1// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause 2/* 3 * Copyright (C) 2012-2014, 2018-2023 Intel Corporation 4 * Copyright (C) 2013-2015 Intel Mobile Communications GmbH 5 * Copyright (C) 2016-2017 Intel Deutschland GmbH 6 */ 7#include <linux/module.h> 8#include <linux/rtnetlink.h> 9#include <linux/vmalloc.h> 10#include <net/mac80211.h> 11 12#include "fw/notif-wait.h" 13#include "iwl-trans.h" 14#include "iwl-op-mode.h" 15#include "fw/img.h" 16#include "iwl-debug.h" 17#include "iwl-drv.h" 18#include "iwl-modparams.h" 19#include "mvm.h" 20#include "iwl-phy-db.h" 21#include "iwl-eeprom-parse.h" 22#include "iwl-csr.h" 23#include "iwl-io.h" 24#include "iwl-prph.h" 25#include "rs.h" 26#include "fw/api/scan.h" 27#include "fw/api/rfi.h" 28#include "time-event.h" 29#include "fw-api.h" 30#include "fw/acpi.h" 31#include "fw/uefi.h" 32#include "time-sync.h" 33 34#define DRV_DESCRIPTION "The new Intel(R) wireless AGN driver for Linux" 35MODULE_DESCRIPTION(DRV_DESCRIPTION); 36MODULE_LICENSE("GPL"); 37MODULE_IMPORT_NS(IWLWIFI); 38 39static const struct iwl_op_mode_ops iwl_mvm_ops; 40static const struct iwl_op_mode_ops iwl_mvm_ops_mq; 41 42struct iwl_mvm_mod_params iwlmvm_mod_params = { 43 .power_scheme = IWL_POWER_SCHEME_BPS, 44 /* rest of fields are 0 by default */ 45}; 46 47module_param_named(init_dbg, iwlmvm_mod_params.init_dbg, bool, 0444); 48MODULE_PARM_DESC(init_dbg, 49 "set to true to debug an ASSERT in INIT fw (default: false"); 50module_param_named(power_scheme, iwlmvm_mod_params.power_scheme, int, 0444); 51MODULE_PARM_DESC(power_scheme, 52 "power management scheme: 1-active, 2-balanced, 3-low power, default: 2"); 53 54/* 55 * module init and exit functions 56 */ 57static int __init iwl_mvm_init(void) 58{ 59 int ret; 60 61 ret = iwl_mvm_rate_control_register(); 62 if (ret) { 63 pr_err("Unable to register rate control algorithm: %d\n", ret); 64 return ret; 65 } 66 67 ret = iwl_opmode_register("iwlmvm", &iwl_mvm_ops); 68 if (ret) 69 pr_err("Unable to register MVM op_mode: %d\n", ret); 70 71 return ret; 72} 73module_init(iwl_mvm_init); 74 75static void __exit iwl_mvm_exit(void) 76{ 77 iwl_opmode_deregister("iwlmvm"); 78 iwl_mvm_rate_control_unregister(); 79} 80module_exit(iwl_mvm_exit); 81 82static void iwl_mvm_nic_config(struct iwl_op_mode *op_mode) 83{ 84 struct iwl_mvm *mvm = IWL_OP_MODE_GET_MVM(op_mode); 85 u8 radio_cfg_type, radio_cfg_step, radio_cfg_dash; 86 u32 reg_val; 87 u32 phy_config = iwl_mvm_get_phy_config(mvm); 88 89 radio_cfg_type = (phy_config & FW_PHY_CFG_RADIO_TYPE) >> 90 FW_PHY_CFG_RADIO_TYPE_POS; 91 radio_cfg_step = (phy_config & FW_PHY_CFG_RADIO_STEP) >> 92 FW_PHY_CFG_RADIO_STEP_POS; 93 radio_cfg_dash = (phy_config & FW_PHY_CFG_RADIO_DASH) >> 94 FW_PHY_CFG_RADIO_DASH_POS; 95 96 IWL_DEBUG_INFO(mvm, "Radio type=0x%x-0x%x-0x%x\n", radio_cfg_type, 97 radio_cfg_step, radio_cfg_dash); 98 99 if (mvm->trans->trans_cfg->device_family >= IWL_DEVICE_FAMILY_AX210) 100 return; 101 102 /* SKU control */ 103 reg_val = CSR_HW_REV_STEP_DASH(mvm->trans->hw_rev); 104 105 /* radio configuration */ 106 reg_val |= radio_cfg_type << CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE; 107 reg_val |= radio_cfg_step << CSR_HW_IF_CONFIG_REG_POS_PHY_STEP; 108 reg_val |= radio_cfg_dash << CSR_HW_IF_CONFIG_REG_POS_PHY_DASH; 109 110 WARN_ON((radio_cfg_type << CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE) & 111 ~CSR_HW_IF_CONFIG_REG_MSK_PHY_TYPE); 112 113 /* 114 * TODO: Bits 7-8 of CSR in 8000 HW family and higher set the ADC 115 * sampling, and shouldn't be set to any non-zero value. 116 * The same is supposed to be true of the other HW, but unsetting 117 * them (such as the 7260) causes automatic tests to fail on seemingly 118 * unrelated errors. Need to further investigate this, but for now 119 * we'll separate cases. 120 */ 121 if (mvm->trans->trans_cfg->device_family < IWL_DEVICE_FAMILY_8000) 122 reg_val |= CSR_HW_IF_CONFIG_REG_BIT_RADIO_SI; 123 124 if (iwl_fw_dbg_is_d3_debug_enabled(&mvm->fwrt)) 125 reg_val |= CSR_HW_IF_CONFIG_REG_D3_DEBUG; 126 127 iwl_trans_set_bits_mask(mvm->trans, CSR_HW_IF_CONFIG_REG, 128 CSR_HW_IF_CONFIG_REG_MSK_MAC_STEP_DASH | 129 CSR_HW_IF_CONFIG_REG_MSK_PHY_TYPE | 130 CSR_HW_IF_CONFIG_REG_MSK_PHY_STEP | 131 CSR_HW_IF_CONFIG_REG_MSK_PHY_DASH | 132 CSR_HW_IF_CONFIG_REG_BIT_RADIO_SI | 133 CSR_HW_IF_CONFIG_REG_BIT_MAC_SI | 134 CSR_HW_IF_CONFIG_REG_D3_DEBUG, 135 reg_val); 136 137 /* 138 * W/A : NIC is stuck in a reset state after Early PCIe power off 139 * (PCIe power is lost before PERST# is asserted), causing ME FW 140 * to lose ownership and not being able to obtain it back. 141 */ 142 if (!mvm->trans->cfg->apmg_not_supported) 143 iwl_set_bits_mask_prph(mvm->trans, APMG_PS_CTRL_REG, 144 APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS, 145 ~APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS); 146} 147 148static void iwl_mvm_rx_monitor_notif(struct iwl_mvm *mvm, 149 struct iwl_rx_cmd_buffer *rxb) 150{ 151 struct iwl_rx_packet *pkt = rxb_addr(rxb); 152 struct iwl_datapath_monitor_notif *notif = (void *)pkt->data; 153 struct ieee80211_supported_band *sband; 154 const struct ieee80211_sta_he_cap *he_cap; 155 struct ieee80211_vif *vif; 156 157 if (notif->type != cpu_to_le32(IWL_DP_MON_NOTIF_TYPE_EXT_CCA)) 158 return; 159 160 vif = iwl_mvm_get_vif_by_macid(mvm, notif->mac_id); 161 if (!vif || vif->type != NL80211_IFTYPE_STATION) 162 return; 163 164 if (!vif->bss_conf.chandef.chan || 165 vif->bss_conf.chandef.chan->band != NL80211_BAND_2GHZ || 166 vif->bss_conf.chandef.width < NL80211_CHAN_WIDTH_40) 167 return; 168 169 if (!vif->cfg.assoc) 170 return; 171 172 /* this shouldn't happen *again*, ignore it */ 173 if (mvm->cca_40mhz_workaround) 174 return; 175 176 /* 177 * We'll decrement this on disconnect - so set to 2 since we'll 178 * still have to disconnect from the current AP first. 179 */ 180 mvm->cca_40mhz_workaround = 2; 181 182 /* 183 * This capability manipulation isn't really ideal, but it's the 184 * easiest choice - otherwise we'd have to do some major changes 185 * in mac80211 to support this, which isn't worth it. This does 186 * mean that userspace may have outdated information, but that's 187 * actually not an issue at all. 188 */ 189 sband = mvm->hw->wiphy->bands[NL80211_BAND_2GHZ]; 190 191 WARN_ON(!sband->ht_cap.ht_supported); 192 WARN_ON(!(sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40)); 193 sband->ht_cap.cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 194 195 he_cap = ieee80211_get_he_iftype_cap_vif(sband, vif); 196 197 if (he_cap) { 198 /* we know that ours is writable */ 199 struct ieee80211_sta_he_cap *he = (void *)(uintptr_t)he_cap; 200 201 WARN_ON(!he->has_he); 202 WARN_ON(!(he->he_cap_elem.phy_cap_info[0] & 203 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_IN_2G)); 204 he->he_cap_elem.phy_cap_info[0] &= 205 ~IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_IN_2G; 206 } 207 208 ieee80211_disconnect(vif, true); 209} 210 211void iwl_mvm_update_link_smps(struct ieee80211_vif *vif, 212 struct ieee80211_bss_conf *link_conf) 213{ 214 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 215 struct iwl_mvm *mvm = mvmvif->mvm; 216 enum ieee80211_smps_mode mode = IEEE80211_SMPS_AUTOMATIC; 217 218 if (!link_conf) 219 return; 220 221 if (mvm->fw_static_smps_request && 222 link_conf->chandef.width == NL80211_CHAN_WIDTH_160 && 223 link_conf->he_support) 224 mode = IEEE80211_SMPS_STATIC; 225 226 iwl_mvm_update_smps(mvm, vif, IWL_MVM_SMPS_REQ_FW, mode, 227 link_conf->link_id); 228} 229 230static void iwl_mvm_intf_dual_chain_req(void *data, u8 *mac, 231 struct ieee80211_vif *vif) 232{ 233 struct ieee80211_bss_conf *link_conf; 234 unsigned int link_id; 235 236 rcu_read_lock(); 237 238 for_each_vif_active_link(vif, link_conf, link_id) 239 iwl_mvm_update_link_smps(vif, link_conf); 240 241 rcu_read_unlock(); 242} 243 244static void iwl_mvm_rx_thermal_dual_chain_req(struct iwl_mvm *mvm, 245 struct iwl_rx_cmd_buffer *rxb) 246{ 247 struct iwl_rx_packet *pkt = rxb_addr(rxb); 248 struct iwl_thermal_dual_chain_request *req = (void *)pkt->data; 249 250 /* 251 * We could pass it to the iterator data, but also need to remember 252 * it for new interfaces that are added while in this state. 