aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2014-12-09 18:12:03 -0500
committerDavid S. Miller <davem@davemloft.net>2014-12-09 18:12:03 -0500
commitb5f185f33d0432cef6ff78765e033dfa8f4de068 (patch)
tree33179c016b8fc3b4d57ed7a7786079ba00b6ef4a
parent450fa21942fe2c37f0c9f52d1a33bbc081eee288 (diff)
parent81c412600f946fc1c8731685cb6c6fae8002043a (diff)
Merge tag 'master-2014-12-08' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next
John W. Linville says: ==================== pull request: wireless-next 2014-12-08 Please pull this last batch of pending wireless updates for the 3.19 tree... For the wireless bits, Johannes says: "This time I have Felix's no-status rate control work, which will allow drivers to work better with rate control even if they don't have perfect status reporting. In addition to this, a small hwsim fix from Patrik, one of the regulatory patches from Arik, and a number of cleanups and fixes I did myself. Of note is a patch where I disable CFG80211_WEXT so that compatibility is no longer selectable - this is intended as a wake-up call for anyone who's still using it, and is still easily worked around (it's a one-line patch) before we fully remove the code as well in the future." For the Bluetooth bits, Johan says: "Here's one more bluetooth-next pull request for 3.19: - Minor cleanups for ieee802154 & mac802154 - Fix for the kernel warning with !TASK_RUNNING reported by Kirill A. Shutemov - Support for another ath3k device - Fix for tracking link key based security level - Device tree bindings for btmrvl + a state update fix - Fix for wrong ACL flags on LE links" And... "In addition to the previous one this contains two more cleanups to mac802154 as well as support for some new HCI features from the Bluetooth 4.2 specification. From the original request: 'Here's what should be the last bluetooth-next pull request for 3.19. It's rather large but the majority of it is the Low Energy Secure Connections feature that's part of the Bluetooth 4.2 specification. The specification went public only this week so we couldn't publish the corresponding code before that. The code itself can nevertheless be considered fairly mature as it's been in development for over 6 months and gone through several interoperability test events. Besides LE SC the pull request contains an important fix for command complete events for mgmt sockets which also fixes some leaks of hci_conn objects when powering off or unplugging Bluetooth adapters. A smaller feature that's part of the pull request is service discovery support. This is like normal device discovery except that devices not matching specific UUIDs or strong enough RSSI are filtered out. Other changes that the pull request contains are firmware dump support to the btmrvl driver, firmware download support for Broadcom BCM20702A0 variants, as well as some coding style cleanups in 6lowpan & ieee802154/mac802154 code.'" For the NFC bits, Samuel says: "With this one we get: - NFC digital improvements for DEP support: Chaining, NACK and ATN support added. - NCI improvements: Support for p2p target, SE IO operand addition, SE operands extensions to support proprietary implementations, and a few fixes. - NFC HCI improvements: OPEN_PIPE and NOTIFY_ALL_CLEARED support, and SE IO operand addition. - A bunch of minor improvements and fixes for STMicro st21nfcb and st21nfca" For the iwlwifi bits, Emmanuel says: "Major works are CSA and TDLS. On top of that I have a new firmware API for scan and a few rate control improvements. Johannes find a few tricks to improve our CPU utilization and adds support for a new spin of 7265 called 7265D. Along with this a few random things that don't stand out." And... "I deprecate here -8.ucode since -9 has been published long ago. Along with that I have a new activity, we have now better a infrastructure for firmware debugging. This will allow to have configurable probes insides the firmware. Luca continues his work on NetDetect, this feature is now complete. All the rest is minor fixes here and there." For the Atheros bits, Kalle says: "Only ath10k changes this time and no major changes. Most visible are: o new debugfs interface for runtime firmware debugging (Yanbo) o fix shared WEP (Sujith) o don't rebuild whenever kernel version changes (Johannes) o lots of refactoring to make it easier to add new hw support (Michal) There's also smaller fixes and improvements with no point of listing here." In addition, there are a few last minute updates to ath5k, ath9k, brcmfmac, brcmsmac, mwifiex, rt2x00, rtlwifi, and wil6210. Also included is a pull of the wireless tree to pick-up the fixes originally included in "pull request: wireless 2014-12-03"... Please let me know if there are problems! ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--Documentation/devicetree/bindings/btmrvl.txt29
-rw-r--r--MAINTAINERS3
-rw-r--r--drivers/bluetooth/Kconfig1
-rw-r--r--drivers/bluetooth/ath3k.c2
-rw-r--r--drivers/bluetooth/btmrvl_debugfs.c31
-rw-r--r--drivers/bluetooth/btmrvl_drv.h20
-rw-r--r--drivers/bluetooth/btmrvl_main.c68
-rw-r--r--drivers/bluetooth/btmrvl_sdio.c304
-rw-r--r--drivers/bluetooth/btmrvl_sdio.h5
-rw-r--r--drivers/bluetooth/btusb.c4
-rw-r--r--drivers/net/ethernet/broadcom/b44.c2
-rw-r--r--drivers/net/ieee802154/cc2520.c2
-rw-r--r--drivers/net/wireless/ath/ath10k/core.c13
-rw-r--r--drivers/net/wireless/ath/ath10k/core.h13
-rw-r--r--drivers/net/wireless/ath/ath10k/debug.c262
-rw-r--r--drivers/net/wireless/ath/ath10k/debug.h10
-rw-r--r--drivers/net/wireless/ath/ath10k/hif.h43
-rw-r--r--drivers/net/wireless/ath/ath10k/htc.c13
-rw-r--r--drivers/net/wireless/ath/ath10k/htt.h7
-rw-r--r--drivers/net/wireless/ath/ath10k/htt_rx.c1169
-rw-r--r--drivers/net/wireless/ath/ath10k/htt_tx.c7
-rw-r--r--drivers/net/wireless/ath/ath10k/hw.h15
-rw-r--r--drivers/net/wireless/ath/ath10k/mac.c202
-rw-r--r--drivers/net/wireless/ath/ath10k/mac.h4
-rw-r--r--drivers/net/wireless/ath/ath10k/pci.c28
-rw-r--r--drivers/net/wireless/ath/ath10k/trace.h31
-rw-r--r--drivers/net/wireless/ath/ath10k/wmi.c61
-rw-r--r--drivers/net/wireless/ath/ath10k/wmi.h128
-rw-r--r--drivers/net/wireless/ath/ath5k/qcu.c8
-rw-r--r--drivers/net/wireless/ath/ath9k/ar9002_mac.c8
-rw-r--r--drivers/net/wireless/ath/ath9k/ar9003_eeprom.c47
-rw-r--r--drivers/net/wireless/ath/ath9k/ar9003_mac.c8
-rw-r--r--drivers/net/wireless/ath/ath9k/ar9003_phy.c174
-rw-r--r--drivers/net/wireless/ath/ath9k/ath9k.h1
-rw-r--r--drivers/net/wireless/ath/ath9k/beacon.c5
-rw-r--r--drivers/net/wireless/ath/ath9k/hw.h10
-rw-r--r--drivers/net/wireless/ath/ath9k/init.c9
-rw-r--r--drivers/net/wireless/ath/ath9k/mac.c9
-rw-r--r--drivers/net/wireless/ath/ath9k/mac.h2
-rw-r--r--drivers/net/wireless/ath/ath9k/main.c18
-rw-r--r--drivers/net/wireless/ath/ath9k/reg.h2
-rw-r--r--drivers/net/wireless/ath/ath9k/xmit.c37
-rw-r--r--drivers/net/wireless/ath/dfs_pattern_detector.c4
-rw-r--r--drivers/net/wireless/ath/wil6210/cfg80211.c2
-rw-r--r--drivers/net/wireless/ath/wil6210/debug.c17
-rw-r--r--drivers/net/wireless/ath/wil6210/debugfs.c8
-rw-r--r--drivers/net/wireless/ath/wil6210/fw.c1
-rw-r--r--drivers/net/wireless/ath/wil6210/fw_inc.c4
-rw-r--r--drivers/net/wireless/ath/wil6210/interrupt.c30
-rw-r--r--drivers/net/wireless/ath/wil6210/main.c63
-rw-r--r--drivers/net/wireless/ath/wil6210/txrx.c11
-rw-r--r--drivers/net/wireless/ath/wil6210/wil6210.h15
-rw-r--r--drivers/net/wireless/ath/wil6210/wmi.c8
-rw-r--r--drivers/net/wireless/brcm80211/brcmfmac/cfg80211.c253
-rw-r--r--drivers/net/wireless/brcm80211/brcmfmac/cfg80211.h2
-rw-r--r--drivers/net/wireless/brcm80211/brcmfmac/core.c39
-rw-r--r--drivers/net/wireless/brcm80211/brcmfmac/core.h3
-rw-r--r--drivers/net/wireless/brcm80211/brcmfmac/feature.c23
-rw-r--r--drivers/net/wireless/brcm80211/brcmfmac/feature.h1
-rw-r--r--drivers/net/wireless/brcm80211/brcmfmac/fweh.c6
-rw-r--r--drivers/net/wireless/brcm80211/brcmfmac/fwil.c18
-rw-r--r--drivers/net/wireless/brcm80211/brcmfmac/fwil_types.h6
-rw-r--r--drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c10
-rw-r--r--drivers/net/wireless/brcm80211/brcmfmac/pcie.c6
-rw-r--r--drivers/net/wireless/brcm80211/brcmfmac/vendor.c15
-rw-r--r--drivers/net/wireless/brcm80211/brcmsmac/debug.c40
-rw-r--r--drivers/net/wireless/brcm80211/brcmsmac/main.c8
-rw-r--r--drivers/net/wireless/brcm80211/brcmutil/utils.c16
-rw-r--r--drivers/net/wireless/brcm80211/include/brcm_hw_ids.h2
-rw-r--r--drivers/net/wireless/brcm80211/include/brcmu_utils.h2
-rw-r--r--drivers/net/wireless/iwlwifi/Kconfig2
-rw-r--r--drivers/net/wireless/iwlwifi/dvm/commands.h31
-rw-r--r--drivers/net/wireless/iwlwifi/dvm/lib.c47
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-7000.c48
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-8000.c27
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-config.h11
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-csr.h39
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-debug.h3
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-drv.c195
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-eeprom-parse.c2
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-fw-error-dump.h3
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-fw-file.h308
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-fw.h243
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-nvm-parse.c5
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-op-mode.h3
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-prph.h10
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-trans.h21
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/coex.c16
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/coex_legacy.c19
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/constants.h6
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/d3.c384
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/debugfs.c15
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/fw-api-coex.h9
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/fw-api-d3.h6
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/fw-api-power.h2
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/fw-api-scan.h297
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/fw-api.h179
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/fw.c74
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/mac-ctxt.c103
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/mac80211.c423
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/mvm.h138
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/nvm.c31
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/offloading.c2
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/ops.c76
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/phy-ctxt.c4
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/power.c40
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/rs.c45
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/rx.c150
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/scan.c753
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/sta.c301
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/sta.h5
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/tdls.c569
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/time-event.c146
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/time-event.h4
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/tt.c71
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/tx.c39
-rw-r--r--drivers/net/wireless/iwlwifi/pcie/drv.c20
-rw-r--r--drivers/net/wireless/iwlwifi/pcie/trans.c367
-rw-r--r--drivers/net/wireless/iwlwifi/pcie/tx.c99
-rw-r--r--drivers/net/wireless/mac80211_hwsim.c5
-rw-r--r--drivers/net/wireless/mwifiex/11n.c4
-rw-r--r--drivers/net/wireless/mwifiex/11n_rxreorder.c6
-rw-r--r--drivers/net/wireless/mwifiex/cfg80211.c57
-rw-r--r--drivers/net/wireless/mwifiex/decl.h4
-rw-r--r--drivers/net/wireless/mwifiex/fw.h17
-rw-r--r--drivers/net/wireless/mwifiex/init.c3
-rw-r--r--drivers/net/wireless/mwifiex/main.c68
-rw-r--r--drivers/net/wireless/mwifiex/main.h13
-rw-r--r--drivers/net/wireless/mwifiex/scan.c2
-rw-r--r--drivers/net/wireless/mwifiex/sta_event.c5
-rw-r--r--drivers/net/wireless/mwifiex/sta_tx.c6
-rw-r--r--drivers/net/wireless/mwifiex/txrx.c31
-rw-r--r--drivers/net/wireless/mwifiex/uap_event.c5
-rw-r--r--drivers/net/wireless/mwifiex/uap_txrx.c11
-rw-r--r--drivers/net/wireless/mwifiex/util.c2
-rw-r--r--drivers/net/wireless/mwifiex/wmm.c42
-rw-r--r--drivers/net/wireless/p54/net2280.h451
-rw-r--r--drivers/net/wireless/p54/p54usb.h13
-rw-r--r--drivers/net/wireless/rt2x00/rt2500usb.c8
-rw-r--r--drivers/net/wireless/rt2x00/rt2800lib.c45
-rw-r--r--drivers/net/wireless/rt2x00/rt2x00.h5
-rw-r--r--drivers/net/wireless/rt2x00/rt2x00usb.c24
-rw-r--r--drivers/net/wireless/rt2x00/rt2x00usb.h2
-rw-r--r--drivers/net/wireless/rt2x00/rt73usb.c2
-rw-r--r--drivers/net/wireless/rtlwifi/core.c14
-rw-r--r--drivers/net/wireless/rtlwifi/rtl8192ce/hw.c3
-rw-r--r--drivers/net/wireless/rtlwifi/rtl8192ce/sw.c3
-rw-r--r--drivers/net/wireless/rtlwifi/rtl8192ce/trx.c24
-rw-r--r--drivers/net/wireless/rtlwifi/rtl8192ce/trx.h2
-rw-r--r--drivers/net/wireless/rtlwifi/rtl8192ee/Makefile5
-rw-r--r--drivers/net/wireless/rtlwifi/rtl8723ae/Makefile3
-rw-r--r--drivers/net/wireless/rtlwifi/rtl8723be/Makefile3
-rw-r--r--drivers/net/wireless/rtlwifi/rtl8821ae/Makefile3
-rw-r--r--drivers/net/wireless/ti/wlcore/event.c5
-rw-r--r--drivers/nfc/pn544/i2c.c2
-rw-r--r--drivers/nfc/st21nfca/i2c.c41
-rw-r--r--drivers/nfc/st21nfca/st21nfca.c32
-rw-r--r--drivers/nfc/st21nfca/st21nfca.h2
-rw-r--r--drivers/nfc/st21nfca/st21nfca_dep.c47
-rw-r--r--drivers/nfc/st21nfca/st21nfca_dep.h4
-rw-r--r--drivers/nfc/st21nfcb/i2c.c39
-rw-r--r--drivers/nfc/st21nfcb/ndlc.c2
-rw-r--r--drivers/ssb/pcihost_wrapper.c33
-rw-r--r--include/linux/platform_data/st21nfca.h1
-rw-r--r--include/linux/platform_data/st21nfcb.h1
-rw-r--r--include/net/bluetooth/hci.h41
-rw-r--r--include/net/bluetooth/hci_core.h39
-rw-r--r--include/net/bluetooth/l2cap.h6
-rw-r--r--include/net/bluetooth/mgmt.h12
-rw-r--r--include/net/cfg80211.h63
-rw-r--r--include/net/mac80211.h32
-rw-r--r--include/net/nfc/digital.h13
-rw-r--r--include/net/nfc/hci.h4
-rw-r--r--include/net/nfc/nci.h37
-rw-r--r--include/net/nfc/nci_core.h9
-rw-r--r--include/net/nfc/nfc.h2
-rw-r--r--include/net/regulatory.h12
-rw-r--r--include/uapi/linux/nfc.h23
-rw-r--r--include/uapi/linux/nl80211.h7
-rw-r--r--net/6lowpan/iphc.c3
-rw-r--r--net/bluetooth/Kconfig1
-rw-r--r--net/bluetooth/Makefile2
-rw-r--r--net/bluetooth/af_bluetooth.c2
-rw-r--r--net/bluetooth/ecc.c816
-rw-r--r--net/bluetooth/ecc.h54
-rw-r--r--net/bluetooth/hci_conn.c1
-rw-r--r--net/bluetooth/hci_core.c239
-rw-r--r--net/bluetooth/hci_event.c155
-rw-r--r--net/bluetooth/l2cap_core.c55
-rw-r--r--net/bluetooth/mgmt.c869
-rw-r--r--net/bluetooth/smp.c1543
-rw-r--r--net/bluetooth/smp.h51
-rw-r--r--net/ieee802154/6lowpan_rtnl.c3
-rw-r--r--net/ieee802154/af_ieee802154.c4
-rw-r--r--net/ieee802154/dgram.c1
-rw-r--r--net/ieee802154/netlink.c5
-rw-r--r--net/ieee802154/nl-mac.c16
-rw-r--r--net/ieee802154/nl-phy.c3
-rw-r--r--net/ieee802154/raw.c1
-rw-r--r--net/mac80211/chan.c23
-rw-r--r--net/mac80211/iface.c1
-rw-r--r--net/mac80211/mlme.c24
-rw-r--r--net/mac80211/rate.c3
-rw-r--r--net/mac80211/rate.h24
-rw-r--r--net/mac80211/rc80211_minstrel.c5
-rw-r--r--net/mac80211/rc80211_minstrel_ht.c15
-rw-r--r--net/mac80211/status.c113
-rw-r--r--net/mac80211/trace.h6
-rw-r--r--net/mac80211/tx.c2
-rw-r--r--net/mac80211/util.c11
-rw-r--r--net/mac802154/iface.c8
-rw-r--r--net/mac802154/llsec.c19
-rw-r--r--net/mac802154/mib.c6
-rw-r--r--net/mac802154/rx.c3
-rw-r--r--net/nfc/digital_dep.c834
-rw-r--r--net/nfc/hci/command.c3
-rw-r--r--net/nfc/hci/core.c56
-rw-r--r--net/nfc/llcp_commands.c6
-rw-r--r--net/nfc/llcp_core.c5
-rw-r--r--net/nfc/llcp_sock.c6
-rw-r--r--net/nfc/nci/core.c150
-rw-r--r--net/nfc/nci/data.c24
-rw-r--r--net/nfc/nci/ntf.c152
-rw-r--r--net/nfc/netlink.c77
-rw-r--r--net/wireless/Kconfig2
-rw-r--r--net/wireless/core.c14
-rw-r--r--net/wireless/nl80211.c260
-rw-r--r--net/wireless/reg.c107
228 files changed, 12428 insertions, 3574 deletions
diff --git a/Documentation/devicetree/bindings/btmrvl.txt b/Documentation/devicetree/bindings/btmrvl.txt
new file mode 100644
index 000000000000..58f964bb0a52
--- /dev/null
+++ b/Documentation/devicetree/bindings/btmrvl.txt
@@ -0,0 +1,29 @@
1btmrvl
2------
3
4Required properties:
5
6 - compatible : must be "btmrvl,cfgdata"
7
8Optional properties:
9
10 - btmrvl,cal-data : Calibration data downloaded to the device during
11 initialization. This is an array of 28 values(u8).
