LXR linux/drivers/net/wireless/iwlwifi/iwl-scan.c

   1/******************************************************************************
   2 *
   3 * GPL LICENSE SUMMARY
   4 *
   5 * Copyright(c) 2008 - 2009 Intel Corporation. All rights reserved.
   6 *
   7 * This program is free software; you can redistribute it and/or modify
   8 * it under the terms of version 2 of the GNU General Public License as
   9 * published by the Free Software Foundation.
  10 *
  11 * This program is distributed in the hope that it will be useful, but
  12 * WITHOUT ANY WARRANTY; without even the implied warranty of
  13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14 * General Public License for more details.
  15 *
  16 * You should have received a copy of the GNU General Public License
  17 * along with this program; if not, write to the Free Software
  18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
  19 * USA
  20 *
  21 * The full GNU General Public License is included in this distribution
  22 * in the file called LICENSE.GPL.
  23 *
  24 * Contact Information:
  25 *  Intel Linux Wireless <ilw@linux.intel.com>
  26 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
  27 *****************************************************************************/
  28#include <linux/types.h>
  29#include <linux/etherdevice.h>
  30#include <net/lib80211.h>
  31#include <net/mac80211.h>
  32
  33#include "iwl-eeprom.h"
  34#include "iwl-dev.h"
  35#include "iwl-core.h"
  36#include "iwl-sta.h"
  37#include "iwl-io.h"
  38#include "iwl-helpers.h"
  39
  40/* For active scan, listen ACTIVE_DWELL_TIME (msec) on each channel after
  41 * sending probe req.  This should be set long enough to hear probe responses
  42 * from more than one AP.  */
  43#define IWL_ACTIVE_DWELL_TIME_24    (30)       /* all times in msec */
  44#define IWL_ACTIVE_DWELL_TIME_52    (20)
  45
  46#define IWL_ACTIVE_DWELL_FACTOR_24GHZ (3)
  47#define IWL_ACTIVE_DWELL_FACTOR_52GHZ (2)
  48
  49/* For passive scan, listen PASSIVE_DWELL_TIME (msec) on each channel.
  50 * Must be set longer than active dwell time.
  51 * For the most reliable scan, set > AP beacon interval (typically 100msec). */
  52#define IWL_PASSIVE_DWELL_TIME_24   (20)       /* all times in msec */
  53#define IWL_PASSIVE_DWELL_TIME_52   (10)
  54#define IWL_PASSIVE_DWELL_BASE      (100)
  55#define IWL_CHANNEL_TUNE_TIME       5
  56
  57
  58
  59/**
  60 * iwl_scan_cancel - Cancel any currently executing HW scan
  61 *
  62 * NOTE: priv->mutex is not required before calling this function
  63 */
  64int iwl_scan_cancel(struct iwl_priv *priv)
  65{
  66        if (!test_bit(STATUS_SCAN_HW, &priv->status)) {
  67                clear_bit(STATUS_SCANNING, &priv->status);
  68                return 0;
  69        }
  70
  71        if (test_bit(STATUS_SCANNING, &priv->status)) {
  72                if (!test_bit(STATUS_SCAN_ABORTING, &priv->status)) {
  73                        IWL_DEBUG_SCAN(priv, "Queuing scan abort.\n");
  74                        set_bit(STATUS_SCAN_ABORTING, &priv->status);
  75                        queue_work(priv->workqueue, &priv->abort_scan);
  76
  77                } else
  78                        IWL_DEBUG_SCAN(priv, "Scan abort already in progress.\n");
  79
  80                return test_bit(STATUS_SCANNING, &priv->status);
  81        }
  82
  83        return 0;
  84}
  85EXPORT_SYMBOL(iwl_scan_cancel);
  86/**
  87 * iwl_scan_cancel_timeout - Cancel any currently executing HW scan
  88 * @ms: amount of time to wait (in milliseconds) for scan to abort
  89 *
  90 * NOTE: priv->mutex must be held before calling this function
  91 */
  92int iwl_scan_cancel_timeout(struct iwl_priv *priv, unsigned long ms)
  93{
  94        unsigned long now = jiffies;
  95        int ret;
  96
  97        ret = iwl_scan_cancel(priv);
  98        if (ret && ms) {
  99                mutex_unlock(&priv->mutex);
 100                while (!time_after(jiffies, now + msecs_to_jiffies(ms)) &&
 101                                test_bit(STATUS_SCANNING, &priv->status))
 102                        msleep(1);
 103                mutex_lock(&priv->mutex);
 104
 105                return test_bit(STATUS_SCANNING, &priv->status);
 106        }
 107
 108        return ret;
 109}
 110EXPORT_SYMBOL(iwl_scan_cancel_timeout);
 111
 112static int iwl_send_scan_abort(struct iwl_priv *priv)
 113{
 114        int ret = 0;
 115        struct iwl_rx_packet *res;
 116        struct iwl_host_cmd cmd = {
 117                .id = REPLY_SCAN_ABORT_CMD,
 118                .flags = CMD_WANT_SKB,
 119        };
 120
 121        /* If there isn't a scan actively going on in the hardware
 122         * then we are in between scan bands and not actually
 123         * actively scanning, so don't send the abort command */
