSID.
1757                 * TODO: improve this logic
1758                 */
1759                n_used_bssid_entries = 3;
1760                for (j = 0; j < params->n_6ghz_params; j++) {
1761                        if (!(scan_6ghz_params[j].channel_idx == i))
1762                                continue;
1763
1764                        found = false;
1765                        unsolicited_probe_on_chan |=
1766                                scan_6ghz_params[j].unsolicited_probe;
1767                        psc_no_listen |= scan_6ghz_params[j].psc_no_listen;
1768
1769                        for (k = 0; k < scan_ssid_num; k++) {
1770                                if (!scan_6ghz_params[j].unsolicited_probe &&
1771                                    le32_to_cpu(cmd_short_ssid[k]) ==
1772                                    scan_6ghz_params[j].short_ssid) {
1773                                        /* Relevant short SSID bit set */
1774                                        if (s_ssid_bitmap & BIT(k)) {
1775                                                found = true;
1776                                                break;
1777                                        }
1778
1779                                        /*
1780                                         * Use short SSID only to create a new
1781                                         * iteration during channel dwell.
1782                                         */
1783                                        if (n_used_bssid_entries >= 3) {
1784                                                s_ssid_bitmap |= BIT(k);
1785                                                s_max++;
1786                                                n_used_bssid_entries -= 3;
1787                                                found = true;
1788                                                break;
1789                                        }
1790                                }
1791                        }
1792
1793                        if (found)
1794                                continue;
1795
1796                        for (k = 0; k < bssid_num; k++) {
1797                                if (!memcmp(&cmd_bssid[ETH_ALEN * k],
1798                                            scan_6ghz_params[j].bssid,
1799                                            ETH_ALEN)) {
1800                                        if (!(bssid_bitmap & BIT(k))) {
1801                                                bssid_bitmap |= BIT(k);
1802                                                b_max++;
1803                                                n_used_bssid_entries++;
1804                                        }
1805                                        break;
1806                                }
1807                        }
1808                }
1809
1810                flags = bssid_bitmap | (s_ssid_bitmap << 16);
1811
1812                if (cfg80211_channel_is_psc(params->channels[i]) &&
1813                    psc_no_listen)
1814                        flags |= IWL_UHB_CHAN_CFG_FLAG_PSC_CHAN_NO_LISTEN;
1815
1816                if (unsolicited_probe_on_chan)
1817                        flags |= IWL_UHB_CHAN_CFG_FLAG_UNSOLICITED_PROBE_RES;
1818
1819                /*
1820                 * In the following cases apply passive scan:
1821                 * 1. Non fragmented scan:
1822                 *      - PSC channel with NO_LISTEN_FLAG on should be treated
1823                 *        like non PSC channel
1824                 *      - Non PSC channel with more than 3 short SSIDs or more
1825                 *        than 9 BSSIDs.
1826                 *      - Non PSC Channel with unsolicited probe response and
1827                 *        more than 2 short SSIDs or more than 6 BSSIDs.
1828                 *      - PSC channel with more than 2 short SSIDs or more than
1829                 *        6 BSSIDs.
1830                 * 3. Fragmented scan:
1831                 *      - PSC channel with more than 1 SSID or 3 BSSIDs.
1832                 *      - Non PSC channel with more than 2 SSIDs or 6 BSSIDs.
1833                 *      - Non PSC channel with unsolicited probe response and
1834                 *        more than 1 SSID or more than 3 BSSIDs.
1835                 */
1836                if (!iwl_mvm_is_scan_fragmented(params->type)) {
1837                        if (!cfg80211_channel_is_psc(params->channels[i]) ||
1838                            flags & IWL_UHB_CHAN_CFG_FLAG_PSC_CHAN_NO_LISTEN) {
1839                                force_passive = (s_max > 3 || b_max > 9);
1840                                force_passive |= (unsolicited_probe_on_chan &&
1841                                                  (s_max > 2 || b_max > 6));
1842                        } else {
1843                                force_passive = (s_max > 2 || b_max > 6);
1844                        }
1845                } else if (cfg80211_channel_is_psc(params->channels[i])) {
1846                        force_passive = (s_max > 1 || b_max > 3);
1847                } else {
1848                        force_passive = (s_max > 2 || b_max > 6);
1849                        force_passive |= (unsolicited_probe_on_chan &&
1850                                          (s_max > 1 || b_max > 3));
1851                }
1852                if (force_passive ||
1853                    (!flags && !cfg80211_channel_is_psc(params->channels[i])))
1854                        flags |= IWL_UHB_CHAN_CFG_FLAG_FORCE_PASSIVE;
1855
1856                channel_cfg[i].flags |= cpu_to_le32(flags);
1857        }
1858}
1859
1860static u8 iwl_mvm_scan_umac_chan_flags_v2(struct iwl_mvm *mvm,
1861                                          struct iwl_mvm_scan_params *params,
1862                                          struct ieee80211_vif *vif)
1863{
1864        u8 flags = 0;
1865
1866        flags |= IWL_SCAN_CHANNEL_FLAG_ENABLE_CHAN_ORDER;
1867
1868        if (iwl_mvm_scan_use_ebs(mvm, vif))
1869                flags |= IWL_SCAN_CHANNEL_FLAG_EBS |
1870                        IWL_SCAN_CHANNEL_FLAG_EBS_ACCURATE |
1871                        IWL_SCAN_CHANNEL_FLAG_CACHE_ADD;
1872
1873        /* set fragmented ebs for fragmented scan on HB channels */
1874        if (iwl_mvm_is_scan_fragmented(params->hb_type))
1875                flags |= IWL_SCAN_CHANNEL_FLAG_EBS_FRAG;
1876
1877        return flags;
1878}
1879
1880static void iwl_mvm_scan_6ghz_passive_scan(struct iwl_mvm *mvm,
1881                                           struct iwl_mvm_scan_params *params,
1882                                           struct ieee80211_vif *vif)
1883{
1884        struct ieee80211_supported_band *sband =
1885                &mvm->nvm_data->bands[NL80211_BAND_6GHZ];
1886        u32 n_disabled, i;
1887
1888        params->enable_6ghz_passive = false;
1889
1890        if (params->scan_6ghz)
1891                return;
1892
1893        if (!fw_has_capa(&mvm->fw->ucode_capa,
1894                         IWL_UCODE_TLV_CAPA_PASSIVE_6GHZ_SCAN)) {
1895                IWL_DEBUG_SCAN(mvm,
1896                               "6GHz passive scan: Not supported by FW\n");