253 */ 254 mvm->fw_static_smps_request = 255 req->event == cpu_to_le32(THERMAL_DUAL_CHAIN_REQ_DISABLE); 256 ieee80211_iterate_interfaces(mvm->hw, 257 IEEE80211_IFACE_SKIP_SDATA_NOT_IN_DRIVER, 258 iwl_mvm_intf_dual_chain_req, NULL); 259} 260 261/** 262 * enum iwl_rx_handler_context context for Rx handler 263 * @RX_HANDLER_SYNC : this means that it will be called in the Rx path 264 * which can't acquire mvm->mutex. 265 * @RX_HANDLER_ASYNC_LOCKED : If the handler needs to hold mvm->mutex 266 * (and only in this case!), it should be set as ASYNC. In that case, 267 * it will be called from a worker with mvm->mutex held. 268 * @RX_HANDLER_ASYNC_UNLOCKED : in case the handler needs to lock the 269 * mutex itself, it will be called from a worker without mvm->mutex held. 270 */ 271enum iwl_rx_handler_context { 272 RX_HANDLER_SYNC, 273 RX_HANDLER_ASYNC_LOCKED, 274 RX_HANDLER_ASYNC_UNLOCKED, 275}; 276 277/** 278 * struct iwl_rx_handlers handler for FW notification 279 * @cmd_id: command id 280 * @min_size: minimum size to expect for the notification 281 * @context: see &iwl_rx_handler_context 282 * @fn: the function is called when notification is received 283 */ 284struct iwl_rx_handlers { 285 u16 cmd_id, min_size; 286 enum iwl_rx_handler_context context; 287 void (*fn)(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb); 288}; 289 290#define RX_HANDLER_NO_SIZE(_cmd_id, _fn, _context) \ 291 { .cmd_id = _cmd_id, .fn = _fn, .context = _context, } 292#define RX_HANDLER_GRP_NO_SIZE(_grp, _cmd, _fn, _context) \ 293 { .cmd_id = WIDE_ID(_grp, _cmd), .fn = _fn, .context = _context, } 294#define RX_HANDLER(_cmd_id, _fn, _context, _struct) \ 295 { .cmd_id = _cmd_id, .fn = _fn, \ 296 .context = _context, .min_size = sizeof(_struct), } 297#define RX_HANDLER_GRP(_grp, _cmd, _fn, _context, _struct) \ 298 { .cmd_id = WIDE_ID(_grp, _cmd), .fn = _fn, \ 299 .context = _context, .min_size = sizeof(_struct), } 300 301/* 302 * Handlers for fw notifications 303 * Convention: RX_HANDLER(CMD_NAME, iwl_mvm_rx_CMD_NAME 304 * This list should be in order of frequency for performance purposes. 305 * 306 * The handler can be one from three contexts, see &iwl_rx_handler_context 307 */ 308static const struct iwl_rx_handlers iwl_mvm_rx_handlers[] = { 309 RX_HANDLER(TX_CMD, iwl_mvm_rx_tx_cmd, RX_HANDLER_SYNC, 310 struct iwl_mvm_tx_resp), 311 RX_HANDLER(BA_NOTIF, iwl_mvm_rx_ba_notif, RX_HANDLER_SYNC, 312 struct iwl_mvm_ba_notif), 313 314 RX_HANDLER_GRP(DATA_PATH_GROUP, TLC_MNG_UPDATE_NOTIF, 315 iwl_mvm_tlc_update_notif, RX_HANDLER_SYNC, 316 struct iwl_tlc_update_notif), 317 318 RX_HANDLER(BT_PROFILE_NOTIFICATION, iwl_mvm_rx_bt_coex_notif, 319 RX_HANDLER_ASYNC_LOCKED, struct iwl_bt_coex_profile_notif), 320 RX_HANDLER_NO_SIZE(BEACON_NOTIFICATION, iwl_mvm_rx_beacon_notif, 321 RX_HANDLER_ASYNC_LOCKED), 322 RX_HANDLER_NO_SIZE(STATISTICS_NOTIFICATION, iwl_mvm_rx_statistics, 323 RX_HANDLER_ASYNC_LOCKED), 324 325 RX_HANDLER(BA_WINDOW_STATUS_NOTIFICATION_ID, 326 iwl_mvm_window_status_notif, RX_HANDLER_SYNC, 327 struct iwl_ba_window_status_notif), 328 329 RX_HANDLER(TIME_EVENT_NOTIFICATION, iwl_mvm_rx_time_event_notif, 330 RX_HANDLER_SYNC, struct iwl_time_event_notif), 331 RX_HANDLER_GRP(MAC_CONF_GROUP, SESSION_PROTECTION_NOTIF, 332 iwl_mvm_rx_session_protect_notif, RX_HANDLER_SYNC, 333 struct iwl_mvm_session_prot_notif), 334 RX_HANDLER(MCC_CHUB_UPDATE_CMD, iwl_mvm_rx_chub_update_mcc, 335 RX_HANDLER_ASYNC_LOCKED, struct iwl_mcc_chub_notif), 336 337 RX_HANDLER(EOSP_NOTIFICATION, iwl_mvm_rx_eosp_notif, RX_HANDLER_SYNC, 338 struct iwl_mvm_eosp_notification), 339 340 RX_HANDLER(SCAN_ITERATION_COMPLETE, 341 iwl_mvm_rx_lmac_scan_iter_complete_notif, RX_HANDLER_SYNC, 342 struct iwl_lmac_scan_complete_notif), 343 RX_HANDLER(SCAN_OFFLOAD_COMPLETE, 344 iwl_mvm_rx_lmac_scan_complete_notif, 345 RX_HANDLER_ASYNC_LOCKED, struct iwl_periodic_scan_complete), 346 RX_HANDLER_NO_SIZE(MATCH_FOUND_NOTIFICATION, 347 iwl_mvm_rx_scan_match_found, 348 RX_HANDLER_SYNC), 349 RX_HANDLER(SCAN_COMPLETE_UMAC, iwl_mvm_rx_umac_scan_complete_notif, 350 RX_HANDLER_ASYNC_LOCKED, struct iwl_umac_scan_complete), 351 RX_HANDLER(SCAN_ITERATION_COMPLETE_UMAC, 352 iwl_mvm_rx_umac_scan_iter_complete_notif, RX_HANDLER_SYNC, 353 struct iwl_umac_scan_iter_complete_notif), 354 355 RX_HANDLER(MISSED_BEACONS_NOTIFICATION, iwl_mvm_rx_missed_beacons_notif, 356 RX_HANDLER_SYNC, struct iwl_missed_beacons_notif), 357 358 RX_HANDLER(REPLY_ERROR, iwl_mvm_rx_fw_error, RX_HANDLER_SYNC, 359 struct iwl_error_resp), 360 RX_HANDLER(PSM_UAPSD_AP_MISBEHAVING_NOTIFICATION, 361 iwl_mvm_power_uapsd_misbehaving_ap_notif, RX_HANDLER_SYNC, 362 struct iwl_uapsd_misbehaving_ap_notif), 363 RX_HANDLER_NO_SIZE(DTS_MEASUREMENT_NOTIFICATION, iwl_mvm_temp_notif, 364 RX_HANDLER_ASYNC_LOCKED), 365 RX_HANDLER_GRP_NO_SIZE(PHY_OPS_GROUP, DTS_MEASUREMENT_NOTIF_WIDE, 366 iwl_mvm_temp_notif, RX_HANDLER_ASYNC_UNLOCKED), 367 RX_HANDLER_GRP(PHY_OPS_GROUP, CT_KILL_NOTIFICATION, 368 iwl_mvm_ct_kill_notif, RX_HANDLER_SYNC, 369 struct ct_kill_notif), 370 371 RX_HANDLER(TDLS_CHANNEL_SWITCH_NOTIFICATION, iwl_mvm_rx_tdls_notif, 372 RX_HANDLER_ASYNC_LOCKED, 373 struct iwl_tdls_channel_switch_notif), 374 RX_HANDLER(MFUART_LOAD_NOTIFICATION, iwl_mvm_rx_mfuart_notif, 375 RX_HANDLER_SYNC, struct iwl_mfuart_load_notif_v1), 376 RX_HANDLER_GRP(LOCATION_GROUP, TOF_RESPONDER_STATS, 377 iwl_mvm_ftm_responder_stats, RX_HANDLER_ASYNC_LOCKED, 378 struct iwl_ftm_responder_stats), 379 380 RX_HANDLER_GRP_NO_SIZE(LOCATION_GROUP, TOF_RANGE_RESPONSE_NOTIF, 381 iwl_mvm_ftm_range_resp, RX_HANDLER_ASYNC_LOCKED), 382 RX_HANDLER_GRP_NO_SIZE(LOCATION_GROUP, TOF_LC_NOTIF, 383 iwl_mvm_ftm_lc_notif, RX_HANDLER_ASYNC_LOCKED), 384 385 RX_HANDLER_GRP(DEBUG_GROUP, MFU_ASSERT_DUMP_NTF, 386 iwl_mvm_mfu_assert_dump_notif, RX_HANDLER_SYNC, 387 struct iwl_mfu_assert_dump_notif), 388 RX_HANDLER_GRP(PROT_OFFLOAD_GROUP, STORED_BEACON_NTF, 389 iwl_mvm_rx_stored_beacon_notif, RX_HANDLER_SYNC, 390 struct iwl_stored_beacon_notif_v2), 391 RX_HANDLER_GRP(DATA_PATH_GROUP, MU_GROUP_MGMT_NOTIF, 392 iwl_mvm_mu_mimo_grp_notif, RX_HANDLER_SYNC, 393 struct iwl_mu_group_mgmt_notif), 394 RX_HANDLER_GRP(DATA_PATH_GROUP, STA_PM_NOTIF, 395 iwl_mvm_sta_pm_notif, RX_HANDLER_SYNC, 396 struct iwl_mvm_pm_state_notification), 397 RX_HANDLER_GRP(MAC_CONF_GROUP, PROBE_RESPONSE_DATA_NOTIF, 398 iwl_mvm_probe_resp_data_notif, 399 RX_HANDLER_ASYNC_LOCKED, 400 struct iwl_probe_resp_data_notif), 401 RX_HANDLER_GRP(MAC_CONF_GROUP, CHANNEL_SWITCH_START_NOTIF, 402 iwl_mvm_channel_switch_start_notif, 403 RX_HANDLER_SYNC, struct iwl_channel_switch_start_notif), 404 RX_HANDLER_GRP(MAC_CONF_GROUP, CHANNEL_SWITCH_ERROR_NOTIF, 405 iwl_mvm_channel_switch_error_notif, 406 RX_HANDLER_ASYNC_UNLOCKED, 407 struct iwl_channel_switch_error_notif), 408 RX_HANDLER_GRP(DATA_PATH_GROUP, MONITOR_NOTIF, 409 iwl_mvm_rx_monitor_notif, RX_HANDLER_ASYNC_LOCKED, 410 struct iwl_datapath_monitor_notif), 411 412 RX_HANDLER_GRP(DATA_PATH_GROUP, THERMAL_DUAL_CHAIN_REQUEST, 413 iwl_mvm_rx_thermal_dual_chain_req, 414 RX_HANDLER_ASYNC_LOCKED, 415 struct iwl_thermal_dual_chain_request), 416 417 RX_HANDLER_GRP(SYSTEM_GROUP, RFI_DEACTIVATE_NOTIF, 418 iwl_rfi_deactivate_notif_handler, RX_HANDLER_ASYNC_UNLOCKED, 419 struct iwl_rfi_deactivate_notif), 420 421 RX_HANDLER_GRP(LEGACY_GROUP, 422 WNM_80211V_TIMING_MEASUREMENT_NOTIFICATION, 423 iwl_mvm_time_sync_msmt_event, RX_HANDLER_SYNC, 424 struct iwl_time_msmt_notify), 425 RX_HANDLER_GRP(LEGACY_GROUP, 426 WNM_80211V_TIMING_MEASUREMENT_CONFIRM_NOTIFICATION, 427 iwl_mvm_time_sync_msmt_confirm_event, RX_HANDLER_SYNC, 428 struct iwl_time_msmt_cfm_notify), 429}; 430#undef RX_HANDLER 431#undef RX_HANDLER_GRP 432 433/* Please keep this array *SORTED* by hex value. 