LXR linux/drivers/net/wireless/iwlwifi/mvm/sta.c

   1/******************************************************************************
   2 *
   3 * This file is provided under a dual BSD/GPLv2 license.  When using or
   4 * redistributing this file, you may do so under either license.
   5 *
   6 * GPL LICENSE SUMMARY
   7 *
   8 * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved.
   9 *
  10 * This program is free software; you can redistribute it and/or modify
  11 * it under the terms of version 2 of the GNU General Public License as
  12 * published by the Free Software Foundation.
  13 *
  14 * This program is distributed in the hope that it will be useful, but
  15 * WITHOUT ANY WARRANTY; without even the implied warranty of
  16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17 * General Public License for more details.
  18 *
  19 * You should have received a copy of the GNU General Public License
  20 * along with this program; if not, write to the Free Software
  21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
  22 * USA
  23 *
  24 * The full GNU General Public License is included in this distribution
  25 * in the file called COPYING.
  26 *
  27 * Contact Information:
  28 *  Intel Linux Wireless <ilw@linux.intel.com>
  29 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
  30 *
  31 * BSD LICENSE
  32 *
  33 * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved.
  34 * All rights reserved.
  35 *
  36 * Redistribution and use in source and binary forms, with or without
  37 * modification, are permitted provided that the following conditions
  38 * are met:
  39 *
  40 *  * Redistributions of source code must retain the above copyright
  41 *    notice, this list of conditions and the following disclaimer.
  42 *  * Redistributions in binary form must reproduce the above copyright
  43 *    notice, this list of conditions and the following disclaimer in
  44 *    the documentation and/or other materials provided with the
  45 *    distribution.
  46 *  * Neither the name Intel Corporation nor the names of its
  47 *    contributors may be used to endorse or promote products derived
  48 *    from this software without specific prior written permission.
  49 *
  50 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  51 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  52 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  53 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  54 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  55 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  56 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  57 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  58 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  59 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  60 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  61 *
  62 *****************************************************************************/
  63#include <net/mac80211.h>
  64
  65#include "mvm.h"
  66#include "sta.h"
  67#include "rs.h"
  68
  69static int iwl_mvm_find_free_sta_id(struct iwl_mvm *mvm,
  70                                    enum nl80211_iftype iftype)
  71{
  72        int sta_id;
  73        u32 reserved_ids = 0;
  74
  75        BUILD_BUG_ON(IWL_MVM_STATION_COUNT > 32);
  76        WARN_ON_ONCE(test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status));
  77
  78        lockdep_assert_held(&mvm->mutex);
  79
  80        /* d0i3/d3 assumes the AP's sta_id (of sta vif) is 0. reserve it. */
  81        if (iftype != NL80211_IFTYPE_STATION)
  82                reserved_ids = BIT(0);
  83
  84        /* Don't take rcu_read_lock() since we are protected by mvm->mutex */
  85        for (sta_id = 0; sta_id < IWL_MVM_STATION_COUNT; sta_id++) {
  86                if (BIT(sta_id) & reserved_ids)
  87                        continue;
  88
  89                if (!rcu_dereference_protected(mvm->fw_id_to_mac_id[sta_id],
  90                                               lockdep_is_held(&mvm->mutex)))
  91                        return sta_id;
  92        }
  93        return IWL_MVM_STATION_COUNT;
  94}
  95
  96/* send station add/update command to firmware */
  97int iwl_mvm_sta_send_to_fw(struct iwl_mvm *mvm, struct ieee80211_sta *sta,
  98                           bool update)
  99{
 100        struct iwl_mvm_sta *mvm_sta = (void *)sta->drv_priv;
 101        struct iwl_mvm_add_sta_cmd add_sta_cmd = {
 102                .sta_id = mvm_sta->sta_id,
 103                .mac_id_n_color = cpu_to_le32(mvm_sta->mac_id_n_color),
 104                .add_modify = update ? 1 : 0,
 105                .station_flags_msk = cpu_to_le32(STA_FLG_FAT_EN_MSK |
 106                                                 STA_FLG_MIMO_EN_MSK),
 107        };
 108        int ret;
 109        u32 status;
 110        u32 agg_size = 0, mpdu_dens = 0;
 111
 112        if (!update) {
 113                add_sta_cmd.tfd_queue_msk = cpu_to_le32(mvm_sta->tfd_queue_msk);
 114                memcpy(&add_sta_cmd.addr, sta->addr, ETH_ALEN);
 115        }
 116
 117        switch (sta->bandwidth) {
 118        case IEEE80211_STA_RX_BW_160:
 119                add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_FAT_EN_160MHZ);
 120                /* fall through */
 121        case IEEE80211_STA_RX_BW_80:
 122                add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_FAT_EN_80MHZ);
 123                /* fall through */
 124        case IEEE80211_STA_RX_BW_40:
 125                add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_FAT_EN_40MHZ);
 126                /* fall through */
 127        case IEEE80211_STA_RX_BW_20:
 128                if (sta->ht_cap.ht_supported)
 129                        add_sta_cmd.station_flags |=
 130                                cpu_to_le32(STA_FLG_FAT_EN_20MHZ);
 131                break;
 132        }
 133
 134        switch (sta->rx_nss) {
 135        case 1:
 136                add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_MIMO_EN_SISO);
 137                break;
 138        case 2:
 139                add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_MIMO_EN_MIMO2);
 140                break;
 141        case 3 ... 8:
 142                add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_MIMO_EN_MIMO3);
 143                break;
 144        }
 145
 146        switch (sta->smps_mode) {
 147        case IEEE80211_SMPS_AUTOMATIC:
 148        case IEEE80211_SMPS_NUM_MODES:
 149                WARN_ON(1);
 150                break;
 151        case IEEE80211_SMPS_STATIC:
 152                /* override NSS */
 153                add_sta_cmd.station_flags &= ~cpu_to_le32(STA_FLG_MIMO_EN_MSK);
 154                add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_MIMO_EN_SISO);
 155                break;
 156        case IEEE80211_SMPS_DYNAMIC:
 157                add_sta_cmd.station_flags |= cpu_to_le32(STA_FLG_RTS_MIMO_PROT);
 158                break;
 159        case IEEE80211_SMPS_OFF:
 160                /* nothing */
 161                break;
 162        }
 163
 164        if (sta->ht_cap.ht_supported) {
 165                add_sta_cmd.station_flags_msk |=
 166                        cpu_to_le32(STA_FLG_MAX_AGG_SIZE_MSK |
 167                                    STA_FLG_AGG_MPDU_DENS_MSK);
 168
 169                mpdu_dens = sta->ht_cap.ampdu_density;
 170        }
 171
 172        if (sta->vht_cap.vht_supported) {
 173                agg_size = sta->vht_cap.cap &
 174                        IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK;
 175                agg_size >>=
 176                        IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT;
 177        } else if (sta->ht_cap.ht_supported) {
 178                agg_size = sta->ht_cap.ampdu_factor;
 179        }
 180
 181        add_sta_cmd.station_flags |=
 182                cpu_to_le32(agg_size << STA_FLG_MAX_AGG_SIZE_SHIFT);