1897                return;
1898        }
1899
1900        /* 6GHz passive scan allowed only on station interface  */
1901        if (vif->type != NL80211_IFTYPE_STATION) {
1902                IWL_DEBUG_SCAN(mvm,
1903                               "6GHz passive scan: not station interface\n");
1904                return;
1905        }
1906
1907        /*
1908         * 6GHz passive scan is allowed while associated in a defined time
1909         * interval following HW reset or resume flow
1910         */
1911        if (vif->bss_conf.assoc &&
1912            (time_before(mvm->last_reset_or_resume_time_jiffies +
1913                         (IWL_MVM_6GHZ_PASSIVE_SCAN_ASSOC_TIMEOUT * HZ),
1914                         jiffies))) {
1915                IWL_DEBUG_SCAN(mvm, "6GHz passive scan: associated\n");
1916                return;
1917        }
1918
1919        /* No need for 6GHz passive scan if not enough time elapsed */
1920        if (time_after(mvm->last_6ghz_passive_scan_jiffies +
1921                       (IWL_MVM_6GHZ_PASSIVE_SCAN_TIMEOUT * HZ), jiffies)) {
1922                IWL_DEBUG_SCAN(mvm,
1923                               "6GHz passive scan: timeout did not expire\n");
1924                return;
1925        }
1926
1927        /* not enough channels in the regular scan request */
1928        if (params->n_channels < IWL_MVM_6GHZ_PASSIVE_SCAN_MIN_CHANS) {
1929                IWL_DEBUG_SCAN(mvm,
1930                               "6GHz passive scan: not enough channels\n");
1931                return;
1932        }
1933
1934        for (i = 0; i < params->n_ssids; i++) {
1935                if (!params->ssids[i].ssid_len)
1936                        break;
1937        }
1938
1939        /* not a wildcard scan, so cannot enable passive 6GHz scan */
1940        if (i == params->n_ssids) {
1941                IWL_DEBUG_SCAN(mvm,
1942                               "6GHz passive scan: no wildcard SSID\n");
1943                return;
1944        }
1945
1946        if (!sband || !sband->n_channels) {
1947                IWL_DEBUG_SCAN(mvm,
1948                               "6GHz passive scan: no 6GHz channels\n");
1949                return;
1950        }
1951
1952        for (i = 0, n_disabled = 0; i < sband->n_channels; i++) {
1953                if (sband->channels[i].flags & (IEEE80211_CHAN_DISABLED))
1954                        n_disabled++;
1955        }
1956
1957        /*
1958         * Not all the 6GHz channels are disabled, so no need for 6GHz passive
1959         * scan
1960         */
1961        if (n_disabled != sband->n_channels) {
1962                IWL_DEBUG_SCAN(mvm,
1963                               "6GHz passive scan: 6GHz channels enabled\n");
1964                return;
1965        }
1966
1967        /* all conditions to enable 6ghz passive scan are satisfied */
1968        IWL_DEBUG_SCAN(mvm, "6GHz passive scan: can be enabled\n");
1969        params->enable_6ghz_passive = true;
1970}
1971
1972static u16 iwl_mvm_scan_umac_flags_v2(struct iwl_mvm *mvm,
1973                                      struct iwl_mvm_scan_params *params,
1974                                      struct ieee80211_vif *vif,
1975                                      int type)
1976{
1977        u16 flags = 0;
1978
1979        if (params->n_ssids == 0)
1980                flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_FORCE_PASSIVE;
1981
1982        if (iwl_mvm_is_scan_fragmented(params->type))
1983                flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_FRAGMENTED_LMAC1;
1984
1985        if (iwl_mvm_is_scan_fragmented(params->hb_type))
1986                flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_FRAGMENTED_LMAC2;
1987
1988        if (params->pass_all)
1989                flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_PASS_ALL;
1990        else
1991                flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_MATCH;
1992
1993        if (!iwl_mvm_is_regular_scan(params))
1994                flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_PERIODIC;
1995
1996        if (params->iter_notif ||
1997            mvm->sched_scan_pass_all == SCHED_SCAN_PASS_ALL_ENABLED)
1998                flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_NTFY_ITER_COMPLETE;
1999
2000        if (IWL_MVM_ADWELL_ENABLE)
2001                flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_ADAPTIVE_DWELL;
2002
2003        if (type == IWL_MVM_SCAN_SCHED || type == IWL_MVM_SCAN_NETDETECT)
2004                flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_PREEMPTIVE;
2005
2006        if ((type == IWL_MVM_SCAN_SCHED || type == IWL_MVM_SCAN_NETDETECT) &&
2007            params->flags & NL80211_SCAN_FLAG_COLOCATED_6GHZ)
2008                flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_TRIGGER_UHB_SCAN;
2009
2010        if (params->enable_6ghz_passive)
2011                flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_6GHZ_PASSIVE_SCAN;
2012
2013        return flags;
2014}
2015
2016static u16 iwl_mvm_scan_umac_flags(struct iwl_mvm *mvm,
2017                                   struct iwl_mvm_scan_params *params,
2018                                   struct ieee80211_vif *vif)
2019{
2020        u16 flags = 0;
2021
2022        if (params->n_ssids == 0)
2023                flags = IWL_UMAC_SCAN_GEN_FLAGS_PASSIVE;
2024
2025        if (params->n_ssids == 1 && params->ssids[0].ssid_len != 0)
2026                flags |= IWL_UMAC_SCAN_GEN_FLAGS_PRE_CONNECT;
2027
2028        if (iwl_mvm_is_scan_fragmented(params->type))
2029                flags |= IWL_UMAC_SCAN_GEN_FLAGS_FRAGMENTED;
2030
2031        if (iwl_mvm_is_cdb_supported(mvm) &&
2032            iwl_mvm_is_scan_fragmented(params->hb_type))
2033                flags |= IWL_UMAC_SCAN_GEN_FLAGS_LMAC2_FRAGMENTED;
2034
2035        if (iwl_mvm_rrm_scan_needed(mvm) &&
2036            fw_has_capa(&mvm->fw->ucode_capa,
2037                        IWL_UCODE_TLV_CAPA_WFA_TPC_REP_IE_SUPPORT))
2038                flags |= IWL_UMAC_SCAN_GEN_FLAGS_RRM_ENABLED;
2039
2040        if (params->pass_all)
2041                flags |= IWL_UMAC_SCAN_GEN_FLAGS_PASS_ALL;
2042        else
2043                flags |= IWL_UMAC_SCAN_GEN_FLAGS_MATCH;
2044
2045        if (!iwl_mvm_is_regular_scan(params))
2046                flags |= IWL_UMAC_SCAN_GEN_FLAGS_PERIODIC;
2047
2048        if (params->iter_notif)
2049                flags |= IWL_UMAC_SCAN_GEN_FLAGS_ITER_COMPLETE;
2050
2051#ifdef CONFIG_IWLWIFI_DEBUGFS
2052        if (mvm->scan_iter_notif_enabled)
2053                flags |= IWL_UMAC_SCAN_GEN_FLAGS_ITER_COMPLETE;
2054#endif
2055
2056        if (mvm->sched_scan_pass_all == SCHED_SCAN_PASS_ALL_ENABLED)
2057                flags |= IWL_UMAC_SCAN_GEN_FLAGS_ITER_COMPLETE;
2058
2059        if (iwl_mvm_is_adaptive_dwell_supported(mvm) && IWL_MVM_ADWELL_ENABLE)
2060                flags |= IWL_UMAC_SCAN_GEN_FLAGS_ADAPTIVE_DWELL;
2061
2062        /*
2063         * Extended dwell is relevant only for low band to start with, as it is
2064         * being used for social channles only (1, 6, 11), so we can check
2065         * only scan type on low band also for CDB.