434 * Access is done through binary search 435 */ 436static const struct iwl_hcmd_names iwl_mvm_legacy_names[] = { 437 HCMD_NAME(UCODE_ALIVE_NTFY), 438 HCMD_NAME(REPLY_ERROR), 439 HCMD_NAME(ECHO_CMD), 440 HCMD_NAME(INIT_COMPLETE_NOTIF), 441 HCMD_NAME(PHY_CONTEXT_CMD), 442 HCMD_NAME(DBG_CFG), 443 HCMD_NAME(SCAN_CFG_CMD), 444 HCMD_NAME(SCAN_REQ_UMAC), 445 HCMD_NAME(SCAN_ABORT_UMAC), 446 HCMD_NAME(SCAN_COMPLETE_UMAC), 447 HCMD_NAME(BA_WINDOW_STATUS_NOTIFICATION_ID), 448 HCMD_NAME(ADD_STA_KEY), 449 HCMD_NAME(ADD_STA), 450 HCMD_NAME(REMOVE_STA), 451 HCMD_NAME(TX_CMD), 452 HCMD_NAME(SCD_QUEUE_CFG), 453 HCMD_NAME(TXPATH_FLUSH), 454 HCMD_NAME(MGMT_MCAST_KEY), 455 HCMD_NAME(WEP_KEY), 456 HCMD_NAME(SHARED_MEM_CFG), 457 HCMD_NAME(TDLS_CHANNEL_SWITCH_CMD), 458 HCMD_NAME(MAC_CONTEXT_CMD), 459 HCMD_NAME(TIME_EVENT_CMD), 460 HCMD_NAME(TIME_EVENT_NOTIFICATION), 461 HCMD_NAME(BINDING_CONTEXT_CMD), 462 HCMD_NAME(TIME_QUOTA_CMD), 463 HCMD_NAME(NON_QOS_TX_COUNTER_CMD), 464 HCMD_NAME(LEDS_CMD), 465 HCMD_NAME(LQ_CMD), 466 HCMD_NAME(FW_PAGING_BLOCK_CMD), 467 HCMD_NAME(SCAN_OFFLOAD_REQUEST_CMD), 468 HCMD_NAME(SCAN_OFFLOAD_ABORT_CMD), 469 HCMD_NAME(HOT_SPOT_CMD), 470 HCMD_NAME(SCAN_OFFLOAD_PROFILES_QUERY_CMD), 471 HCMD_NAME(BT_COEX_UPDATE_REDUCED_TXP), 472 HCMD_NAME(BT_COEX_CI), 473 HCMD_NAME(WNM_80211V_TIMING_MEASUREMENT_NOTIFICATION), 474 HCMD_NAME(WNM_80211V_TIMING_MEASUREMENT_CONFIRM_NOTIFICATION), 475 HCMD_NAME(PHY_CONFIGURATION_CMD), 476 HCMD_NAME(CALIB_RES_NOTIF_PHY_DB), 477 HCMD_NAME(PHY_DB_CMD), 478 HCMD_NAME(SCAN_OFFLOAD_COMPLETE), 479 HCMD_NAME(SCAN_OFFLOAD_UPDATE_PROFILES_CMD), 480 HCMD_NAME(POWER_TABLE_CMD), 481 HCMD_NAME(PSM_UAPSD_AP_MISBEHAVING_NOTIFICATION), 482 HCMD_NAME(REPLY_THERMAL_MNG_BACKOFF), 483 HCMD_NAME(NVM_ACCESS_CMD), 484 HCMD_NAME(BEACON_NOTIFICATION), 485 HCMD_NAME(BEACON_TEMPLATE_CMD), 486 HCMD_NAME(TX_ANT_CONFIGURATION_CMD), 487 HCMD_NAME(BT_CONFIG), 488 HCMD_NAME(STATISTICS_CMD), 489 HCMD_NAME(STATISTICS_NOTIFICATION), 490 HCMD_NAME(EOSP_NOTIFICATION), 491 HCMD_NAME(REDUCE_TX_POWER_CMD), 492 HCMD_NAME(MISSED_BEACONS_NOTIFICATION), 493 HCMD_NAME(TDLS_CONFIG_CMD), 494 HCMD_NAME(MAC_PM_POWER_TABLE), 495 HCMD_NAME(TDLS_CHANNEL_SWITCH_NOTIFICATION), 496 HCMD_NAME(MFUART_LOAD_NOTIFICATION), 497 HCMD_NAME(RSS_CONFIG_CMD), 498 HCMD_NAME(SCAN_ITERATION_COMPLETE_UMAC), 499 HCMD_NAME(REPLY_RX_PHY_CMD), 500 HCMD_NAME(REPLY_RX_MPDU_CMD), 501 HCMD_NAME(BAR_FRAME_RELEASE), 502 HCMD_NAME(FRAME_RELEASE), 503 HCMD_NAME(BA_NOTIF), 504 HCMD_NAME(MCC_UPDATE_CMD), 505 HCMD_NAME(MCC_CHUB_UPDATE_CMD), 506 HCMD_NAME(MARKER_CMD), 507 HCMD_NAME(BT_PROFILE_NOTIFICATION), 508 HCMD_NAME(MCAST_FILTER_CMD), 509 HCMD_NAME(REPLY_SF_CFG_CMD), 510 HCMD_NAME(REPLY_BEACON_FILTERING_CMD), 511 HCMD_NAME(D3_CONFIG_CMD), 512 HCMD_NAME(PROT_OFFLOAD_CONFIG_CMD), 513 HCMD_NAME(MATCH_FOUND_NOTIFICATION), 514 HCMD_NAME(DTS_MEASUREMENT_NOTIFICATION), 515 HCMD_NAME(WOWLAN_PATTERNS), 516 HCMD_NAME(WOWLAN_CONFIGURATION), 517 HCMD_NAME(WOWLAN_TSC_RSC_PARAM), 518 HCMD_NAME(WOWLAN_TKIP_PARAM), 519 HCMD_NAME(WOWLAN_KEK_KCK_MATERIAL), 520 HCMD_NAME(WOWLAN_GET_STATUSES), 521 HCMD_NAME(SCAN_ITERATION_COMPLETE), 522 HCMD_NAME(D0I3_END_CMD), 523 HCMD_NAME(LTR_CONFIG), 524 HCMD_NAME(LDBG_CONFIG_CMD), 525}; 526 527/* Please keep this array *SORTED* by hex value. 528 * Access is done through binary search 529 */ 530static const struct iwl_hcmd_names iwl_mvm_system_names[] = { 531 HCMD_NAME(SHARED_MEM_CFG_CMD), 532 HCMD_NAME(INIT_EXTENDED_CFG_CMD), 533 HCMD_NAME(FW_ERROR_RECOVERY_CMD), 534 HCMD_NAME(RFI_CONFIG_CMD), 535 HCMD_NAME(RFI_GET_FREQ_TABLE_CMD), 536 HCMD_NAME(SYSTEM_FEATURES_CONTROL_CMD), 537 HCMD_NAME(RFI_DEACTIVATE_NOTIF), 538}; 539 540/* Please keep this array *SORTED* by hex value. 541 * Access is done through binary search 542 */ 543static const struct iwl_hcmd_names iwl_mvm_mac_conf_names[] = { 544 HCMD_NAME(CHANNEL_SWITCH_TIME_EVENT_CMD), 545 HCMD_NAME(SESSION_PROTECTION_CMD), 546 HCMD_NAME(MAC_CONFIG_CMD), 547 HCMD_NAME(LINK_CONFIG_CMD), 548 HCMD_NAME(STA_CONFIG_CMD), 549 HCMD_NAME(AUX_STA_CMD), 550 HCMD_NAME(STA_REMOVE_CMD), 551 HCMD_NAME(STA_DISABLE_TX_CMD), 552 HCMD_NAME(SESSION_PROTECTION_NOTIF), 553 HCMD_NAME(CHANNEL_SWITCH_START_NOTIF), 554}; 555 556/* Please keep this array *SORTED* by hex value. 557 * Access is done through binary search 558 */ 559static const struct iwl_hcmd_names iwl_mvm_phy_names[] = { 560 HCMD_NAME(CMD_DTS_MEASUREMENT_TRIGGER_WIDE), 561 HCMD_NAME(CTDP_CONFIG_CMD), 562 HCMD_NAME(TEMP_REPORTING_THRESHOLDS_CMD), 563 HCMD_NAME(PER_CHAIN_LIMIT_OFFSET_CMD), 564 HCMD_NAME(CT_KILL_NOTIFICATION), 565 HCMD_NAME(DTS_MEASUREMENT_NOTIF_WIDE), 566}; 567 568/* Please keep this array *SORTED* by hex value. 569 * Access is done through binary search 570 */ 571static const struct iwl_hcmd_names iwl_mvm_data_path_names[] = { 572 HCMD_NAME(DQA_ENABLE_CMD), 573 HCMD_NAME(UPDATE_MU_GROUPS_CMD), 574 HCMD_NAME(TRIGGER_RX_QUEUES_NOTIF_CMD), 575 HCMD_NAME(STA_HE_CTXT_CMD), 576 HCMD_NAME(RLC_CONFIG_CMD), 577 HCMD_NAME(RFH_QUEUE_CONFIG_CMD), 578 HCMD_NAME(TLC_MNG_CONFIG_CMD), 579 HCMD_NAME(CHEST_COLLECTOR_FILTER_CONFIG_CMD), 580 HCMD_NAME(SCD_QUEUE_CONFIG_CMD), 581 HCMD_NAME(SEC_KEY_CMD), 582 HCMD_NAME(MONITOR_NOTIF), 583 HCMD_NAME(THERMAL_DUAL_CHAIN_REQUEST), 584 HCMD_NAME(STA_PM_NOTIF), 585 HCMD_NAME(MU_GROUP_MGMT_NOTIF), 586 HCMD_NAME(RX_QUEUES_NOTIFICATION), 587}; 588 589/* Please keep this array *SORTED* by hex value. 590 * Access is done through binary search 591 */ 592static const struct iwl_hcmd_names iwl_mvm_scan_names[] = { 593 HCMD_NAME(OFFLOAD_MATCH_INFO_NOTIF), 594}; 595 596/* Please keep this array *SORTED* by hex value. 597 * Access is done through binary search 598 */ 599static const struct iwl_hcmd_names iwl_mvm_location_names[] = { 600 HCMD_NAME(TOF_RANGE_REQ_CMD), 601 HCMD_NAME(TOF_CONFIG_CMD), 602 HCMD_NAME(TOF_RANGE_ABORT_CMD), 603 HCMD_NAME(TOF_RANGE_REQ_EXT_CMD), 604 HCMD_NAME(TOF_RESPONDER_CONFIG_CMD), 605 HCMD_NAME(TOF_RESPONDER_DYN_CONFIG_CMD), 606 HCMD_NAME(TOF_LC_NOTIF), 607 HCMD_NAME(TOF_RESPONDER_STATS), 608 HCMD_NAME(TOF_MCSI_DEBUG_NOTIF), 609 HCMD_NAME(TOF_RANGE_RESPONSE_NOTIF), 610}; 611 612/* Please keep this array *SORTED* by hex value. 613 * Access is done through binary search 614 */ 615static const struct iwl_hcmd_names iwl_mvm_prot_offload_names[] = { 616 HCMD_NAME(WOWLAN_WAKE_PKT_NOTIFICATION), 617 HCMD_NAME(WOWLAN_INFO_NOTIFICATION), 618 HCMD_NAME(D3_END_NOTIFICATION), 619 HCMD_NAME(STORED_BEACON_NTF), 620}; 621 622/* Please keep this array *SORTED* by hex value. 623 * Access is done through binary search 624 */ 625static const struct iwl_hcmd_names iwl_mvm_regulatory_and_nvm_names[] = { 626 HCMD_NAME(NVM_ACCESS_COMPLETE), 627 HCMD_NAME(NVM_GET_INFO), 628 HCMD_NAME(TAS_CONFIG), 629}; 630 631static const struct iwl_hcmd_arr iwl_mvm_groups[] = { 632 [LEGACY_GROUP] = HCMD_ARR(iwl_mvm_legacy_names), 633 [LONG_GROUP] = HCMD_ARR(iwl_mvm_legacy_names), 634 [SYSTEM_GROUP] = HCMD_ARR(iwl_mvm_system_names), 635 [MAC_CONF_GROUP] = HCMD_ARR(iwl_mvm_mac_conf_names), 636 [PHY_OPS_GROUP] = HCMD_ARR(iwl_mvm_phy_names), 637 [DATA_PATH_GROUP] = HCMD_ARR(iwl_mvm_data_path_names), 638 [SCAN_GROUP] = HCMD_ARR(iwl_mvm_scan_names), 639 [LOCATION_GROUP] = HCMD_ARR(iwl_mvm_location_names), 640 [PROT_OFFLOAD_GROUP] = HCMD_ARR(iwl_mvm_prot_offload_names), 641 [REGULATORY_AND_NVM_GROUP] = 642 HCMD_ARR(iwl_mvm_regulatory_and_nvm_names), 643}; 644 645/* this forward declaration can avoid to export the function */ 646static void iwl_mvm_async_handlers_wk(struct work_struct *wk); 647 648static u32 iwl_mvm_min_backoff(struct iwl_mvm *mvm) 649{ 650 const struct iwl_pwr_tx_backoff *backoff = mvm->cfg->pwr_tx_backoffs; 651 u64 dflt_pwr_limit; 652 653 if (!backoff) 654 return 0; 655 656 dflt_pwr_limit = iwl_acpi_get_pwr_limit(mvm->dev); 657 658 while (backoff->pwr) { 659 if (dflt_pwr_limit >= backoff->pwr) 660 return backoff->backoff; 661 662 backoff++; 663 } 664 665 return 0; 666} 667 668static void iwl_mvm_tx_unblock_dwork(struct work_struct *work) 669{ 670 struct iwl_mvm *mvm = 671 container_of(work, struct iwl_mvm, cs_tx_unblock_dwork.work); 672 struct ieee80211_vif *tx_blocked_vif; 673 struct iwl_mvm_vif *mvmvif; 674 675 mutex_lock(&mvm->mutex); 676 677 tx_blocked_vif = 678 rcu_dereference_protected(mvm->csa_tx_blocked_vif, 679 lockdep_is_held(&mvm->mutex)); 680 681 if (!tx_blocked_vif) 