12
13 - btmrvl,gpio-gap : gpio and gap (in msecs) combination to be
14 configured.
15
16Example:
17
18GPIO pin 13 is configured as a wakeup source and GAP is set to 100 msecs
19in below example.
20
21btmrvl {
22 compatible = "btmrvl,cfgdata";
23
24 btmrvl,cal-data = /bits/ 8 <
25 0x37 0x01 0x1c 0x00 0xff 0xff 0xff 0xff 0x01 0x7f 0x04 0x02
26 0x00 0x00 0xba 0xce 0xc0 0xc6 0x2d 0x00 0x00 0x00 0x00 0x00
27 0x00 0x00 0xf0 0x00>;
28 btmrvl,gpio-gap = <0x0d64>;
29};
diff --git a/MAINTAINERS b/MAINTAINERS
index c95153559ed2..cb3221d2436b 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -7919,11 +7919,10 @@ S: Maintained
7919F: drivers/media/dvb-frontends/rtl2832_sdr* 7919F: drivers/media/dvb-frontends/rtl2832_sdr*
7920 7920
7921RTL8180 WIRELESS DRIVER 7921RTL8180 WIRELESS DRIVER
7922M: "John W. Linville" <linville@tuxdriver.com>
7923L: linux-wireless@vger.kernel.org 7922L: linux-wireless@vger.kernel.org
7924W: http://wireless.kernel.org/ 7923W: http://wireless.kernel.org/
7925T: git git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-testing.git 7924T: git git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-testing.git
7926S: Maintained 7925S: Orphan
7927F: drivers/net/wireless/rtl818x/rtl8180/ 7926F: drivers/net/wireless/rtl818x/rtl8180/
7928 7927
7929RTL8187 WIRELESS DRIVER 7928RTL8187 WIRELESS DRIVER
diff --git a/drivers/bluetooth/Kconfig b/drivers/bluetooth/Kconfig
index 4547dc238fc7..364f080768d0 100644
--- a/drivers/bluetooth/Kconfig
+++ b/drivers/bluetooth/Kconfig
@@ -210,6 +210,7 @@ config BT_MRVL_SDIO
210 tristate "Marvell BT-over-SDIO driver" 210 tristate "Marvell BT-over-SDIO driver"
211 depends on BT_MRVL && MMC 211 depends on BT_MRVL && MMC
212 select FW_LOADER 212 select FW_LOADER
213 select WANT_DEV_COREDUMP
213 help 214 help
214 The driver for Marvell Bluetooth chipsets with SDIO interface. 215 The driver for Marvell Bluetooth chipsets with SDIO interface.
215 216
diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c
index 25c874da5f2b..fce758896280 100644
--- a/drivers/bluetooth/ath3k.c
+++ b/drivers/bluetooth/ath3k.c
@@ -106,6 +106,7 @@ static const struct usb_device_id ath3k_table[] = {
106 { USB_DEVICE(0x13d3, 0x3375) }, 106 { USB_DEVICE(0x13d3, 0x3375) },
107 { USB_DEVICE(0x13d3, 0x3393) }, 107 { USB_DEVICE(0x13d3, 0x3393) },
108 { USB_DEVICE(0x13d3, 0x3402) }, 108 { USB_DEVICE(0x13d3, 0x3402) },
109 { USB_DEVICE(0x13d3, 0x3408) },
109 { USB_DEVICE(0x13d3, 0x3432) }, 110 { USB_DEVICE(0x13d3, 0x3432) },
110 111
111 /* Atheros AR5BBU12 with sflash firmware */ 112 /* Atheros AR5BBU12 with sflash firmware */
@@ -158,6 +159,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = {
158 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, 159 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
159 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, 160 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
160 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, 161 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
162 { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
161 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, 163 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
162 164
163 /* Atheros AR5BBU22 with sflash firmware */ 165 /* Atheros AR5BBU22 with sflash firmware */
diff --git a/drivers/bluetooth/btmrvl_debugfs.c b/drivers/bluetooth/btmrvl_debugfs.c
index 023d35e3c7a7..1828ed8cae7a 100644
--- a/drivers/bluetooth/btmrvl_debugfs.c
+++ b/drivers/bluetooth/btmrvl_debugfs.c
@@ -167,6 +167,35 @@ static const struct file_operations btmrvl_hscmd_fops = {
167 .llseek = default_llseek, 167 .llseek = default_llseek,
168}; 168};
169 169
170static ssize_t btmrvl_fwdump_write(struct file *file, const char __user *ubuf,
171 size_t count, loff_t *ppos)
172{
173 struct btmrvl_private *priv = file->private_data;
174 char buf[16];
175 bool result;
176
177 memset(buf, 0, sizeof(buf));
178
179 if (copy_from_user(&buf, ubuf, min_t(size_t, sizeof(buf) - 1, count)))
180 return -EFAULT;
181
182 if (strtobool(buf, &result))
183 return -EINVAL;
184
185 if (!result)
186 return -EINVAL;
187
188 btmrvl_firmware_dump(priv);
189
190 return count;
191}
192
193static const struct file_operations btmrvl_fwdump_fops = {
194 .write = btmrvl_fwdump_write,
195 .open = simple_open,
196 .llseek = default_llseek,
197};
198
170void btmrvl_debugfs_init(struct hci_dev *hdev) 199void btmrvl_debugfs_init(struct hci_dev *hdev)
171{ 200{
172 struct btmrvl_private *priv = hci_get_drvdata(hdev); 201 struct btmrvl_private *priv = hci_get_drvdata(hdev);
@@ -197,6 +226,8 @@ void btmrvl_debugfs_init(struct hci_dev *hdev)
197 priv, &btmrvl_hscmd_fops); 226 priv, &btmrvl_hscmd_fops);
198 debugfs_create_file("hscfgcmd", 0644, dbg->config_dir, 227 debugfs_create_file("hscfgcmd", 0644, dbg->config_dir,
199 priv, &btmrvl_hscfgcmd_fops); 228 priv, &btmrvl_hscfgcmd_fops);
229 debugfs_create_file("fw_dump", 0200, dbg->config_dir,
230 priv, &btmrvl_fwdump_fops);
200 231
201 dbg->status_dir = debugfs_create_dir("status", hdev->debugfs); 232 dbg->status_dir = debugfs_create_dir("status", hdev->debugfs);
202 debugfs_create_u8("curpsmode", 0444, dbg->status_dir, 233 debugfs_create_u8("curpsmode", 0444, dbg->status_dir,
diff --git a/drivers/bluetooth/btmrvl_drv.h b/drivers/bluetooth/btmrvl_drv.h
index 38ad66289ad6..330f8f84928d 100644
--- a/drivers/bluetooth/btmrvl_drv.h
+++ b/drivers/bluetooth/btmrvl_drv.h
@@ -32,6 +32,24 @@
32/* Time to wait for command response in millisecond */ 32/* Time to wait for command response in millisecond */
33#define WAIT_UNTIL_CMD_RESP 5000 33#define WAIT_UNTIL_CMD_RESP 5000
34 34
35enum rdwr_status {
36 RDWR_STATUS_SUCCESS = 0,
37 RDWR_STATUS_FAILURE = 1,
38 RDWR_STATUS_DONE = 2
39};
40
41#define FW_DUMP_MAX_NAME_LEN 8
42#define FW_DUMP_HOST_READY 0xEE
43#define FW_DUMP_DONE 0xFF
44#define FW_DUMP_READ_DONE 0xFE
45
46struct memory_type_mapping {
47 u8 mem_name[FW_DUMP_MAX_NAME_LEN];
48 u8 *mem_ptr;
49 u32 mem_size;
50 u8 done_flag;
51};
52
35struct btmrvl_thread { 53struct btmrvl_thread {
36 struct task_struct *task; 54 struct task_struct *task;
37 wait_queue_head_t wait_q; 55 wait_queue_head_t wait_q;
@@ -81,6 +99,7 @@ struct btmrvl_private {
81 u8 *payload, u16 nb); 99 u8 *payload, u16 nb);
82 int (*hw_wakeup_firmware) (struct btmrvl_private *priv); 100 int (*hw_wakeup_firmware) (struct btmrvl_private *priv);
83 int (*hw_process_int_status) (struct btmrvl_private *priv); 101 int (*hw_process_int_status) (struct btmrvl_private *priv);
102 void (*firmware_dump)(struct btmrvl_private *priv);
84 spinlock_t driver_lock; /* spinlock used by driver */ 103 spinlock_t driver_lock; /* spinlock used by driver */
85#ifdef CONFIG_DEBUG_FS 104#ifdef CONFIG_DEBUG_FS
86 void *debugfs_data; 105 void *debugfs_data;
@@ -151,6 +170,7 @@ int btmrvl_send_hscfg_cmd(struct btmrvl_private *priv);
151int btmrvl_enable_ps(struct btmrvl_private *priv); 170int btmrvl_enable_ps(struct btmrvl_private *priv);
152int btmrvl_prepare_command(struct btmrvl_private *priv); 171int btmrvl_prepare_command(struct btmrvl_private *priv);
153int btmrvl_enable_hs(struct btmrvl_private *priv); 172int btmrvl_enable_hs(struct btmrvl_private *priv);
173void btmrvl_firmware_dump(struct btmrvl_private *priv);
154 174
155#ifdef CONFIG_DEBUG_FS 175#ifdef CONFIG_DEBUG_FS
156void btmrvl_debugfs_init(struct hci_dev *hdev); 176void btmrvl_debugfs_init(struct hci_dev *hdev);
diff --git a/drivers/bluetooth/btmrvl_main.c b/drivers/bluetooth/btmrvl_main.c
index 1d7db2064889..30939c993d94 100644
--- a/drivers/bluetooth/btmrvl_main.c
+++ b/drivers/bluetooth/btmrvl_main.c
@@ -22,6 +22,7 @@
22#include <linux/of.h> 22#include <linux/of.h>
23#include <net/bluetooth/bluetooth.h> 23#include <net/bluetooth/bluetooth.h>
24#include <net/bluetooth/hci_core.h> 24#include <net/bluetooth/hci_core.h>
25#include <linux/mmc/sdio_func.h>
25 26
26#include "btmrvl_drv.h" 27#include "btmrvl_drv.h"
27#include "btmrvl_sdio.h" 28#include "btmrvl_sdio.h"
@@ -41,6 +42,11 @@ void btmrvl_interrupt(struct btmrvl_private *priv)
41 42
42 priv->adapter->int_count++; 43 priv->adapter->int_count++;
43 44
45 if (priv->adapter->hs_state == HS_ACTIVATED) {
46 BT_DBG("BT: HS DEACTIVATED in ISR!");
47 priv->adapter->hs_state = HS_DEACTIVATED;
48 }
49
44 wake_up_interruptible(&priv->main_thread.wait_q); 50 wake_up_interruptible(&priv->main_thread.wait_q);
45} 51}
46EXPORT_SYMBOL_GPL(btmrvl_interrupt); 52EXPORT_SYMBOL_GPL(btmrvl_interrupt);
@@ -209,7 +215,7 @@ int btmrvl_send_module_cfg_cmd(struct btmrvl_private *priv, u8 subcmd)
209 215
210 ret = btmrvl_send_sync_cmd(priv, BT_CMD_MODULE_CFG_REQ, &subcmd, 1); 216 ret = btmrvl_send_sync_cmd(priv, BT_CMD_MODULE_CFG_REQ, &subcmd, 1);
211 if (ret) 217 if (ret)
212 BT_ERR("module_cfg_cmd(%x) failed\n", subcmd); 218 BT_ERR("module_cfg_cmd(%x) failed", subcmd);
213 219
214 return ret; 220 return ret;
215} 221}
@@ -245,7 +251,7 @@ int btmrvl_send_hscfg_cmd(struct btmrvl_private *priv)
245 251
246 ret = btmrvl_send_sync_cmd(priv, BT_CMD_HOST_SLEEP_CONFIG, param, 2); 252 ret = btmrvl_send_sync_cmd(priv, BT_CMD_HOST_SLEEP_CONFIG, param, 2);
247 if (ret) 253 if (ret)
248 BT_ERR("HSCFG command failed\n"); 254 BT_ERR("HSCFG command failed");
249 255
250 return ret; 256 return ret;
251} 257}
@@ -263,7 +269,7 @@ int btmrvl_enable_ps(struct btmrvl_private *priv)
263 269
264 ret = btmrvl_send_sync_cmd(priv, BT_CMD_AUTO_SLEEP_MODE, &param, 1); 270 ret = btmrvl_send_sync_cmd(priv, BT_CMD_AUTO_SLEEP_MODE, &param, 1);
265 if (ret) 271 if (ret)
266 BT_ERR("PSMODE command failed\n"); 272 BT_ERR("PSMODE command failed");
267 273
268 return 0; 274 return 0;
269} 275}
@@ -276,7 +282,7 @@ int btmrvl_enable_hs(struct btmrvl_private *priv)
276 282
277 ret = btmrvl_send_sync_cmd(priv, BT_CMD_HOST_SLEEP_ENABLE, NULL, 0); 283 ret = btmrvl_send_sync_cmd(priv, BT_CMD_HOST_SLEEP_ENABLE, NULL, 0);
278 if (ret) { 284 if (ret) {
279 BT_ERR("Host sleep enable command failed\n"); 285 BT_ERR("Host sleep enable command failed");
280 return ret; 286 return ret;
281 } 287 }
282 288
@@ -323,12 +329,19 @@ int btmrvl_prepare_command(struct btmrvl_private *priv)
323 } else { 329 } else {
324 ret = priv->hw_wakeup_firmware(priv); 330 ret = priv->hw_wakeup_firmware(priv);
325 priv->adapter->hs_state = HS_DEACTIVATED; 331 priv->adapter->hs_state = HS_DEACTIVATED;
332 BT_DBG("BT: HS DEACTIVATED due to host activity!");
326 } 333 }
327 } 334 }
328 335
329 return ret; 336 return ret;
330} 337}
331 338
339void btmrvl_firmware_dump(struct btmrvl_private *priv)
340{
341 if (priv->firmware_dump)
342 priv->firmware_dump(priv);
343}
344
332static int btmrvl_tx_pkt(struct btmrvl_private *priv, struct sk_buff *skb) 345static int btmrvl_tx_pkt(struct btmrvl_private *priv, struct sk_buff *skb)
333{ 346{
334 int ret = 0; 347 int ret = 0;
@@ -487,34 +500,36 @@ static int btmrvl_download_cal_data(struct btmrvl_private *priv,
487 ret = btmrvl_send_sync_cmd(priv, BT_CMD_LOAD_CONFIG_DATA, data, 500 ret = btmrvl_send_sync_cmd(priv, BT_CMD_LOAD_CONFIG_DATA, data,
488 BT_CAL_HDR_LEN + len); 501 BT_CAL_HDR_LEN + len);
489 if (ret) 502 if (ret)
490 BT_ERR("Failed to download caibration data\n"); 503 BT_ERR("Failed to download caibration data");
491 504
492 return 0; 505 return 0;
493} 506}
494 507
495static int btmrvl_cal_data_dt(struct btmrvl_private *priv) 508static int btmrvl_check_device_tree(struct btmrvl_private *priv)