 183        add_sta_cmd.station_flags |=
 184                cpu_to_le32(mpdu_dens << STA_FLG_AGG_MPDU_DENS_SHIFT);
 185
 186        status = ADD_STA_SUCCESS;
 187        ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA, sizeof(add_sta_cmd),
 188                                          &add_sta_cmd, &status);
 189        if (ret)
 190                return ret;
 191
 192        switch (status) {
 193        case ADD_STA_SUCCESS:
 194                IWL_DEBUG_ASSOC(mvm, "ADD_STA PASSED\n");
 195                break;
 196        default:
 197                ret = -EIO;
 198                IWL_ERR(mvm, "ADD_STA failed\n");
 199                break;
 200        }
 201
 202        return ret;
 203}
 204
 205int iwl_mvm_add_sta(struct iwl_mvm *mvm,
 206                    struct ieee80211_vif *vif,
 207                    struct ieee80211_sta *sta)
 208{
 209        struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
 210        struct iwl_mvm_sta *mvm_sta = (void *)sta->drv_priv;
 211        int i, ret, sta_id;
 212
 213        lockdep_assert_held(&mvm->mutex);
 214
 215        if (!test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status))
 216                sta_id = iwl_mvm_find_free_sta_id(mvm,
 217                                                  ieee80211_vif_type_p2p(vif));
 218        else
 219                sta_id = mvm_sta->sta_id;
 220
 221        if (WARN_ON_ONCE(sta_id == IWL_MVM_STATION_COUNT))
 222                return -ENOSPC;
 223
 224        spin_lock_init(&mvm_sta->lock);
 225
 226        mvm_sta->sta_id = sta_id;
 227        mvm_sta->mac_id_n_color = FW_CMD_ID_AND_COLOR(mvmvif->id,
 228                                                      mvmvif->color);
 229        mvm_sta->vif = vif;
 230        mvm_sta->max_agg_bufsize = LINK_QUAL_AGG_FRAME_LIMIT_DEF;
 231        mvm_sta->tx_protection = 0;
 232        mvm_sta->tt_tx_protection = false;
 233
 234        /* HW restart, don't assume the memory has been zeroed */
 235        atomic_set(&mvm->pending_frames[sta_id], 0);
 236        mvm_sta->tid_disable_agg = 0;
 237        mvm_sta->tfd_queue_msk = 0;
 238        for (i = 0; i < IEEE80211_NUM_ACS; i++)
 239                if (vif->hw_queue[i] != IEEE80211_INVAL_HW_QUEUE)
 240                        mvm_sta->tfd_queue_msk |= BIT(vif->hw_queue[i]);
 241
 242        /* for HW restart - reset everything but the sequence number */
 243        for (i = 0; i < IWL_MAX_TID_COUNT; i++) {
 244                u16 seq = mvm_sta->tid_data[i].seq_number;
 245                memset(&mvm_sta->tid_data[i], 0, sizeof(mvm_sta->tid_data[i]));
 246                mvm_sta->tid_data[i].seq_number = seq;
 247        }
 248
 249        ret = iwl_mvm_sta_send_to_fw(mvm, sta, false);
 250        if (ret)
 251                return ret;
 252
 253        /* The first station added is the AP, the others are TDLS STAs */
 254        if (vif->type == NL80211_IFTYPE_STATION &&
 255            mvmvif->ap_sta_id == IWL_MVM_STATION_COUNT)
 256                mvmvif->ap_sta_id = sta_id;
 257
 258        rcu_assign_pointer(mvm->fw_id_to_mac_id[sta_id], sta);
 259
 260        return 0;
 261}
 262
 263int iwl_mvm_update_sta(struct iwl_mvm *mvm,
 264                       struct ieee80211_vif *vif,
 265                       struct ieee80211_sta *sta)
 266{
 267        return iwl_mvm_sta_send_to_fw(mvm, sta, true);
 268}
 269
 270int iwl_mvm_drain_sta(struct iwl_mvm *mvm, struct iwl_mvm_sta *mvmsta,
 271                      bool drain)
 272{
 273        struct iwl_mvm_add_sta_cmd cmd = {};
 274        int ret;
 275        u32 status;
 276
 277        lockdep_assert_held(&mvm->mutex);
 278
 279        cmd.mac_id_n_color = cpu_to_le32(mvmsta->mac_id_n_color);
 280        cmd.sta_id = mvmsta->sta_id;
 281        cmd.add_modify = STA_MODE_MODIFY;
 282        cmd.station_flags = drain ? cpu_to_le32(STA_FLG_DRAIN_FLOW) : 0;
 283        cmd.station_flags_msk = cpu_to_le32(STA_FLG_DRAIN_FLOW);
 284
 285        status = ADD_STA_SUCCESS;
 286        ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA, sizeof(cmd),
 287                                          &cmd, &status);
 288        if (ret)
 289                return ret;
 290
 291        switch (status) {
 292        case ADD_STA_SUCCESS:
 293                IWL_DEBUG_INFO(mvm, "Frames for staid %d will drained in fw\n",
 294                               mvmsta->sta_id);
 295                break;
 296        default:
 297                ret = -EIO;
 298                IWL_ERR(mvm, "Couldn't drain frames for staid %d\n",
 299                        mvmsta->sta_id);
 300                break;
 301        }
 302
 303        return ret;
 304}
 305
 306/*
 307 * Remove a station from the FW table. Before sending the command to remove
 308 * the station validate that the station is indeed known to the driver (sanity
 309 * only).
 310 */
 311static int iwl_mvm_rm_sta_common(struct iwl_mvm *mvm, u8 sta_id)
 312{
 313        struct ieee80211_sta *sta;
 314        struct iwl_mvm_rm_sta_cmd rm_sta_cmd = {
 315                .sta_id = sta_id,
 316        };
 317        int ret;
 318
 319        sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[sta_id],
 320                                        lockdep_is_held(&mvm->mutex));
 321
 322        /* Note: internal stations are marked as error values */
 323        if (!sta) {
 324                IWL_ERR(mvm, "Invalid station id\n");
 325                return -EINVAL;
 326        }
 327
 328        ret = iwl_mvm_send_cmd_pdu(mvm, REMOVE_STA, 0,
 329                                   sizeof(rm_sta_cmd), &rm_sta_cmd);
 330        if (ret) {
 331                IWL_ERR(mvm, "Failed to remove station. Id=%d\n", sta_id);
 332                return ret;
 333        }
 334
 335        return 0;
 336}
 337
 338void iwl_mvm_sta_drained_wk(struct work_struct *wk)
 339{
 340        struct iwl_mvm *mvm = container_of(wk, struct iwl_mvm, sta_drained_wk);
 341        u8 sta_id;
 342
 343        /*
 344         * The mutex is needed because of the SYNC cmd, but not only: if the
 345         * work would run concurrently with iwl_mvm_rm_sta, it would run before
 346         * iwl_mvm_rm_sta sets the station as busy, and exit. Then
 347         * iwl_mvm_rm_sta would set the station as busy, and nobody will clean
 348         * that later.
 349         */
 350        mutex_lock(&mvm->mutex);
 351
 352        for_each_set_bit(sta_id, mvm->sta_drained, IWL_MVM_STATION_COUNT) {
 353                int ret;
 354                struct ieee80211_sta *sta =
 355                        rcu_dereference_protected(mvm->fw_id_to_mac_id[sta_id],
 356                                                  lockdep_is_held(&mvm->mutex));
 357
 358                /*
 359                 * This station is in use or RCU-removed; the latter happens in
 360                 * managed mode, where mac80211 removes the station before we
 361                 * can remove it from firmware (we can only do that after the
 362                 * MAC is marked unassociated), and possibly while the deauth
 363                 * frame to disconnect from the AP is still queued. Then, the
 364                 * station pointer is -ENOENT when the last skb is reclaimed.
 365                 */
 366                if (!IS_ERR(sta) || PTR_ERR(sta) == -ENOENT)
 367                        continue;
 368
 369                if (PTR_ERR(sta) == -EINVAL) {
 370                        IWL_ERR(mvm, "Drained sta %d, but it is internal?\n",
 371                                sta_id);
 372                        continue;
 373                }
 374
 375                if (!sta) {
 376                        IWL_ERR(mvm, "Drained sta %d, but it was NULL?\n",
 377                                sta_id);
 378                        continue;
 379                }
 380
 381                WARN_ON(PTR_ERR(sta) != -EBUSY);
 382                /* This station was removed and we waited until it got drained,
 383                 * we can now proceed and remove it.