 124        if (!test_bit(STATUS_SCAN_HW, &priv->status)) {
 125                clear_bit(STATUS_SCAN_ABORTING, &priv->status);
 126                return 0;
 127        }
 128
 129        ret = iwl_send_cmd_sync(priv, &cmd);
 130        if (ret) {
 131                clear_bit(STATUS_SCAN_ABORTING, &priv->status);
 132                return ret;
 133        }
 134
 135        res = (struct iwl_rx_packet *)cmd.reply_skb->data;
 136        if (res->u.status != CAN_ABORT_STATUS) {
 137                /* The scan abort will return 1 for success or
 138                 * 2 for "failure".  A failure condition can be
 139                 * due to simply not being in an active scan which
 140                 * can occur if we send the scan abort before we
 141                 * the microcode has notified us that a scan is
 142                 * completed. */
 143                IWL_DEBUG_INFO(priv, "SCAN_ABORT returned %d.\n", res->u.status);
 144                clear_bit(STATUS_SCAN_ABORTING, &priv->status);
 145                clear_bit(STATUS_SCAN_HW, &priv->status);
 146        }
 147
 148        priv->alloc_rxb_skb--;
 149        dev_kfree_skb_any(cmd.reply_skb);
 150
 151        return ret;
 152}
 153
 154/* Service response to REPLY_SCAN_CMD (0x80) */
 155static void iwl_rx_reply_scan(struct iwl_priv *priv,
 156                              struct iwl_rx_mem_buffer *rxb)
 157{
 158#ifdef CONFIG_IWLWIFI_DEBUG
 159        struct iwl_rx_packet *pkt = (struct iwl_rx_packet *)rxb->skb->data;
 160        struct iwl_scanreq_notification *notif =
 161            (struct iwl_scanreq_notification *)pkt->u.raw;
 162
 163        IWL_DEBUG_RX(priv, "Scan request status = 0x%x\n", notif->status);
 164#endif
 165}
 166
 167/* Service SCAN_START_NOTIFICATION (0x82) */
 168static void iwl_rx_scan_start_notif(struct iwl_priv *priv,
 169                                    struct iwl_rx_mem_buffer *rxb)
 170{
 171        struct iwl_rx_packet *pkt = (struct iwl_rx_packet *)rxb->skb->data;
 172        struct iwl_scanstart_notification *notif =
 173            (struct iwl_scanstart_notification *)pkt->u.raw;
 174        priv->scan_start_tsf = le32_to_cpu(notif->tsf_low);
 175        IWL_DEBUG_SCAN(priv, "Scan start: "
 176                       "%d [802.11%s] "
 177                       "(TSF: 0x%08X:%08X) - %d (beacon timer %u)\n",
 178                       notif->channel,
 179                       notif->band ? "bg" : "a",
 180                       le32_to_cpu(notif->tsf_high),
 181                       le32_to_cpu(notif->tsf_low),
 182                       notif->status, notif->beacon_timer);
 183}
 184
 185/* Service SCAN_RESULTS_NOTIFICATION (0x83) */
 186static void iwl_rx_scan_results_notif(struct iwl_priv *priv,
 187                                      struct iwl_rx_mem_buffer *rxb)
 188{
 189#ifdef CONFIG_IWLWIFI_DEBUG
 190        struct iwl_rx_packet *pkt = (struct iwl_rx_packet *)rxb->skb->data;
 191        struct iwl_scanresults_notification *notif =
 192            (struct iwl_scanresults_notification *)pkt->u.raw;
 193
 194        IWL_DEBUG_SCAN(priv, "Scan ch.res: "
 195                       "%d [802.11%s] "
 196                       "(TSF: 0x%08X:%08X) - %d "
 197                       "elapsed=%lu usec (%dms since last)\n",
 198                       notif->channel,
 199                       notif->band ? "bg" : "a",
 200                       le32_to_cpu(notif->tsf_high),
 201                       le32_to_cpu(notif->tsf_low),
 202                       le32_to_cpu(notif->statistics[0]),
 203                       le32_to_cpu(notif->tsf_low) - priv->scan_start_tsf,
 204                       jiffies_to_msecs(elapsed_jiffies
 205                                        (priv->last_scan_jiffies, jiffies)));
 206#endif
 207
 208        priv->last_scan_jiffies = jiffies;
 209        priv->next_scan_jiffies = 0;
 210}
 211
 212/* Service SCAN_COMPLETE_NOTIFICATION (0x84) */
 213static void iwl_rx_scan_complete_notif(struct iwl_priv *priv,
 214                                       struct iwl_rx_mem_buffer *rxb)
 215{
 216#ifdef CONFIG_IWLWIFI_DEBUG
 217        struct iwl_rx_packet *pkt = (struct iwl_rx_packet *)rxb->skb->data;
 218        struct iwl_scancomplete_notification *scan_notif = (void *)pkt->u.raw;
 219
 220        IWL_DEBUG_SCAN(priv, "Scan complete: %d channels (TSF 0x%08X:%08X) - %d\n",
 221                       scan_notif->scanned_channels,
 222                       scan_notif->tsf_low,
 223                       scan_notif->tsf_high, scan_notif->status);
 224#endif
 225
 226        /* The HW is no longer scanning */
 227        clear_bit(STATUS_SCAN_HW, &priv->status);
 228
 229        IWL_DEBUG_INFO(priv, "Scan pass on %sGHz took %dms\n",
 230                       (priv->scan_bands & BIT(IEEE80211_BAND_2GHZ)) ?