682 goto unlock; 683 684 mvmvif = iwl_mvm_vif_from_mac80211(tx_blocked_vif); 685 iwl_mvm_modify_all_sta_disable_tx(mvm, mvmvif, false); 686 RCU_INIT_POINTER(mvm->csa_tx_blocked_vif, NULL); 687unlock: 688 mutex_unlock(&mvm->mutex); 689} 690 691static void iwl_mvm_fwrt_dump_start(void *ctx) 692{ 693 struct iwl_mvm *mvm = ctx; 694 695 mutex_lock(&mvm->mutex); 696} 697 698static void iwl_mvm_fwrt_dump_end(void *ctx) 699{ 700 struct iwl_mvm *mvm = ctx; 701 702 mutex_unlock(&mvm->mutex); 703} 704 705static bool iwl_mvm_fwrt_fw_running(void *ctx) 706{ 707 return iwl_mvm_firmware_running(ctx); 708} 709 710static int iwl_mvm_fwrt_send_hcmd(void *ctx, struct iwl_host_cmd *host_cmd) 711{ 712 struct iwl_mvm *mvm = (struct iwl_mvm *)ctx; 713 int ret; 714 715 mutex_lock(&mvm->mutex); 716 ret = iwl_mvm_send_cmd(mvm, host_cmd); 717 mutex_unlock(&mvm->mutex); 718 719 return ret; 720} 721 722static bool iwl_mvm_d3_debug_enable(void *ctx) 723{ 724 return IWL_MVM_D3_DEBUG; 725} 726 727static const struct iwl_fw_runtime_ops iwl_mvm_fwrt_ops = { 728 .dump_start = iwl_mvm_fwrt_dump_start, 729 .dump_end = iwl_mvm_fwrt_dump_end, 730 .fw_running = iwl_mvm_fwrt_fw_running, 731 .send_hcmd = iwl_mvm_fwrt_send_hcmd, 732 .d3_debug_enable = iwl_mvm_d3_debug_enable, 733}; 734 735static int iwl_mvm_start_get_nvm(struct iwl_mvm *mvm) 736{ 737 struct iwl_trans *trans = mvm->trans; 738 int ret; 739 740 if (trans->csme_own) { 741 if (WARN(!mvm->mei_registered, 742 "csme is owner, but we aren't registered to iwlmei\n")) 743 goto get_nvm_from_fw; 744 745 mvm->mei_nvm_data = iwl_mei_get_nvm(); 746 if (mvm->mei_nvm_data) { 747 /* 748 * mvm->mei_nvm_data is set and because of that, 749 * we'll load the NVM from the FW when we'll get 750 * ownership. 751 */ 752 mvm->nvm_data = 753 iwl_parse_mei_nvm_data(trans, trans->cfg, 754 mvm->mei_nvm_data, mvm->fw); 755 return 0; 756 } 757 758 IWL_ERR(mvm, 759 "Got a NULL NVM from CSME, trying to get it from the device\n"); 760 } 761 762get_nvm_from_fw: 763 rtnl_lock(); 764 wiphy_lock(mvm->hw->wiphy); 765 mutex_lock(&mvm->mutex); 766 767 ret = iwl_trans_start_hw(mvm->trans); 768 if (ret) { 769 mutex_unlock(&mvm->mutex); 770 wiphy_unlock(mvm->hw->wiphy); 771 rtnl_unlock(); 772 return ret; 773 } 774 775 ret = iwl_run_init_mvm_ucode(mvm); 776 if (ret && ret != -ERFKILL) 777 iwl_fw_dbg_error_collect(&mvm->fwrt, FW_DBG_TRIGGER_DRIVER); 778 if (!ret && iwl_mvm_is_lar_supported(mvm)) { 779 mvm->hw->wiphy->regulatory_flags |= REGULATORY_WIPHY_SELF_MANAGED; 780 ret = iwl_mvm_init_mcc(mvm); 781 } 782 783 if (!iwlmvm_mod_params.init_dbg || !ret) 784 iwl_mvm_stop_device(mvm); 785 786 mutex_unlock(&mvm->mutex); 787 wiphy_unlock(mvm->hw->wiphy); 788 rtnl_unlock(); 789 790 if (ret) 791 IWL_ERR(mvm, "Failed to run INIT ucode: %d\n", ret); 792 793 return ret; 794} 795 796static int iwl_mvm_start_post_nvm(struct iwl_mvm *mvm) 797{ 798 struct iwl_mvm_csme_conn_info *csme_conn_info __maybe_unused; 799 int ret; 800 801 iwl_mvm_toggle_tx_ant(mvm, &mvm->mgmt_last_antenna_idx); 802 803 ret = iwl_mvm_mac_setup_register(mvm); 804 if (ret) 805 return ret; 806 807 mvm->hw_registered = true; 808 809 iwl_mvm_dbgfs_register(mvm); 810 811 wiphy_rfkill_set_hw_state_reason(mvm->hw->wiphy, 812 mvm->mei_rfkill_blocked, 813 RFKILL_HARD_BLOCK_NOT_OWNER); 814 815 iwl_mvm_mei_set_sw_rfkill_state(mvm); 816 817 return 0; 818} 819 820struct iwl_mvm_frob_txf_data { 821 u8 *buf; 822 size_t buflen; 823}; 824 825static void iwl_mvm_frob_txf_key_iter(struct ieee80211_hw *hw, 826 struct ieee80211_vif *vif, 827 struct ieee80211_sta *sta, 828 struct ieee80211_key_conf *key, 829 void *data) 830{ 831 struct iwl_mvm_frob_txf_data *txf = data; 832 u8 keylen, match, matchend; 833 u8 *keydata; 834 size_t i; 835 836 switch (key->cipher) { 837 case WLAN_CIPHER_SUITE_CCMP: 838 keydata = key->key; 839 keylen = key->keylen; 840 break; 841 case WLAN_CIPHER_SUITE_WEP40: 842 case WLAN_CIPHER_SUITE_WEP104: 843 case WLAN_CIPHER_SUITE_TKIP: 844 /* 845 * WEP has short keys which might show up in the payload, 846 * and then you can deduce the key, so in this case just 847 * remove all FIFO data. 848 * For TKIP, we don't know the phase 2 keys here, so same. 849 */ 850 memset(txf->buf, 0xBB, txf->buflen); 851 return; 852 default: 853 return; 854 } 855 856 /* scan for key material and clear it out */ 857 match = 0; 858 for (i = 0; i < txf->buflen; i++) { 859 if (txf->buf[i] != keydata[match]) { 860 match = 0; 861 continue; 862 } 863 match++; 864 if (match == keylen) { 865 memset(txf->buf + i - keylen, 0xAA, keylen); 866 match = 0; 867 } 868 } 869 870 /* we're dealing with a FIFO, so check wrapped around data */ 871 matchend = match; 872 for (i = 0; match && i < keylen - match; i++) { 873 if (txf->buf[i] != keydata[match]) 874 break; 875 match++; 876 if (match == keylen) { 877 memset(txf->buf, 0xAA, i + 1); 878 memset(txf->buf + txf->buflen - matchend, 0xAA, 879 matchend); 880 break; 881 } 882 } 883} 884 885static void iwl_mvm_frob_txf(void *ctx, void *buf, size_t buflen) 886{ 887 struct iwl_mvm_frob_txf_data txf = { 888 .buf = buf, 889 .buflen = buflen, 890 }; 891 struct iwl_mvm *mvm = ctx; 892 893 /* embedded key material exists only on old API */ 894 if (iwl_mvm_has_new_tx_api(mvm)) 895 return; 896 897 rcu_read_lock(); 898 ieee80211_iter_keys_rcu(mvm->hw, NULL, iwl_mvm_frob_txf_key_iter, &txf); 899 rcu_read_unlock(); 900} 901 902static void iwl_mvm_frob_hcmd(void *ctx, void *hcmd, size_t len) 903{ 904 /* we only use wide headers for commands */ 905 struct iwl_cmd_header_wide *hdr = hcmd; 906 unsigned int frob_start = sizeof(*hdr), frob_end = 0; 907 908 if (len < sizeof(hdr)) 909 return; 910 911 /* all the commands we care about are in LONG_GROUP */ 912 if (hdr->group_id != LONG_GROUP) 913 return; 914 915 switch (hdr->cmd) { 916 case WEP_KEY: 917 case WOWLAN_TKIP_PARAM: 918 case WOWLAN_KEK_KCK_MATERIAL: 919 case ADD_STA_KEY: 920 /* 921 * blank out everything here, easier than dealing 922 * with the various versions of the command 923 */ 924 frob_end = INT_MAX; 925 break; 926 case MGMT_MCAST_KEY: 927 frob_start = offsetof(struct iwl_mvm_mgmt_mcast_key_cmd, igtk); 928 BUILD_BUG_ON(offsetof(struct iwl_mvm_mgmt_mcast_key_cmd, igtk) != 929 offsetof(struct iwl_mvm_mgmt_mcast_key_cmd_v1, igtk)); 930 931 frob_end = offsetofend(struct iwl_mvm_mgmt_mcast_key_cmd, igtk); 932 BUILD_BUG_ON(offsetof(struct iwl_mvm_mgmt_mcast_key_cmd, igtk) < 933 offsetof(struct iwl_mvm_mgmt_mcast_key_cmd_v1, igtk)); 934 break; 935 } 936 937 if (frob_start >= frob_end) 938 return; 939 940 if (frob_end > len) 941 frob_end = len; 942 943 memset((u8 *)hcmd + frob_start, 0xAA, frob_end - frob_start); 944} 945 946static void iwl_mvm_frob_mem(void *ctx, u32 mem_addr, void *mem, size_t buflen) 947{ 948 const struct iwl_dump_exclude *excl; 949 struct iwl_mvm *mvm = ctx; 950 int i; 951 952 switch (mvm->fwrt.cur_fw_img) { 953 case IWL_UCODE_INIT: 954 default: 955 /* not relevant */ 956 return; 957 case IWL_UCODE_REGULAR: 958 case IWL_UCODE_REGULAR_USNIFFER: 959 excl = mvm->fw->dump_excl; 960 break; 961 case IWL_UCODE_WOWLAN: 962 excl = mvm->fw->dump_excl_wowlan; 963 break; 964 } 965 966 BUILD_BUG_ON(sizeof(mvm->fw->dump_excl) != 967 sizeof(mvm->fw->dump_excl_wowlan)); 968 969 for (i = 0; i < ARRAY_SIZE(mvm->fw->dump_excl); i++) { 970 u32 start, end; 971 972 if (!excl[i].addr || !excl[i].size) 973 continue; 974 975 start = excl[i].addr; 976 end = start + excl[i].size; 977 978 if (end <= mem_addr || start >= mem_addr + buflen) 979 continue; 980 981 if (start < mem_addr) 982 start = mem_addr; 983 984 if (end > mem_addr + buflen) 985 end = mem_addr + buflen; 986 987 memset((u8 *)mem + start - mem_addr, 0xAA, end - start); 988 } 989} 990 991static const struct iwl_dump_sanitize_ops iwl_mvm_sanitize_ops = { 992 .frob_txf = iwl_mvm_frob_txf, 993 .frob_hcmd = iwl_mvm_frob_hcmd, 994 .frob_mem = iwl_mvm_frob_mem, 995}; 996 997static void iwl_mvm_me_conn_status(void *priv, const struct iwl_mei_conn_info *conn_info) 998{ 999 struct iwl_mvm *mvm = priv; 1000 struct iwl_mvm_csme_conn_info *prev_conn_info, *curr_conn_info; 1001 1002 /* 1003 * This