2066         */
2067        if (iwl_mvm_is_regular_scan(params) &&
2068            vif->type != NL80211_IFTYPE_P2P_DEVICE &&
2069            !iwl_mvm_is_scan_fragmented(params->type) &&
2070            !iwl_mvm_is_adaptive_dwell_supported(mvm) &&
2071            !iwl_mvm_is_oce_supported(mvm))
2072                flags |= IWL_UMAC_SCAN_GEN_FLAGS_EXTENDED_DWELL;
2073
2074        if (iwl_mvm_is_oce_supported(mvm)) {
2075                if ((params->flags &
2076                     NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE))
2077                        flags |= IWL_UMAC_SCAN_GEN_FLAGS_PROB_REQ_HIGH_TX_RATE;
2078                /* Since IWL_UMAC_SCAN_GEN_FLAGS_EXTENDED_DWELL and
2079                 * NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION shares
2080                 * the same bit, we need to make sure that we use this bit here
2081                 * only when IWL_UMAC_SCAN_GEN_FLAGS_EXTENDED_DWELL cannot be
2082                 * used. */
2083                if ((params->flags &
2084                     NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) &&
2085                     !WARN_ON_ONCE(!iwl_mvm_is_adaptive_dwell_supported(mvm)))
2086                        flags |= IWL_UMAC_SCAN_GEN_FLAGS_PROB_REQ_DEFER_SUPP;
2087                if ((params->flags & NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME))
2088                        flags |= IWL_UMAC_SCAN_GEN_FLAGS_MAX_CHNL_TIME;
2089        }
2090
2091        return flags;
2092}
2093
2094static int
2095iwl_mvm_fill_scan_sched_params(struct iwl_mvm_scan_params *params,
2096                               struct iwl_scan_umac_schedule *schedule,
2097                               __le16 *delay)
2098{
2099        int i;
2100        if (WARN_ON(!params->n_scan_plans ||
2101                    params->n_scan_plans > IWL_MAX_SCHED_SCAN_PLANS))
2102                return -EINVAL;
2103
2104        for (i = 0; i < params->n_scan_plans; i++) {
2105                struct cfg80211_sched_scan_plan *scan_plan =
2106                        &params->scan_plans[i];
2107
2108                schedule[i].iter_count = scan_plan->iterations;
2109                schedule[i].interval =
2110                        cpu_to_le16(scan_plan->interval);
2111        }
2112
2113        /*
2114         * If the number of iterations of the last scan plan is set to
2115         * zero, it should run infinitely. However, this is not always the case.
2116         * For example, when regular scan is requested the driver sets one scan
2117         * plan with one iteration.
2118         */
2119        if (!schedule[params->n_scan_plans - 1].iter_count)
2120                schedule[params->n_scan_plans - 1].iter_count = 0xff;
2121
2122        *delay = cpu_to_le16(params->delay);
2123
2124        return 0;
2125}
2126
2127static int iwl_mvm_scan_umac(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
2128                             struct iwl_mvm_scan_params *params,
2129                             int type, int uid)
2130{
2131        struct iwl_scan_req_umac *cmd = mvm->scan_cmd;
2132        struct iwl_scan_umac_chan_param *chan_param;
2133        void *cmd_data = iwl_mvm_get_scan_req_umac_data(mvm);
2134        void *sec_part = cmd_data + sizeof(struct iwl_scan_channel_cfg_umac) *
2135                mvm->fw->ucode_capa.n_scan_channels;
2136        struct iwl_scan_req_umac_tail_v2 *tail_v2 =
2137                (struct iwl_scan_req_umac_tail_v2 *)sec_part;
2138        struct iwl_scan_req_umac_tail_v1 *tail_v1;
2139        struct iwl_ssid_ie *direct_scan;
2140        int ret = 0;
2141        u32 ssid_bitmap = 0;
2142        u8 channel_flags = 0;
2143        u16 gen_flags;
2144        struct iwl_mvm_vif *scan_vif = iwl_mvm_vif_from_mac80211(vif);
2145
2146        chan_param = iwl_mvm_get_scan_req_umac_channel(mvm);
2147
2148        iwl_mvm_scan_umac_dwell(mvm, cmd, params);
2149
2150        mvm->scan_uid_status[uid] = type;
2151
2152        cmd->uid = cpu_to_le32(uid);
2153        gen_flags = iwl_mvm_scan_umac_flags(mvm, params, vif);
2154        cmd->general_flags = cpu_to_le16(gen_flags);
2155        if (iwl_mvm_is_adaptive_dwell_v2_supported(mvm)) {
2156                if (gen_flags & IWL_UMAC_SCAN_GEN_FLAGS_FRAGMENTED)
2157                        cmd->v8.num_of_fragments[SCAN_LB_LMAC_IDX] =
2158                                                        IWL_SCAN_NUM_OF_FRAGS;
2159                if (gen_flags & IWL_UMAC_SCAN_GEN_FLAGS_LMAC2_FRAGMENTED)
2160                        cmd->v8.num_of_fragments[SCAN_HB_LMAC_IDX] =
2161                                                        IWL_SCAN_NUM_OF_FRAGS;
2162
2163                cmd->v8.general_flags2 =
2164                        IWL_UMAC_SCAN_GEN_FLAGS2_ALLOW_CHNL_REORDER;
2165        }
2166
2167        cmd->scan_start_mac_id = scan_vif->id;
2168
2169        if (type == IWL_MVM_SCAN_SCHED || type == IWL_MVM_SCAN_NETDETECT)
2170                cmd->flags = cpu_to_le32(IWL_UMAC_SCAN_FLAG_PREEMPTIVE);
2171
2172        if (iwl_mvm_scan_use_ebs(mvm, vif)) {
2173                channel_flags = IWL_SCAN_CHANNEL_FLAG_EBS |
2174                                IWL_SCAN_CHANNEL_FLAG_EBS_ACCURATE |
2175                                IWL_SCAN_CHANNEL_FLAG_CACHE_ADD;
2176
2177                /* set fragmented ebs for fragmented scan on HB channels */
2178                if (iwl_mvm_is_frag_ebs_supported(mvm)) {
2179                        if (gen_flags &
2180                            IWL_UMAC_SCAN_GEN_FLAGS_LMAC2_FRAGMENTED ||
2181                            (!iwl_mvm_is_cdb_supported(mvm) &&
2182                             gen_flags & IWL_UMAC_SCAN_GEN_FLAGS_FRAGMENTED))
2183                                channel_flags |= IWL_SCAN_CHANNEL_FLAG_EBS_FRAG;
2184                }
2185        }
2186
2187        chan_param->flags = channel_flags;
2188        chan_param->count = params->n_channels;
2189
2190        ret = iwl_mvm_fill_scan_sched_params(params, tail_v2->schedule,
2191                                             &tail_v2->delay);
2192        if (ret) {
2193                mvm->scan_uid_status[uid] = 0;
2194                return ret;
2195        }
2196
2197        if (iwl_mvm_is_scan_ext_chan_supported(mvm)) {
2198                tail_v2->preq = params->preq;
2199                direct_scan = tail_v2->direct_scan;
2200        } else {
2201                tail_v1 = (struct iwl_scan_req_umac_tail_v1 *)sec_part;
2202                iwl_mvm_scan_set_legacy_probe_req(&tail_v1->preq,
2203                                                  &params->preq);
2204                direct_scan = tail_v1->direct_scan;
2205        }
2206        iwl_scan_build_ssids(params, direct_scan, &ssid_bitmap);
2207        iwl_mvm_umac_scan_cfg_channels(mvm, params->channels,
2208                                       params->n_channels, ssid_bitmap,
2209                                       cmd_data);
2210        return 0;
2211}
2212
2213static void
2214iwl_mvm_scan_umac_fill_general_p_v10(struct iwl_mvm *mvm,
2215                                     struct iwl_mvm_scan_params *params,
2216                                     struct ieee80211_vif *vif,
2217                                     struct iwl_scan_general_params_v10 *gp,
2218                                     u16 gen_flags)
2219{
2220        struct iwl_mvm_vif *scan_vif = iwl_mvm_vif_from_mac80211(vif);
2221
2222        iwl_mvm_scan_umac_dwell_v10(mvm, gp, params);
2223
2224        gp->flags = cpu_to_le16(gen_flags);
2225
2226        if (gen_flags & IWL_UMAC_SCAN_GEN_FLAGS_V2_FRAGMENTED_LMAC1)
2227                gp->num_of_fragments[SCAN_LB_LMAC_IDX] = IWL_SCAN_NUM_OF_FRAGS;
2228        if (gen_flags & IWL_UMAC_SCAN_GEN_FLAGS_V2_FRAGMENTED_LMAC2)
2229                gp->num_of_fragments[SCAN_HB_LMAC_IDX] = IWL_SCAN_NUM_OF_FRAGS;
2230
2231        gp->scan_start_mac_id = scan_vif->id;
2232}
2233
2234static void
2235iwl_mvm_scan_umac_fill_probe_p_v3(struct iwl_mvm_scan_params *params,
2236                                  struct iwl_scan_probe_params_v3 *pp)
2237{
2238        pp->preq = params->preq;
2239        pp->ssid_num = params->n_ssids;
2240        iwl_scan_build_ssids(params, pp->direct_scan, NULL);
2241}
2242
2243static void
2244iwl_mvm_scan_umac_fill_probe_p_v4(struct iwl_mvm_scan_params *params,