 384                 */
 385                ret = iwl_mvm_rm_sta_common(mvm, sta_id);
 386                if (ret) {
 387                        IWL_ERR(mvm,
 388                                "Couldn't remove sta %d after it was drained\n",
 389                                sta_id);
 390                        continue;
 391                }
 392                RCU_INIT_POINTER(mvm->fw_id_to_mac_id[sta_id], NULL);
 393                clear_bit(sta_id, mvm->sta_drained);
 394        }
 395
 396        mutex_unlock(&mvm->mutex);
 397}
 398
 399int iwl_mvm_rm_sta(struct iwl_mvm *mvm,
 400                   struct ieee80211_vif *vif,
 401                   struct ieee80211_sta *sta)
 402{
 403        struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
 404        struct iwl_mvm_sta *mvm_sta = (void *)sta->drv_priv;
 405        int ret;
 406
 407        lockdep_assert_held(&mvm->mutex);
 408
 409        if (vif->type == NL80211_IFTYPE_STATION &&
 410            mvmvif->ap_sta_id == mvm_sta->sta_id) {
 411                /* flush its queues here since we are freeing mvm_sta */
 412                ret = iwl_mvm_flush_tx_path(mvm, mvm_sta->tfd_queue_msk, true);
 413
 414                /* if we are associated - we can't remove the AP STA now */
 415                if (vif->bss_conf.assoc)
 416                        return ret;
 417
 418                /* unassoc - go ahead - remove the AP STA now */
 419                mvmvif->ap_sta_id = IWL_MVM_STATION_COUNT;
 420
 421                /* clear d0i3_ap_sta_id if no longer relevant */
 422                if (mvm->d0i3_ap_sta_id == mvm_sta->sta_id)
 423                        mvm->d0i3_ap_sta_id = IWL_MVM_STATION_COUNT;
 424        }
 425
 426        /*
 427         * Make sure that the tx response code sees the station as -EBUSY and
 428         * calls the drain worker.
 429         */
 430        spin_lock_bh(&mvm_sta->lock);
 431        /*
 432         * There are frames pending on the AC queues for this station.
 433         * We need to wait until all the frames are drained...
 434         */
 435        if (atomic_read(&mvm->pending_frames[mvm_sta->sta_id])) {
 436                rcu_assign_pointer(mvm->fw_id_to_mac_id[mvm_sta->sta_id],
 437                                   ERR_PTR(-EBUSY));
 438                spin_unlock_bh(&mvm_sta->lock);
 439                ret = iwl_mvm_drain_sta(mvm, mvm_sta, true);
 440        } else {
 441                spin_unlock_bh(&mvm_sta->lock);
 442                ret = iwl_mvm_rm_sta_common(mvm, mvm_sta->sta_id);
 443                RCU_INIT_POINTER(mvm->fw_id_to_mac_id[mvm_sta->sta_id], NULL);
 444        }
 445
 446        return ret;
 447}
 448
 449int iwl_mvm_rm_sta_id(struct iwl_mvm *mvm,
 450                      struct ieee80211_vif *vif,
 451                      u8 sta_id)
 452{
 453        int ret = iwl_mvm_rm_sta_common(mvm, sta_id);
 454
 455        lockdep_assert_held(&mvm->mutex);
 456
 457        RCU_INIT_POINTER(mvm->fw_id_to_mac_id[sta_id], NULL);
 458        return ret;
 459}
 460
 461int iwl_mvm_allocate_int_sta(struct iwl_mvm *mvm, struct iwl_mvm_int_sta *sta,
 462                             u32 qmask, enum nl80211_iftype iftype)
 463{
 464        if (!test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status)) {
 465                sta->sta_id = iwl_mvm_find_free_sta_id(mvm, iftype);
 466                if (WARN_ON_ONCE(sta->sta_id == IWL_MVM_STATION_COUNT))
 467                        return -ENOSPC;
 468        }
 469
 470        sta->tfd_queue_msk = qmask;
 471
 472        /* put a non-NULL value so iterating over the stations won't stop */
 473        rcu_assign_pointer(mvm->fw_id_to_mac_id[sta->sta_id], ERR_PTR(-EINVAL));
 474        return 0;
 475}
 476
 477void iwl_mvm_dealloc_int_sta(struct iwl_mvm *mvm, struct iwl_mvm_int_sta *sta)
 478{
 479        RCU_INIT_POINTER(mvm->fw_id_to_mac_id[sta->sta_id], NULL);
 480        memset(sta, 0, sizeof(struct iwl_mvm_int_sta));
 481        sta->sta_id = IWL_MVM_STATION_COUNT;
 482}
 483
 484static int iwl_mvm_add_int_sta_common(struct iwl_mvm *mvm,
 485                                      struct iwl_mvm_int_sta *sta,
 486                                      const u8 *addr,
 487                                      u16 mac_id, u16 color)
 488{
 489        struct iwl_mvm_add_sta_cmd cmd;
 490        int ret;
 491        u32 status;
 492
 493        lockdep_assert_held(&mvm->mutex);
 494
 495        memset(&cmd, 0, sizeof(cmd));
 496        cmd.sta_id = sta->sta_id;
 497        cmd.mac_id_n_color = cpu_to_le32(FW_CMD_ID_AND_COLOR(mac_id,
 498                                                             color));
 499
 500        cmd.tfd_queue_msk = cpu_to_le32(sta->tfd_queue_msk);
 501
 502        if (addr)
 503                memcpy(cmd.addr, addr, ETH_ALEN);
 504
 505        ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA, sizeof(cmd),
 506                                          &cmd, &status);
 507        if (ret)
 508                return ret;
 509
 510        switch (status) {
 511        case ADD_STA_SUCCESS:
 512                IWL_DEBUG_INFO(mvm, "Internal station added.\n");
 513                return 0;
 514        default:
 515                ret = -EIO;
 516                IWL_ERR(mvm, "Add internal station failed, status=0x%x\n",
 517                        status);
 518                break;
 519        }
 520        return ret;
 521}
 522
 523int iwl_mvm_add_aux_sta(struct iwl_mvm *mvm)
 524{
 525        int ret;
 526
 527        lockdep_assert_held(&mvm->mutex);
 528
 529        /* Map Aux queue to fifo - needs to happen before adding Aux station */
 530        iwl_trans_ac_txq_enable(mvm->trans, mvm->aux_queue,
 531                                IWL_MVM_TX_FIFO_MCAST);
 532
 533        /* Allocate aux station and assign to it the aux queue */
 534        ret = iwl_mvm_allocate_int_sta(mvm, &mvm->aux_sta, BIT(mvm->aux_queue),
 535                                       NL80211_IFTYPE_UNSPECIFIED);
 536        if (ret)
 537                return ret;
 538
 539        ret = iwl_mvm_add_int_sta_common(mvm, &mvm->aux_sta, NULL,
 540                                         MAC_INDEX_AUX, 0);
 541
 542        if (ret)
 543                iwl_mvm_dealloc_int_sta(mvm, &mvm->aux_sta);
 544        return ret;
 545}
 546
 547/*
 548 * Send the add station command for the vif's broadcast station.
 549 * Assumes that the station was already allocated.
 550 *
 551 * @mvm: the mvm component
 552 * @vif: the interface to which the broadcast station is added
 553 * @bsta: the broadcast station to add.
 554 */
 555int iwl_mvm_send_bcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
 556                           struct iwl_mvm_int_sta *bsta)
 557{
 558        struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
 559        static const u8 _baddr[] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
 560        const u8 *baddr = _baddr;
 561
 562        lockdep_assert_held(&mvm->mutex);
 563
 564        if (vif->type == NL80211_IFTYPE_ADHOC)
 565                baddr = vif->bss_conf.bssid;
 566
 567        if (WARN_ON_ONCE(bsta->sta_id == IWL_MVM_STATION_COUNT))
 568                return -ENOSPC;
 569
 570        return iwl_mvm_add_int_sta_common(mvm, bsta, baddr,
 571                                          mvmvif->id, mvmvif->color);
 572}
 573
 574/* Send the FW a request to remove the station from it's internal data
 575 * structures, but DO NOT remove the entry from the local data structures. */
 576int iwl_mvm_send_rm_bcast_sta(struct iwl_mvm *mvm,
 577                              struct iwl_mvm_int_sta *bsta)
 578{
 579        int ret;
 580
 581        lockdep_assert_held(&mvm->mutex);
 582
 583        ret = iwl_mvm_rm_sta_common(mvm, bsta->sta_id);
 584        if (ret)
 585                IWL_WARN(mvm, "Failed sending remove station\n");
 586        return ret;
 587}
 588
 589/* Allocate a new station entry for the broadcast station to the given vif,
 590 * and send it to the FW.