496{ 509{
497 struct device_node *dt_node; 510 struct device_node *dt_node;
498 u8 cal_data[BT_CAL_HDR_LEN + BT_CAL_DATA_SIZE]; 511 u8 cal_data[BT_CAL_HDR_LEN + BT_CAL_DATA_SIZE];
499 const char name[] = "btmrvl_caldata";
500 const char property[] = "btmrvl,caldata";
501 int ret; 512 int ret;
502 513 u32 val;
503 dt_node = of_find_node_by_name(NULL, name); 514
504 if (!dt_node) 515 for_each_compatible_node(dt_node, NULL, "btmrvl,cfgdata") {
505 return -ENODEV; 516 ret = of_property_read_u32(dt_node, "btmrvl,gpio-gap", &val);
506 517 if (!ret)
507 ret = of_property_read_u8_array(dt_node, property, 518 priv->btmrvl_dev.gpio_gap = val;
508 cal_data + BT_CAL_HDR_LEN, 519
509 BT_CAL_DATA_SIZE); 520 ret = of_property_read_u8_array(dt_node, "btmrvl,cal-data",
510 if (ret) 521 cal_data + BT_CAL_HDR_LEN,
511 return ret; 522 BT_CAL_DATA_SIZE);
512 523 if (ret)
513 BT_DBG("Use cal data from device tree"); 524 return ret;
514 ret = btmrvl_download_cal_data(priv, cal_data, BT_CAL_DATA_SIZE); 525
515 if (ret) { 526 BT_DBG("Use cal data from device tree");
516 BT_ERR("Fail to download calibrate data"); 527 ret = btmrvl_download_cal_data(priv, cal_data,
517 return ret; 528 BT_CAL_DATA_SIZE);
529 if (ret) {
530 BT_ERR("Fail to download calibrate data");
531 return ret;
532 }
518 } 533 }
519 534
520 return 0; 535 return 0;
@@ -526,14 +541,15 @@ static int btmrvl_setup(struct hci_dev *hdev)
526 541
527 btmrvl_send_module_cfg_cmd(priv, MODULE_BRINGUP_REQ); 542 btmrvl_send_module_cfg_cmd(priv, MODULE_BRINGUP_REQ);
528 543
529 btmrvl_cal_data_dt(priv); 544 priv->btmrvl_dev.gpio_gap = 0xffff;
545
546 btmrvl_check_device_tree(priv);
530 547
531 btmrvl_pscan_window_reporting(priv, 0x01); 548 btmrvl_pscan_window_reporting(priv, 0x01);
532 549
533 priv->btmrvl_dev.psmode = 1; 550 priv->btmrvl_dev.psmode = 1;
534 btmrvl_enable_ps(priv); 551 btmrvl_enable_ps(priv);
535 552
536 priv->btmrvl_dev.gpio_gap = 0xffff;
537 btmrvl_send_hscfg_cmd(priv); 553 btmrvl_send_hscfg_cmd(priv);
538 554
539 return 0; 555 return 0;
diff --git a/drivers/bluetooth/btmrvl_sdio.c b/drivers/bluetooth/btmrvl_sdio.c
index 550bce089fa6..0057c0b7a776 100644
--- a/drivers/bluetooth/btmrvl_sdio.c
+++ b/drivers/bluetooth/btmrvl_sdio.c
@@ -24,6 +24,7 @@
24#include <linux/mmc/sdio_ids.h> 24#include <linux/mmc/sdio_ids.h>
25#include <linux/mmc/sdio_func.h> 25#include <linux/mmc/sdio_func.h>
26#include <linux/module.h> 26#include <linux/module.h>
27#include <linux/devcoredump.h>
27 28
28#include <net/bluetooth/bluetooth.h> 29#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h> 30#include <net/bluetooth/hci_core.h>
@@ -33,6 +34,24 @@
33 34
34#define VERSION "1.0" 35#define VERSION "1.0"
35 36
37static struct memory_type_mapping mem_type_mapping_tbl[] = {
38 {"ITCM", NULL, 0, 0xF0},
39 {"DTCM", NULL, 0, 0xF1},
40 {"SQRAM", NULL, 0, 0xF2},
41 {"APU", NULL, 0, 0xF3},
42 {"CIU", NULL, 0, 0xF4},
43 {"ICU", NULL, 0, 0xF5},
44 {"MAC", NULL, 0, 0xF6},
45 {"EXT7", NULL, 0, 0xF7},
46 {"EXT8", NULL, 0, 0xF8},
47 {"EXT9", NULL, 0, 0xF9},
48 {"EXT10", NULL, 0, 0xFA},
49 {"EXT11", NULL, 0, 0xFB},
50 {"EXT12", NULL, 0, 0xFC},
51 {"EXT13", NULL, 0, 0xFD},
52 {"EXTLAST", NULL, 0, 0xFE},
53};
54
36/* The btmrvl_sdio_remove() callback function is called 55/* The btmrvl_sdio_remove() callback function is called
37 * when user removes this module from kernel space or ejects 56 * when user removes this module from kernel space or ejects
38 * the card from the slot. The driver handles these 2 cases 57 * the card from the slot. The driver handles these 2 cases
@@ -122,6 +141,9 @@ static const struct btmrvl_sdio_card_reg btmrvl_reg_8897 = {
122 .int_read_to_clear = true, 141 .int_read_to_clear = true,
123 .host_int_rsr = 0x01, 142 .host_int_rsr = 0x01,
124 .card_misc_cfg = 0xcc, 143 .card_misc_cfg = 0xcc,
144 .fw_dump_ctrl = 0xe2,
145 .fw_dump_start = 0xe3,
146 .fw_dump_end = 0xea,
125}; 147};
126 148
127static const struct btmrvl_sdio_device btmrvl_sdio_sd8688 = { 149static const struct btmrvl_sdio_device btmrvl_sdio_sd8688 = {
@@ -130,6 +152,7 @@ static const struct btmrvl_sdio_device btmrvl_sdio_sd8688 = {
130 .reg = &btmrvl_reg_8688, 152 .reg = &btmrvl_reg_8688,
131 .support_pscan_win_report = false, 153 .support_pscan_win_report = false,
132 .sd_blksz_fw_dl = 64, 154 .sd_blksz_fw_dl = 64,
155 .supports_fw_dump = false,
133}; 156};
134 157
135static const struct btmrvl_sdio_device btmrvl_sdio_sd8787 = { 158static const struct btmrvl_sdio_device btmrvl_sdio_sd8787 = {
@@ -138,6 +161,7 @@ static const struct btmrvl_sdio_device btmrvl_sdio_sd8787 = {
138 .reg = &btmrvl_reg_87xx, 161 .reg = &btmrvl_reg_87xx,
139 .support_pscan_win_report = false, 162 .support_pscan_win_report = false,
140 .sd_blksz_fw_dl = 256, 163 .sd_blksz_fw_dl = 256,
164 .supports_fw_dump = false,
141}; 165};
142 166
143static const struct btmrvl_sdio_device btmrvl_sdio_sd8797 = { 167static const struct btmrvl_sdio_device btmrvl_sdio_sd8797 = {
@@ -146,6 +170,7 @@ static const struct btmrvl_sdio_device btmrvl_sdio_sd8797 = {
146 .reg = &btmrvl_reg_87xx, 170 .reg = &btmrvl_reg_87xx,
147 .support_pscan_win_report = false, 171 .support_pscan_win_report = false,
148 .sd_blksz_fw_dl = 256, 172 .sd_blksz_fw_dl = 256,
173 .supports_fw_dump = false,
149}; 174};
150 175
151static const struct btmrvl_sdio_device btmrvl_sdio_sd8887 = { 176static const struct btmrvl_sdio_device btmrvl_sdio_sd8887 = {
@@ -154,6 +179,7 @@ static const struct btmrvl_sdio_device btmrvl_sdio_sd8887 = {
154 .reg = &btmrvl_reg_8887, 179 .reg = &btmrvl_reg_8887,
155 .support_pscan_win_report = true, 180 .support_pscan_win_report = true,
156 .sd_blksz_fw_dl = 256, 181 .sd_blksz_fw_dl = 256,
182 .supports_fw_dump = false,
157}; 183};
158 184
159static const struct btmrvl_sdio_device btmrvl_sdio_sd8897 = { 185static const struct btmrvl_sdio_device btmrvl_sdio_sd8897 = {
@@ -162,6 +188,7 @@ static const struct btmrvl_sdio_device btmrvl_sdio_sd8897 = {
162 .reg = &btmrvl_reg_8897, 188 .reg = &btmrvl_reg_8897,
163 .support_pscan_win_report = true, 189 .support_pscan_win_report = true,
164 .sd_blksz_fw_dl = 256, 190 .sd_blksz_fw_dl = 256,
191 .supports_fw_dump = true,
165}; 192};
166 193
167static const struct sdio_device_id btmrvl_sdio_ids[] = { 194static const struct sdio_device_id btmrvl_sdio_ids[] = {
@@ -764,8 +791,8 @@ static void btmrvl_sdio_interrupt(struct sdio_func *func)
764 791
765 card = sdio_get_drvdata(func); 792 card = sdio_get_drvdata(func);
766 if (!card || !card->priv) { 793 if (!card || !card->priv) {
767 BT_ERR("sbi_interrupt(%p) card or priv is " 794 BT_ERR("sbi_interrupt(%p) card or priv is NULL, card=%p",
768 "NULL, card=%p\n", func, card); 795 func, card);
769 return; 796 return;
770 } 797 }
771 798
@@ -1080,6 +1107,277 @@ static int btmrvl_sdio_wakeup_fw(struct btmrvl_private *priv)
1080 return ret; 1107 return ret;
1081} 1108}
1082 1109
1110static void btmrvl_sdio_dump_regs(struct btmrvl_private *priv)
1111{
1112 struct btmrvl_sdio_card *card = priv->btmrvl_dev.card;
1113 int ret = 0;
1114 unsigned int reg, reg_start, reg_end;
1115 char buf[256], *ptr;
1116 u8 loop, func, data;
1117 int MAX_LOOP = 2;
1118
1119 btmrvl_sdio_wakeup_fw(priv);
1120 sdio_claim_host(card->func);
1121
1122 for (loop = 0; loop < MAX_LOOP; loop++) {
1123 memset(buf, 0, sizeof(buf));
1124 ptr = buf;
1125
1126 if (loop == 0) {
1127 /* Read the registers of SDIO function0 */
1128 func = loop;
1129 reg_start = 0;
1130 reg_end = 9;
1131 } else {
1132 func = 2;
1133 reg_start = 0;
1134 reg_end = 0x09;
1135 }
1136
1137 ptr += sprintf(ptr, "SDIO Func%d (%#x-%#x): ",
1138 func, reg_start, reg_end);
1139 for (reg = reg_start; reg <= reg_end; reg++) {
1140 if (func == 0)
1141 data = sdio_f0_readb(card->func, reg, &ret);
1142 else
1143 data = sdio_readb(card->func, reg, &ret);
1144
1145 if (!ret) {
1146 ptr += sprintf(ptr, "%02x ", data);
1147 } else {
1148 ptr += sprintf(ptr, "ERR");
1149 break;
1150 }
1151 }
1152
1153 BT_INFO("%s", buf);
1154 }
1155
1156 sdio_release_host(card->func);
1157}
1158
1159/* This function read/write firmware */
1160static enum
1161rdwr_status btmrvl_sdio_rdwr_firmware(struct btmrvl_private *priv,
1162 u8 doneflag)
1163{
1164 struct btmrvl_sdio_card *card = priv->btmrvl_dev.card;
1165 int ret, tries;
1166 u8 ctrl_data = 0;
1167
1168 sdio_writeb(card->func, FW_DUMP_HOST_READY, card->reg->fw_dump_ctrl,
1169 &ret);
1170
1171 if (ret) {
1172 BT_ERR("SDIO write err");
1173 return RDWR_STATUS_FAILURE;
1174 }
1175
1176 for (tries = 0; tries < MAX_POLL_TRIES; tries++) {
1177 ctrl_data = sdio_readb(card->func, card->reg->fw_dump_ctrl,
1178 &ret);
1179
1180 if (ret) {
1181 BT_ERR("SDIO read err");
1182 return RDWR_STATUS_FAILURE;
1183 }
1184
1185 if (ctrl_data == FW_DUMP_DONE)
1186 break;
1187 if (doneflag && ctrl_data == doneflag)
1188 return RDWR_STATUS_DONE;
1189 if (ctrl_data != FW_DUMP_HOST_READY) {
1190 BT_INFO("The ctrl reg was changed, re-try again!");
1191 sdio_writeb(card->func, FW_DUMP_HOST_READY,
1192 card->reg->fw_dump_ctrl, &ret);
1193 if (ret) {
1194 BT_ERR("SDIO write err");
1195 return RDWR_STATUS_FAILURE;
1196 }
1197 }
1198 usleep_range(100, 200);
1199 }
1200
1201 if (ctrl_data == FW_DUMP_HOST_READY) {
1202 BT_ERR("Fail to pull ctrl_data");
1203 return RDWR_STATUS_FAILURE;
1204 }
1205
1206 return RDWR_STATUS_SUCCESS;
1207}
1208
1209/* This function dump sdio register and memory data */
1210static void btmrvl_sdio_dump_firmware(struct btmrvl_private *priv)
1211{
1212 struct btmrvl_sdio_card *card = priv->btmrvl_dev.card;
1213 int ret = 0;
1214 unsigned int reg, reg_start, reg_end;
1215 enum rdwr_status stat;
1216 u8 *dbg_ptr, *end_ptr, *fw_dump_data, *fw_dump_ptr;
1217 u8 dump_num, idx, i, read_reg, doneflag = 0;
1218 u32 memory_size, fw_dump_len = 0;
1219
1220 /* dump sdio register first */
1221 btmrvl_sdio_dump_regs(priv);
1222
1223 if (!card->supports_fw_dump) {
1224 BT_ERR("Firmware dump not supported for this card!");
1225 return;
1226 }
1227
1228 for (idx = 0; idx < ARRAY_SIZE(mem_type_mapping_tbl); idx++) {
1229 struct memory_type_mapping *entry = &mem_type_mapping_tbl[idx];
1230
1231 if (entry->mem_ptr) {
1232 vfree(entry->mem_ptr);
1233 entry->mem_ptr = NULL;
1234 }
1235 entry->mem_size = 0;
1236 }
1237
1238 btmrvl_sdio_wakeup_fw(priv);
1239 sdio_claim_host(card->func);
1240
1241 BT_INFO("== btmrvl firmware dump start ==");
1242
1243 stat = btmrvl_sdio_rdwr_firmware(priv, doneflag);
1244 if (stat == RDWR_STATUS_FAILURE)
1245 goto done;
1246
1247 reg = card->reg->fw_dump_start;
1248 /* Read the number of the memories which will dump */
1249 dump_num = sdio_readb(card->func, reg, &ret);
1250
1251 if (ret) {
1252 BT_ERR("SDIO read memory length err");
1253 goto done;
1254 }
1255
1256 /* Read the length of every memory which will dump */
1257 for (idx = 0; idx < dump_num; idx++) {
1258 struct memory_type_mapping *entry = &mem_type_mapping_tbl[idx];
1259
1260 stat = btmrvl_sdio_rdwr_firmware(priv, doneflag);
1261 if (stat == RDWR_STATUS_FAILURE)
1262 goto done;
1263
1264 memory_size = 0;
1265 reg = card->reg->fw_dump_start;
1266 for (i = 0; i < 4; i++) {
1267 read_reg = sdio_readb(card->func, reg, &ret);
1268 if (ret) {
1269 BT_ERR("SDIO read err");
1270 goto done;
1271 }
1272 memory_size |= (read_reg << i*8);
1273 reg++;
1274 }
1275
1276 if (memory_size == 0) {