2245                                  struct iwl_scan_probe_params_v4 *pp,
2246                                  u32 *bitmap_ssid)
2247{
2248        pp->preq = params->preq;
2249        iwl_scan_build_ssids(params, pp->direct_scan, bitmap_ssid);
2250}
2251
2252static void
2253iwl_mvm_scan_umac_fill_ch_p_v4(struct iwl_mvm *mvm,
2254                               struct iwl_mvm_scan_params *params,
2255                               struct ieee80211_vif *vif,
2256                               struct iwl_scan_channel_params_v4 *cp,
2257                               u32 channel_cfg_flags)
2258{
2259        cp->flags = iwl_mvm_scan_umac_chan_flags_v2(mvm, params, vif);
2260        cp->count = params->n_channels;
2261        cp->num_of_aps_override = IWL_SCAN_ADWELL_N_APS_GO_FRIENDLY;
2262
2263        iwl_mvm_umac_scan_cfg_channels_v4(mvm, params->channels, cp,
2264                                          params->n_channels,
2265                                          channel_cfg_flags,
2266                                          vif->type);
2267}
2268
2269static void
2270iwl_mvm_scan_umac_fill_ch_p_v6(struct iwl_mvm *mvm,
2271                               struct iwl_mvm_scan_params *params,
2272                               struct ieee80211_vif *vif,
2273                               struct iwl_scan_channel_params_v6 *cp,
2274                               u32 channel_cfg_flags)
2275{
2276        cp->flags = iwl_mvm_scan_umac_chan_flags_v2(mvm, params, vif);
2277        cp->count = params->n_channels;
2278        cp->n_aps_override[0] = IWL_SCAN_ADWELL_N_APS_GO_FRIENDLY;
2279        cp->n_aps_override[1] = IWL_SCAN_ADWELL_N_APS_SOCIAL_CHS;
2280
2281        iwl_mvm_umac_scan_cfg_channels_v6(mvm, params->channels, cp,
2282                                          params->n_channels,
2283                                          channel_cfg_flags,
2284                                          vif->type);
2285
2286        if (params->enable_6ghz_passive) {
2287                struct ieee80211_supported_band *sband =
2288                        &mvm->nvm_data->bands[NL80211_BAND_6GHZ];
2289                u32 i;
2290
2291                for (i = 0; i < sband->n_channels; i++) {
2292                        struct ieee80211_channel *channel =
2293                                &sband->channels[i];
2294
2295                        struct iwl_scan_channel_cfg_umac *cfg =
2296                                &cp->channel_config[cp->count];
2297
2298                        if (!cfg80211_channel_is_psc(channel))
2299                                continue;
2300
2301                        cfg->flags = 0;
2302                        cfg->v2.channel_num = channel->hw_value;
2303                        cfg->v2.band = PHY_BAND_6;
2304                        cfg->v2.iter_count = 1;
2305                        cfg->v2.iter_interval = 0;
2306                        cp->count++;
2307                }
2308        }
2309}
2310
2311static int iwl_mvm_scan_umac_v12(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
2312                                 struct iwl_mvm_scan_params *params, int type,
2313                                 int uid)
2314{
2315        struct iwl_scan_req_umac_v12 *cmd = mvm->scan_cmd;
2316        struct iwl_scan_req_params_v12 *scan_p = &cmd->scan_params;
2317        int ret;
2318        u16 gen_flags;
2319
2320        mvm->scan_uid_status[uid] = type;
2321
2322        cmd->ooc_priority = cpu_to_le32(iwl_mvm_scan_umac_ooc_priority(params));
2323        cmd->uid = cpu_to_le32(uid);
2324
2325        gen_flags = iwl_mvm_scan_umac_flags_v2(mvm, params, vif, type);
2326        iwl_mvm_scan_umac_fill_general_p_v10(mvm, params, vif,
2327                                             &scan_p->general_params,
2328                                             gen_flags);
2329
2330        ret = iwl_mvm_fill_scan_sched_params(params,
2331                                             scan_p->periodic_params.schedule,
2332                                             &scan_p->periodic_params.delay);
2333        if (ret)
2334                return ret;
2335
2336        iwl_mvm_scan_umac_fill_probe_p_v3(params, &scan_p->probe_params);
2337        iwl_mvm_scan_umac_fill_ch_p_v4(mvm, params, vif,
2338                                       &scan_p->channel_params, 0);
2339
2340        return 0;
2341}
2342
2343static int iwl_mvm_scan_umac_v14(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
2344                                 struct iwl_mvm_scan_params *params, int type,
2345                                 int uid)
2346{
2347        struct iwl_scan_req_umac_v14 *cmd = mvm->scan_cmd;
2348        struct iwl_scan_req_params_v14 *scan_p = &cmd->scan_params;
2349        struct iwl_scan_channel_params_v6 *cp = &scan_p->channel_params;
2350        struct iwl_scan_probe_params_v4 *pb = &scan_p->probe_params;
2351        int ret;
2352        u16 gen_flags;
2353        u32 bitmap_ssid = 0;
2354
2355        mvm->scan_uid_status[uid] = type;
2356
2357        cmd->ooc_priority = cpu_to_le32(iwl_mvm_scan_umac_ooc_priority(params));
2358        cmd->uid = cpu_to_le32(uid);
2359
2360        gen_flags = iwl_mvm_scan_umac_flags_v2(mvm, params, vif, type);
2361        iwl_mvm_scan_umac_fill_general_p_v10(mvm, params, vif,
2362                                             &scan_p->general_params,
2363                                             gen_flags);
2364
2365        ret = iwl_mvm_fill_scan_sched_params(params,
2366                                             scan_p->periodic_params.schedule,
2367                                             &scan_p->periodic_params.delay);
2368        if (ret)
2369                return ret;
2370
2371        iwl_mvm_scan_umac_fill_probe_p_v4(params, &scan_p->probe_params,
2372                                          &bitmap_ssid);
2373        if (!params->scan_6ghz) {
2374                iwl_mvm_scan_umac_fill_ch_p_v6(mvm, params, vif,
2375                                               &scan_p->channel_params, bitmap_ssid);
2376
2377                return 0;
2378        }
2379        cp->flags = iwl_mvm_scan_umac_chan_flags_v2(mvm, params, vif);
2380        cp->n_aps_override[0] = IWL_SCAN_ADWELL_N_APS_GO_FRIENDLY;
2381        cp->n_aps_override[1] = IWL_SCAN_ADWELL_N_APS_SOCIAL_CHS;
2382
2383        ret = iwl_mvm_umac_scan_fill_6g_chan_list(params, pb->short_ssid,
2384                                                  pb->bssid_array[0],
2385                                                  &pb->short_ssid_num,
2386                                                  &pb->bssid_num);
2387        if (ret)
2388                return ret;
2389
2390        iwl_mvm_umac_scan_cfg_channels_v6_6g(params,
2391                                             params->n_channels,
2392                                             pb->short_ssid,
2393                                             pb->bssid_array[0],
2394                                             pb->short_ssid_num,
2395                                             pb->bssid_num, cp,
2396                                             vif->type);
2397        cp->count = params->n_channels;
2398        if (!params->n_ssids ||
2399            (params->n_ssids == 1 && !params->ssids[0].ssid_len))
2400                cp->flags |= IWL_SCAN_CHANNEL_FLAG_6G_PSC_NO_FILTER;
2401
2402        return 0;
2403}
2404
2405static int iwl_mvm_num_scans(struct iwl_mvm *mvm)
2406{
2407        return hweight32(mvm->scan_status & IWL_MVM_SCAN_MASK);
2408}
2409
2410static int iwl_mvm_check_running_scans(struct iwl_mvm *mvm, int type)
2411{
2412        bool unified_image = fw_has_capa(&mvm->fw->ucode_capa,
2413                                         IWL_UCODE_TLV_CAPA_CNSLDTD_D3_D0_IMG);
2414
2415        /* This looks a bit arbitrary, but the idea is that if we run
2416         * out of possible simultaneous scans and the userspace is
2417         * trying to run a scan type that is already running, we
2418         * return -EBUSY.  But if the userspace wants to start a
2419         * different type of scan, we stop the opposite type to make
2420         * space for the new request.  The reason is backwards
2421         * compatibility with old wpa_supplicant that wouldn't stop a
2422         * scheduled scan before starting a normal scan.