 591 * Note that each P2P mac should have its own broadcast station.
 592 *
 593 * @mvm: the mvm component
 594 * @vif: the interface to which the broadcast station is added
 595 * @bsta: the broadcast station to add. */
 596int iwl_mvm_add_bcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
 597                          struct iwl_mvm_int_sta *bsta)
 598{
 599        struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
 600        static const u8 baddr[] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
 601        u32 qmask;
 602        int ret;
 603
 604        lockdep_assert_held(&mvm->mutex);
 605
 606        qmask = iwl_mvm_mac_get_queues_mask(mvm, vif);
 607        ret = iwl_mvm_allocate_int_sta(mvm, bsta, qmask,
 608                                       ieee80211_vif_type_p2p(vif));
 609        if (ret)
 610                return ret;
 611
 612        ret = iwl_mvm_add_int_sta_common(mvm, bsta, baddr,
 613                                         mvmvif->id, mvmvif->color);
 614
 615        if (ret)
 616                iwl_mvm_dealloc_int_sta(mvm, bsta);
 617        return ret;
 618}
 619
 620/*
 621 * Send the FW a request to remove the station from it's internal data
 622 * structures, and in addition remove it from the local data structure.
 623 */
 624int iwl_mvm_rm_bcast_sta(struct iwl_mvm *mvm, struct iwl_mvm_int_sta *bsta)
 625{
 626        int ret;
 627
 628        lockdep_assert_held(&mvm->mutex);
 629
 630        ret = iwl_mvm_rm_sta_common(mvm, bsta->sta_id);
 631        if (ret)
 632                return ret;
 633
 634        iwl_mvm_dealloc_int_sta(mvm, bsta);
 635        return ret;
 636}
 637
 638#define IWL_MAX_RX_BA_SESSIONS 16
 639
 640int iwl_mvm_sta_rx_agg(struct iwl_mvm *mvm, struct ieee80211_sta *sta,
 641                       int tid, u16 ssn, bool start)
 642{
 643        struct iwl_mvm_sta *mvm_sta = (void *)sta->drv_priv;
 644        struct iwl_mvm_add_sta_cmd cmd = {};
 645        int ret;
 646        u32 status;
 647
 648        lockdep_assert_held(&mvm->mutex);
 649
 650        if (start && mvm->rx_ba_sessions >= IWL_MAX_RX_BA_SESSIONS) {
 651                IWL_WARN(mvm, "Not enough RX BA SESSIONS\n");
 652                return -ENOSPC;
 653        }
 654
 655        cmd.mac_id_n_color = cpu_to_le32(mvm_sta->mac_id_n_color);
 656        cmd.sta_id = mvm_sta->sta_id;
 657        cmd.add_modify = STA_MODE_MODIFY;
 658        if (start) {
 659                cmd.add_immediate_ba_tid = (u8) tid;
 660                cmd.add_immediate_ba_ssn = cpu_to_le16(ssn);
 661        } else {
 662                cmd.remove_immediate_ba_tid = (u8) tid;
 663        }
 664        cmd.modify_mask = start ? STA_MODIFY_ADD_BA_TID :
 665                                  STA_MODIFY_REMOVE_BA_TID;
 666
 667        status = ADD_STA_SUCCESS;
 668        ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA, sizeof(cmd),
 669                                          &cmd, &status);
 670        if (ret)
 671                return ret;
 672
 673        switch (status) {
 674        case ADD_STA_SUCCESS:
 675                IWL_DEBUG_INFO(mvm, "RX BA Session %sed in fw\n",
 676                               start ? "start" : "stopp");
 677                break;
 678        case ADD_STA_IMMEDIATE_BA_FAILURE:
 679                IWL_WARN(mvm, "RX BA Session refused by fw\n");
 680                ret = -ENOSPC;
 681                break;
 682        default:
 683                ret = -EIO;
 684                IWL_ERR(mvm, "RX BA Session failed %sing, status 0x%x\n",
 685                        start ? "start" : "stopp", status);
 686                break;
 687        }
 688
 689        if (!ret) {
 690                if (start)
 691                        mvm->rx_ba_sessions++;
 692                else if (mvm->rx_ba_sessions > 0)
 693                        /* check that restart flow didn't zero the counter */
 694                        mvm->rx_ba_sessions--;
 695        }
 696
 697        return ret;
 698}
 699
 700static int iwl_mvm_sta_tx_agg(struct iwl_mvm *mvm, struct ieee80211_sta *sta,
 701                              int tid, u8 queue, bool start)
 702{
 703        struct iwl_mvm_sta *mvm_sta = (void *)sta->drv_priv;
 704        struct iwl_mvm_add_sta_cmd cmd = {};
 705        int ret;
 706        u32 status;
 707
 708        lockdep_assert_held(&mvm->mutex);
 709
 710        if (start) {
 711                mvm_sta->tfd_queue_msk |= BIT(queue);
 712                mvm_sta->tid_disable_agg &= ~BIT(tid);
 713        } else {
 714                mvm_sta->tfd_queue_msk &= ~BIT(queue);
 715                mvm_sta->tid_disable_agg |= BIT(tid);
 716        }
 717
 718        cmd.mac_id_n_color = cpu_to_le32(mvm_sta->mac_id_n_color);
 719        cmd.sta_id = mvm_sta->sta_id;
 720        cmd.add_modify = STA_MODE_MODIFY;
 721        cmd.modify_mask = STA_MODIFY_QUEUES | STA_MODIFY_TID_DISABLE_TX;
 722        cmd.tfd_queue_msk = cpu_to_le32(mvm_sta->tfd_queue_msk);
 723        cmd.tid_disable_tx = cpu_to_le16(mvm_sta->tid_disable_agg);
 724
 725        status = ADD_STA_SUCCESS;
 726        ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA, sizeof(cmd),
 727                                          &cmd, &status);
 728        if (ret)
 729                return ret;
 730
 731        switch (status) {
 732        case ADD_STA_SUCCESS:
 733                break;
 734        default:
 735                ret = -EIO;
 736                IWL_ERR(mvm, "TX BA Session failed %sing, status 0x%x\n",
 737                        start ? "start" : "stopp", status);
 738                break;
 739        }
 740
 741        return ret;
 742}
 743
 744const u8 tid_to_mac80211_ac[] = {
 745        IEEE80211_AC_BE,
 746        IEEE80211_AC_BK,
 747        IEEE80211_AC_BK,
 748        IEEE80211_AC_BE,
 749        IEEE80211_AC_VI,
 750        IEEE80211_AC_VI,
 751        IEEE80211_AC_VO,
 752        IEEE80211_AC_VO,
 753};
 754
 755static const u8 tid_to_ucode_ac[] = {
 756        AC_BE,
 757        AC_BK,
 758        AC_BK,
 759        AC_BE,
 760        AC_VI,
 761        AC_VI,
 762        AC_VO,
 763        AC_VO,
 764};
 765
 766int iwl_mvm_sta_tx_agg_start(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
 767                             struct ieee80211_sta *sta, u16 tid, u16 *ssn)
 768{
 769        struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
 770        struct iwl_mvm_tid_data *tid_data;
 771        int txq_id;
 772
 773        if (WARN_ON_ONCE(tid >= IWL_MAX_TID_COUNT))
 774                return -EINVAL;
 775
 776        if (mvmsta->tid_data[tid].state != IWL_AGG_OFF) {
 777                IWL_ERR(mvm, "Start AGG when state is not IWL_AGG_OFF %d!\n",
 778                        mvmsta->tid_data[tid].state);
 779                return -ENXIO;
 780        }
 781
 782        lockdep_assert_held(&mvm->mutex);
 783
 784        for (txq_id = mvm->first_agg_queue;
 785             txq_id <= mvm->last_agg_queue; txq_id++)
 786                if (mvm->queue_to_mac80211[txq_id] ==
 787                    IWL_INVALID_MAC80211_QUEUE)
 788                        break;
 789
 790        if (txq_id > mvm->last_agg_queue) {
 791                IWL_ERR(mvm, "Failed to allocate agg queue\n");
 792                return -EIO;
 793        }
 794
 795        spin_lock_bh(&mvmsta->lock);
 796
 797        /* possible race condition - we entered D0i3 while starting agg */
 798        if (test_bit(IWL_MVM_STATUS_IN_D0I3, &mvm->status)) {
 799                spin_unlock_bh(&mvmsta->lock);
 800                IWL_ERR(mvm, "Entered D0i3 while starting Tx agg\n");
 801                return -EIO;
 802        }
 803
 804        /* the new tx queue is still connected to the same mac80211 queue */
 805        mvm->queue_to_mac80211[txq_id] = vif->hw_queue[tid_to_mac80211_ac[tid]];
 806
 807        tid_data = &mvmsta->tid_data[tid];