is protected by the guarantee that this function will not be 1004 * called twice on two different threads 1005 */ 1006 prev_conn_info = rcu_dereference_protected(mvm->csme_conn_info, true); 1007 1008 curr_conn_info = kzalloc(sizeof(*curr_conn_info), GFP_KERNEL); 1009 if (!curr_conn_info) 1010 return; 1011 1012 curr_conn_info->conn_info = *conn_info; 1013 1014 rcu_assign_pointer(mvm->csme_conn_info, curr_conn_info); 1015 1016 if (prev_conn_info) 1017 kfree_rcu(prev_conn_info, rcu_head); 1018} 1019 1020static void iwl_mvm_mei_rfkill(void *priv, bool blocked, 1021 bool csme_taking_ownership) 1022{ 1023 struct iwl_mvm *mvm = priv; 1024 1025 if (blocked && !csme_taking_ownership) 1026 return; 1027 1028 mvm->mei_rfkill_blocked = blocked; 1029 if (!mvm->hw_registered) 1030 return; 1031 1032 wiphy_rfkill_set_hw_state_reason(mvm->hw->wiphy, 1033 mvm->mei_rfkill_blocked, 1034 RFKILL_HARD_BLOCK_NOT_OWNER); 1035} 1036 1037static void iwl_mvm_mei_roaming_forbidden(void *priv, bool forbidden) 1038{ 1039 struct iwl_mvm *mvm = priv; 1040 1041 if (!mvm->hw_registered || !mvm->csme_vif) 1042 return; 1043 1044 iwl_mvm_send_roaming_forbidden_event(mvm, mvm->csme_vif, forbidden); 1045} 1046 1047static void iwl_mvm_sap_connected_wk(struct work_struct *wk) 1048{ 1049 struct iwl_mvm *mvm = 1050 container_of(wk, struct iwl_mvm, sap_connected_wk); 1051 int ret; 1052 1053 ret = iwl_mvm_start_get_nvm(mvm); 1054 if (ret) 1055 goto out_free; 1056 1057 ret = iwl_mvm_start_post_nvm(mvm); 1058 if (ret) 1059 goto out_free; 1060 1061 return; 1062 1063out_free: 1064 IWL_ERR(mvm, "Couldn't get started...\n"); 1065 iwl_mei_start_unregister(); 1066 iwl_mei_unregister_complete(); 1067 iwl_fw_flush_dumps(&mvm->fwrt); 1068 iwl_mvm_thermal_exit(mvm); 1069 iwl_fw_runtime_free(&mvm->fwrt); 1070 iwl_phy_db_free(mvm->phy_db); 1071 kfree(mvm->scan_cmd); 1072 iwl_trans_op_mode_leave(mvm->trans); 1073 kfree(mvm->nvm_data); 1074 kfree(mvm->mei_nvm_data); 1075 1076 ieee80211_free_hw(mvm->hw); 1077} 1078 1079static void iwl_mvm_mei_sap_connected(void *priv) 1080{ 1081 struct iwl_mvm *mvm = priv; 1082 1083 if (!mvm->hw_registered) 1084 schedule_work(&mvm->sap_connected_wk); 1085} 1086 1087static void iwl_mvm_mei_nic_stolen(void *priv) 1088{ 1089 struct iwl_mvm *mvm = priv; 1090 1091 rtnl_lock(); 1092 cfg80211_shutdown_all_interfaces(mvm->hw->wiphy); 1093 rtnl_unlock(); 1094} 1095 1096static const struct iwl_mei_ops mei_ops = { 1097 .me_conn_status = iwl_mvm_me_conn_status, 1098 .rfkill = iwl_mvm_mei_rfkill, 1099 .roaming_forbidden = iwl_mvm_mei_roaming_forbidden, 1100 .sap_connected = iwl_mvm_mei_sap_connected, 1101 .nic_stolen = iwl_mvm_mei_nic_stolen, 1102}; 1103 1104static struct iwl_op_mode * 1105iwl_op_mode_mvm_start(struct iwl_trans *trans, const struct iwl_cfg *cfg, 1106 const struct iwl_fw *fw, struct dentry *dbgfs_dir) 1107{ 1108 struct ieee80211_hw *hw; 1109 struct iwl_op_mode *op_mode; 1110 struct iwl_mvm *mvm; 1111 struct iwl_trans_config trans_cfg = {}; 1112 static const u8 no_reclaim_cmds[] = { 1113 TX_CMD, 1114 }; 1115 u32 max_agg; 1116 size_t scan_size; 1117 u32 min_backoff; 1118 struct iwl_mvm_csme_conn_info *csme_conn_info __maybe_unused; 1119 1120 /* 1121 * We use IWL_MVM_STATION_COUNT_MAX to check the validity of the station 1122 * index all over the driver - check that its value corresponds to the 1123 * array size. 1124 */ 1125 BUILD_BUG_ON(ARRAY_SIZE(mvm->fw_id_to_mac_id) != 1126 IWL_MVM_STATION_COUNT_MAX); 1127 1128 /******************************** 1129 * 1. Allocating and configuring HW data 1130 ********************************/ 1131 hw = ieee80211_alloc_hw(sizeof(struct iwl_op_mode) + 1132 sizeof(struct iwl_mvm), 1133 iwl_mvm_has_mld_api(fw) ? &iwl_mvm_mld_hw_ops : 1134 &iwl_mvm_hw_ops); 1135 if (!hw) 1136 return NULL; 1137 1138 if (trans->trans_cfg->device_family >= IWL_DEVICE_FAMILY_BZ) 1139 max_agg = IEEE80211_MAX_AMPDU_BUF_EHT; 1140 else 1141 max_agg = IEEE80211_MAX_AMPDU_BUF_HE; 1142 1143 hw->max_rx_aggregation_subframes = max_agg; 1144 1145 if (cfg->max_tx_agg_size) 1146 hw->max_tx_aggregation_subframes = cfg->max_tx_agg_size; 1147 else 1148 hw->max_tx_aggregation_subframes = max_agg; 1149 1150 op_mode = hw->priv; 1151 1152 mvm = IWL_OP_MODE_GET_MVM(op_mode); 1153 mvm->dev = trans->dev; 1154 mvm->trans = trans; 1155 mvm->cfg = cfg; 1156 mvm->fw = fw; 1157 mvm->hw = hw; 1158 1159 iwl_fw_runtime_init(&mvm->fwrt, trans, fw, &iwl_mvm_fwrt_ops, mvm, 1160 &iwl_mvm_sanitize_ops, mvm, dbgfs_dir); 1161 1162 iwl_mvm_get_acpi_tables(mvm); 1163 iwl_uefi_get_sgom_table(trans, &mvm->fwrt); 1164 iwl_uefi_get_step_table(trans); 1165 1166 mvm->init_status = 0; 1167 1168 if (iwl_mvm_has_new_rx_api(mvm)) { 1169 op_mode->ops = &iwl_mvm_ops_mq; 1170 trans->rx_mpdu_cmd_hdr_size = 1171 (trans->trans_cfg->device_family >= 1172 IWL_DEVICE_FAMILY_AX210) ? 1173 sizeof(struct iwl_rx_mpdu_desc) : 1174 IWL_RX_DESC_SIZE_V1; 1175 } else { 1176 op_mode->ops = &iwl_mvm_ops; 1177 trans->rx_mpdu_cmd_hdr_size = 1178 sizeof(struct iwl_rx_mpdu_res_start); 1179 1180 if (WARN_ON(trans->num_rx_queues > 1)) 1181 goto out_free; 1182 } 1183 1184 mvm->fw_restart = iwlwifi_mod_params.fw_restart ? -1 : 0; 1185 1186 if (iwl_mvm_has_new_tx_api(mvm)) { 1187 /* 1188 * If we have the new TX/queue allocation API initialize them 1189 * all to invalid numbers. We'll rewrite the ones that we need 1190 * later, but that doesn't happen for all of them all of the 1191 * time (e.g. P2P Device is optional), and if a dynamic queue 1192 * ends up getting number 2 (IWL_MVM_DQA_P2P_DEVICE_QUEUE) then 1193 * iwl_mvm_is_static_queue() erroneously returns true, and we 1194 * might have things getting stuck. 1195 */ 1196 mvm->aux_queue = IWL_MVM_INVALID_QUEUE; 1197 mvm->snif_queue = IWL_MVM_INVALID_QUEUE; 1198 mvm->probe_queue = IWL_MVM_INVALID_QUEUE; 1199 mvm->p2p_dev_queue = IWL_MVM_INVALID_QUEUE; 1200 } else { 1201 mvm->aux_queue = IWL_MVM_DQA_AUX_QUEUE; 1202 mvm->snif_queue = IWL_MVM_DQA_INJECT_MONITOR_QUEUE; 1203 mvm->probe_queue = IWL_MVM_DQA_AP_PROBE_RESP_QUEUE; 1204 mvm->p2p_dev_queue = IWL_MVM_DQA_P2P_DEVICE_QUEUE; 1205 } 1206 1207 mvm->sf_state = SF_UNINIT; 1208 if (iwl_mvm_has_unified_ucode(mvm)) 1209 iwl_fw_set_current_image(&mvm->fwrt, IWL_UCODE_REGULAR); 1210 else 1211 iwl_fw_set_current_image(&mvm->fwrt, IWL_UCODE_INIT); 1212 mvm->drop_bcn_ap_mode = true; 1213 1214 mutex_init(&mvm->mutex); 1215 spin_lock_init(&mvm->async_handlers_lock); 1216 INIT_LIST_HEAD(&mvm->time_event_list); 1217 INIT_LIST_HEAD(&mvm->aux_roc_te_list); 1218 INIT_LIST_HEAD(&mvm->async_handlers_list); 1219 spin_lock_init(&mvm->time_event_lock); 1220 INIT_LIST_HEAD(&mvm->ftm_initiator.loc_list); 1221 INIT_LIST_HEAD(&mvm->ftm_initiator.pasn_list); 1222 INIT_LIST_HEAD(&mvm->resp_pasn_list); 1223 1224 INIT_WORK(&mvm->async_handlers_wk, iwl_mvm_async_handlers_wk); 1225 INIT_WORK(&mvm->roc_done_wk, iwl_mvm_roc_done_wk); 1226 INIT_WORK(&mvm->sap_connected_wk, iwl_mvm_sap_connected_wk); 1227 INIT_DELAYED_WORK(&mvm->tdls_cs.dwork, iwl_mvm_tdls_ch_switch_work); 1228 INIT_DELAYED_WORK(&mvm->scan_timeout_dwork, iwl_mvm_scan_timeout_wk); 1229 INIT_WORK(&mvm->add_stream_wk, iwl_mvm_add_new_dqa_stream_wk); 1230 INIT_LIST_HEAD(&mvm->add_stream_txqs); 1231 spin_lock_init(&mvm->add_stream_lock); 1232 1233 init_waitqueue_head(&mvm->rx_sync_waitq); 1234 1235 mvm->queue_sync_state = 0; 1236 1237 SET_IEEE80211_DEV(mvm->hw, mvm->trans->dev); 1238 1239 spin_lock_init(&mvm->tcm.lock); 1240 INIT_DELAYED_WORK(&mvm->tcm.work, iwl_mvm_tcm_work); 1241 mvm->tcm.ts = jiffies; 1242 mvm->tcm.ll_ts = jiffies; 1243 mvm->tcm.uapsd_nonagg_ts = jiffies; 1244 1245 INIT_DELAYED_WORK(&mvm->cs_tx_unblock_dwork, iwl_mvm_tx_unblock_dwork); 1246 1247 mvm->cmd_ver.range_resp = 1248 iwl_fw_lookup_notif_ver(mvm->fw, LOCATION_GROUP, 1249 TOF_RANGE_RESPONSE_NOTIF, 5); 1250 /* we only support up to version 9 */ 1251 if (WARN_ON_ONCE(mvm->cmd_ver.range_resp > 9)) 1252 goto out_free; 1253 1254 /* 1255 * Populate the state variables that the transport layer needs 1256 * to know about. 