2423         */
2424
2425        /* FW supports only a single periodic scan */
2426        if ((type == IWL_MVM_SCAN_SCHED || type == IWL_MVM_SCAN_NETDETECT) &&
2427            mvm->scan_status & (IWL_MVM_SCAN_SCHED | IWL_MVM_SCAN_NETDETECT))
2428                return -EBUSY;
2429
2430        if (iwl_mvm_num_scans(mvm) < mvm->max_scans)
2431                return 0;
2432
2433        /* Use a switch, even though this is a bitmask, so that more
2434         * than one bits set will fall in default and we will warn.
2435         */
2436        switch (type) {
2437        case IWL_MVM_SCAN_REGULAR:
2438                if (mvm->scan_status & IWL_MVM_SCAN_REGULAR_MASK)
2439                        return -EBUSY;
2440                return iwl_mvm_scan_stop(mvm, IWL_MVM_SCAN_SCHED, true);
2441        case IWL_MVM_SCAN_SCHED:
2442                if (mvm->scan_status & IWL_MVM_SCAN_SCHED_MASK)
2443                        return -EBUSY;
2444                return iwl_mvm_scan_stop(mvm, IWL_MVM_SCAN_REGULAR, true);
2445        case IWL_MVM_SCAN_NETDETECT:
2446                /* For non-unified images, there's no need to stop
2447                 * anything for net-detect since the firmware is
2448                 * restarted anyway.  This way, any sched scans that
2449                 * were running will be restarted when we resume.
2450                 */
2451                if (!unified_image)
2452                        return 0;
2453
2454                /* If this is a unified image and we ran out of scans,
2455                 * we need to stop something.  Prefer stopping regular
2456                 * scans, because the results are useless at this
2457                 * point, and we should be able to keep running
2458                 * another scheduled scan while suspended.
2459                 */
2460                if (mvm->scan_status & IWL_MVM_SCAN_REGULAR_MASK)
2461                        return iwl_mvm_scan_stop(mvm, IWL_MVM_SCAN_REGULAR,
2462                                                 true);
2463                if (mvm->scan_status & IWL_MVM_SCAN_SCHED_MASK)
2464                        return iwl_mvm_scan_stop(mvm, IWL_MVM_SCAN_SCHED,
2465                                                 true);
2466                /* Something is wrong if no scan was running but we
2467                 * ran out of scans.
2468                 */
2469                fallthrough;
2470        default:
2471                WARN_ON(1);
2472                break;
2473        }
2474
2475        return -EIO;
2476}
2477
2478#define SCAN_TIMEOUT 20000
2479
2480void iwl_mvm_scan_timeout_wk(struct work_struct *work)
2481{
2482        struct delayed_work *delayed_work = to_delayed_work(work);
2483        struct iwl_mvm *mvm = container_of(delayed_work, struct iwl_mvm,
2484                                           scan_timeout_dwork);
2485
2486        IWL_ERR(mvm, "regular scan timed out\n");
2487
2488        iwl_force_nmi(mvm->trans);
2489}
2490
2491static void iwl_mvm_fill_scan_type(struct iwl_mvm *mvm,
2492                                   struct iwl_mvm_scan_params *params,
2493                                   struct ieee80211_vif *vif)
2494{
2495        if (iwl_mvm_is_cdb_supported(mvm)) {
2496                params->type =
2497                        iwl_mvm_get_scan_type_band(mvm, vif,
2498                                                   NL80211_BAND_2GHZ);
2499                params->hb_type =
2500                        iwl_mvm_get_scan_type_band(mvm, vif,
2501                                                   NL80211_BAND_5GHZ);
2502        } else {
2503                params->type = iwl_mvm_get_scan_type(mvm, vif);
2504        }
2505}
2506
2507struct iwl_scan_umac_handler {
2508        u8 version;
2509        int (*handler)(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
2510                       struct iwl_mvm_scan_params *params, int type, int uid);
2511};
2512
2513#define IWL_SCAN_UMAC_HANDLER(_ver) {           \
2514        .version = _ver,                        \
2515        .handler = iwl_mvm_scan_umac_v##_ver,   \
2516}
2517
2518static const struct iwl_scan_umac_handler iwl_scan_umac_handlers[] = {
2519        /* set the newest version first to shorten the list traverse time */
2520        IWL_SCAN_UMAC_HANDLER(14),
2521        IWL_SCAN_UMAC_HANDLER(12),
2522};
2523
2524static int iwl_mvm_build_scan_cmd(struct iwl_mvm *mvm,
2525                                  struct ieee80211_vif *vif,
2526                                  struct iwl_host_cmd *hcmd,
2527                                  struct iwl_mvm_scan_params *params,
2528                                  int type)
2529{
2530        int uid, i, err;
2531        u8 scan_ver;
2532
2533        lockdep_assert_held(&mvm->mutex);
2534        memset(mvm->scan_cmd, 0, ksize(mvm->scan_cmd));
2535
2536        if (!fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_UMAC_SCAN)) {
2537                hcmd->id = SCAN_OFFLOAD_REQUEST_CMD;
2538
2539                return iwl_mvm_scan_lmac(mvm, vif, params);
2540        }
2541
2542        uid = iwl_mvm_scan_uid_by_status(mvm, 0);
2543        if (uid < 0)
2544                return uid;
2545
2546        hcmd->id = iwl_cmd_id(SCAN_REQ_UMAC, IWL_ALWAYS_LONG_GROUP, 0);
2547
2548        scan_ver = iwl_fw_lookup_cmd_ver(mvm->fw, IWL_ALWAYS_LONG_GROUP,
2549                                         SCAN_REQ_UMAC,
2550                                         IWL_FW_CMD_VER_UNKNOWN);
2551
2552        for (i = 0; i < ARRAY_SIZE(iwl_scan_umac_handlers); i++) {
2553                const struct iwl_scan_umac_handler *ver_handler =
2554                        &iwl_scan_umac_handlers[i];
2555
2556                if (ver_handler->version != scan_ver)
2557                        continue;
2558
2559                return ver_handler->handler(mvm, vif, params, type, uid);
2560        }
2561
2562        err = iwl_mvm_scan_umac(mvm, vif, params, type, uid);