 808        tid_data->ssn = IEEE80211_SEQ_TO_SN(tid_data->seq_number);
 809        tid_data->txq_id = txq_id;
 810        *ssn = tid_data->ssn;
 811
 812        IWL_DEBUG_TX_QUEUES(mvm,
 813                            "Start AGG: sta %d tid %d queue %d - ssn = %d, next_recl = %d\n",
 814                            mvmsta->sta_id, tid, txq_id, tid_data->ssn,
 815                            tid_data->next_reclaimed);
 816
 817        if (tid_data->ssn == tid_data->next_reclaimed) {
 818                tid_data->state = IWL_AGG_STARTING;
 819                ieee80211_start_tx_ba_cb_irqsafe(vif, sta->addr, tid);
 820        } else {
 821                tid_data->state = IWL_EMPTYING_HW_QUEUE_ADDBA;
 822        }
 823
 824        spin_unlock_bh(&mvmsta->lock);
 825
 826        return 0;
 827}
 828
 829int iwl_mvm_sta_tx_agg_oper(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
 830                            struct ieee80211_sta *sta, u16 tid, u8 buf_size)
 831{
 832        struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
 833        struct iwl_mvm_tid_data *tid_data = &mvmsta->tid_data[tid];
 834        int queue, fifo, ret;
 835        u16 ssn;
 836
 837        buf_size = min_t(int, buf_size, LINK_QUAL_AGG_FRAME_LIMIT_DEF);
 838
 839        spin_lock_bh(&mvmsta->lock);
 840        ssn = tid_data->ssn;
 841        queue = tid_data->txq_id;
 842        tid_data->state = IWL_AGG_ON;
 843        tid_data->ssn = 0xffff;
 844        spin_unlock_bh(&mvmsta->lock);
 845
 846        fifo = iwl_mvm_ac_to_tx_fifo[tid_to_mac80211_ac[tid]];
 847
 848        ret = iwl_mvm_sta_tx_agg(mvm, sta, tid, queue, true);
 849        if (ret)
 850                return -EIO;
 851
 852        iwl_trans_txq_enable(mvm->trans, queue, fifo, mvmsta->sta_id, tid,
 853                             buf_size, ssn);
 854
 855        /*
 856         * Even though in theory the peer could have different
 857         * aggregation reorder buffer sizes for different sessions,
 858         * our ucode doesn't allow for that and has a global limit
 859         * for each station. Therefore, use the minimum of all the
 860         * aggregation sessions and our default value.
 861         */
 862        mvmsta->max_agg_bufsize =
 863                min(mvmsta->max_agg_bufsize, buf_size);
 864        mvmsta->lq_sta.lq.agg_frame_cnt_limit = mvmsta->max_agg_bufsize;
 865
 866        IWL_DEBUG_HT(mvm, "Tx aggregation enabled on ra = %pM tid = %d\n",
 867                     sta->addr, tid);
 868
 869        return iwl_mvm_send_lq_cmd(mvm, &mvmsta->lq_sta.lq, false);
 870}
 871
 872int iwl_mvm_sta_tx_agg_stop(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
 873                            struct ieee80211_sta *sta, u16 tid)
 874{
 875        struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
 876        struct iwl_mvm_tid_data *tid_data = &mvmsta->tid_data[tid];
 877        u16 txq_id;
 878        int err;
 879
 880
 881        /*
 882         * If mac80211 is cleaning its state, then say that we finished since
 883         * our state has been cleared anyway.
 884         */
 885        if (test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status)) {
 886                ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid);
 887                return 0;
 888        }
 889
 890        spin_lock_bh(&mvmsta->lock);
 891
 892        txq_id = tid_data->txq_id;
 893
 894        IWL_DEBUG_TX_QUEUES(mvm, "Stop AGG: sta %d tid %d q %d state %d\n",
 895                            mvmsta->sta_id, tid, txq_id, tid_data->state);
 896
 897        switch (tid_data->state) {
 898        case IWL_AGG_ON:
 899                tid_data->ssn = IEEE80211_SEQ_TO_SN(tid_data->seq_number);
 900
 901                IWL_DEBUG_TX_QUEUES(mvm,
 902                                    "ssn = %d, next_recl = %d\n",
 903                                    tid_data->ssn, tid_data->next_reclaimed);
 904
 905                /* There are still packets for this RA / TID in the HW */
 906                if (tid_data->ssn != tid_data->next_reclaimed) {
 907                        tid_data->state = IWL_EMPTYING_HW_QUEUE_DELBA;
 908                        err = 0;
 909                        break;
 910                }
 911
 912                tid_data->ssn = 0xffff;
 913                iwl_trans_txq_disable(mvm->trans, txq_id);
 914                /* fall through */
 915        case IWL_AGG_STARTING:
 916        case IWL_EMPTYING_HW_QUEUE_ADDBA:
 917                /*
 918                 * The agg session has been stopped before it was set up. This
 919                 * can happen when the AddBA timer times out for example.
 920                 */
 921
 922                /* No barriers since we are under mutex */
 923                lockdep_assert_held(&mvm->mutex);
 924                mvm->queue_to_mac80211[txq_id] = IWL_INVALID_MAC80211_QUEUE;
 925
 926                ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid);
 927                tid_data->state = IWL_AGG_OFF;
 928                err = 0;
 929                break;
 930        default:
 931                IWL_ERR(mvm,
 932                        "Stopping AGG while state not ON or starting for %d on %d (%d)\n",
 933                        mvmsta->sta_id, tid, tid_data->state);
 934                IWL_ERR(mvm,
 935                        "\ttid_data->txq_id = %d\n", tid_data->txq_id);
 936                err = -EINVAL;
 937        }
 938
 939        spin_unlock_bh(&mvmsta->lock);
 940
 941        return err;
 942}
 943
 944int iwl_mvm_sta_tx_agg_flush(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
 945                            struct ieee80211_sta *sta, u16 tid)
 946{
 947        struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
 948        struct iwl_mvm_tid_data *tid_data = &mvmsta->tid_data[tid];
 949        u16 txq_id;
 950        enum iwl_mvm_agg_state old_state;
 951
 952        /*
 953         * First set the agg state to OFF to avoid calling
 954         * ieee80211_stop_tx_ba_cb in iwl_mvm_check_ratid_empty.
 955         */
 956        spin_lock_bh(&mvmsta->lock);
 957        txq_id = tid_data->txq_id;
 958        IWL_DEBUG_TX_QUEUES(mvm, "Flush AGG: sta %d tid %d q %d state %d\n",
 959                            mvmsta->sta_id, tid, txq_id, tid_data->state);
 960        old_state = tid_data->state;
 961        tid_data->state = IWL_AGG_OFF;
 962        spin_unlock_bh(&mvmsta->lock);
 963
 964        if (old_state >= IWL_AGG_ON) {
 965                if (iwl_mvm_flush_tx_path(mvm, BIT(txq_id), true))
 966                        IWL_ERR(mvm, "Couldn't flush the AGG queue\n");
 967
 968                iwl_trans_txq_disable(mvm->trans, tid_data->txq_id);
 969        }
 970
 971        mvm->queue_to_mac80211[tid_data->txq_id] =
 972                                IWL_INVALID_MAC80211_QUEUE;
 973
 974        return 0;
 975}
 976
 977static int iwl_mvm_set_fw_key_idx(struct iwl_mvm *mvm)
 978{
 979        int i;
 980
 981        lockdep_assert_held(&mvm->mutex);
 982
 983        i = find_first_zero_bit(mvm->fw_key_table, STA_KEY_MAX_NUM);
 984
 985        if (i == STA_KEY_MAX_NUM)
 986                return STA_KEY_IDX_INVALID;
 987
 988        __set_bit(i, mvm->fw_key_table);
 989
 990        return i;
 991}
 992
 993static u8 iwl_mvm_get_key_sta_id(struct ieee80211_vif *vif,
 994                                 struct ieee80211_sta *sta)
 995{
 996        struct iwl_mvm_vif *mvmvif = (void *)vif->drv_priv;
 997
 998        if (sta) {
 999                struct iwl_mvm_sta *mvm_sta = (void *)sta->drv_priv;
1000

1001                return mvm_sta->sta_id;
1002        }
1003
1004        /*
1005         * The device expects GTKs for station interfaces to be
1006         * installed as GTKs for the AP station. If we have no
1007         * station ID, then use AP's station ID.