1277 BT_INFO("Firmware dump finished!");
1278 break;
1279 }
1280
1281 BT_INFO("%s_SIZE=0x%x", entry->mem_name, memory_size);
1282 entry->mem_ptr = vzalloc(memory_size + 1);
1283 entry->mem_size = memory_size;
1284 if (!entry->mem_ptr) {
1285 BT_ERR("Vzalloc %s failed", entry->mem_name);
1286 goto done;
1287 }
1288
1289 fw_dump_len += (strlen("========Start dump ") +
1290 strlen(entry->mem_name) +
1291 strlen("========\n") +
1292 (memory_size + 1) +
1293 strlen("\n========End dump========\n"));
1294
1295 dbg_ptr = entry->mem_ptr;
1296 end_ptr = dbg_ptr + memory_size;
1297
1298 doneflag = entry->done_flag;
1299 BT_INFO("Start %s output, please wait...",
1300 entry->mem_name);
1301
1302 do {
1303 stat = btmrvl_sdio_rdwr_firmware(priv, doneflag);
1304 if (stat == RDWR_STATUS_FAILURE)
1305 goto done;
1306
1307 reg_start = card->reg->fw_dump_start;
1308 reg_end = card->reg->fw_dump_end;
1309 for (reg = reg_start; reg <= reg_end; reg++) {
1310 *dbg_ptr = sdio_readb(card->func, reg, &ret);
1311 if (ret) {
1312 BT_ERR("SDIO read err");
1313 goto done;
1314 }
1315 if (dbg_ptr < end_ptr)
1316 dbg_ptr++;
1317 else
1318 BT_ERR("Allocated buffer not enough");
1319 }
1320
1321 if (stat != RDWR_STATUS_DONE) {
1322 continue;
1323 } else {
1324 BT_INFO("%s done: size=0x%tx",
1325 entry->mem_name,
1326 dbg_ptr - entry->mem_ptr);
1327 break;
1328 }
1329 } while (1);
1330 }
1331
1332 BT_INFO("== btmrvl firmware dump end ==");
1333
1334done:
1335 sdio_release_host(card->func);
1336
1337 if (fw_dump_len == 0)
1338 return;
1339
1340 fw_dump_data = vzalloc(fw_dump_len+1);
1341 if (!fw_dump_data) {
1342 BT_ERR("Vzalloc fw_dump_data fail!");
1343 return;
1344 }
1345 fw_dump_ptr = fw_dump_data;
1346
1347 /* Dump all the memory data into single file, a userspace script will
1348 be used to split all the memory data to multiple files*/
1349 BT_INFO("== btmrvl firmware dump to /sys/class/devcoredump start");
1350 for (idx = 0; idx < dump_num; idx++) {
1351 struct memory_type_mapping *entry = &mem_type_mapping_tbl[idx];
1352
1353 if (entry->mem_ptr) {
1354 strcpy(fw_dump_ptr, "========Start dump ");
1355 fw_dump_ptr += strlen("========Start dump ");
1356
1357 strcpy(fw_dump_ptr, entry->mem_name);
1358 fw_dump_ptr += strlen(entry->mem_name);
1359
1360 strcpy(fw_dump_ptr, "========\n");
1361 fw_dump_ptr += strlen("========\n");
1362
1363 memcpy(fw_dump_ptr, entry->mem_ptr, entry->mem_size);
1364 fw_dump_ptr += entry->mem_size;
1365
1366 strcpy(fw_dump_ptr, "\n========End dump========\n");
1367 fw_dump_ptr += strlen("\n========End dump========\n");
1368
1369 vfree(mem_type_mapping_tbl[idx].mem_ptr);
1370 mem_type_mapping_tbl[idx].mem_ptr = NULL;
1371 }
1372 }
1373
1374 /* fw_dump_data will be free in device coredump release function
1375 after 5 min*/
1376 dev_coredumpv(&priv->btmrvl_dev.hcidev->dev, fw_dump_data,
1377 fw_dump_len, GFP_KERNEL);
1378 BT_INFO("== btmrvl firmware dump to /sys/class/devcoredump end");
1379}
1380
1083static int btmrvl_sdio_probe(struct sdio_func *func, 1381static int btmrvl_sdio_probe(struct sdio_func *func,
1084 const struct sdio_device_id *id) 1382 const struct sdio_device_id *id)
1085{ 1383{
@@ -1103,6 +1401,7 @@ static int btmrvl_sdio_probe(struct sdio_func *func,
1103 card->reg = data->reg; 1401 card->reg = data->reg;
1104 card->sd_blksz_fw_dl = data->sd_blksz_fw_dl; 1402 card->sd_blksz_fw_dl = data->sd_blksz_fw_dl;
1105 card->support_pscan_win_report = data->support_pscan_win_report; 1403 card->support_pscan_win_report = data->support_pscan_win_report;
1404 card->supports_fw_dump = data->supports_fw_dump;
1106 } 1405 }
1107 1406
1108 if (btmrvl_sdio_register_dev(card) < 0) { 1407 if (btmrvl_sdio_register_dev(card) < 0) {
@@ -1134,6 +1433,7 @@ static int btmrvl_sdio_probe(struct sdio_func *func,
1134 priv->hw_host_to_card = btmrvl_sdio_host_to_card; 1433 priv->hw_host_to_card = btmrvl_sdio_host_to_card;
1135 priv->hw_wakeup_firmware = btmrvl_sdio_wakeup_fw; 1434 priv->hw_wakeup_firmware = btmrvl_sdio_wakeup_fw;
1136 priv->hw_process_int_status = btmrvl_sdio_process_int_status; 1435 priv->hw_process_int_status = btmrvl_sdio_process_int_status;
1436 priv->firmware_dump = btmrvl_sdio_dump_firmware;
1137 1437
1138 if (btmrvl_register_hdev(priv)) { 1438 if (btmrvl_register_hdev(priv)) {
1139 BT_ERR("Register hdev failed!"); 1439 BT_ERR("Register hdev failed!");
diff --git a/drivers/bluetooth/btmrvl_sdio.h b/drivers/bluetooth/btmrvl_sdio.h
index 453559f98a75..1a3bd064c442 100644
--- a/drivers/bluetooth/btmrvl_sdio.h
+++ b/drivers/bluetooth/btmrvl_sdio.h
@@ -81,6 +81,9 @@ struct btmrvl_sdio_card_reg {
81 bool int_read_to_clear; 81 bool int_read_to_clear;
82 u8 host_int_rsr; 82 u8 host_int_rsr;
83 u8 card_misc_cfg; 83 u8 card_misc_cfg;
84 u8 fw_dump_ctrl;
85 u8 fw_dump_start;
86 u8 fw_dump_end;
84}; 87};
85 88
86struct btmrvl_sdio_card { 89struct btmrvl_sdio_card {
@@ -90,6 +93,7 @@ struct btmrvl_sdio_card {
90 const char *firmware; 93 const char *firmware;
91 const struct btmrvl_sdio_card_reg *reg; 94 const struct btmrvl_sdio_card_reg *reg;
92 bool support_pscan_win_report; 95 bool support_pscan_win_report;
96 bool supports_fw_dump;
93 u16 sd_blksz_fw_dl; 97 u16 sd_blksz_fw_dl;
94 u8 rx_unit; 98 u8 rx_unit;
95 struct btmrvl_private *priv; 99 struct btmrvl_private *priv;
@@ -101,6 +105,7 @@ struct btmrvl_sdio_device {
101 const struct btmrvl_sdio_card_reg *reg; 105 const struct btmrvl_sdio_card_reg *reg;
102 const bool support_pscan_win_report; 106 const bool support_pscan_win_report;
103 u16 sd_blksz_fw_dl; 107 u16 sd_blksz_fw_dl;
108 bool supports_fw_dump;
104}; 109};
105 110
106 111
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index 7c13d7a8d83c..31dd24ac9926 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -110,7 +110,8 @@ static const struct usb_device_id btusb_table[] = {
110 .driver_info = BTUSB_BCM_PATCHRAM }, 110 .driver_info = BTUSB_BCM_PATCHRAM },
111 111
112 /* Foxconn - Hon Hai */ 112 /* Foxconn - Hon Hai */
113 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01) }, 113 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01),
114 .driver_info = BTUSB_BCM_PATCHRAM },
114 115
115 /* Broadcom devices with vendor specific id */ 116 /* Broadcom devices with vendor specific id */
116 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01), 117 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01),
@@ -185,6 +186,7 @@ static const struct usb_device_id blacklist_table[] = {
185 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, 186 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
186 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, 187 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
187 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, 188 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
189 { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
188 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, 190 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
189 191
190 /* Atheros AR5BBU12 with sflash firmware */ 192 /* Atheros AR5BBU12 with sflash firmware */
diff --git a/drivers/net/ethernet/broadcom/b44.c b/drivers/net/ethernet/broadcom/b44.c
index 416620fa8fac..ffeaf476a120 100644
--- a/drivers/net/ethernet/broadcom/b44.c
+++ b/drivers/net/ethernet/broadcom/b44.c
@@ -2104,6 +2104,7 @@ static int b44_set_wol(struct net_device *dev, struct ethtool_wolinfo *wol)
2104 bp->flags &= ~B44_FLAG_WOL_ENABLE; 2104 bp->flags &= ~B44_FLAG_WOL_ENABLE;
2105 spin_unlock_irq(&bp->lock); 2105 spin_unlock_irq(&bp->lock);
2106 2106
2107 device_set_wakeup_enable(bp->sdev->dev, wol->wolopts & WAKE_MAGIC);
2107 return 0; 2108 return 0;
2108} 2109}
2109 2110
@@ -2452,6 +2453,7 @@ static int b44_init_one(struct ssb_device *sdev,
2452 } 2453 }
2453 } 2454 }
2454 2455
2456 device_set_wakeup_capable(sdev->dev, true);
2455 netdev_info(dev, "%s %pM\n", DRV_DESCRIPTION, dev->dev_addr); 2457 netdev_info(dev, "%s %pM\n", DRV_DESCRIPTION, dev->dev_addr);
2456 2458
2457 return 0; 2459 return 0;
diff --git a/drivers/net/ieee802154/cc2520.c b/drivers/net/ieee802154/cc2520.c
index ccbb082f3391..f9df9fa86d5f 100644
--- a/drivers/net/ieee802154/cc2520.c
+++ b/drivers/net/ieee802154/cc2520.c
@@ -858,7 +858,7 @@ static int cc2520_probe(struct spi_device *spi)
858 pinctrl = devm_pinctrl_get_select_default(&spi->dev); 858 pinctrl = devm_pinctrl_get_select_default(&spi->dev);
859 if (IS_ERR(pinctrl)) 859 if (IS_ERR(pinctrl))
860 dev_warn(&spi->dev, 860 dev_warn(&spi->dev,
861 "pinctrl pins are not configured"); 861 "pinctrl pins are not configured\n");
862 862
863 pdata = cc2520_get_platform_data(spi); 863 pdata = cc2520_get_platform_data(spi);
864 if (!pdata) { 864 if (!pdata) {
diff --git a/drivers/net/wireless/ath/ath10k/core.c b/drivers/net/wireless/ath/ath10k/core.c
index f660553c6c48..7762061a1944 100644
--- a/drivers/net/wireless/ath/ath10k/core.c
+++ b/drivers/net/wireless/ath/ath10k/core.c
@@ -799,6 +799,17 @@ static void ath10k_core_restart(struct work_struct *work)
799 mutex_unlock(&ar->conf_mutex); 799 mutex_unlock(&ar->conf_mutex);
800} 800}
801 801
802static void ath10k_core_init_max_sta_count(struct ath10k *ar)
803{
804 if (test_bit(ATH10K_FW_FEATURE_WMI_10X, ar->fw_features)) {
805 ar->max_num_peers = TARGET_10X_NUM_PEERS;
806 ar->max_num_stations = TARGET_10X_NUM_STATIONS;
807 } else {
808 ar->max_num_peers = TARGET_NUM_PEERS;
809 ar->max_num_stations = TARGET_NUM_STATIONS;
810 }
811}
812
802int ath10k_core_start(struct ath10k *ar, enum ath10k_firmware_mode mode) 813int ath10k_core_start(struct ath10k *ar, enum ath10k_firmware_mode mode)
803{ 814{
804 int status; 815 int status;
@@ -1035,6 +1046,8 @@ static int ath10k_core_probe_fw(struct ath10k *ar)
1035 return ret; 1046 return ret;
1036 } 1047 }
1037 1048
1049 ath10k_core_init_max_sta_count(ar);
1050
1038 mutex_lock(&ar->conf_mutex); 1051 mutex_lock(&ar->conf_mutex);
1039 1052
1040 ret = ath10k_core_start(ar, ATH10K_FIRMWARE_MODE_NORMAL); 1053 ret = ath10k_core_start(ar, ATH10K_FIRMWARE_MODE_NORMAL);
diff --git a/drivers/net/wireless/ath/ath10k/core.h b/drivers/net/wireless/ath/ath10k/core.h
index 8f86bd34e823..514c219263a5 100644
--- a/drivers/net/wireless/ath/ath10k/core.h
+++ b/drivers/net/wireless/ath/ath10k/core.h
@@ -79,10 +79,12 @@ static inline const char *ath10k_bus_str(enum ath10k_bus bus)
79 79
80struct ath10k_skb_cb { 80struct ath10k_skb_cb {
81 dma_addr_t paddr; 81 dma_addr_t paddr;
82 u8 eid;
82 u8 vdev_id; 83 u8 vdev_id;
83 84
84 struct { 85 struct {
85 u8 tid; 86 u8 tid;
87 u16 freq;
86 bool is_offchan; 88 bool is_offchan;
87 struct ath10k_htt_txbuf *txbuf; 89 struct ath10k_htt_txbuf *txbuf;
88 u32 txbuf_paddr; 90 u32 txbuf_paddr;
@@ -122,6 +124,7 @@ struct ath10k_wmi {
122 struct completion service_ready; 124 struct completion service_ready;
123 struct completion unified_ready; 125 struct completion unified_ready;
124 wait_queue_head_t tx_credits_wq; 126 wait_queue_head_t tx_credits_wq;
127 DECLARE_BITMAP(svc_map, WMI_SERVICE_MAX);
125 struct wmi_cmd_map *cmd; 128 struct wmi_cmd_map *cmd;
126 struct wmi_vdev_param_map *vdev_param; 129 struct wmi_vdev_param_map *vdev_param;
127 struct wmi_pdev_param_map *pdev_param; 130 struct wmi_pdev_param_map *pdev_param;
@@ -218,6 +221,8 @@ struct ath10k_peer {
218 int vdev_id; 221 int vdev_id;
219 u8 addr[ETH_ALEN]; 222 u8 addr[ETH_ALEN];