2563        if (err)
2564                return err;
2565
2566        return uid;
2567}
2568
2569int iwl_mvm_reg_scan_start(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
2570                           struct cfg80211_scan_request *req,
2571                           struct ieee80211_scan_ies *ies)
2572{
2573        struct iwl_host_cmd hcmd = {
2574                .len = { iwl_mvm_scan_size(mvm), },
2575                .data = { mvm->scan_cmd, },
2576                .dataflags = { IWL_HCMD_DFL_NOCOPY, },
2577        };
2578        struct iwl_mvm_scan_params params = {};
2579        int ret, uid;
2580        struct cfg80211_sched_scan_plan scan_plan = { .iterations = 1 };
2581
2582        lockdep_assert_held(&mvm->mutex);
2583
2584        if (iwl_mvm_is_lar_supported(mvm) && !mvm->lar_regdom_set) {
2585                IWL_ERR(mvm, "scan while LAR regdomain is not set\n");
2586                return -EBUSY;
2587        }
2588
2589        ret = iwl_mvm_check_running_scans(mvm, IWL_MVM_SCAN_REGULAR);
2590        if (ret)
2591                return ret;
2592
2593        /* we should have failed registration if scan_cmd was NULL */
2594        if (WARN_ON(!mvm->scan_cmd))
2595                return -ENOMEM;
2596
2597        if (!iwl_mvm_scan_fits(mvm, req->n_ssids, ies, req->n_channels))
2598                return -ENOBUFS;
2599
2600        params.n_ssids = req->n_ssids;
2601        params.flags = req->flags;
2602        params.n_channels = req->n_channels;
2603        params.delay = 0;
2604        params.ssids = req->ssids;
2605        params.channels = req->channels;
2606        params.mac_addr = req->mac_addr;
2607        params.mac_addr_mask = req->mac_addr_mask;
2608        params.no_cck = req->no_cck;
2609        params.pass_all = true;
2610        params.n_match_sets = 0;
2611        params.match_sets = NULL;
2612
2613        params.scan_plans = &scan_plan;
2614        params.n_scan_plans = 1;
2615
2616        params.n_6ghz_params = req->n_6ghz_params;
2617        params.scan_6ghz_params = req->scan_6ghz_params;
2618        params.scan_6ghz = req->scan_6ghz;
2619        iwl_mvm_fill_scan_type(mvm, &params, vif);
2620
2621        if (req->duration)
2622                params.iter_notif = true;
2623
2624        iwl_mvm_build_scan_probe(mvm, vif, ies, &params);
2625
2626        iwl_mvm_scan_6ghz_passive_scan(mvm, &params, vif);
2627
2628        uid = iwl_mvm_build_scan_cmd(mvm, vif, &hcmd, &params,
2629                                     IWL_MVM_SCAN_REGULAR);
2630
2631        if (uid < 0)
2632                return uid;
2633
2634        iwl_mvm_pause_tcm(mvm, false);
2635
2636        ret = iwl_mvm_send_cmd(mvm, &hcmd);
2637        if (ret) {
2638                /* If the scan failed, it usually means that the FW was unable
2639                 * to allocate the time events. Warn on it, but maybe we
2640                 * should try to send the command again with different params.
2641                 */
2642                IWL_ERR(mvm, "Scan failed! ret %d\n", ret);
2643                iwl_mvm_resume_tcm(mvm);
2644                mvm->scan_uid_status[uid] = 0;
2645                return ret;
2646        }
2647
2648        IWL_DEBUG_SCAN(mvm, "Scan request was sent successfully\n");
2649        mvm->scan_status |= IWL_MVM_SCAN_REGULAR;
2650        mvm->scan_vif = iwl_mvm_vif_from_mac80211(vif);
2651
2652        if (params.enable_6ghz_passive)
2653                mvm->last_6ghz_passive_scan_jiffies = jiffies;
2654
2655        schedule_delayed_work(&mvm->scan_timeout_dwork,
2656                              msecs_to_jiffies(SCAN_TIMEOUT));
2657
2658        return 0;
2659}
2660
2661int iwl_mvm_sched_scan_start(struct iwl_mvm *mvm,
2662                             struct ieee80211_vif *vif,
2663                             struct cfg80211_sched_scan_request *req,
2664                             struct ieee80211_scan_ies *ies,
2665                             int type)
2666{
2667        struct iwl_host_cmd hcmd = {
2668                .len = { iwl_mvm_scan_size(mvm), },
2669                .data = { mvm->scan_cmd, },
2670                .dataflags = { IWL_HCMD_DFL_NOCOPY, },
2671        };
2672        struct iwl_mvm_scan_params params = {};
2673        int ret, uid;
2674        int i, j;
2675        bool non_psc_included = false;
2676
2677        lockdep_assert_held(&mvm->mutex);
2678
2679        if (iwl_mvm_is_lar_supported(mvm) && !mvm->lar_regdom_set) {
2680                IWL_ERR(mvm, "sched-scan while LAR regdomain is not set\n");
2681                return -EBUSY;
2682        }
2683
2684        ret = iwl_mvm_check_running_scans(mvm, type);
2685        if (ret)
2686                return ret;
2687
2688        /* we should have failed registration if scan_cmd was NULL */
2689        if (WARN_ON(!mvm->scan_cmd))
2690                return -ENOMEM;
2691
2692
2693        params.n_ssids = req->n_ssids;
2694        params.flags = req->flags;
2695        params.n_channels = req->n_channels;
2696        params.ssids = req->ssids;
2697        params.channels = req->channels;
2698        params.mac_addr = req->mac_addr;
2699        params.mac_addr_mask = req->mac_addr_mask;
2700        params.no_cck = false;
2701        params.pass_all =  iwl_mvm_scan_pass_all(mvm, req);
2702        params.n_match_sets = req->n_match_sets;
2703        params.match_sets = req->match_sets;
2704        if (!req->n_scan_plans)
2705                return -EINVAL;
2706
2707        params.n_scan_plans = req->n_scan_plans;
2708        params.scan_plans = req->scan_plans;
2709
2710        iwl_mvm_fill_scan_type(mvm, &params, vif);
2711
2712        /* In theory, LMAC scans can handle a 32-bit delay, but since
2713         * waiting for over 18 hours to start the scan is a bit silly
2714         * and to keep it aligned with UMAC scans (which only support
2715         * 16-bit delays), trim it down to 16-bits.