 231                                                "2.4" : "5.2",
 232                       jiffies_to_msecs(elapsed_jiffies
 233                                        (priv->scan_pass_start, jiffies)));
 234
 235        /* Remove this scanned band from the list of pending
 236         * bands to scan, band G precedes A in order of scanning
 237         * as seen in iwl_bg_request_scan */
 238        if (priv->scan_bands & BIT(IEEE80211_BAND_2GHZ))
 239                priv->scan_bands &= ~BIT(IEEE80211_BAND_2GHZ);
 240        else if (priv->scan_bands &  BIT(IEEE80211_BAND_5GHZ))
 241                priv->scan_bands &= ~BIT(IEEE80211_BAND_5GHZ);
 242
 243        /* If a request to abort was given, or the scan did not succeed
 244         * then we reset the scan state machine and terminate,
 245         * re-queuing another scan if one has been requested */
 246        if (test_bit(STATUS_SCAN_ABORTING, &priv->status)) {
 247                IWL_DEBUG_INFO(priv, "Aborted scan completed.\n");
 248                clear_bit(STATUS_SCAN_ABORTING, &priv->status);
 249        } else {
 250                /* If there are more bands on this scan pass reschedule */
 251                if (priv->scan_bands)
 252                        goto reschedule;
 253        }
 254
 255        priv->last_scan_jiffies = jiffies;
 256        priv->next_scan_jiffies = 0;
 257        IWL_DEBUG_INFO(priv, "Setting scan to off\n");
 258
 259        clear_bit(STATUS_SCANNING, &priv->status);
 260
 261        IWL_DEBUG_INFO(priv, "Scan took %dms\n",
 262                jiffies_to_msecs(elapsed_jiffies(priv->scan_start, jiffies)));
 263
 264        queue_work(priv->workqueue, &priv->scan_completed);
 265
 266        return;
 267
 268reschedule:
 269        priv->scan_pass_start = jiffies;
 270        queue_work(priv->workqueue, &priv->request_scan);
 271}
 272
 273void iwl_setup_rx_scan_handlers(struct iwl_priv *priv)
 274{
 275        /* scan handlers */
 276        priv->rx_handlers[REPLY_SCAN_CMD] = iwl_rx_reply_scan;
 277        priv->rx_handlers[SCAN_START_NOTIFICATION] = iwl_rx_scan_start_notif;
 278        priv->rx_handlers[SCAN_RESULTS_NOTIFICATION] =
 279                                        iwl_rx_scan_results_notif;
 280        priv->rx_handlers[SCAN_COMPLETE_NOTIFICATION] =
 281                                        iwl_rx_scan_complete_notif;
 282}
 283EXPORT_SYMBOL(iwl_setup_rx_scan_handlers);
 284
 285inline u16 iwl_get_active_dwell_time(struct iwl_priv *priv,
 286                                     enum ieee80211_band band,
 287                                     u8 n_probes)
 288{
 289        if (band == IEEE80211_BAND_5GHZ)
 290                return IWL_ACTIVE_DWELL_TIME_52 +
 291                        IWL_ACTIVE_DWELL_FACTOR_52GHZ * (n_probes + 1);
 292        else
 293                return IWL_ACTIVE_DWELL_TIME_24 +
 294                        IWL_ACTIVE_DWELL_FACTOR_24GHZ * (n_probes + 1);
 295}
 296EXPORT_SYMBOL(iwl_get_active_dwell_time);
 297
 298u16 iwl_get_passive_dwell_time(struct iwl_priv *priv,
 299                               enum ieee80211_band band)
 300{
 301        u16 passive = (band == IEEE80211_BAND_2GHZ) ?