220 DECLARE_BITMAP(peer_ids, ATH10K_MAX_NUM_PEER_IDS); 223 DECLARE_BITMAP(peer_ids, ATH10K_MAX_NUM_PEER_IDS);
224
225 /* protected by ar->data_lock */
221 struct ieee80211_key_conf *keys[WMI_MAX_KEY_INDEX + 1]; 226 struct ieee80211_key_conf *keys[WMI_MAX_KEY_INDEX + 1];
222}; 227};
223 228
@@ -310,7 +315,6 @@ struct ath10k_debug {
310 struct ath10k_fw_stats fw_stats; 315 struct ath10k_fw_stats fw_stats;
311 struct completion fw_stats_complete; 316 struct completion fw_stats_complete;
312 bool fw_stats_done; 317 bool fw_stats_done;
313 DECLARE_BITMAP(wmi_service_bitmap, WMI_SERVICE_MAX);
314 318
315 unsigned long htt_stats_mask; 319 unsigned long htt_stats_mask;
316 struct delayed_work htt_stats_dwork; 320 struct delayed_work htt_stats_dwork;
@@ -320,6 +324,7 @@ struct ath10k_debug {
320 /* protected by conf_mutex */ 324 /* protected by conf_mutex */
321 u32 fw_dbglog_mask; 325 u32 fw_dbglog_mask;
322 u32 pktlog_filter; 326 u32 pktlog_filter;
327 u32 reg_addr;
323 328
324 u8 htt_max_amsdu; 329 u8 htt_max_amsdu;
325 u8 htt_max_ampdu; 330 u8 htt_max_ampdu;
@@ -560,8 +565,12 @@ struct ath10k {
560 struct list_head peers; 565 struct list_head peers;
561 wait_queue_head_t peer_mapping_wq; 566 wait_queue_head_t peer_mapping_wq;
562 567
563 /* number of created peers; protected by data_lock */ 568 /* protected by conf_mutex */
564 int num_peers; 569 int num_peers;
570 int num_stations;
571
572 int max_num_peers;
573 int max_num_stations;
565 574
566 struct work_struct offchan_tx_work; 575 struct work_struct offchan_tx_work;
567 struct sk_buff_head offchan_tx_queue; 576 struct sk_buff_head offchan_tx_queue;
diff --git a/drivers/net/wireless/ath/ath10k/debug.c b/drivers/net/wireless/ath/ath10k/debug.c
index a8f5a72ba259..a716758f14b0 100644
--- a/drivers/net/wireless/ath/ath10k/debug.c
+++ b/drivers/net/wireless/ath/ath10k/debug.c
@@ -17,9 +17,8 @@
17 17
18#include <linux/module.h> 18#include <linux/module.h>
19#include <linux/debugfs.h> 19#include <linux/debugfs.h>
20#include <linux/version.h>
21#include <linux/vermagic.h>
22#include <linux/vmalloc.h> 20#include <linux/vmalloc.h>
21#include <linux/utsname.h>
23 22
24#include "core.h" 23#include "core.h"
25#include "debug.h" 24#include "debug.h"
@@ -124,7 +123,7 @@ EXPORT_SYMBOL(ath10k_info);
124 123
125void ath10k_print_driver_info(struct ath10k *ar) 124void ath10k_print_driver_info(struct ath10k *ar)
126{ 125{
127 ath10k_info(ar, "%s (0x%08x, 0x%08x) fw %s api %d htt %d.%d wmi %d.%d.%d.%d cal %s\n", 126 ath10k_info(ar, "%s (0x%08x, 0x%08x) fw %s api %d htt %d.%d wmi %d.%d.%d.%d cal %s max_sta %d\n",
128 ar->hw_params.name, 127 ar->hw_params.name,
129 ar->target_version, 128 ar->target_version,
130 ar->chip_id, 129 ar->chip_id,
@@ -136,7 +135,8 @@ void ath10k_print_driver_info(struct ath10k *ar)
136 ar->fw_version_minor, 135 ar->fw_version_minor,
137 ar->fw_version_release, 136 ar->fw_version_release,
138 ar->fw_version_build, 137 ar->fw_version_build,
139 ath10k_cal_mode_str(ar->cal_mode)); 138 ath10k_cal_mode_str(ar->cal_mode),
139 ar->max_num_stations);
140 ath10k_info(ar, "debug %d debugfs %d tracing %d dfs %d testmode %d\n", 140 ath10k_info(ar, "debug %d debugfs %d tracing %d dfs %d testmode %d\n",
141 config_enabled(CONFIG_ATH10K_DEBUG), 141 config_enabled(CONFIG_ATH10K_DEBUG),
142 config_enabled(CONFIG_ATH10K_DEBUGFS), 142 config_enabled(CONFIG_ATH10K_DEBUGFS),
@@ -179,13 +179,6 @@ EXPORT_SYMBOL(ath10k_warn);
179 179
180#ifdef CONFIG_ATH10K_DEBUGFS 180#ifdef CONFIG_ATH10K_DEBUGFS
181 181
182void ath10k_debug_read_service_map(struct ath10k *ar,
183 const void *service_map,
184 size_t map_size)
185{
186 memcpy(ar->debug.wmi_service_bitmap, service_map, map_size);
187}
188
189static ssize_t ath10k_read_wmi_services(struct file *file, 182static ssize_t ath10k_read_wmi_services(struct file *file,
190 char __user *user_buf, 183 char __user *user_buf,
191 size_t count, loff_t *ppos) 184 size_t count, loff_t *ppos)
@@ -207,8 +200,9 @@ static ssize_t ath10k_read_wmi_services(struct file *file,
207 if (len > buf_len) 200 if (len > buf_len)
208 len = buf_len; 201 len = buf_len;
209 202
203 spin_lock_bh(&ar->data_lock);
210 for (i = 0; i < WMI_SERVICE_MAX; i++) { 204 for (i = 0; i < WMI_SERVICE_MAX; i++) {
211 enabled = test_bit(i, ar->debug.wmi_service_bitmap); 205 enabled = test_bit(i, ar->wmi.svc_map);
212 name = wmi_service_name(i); 206 name = wmi_service_name(i);
213 207
214 if (!name) { 208 if (!name) {
@@ -224,6 +218,7 @@ static ssize_t ath10k_read_wmi_services(struct file *file,
224 "%-40s %s\n", 218 "%-40s %s\n",
225 name, enabled ? "enabled" : "-"); 219 name, enabled ? "enabled" : "-");
226 } 220 }
221 spin_unlock_bh(&ar->data_lock);
227 222
228 ret_cnt = simple_read_from_buffer(user_buf, count, ppos, buf, len); 223 ret_cnt = simple_read_from_buffer(user_buf, count, ppos, buf, len);
229 224
@@ -866,8 +861,8 @@ static struct ath10k_dump_file_data *ath10k_build_dump_file(struct ath10k *ar)
866 strlcpy(dump_data->fw_ver, ar->hw->wiphy->fw_version, 861 strlcpy(dump_data->fw_ver, ar->hw->wiphy->fw_version,
867 sizeof(dump_data->fw_ver)); 862 sizeof(dump_data->fw_ver));
868 863
869 dump_data->kernel_ver_code = cpu_to_le32(LINUX_VERSION_CODE); 864 dump_data->kernel_ver_code = 0;
870 strlcpy(dump_data->kernel_ver, VERMAGIC_STRING, 865 strlcpy(dump_data->kernel_ver, init_utsname()->release,
871 sizeof(dump_data->kernel_ver)); 866 sizeof(dump_data->kernel_ver));
872 867
873 dump_data->tv_sec = cpu_to_le64(crash_data->timestamp.tv_sec); 868 dump_data->tv_sec = cpu_to_le64(crash_data->timestamp.tv_sec);
@@ -929,6 +924,236 @@ static const struct file_operations fops_fw_crash_dump = {
929 .llseek = default_llseek, 924 .llseek = default_llseek,
930}; 925};
931 926
927static ssize_t ath10k_reg_addr_read(struct file *file,
928 char __user *user_buf,
929 size_t count, loff_t *ppos)
930{
931 struct ath10k *ar = file->private_data;
932 u8 buf[32];
933 unsigned int len = 0;
934 u32 reg_addr;
935
936 mutex_lock(&ar->conf_mutex);
937 reg_addr = ar->debug.reg_addr;
938 mutex_unlock(&ar->conf_mutex);
939
940 len += scnprintf(buf + len, sizeof(buf) - len, "0x%x\n", reg_addr);
941
942 return simple_read_from_buffer(user_buf, count, ppos, buf, len);
943}
944
945static ssize_t ath10k_reg_addr_write(struct file *file,
946 const char __user *user_buf,
947 size_t count, loff_t *ppos)
948{
949 struct ath10k *ar = file->private_data;
950 u32 reg_addr;
951 int ret;
952
953 ret = kstrtou32_from_user(user_buf, count, 0, &reg_addr);
954 if (ret)
955 return ret;
956
957 if (!IS_ALIGNED(reg_addr, 4))
958 return -EFAULT;
959
960 mutex_lock(&ar->conf_mutex);
961 ar->debug.reg_addr = reg_addr;
962 mutex_unlock(&ar->conf_mutex);
963
964 return count;
965}
966
967static const struct file_operations fops_reg_addr = {
968 .read = ath10k_reg_addr_read,
969 .write = ath10k_reg_addr_write,
970 .open = simple_open,
971 .owner = THIS_MODULE,
972 .llseek = default_llseek,
973};
974
975static ssize_t ath10k_reg_value_read(struct file *file,
976 char __user *user_buf,
977 size_t count, loff_t *ppos)
978{
979 struct ath10k *ar = file->private_data;
980 u8 buf[48];
981 unsigned int len;
982 u32 reg_addr, reg_val;
983 int ret;
984
985 mutex_lock(&ar->conf_mutex);
986
987 if (ar->state != ATH10K_STATE_ON &&
988 ar->state != ATH10K_STATE_UTF) {
989 ret = -ENETDOWN;
990 goto exit;
991 }
992
993 reg_addr = ar->debug.reg_addr;
994
995 reg_val = ath10k_hif_read32(ar, reg_addr);
996 len = scnprintf(buf, sizeof(buf), "0x%08x:0x%08x\n", reg_addr, reg_val);
997
998 ret = simple_read_from_buffer(user_buf, count, ppos, buf, len);
999
1000exit:
1001 mutex_unlock(&ar->conf_mutex);
1002
1003 return ret;
1004}
1005
1006static ssize_t ath10k_reg_value_write(struct file *file,
1007 const char __user *user_buf,
1008 size_t count, loff_t *ppos)
1009{
1010 struct ath10k *ar = file->private_data;
1011 u32 reg_addr, reg_val;
1012 int ret;
1013
1014 mutex_lock(&ar->conf_mutex);
1015
1016 if (ar->state != ATH10K_STATE_ON &&
1017 ar->state != ATH10K_STATE_UTF) {
1018 ret = -ENETDOWN;
1019 goto exit;
1020 }
1021
1022 reg_addr = ar->debug.reg_addr;
1023
1024 ret = kstrtou32_from_user(user_buf, count, 0, &reg_val);
1025 if (ret)
1026 goto exit;
1027
1028 ath10k_hif_write32(ar, reg_addr, reg_val);
1029
1030 ret = count;
1031
1032exit:
1033 mutex_unlock(&ar->conf_mutex);
1034
1035 return ret;
1036}
1037
1038static const struct file_operations fops_reg_value = {
1039 .read = ath10k_reg_value_read,
1040 .write = ath10k_reg_value_write,
1041 .open = simple_open,
1042 .owner = THIS_MODULE,
1043 .llseek = default_llseek,
1044};
1045
1046static ssize_t ath10k_mem_value_read(struct file *file,
1047 char __user *user_buf,
1048 size_t count, loff_t *ppos)
1049{
1050 struct ath10k *ar = file->private_data;
1051 u8 *buf;
1052 int ret;
1053
1054 if (*ppos < 0)
1055 return -EINVAL;
1056
1057 if (!count)
1058 return 0;
1059
1060 mutex_lock(&ar->conf_mutex);
1061
1062 buf = vmalloc(count);
1063 if (!buf) {
1064 ret = -ENOMEM;
1065 goto exit;
1066 }
1067
1068 if (ar->state != ATH10K_STATE_ON &&
1069 ar->state != ATH10K_STATE_UTF) {
1070 ret = -ENETDOWN;
1071 goto exit;
1072 }
1073
1074 ret = ath10k_hif_diag_read(ar, *ppos, buf, count);
1075 if (ret) {
1076 ath10k_warn(ar, "failed to read address 0x%08x via diagnose window fnrom debugfs: %d\n",
1077 (u32)(*ppos), ret);
1078 goto exit;
1079 }
1080
1081 ret = copy_to_user(user_buf, buf, count);
1082 if (ret) {
1083 ret = -EFAULT;
1084 goto exit;
1085 }
1086
1087 count -= ret;
1088 *ppos += count;
1089 ret = count;
1090
1091exit:
1092 vfree(buf);
1093 mutex_unlock(&ar->conf_mutex);
1094
1095 return ret;
1096}
1097
1098static ssize_t ath10k_mem_value_write(struct file *file,
1099 const char __user *user_buf,
1100 size_t count, loff_t *ppos)
1101{
1102 struct ath10k *ar = file->private_data;
1103 u8 *buf;
1104 int ret;
1105
1106 if (*ppos < 0)
1107 return -EINVAL;
1108
1109 if (!count)
1110 return 0;
1111
1112 mutex_lock(&ar->conf_mutex);
1113
1114 buf = vmalloc(count);
1115 if (!buf) {
1116 ret = -ENOMEM;
1117 goto exit;
1118 }
1119
1120 if (ar->state != ATH10K_STATE_ON &&
1121 ar->state != ATH10K_STATE_UTF) {
1122 ret = -ENETDOWN;
1123 goto exit;
1124 }
1125
1126 ret = copy_from_user(buf, user_buf, count);
1127 if (ret) {
1128 ret = -EFAULT;
1129 goto exit;
1130 }
1131
1132 ret = ath10k_hif_diag_write(ar, *ppos, buf, count);
1133 if (ret) {
1134 ath10k_warn(ar, "failed to write address 0x%08x via diagnose window from debugfs: %d\n",
1135 (u32)(*ppos), ret);
1136 goto exit;
1137 }
1138
1139 *ppos += count;
1140 ret = count;
1141
1142exit:
1143 vfree(buf);
1144 mutex_unlock(&ar->conf_mutex);
1145
1146 return ret;
1147}
1148
1149static const struct file_operations fops_mem_value = {
1150 .read = ath10k_mem_value_read,
1151 .write = ath10k_mem_value_write,
1152 .open = simple_open,
1153 .owner = THIS_MODULE,
1154 .llseek = default_llseek,
1155};
1156
932static int ath10k_debug_htt_stats_req(struct ath10k *ar) 1157static int ath10k_debug_htt_stats_req(struct ath10k *ar)
933{ 1158{
934 u64 cookie; 1159 u64 cookie;
@@ -1630,6 +1855,15 @@ int ath10k_debug_register(struct ath10k *ar)
1630 debugfs_create_file("fw_crash_dump", S_IRUSR, ar->debug.debugfs_phy, 1855 debugfs_create_file("fw_crash_dump", S_IRUSR, ar->debug.debugfs_phy,
1631 ar, &fops_fw_crash_dump); 1856 ar, &fops_fw_crash_dump);