2716         */
2717        if (req->delay > U16_MAX) {
2718                IWL_DEBUG_SCAN(mvm,
2719                               "delay value is > 16-bits, set to max possible\n");
2720                params.delay = U16_MAX;
2721        } else {
2722                params.delay = req->delay;
2723        }
2724
2725        ret = iwl_mvm_config_sched_scan_profiles(mvm, req);
2726        if (ret)
2727                return ret;
2728
2729        iwl_mvm_build_scan_probe(mvm, vif, ies, &params);
2730
2731        /* for 6 GHZ band only PSC channels need to be added */
2732        for (i = 0; i < params.n_channels; i++) {
2733                struct ieee80211_channel *channel = params.channels[i];
2734
2735                if (channel->band == NL80211_BAND_6GHZ &&
2736                    !cfg80211_channel_is_psc(channel)) {
2737                        non_psc_included = true;
2738                        break;
2739                }
2740        }
2741
2742        if (non_psc_included) {
2743                params.channels = kmemdup(params.channels,
2744                                          sizeof(params.channels[0]) *
2745                                          params.n_channels,
2746                                          GFP_KERNEL);
2747                if (!params.channels)
2748                        return -ENOMEM;
2749
2750                for (i = j = 0; i < params.n_channels; i++) {
2751                        if (params.channels[i]->band == NL80211_BAND_6GHZ &&
2752                            !cfg80211_channel_is_psc(params.channels[i]))
2753                                continue;
2754                        params.channels[j++] = params.channels[i];
2755                }
2756                params.n_channels = j;
2757        }
2758
2759        if (non_psc_included &&
2760            !iwl_mvm_scan_fits(mvm, req->n_ssids, ies, params.n_channels)) {
2761                kfree(params.channels);
2762                return -ENOBUFS;
2763        }
2764
2765        uid = iwl_mvm_build_scan_cmd(mvm, vif, &hcmd, &params, type);
2766
2767        if (non_psc_included)
2768                kfree(params.channels);
2769        if (uid < 0)
2770                return uid;
2771
2772        ret = iwl_mvm_send_cmd(mvm, &hcmd);
2773        if (!ret) {
2774                IWL_DEBUG_SCAN(mvm,
2775                               "Sched scan request was sent successfully\n");
2776                mvm->scan_status |= type;
2777        } else {
2778                /* If the scan failed, it usually means that the FW was unable
2779                 * to allocate the time events. Warn on it, but maybe we
2780                 * should try to send the command again with different params.
2781                 */
2782                IWL_ERR(mvm, "Sched scan failed! ret %d\n", ret);
2783                mvm->scan_uid_status[uid] = 0;
2784                mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED;
2785        }
2786
2787        return ret;
2788}
2789
2790void iwl_mvm_rx_umac_scan_complete_notif(struct iwl_mvm *mvm,
2791                                         struct iwl_rx_cmd_buffer *rxb)
2792{
2793        struct iwl_rx_packet *pkt = rxb_addr(rxb);
2794        struct iwl_umac_scan_complete *notif = (void *)pkt->data;
2795        u32 uid = __le32_to_cpu(notif->uid);
2796        bool aborted = (notif->status == IWL_SCAN_OFFLOAD_ABORTED);
2797
2798        if (WARN_ON(!(mvm->scan_uid_status[uid] & mvm->scan_status)))
2799                return;
2800
2801        /* if the scan is already stopping, we don't need to notify mac80211 */
2802        if (mvm->scan_uid_status[uid] == IWL_MVM_SCAN_REGULAR) {
2803                struct cfg80211_scan_info info = {
2804                        .aborted = aborted,
2805                        .scan_start_tsf = mvm->scan_start,
2806                };
2807
2808                memcpy(info.tsf_bssid, mvm->scan_vif->bssid, ETH_ALEN);
2809                ieee80211_scan_completed(mvm->hw, &info);
2810                mvm->scan_vif = NULL;
2811                cancel_delayed_work(&mvm->scan_timeout_dwork);
2812                iwl_mvm_resume_tcm(mvm);
2813        } else if (mvm->scan_uid_status[uid] == IWL_MVM_SCAN_SCHED) {
2814                ieee80211_sched_scan_stopped(mvm->hw);
2815                mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED;
2816        }
2817
2818        mvm->scan_status &= ~mvm->scan_uid_status[uid];
2819        IWL_DEBUG_SCAN(mvm,
2820                       "Scan completed, uid %u type %u, status %s, EBS status %s\n",
2821                       uid, mvm->scan_uid_status[uid],
2822                       notif->status == IWL_SCAN_OFFLOAD_COMPLETED ?
2823                                "completed" : "aborted",
2824                       iwl_mvm_ebs_status_str(notif->ebs_status));
2825        IWL_DEBUG_SCAN(mvm,
2826                       "Last line %d, Last iteration %d, Time from last iteration %d\n",
2827                       notif->last_schedule, notif->last_iter,
2828                       __le32_to_cpu(notif->time_from_last_iter));
2829
2830        if (notif->ebs_status != IWL_SCAN_EBS_SUCCESS &&
2831            notif->ebs_status != IWL_SCAN_EBS_INACTIVE)
2832                mvm->last_ebs_successful = false;
2833
2834        mvm->scan_uid_status[uid] = 0;
2835}
2836
2837void iwl_mvm_rx_umac_scan_iter_complete_notif(struct iwl_mvm *mvm,
2838                                              struct iwl_rx_cmd_buffer *rxb)
2839{
2840        struct iwl_rx_packet *pkt = rxb_addr(rxb);
2841        struct iwl_umac_scan_iter_complete_notif *notif = (void *)pkt->data;
2842
2843        mvm->scan_start = le64_to_cpu(notif->start_tsf);
2844
2845        IWL_DEBUG_SCAN(mvm,
2846                       "UMAC Scan iteration complete: status=0x%x scanned_channels=%d\n",
2847                       notif->status, notif->scanned_channels);
2848
2849        if (mvm->sched_scan_pass_all == SCHED_SCAN_PASS_ALL_FOUND) {
2850                IWL_DEBUG_SCAN(mvm, "Pass all scheduled scan results found\n");
2851                ieee80211_sched_scan_results(mvm->hw);
2852                mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_ENABLED;
2853        }
2854
2855        IWL_DEBUG_SCAN(mvm,
2856                       "UMAC Scan iteration complete: scan started at %llu (TSF)\n",
2857                       mvm->scan_start);
2858}
2859
2860static int iwl_mvm_umac_scan_abort(struct iwl_mvm *mvm, int type)
2861{
2862        struct iwl_umac_scan_abort cmd = {};
2863        int uid, ret;
2864
2865        lockdep_assert_held(&mvm->mutex);
2866
2867        /* We should always get a valid index here, because we already
2868         * checked that this type of scan was running in the generic
2869         * code.