 302            IWL_PASSIVE_DWELL_BASE + IWL_PASSIVE_DWELL_TIME_24 :
 303            IWL_PASSIVE_DWELL_BASE + IWL_PASSIVE_DWELL_TIME_52;
 304
 305        if (iwl_is_associated(priv)) {
 306                /* If we're associated, we clamp the maximum passive
 307                 * dwell time to be 98% of the beacon interval (minus
 308                 * 2 * channel tune time) */
 309                passive = priv->beacon_int;
 310                if ((passive > IWL_PASSIVE_DWELL_BASE) || !passive)
 311                        passive = IWL_PASSIVE_DWELL_BASE;
 312                passive = (passive * 98) / 100 - IWL_CHANNEL_TUNE_TIME * 2;
 313        }
 314
 315        return passive;
 316}
 317EXPORT_SYMBOL(iwl_get_passive_dwell_time);
 318
 319static int iwl_get_channels_for_scan(struct iwl_priv *priv,
 320                                     enum ieee80211_band band,
 321                                     u8 is_active, u8 n_probes,
 322                                     struct iwl_scan_channel *scan_ch)
 323{
 324        struct ieee80211_channel *chan;
 325        const struct ieee80211_supported_band *sband;
 326        const struct iwl_channel_info *ch_info;
 327        u16 passive_dwell = 0;
 328        u16 active_dwell = 0;
 329        int added, i;
 330        u16 channel;
 331
 332        sband = iwl_get_hw_mode(priv, band);
 333        if (!sband)
 334                return 0;
 335
 336        active_dwell = iwl_get_active_dwell_time(priv, band, n_probes);
 337        passive_dwell = iwl_get_passive_dwell_time(priv, band);
 338
 339        if (passive_dwell <= active_dwell)
 340                passive_dwell = active_dwell + 1;
 341
 342        for (i = 0, added = 0; i < priv->scan_request->n_channels; i++) {
 343                chan = priv->scan_request->channels[i];
 344
 345                if (chan->band != band)
 346                        continue;
 347
 348                channel = ieee80211_frequency_to_channel(chan->center_freq);
 349                scan_ch->channel = cpu_to_le16(channel);
 350
 351                ch_info = iwl_get_channel_info(priv, band, channel);
 352                if (!is_channel_valid(ch_info)) {
 353                        IWL_DEBUG_SCAN(priv, "Channel %d is INVALID for this band.\n",
 354                                        channel);
 355                        continue;
 356                }
 357
 358                if (!is_active || is_channel_passive(ch_info) ||
 359                    (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN))
 360                        scan_ch->type = SCAN_CHANNEL_TYPE_PASSIVE;
 361                else
 362                        scan_ch->type = SCAN_CHANNEL_TYPE_ACTIVE;
 363
 364                if (n_probes)
 365                        scan_ch->type |= IWL_SCAN_PROBE_MASK(n_probes);
 366
 367                scan_ch->active_dwell = cpu_to_le16(active_dwell);
 368                scan_ch->passive_dwell = cpu_to_le16(passive_dwell);
 369
 370                /* Set txpower levels to defaults */
 371                scan_ch->dsp_atten = 110;
 372
 373                /* NOTE: if we were doing 6Mb OFDM for scans we'd use
 374                 * power level:
 375                 * scan_ch->tx_gain = ((1 << 5) | (2 << 3)) | 3;
 376                 */
 377                if (band == IEEE80211_BAND_5GHZ)
 378                        scan_ch->tx_gain = ((1 << 5) | (3 << 3)) | 3;
 379                else
 380                        scan_ch->tx_gain = ((1 << 5) | (5 << 3));
 381
 382                IWL_DEBUG_SCAN(priv, "Scanning ch=%d prob=0x%X [%s %d]\n",
 383                               channel, le32_to_cpu(scan_ch->type),
 384                               (scan_ch->type & SCAN_CHANNEL_TYPE_ACTIVE) ?
 385                                "ACTIVE" : "PASSIVE",
 386                               (scan_ch->type & SCAN_CHANNEL_TYPE_ACTIVE) ?