1632 1857
1858 debugfs_create_file("reg_addr", S_IRUSR | S_IWUSR,
1859 ar->debug.debugfs_phy, ar, &fops_reg_addr);
1860
1861 debugfs_create_file("reg_value", S_IRUSR | S_IWUSR,
1862 ar->debug.debugfs_phy, ar, &fops_reg_value);
1863
1864 debugfs_create_file("mem_value", S_IRUSR | S_IWUSR,
1865 ar->debug.debugfs_phy, ar, &fops_mem_value);
1866
1633 debugfs_create_file("chip_id", S_IRUSR, ar->debug.debugfs_phy, 1867 debugfs_create_file("chip_id", S_IRUSR, ar->debug.debugfs_phy,
1634 ar, &fops_chip_id); 1868 ar, &fops_chip_id);
1635 1869
diff --git a/drivers/net/wireless/ath/ath10k/debug.h b/drivers/net/wireless/ath/ath10k/debug.h
index 0c934a8378db..1b87a5dbec53 100644
--- a/drivers/net/wireless/ath/ath10k/debug.h
+++ b/drivers/net/wireless/ath/ath10k/debug.h
@@ -35,6 +35,7 @@ enum ath10k_debug_mask {
35 ATH10K_DBG_BMI = 0x00000400, 35 ATH10K_DBG_BMI = 0x00000400,
36 ATH10K_DBG_REGULATORY = 0x00000800, 36 ATH10K_DBG_REGULATORY = 0x00000800,
37 ATH10K_DBG_TESTMODE = 0x00001000, 37 ATH10K_DBG_TESTMODE = 0x00001000,
38 ATH10K_DBG_WMI_PRINT = 0x00002000,
38 ATH10K_DBG_ANY = 0xffffffff, 39 ATH10K_DBG_ANY = 0xffffffff,
39}; 40};
40 41
@@ -61,9 +62,6 @@ int ath10k_debug_create(struct ath10k *ar);
61void ath10k_debug_destroy(struct ath10k *ar); 62void ath10k_debug_destroy(struct ath10k *ar);
62int ath10k_debug_register(struct ath10k *ar); 63int ath10k_debug_register(struct ath10k *ar);
63void ath10k_debug_unregister(struct ath10k *ar); 64void ath10k_debug_unregister(struct ath10k *ar);
64void ath10k_debug_read_service_map(struct ath10k *ar,
65 const void *service_map,
66 size_t map_size);
67void ath10k_debug_fw_stats_process(struct ath10k *ar, struct sk_buff *skb); 65void ath10k_debug_fw_stats_process(struct ath10k *ar, struct sk_buff *skb);
68struct ath10k_fw_crash_data * 66struct ath10k_fw_crash_data *
69ath10k_debug_get_new_fw_crash_data(struct ath10k *ar); 67ath10k_debug_get_new_fw_crash_data(struct ath10k *ar);
@@ -108,12 +106,6 @@ static inline void ath10k_debug_unregister(struct ath10k *ar)
108{ 106{
109} 107}
110 108
111static inline void ath10k_debug_read_service_map(struct ath10k *ar,
112 const void *service_map,
113 size_t map_size)
114{
115}
116
117static inline void ath10k_debug_fw_stats_process(struct ath10k *ar, 109static inline void ath10k_debug_fw_stats_process(struct ath10k *ar,
118 struct sk_buff *skb) 110 struct sk_buff *skb)
119{ 111{
diff --git a/drivers/net/wireless/ath/ath10k/hif.h b/drivers/net/wireless/ath/ath10k/hif.h
index 30301f5b6051..0c92e0251e84 100644
--- a/drivers/net/wireless/ath/ath10k/hif.h
+++ b/drivers/net/wireless/ath/ath10k/hif.h
@@ -20,6 +20,7 @@
20 20
21#include <linux/kernel.h> 21#include <linux/kernel.h>
22#include "core.h" 22#include "core.h"
23#include "debug.h"
23 24
24struct ath10k_hif_sg_item { 25struct ath10k_hif_sg_item {
25 u16 transfer_id; 26 u16 transfer_id;
@@ -31,11 +32,9 @@ struct ath10k_hif_sg_item {
31 32
32struct ath10k_hif_cb { 33struct ath10k_hif_cb {
33 int (*tx_completion)(struct ath10k *ar, 34 int (*tx_completion)(struct ath10k *ar,
34 struct sk_buff *wbuf, 35 struct sk_buff *wbuf);
35 unsigned transfer_id);
36 int (*rx_completion)(struct ath10k *ar, 36 int (*rx_completion)(struct ath10k *ar,
37 struct sk_buff *wbuf, 37 struct sk_buff *wbuf);
38 u8 pipe_id);
39}; 38};
40 39
41struct ath10k_hif_ops { 40struct ath10k_hif_ops {
@@ -47,6 +46,8 @@ struct ath10k_hif_ops {
47 int (*diag_read)(struct ath10k *ar, u32 address, void *buf, 46 int (*diag_read)(struct ath10k *ar, u32 address, void *buf,
48 size_t buf_len); 47 size_t buf_len);
49 48
49 int (*diag_write)(struct ath10k *ar, u32 address, const void *data,
50 int nbytes);
50 /* 51 /*
51 * API to handle HIF-specific BMI message exchanges, this API is 52 * API to handle HIF-specific BMI message exchanges, this API is
52 * synchronous and only allowed to be called from a context that 53 * synchronous and only allowed to be called from a context that
@@ -84,6 +85,10 @@ struct ath10k_hif_ops {
84 85
85 u16 (*get_free_queue_number)(struct ath10k *ar, u8 pipe_id); 86 u16 (*get_free_queue_number)(struct ath10k *ar, u8 pipe_id);
86 87
88 u32 (*read32)(struct ath10k *ar, u32 address);
89
90 void (*write32)(struct ath10k *ar, u32 address, u32 value);
91
87 /* Power up the device and enter BMI transfer mode for FW download */ 92 /* Power up the device and enter BMI transfer mode for FW download */
88 int (*power_up)(struct ath10k *ar); 93 int (*power_up)(struct ath10k *ar);
89 94
@@ -108,6 +113,15 @@ static inline int ath10k_hif_diag_read(struct ath10k *ar, u32 address, void *buf
108 return ar->hif.ops->diag_read(ar, address, buf, buf_len); 113 return ar->hif.ops->diag_read(ar, address, buf, buf_len);
109} 114}
110 115
116static inline int ath10k_hif_diag_write(struct ath10k *ar, u32 address,
117 const void *data, int nbytes)
118{
119 if (!ar->hif.ops->diag_write)
120 return -EOPNOTSUPP;
121
122 return ar->hif.ops->diag_write(ar, address, data, nbytes);
123}
124
111static inline int ath10k_hif_exchange_bmi_msg(struct ath10k *ar, 125static inline int ath10k_hif_exchange_bmi_msg(struct ath10k *ar,
112 void *request, u32 request_len, 126 void *request, u32 request_len,
113 void *response, u32 *response_len) 127 void *response, u32 *response_len)
@@ -187,4 +201,25 @@ static inline int ath10k_hif_resume(struct ath10k *ar)
187 return ar->hif.ops->resume(ar); 201 return ar->hif.ops->resume(ar);
188} 202}
189 203
204static inline u32 ath10k_hif_read32(struct ath10k *ar, u32 address)
205{
206 if (!ar->hif.ops->read32) {
207 ath10k_warn(ar, "hif read32 not supported\n");
208 return 0xdeaddead;
209 }
210
211 return ar->hif.ops->read32(ar, address);
212}
213
214static inline void ath10k_hif_write32(struct ath10k *ar,
215 u32 address, u32 data)
216{
217 if (!ar->hif.ops->write32) {
218 ath10k_warn(ar, "hif write32 not supported\n");
219 return;
220 }
221
222 ar->hif.ops->write32(ar, address, data);
223}
224
190#endif /* _HIF_H_ */ 225#endif /* _HIF_H_ */
diff --git a/drivers/net/wireless/ath/ath10k/htc.c b/drivers/net/wireless/ath/ath10k/htc.c
index 676bd4ed969b..f1946a6be442 100644
--- a/drivers/net/wireless/ath/ath10k/htc.c
+++ b/drivers/net/wireless/ath/ath10k/htc.c
@@ -160,6 +160,7 @@ int ath10k_htc_send(struct ath10k_htc *htc,
160 160
161 ath10k_htc_prepare_tx_skb(ep, skb); 161 ath10k_htc_prepare_tx_skb(ep, skb);
162 162
163 skb_cb->eid = eid;
163 skb_cb->paddr = dma_map_single(dev, skb->data, skb->len, DMA_TO_DEVICE); 164 skb_cb->paddr = dma_map_single(dev, skb->data, skb->len, DMA_TO_DEVICE);
164 ret = dma_mapping_error(dev, skb_cb->paddr); 165 ret = dma_mapping_error(dev, skb_cb->paddr);
165 if (ret) 166 if (ret)
@@ -197,15 +198,18 @@ err_pull:
197} 198}
198 199
199static int ath10k_htc_tx_completion_handler(struct ath10k *ar, 200static int ath10k_htc_tx_completion_handler(struct ath10k *ar,
200 struct sk_buff *skb, 201 struct sk_buff *skb)
201 unsigned int eid)
202{ 202{
203 struct ath10k_htc *htc = &ar->htc; 203 struct ath10k_htc *htc = &ar->htc;
204 struct ath10k_htc_ep *ep = &htc->endpoint[eid]; 204 struct ath10k_skb_cb *skb_cb;
205 struct ath10k_htc_ep *ep;
205 206
206 if (WARN_ON_ONCE(!skb)) 207 if (WARN_ON_ONCE(!skb))
207 return 0; 208 return 0;
208 209
210 skb_cb = ATH10K_SKB_CB(skb);
211 ep = &htc->endpoint[skb_cb->eid];
212
209 ath10k_htc_notify_tx_completion(ep, skb); 213 ath10k_htc_notify_tx_completion(ep, skb);
210 /* the skb now belongs to the completion handler */ 214 /* the skb now belongs to the completion handler */
211 215
@@ -317,8 +321,7 @@ static int ath10k_htc_process_trailer(struct ath10k_htc *htc,
317} 321}
318 322
319static int ath10k_htc_rx_completion_handler(struct ath10k *ar, 323static int ath10k_htc_rx_completion_handler(struct ath10k *ar,
320 struct sk_buff *skb, 324 struct sk_buff *skb)
321 u8 pipe_id)
322{ 325{
323 int status = 0; 326 int status = 0;
324 struct ath10k_htc *htc = &ar->htc; 327 struct ath10k_htc *htc = &ar->htc;
diff --git a/drivers/net/wireless/ath/ath10k/htt.h b/drivers/net/wireless/ath/ath10k/htt.h
index 15c58e884b6a..1bd5545af903 100644
--- a/drivers/net/wireless/ath/ath10k/htt.h
+++ b/drivers/net/wireless/ath/ath10k/htt.h
@@ -126,6 +126,7 @@ enum htt_data_tx_ext_tid {
126 * (HL hosts manage queues on the host ) 126 * (HL hosts manage queues on the host )
127 * more_in_batch: only for HL hosts. indicates if more packets are 127 * more_in_batch: only for HL hosts. indicates if more packets are
128 * pending. this allows target to wait and aggregate 128 * pending. this allows target to wait and aggregate
129 * freq: 0 means home channel of given vdev. intended for offchannel
129 */ 130 */
130struct htt_data_tx_desc { 131struct htt_data_tx_desc {
131 u8 flags0; /* %HTT_DATA_TX_DESC_FLAGS0_ */ 132 u8 flags0; /* %HTT_DATA_TX_DESC_FLAGS0_ */
@@ -133,7 +134,8 @@ struct htt_data_tx_desc {
133 __le16 len; 134 __le16 len;
134 __le16 id; 135 __le16 id;
135 __le32 frags_paddr; 136 __le32 frags_paddr;
136 __le32 peerid; 137 __le16 peerid;
138 __le16 freq;
137 u8 prefetch[0]; /* start of frame, for FW classification engine */ 139 u8 prefetch[0]; /* start of frame, for FW classification engine */
138} __packed; 140} __packed;
139 141
@@ -156,6 +158,9 @@ enum htt_rx_ring_flags {
156 HTT_RX_RING_FLAGS_PHY_DATA_RX = 1 << 15 158 HTT_RX_RING_FLAGS_PHY_DATA_RX = 1 << 15
157}; 159};
158 160
161#define HTT_RX_RING_SIZE_MIN 128
162#define HTT_RX_RING_SIZE_MAX 2048
163
159struct htt_rx_ring_setup_ring { 164struct htt_rx_ring_setup_ring {
160 __le32 fw_idx_shadow_reg_paddr; 165 __le32 fw_idx_shadow_reg_paddr;
161 __le32 rx_ring_base_paddr; 166 __le32 rx_ring_base_paddr;
diff --git a/drivers/net/wireless/ath/ath10k/htt_rx.c b/drivers/net/wireless/ath/ath10k/htt_rx.c
index 52c630672718..9c782a42665e 100644
--- a/drivers/net/wireless/ath/ath10k/htt_rx.c
+++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
@@ -25,19 +25,8 @@
25 25
26#include <linux/log2.h> 26#include <linux/log2.h>
27 27
28/* slightly larger than one large A-MPDU */ 28#define HTT_RX_RING_SIZE 1024
29#define HTT_RX_RING_SIZE_MIN 128 29#define HTT_RX_RING_FILL_LEVEL 1000
30
31/* roughly 20 ms @ 1 Gbps of 1500B MSDUs */
32#define HTT_RX_RING_SIZE_MAX 2048
33
34#define HTT_RX_AVG_FRM_BYTES 1000
35
36/* ms, very conservative */
37#define HTT_RX_HOST_LATENCY_MAX_MS 20
38
39/* ms, conservative */
40#define HTT_RX_HOST_LATENCY_WORST_LIKELY_MS 10
41 30
42/* when under memory pressure rx ring refill may fail and needs a retry */ 31/* when under memory pressure rx ring refill may fail and needs a retry */
43#define HTT_RX_RING_REFILL_RETRY_MS 50 32#define HTT_RX_RING_REFILL_RETRY_MS 50
@@ -45,68 +34,6 @@
45static int ath10k_htt_rx_get_csum_state(struct sk_buff *skb); 34static int ath10k_htt_rx_get_csum_state(struct sk_buff *skb);
46static void ath10k_htt_txrx_compl_task(unsigned long ptr); 35static void ath10k_htt_txrx_compl_task(unsigned long ptr);
47 36
48static int ath10k_htt_rx_ring_size(struct ath10k_htt *htt)
49{
50 int size;
51
52 /*
53 * It is expected that the host CPU will typically be able to
54 * service the rx indication from one A-MPDU before the rx
55 * indication from the subsequent A-MPDU happens, roughly 1-2 ms
56 * later. However, the rx ring should be sized very conservatively,
57 * to accomodate the worst reasonable delay before the host CPU
58 * services a rx indication interrupt.