1008         */
1009        if (vif->type == NL80211_IFTYPE_STATION &&
1010            mvmvif->ap_sta_id != IWL_MVM_STATION_COUNT)
1011                return mvmvif->ap_sta_id;
1012
1013        return IWL_MVM_STATION_COUNT;
1014}
1015
1016static int iwl_mvm_send_sta_key(struct iwl_mvm *mvm,
1017                                struct iwl_mvm_sta *mvm_sta,
1018                                struct ieee80211_key_conf *keyconf,
1019                                u8 sta_id, u32 tkip_iv32, u16 *tkip_p1k,
1020                                u32 cmd_flags)
1021{
1022        struct iwl_mvm_add_sta_key_cmd cmd = {};
1023        __le16 key_flags;
1024        int ret, status;
1025        u16 keyidx;
1026        int i;
1027
1028        keyidx = (keyconf->keyidx << STA_KEY_FLG_KEYID_POS) &
1029                 STA_KEY_FLG_KEYID_MSK;
1030        key_flags = cpu_to_le16(keyidx);
1031        key_flags |= cpu_to_le16(STA_KEY_FLG_WEP_KEY_MAP);
1032
1033        switch (keyconf->cipher) {
1034        case WLAN_CIPHER_SUITE_TKIP:
1035                key_flags |= cpu_to_le16(STA_KEY_FLG_TKIP);
1036                cmd.tkip_rx_tsc_byte2 = tkip_iv32;
1037                for (i = 0; i < 5; i++)
1038                        cmd.tkip_rx_ttak[i] = cpu_to_le16(tkip_p1k[i]);
1039                memcpy(cmd.key, keyconf->key, keyconf->keylen);
1040                break;
1041        case WLAN_CIPHER_SUITE_CCMP:
1042                key_flags |= cpu_to_le16(STA_KEY_FLG_CCM);
1043                memcpy(cmd.key, keyconf->key, keyconf->keylen);
1044                break;
1045        default:
1046                key_flags |= cpu_to_le16(STA_KEY_FLG_EXT);
1047                memcpy(cmd.key, keyconf->key, keyconf->keylen);
1048        }
1049
1050        if (!(keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE))
1051                key_flags |= cpu_to_le16(STA_KEY_MULTICAST);
1052
1053        cmd.key_offset = keyconf->hw_key_idx;
1054        cmd.key_flags = key_flags;
1055        cmd.sta_id = sta_id;
1056
1057        status = ADD_STA_SUCCESS;
1058        if (cmd_flags & CMD_ASYNC)
1059                ret =  iwl_mvm_send_cmd_pdu(mvm, ADD_STA_KEY, CMD_ASYNC,
1060                                            sizeof(cmd), &cmd);
1061        else
1062                ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA_KEY, sizeof(cmd),
1063                                                  &cmd, &status);
1064
1065        switch (status) {
1066        case ADD_STA_SUCCESS:
1067                IWL_DEBUG_WEP(mvm, "MODIFY_STA: set dynamic key passed\n");
1068                break;
1069        default:
1070                ret = -EIO;
1071                IWL_ERR(mvm, "MODIFY_STA: set dynamic key failed\n");
1072                break;
1073        }
1074
1075        return ret;
1076}
1077
1078static int iwl_mvm_send_sta_igtk(struct iwl_mvm *mvm,
1079                                 struct ieee80211_key_conf *keyconf,
1080                                 u8 sta_id, bool remove_key)
1081{
1082        struct iwl_mvm_mgmt_mcast_key_cmd igtk_cmd = {};
1083
1084        /* verify the key details match the required command's expectations */
1085        if (WARN_ON((keyconf->cipher != WLAN_CIPHER_SUITE_AES_CMAC) ||
1086                    (keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
1087                    (keyconf->keyidx != 4 && keyconf->keyidx != 5)))
1088                return -EINVAL;
1089
1090        igtk_cmd.key_id = cpu_to_le32(keyconf->keyidx);
1091        igtk_cmd.sta_id = cpu_to_le32(sta_id);
1092
1093        if (remove_key) {
1094                igtk_cmd.ctrl_flags |= cpu_to_le32(STA_KEY_NOT_VALID);
1095        } else {
1096                struct ieee80211_key_seq seq;
1097                const u8 *pn;
1098
1099                memcpy(igtk_cmd.IGTK, keyconf->key, keyconf->keylen);
1100                ieee80211_aes_cmac_calculate_k1_k2(keyconf,
1101                                                   igtk_cmd.K1, igtk_cmd.K2);
1102                ieee80211_get_key_rx_seq(keyconf, 0, &seq);
1103                pn = seq.aes_cmac.pn;
1104                igtk_cmd.receive_seq_cnt = cpu_to_le64(((u64) pn[5] << 0) |
1105                                                       ((u64) pn[4] << 8) |
1106                                                       ((u64) pn[3] << 16) |
1107                                                       ((u64) pn[2] << 24) |
1108                                                       ((u64) pn[1] << 32) |
1109                                                       ((u64) pn[0] << 40));
1110        }
1111
1112        IWL_DEBUG_INFO(mvm, "%s igtk for sta %u\n",
1113                       remove_key ? "removing" : "installing",
1114                       igtk_cmd.sta_id);
1115
1116        return iwl_mvm_send_cmd_pdu(mvm, MGMT_MCAST_KEY, 0,
1117                                    sizeof(igtk_cmd), &igtk_cmd);
1118}
1119
1120
1121static inline u8 *iwl_mvm_get_mac_addr(struct iwl_mvm *mvm,
1122                                       struct ieee80211_vif *vif,
1123                                       struct ieee80211_sta *sta)
1124{
1125        struct iwl_mvm_vif *mvmvif = (void *)vif->drv_priv;
1126
1127        if (sta)
1128                return sta->addr;
1129
1130        if (vif->type == NL80211_IFTYPE_STATION &&
1131            mvmvif->ap_sta_id != IWL_MVM_STATION_COUNT) {
1132                u8 sta_id = mvmvif->ap_sta_id;
1133                sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[sta_id],
1134                                                lockdep_is_held(&mvm->mutex));
1135                return sta->addr;
1136        }
1137
1138
1139        return NULL;
1140}
1141
1142int iwl_mvm_set_sta_key(struct iwl_mvm *mvm,
1143                        struct ieee80211_vif *vif,
1144                        struct ieee80211_sta *sta,
1145                        struct ieee80211_key_conf *keyconf,
1146                        bool have_key_offset)
1147{
1148        struct iwl_mvm_sta *mvm_sta;
1149        int ret;
1150        u8 *addr, sta_id;
1151        struct ieee80211_key_seq seq;
1152        u16 p1k[5];
1153
1154        lockdep_assert_held(&mvm->mutex);
1155
1156        /* Get the station id from the mvm local station table */
1157        sta_id = iwl_mvm_get_key_sta_id(vif, sta);
1158        if (sta_id == IWL_MVM_STATION_COUNT) {
1159                IWL_ERR(mvm, "Failed to find station id\n");
1160                return -EINVAL;
1161        }
1162
1163        if (keyconf->cipher == WLAN_CIPHER_SUITE_AES_CMAC) {
1164                ret = iwl_mvm_send_sta_igtk(mvm, keyconf, sta_id, false);
1165                goto end;
1166        }
1167
1168        /*
1169         * It is possible that the 'sta' parameter is NULL, and thus
1170         * there is a need to retrieve  the sta from the local station table.