 387                               active_dwell : passive_dwell);
 388
 389                scan_ch++;
 390                added++;
 391        }
 392
 393        IWL_DEBUG_SCAN(priv, "total channels to scan %d \n", added);
 394        return added;
 395}
 396
 397void iwl_init_scan_params(struct iwl_priv *priv)
 398{
 399        u8 ant_idx = fls(priv->hw_params.valid_tx_ant) - 1;
 400        if (!priv->scan_tx_ant[IEEE80211_BAND_5GHZ])
 401                priv->scan_tx_ant[IEEE80211_BAND_5GHZ] = ant_idx;
 402        if (!priv->scan_tx_ant[IEEE80211_BAND_2GHZ])
 403                priv->scan_tx_ant[IEEE80211_BAND_2GHZ] = ant_idx;
 404}
 405
 406static int iwl_scan_initiate(struct iwl_priv *priv)
 407{
 408        if (!iwl_is_ready_rf(priv)) {
 409                IWL_DEBUG_SCAN(priv, "Aborting scan due to not ready.\n");
 410                return -EIO;
 411        }
 412
 413        if (test_bit(STATUS_SCANNING, &priv->status)) {
 414                IWL_DEBUG_SCAN(priv, "Scan already in progress.\n");
 415                return -EAGAIN;
 416        }
 417
 418        if (test_bit(STATUS_SCAN_ABORTING, &priv->status)) {
 419                IWL_DEBUG_SCAN(priv, "Scan request while abort pending\n");
 420                return -EAGAIN;
 421        }
 422
 423        IWL_DEBUG_INFO(priv, "Starting scan...\n");
 424        set_bit(STATUS_SCANNING, &priv->status);
 425        priv->scan_start = jiffies;
 426        priv->scan_pass_start = priv->scan_start;
 427
 428        queue_work(priv->workqueue, &priv->request_scan);
 429
 430        return 0;
 431}
 432
 433#define IWL_DELAY_NEXT_SCAN (HZ*2)
 434
 435int iwl_mac_hw_scan(struct ieee80211_hw *hw,
 436                     struct cfg80211_scan_request *req)
 437{
 438        unsigned long flags;
 439        struct iwl_priv *priv = hw->priv;
 440        int ret, i;
 441
 442        IWL_DEBUG_MAC80211(priv, "enter\n");
 443
 444        mutex_lock(&priv->mutex);
 445        spin_lock_irqsave(&priv->lock, flags);
 446
 447        if (!iwl_is_ready_rf(priv)) {
 448                ret = -EIO;
 449                IWL_DEBUG_MAC80211(priv, "leave - not ready or exit pending\n");
 450                goto out_unlock;
 451        }
 452
 453        /* We don't schedule scan within next_scan_jiffies period.
 454         * Avoid scanning during possible EAPOL exchange, return
 455         * success immediately.
 456         */
 457        if (priv->next_scan_jiffies &&
 458            time_after(priv->next_scan_jiffies, jiffies)) {
 459                IWL_DEBUG_SCAN(priv, "scan rejected: within next scan period\n");
 460                queue_work(priv->workqueue, &priv->scan_completed);
 461                ret = 0;
 462                goto out_unlock;
 463        }
 464
 465        /* if we just finished scan ask for delay */
 466        if (iwl_is_associated(priv) && priv->last_scan_jiffies &&
 467            time_after(priv->last_scan_jiffies + IWL_DELAY_NEXT_SCAN, jiffies)) {
 468                IWL_DEBUG_SCAN(priv, "scan rejected: within previous scan period\n");
 469                queue_work(priv->workqueue, &priv->scan_completed);
 470                ret = 0;
 471                goto out_unlock;
 472        }
 473
 474        priv->scan_bands = 0;
 475        for (i = 0; i < req->n_channels; i++)
 476                priv->scan_bands |= BIT(req->channels[i]->band);
 477
 478        priv->scan_request = req;
 479
 480        ret = iwl_scan_initiate(priv);
 481
 482        IWL_DEBUG_MAC80211(priv, "leave\n");
 483
 484out_unlock:
 485        spin_unlock_irqrestore(&priv->lock, flags);
 486        mutex_unlock(&priv->mutex);
 487
 488        return ret;
 489}
 490EXPORT_SYMBOL(iwl_mac_hw_scan);
 491
 492#define IWL_SCAN_CHECK_WATCHDOG (7 * HZ)
 493
 494void iwl_bg_scan_check(struct work_struct *data)
 495{
 496        struct iwl_priv *priv =
 497            container_of(data, struct iwl_priv, scan_check.work);
 498
 499        if (test_bit(STATUS_EXIT_PENDING, &priv->status))
 500                return;
 501
 502        mutex_lock(&priv->mutex);
 503        if (test_bit(STATUS_SCANNING, &priv->status) ||
 504            test_bit(STATUS_SCAN_ABORTING, &priv->status)) {
 505                IWL_DEBUG_SCAN(priv, "Scan completion watchdog resetting "
 506                        "adapter (%dms)\n",