59 *
60 * The rx ring need not be kept full of empty buffers. In theory,
61 * the htt host SW can dynamically track the low-water mark in the
62 * rx ring, and dynamically adjust the level to which the rx ring
63 * is filled with empty buffers, to dynamically meet the desired
64 * low-water mark.
65 *
66 * In contrast, it's difficult to resize the rx ring itself, once
67 * it's in use. Thus, the ring itself should be sized very
68 * conservatively, while the degree to which the ring is filled
69 * with empty buffers should be sized moderately conservatively.
70 */
71
72 /* 1e6 bps/mbps / 1e3 ms per sec = 1000 */
73 size =
74 htt->max_throughput_mbps +
75 1000 /
76 (8 * HTT_RX_AVG_FRM_BYTES) * HTT_RX_HOST_LATENCY_MAX_MS;
77
78 if (size < HTT_RX_RING_SIZE_MIN)
79 size = HTT_RX_RING_SIZE_MIN;
80
81 if (size > HTT_RX_RING_SIZE_MAX)
82 size = HTT_RX_RING_SIZE_MAX;
83
84 size = roundup_pow_of_two(size);
85
86 return size;
87}
88
89static int ath10k_htt_rx_ring_fill_level(struct ath10k_htt *htt)
90{
91 int size;
92
93 /* 1e6 bps/mbps / 1e3 ms per sec = 1000 */
94 size =
95 htt->max_throughput_mbps *
96 1000 /
97 (8 * HTT_RX_AVG_FRM_BYTES) * HTT_RX_HOST_LATENCY_WORST_LIKELY_MS;
98
99 /*
100 * Make sure the fill level is at least 1 less than the ring size.
101 * Leaving 1 element empty allows the SW to easily distinguish
102 * between a full ring vs. an empty ring.
103 */
104 if (size >= htt->rx_ring.size)
105 size = htt->rx_ring.size - 1;
106
107 return size;
108}
109
110static void ath10k_htt_rx_ring_free(struct ath10k_htt *htt) 37static void ath10k_htt_rx_ring_free(struct ath10k_htt *htt)
111{ 38{
112 struct sk_buff *skb; 39 struct sk_buff *skb;
@@ -301,40 +228,29 @@ static inline struct sk_buff *ath10k_htt_rx_netbuf_pop(struct ath10k_htt *htt)
301 return msdu; 228 return msdu;
302} 229}
303 230
304static void ath10k_htt_rx_free_msdu_chain(struct sk_buff *skb)
305{
306 struct sk_buff *next;
307
308 while (skb) {
309 next = skb->next;
310 dev_kfree_skb_any(skb);
311 skb = next;
312 }
313}
314
315/* return: < 0 fatal error, 0 - non chained msdu, 1 chained msdu */ 231/* return: < 0 fatal error, 0 - non chained msdu, 1 chained msdu */
316static int ath10k_htt_rx_amsdu_pop(struct ath10k_htt *htt, 232static int ath10k_htt_rx_amsdu_pop(struct ath10k_htt *htt,
317 u8 **fw_desc, int *fw_desc_len, 233 u8 **fw_desc, int *fw_desc_len,
318 struct sk_buff **head_msdu, 234 struct sk_buff_head *amsdu)
319 struct sk_buff **tail_msdu,
320 u32 *attention)
321{ 235{
322 struct ath10k *ar = htt->ar; 236 struct ath10k *ar = htt->ar;
323 int msdu_len, msdu_chaining = 0; 237 int msdu_len, msdu_chaining = 0;
324 struct sk_buff *msdu, *next; 238 struct sk_buff *msdu;
325 struct htt_rx_desc *rx_desc; 239 struct htt_rx_desc *rx_desc;
326 240
327 lockdep_assert_held(&htt->rx_ring.lock); 241 lockdep_assert_held(&htt->rx_ring.lock);
328 242
329 if (htt->rx_confused) { 243 for (;;) {
330 ath10k_warn(ar, "htt is confused. refusing rx\n");
331 return -1;
332 }
333
334 msdu = *head_msdu = ath10k_htt_rx_netbuf_pop(htt);
335 while (msdu) {
336 int last_msdu, msdu_len_invalid, msdu_chained; 244 int last_msdu, msdu_len_invalid, msdu_chained;
337 245
246 msdu = ath10k_htt_rx_netbuf_pop(htt);
247 if (!msdu) {
248 __skb_queue_purge(amsdu);
249 return -ENOENT;
250 }
251
252 __skb_queue_tail(amsdu, msdu);
253
338 rx_desc = (struct htt_rx_desc *)msdu->data; 254 rx_desc = (struct htt_rx_desc *)msdu->data;
339 255
340 /* FIXME: we must report msdu payload since this is what caller 256 /* FIXME: we must report msdu payload since this is what caller
@@ -352,19 +268,10 @@ static int ath10k_htt_rx_amsdu_pop(struct ath10k_htt *htt,
352 */ 268 */
353 if (!(__le32_to_cpu(rx_desc->attention.flags) 269 if (!(__le32_to_cpu(rx_desc->attention.flags)
354 & RX_ATTENTION_FLAGS_MSDU_DONE)) { 270 & RX_ATTENTION_FLAGS_MSDU_DONE)) {
355 ath10k_htt_rx_free_msdu_chain(*head_msdu); 271 __skb_queue_purge(amsdu);
356 *head_msdu = NULL; 272 return -EIO;
357 msdu = NULL;
358 ath10k_err(ar, "htt rx stopped. cannot recover\n");
359 htt->rx_confused = true;
360 break;
361 } 273 }
362 274
363 *attention |= __le32_to_cpu(rx_desc->attention.flags) &
364 (RX_ATTENTION_FLAGS_TKIP_MIC_ERR |
365 RX_ATTENTION_FLAGS_DECRYPT_ERR |
366 RX_ATTENTION_FLAGS_FCS_ERR |
367 RX_ATTENTION_FLAGS_MGMT_TYPE);
368 /* 275 /*
369 * Copy the FW rx descriptor for this MSDU from the rx 276 * Copy the FW rx descriptor for this MSDU from the rx
370 * indication message into the MSDU's netbuf. HL uses the 277 * indication message into the MSDU's netbuf. HL uses the
@@ -421,25 +328,18 @@ static int ath10k_htt_rx_amsdu_pop(struct ath10k_htt *htt,
421 skb_put(msdu, min(msdu_len, HTT_RX_MSDU_SIZE)); 328 skb_put(msdu, min(msdu_len, HTT_RX_MSDU_SIZE));
422 msdu_len -= msdu->len; 329 msdu_len -= msdu->len;
423 330
424 /* FIXME: Do chained buffers include htt_rx_desc or not? */ 331 /* Note: Chained buffers do not contain rx descriptor */
425 while (msdu_chained--) { 332 while (msdu_chained--) {
426 struct sk_buff *next = ath10k_htt_rx_netbuf_pop(htt); 333 msdu = ath10k_htt_rx_netbuf_pop(htt);
427 334 if (!msdu) {
428 if (!next) { 335 __skb_queue_purge(amsdu);
429 ath10k_warn(ar, "failed to pop chained msdu\n"); 336 return -ENOENT;
430 ath10k_htt_rx_free_msdu_chain(*head_msdu);
431 *head_msdu = NULL;
432 msdu = NULL;
433 htt->rx_confused = true;
434 break;
435 } 337 }
436 338
437 skb_trim(next, 0); 339 __skb_queue_tail(amsdu, msdu);
438 skb_put(next, min(msdu_len, HTT_RX_BUF_SIZE)); 340 skb_trim(msdu, 0);
439 msdu_len -= next->len; 341 skb_put(msdu, min(msdu_len, HTT_RX_BUF_SIZE));
440 342 msdu_len -= msdu->len;
441 msdu->next = next;
442 msdu = next;
443 msdu_chaining = 1; 343 msdu_chaining = 1;
444 } 344 }
445 345
@@ -448,18 +348,12 @@ static int ath10k_htt_rx_amsdu_pop(struct ath10k_htt *htt,
448 348
449 trace_ath10k_htt_rx_desc(ar, &rx_desc->attention, 349 trace_ath10k_htt_rx_desc(ar, &rx_desc->attention,
450 sizeof(*rx_desc) - sizeof(u32)); 350 sizeof(*rx_desc) - sizeof(u32));
451 if (last_msdu) {
452 msdu->next = NULL;
453 break;
454 }
455 351
456 next = ath10k_htt_rx_netbuf_pop(htt); 352 if (last_msdu)
457 msdu->next = next; 353 break;
458 msdu = next;
459 } 354 }
460 *tail_msdu = msdu;
461 355
462 if (*head_msdu == NULL) 356 if (skb_queue_empty(amsdu))
463 msdu_chaining = -1; 357 msdu_chaining = -1;
464 358
465 /* 359 /*
@@ -495,25 +389,18 @@ int ath10k_htt_rx_alloc(struct ath10k_htt *htt)
495 389
496 htt->rx_confused = false; 390 htt->rx_confused = false;
497 391
498 htt->rx_ring.size = ath10k_htt_rx_ring_size(htt); 392 /* XXX: The fill level could be changed during runtime in response to
393 * the host processing latency. Is this really worth it?
394 */
395 htt->rx_ring.size = HTT_RX_RING_SIZE;
396 htt->rx_ring.size_mask = htt->rx_ring.size - 1;
397 htt->rx_ring.fill_level = HTT_RX_RING_FILL_LEVEL;
398
499 if (!is_power_of_2(htt->rx_ring.size)) { 399 if (!is_power_of_2(htt->rx_ring.size)) {
500 ath10k_warn(ar, "htt rx ring size is not power of 2\n"); 400 ath10k_warn(ar, "htt rx ring size is not power of 2\n");
501 return -EINVAL; 401 return -EINVAL;
502 } 402 }
503 403
504 htt->rx_ring.size_mask = htt->rx_ring.size - 1;
505
506 /*
507 * Set the initial value for the level to which the rx ring
508 * should be filled, based on the max throughput and the
509 * worst likely latency for the host to fill the rx ring
510 * with new buffers. In theory, this fill level can be
511 * dynamically adjusted from the initial value set here, to
512 * reflect the actual host latency rather than a
513 * conservative assumption about the host latency.
514 */
515 htt->rx_ring.fill_level = ath10k_htt_rx_ring_fill_level(htt);
516
517 htt->rx_ring.netbufs_ring = 404 htt->rx_ring.netbufs_ring =
518 kzalloc(htt->rx_ring.size * sizeof(struct sk_buff *), 405 kzalloc(htt->rx_ring.size * sizeof(struct sk_buff *),
519 GFP_KERNEL); 406 GFP_KERNEL);
@@ -628,35 +515,6 @@ static int ath10k_htt_rx_crypto_tail_len(struct ath10k *ar,
628 return 0; 515 return 0;
629} 516}
630 517
631/* Applies for first msdu in chain, before altering it. */
632static struct ieee80211_hdr *ath10k_htt_rx_skb_get_hdr(struct sk_buff *skb)
633{
634 struct htt_rx_desc *rxd;
635 enum rx_msdu_decap_format fmt;
636
637 rxd = (void *)skb->data - sizeof(*rxd);
638 fmt = MS(__le32_to_cpu(rxd->msdu_start.info1),
639 RX_MSDU_START_INFO1_DECAP_FORMAT);
640
641 if (fmt == RX_MSDU_DECAP_RAW)
642 return (void *)skb->data;
643
644 return (void *)skb->data - RX_HTT_HDR_STATUS_LEN;
645}
646
647/* This function only applies for first msdu in an msdu chain */
648static bool ath10k_htt_rx_hdr_is_amsdu(struct ieee80211_hdr *hdr)
649{
650 u8 *qc;
651
652 if (ieee80211_is_data_qos(hdr->frame_control)) {
653 qc = ieee80211_get_qos_ctl(hdr);
654 if (qc[0] & 0x80)
655 return true;
656 }
657 return false;
658}
659
660struct rfc1042_hdr { 518struct rfc1042_hdr {
661 u8 llc_dsap; 519 u8 llc_dsap;
662 u8 llc_ssap; 520 u8 llc_ssap;
@@ -691,23 +549,34 @@ static const u8 rx_legacy_rate_idx[] = {
691}; 549};
692 550
693static void ath10k_htt_rx_h_rates(struct ath10k *ar, 551static void ath10k_htt_rx_h_rates(struct ath10k *ar,
694 enum ieee80211_band band, 552 struct ieee80211_rx_status *status,
695 u8 info0, u32 info1, u32 info2, 553 struct htt_rx_desc *rxd)
696 struct ieee80211_rx_status *status)
697{ 554{
555 enum ieee80211_band band;
698 u8 cck, rate, rate_idx, bw, sgi, mcs, nss; 556 u8 cck, rate, rate_idx, bw, sgi, mcs, nss;
699 u8 preamble = 0; 557 u8 preamble = 0;
558 u32 info1, info2, info3;
700 559
701 /* Check if valid fields */ 560 /* Band value can't be set as undefined but freq can be 0 - use that to
702 if (!(info0 & HTT_RX_INDICATION_INFO0_START_VALID)) 561 * determine whether band is provided.