1171         */
1172        if (!sta) {
1173                sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[sta_id],
1174                                                lockdep_is_held(&mvm->mutex));
1175                if (IS_ERR_OR_NULL(sta)) {
1176                        IWL_ERR(mvm, "Invalid station id\n");
1177                        return -EINVAL;
1178                }
1179        }
1180
1181        mvm_sta = (struct iwl_mvm_sta *)sta->drv_priv;
1182        if (WARN_ON_ONCE(mvm_sta->vif != vif))
1183                return -EINVAL;
1184
1185        if (!have_key_offset) {
1186                /*
1187                 * The D3 firmware hardcodes the PTK offset to 0, so we have to
1188                 * configure it there. As a result, this workaround exists to
1189                 * let the caller set the key offset (hw_key_idx), see d3.c.
1190                 */
1191                keyconf->hw_key_idx = iwl_mvm_set_fw_key_idx(mvm);
1192                if (keyconf->hw_key_idx == STA_KEY_IDX_INVALID)
1193                        return -ENOSPC;
1194        }
1195
1196        switch (keyconf->cipher) {
1197        case WLAN_CIPHER_SUITE_TKIP:
1198                addr = iwl_mvm_get_mac_addr(mvm, vif, sta);
1199                /* get phase 1 key from mac80211 */
1200                ieee80211_get_key_rx_seq(keyconf, 0, &seq);
1201                ieee80211_get_tkip_rx_p1k(keyconf, addr, seq.tkip.iv32, p1k);
1202                ret = iwl_mvm_send_sta_key(mvm, mvm_sta, keyconf, sta_id,
1203                                           seq.tkip.iv32, p1k, 0);
1204                break;
1205        case WLAN_CIPHER_SUITE_CCMP:
1206                ret = iwl_mvm_send_sta_key(mvm, mvm_sta, keyconf, sta_id,
1207                                           0, NULL, 0);
1208                break;
1209        default:
1210                ret = iwl_mvm_send_sta_key(mvm, mvm_sta, keyconf,
1211                                           sta_id, 0, NULL, 0);
1212        }
1213
1214        if (ret)
1215                __clear_bit(keyconf->hw_key_idx, mvm->fw_key_table);
1216
1217end:
1218        IWL_DEBUG_WEP(mvm, "key: cipher=%x len=%d idx=%d sta=%pM ret=%d\n",
1219                      keyconf->cipher, keyconf->keylen, keyconf->keyidx,
1220                      sta->addr, ret);
1221        return ret;
1222}
1223
1224int iwl_mvm_remove_sta_key(struct iwl_mvm *mvm,
1225                           struct ieee80211_vif *vif,
1226                           struct ieee80211_sta *sta,
1227                           struct ieee80211_key_conf *keyconf)
1228{
1229        struct iwl_mvm_sta *mvm_sta;
1230        struct iwl_mvm_add_sta_key_cmd cmd = {};
1231        __le16 key_flags;
1232        int ret, status;
1233        u8 sta_id;
1234
1235        lockdep_assert_held(&mvm->mutex);
1236
1237        /* Get the station id from the mvm local station table */
1238        sta_id = iwl_mvm_get_key_sta_id(vif, sta);
1239
1240        IWL_DEBUG_WEP(mvm, "mvm remove dynamic key: idx=%d sta=%d\n",
1241                      keyconf->keyidx, sta_id);
1242
1243        if (keyconf->cipher == WLAN_CIPHER_SUITE_AES_CMAC)
1244                return iwl_mvm_send_sta_igtk(mvm, keyconf, sta_id, true);
1245
1246        ret = __test_and_clear_bit(keyconf->hw_key_idx, mvm->fw_key_table);
1247        if (!ret) {
1248                IWL_ERR(mvm, "offset %d not used in fw key table.\n",
1249                        keyconf->hw_key_idx);
1250                return -ENOENT;
1251        }
1252
1253        if (sta_id == IWL_MVM_STATION_COUNT) {
1254                IWL_DEBUG_WEP(mvm, "station non-existent, early return.\n");
1255                return 0;
1256        }
1257
1258        /*
1259         * It is possible that the 'sta' parameter is NULL, and thus
1260         * there is a need to retrieve the sta from the local station table,
1261         * for example when a GTK is removed (where the sta_id will then be
1262         * the AP ID, and no station was passed by mac80211.)
1263         */
1264        if (!sta) {
1265                sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[sta_id],
1266                                                lockdep_is_held(&mvm->mutex));
1267                if (!sta) {
1268                        IWL_ERR(mvm, "Invalid station id\n");
1269                        return -EINVAL;
1270                }
1271        }
1272
1273        mvm_sta = (struct iwl_mvm_sta *)sta->drv_priv;
1274        if (WARN_ON_ONCE(mvm_sta->vif != vif))
1275                return -EINVAL;
1276
1277        key_flags = cpu_to_le16((keyconf->keyidx << STA_KEY_FLG_KEYID_POS) &
1278                                 STA_KEY_FLG_KEYID_MSK);
1279        key_flags |= cpu_to_le16(STA_KEY_FLG_NO_ENC | STA_KEY_FLG_WEP_KEY_MAP);
1280        key_flags |= cpu_to_le16(STA_KEY_NOT_VALID);
1281
1282        if (!(keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE))
1283                key_flags |= cpu_to_le16(STA_KEY_MULTICAST);
1284
1285        cmd.key_flags = key_flags;
1286        cmd.key_offset = keyconf->hw_key_idx;
1287        cmd.sta_id = sta_id;
1288
1289        status = ADD_STA_SUCCESS;
1290        ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA_KEY, sizeof(cmd),
1291                                          &cmd, &status);
1292
1293        switch (status) {
1294        case ADD_STA_SUCCESS:
1295                IWL_DEBUG_WEP(mvm, "MODIFY_STA: remove sta key passed\n");
1296                break;
1297        default:
1298                ret = -EIO;
1299                IWL_ERR(mvm, "MODIFY_STA: remove sta key failed\n");
1300                break;
1301        }
1302
1303        return ret;
1304}
1305
1306void iwl_mvm_update_tkip_key(struct iwl_mvm *mvm,
1307                             struct ieee80211_vif *vif,
1308                             struct ieee80211_key_conf *keyconf,
1309                             struct ieee80211_sta *sta, u32 iv32,
1310                             u16 *phase1key)
1311{
1312        struct iwl_mvm_sta *mvm_sta;
1313        u8 sta_id = iwl_mvm_get_key_sta_id(vif, sta);
1314
1315        if (WARN_ON_ONCE(sta_id == IWL_MVM_STATION_COUNT))
1316                return;
1317
1318        rcu_read_lock();
1319
1320        if (!sta) {
1321                sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]);
1322                if (WARN_ON(IS_ERR_OR_NULL(sta))) {
1323                        rcu_read_unlock();
1324                        return;
1325                }
1326        }
1327
1328        mvm_sta = (void *)sta->drv_priv;
1329        iwl_mvm_send_sta_key(mvm, mvm_sta, keyconf, sta_id,
1330                             iv32, phase1key, CMD_ASYNC);
1331        rcu_read_unlock();
1332}
1333
1334void iwl_mvm_sta_modify_ps_wake(struct iwl_mvm *mvm,
1335                                struct ieee80211_sta *sta)
1336{
1337        struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
1338        struct iwl_mvm_add_sta_cmd cmd = {
1339                .add_modify = STA_MODE_MODIFY,
1340                .sta_id = mvmsta->sta_id,
1341                .station_flags_msk = cpu_to_le32(STA_FLG_PS),
1342                .mac_id_n_color = cpu_to_le32(mvmsta->mac_id_n_color),
1343        };
1344        int ret;
1345
1346        ret = iwl_mvm_send_cmd_pdu(mvm, ADD_STA, CMD_ASYNC, sizeof(cmd), &cmd);
1347        if (ret)
1348                IWL_ERR(mvm, "Failed to send ADD_STA command (%d)\n", ret);
1349}
1350
1351void iwl_mvm_sta_modify_sleep_tx_count(struct iwl_mvm *mvm,
1352                                       struct ieee80211_sta *sta,
1353                                       enum ieee80211_frame_release_type reason,
1354                                       u16 cnt, u16 tids, bool more_data,
1355                                       bool agg)
1356{
1357        struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
1358        struct iwl_mvm_add_sta_cmd cmd = {
1359                .add_modify = STA_MODE_MODIFY,
1360                .sta_id = mvmsta->sta_id,
1361                .modify_mask = STA_MODIFY_SLEEPING_STA_TX_COUNT,
1362                .sleep_tx_count = cpu_to_le16(cnt),
1363                .mac_id_n_color = cpu_to_le32(mvmsta->mac_id_n_color),
1364        };
1365        int tid, ret;
1366        unsigned long _tids = tids;
1367
1368        /* convert TIDs to ACs - we don't support TSPEC so that's OK
1369         * Note that this field is reserved and unused by firmware not
1370         * supporting GO uAPSD, so it's safe to always do this.