1257 */ 1258 trans_cfg.op_mode = op_mode; 1259 trans_cfg.no_reclaim_cmds = no_reclaim_cmds; 1260 trans_cfg.n_no_reclaim_cmds = ARRAY_SIZE(no_reclaim_cmds); 1261 1262 switch (iwlwifi_mod_params.amsdu_size) { 1263 case IWL_AMSDU_DEF: 1264 trans_cfg.rx_buf_size = IWL_AMSDU_4K; 1265 break; 1266 case IWL_AMSDU_4K: 1267 trans_cfg.rx_buf_size = IWL_AMSDU_4K; 1268 break; 1269 case IWL_AMSDU_8K: 1270 trans_cfg.rx_buf_size = IWL_AMSDU_8K; 1271 break; 1272 case IWL_AMSDU_12K: 1273 trans_cfg.rx_buf_size = IWL_AMSDU_12K; 1274 break; 1275 default: 1276 pr_err("%s: Unsupported amsdu_size: %d\n", KBUILD_MODNAME, 1277 iwlwifi_mod_params.amsdu_size); 1278 trans_cfg.rx_buf_size = IWL_AMSDU_4K; 1279 } 1280 1281 trans->wide_cmd_header = true; 1282 trans_cfg.bc_table_dword = 1283 mvm->trans->trans_cfg->device_family < IWL_DEVICE_FAMILY_AX210; 1284 1285 trans_cfg.command_groups = iwl_mvm_groups; 1286 trans_cfg.command_groups_size = ARRAY_SIZE(iwl_mvm_groups); 1287 1288 trans_cfg.cmd_queue = IWL_MVM_DQA_CMD_QUEUE; 1289 trans_cfg.cmd_fifo = IWL_MVM_TX_FIFO_CMD; 1290 trans_cfg.scd_set_active = true; 1291 1292 trans_cfg.cb_data_offs = offsetof(struct ieee80211_tx_info, 1293 driver_data[2]); 1294 1295 /* Set a short watchdog for the command queue */ 1296 trans_cfg.cmd_q_wdg_timeout = 1297 iwl_mvm_get_wd_timeout(mvm, NULL, false, true); 1298 1299 snprintf(mvm->hw->wiphy->fw_version, 1300 sizeof(mvm->hw->wiphy->fw_version), 1301 "%s", fw->fw_version); 1302 1303 trans_cfg.fw_reset_handshake = fw_has_capa(&mvm->fw->ucode_capa, 1304 IWL_UCODE_TLV_CAPA_FW_RESET_HANDSHAKE); 1305 1306 trans_cfg.queue_alloc_cmd_ver = 1307 iwl_fw_lookup_cmd_ver(mvm->fw, 1308 WIDE_ID(DATA_PATH_GROUP, 1309 SCD_QUEUE_CONFIG_CMD), 1310 0); 1311 mvm->sta_remove_requires_queue_remove = 1312 trans_cfg.queue_alloc_cmd_ver > 0; 1313 1314 mvm->mld_api_is_used = iwl_mvm_has_mld_api(mvm->fw); 1315 1316 /* Configure transport layer */ 1317 iwl_trans_configure(mvm->trans, &trans_cfg); 1318 1319 trans->rx_mpdu_cmd = REPLY_RX_MPDU_CMD; 1320 trans->dbg.dest_tlv = mvm->fw->dbg.dest_tlv; 1321 trans->dbg.n_dest_reg = mvm->fw->dbg.n_dest_reg; 1322 memcpy(trans->dbg.conf_tlv, mvm->fw->dbg.conf_tlv, 1323 sizeof(trans->dbg.conf_tlv)); 1324 trans->dbg.trigger_tlv = mvm->fw->dbg.trigger_tlv; 1325 1326 trans->iml = mvm->fw->iml; 1327 trans->iml_len = mvm->fw->iml_len; 1328 1329 /* set up notification wait support */ 1330 iwl_notification_wait_init(&mvm->notif_wait); 1331 1332 /* Init phy db */ 1333 mvm->phy_db = iwl_phy_db_init(trans); 1334 if (!mvm->phy_db) { 1335 IWL_ERR(mvm, "Cannot init phy_db\n"); 1336 goto out_free; 1337 } 1338 1339 IWL_INFO(mvm, "Detected %s, REV=0x%X\n", 1340 mvm->trans->name, mvm->trans->hw_rev); 1341 1342 if (iwlwifi_mod_params.nvm_file) 1343 mvm->nvm_file_name = iwlwifi_mod_params.nvm_file; 1344 else 1345 IWL_DEBUG_EEPROM(mvm->trans->dev, 1346 "working without external nvm file\n"); 1347 1348 scan_size = iwl_mvm_scan_size(mvm); 1349 1350 mvm->scan_cmd = kmalloc(scan_size, GFP_KERNEL); 1351 if (!mvm->scan_cmd) 1352 goto out_free; 1353 mvm->scan_cmd_size = scan_size; 1354 1355 /* invalidate ids to prevent accidental removal of sta_id 0 */ 1356 mvm->aux_sta.sta_id = IWL_MVM_INVALID_STA; 1357 mvm->snif_sta.sta_id = IWL_MVM_INVALID_STA; 1358 1359 /* Set EBS as successful as long as not stated otherwise by the FW. */ 1360 mvm->last_ebs_successful = true; 1361 1362 min_backoff = iwl_mvm_min_backoff(mvm); 1363 iwl_mvm_thermal_initialize(mvm, min_backoff); 1364 1365 if (!iwl_mvm_has_new_rx_stats_api(mvm)) 1366 memset(&mvm->rx_stats_v3, 0, 1367 sizeof(struct mvm_statistics_rx_v3)); 1368 else 1369 memset(&mvm->rx_stats, 0, sizeof(struct mvm_statistics_rx)); 1370 1371 iwl_mvm_ftm_initiator_smooth_config(mvm); 1372 1373 iwl_mvm_init_time_sync(&mvm->time_sync); 1374 1375 mvm->debugfs_dir = dbgfs_dir; 1376 1377 mvm->mei_registered = !iwl_mei_register(mvm, &mei_ops); 1378 1379 iwl_mvm_mei_scan_filter_init(&mvm->mei_scan_filter); 1380 1381 if (iwl_mvm_start_get_nvm(mvm)) { 1382 /* 1383 * Getting NVM failed while CSME is the owner, but we are 1384 * registered to MEI, we'll get the NVM later when it'll be 1385 * possible to get it from CSME. 1386 */ 1387 if (trans->csme_own && mvm->mei_registered) 1388 return op_mode; 1389 1390 goto out_thermal_exit; 1391 } 1392 1393 1394 if (iwl_mvm_start_post_nvm(mvm)) 1395 goto out_thermal_exit; 1396 1397 return op_mode; 1398 1399 out_thermal_exit: 1400 iwl_mvm_thermal_exit(mvm); 1401 if (mvm->mei_registered) { 1402 iwl_mei_start_unregister(); 1403 iwl_mei_unregister_complete(); 1404 } 1405 out_free: 1406 iwl_fw_flush_dumps(&mvm->fwrt); 1407 iwl_fw_runtime_free(&mvm->fwrt); 1408 1409 if (iwlmvm_mod_params.init_dbg) 1410 return op_mode; 1411 iwl_phy_db_free(mvm->phy_db); 1412 kfree(mvm->scan_cmd); 1413 iwl_trans_op_mode_leave(trans); 1414 1415 ieee80211_free_hw(mvm->hw); 1416 return NULL; 1417} 1418 1419void iwl_mvm_stop_device(struct iwl_mvm *mvm) 1420{ 1421 lockdep_assert_held(&mvm->mutex); 1422 1423 iwl_fw_cancel_timestamp(&mvm->fwrt); 1424 1425 clear_bit(IWL_MVM_STATUS_FIRMWARE_RUNNING, &mvm->status); 1426 1427 iwl_fw_dbg_stop_sync(&mvm->fwrt); 1428 iwl_trans_stop_device(mvm->trans); 1429 iwl_free_fw_paging(&mvm->fwrt); 1430 iwl_fw_dump_conf_clear(&mvm->fwrt); 1431 iwl_mvm_mei_device_state(mvm, false); 1432} 1433 1434static void iwl_op_mode_mvm_stop(struct iwl_op_mode *op_mode) 1435{ 1436 struct iwl_mvm *mvm = IWL_OP_MODE_GET_MVM(op_mode); 1437 int i; 1438 1439 if (mvm->mei_registered) { 1440 rtnl_lock(); 1441 iwl_mei_set_netdev(NULL); 1442 rtnl_unlock(); 1443 iwl_mei_start_unregister(); 1444 } 1445 1446 /* 1447 * After we unregister from mei, the worker can't be scheduled 1448 * anymore. 1449 */ 1450 cancel_work_sync(&mvm->sap_connected_wk); 1451 1452 iwl_mvm_leds_exit(mvm); 1453 1454 iwl_mvm_thermal_exit(mvm); 1455 1456 /* 1457 * If we couldn't get ownership on the device and we couldn't 1458 * get the NVM from CSME, we haven't registered to mac80211. 1459 * In that case, we didn't fail op_mode_start, because we are 1460 * waiting for CSME to allow us to get the NVM to register to 1461 * mac80211. If that didn't happen, we haven't registered to 1462 * mac80211, hence the if below. 1463 */ 1464 if (mvm->hw_registered) 1465 ieee80211_unregister_hw(mvm->hw); 1466 1467 kfree(mvm->scan_cmd); 1468 kfree(mvm->mcast_filter_cmd); 1469 mvm->mcast_filter_cmd = NULL; 1470 1471 kfree(mvm->error_recovery_buf); 1472 mvm->error_recovery_buf = NULL; 1473 1474 iwl_mvm_ptp_remove(mvm); 1475 1476 iwl_trans_op_mode_leave(mvm->trans); 1477 1478 iwl_phy_db_free(mvm->phy_db); 1479 mvm->phy_db = NULL; 1480 1481 kfree(mvm->nvm_data); 1482 kfree(mvm->mei_nvm_data); 1483 kfree(rcu_access_pointer(mvm->csme_conn_info)); 1484 kfree(mvm->temp_nvm_data); 1485 for (i = 0; i < NVM_MAX_NUM_SECTIONS; i++) 1486 kfree(mvm->nvm_sections[i].data); 1487 1488 cancel_delayed_work_sync(&mvm->tcm.work); 1489 1490 iwl_fw_runtime_free(&mvm->fwrt); 1491 mutex_destroy(&mvm->mutex); 1492 1493 if (mvm->mei_registered) 1494 iwl_mei_unregister_complete(); 1495 1496 ieee80211_free_hw(mvm->hw); 1497} 1498 1499struct iwl_async_handler_entry { 1500 struct list_head list; 1501 struct iwl_rx_cmd_buffer rxb; 1502 enum iwl_rx_handler_context context; 1503 void (*fn)(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb); 1504}; 1505 1506void iwl_mvm_async_handlers_purge(struct iwl_mvm *mvm) 1507{ 1508 struct iwl_async_handler_entry *entry, *tmp; 1509 1510 spin_lock_bh(&mvm->async_handlers_lock); 1511 list_for_each_entry_safe(entry, tmp, &mvm->async_handlers_list, list) { 1512 iwl_free_rxb(&entry->rxb); 1513 list_del(&entry->list); 1514 kfree(entry); 1515 } 1516 spin_unlock_bh(&mvm->async_handlers_lock); 1517} 1518 1519static void iwl_mvm_async_handlers_wk(struct work_struct *wk) 1520{ 1521 struct iwl_mvm *mvm = 1522 container_of(wk, struct iwl_mvm, async_handlers_wk); 1523 struct iwl_async_handler_entry *entry, *tmp; 1524 LIST_HEAD(local_list); 1525 1526 /* Ensure that we are not in stop flow (check iwl_mvm_mac_stop) */ 1527 1528 /* 1529 * Sync with Rx path with a lock. Remove all the entries from this list, 1530 * add them to a local one (lock free), and then handle them. 1531 */ 1532 