 507                        jiffies_to_msecs(IWL_SCAN_CHECK_WATCHDOG));
 508
 509                if (!test_bit(STATUS_EXIT_PENDING, &priv->status))
 510                        iwl_send_scan_abort(priv);
 511        }
 512        mutex_unlock(&priv->mutex);
 513}
 514EXPORT_SYMBOL(iwl_bg_scan_check);
 515
 516/**
 517 * iwl_fill_probe_req - fill in all required fields and IE for probe request
 518 */
 519
 520u16 iwl_fill_probe_req(struct iwl_priv *priv, struct ieee80211_mgmt *frame,
 521                       const u8 *ies, int ie_len, int left)
 522{
 523        int len = 0;
 524        u8 *pos = NULL;
 525
 526        /* Make sure there is enough space for the probe request,
 527         * two mandatory IEs and the data */
 528        left -= 24;
 529        if (left < 0)
 530                return 0;
 531
 532        frame->frame_control = cpu_to_le16(IEEE80211_STYPE_PROBE_REQ);
 533        memcpy(frame->da, iwl_bcast_addr, ETH_ALEN);
 534        memcpy(frame->sa, priv->mac_addr, ETH_ALEN);
 535        memcpy(frame->bssid, iwl_bcast_addr, ETH_ALEN);
 536        frame->seq_ctrl = 0;
 537
 538        len += 24;
 539
 540        /* ...next IE... */
 541        pos = &frame->u.probe_req.variable[0];
 542
 543        /* fill in our indirect SSID IE */
 544        left -= 2;
 545        if (left < 0)
 546                return 0;
 547        *pos++ = WLAN_EID_SSID;
 548        *pos++ = 0;
 549
 550        len += 2;
 551
 552        if (WARN_ON(left < ie_len))
 553                return len;
 554
 555        memcpy(pos, ies, ie_len);
 556        len += ie_len;
 557        left -= ie_len;
 558
 559        return (u16)len;
 560}
 561EXPORT_SYMBOL(iwl_fill_probe_req);
 562
 563static void iwl_bg_request_scan(struct work_struct *data)
 564{
 565        struct iwl_priv *priv =
 566            container_of(data, struct iwl_priv, request_scan);
 567        struct iwl_host_cmd cmd = {
 568                .id = REPLY_SCAN_CMD,
 569                .len = sizeof(struct iwl_scan_cmd),
 570                .flags = CMD_SIZE_HUGE,
 571        };
 572        struct iwl_scan_cmd *scan;
 573        struct ieee80211_conf *conf = NULL;
 574        int ret = 0;
 575        u32 rate_flags = 0;
 576        u16 cmd_len;
 577        u16 rx_chain = 0;
 578        enum ieee80211_band band;
 579        u8 n_probes = 0;
 580        u8 rx_ant = priv->hw_params.valid_rx_ant;
 581        u8 rate;
 582        bool is_active = false;
 583        int  chan_mod;
 584
 585        conf = ieee80211_get_hw_conf(priv->hw);
 586
 587        mutex_lock(&priv->mutex);
 588
 589        cancel_delayed_work(&priv->scan_check);
 590
 591        if (!iwl_is_ready(priv)) {
 592                IWL_WARN(priv, "request scan called when driver not ready.\n");
 593                goto done;
 594        }
 595
 596        /* Make sure the scan wasn't canceled before this queued work
 597         * was given the chance to run... */
 598        if (!test_bit(STATUS_SCANNING, &priv->status))
 599                goto done;
 600
 601        /* This should never be called or scheduled if there is currently
 602         * a scan active in the hardware. */
 603        if (test_bit(STATUS_SCAN_HW, &priv->status)) {
 604                IWL_DEBUG_INFO(priv, "Multiple concurrent scan requests in parallel. "
 605                               "Ignoring second request.\n");
 606                ret = -EIO;
 607                goto done;
 608        }
 609
 610        if (test_bit(STATUS_EXIT_PENDING, &priv->status)) {
 611                IWL_DEBUG_SCAN(priv, "Aborting scan due to device shutdown\n");
 612                goto done;
 613        }
 614
 615        if (test_bit(STATUS_SCAN_ABORTING, &priv->status)) {
 616                IWL_DEBUG_HC(priv, "Scan request while abort pending.  Queuing.\n");
 617                goto done;
 618        }
 619
 620        if (iwl_is_rfkill(priv)) {
 621                IWL_DEBUG_HC(priv, "Aborting scan due to RF Kill activation\n");
 622                goto done;
 623        }
 624
 625        if (!test_bit(STATUS_READY, &priv->status)) {
 626                IWL_DEBUG_HC(priv, "Scan request while uninitialized.  Queuing.\n");
 627                goto done;
 628        }
 629
 630        if (!priv->scan_bands) {
 631                IWL_DEBUG_HC(priv, "Aborting scan due to no requested bands\n");