2870         */
2871        uid = iwl_mvm_scan_uid_by_status(mvm, type);
2872        if (WARN_ON_ONCE(uid < 0))
2873                return uid;
2874
2875        cmd.uid = cpu_to_le32(uid);
2876
2877        IWL_DEBUG_SCAN(mvm, "Sending scan abort, uid %u\n", uid);
2878
2879        ret = iwl_mvm_send_cmd_pdu(mvm,
2880                                   iwl_cmd_id(SCAN_ABORT_UMAC,
2881                                              IWL_ALWAYS_LONG_GROUP, 0),
2882                                   0, sizeof(cmd), &cmd);
2883        if (!ret)
2884                mvm->scan_uid_status[uid] = type << IWL_MVM_SCAN_STOPPING_SHIFT;
2885
2886        return ret;
2887}
2888
2889static int iwl_mvm_scan_stop_wait(struct iwl_mvm *mvm, int type)
2890{
2891        struct iwl_notification_wait wait_scan_done;
2892        static const u16 scan_done_notif[] = { SCAN_COMPLETE_UMAC,
2893                                              SCAN_OFFLOAD_COMPLETE, };
2894        int ret;
2895
2896        lockdep_assert_held(&mvm->mutex);
2897
2898        iwl_init_notification_wait(&mvm->notif_wait, &wait_scan_done,
2899                                   scan_done_notif,
2900                                   ARRAY_SIZE(scan_done_notif),
2901                                   NULL, NULL);
2902
2903        IWL_DEBUG_SCAN(mvm, "Preparing to stop scan, type %x\n", type);
2904
2905        if (fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_UMAC_SCAN))
2906                ret = iwl_mvm_umac_scan_abort(mvm, type);
2907        else
2908                ret = iwl_mvm_lmac_scan_abort(mvm);
2909
2910        if (ret) {
2911                IWL_DEBUG_SCAN(mvm, "couldn't stop scan type %d\n", type);
2912                iwl_remove_notification(&mvm->notif_wait, &wait_scan_done);
2913                return ret;
2914        }
2915
2916        return iwl_wait_notification(&mvm->notif_wait, &wait_scan_done,
2917                                     1 * HZ);
2918}
2919
2920#define IWL_SCAN_REQ_UMAC_HANDLE_SIZE(_ver) {                           \
2921        case (_ver): return sizeof(struct iwl_scan_req_umac_v##_ver);   \
2922}
2923
2924static int iwl_scan_req_umac_get_size(u8 scan_ver)
2925{
2926        switch (scan_ver) {
2927                IWL_SCAN_REQ_UMAC_HANDLE_SIZE(14);
2928                IWL_SCAN_REQ_UMAC_HANDLE_SIZE(12);
2929        }
2930
2931        return 0;
2932}
2933
2934int iwl_mvm_scan_size(struct iwl_mvm *mvm)
2935{
2936        int base_size, tail_size;
2937        u8 scan_ver = iwl_fw_lookup_cmd_ver(mvm->fw, IWL_ALWAYS_LONG_GROUP,
2938                                            SCAN_REQ_UMAC,
2939                                            IWL_FW_CMD_VER_UNKNOWN);
2940
2941        base_size = iwl_scan_req_umac_get_size(scan_ver);
2942        if (base_size)
2943                return base_size;
2944
2945
2946        if (iwl_mvm_is_adaptive_dwell_v2_supported(mvm))
2947                base_size = IWL_SCAN_REQ_UMAC_SIZE_V8;
2948        else if (iwl_mvm_is_adaptive_dwell_supported(mvm))
2949                base_size = IWL_SCAN_REQ_UMAC_SIZE_V7;
2950        else if (iwl_mvm_cdb_scan_api(mvm))
2951                base_size = IWL_SCAN_REQ_UMAC_SIZE_V6;
2952        else
2953                base_size = IWL_SCAN_REQ_UMAC_SIZE_V1;
2954
2955        if (fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_UMAC_SCAN)) {
2956                if (iwl_mvm_is_scan_ext_chan_supported(mvm))
2957                        tail_size = sizeof(struct iwl_scan_req_umac_tail_v2);
2958                else
2959                        tail_size = sizeof(struct iwl_scan_req_umac_tail_v1);
2960
2961                return base_size +
2962                        sizeof(struct iwl_scan_channel_cfg_umac) *
2963                                mvm->fw->ucode_capa.n_scan_channels +
2964                        tail_size;
2965        }
2966        return sizeof(struct iwl_scan_req_lmac) +
2967                sizeof(struct iwl_scan_channel_cfg_lmac) *
2968                mvm->fw->ucode_capa.n_scan_channels +
2969                sizeof(struct iwl_scan_probe_req_v1);
2970}
2971
2972/*
2973 * This function is used in nic restart flow, to inform mac80211 about scans
2974 * that was aborted by restart flow or by an assert.
2975 */
2976void iwl_mvm_report_scan_aborted(struct iwl_mvm *mvm)
2977{
2978        if (fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_UMAC_SCAN)) {
2979                int uid, i;
2980
2981                uid = iwl_mvm_scan_uid_by_status(mvm, IWL_MVM_SCAN_REGULAR);
2982                if (uid >= 0) {
2983                        struct cfg80211_scan_info info = {
2984                                .aborted = true,
2985                        };
2986
2987                        cancel_delayed_work(&mvm->scan_timeout_dwork);
2988
2989                        ieee80211_scan_completed(mvm->hw, &info);
2990                        mvm->scan_uid_status[uid] = 0;
2991                }
2992                uid = iwl_mvm_scan_uid_by_status(mvm, IWL_MVM_SCAN_SCHED);
2993                if (uid >= 0) {
2994                        /* Sched scan will be restarted by mac80211 in
2995                         * restart_hw, so do not report if FW is about to be
2996                         * restarted.
2997                         */
2998                        if (!mvm->fw_restart)
2999                                ieee80211_sched_scan_stopped(mvm->hw);
3000                        mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED;
3001                        mvm->scan_uid_status[uid] = 0;
3002                }
3003                uid = iwl_mvm_scan_uid_by_status(mvm,
3004                                                 IWL_MVM_SCAN_STOPPING_REGULAR);
3005                if (uid >= 0)
3006                        mvm->scan_uid_status[uid] = 0;
3007
3008                uid = iwl_mvm_scan_uid_by_status(mvm,
3009                                                 IWL_MVM_SCAN_STOPPING_SCHED);
3010                if (uid >= 0)
3011                        mvm->scan_uid_status[uid] = 0;
3012
3013                /* We shouldn't have any UIDs still set.  Loop over all the
3014                 * UIDs to make sure there's nothing left there and warn if
3015                 * any is found.
3016                 */
3017                for (i = 0; i < mvm->max_scans; i++) {
3018                        if (WARN_ONCE(mvm->scan_uid_status[i],
3019                                      "UMAC scan UID %d status was not cleaned\n",
3020                                      i))
3021                                mvm->scan_uid_status[i] = 0;
3022                }
3023        } else {
3024                if (mvm->scan_status & IWL_MVM_SCAN_REGULAR) {
3025                        struct cfg80211_scan_info info = {
3026                                .aborted = true,
3027                        };
3028
3029                        cancel_delayed_work(&mvm->scan_timeout_dwork);
3030                        ieee80211_scan_completed(mvm->hw, &info);
3031                }
3032
3033                /* Sched scan will be restarted by mac80211 in
3034                 * restart_hw, so do not report if FW is about to be
3035                 * restarted.
3036                 */
3037                if ((mvm->scan_status & IWL_MVM_SCAN_SCHED) &&
3038                    !mvm->fw_restart) {
3039                        ieee80211_sched_scan_stopped(mvm->hw);
3040                        mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED;
3041                }
3042        }
3043}
3044
3045int iwl_mvm_scan_stop(struct iwl_mvm *mvm, int type, bool notify)
3046{
3047        int ret;
3048
3049        if (!(mvm->scan_status & type))
3050                return 0;
3051
3052        if (iwl_mvm_is_radio_killed(mvm)) {
3053                ret = 0;
3054                goto out;
3055        }
3056
3057        ret = iwl_mvm_scan_stop_wait(mvm, type);
3058        if (!ret)
3059                mvm->scan_status |= type << IWL_MVM_SCAN_STOPPING_SHIFT;
3060out:
3061        /* Clear the scan status so the next scan requests will
3062         * succeed and mark the scan as stopping, so that the Rx
3063         * handler doesn't do anything, as the scan was stopped from
3064         * above.
3065         */
3066        mvm->scan_status &= ~type;
3067
3068        if (type == IWL_MVM_SCAN_REGULAR) {
3069                cancel_delayed_work(&mvm->scan_timeout_dwork);
3070                if (notify) {
3071                        struct cfg80211_scan_info info = {
3072                                .aborted = true,
3073                        };
3074
3075                        ieee80211_scan_completed(mvm->hw, &info);
3076                }
3077        } else if (notify) {
3078                ieee80211_sched_scan_stopped(mvm->hw);
3079                mvm->sched_scan_pass_all = SCHED_SCAN_PASS_ALL_DISABLED;
3080        }
3081
3082        return ret;
3083}
3084