spin_lock_bh(&mvm->async_handlers_lock); 1533 list_splice_init(&mvm->async_handlers_list, &local_list); 1534 spin_unlock_bh(&mvm->async_handlers_lock); 1535 1536 list_for_each_entry_safe(entry, tmp, &local_list, list) { 1537 if (entry->context == RX_HANDLER_ASYNC_LOCKED) 1538 mutex_lock(&mvm->mutex); 1539 entry->fn(mvm, &entry->rxb); 1540 iwl_free_rxb(&entry->rxb); 1541 list_del(&entry->list); 1542 if (entry->context == RX_HANDLER_ASYNC_LOCKED) 1543 mutex_unlock(&mvm->mutex); 1544 kfree(entry); 1545 } 1546} 1547 1548static inline void iwl_mvm_rx_check_trigger(struct iwl_mvm *mvm, 1549 struct iwl_rx_packet *pkt) 1550{ 1551 struct iwl_fw_dbg_trigger_tlv *trig; 1552 struct iwl_fw_dbg_trigger_cmd *cmds_trig; 1553 int i; 1554 1555 trig = iwl_fw_dbg_trigger_on(&mvm->fwrt, NULL, 1556 FW_DBG_TRIGGER_FW_NOTIF); 1557 if (!trig) 1558 return; 1559 1560 cmds_trig = (void *)trig->data; 1561 1562 for (i = 0; i < ARRAY_SIZE(cmds_trig->cmds); i++) { 1563 /* don't collect on CMD 0 */ 1564 if (!cmds_trig->cmds[i].cmd_id) 1565 break; 1566 1567 if (cmds_trig->cmds[i].cmd_id != pkt->hdr.cmd || 1568 cmds_trig->cmds[i].group_id != pkt->hdr.group_id) 1569 continue; 1570 1571 iwl_fw_dbg_collect_trig(&mvm->fwrt, trig, 1572 "CMD 0x%02x.%02x received", 1573 pkt->hdr.group_id, pkt->hdr.cmd); 1574 break; 1575 } 1576} 1577 1578static void iwl_mvm_rx_common(struct iwl_mvm *mvm, 1579 struct iwl_rx_cmd_buffer *rxb, 1580 struct iwl_rx_packet *pkt) 1581{ 1582 unsigned int pkt_len = iwl_rx_packet_payload_len(pkt); 1583 int i; 1584 union iwl_dbg_tlv_tp_data tp_data = { .fw_pkt = pkt }; 1585 1586 iwl_dbg_tlv_time_point(&mvm->fwrt, 1587 IWL_FW_INI_TIME_POINT_FW_RSP_OR_NOTIF, &tp_data); 1588 iwl_mvm_rx_check_trigger(mvm, pkt); 1589 1590 /* 1591 * Do the notification wait before RX handlers so 1592 * even if the RX handler consumes the RXB we have 1593 * access to it in the notification wait entry. 1594 */ 1595 iwl_notification_wait_notify(&mvm->notif_wait, pkt); 1596 1597 for (i = 0; i < ARRAY_SIZE(iwl_mvm_rx_handlers); i++) { 1598 const struct iwl_rx_handlers *rx_h = &iwl_mvm_rx_handlers[i]; 1599 struct iwl_async_handler_entry *entry; 1600 1601 if (rx_h->cmd_id != WIDE_ID(pkt->hdr.group_id, pkt->hdr.cmd)) 1602 continue; 1603 1604 if (IWL_FW_CHECK(mvm, pkt_len < rx_h->min_size, 1605 "unexpected notification 0x%04x size %d, need %d\n", 1606 rx_h->cmd_id, pkt_len, rx_h->min_size)) 1607 return; 1608 1609 if (rx_h->context == RX_HANDLER_SYNC) { 1610 rx_h->fn(mvm, rxb); 1611 return; 1612 } 1613 1614 entry = kzalloc(sizeof(*entry), GFP_ATOMIC); 1615 /* we can't do much... */ 1616 if (!entry) 1617 return; 1618 1619 entry->rxb._page = rxb_steal_page(rxb); 1620 entry->rxb._offset = rxb->_offset; 1621 entry->rxb._rx_page_order = rxb->_rx_page_order; 1622 entry->fn = rx_h->fn; 1623 entry->context = rx_h->context; 1624 spin_lock(&mvm->async_handlers_lock); 1625 list_add_tail(&entry->list, &mvm->async_handlers_list); 1626 spin_unlock(&mvm->async_handlers_lock); 1627 schedule_work(&mvm->async_handlers_wk); 1628 break; 1629 } 1630} 1631 1632static void iwl_mvm_rx(struct iwl_op_mode *op_mode, 1633 struct napi_struct *napi, 1634 struct iwl_rx_cmd_buffer *rxb) 1635{ 1636 struct iwl_rx_packet *pkt = rxb_addr(rxb); 1637 struct iwl_mvm *mvm = IWL_OP_MODE_GET_MVM(op_mode); 1638 u16 cmd = WIDE_ID(pkt->hdr.group_id, pkt->hdr.cmd); 1639 1640 if (likely(cmd == WIDE_ID(LEGACY_GROUP, REPLY_RX_MPDU_CMD))) 1641 iwl_mvm_rx_rx_mpdu(mvm, napi, rxb); 1642 else if (cmd == WIDE_ID(LEGACY_GROUP, REPLY_RX_PHY_CMD)) 1643 iwl_mvm_rx_rx_phy_cmd(mvm, rxb); 1644 else 1645 iwl_mvm_rx_common(mvm, rxb, pkt); 1646} 1647 1648void iwl_mvm_rx_mq(struct iwl_op_mode *op_mode, 1649 struct napi_struct *napi, 1650 struct iwl_rx_cmd_buffer *rxb) 1651{ 1652 struct iwl_rx_packet *pkt = rxb_addr(rxb); 1653 struct iwl_mvm *mvm = IWL_OP_MODE_GET_MVM(op_mode); 1654 u16 cmd = WIDE_ID(pkt->hdr.group_id, pkt->hdr.cmd); 1655 1656 if (likely(cmd == WIDE_ID(LEGACY_GROUP, REPLY_RX_MPDU_CMD))) 1657 iwl_mvm_rx_mpdu_mq(mvm, napi, rxb, 0); 1658 else if (unlikely(cmd == WIDE_ID(DATA_PATH_GROUP, 1659 RX_QUEUES_NOTIFICATION))) 1660 iwl_mvm_rx_queue_notif(mvm, napi, rxb, 0); 1661 else if (cmd == WIDE_ID(LEGACY_GROUP, FRAME_RELEASE)) 1662 iwl_mvm_rx_frame_release(mvm, napi, rxb, 0); 1663 else if (cmd == WIDE_ID(LEGACY_GROUP, BAR_FRAME_RELEASE)) 1664 iwl_mvm_rx_bar_frame_release(mvm, napi, rxb, 0); 1665 else if (cmd == WIDE_ID(DATA_PATH_GROUP, RX_NO_DATA_NOTIF)) 1666 iwl_mvm_rx_monitor_no_data(mvm, napi, rxb, 0); 1667 else 1668 iwl_mvm_rx_common(mvm, rxb, pkt); 1669} 1670 1671static void iwl_mvm_async_cb(struct iwl_op_mode *op_mode, 1672 const struct iwl_device_cmd *cmd) 1673{ 1674 struct iwl_mvm *mvm = IWL_OP_MODE_GET_MVM(op_mode); 1675 1676 /* 1677 * For now, we only set the CMD_WANT_ASYNC_CALLBACK for ADD_STA 1678 * commands that need to block the Tx queues. 1679 */ 1680 iwl_trans_block_txq_ptrs(mvm->trans, false); 1681} 1682 1683static int iwl_mvm_is_static_queue(struct iwl_mvm *mvm, int queue) 1684{ 1685 return queue == mvm->aux_queue || queue == mvm->probe_queue || 1686 queue == mvm->p2p_dev_queue || queue == mvm->snif_queue; 1687} 1688 1689static void iwl_mvm_queue_state_change(struct iwl_op_mode *op_mode, 1690 int hw_queue, bool start) 1691{ 1692 struct iwl_mvm *mvm = IWL_OP_MODE_GET_MVM(op_mode); 1693 struct ieee80211_sta *sta; 1694 struct ieee80211_txq *txq; 1695 struct iwl_mvm_txq *mvmtxq; 1696 int i; 1697 unsigned long tid_bitmap; 1698 struct iwl_mvm_sta *mvmsta; 1699 u8 sta_id; 1700 1701 sta_id = iwl_mvm_has_new_tx_api(mvm) ? 1702 mvm->tvqm_info[hw_queue].sta_id : 1703 mvm->queue_info[hw_queue].ra_sta_id; 1704 1705 if (WARN_ON_ONCE(sta_id >= mvm->fw->ucode_capa.num_stations)) 1706 return; 1707 1708 rcu_read_lock(); 1709 1710 sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]); 1711 if (IS_ERR_OR_NULL(sta)) 1712 goto out; 1713 mvmsta = iwl_mvm_sta_from_mac80211(sta); 1714 1715 if (iwl_mvm_is_static_queue(mvm, hw_queue)) { 1716 if (!start) 1717 ieee80211_stop_queues(mvm->hw); 1718 else if (mvmsta->sta_state != IEEE80211_STA_NOTEXIST) 1719 ieee80211_wake_queues(mvm->hw); 1720 1721 goto out; 1722 } 1723 1724 if (iwl_mvm_has_new_tx_api(mvm)) { 1725 int tid = mvm->tvqm_info[hw_queue].txq_tid; 1726 1727 tid_bitmap = BIT(tid); 1728 } else { 1729 tid_bitmap = mvm->queue_info[hw_queue].tid_bitmap; 1730 } 1731 1732 for_each_set_bit(i, &tid_bitmap, IWL_MAX_TID_COUNT + 1) { 1733 int tid = i; 1734 1735 if (tid == IWL_MAX_TID_COUNT) 1736 tid = IEEE80211_NUM_TIDS; 1737 1738 txq = sta->txq[tid]; 1739 mvmtxq = iwl_mvm_txq_from_mac80211(txq); 1740 if (start) 1741 clear_bit(IWL_MVM_TXQ_STATE_STOP_FULL, &mvmtxq->state); 1742 else 1743 set_bit(IWL_MVM_TXQ_STATE_STOP_FULL, &mvmtxq->state); 1744 1745 if (start && mvmsta->sta_state != IEEE80211_STA_NOTEXIST) { 1746 local_bh_disable(); 1747 iwl_mvm_mac_itxq_xmit(mvm->hw, txq); 1748 local_bh_enable(); 1749 } 1750 } 1751 1752out: 1753 rcu_read_unlock(); 1754} 1755 1756static void iwl_mvm_stop_sw_queue(struct iwl_op_mode *op_mode, int hw_queue) 1757{ 1758 iwl_mvm_queue_state_change(op_mode, hw_queue, false); 1759} 1760 1761static void iwl_mvm_wake_sw_queue(struct iwl_op_mode *op_mode, int hw_queue) 1762{ 1763 iwl_mvm_queue_state_change(op_mode, hw_queue, true); 1764} 1765 1766static void iwl_mvm_set_rfkill_state(struct iwl_mvm *mvm) 1767{ 1768 bool state = iwl_mvm_is_radio_killed(mvm); 1769 1770 if (state) 1771 wake_up(&mvm->rx_sync_waitq); 1772 1773 wiphy_rfkill_set_hw_state(mvm->hw->wiphy, state); 1774} 1775 1776void iwl_mvm_set_hw_ctkill_state(struct iwl_mvm *mvm, bool state) 1777{ 1778 if (state) 1779 set_bit(IWL_MVM_STATUS_HW_CTKILL, &mvm->status); 1780 else 1781 clear_bit(IWL_MVM_STATUS_HW_CTKILL, &mvm->status); 1782 1783 iwl_mvm_set_rfkill_state(mvm); 1784} 1785 1786struct iwl_mvm_csme_conn_info *iwl_mvm_get_csme_conn_info(struct iwl_mvm *mvm) 1787{ 1788 return rcu_dereference_protected(mvm->csme_conn_info, 1789 lockdep_is_held(&mvm->mutex)); 1790} 1791 1792static bool iwl_mvm_set_hw_rfkill_state(struct iwl_op_mode *op_mode, bool state) 1793{ 1794 struct iwl_mvm *mvm = IWL_OP_MODE_GET_MVM(op_mode); 1795 bool rfkill_safe_init_done = READ_ONCE(mvm->rfkill_safe_init_done); 1796 bool unified = iwl_mvm_has_unified_ucode(mvm); 1797 1798 if (state) 1799 set_bit(IWL_MVM_STATUS_HW_RFKILL, &mvm->status); 1800 else 1801 clear_bit(IWL_MVM_STATUS_HW_RFKILL, &mvm->status); 1802 1803 iwl_mvm_set_rfkill_state(mvm); 1804 1805 /* iwl_run_init_mvm_ucode is waiting for results, abort it. */ 1806 if (rfkill_safe_init_done) 1807 iwl_abort_notification_waits(&mvm->notif_wait); 1808 1809 /* 1810 * Don't ask the transport to stop the firmware. We'll do it 1811 * after cfg80211 takes us down. 1812 */ 1813 if (unified) 1814 return false; 1815 1816 /* 1817 * Stop the device if we run OPERATIONAL firmware or if we are in the 1818 * middle of the calibrations. 