 632                goto done;
 633        }
 634
 635        if (!priv->scan) {
 636                priv->scan = kmalloc(sizeof(struct iwl_scan_cmd) +
 637                                     IWL_MAX_SCAN_SIZE, GFP_KERNEL);
 638                if (!priv->scan) {
 639                        ret = -ENOMEM;
 640                        goto done;
 641                }
 642        }
 643        scan = priv->scan;
 644        memset(scan, 0, sizeof(struct iwl_scan_cmd) + IWL_MAX_SCAN_SIZE);
 645
 646        scan->quiet_plcp_th = IWL_PLCP_QUIET_THRESH;
 647        scan->quiet_time = IWL_ACTIVE_QUIET_TIME;
 648
 649        if (iwl_is_associated(priv)) {
 650                u16 interval = 0;
 651                u32 extra;
 652                u32 suspend_time = 100;
 653                u32 scan_suspend_time = 100;
 654                unsigned long flags;
 655
 656                IWL_DEBUG_INFO(priv, "Scanning while associated...\n");
 657
 658                spin_lock_irqsave(&priv->lock, flags);
 659                interval = priv->beacon_int;
 660                spin_unlock_irqrestore(&priv->lock, flags);
 661
 662                scan->suspend_time = 0;
 663                scan->max_out_time = cpu_to_le32(200 * 1024);
 664                if (!interval)
 665                        interval = suspend_time;
 666
 667                extra = (suspend_time / interval) << 22;
 668                scan_suspend_time = (extra |
 669                    ((suspend_time % interval) * 1024));
 670                scan->suspend_time = cpu_to_le32(scan_suspend_time);
 671                IWL_DEBUG_SCAN(priv, "suspend_time 0x%X beacon interval %d\n",
 672                               scan_suspend_time, interval);
 673        }
 674
 675        if (priv->scan_request->n_ssids) {
 676                int i, p = 0;
 677                IWL_DEBUG_SCAN(priv, "Kicking off active scan\n");
 678                for (i = 0; i < priv->scan_request->n_ssids; i++) {
 679                        /* always does wildcard anyway */
 680                        if (!priv->scan_request->ssids[i].ssid_len)
 681                                continue;
 682                        scan->direct_scan[p].id = WLAN_EID_SSID;
 683                        scan->direct_scan[p].len =
 684                                priv->scan_request->ssids[i].ssid_len;
 685                        memcpy(scan->direct_scan[p].ssid,
 686                               priv->scan_request->ssids[i].ssid,
 687                               priv->scan_request->ssids[i].ssid_len);
 688                        n_probes++;
 689                        p++;
 690                }
 691                is_active = true;
 692        } else
 693                IWL_DEBUG_SCAN(priv, "Start passive scan.\n");
 694
 695        scan->tx_cmd.tx_flags = TX_CMD_FLG_SEQ_CTL_MSK;
 696        scan->tx_cmd.sta_id = priv->hw_params.bcast_sta_id;
 697        scan->tx_cmd.stop_time.life_time = TX_CMD_LIFE_TIME_INFINITE;
 698
 699
 700        if (priv->scan_bands & BIT(IEEE80211_BAND_2GHZ)) {
 701                band = IEEE80211_BAND_2GHZ;
 702                scan->flags = RXON_FLG_BAND_24G_MSK | RXON_FLG_AUTO_DETECT_MSK;
 703                chan_mod = le32_to_cpu(priv->active_rxon.flags & RXON_FLG_CHANNEL_MODE_MSK)
 704                                       >> RXON_FLG_CHANNEL_MODE_POS;
 705                if (chan_mod == CHANNEL_MODE_PURE_40) {
 706                        rate = IWL_RATE_6M_PLCP;
 707                } else {
 708                        rate = IWL_RATE_1M_PLCP;
 709                        rate_flags = RATE_MCS_CCK_MSK;
 710                }
 711                scan->good_CRC_th = 0;
 712        } else if (priv->scan_bands & BIT(IEEE80211_BAND_5GHZ)) {
 713                band = IEEE80211_BAND_5GHZ;
 714                rate = IWL_RATE_6M_PLCP;
 715                /*
 716                 * If active scaning is requested but a certain channel
 717                 * is marked passive, we can do active scanning if we
 718                 * detect transmissions.
 719                 */
 720                scan->good_CRC_th = is_active ? IWL_GOOD_CRC_TH : 0;
 721
 722                /* Force use of chains B and C (0x6) for scan Rx for 4965
 723                 * Avoid A (0x1) because of its off-channel reception on A-band.