1371         */
1372        for_each_set_bit(tid, &_tids, IWL_MAX_TID_COUNT)
1373                cmd.awake_acs |= BIT(tid_to_ucode_ac[tid]);
1374
1375        /* If we're releasing frames from aggregation queues then check if the
1376         * all queues combined that we're releasing frames from have
1377         *  - more frames than the service period, in which case more_data
1378         *    needs to be set
1379         *  - fewer than 'cnt' frames, in which case we need to adjust the
1380         *    firmware command (but do that unconditionally)
1381         */
1382        if (agg) {
1383                int remaining = cnt;
1384
1385                spin_lock_bh(&mvmsta->lock);
1386                for_each_set_bit(tid, &_tids, IWL_MAX_TID_COUNT) {
1387                        struct iwl_mvm_tid_data *tid_data;
1388                        u16 n_queued;
1389
1390                        tid_data = &mvmsta->tid_data[tid];
1391                        if (WARN(tid_data->state != IWL_AGG_ON &&
1392                                 tid_data->state != IWL_EMPTYING_HW_QUEUE_DELBA,
1393                                 "TID %d state is %d\n",
1394                                 tid, tid_data->state)) {
1395                                spin_unlock_bh(&mvmsta->lock);
1396                                ieee80211_sta_eosp(sta);
1397                                return;
1398                        }
1399
1400                        n_queued = iwl_mvm_tid_queued(tid_data);
1401                        if (n_queued > remaining) {
1402                                more_data = true;
1403                                remaining = 0;
1404                                break;
1405                        }
1406                        remaining -= n_queued;
1407                }
1408                spin_unlock_bh(&mvmsta->lock);
1409
1410                cmd.sleep_tx_count = cpu_to_le16(cnt - remaining);
1411                if (WARN_ON(cnt - remaining == 0)) {
1412                        ieee80211_sta_eosp(sta);
1413                        return;
1414                }
1415        }
1416
1417        /* Note: this is ignored by firmware not supporting GO uAPSD */
1418        if (more_data)
1419                cmd.sleep_state_flags |= cpu_to_le16(STA_SLEEP_STATE_MOREDATA);
1420
1421        if (reason == IEEE80211_FRAME_RELEASE_PSPOLL) {
1422                mvmsta->next_status_eosp = true;
1423                cmd.sleep_state_flags |= cpu_to_le16(STA_SLEEP_STATE_PS_POLL);
1424        } else {
1425                cmd.sleep_state_flags |= cpu_to_le16(STA_SLEEP_STATE_UAPSD);
1426        }
1427
1428        ret = iwl_mvm_send_cmd_pdu(mvm, ADD_STA, CMD_ASYNC, sizeof(cmd), &cmd);
1429        if (ret)
1430                IWL_ERR(mvm, "Failed to send ADD_STA command (%d)\n", ret);
1431}
1432
1433int iwl_mvm_rx_eosp_notif(struct iwl_mvm *mvm,
1434                          struct iwl_rx_cmd_buffer *rxb,
1435                          struct iwl_device_cmd *cmd)
1436{
1437        struct iwl_rx_packet *pkt = rxb_addr(rxb);
1438        struct iwl_mvm_eosp_notification *notif = (void *)pkt->data;
1439        struct ieee80211_sta *sta;
1440        u32 sta_id = le32_to_cpu(notif->sta_id);
1441
1442        if (WARN_ON_ONCE(sta_id >= IWL_MVM_STATION_COUNT))
1443                return 0;
1444
1445        rcu_read_lock();
1446        sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]);
1447        if (!IS_ERR_OR_NULL(sta))
1448                ieee80211_sta_eosp(sta);
1449        rcu_read_unlock();
1450
1451        return 0;
1452}
1453
1454void iwl_mvm_sta_modify_disable_tx(struct iwl_mvm *mvm,
1455                                   struct iwl_mvm_sta *mvmsta, bool disable)
1456{
1457        struct iwl_mvm_add_sta_cmd cmd = {
1458                .add_modify = STA_MODE_MODIFY,
1459                .sta_id = mvmsta->sta_id,
1460                .station_flags = disable ? cpu_to_le32(STA_FLG_DISABLE_TX) : 0,
1461                .station_flags_msk = cpu_to_le32(STA_FLG_DISABLE_TX),
1462                .mac_id_n_color = cpu_to_le32(mvmsta->mac_id_n_color),
1463        };
1464        int ret;
1465
1466        if (!(mvm->fw->ucode_capa.api[0] & IWL_UCODE_TLV_API_DISABLE_STA_TX))
1467                return;
1468
1469        ret = iwl_mvm_send_cmd_pdu(mvm, ADD_STA, CMD_ASYNC, sizeof(cmd), &cmd);
1470        if (ret)
1471                IWL_ERR(mvm, "Failed to send ADD_STA command (%d)\n", ret);
1472}
1473
1474void iwl_mvm_sta_modify_disable_tx_ap(struct iwl_mvm *mvm,
1475                                      struct ieee80211_sta *sta,
1476                                      bool disable)
1477{
1478        struct iwl_mvm_sta *mvm_sta = iwl_mvm_sta_from_mac80211(sta);
1479
1480        spin_lock_bh(&mvm_sta->lock);
1481
1482        if (mvm_sta->disable_tx == disable) {
1483                spin_unlock_bh(&mvm_sta->lock);
1484                return;
1485        }
1486
1487        mvm_sta->disable_tx = disable;
1488
1489        /*
1490         * Tell mac80211 to start/stop queueing tx for this station,
1491         * but don't stop queueing if there are still pending frames
1492         * for this station.
1493         */
1494        if (disable || !atomic_read(&mvm->pending_frames[mvm_sta->sta_id]))
1495                ieee80211_sta_block_awake(mvm->hw, sta, disable);
1496
1497        iwl_mvm_sta_modify_disable_tx(mvm, mvm_sta, disable);
1498
1499        spin_unlock_bh(&mvm_sta->lock);
1500}
1501
1502void iwl_mvm_modify_all_sta_disable_tx(struct iwl_mvm *mvm,
1503                                       struct iwl_mvm_vif *mvmvif,
1504                                       bool disable)
1505{
1506        struct ieee80211_sta *sta;
1507        struct iwl_mvm_sta *mvm_sta;
1508        int i;
1509
1510        lockdep_assert_held(&mvm->mutex);
1511
1512        /* Block/unblock all the stations of the given mvmvif */
1513        for (i = 0; i < IWL_MVM_STATION_COUNT; i++) {
1514                sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[i],
1515                                                lockdep_is_held(&mvm->mutex));
1516                if (IS_ERR_OR_NULL(sta))
1517                        continue;
1518
1519                mvm_sta = iwl_mvm_sta_from_mac80211(sta);
1520                if (mvm_sta->mac_id_n_color !=
1521                    FW_CMD_ID_AND_COLOR(mvmvif->id, mvmvif->color))
1522                        continue;
1523
1524                iwl_mvm_sta_modify_disable_tx_ap(mvm, sta, disable);
1525        }
1526}
1527