1819 */ 1820 return state && rfkill_safe_init_done; 1821} 1822 1823static void iwl_mvm_free_skb(struct iwl_op_mode *op_mode, struct sk_buff *skb) 1824{ 1825 struct iwl_mvm *mvm = IWL_OP_MODE_GET_MVM(op_mode); 1826 struct ieee80211_tx_info *info; 1827 1828 info = IEEE80211_SKB_CB(skb); 1829 iwl_trans_free_tx_cmd(mvm->trans, info->driver_data[1]); 1830 ieee80211_free_txskb(mvm->hw, skb); 1831} 1832 1833struct iwl_mvm_reprobe { 1834 struct device *dev; 1835 struct work_struct work; 1836}; 1837 1838static void iwl_mvm_reprobe_wk(struct work_struct *wk) 1839{ 1840 struct iwl_mvm_reprobe *reprobe; 1841 1842 reprobe = container_of(wk, struct iwl_mvm_reprobe, work); 1843 if (device_reprobe(reprobe->dev)) 1844 dev_err(reprobe->dev, "reprobe failed!\n"); 1845 put_device(reprobe->dev); 1846 kfree(reprobe); 1847 module_put(THIS_MODULE); 1848} 1849 1850void iwl_mvm_nic_restart(struct iwl_mvm *mvm, bool fw_error) 1851{ 1852 iwl_abort_notification_waits(&mvm->notif_wait); 1853 iwl_dbg_tlv_del_timers(mvm->trans); 1854 1855 /* 1856 * This is a bit racy, but worst case we tell mac80211 about 1857 * a stopped/aborted scan when that was already done which 1858 * is not a problem. It is necessary to abort any os scan 1859 * here because mac80211 requires having the scan cleared 1860 * before restarting. 1861 * We'll reset the scan_status to NONE in restart cleanup in 1862 * the next start() call from mac80211. If restart isn't called 1863 * (no fw restart) scan status will stay busy. 1864 */ 1865 iwl_mvm_report_scan_aborted(mvm); 1866 1867 /* 1868 * If we're restarting already, don't cycle restarts. 1869 * If INIT fw asserted, it will likely fail again. 1870 * If WoWLAN fw asserted, don't restart either, mac80211 1871 * can't recover this since we're already half suspended. 1872 */ 1873 if (!mvm->fw_restart && fw_error) { 1874 iwl_fw_error_collect(&mvm->fwrt, false); 1875 } else if (test_bit(IWL_MVM_STATUS_STARTING, 1876 &mvm->status)) { 1877 IWL_ERR(mvm, "Starting mac, retry will be triggered anyway\n"); 1878 } else if (test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status)) { 1879 struct iwl_mvm_reprobe *reprobe; 1880 1881 IWL_ERR(mvm, 1882 "Firmware error during reconfiguration - reprobe!\n"); 1883 1884 /* 1885 * get a module reference to avoid doing this while unloading 1886 * anyway and to avoid scheduling a work with code that's 1887 * being removed. 1888 */ 1889 if (!try_module_get(THIS_MODULE)) { 1890 IWL_ERR(mvm, "Module is being unloaded - abort\n"); 1891 return; 1892 } 1893 1894 reprobe = kzalloc(sizeof(*reprobe), GFP_ATOMIC); 1895 if (!reprobe) { 1896 module_put(THIS_MODULE); 1897 return; 1898 } 1899 reprobe->dev = get_device(mvm->trans->dev); 1900 INIT_WORK(&reprobe->work, iwl_mvm_reprobe_wk); 1901 schedule_work(&reprobe->work); 1902 } else if (test_bit(IWL_MVM_STATUS_HW_RESTART_REQUESTED, 1903 &mvm->status)) { 1904 IWL_ERR(mvm, "HW restart already requested, but not started\n"); 1905 } else if (mvm->fwrt.cur_fw_img == IWL_UCODE_REGULAR && 1906 mvm->hw_registered && 1907 !test_bit(STATUS_TRANS_DEAD, &mvm->trans->status)) { 1908 /* This should be first thing before trying to collect any 1909 * data to avoid endless loops if any HW error happens while 1910 * collecting debug data. 1911 */ 1912 set_bit(IWL_MVM_STATUS_HW_RESTART_REQUESTED, &mvm->status); 1913 1914 if (mvm->fw->ucode_capa.error_log_size) { 1915 u32 src_size = mvm->fw->ucode_capa.error_log_size; 1916 u32 src_addr = mvm->fw->ucode_capa.error_log_addr; 1917 u8 *recover_buf = kzalloc(src_size, GFP_ATOMIC); 1918 1919 if (recover_buf) { 1920 mvm->error_recovery_buf = recover_buf; 1921 iwl_trans_read_mem_bytes(mvm->trans, 1922 src_addr, 1923 recover_buf, 1924 src_size); 1925 } 1926 } 1927 1928 iwl_fw_error_collect(&mvm->fwrt, false); 1929 1930 if (fw_error && mvm->fw_restart > 0) { 1931 mvm->fw_restart--; 1932 ieee80211_restart_hw(mvm->hw); 1933 } else if (mvm->fwrt.trans->dbg.restart_required) { 1934 IWL_DEBUG_INFO(mvm, "FW restart requested after debug collection\n"); 1935 mvm->fwrt.trans->dbg.restart_required = FALSE; 1936 ieee80211_restart_hw(mvm->hw); 1937 } else if (mvm->trans->trans_cfg->device_family <= IWL_DEVICE_FAMILY_8000) { 1938 ieee80211_restart_hw(mvm->hw); 1939 } 1940 } 1941} 1942 1943static void iwl_mvm_nic_error(struct iwl_op_mode *op_mode, bool sync) 1944{ 1945 struct iwl_mvm *mvm = IWL_OP_MODE_GET_MVM(op_mode); 1946 1947 if (mvm->pldr_sync) 1948 return; 1949 1950 if (!test_bit(STATUS_TRANS_DEAD, &mvm->trans->status) && 1951 !test_and_clear_bit(IWL_MVM_STATUS_SUPPRESS_ERROR_LOG_ONCE, 1952 &mvm->status)) 1953 iwl_mvm_dump_nic_error_log(mvm); 1954 1955 if (sync) { 1956 iwl_fw_error_collect(&mvm->fwrt, true); 1957 /* 1958 * Currently, the only case for sync=true is during 1959 * shutdown, so just stop in this case. If/when that 1960 * changes, we need to be a bit smarter here. 1961 */ 1962 return; 1963 } 1964 1965 /* 1966 * If the firmware crashes while we're already considering it 1967 * to be dead then don't ask for a restart, that cannot do 1968 * anything useful anyway. 1969 */ 1970 if (!test_bit(IWL_MVM_STATUS_FIRMWARE_RUNNING, &mvm->status)) 1971 return; 1972 1973 iwl_mvm_nic_restart(mvm, false); 1974} 1975 1976static void iwl_mvm_cmd_queue_full(struct iwl_op_mode *op_mode) 1977{ 1978 struct iwl_mvm *mvm = IWL_OP_MODE_GET_MVM(op_mode); 1979 1980 WARN_ON(1); 1981 iwl_mvm_nic_restart(mvm, true); 1982} 1983 1984static void iwl_op_mode_mvm_time_point(struct iwl_op_mode *op_mode, 1985 enum iwl_fw_ini_time_point tp_id, 1986 union iwl_dbg_tlv_tp_data *tp_data) 1987{ 1988 struct iwl_mvm *mvm = IWL_OP_MODE_GET_MVM(op_mode); 1989 1990 iwl_dbg_tlv_time_point(&mvm->fwrt, tp_id, tp_data); 1991} 1992 1993#define IWL_MVM_COMMON_OPS \ 1994 /* these could be differentiated */ \ 1995 .async_cb = iwl_mvm_async_cb, \ 1996 .queue_full = iwl_mvm_stop_sw_queue, \ 1997 .queue_not_full = iwl_mvm_wake_sw_queue, \ 1998 .hw_rf_kill = iwl_mvm_set_hw_rfkill_state, \ 1999 .free_skb = iwl_mvm_free_skb, \ 2000 .nic_error = iwl_mvm_nic_error, \ 2001 .cmd_queue_full = iwl_mvm_cmd_queue_full, \ 2002 .nic_config = iwl_mvm_nic_config, \ 2003 /* as we only register one, these MUST be common! */ \ 2004 .start = iwl_op_mode_mvm_start, \ 2005 .stop = iwl_op_mode_mvm_stop, \ 2006 .time_point = iwl_op_mode_mvm_time_point 2007 2008static const struct iwl_op_mode_ops iwl_mvm_ops = { 2009 IWL_MVM_COMMON_OPS, 2010 .rx = iwl_mvm_rx, 2011}; 2012 2013static void iwl_mvm_rx_mq_rss(struct iwl_op_mode *op_mode, 2014 struct napi_struct *napi, 2015 struct iwl_rx_cmd_buffer *rxb, 2016 unsigned int queue) 2017{ 2018 struct iwl_mvm *mvm = IWL_OP_MODE_GET_MVM(op_mode); 2019 struct iwl_rx_packet *pkt = rxb_addr(rxb); 2020 u16 cmd = WIDE_ID(pkt->hdr.group_id, pkt->hdr.cmd); 2021 2022 if (unlikely(queue >= mvm->trans->num_rx_queues)) 2023 return; 2024 2025 if (unlikely(cmd == WIDE_ID(LEGACY_GROUP, FRAME_RELEASE))) 2026 iwl_mvm_rx_frame_release(mvm, napi, rxb, queue); 2027 else if (unlikely(cmd == WIDE_ID(DATA_PATH_GROUP, 2028 RX_QUEUES_NOTIFICATION))) 2029 iwl_mvm_rx_queue_notif(mvm, napi, rxb, queue); 2030 else if (likely(cmd == WIDE_ID(LEGACY_GROUP, REPLY_RX_MPDU_CMD))) 2031 iwl_mvm_rx_mpdu_mq(mvm, napi, rxb, queue); 2032} 2033 2034static const struct iwl_op_mode_ops iwl_mvm_ops_mq = { 2035 IWL_MVM_COMMON_OPS, 2036 .rx = iwl_mvm_rx_mq, 2037 .rx_rss = iwl_mvm_rx_mq_rss, 2038}; 2039