 724                 */
 725                if ((priv->hw_rev & CSR_HW_REV_TYPE_MSK) == CSR_HW_REV_TYPE_4965)
 726                        rx_ant = ANT_BC;
 727        } else {
 728                IWL_WARN(priv, "Invalid scan band count\n");
 729                goto done;
 730        }
 731
 732        priv->scan_tx_ant[band] =
 733                         iwl_toggle_tx_ant(priv, priv->scan_tx_ant[band]);
 734        rate_flags |= iwl_ant_idx_to_flags(priv->scan_tx_ant[band]);
 735        scan->tx_cmd.rate_n_flags = iwl_hw_set_rate_n_flags(rate, rate_flags);
 736
 737        /* MIMO is not used here, but value is required */
 738        rx_chain |= ANT_ABC << RXON_RX_CHAIN_VALID_POS;
 739        rx_chain |= ANT_ABC << RXON_RX_CHAIN_FORCE_MIMO_SEL_POS;
 740        rx_chain |= rx_ant << RXON_RX_CHAIN_FORCE_SEL_POS;
 741        rx_chain |= 0x1 << RXON_RX_CHAIN_DRIVER_FORCE_POS;
 742        scan->rx_chain = cpu_to_le16(rx_chain);
 743        cmd_len = iwl_fill_probe_req(priv,
 744                                (struct ieee80211_mgmt *)scan->data,
 745                                priv->scan_request->ie,
 746                                priv->scan_request->ie_len,
 747                                IWL_MAX_SCAN_SIZE - sizeof(*scan));
 748
 749        scan->tx_cmd.len = cpu_to_le16(cmd_len);
 750
 751        if (iwl_is_monitor_mode(priv))
 752                scan->filter_flags = RXON_FILTER_PROMISC_MSK;
 753
 754        scan->filter_flags |= (RXON_FILTER_ACCEPT_GRP_MSK |
 755                               RXON_FILTER_BCON_AWARE_MSK);
 756
 757        scan->channel_count =
 758                iwl_get_channels_for_scan(priv, band, is_active, n_probes,
 759                        (void *)&scan->data[le16_to_cpu(scan->tx_cmd.len)]);
 760
 761        if (scan->channel_count == 0) {
 762                IWL_DEBUG_SCAN(priv, "channel count %d\n", scan->channel_count);
 763                goto done;
 764        }
 765
 766        cmd.len += le16_to_cpu(scan->tx_cmd.len) +
 767            scan->channel_count * sizeof(struct iwl_scan_channel);
 768        cmd.data = scan;
 769        scan->len = cpu_to_le16(cmd.len);
 770
 771        set_bit(STATUS_SCAN_HW, &priv->status);
 772        ret = iwl_send_cmd_sync(priv, &cmd);
 773        if (ret)
 774                goto done;
 775
 776        queue_delayed_work(priv->workqueue, &priv->scan_check,
 777                           IWL_SCAN_CHECK_WATCHDOG);
 778
 779        mutex_unlock(&priv->mutex);
 780        return;
 781
 782 done:
 783        /* Cannot perform scan. Make sure we clear scanning
 784        * bits from status so next scan request can be performed.
 785        * If we don't clear scanning status bit here all next scan
 786        * will fail
 787        */
 788        clear_bit(STATUS_SCAN_HW, &priv->status);
 789        clear_bit(STATUS_SCANNING, &priv->status);
 790        /* inform mac80211 scan aborted */
 791        queue_work(priv->workqueue, &priv->scan_completed);
 792        mutex_unlock(&priv->mutex);
 793}
 794
 795void iwl_bg_abort_scan(struct work_struct *work)
 796{
 797        struct iwl_priv *priv = container_of(work, struct iwl_priv, abort_scan);
 798
 799        if (!test_bit(STATUS_READY, &priv->status) ||
 800            !test_bit(STATUS_GEO_CONFIGURED, &priv->status))
 801                return;
 802
 803        mutex_lock(&priv->mutex);
 804
 805        set_bit(STATUS_SCAN_ABORTING, &priv->status);
 806        iwl_send_scan_abort(priv);
 807
 808        mutex_unlock(&priv->mutex);
 809}
 810EXPORT_SYMBOL(iwl_bg_abort_scan);
 811
 812void iwl_bg_scan_completed(struct work_struct *work)
 813{
 814        struct iwl_priv *priv =
 815            container_of(work, struct iwl_priv, scan_completed);
 816
 817        IWL_DEBUG_SCAN(priv, "SCAN complete scan\n");
 818
 819        cancel_delayed_work(&priv->scan_check);
 820
 821        ieee80211_scan_completed(priv->hw, false);
 822
 823        if (test_bit(STATUS_EXIT_PENDING, &priv->status))
 824                return;
 825
 826        /* Since setting the TXPOWER may have been deferred while
 827         * performing the scan, fire one off */
 828        mutex_lock(&priv->mutex);
 829        iwl_set_tx_power(priv, priv->tx_power_user_lmt, true);
 830        mutex_unlock(&priv->mutex);
 831}
 832EXPORT_SYMBOL(iwl_bg_scan_completed);
 833
 834void iwl_setup_scan_deferred_work(struct iwl_priv *priv)
 835{
 836        INIT_WORK(&priv->scan_completed, iwl_bg_scan_completed);
 837        INIT_WORK(&priv->request_scan, iwl_bg_request_scan);
 838        INIT_WORK(&priv->abort_scan, iwl_bg_abort_scan);
 839        INIT_DELAYED_WORK(&priv->scan_check, iwl_bg_scan_check);
 840}
 841EXPORT_SYMBOL(iwl_setup_scan_deferred_work);
 842
 843