562 *
563 * FIXME: Perhaps this can go away if CCK rate reporting is a little
564 * reworked?
565 */
566 if (!status->freq)
703 return; 567 return;
704 568
705 preamble = MS(info1, HTT_RX_INDICATION_INFO1_PREAMBLE_TYPE); 569 band = status->band;
570 info1 = __le32_to_cpu(rxd->ppdu_start.info1);
571 info2 = __le32_to_cpu(rxd->ppdu_start.info2);
572 info3 = __le32_to_cpu(rxd->ppdu_start.info3);
573
574 preamble = MS(info1, RX_PPDU_START_INFO1_PREAMBLE_TYPE);
706 575
707 switch (preamble) { 576 switch (preamble) {
708 case HTT_RX_LEGACY: 577 case HTT_RX_LEGACY:
709 cck = info0 & HTT_RX_INDICATION_INFO0_LEGACY_RATE_CCK; 578 cck = info1 & RX_PPDU_START_INFO1_L_SIG_RATE_SELECT;
710 rate = MS(info0, HTT_RX_INDICATION_INFO0_LEGACY_RATE); 579 rate = MS(info1, RX_PPDU_START_INFO1_L_SIG_RATE);
711 rate_idx = 0; 580 rate_idx = 0;
712 581
713 if (rate < 0x08 || rate > 0x0F) 582 if (rate < 0x08 || rate > 0x0F)
@@ -734,11 +603,11 @@ static void ath10k_htt_rx_h_rates(struct ath10k *ar,
734 break; 603 break;
735 case HTT_RX_HT: 604 case HTT_RX_HT:
736 case HTT_RX_HT_WITH_TXBF: 605 case HTT_RX_HT_WITH_TXBF:
737 /* HT-SIG - Table 20-11 in info1 and info2 */ 606 /* HT-SIG - Table 20-11 in info2 and info3 */
738 mcs = info1 & 0x1F; 607 mcs = info2 & 0x1F;
739 nss = mcs >> 3; 608 nss = mcs >> 3;
740 bw = (info1 >> 7) & 1; 609 bw = (info2 >> 7) & 1;
741 sgi = (info2 >> 7) & 1; 610 sgi = (info3 >> 7) & 1;
742 611
743 status->rate_idx = mcs; 612 status->rate_idx = mcs;
744 status->flag |= RX_FLAG_HT; 613 status->flag |= RX_FLAG_HT;
@@ -749,12 +618,12 @@ static void ath10k_htt_rx_h_rates(struct ath10k *ar,
749 break; 618 break;
750 case HTT_RX_VHT: 619 case HTT_RX_VHT:
751 case HTT_RX_VHT_WITH_TXBF: 620 case HTT_RX_VHT_WITH_TXBF:
752 /* VHT-SIG-A1 in info 1, VHT-SIG-A2 in info2 621 /* VHT-SIG-A1 in info2, VHT-SIG-A2 in info3
753 TODO check this */ 622 TODO check this */
754 mcs = (info2 >> 4) & 0x0F; 623 mcs = (info3 >> 4) & 0x0F;
755 nss = ((info1 >> 10) & 0x07) + 1; 624 nss = ((info2 >> 10) & 0x07) + 1;
756 bw = info1 & 3; 625 bw = info2 & 3;
757 sgi = info2 & 1; 626 sgi = info3 & 1;
758 627
759 status->rate_idx = mcs; 628 status->rate_idx = mcs;
760 status->vht_nss = nss; 629 status->vht_nss = nss;
@@ -782,41 +651,6 @@ static void ath10k_htt_rx_h_rates(struct ath10k *ar,
782 } 651 }
783} 652}
784 653
785static void ath10k_htt_rx_h_protected(struct ath10k_htt *htt,
786 struct ieee80211_rx_status *rx_status,
787 struct sk_buff *skb,
788 enum htt_rx_mpdu_encrypt_type enctype,
789 enum rx_msdu_decap_format fmt,
790 bool dot11frag)
791{
792 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
793
794 rx_status->flag &= ~(RX_FLAG_DECRYPTED |
795 RX_FLAG_IV_STRIPPED |
796 RX_FLAG_MMIC_STRIPPED);
797
798 if (enctype == HTT_RX_MPDU_ENCRYPT_NONE)
799 return;
800
801 /*
802 * There's no explicit rx descriptor flag to indicate whether a given
803 * frame has been decrypted or not. We're forced to use the decap
804 * format as an implicit indication. However fragmentation rx is always
805 * raw and it probably never reports undecrypted raws.
806 *
807 * This makes sure sniffed frames are reported as-is without stripping
808 * the protected flag.
809 */
810 if (fmt == RX_MSDU_DECAP_RAW && !dot11frag)
811 return;
812
813 rx_status->flag |= RX_FLAG_DECRYPTED |
814 RX_FLAG_IV_STRIPPED |
815 RX_FLAG_MMIC_STRIPPED;
816 hdr->frame_control = __cpu_to_le16(__le16_to_cpu(hdr->frame_control) &
817 ~IEEE80211_FCTL_PROTECTED);
818}
819
820static bool ath10k_htt_rx_h_channel(struct ath10k *ar, 654static bool ath10k_htt_rx_h_channel(struct ath10k *ar,
821 struct ieee80211_rx_status *status) 655 struct ieee80211_rx_status *status)
822{ 656{
@@ -837,6 +671,72 @@ static bool ath10k_htt_rx_h_channel(struct ath10k *ar,
837 return true; 671 return true;
838} 672}
839 673
674static void ath10k_htt_rx_h_signal(struct ath10k *ar,
675 struct ieee80211_rx_status *status,
676 struct htt_rx_desc *rxd)
677{
678 /* FIXME: Get real NF */
679 status->signal = ATH10K_DEFAULT_NOISE_FLOOR +
680 rxd->ppdu_start.rssi_comb;
681 status->flag &= ~RX_FLAG_NO_SIGNAL_VAL;
682}
683
684static void ath10k_htt_rx_h_mactime(struct ath10k *ar,
685 struct ieee80211_rx_status *status,
686 struct htt_rx_desc *rxd)
687{
688 /* FIXME: TSF is known only at the end of PPDU, in the last MPDU. This
689 * means all prior MSDUs in a PPDU are reported to mac80211 without the
690 * TSF. Is it worth holding frames until end of PPDU is known?
691 *
692 * FIXME: Can we get/compute 64bit TSF?
693 */
694 status->mactime = __le32_to_cpu(rxd->ppdu_end.tsf_timestamp);
695 status->flag |= RX_FLAG_MACTIME_END;
696}
697
698static void ath10k_htt_rx_h_ppdu(struct ath10k *ar,
699 struct sk_buff_head *amsdu,
700 struct ieee80211_rx_status *status)
701{
702 struct sk_buff *first;
703 struct htt_rx_desc *rxd;
704 bool is_first_ppdu;
705 bool is_last_ppdu;
706
707 if (skb_queue_empty(amsdu))
708 return;
709
710 first = skb_peek(amsdu);
711 rxd = (void *)first->data - sizeof(*rxd);
712
713 is_first_ppdu = !!(rxd->attention.flags &
714 __cpu_to_le32(RX_ATTENTION_FLAGS_FIRST_MPDU));
715 is_last_ppdu = !!(rxd->attention.flags &
716 __cpu_to_le32(RX_ATTENTION_FLAGS_LAST_MPDU));
717
718 if (is_first_ppdu) {
719 /* New PPDU starts so clear out the old per-PPDU status. */
720 status->freq = 0;
721 status->rate_idx = 0;
722 status->vht_nss = 0;
723 status->vht_flag &= ~RX_VHT_FLAG_80MHZ;
724 status->flag &= ~(RX_FLAG_HT |
725 RX_FLAG_VHT |
726 RX_FLAG_SHORT_GI |
727 RX_FLAG_40MHZ |
728 RX_FLAG_MACTIME_END);
729 status->flag |= RX_FLAG_NO_SIGNAL_VAL;
730
731 ath10k_htt_rx_h_signal(ar, status, rxd);
732 ath10k_htt_rx_h_channel(ar, status);
733 ath10k_htt_rx_h_rates(ar, status, rxd);
734 }
735
736 if (is_last_ppdu)
737 ath10k_htt_rx_h_mactime(ar, status, rxd);
738}
739
840static const char * const tid_to_ac[] = { 740static const char * const tid_to_ac[] = {
841 "BE", 741 "BE",
842 "BK", 742 "BK",
@@ -913,187 +813,263 @@ static int ath10k_htt_rx_nwifi_hdrlen(struct ieee80211_hdr *hdr)
913 return round_up(ieee80211_hdrlen(hdr->frame_control), 4); 813 return round_up(ieee80211_hdrlen(hdr->frame_control), 4);
914} 814}
915 815
916static void ath10k_htt_rx_amsdu(struct ath10k_htt *htt, 816static void ath10k_htt_rx_h_undecap_raw(struct ath10k *ar,
917 struct ieee80211_rx_status *rx_status, 817 struct sk_buff *msdu,
918 struct sk_buff *skb_in) 818 struct ieee80211_rx_status *status,
819 enum htt_rx_mpdu_encrypt_type enctype,
820 bool is_decrypted)
919{ 821{
920 struct ath10k *ar = htt->ar; 822 struct ieee80211_hdr *hdr;
921 struct htt_rx_desc *rxd; 823 struct htt_rx_desc *rxd;
922 struct sk_buff *skb = skb_in; 824 size_t hdr_len;
923 struct sk_buff *first; 825 size_t crypto_len;
924 enum rx_msdu_decap_format fmt; 826 bool is_first;
925 enum htt_rx_mpdu_encrypt_type enctype; 827 bool is_last;
828
829 rxd = (void *)msdu->data - sizeof(*rxd);
830 is_first = !!(rxd->msdu_end.info0 &
831 __cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU));
832 is_last = !!(rxd->msdu_end.info0 &
833 __cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU));
834
835 /* Delivered decapped frame:
836 * [802.11 header]
837 * [crypto param] <-- can be trimmed if !fcs_err &&
838 * !decrypt_err && !peer_idx_invalid
839 * [amsdu header] <-- only if A-MSDU
840 * [rfc1042/llc]
841 * [payload]
842 * [FCS] <-- at end, needs to be trimmed
843 */
844
845 /* This probably shouldn't happen but warn just in case */
846 if (unlikely(WARN_ON_ONCE(!is_first)))
847 return;
848
849 /* This probably shouldn't happen but warn just in case */
850 if (unlikely(WARN_ON_ONCE(!(is_first && is_last))))
851 return;
852
853 skb_trim(msdu, msdu->len - FCS_LEN);
854
855 /* In most cases this will be true for sniffed frames. It makes sense
856 * to deliver them as-is without stripping the crypto param. This would
857 * also make sense for software based decryption (which is not
858 * implemented in ath10k).
859 *
860 * If there's no error then the frame is decrypted. At least that is
861 * the case for frames that come in via fragmented rx indication.
862 */
863 if (!is_decrypted)
864 return;
865
866 /* The payload is decrypted so strip crypto params. Start from tail
867 * since hdr is used to compute some stuff.
868 */
869
870 hdr = (void *)msdu->data;
871
872 /* Tail */
873 skb_trim(msdu, msdu->len - ath10k_htt_rx_crypto_tail_len(ar, enctype));
874
875 /* MMIC */
876 if (!ieee80211_has_morefrags(hdr->frame_control) &&
877 enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA)
878 skb_trim(msdu, msdu->len - 8);
879
880 /* Head */
881 hdr_len = ieee80211_hdrlen(hdr->frame_control);
882 crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype);
883
884 memmove((void *)msdu->data + crypto_len,
885 (void *)msdu->data, hdr_len);
886 skb_pull(msdu, crypto_len);
887}
888
889static void ath10k_htt_rx_h_undecap_nwifi(struct ath10k *ar,
890 struct sk_buff *msdu,
891 struct ieee80211_rx_status *status,
892 const u8 first_hdr[64])
893{
926 struct ieee80211_hdr *hdr; 894 struct ieee80211_hdr *hdr;
927 u8 hdr_buf[64], da[ETH_ALEN], sa[ETH_ALEN], *qos; 895 size_t hdr_len;
928 unsigned int hdr_len; 896 u8 da[ETH_ALEN];
897 u8 sa[ETH_ALEN];
929 898
930 rxd = (void *)skb->data - sizeof(*rxd); 899 /* Delivered decapped frame:
931 enctype = MS(__le32_to_cpu(rxd->mpdu_start.info0), 900 * [nwifi 802.11 header] <-- replaced with 802.11 hdr
932 RX_MPDU_START_INFO0_ENCRYPT_TYPE); 901 * [rfc1042/llc]
902 *
903 * Note: The nwifi header doesn't have QoS Control and is
904 * (always?) a 3addr frame.
905 *
906 * Note2: There's no A-MSDU subframe header. Even if it's part
907 * of an A-MSDU.
908 */
933 909
934 hdr = (struct ieee80211_hdr *)rxd->rx_hdr_status; 910 /* pull decapped header and copy SA & DA */
911 hdr = (struct ieee80211_hdr *)msdu->data;
912 hdr_len = ath10k_htt_rx_nwifi_hdrlen(hdr);
913 ether_addr_copy(da, ieee80211_get_DA(hdr));
914 ether_addr_copy(sa, ieee80211_get_SA(hdr));
915 skb_pull(msdu, hdr_len);
916
917 /* push original 802.11 header */
918 hdr = (struct ieee80211_hdr *)first_hdr;
935 hdr_len = ieee80211_hdrlen(hdr->frame_control); 919 hdr_len = ieee80211_hdrlen(hdr->frame_control);
936 memcpy(hdr_buf, hdr, hdr_len); 920 memcpy(skb_push(msdu, hdr_len), hdr, hdr_len);
937 hdr = (struct ieee80211_hdr *)hdr_buf;
938
939 first = skb;
940 while (skb) {
941 void *decap_hdr;
942 int len;
943
944 rxd = (void *)skb->data - sizeof(*rxd);
945 fmt = MS(__le32_to_cpu(rxd->msdu_start.info1),
946 RX_MSDU_START_INFO1_DECAP_FORMAT);
947 decap_hdr = (void *)rxd->rx_hdr_status;
948
949 skb->ip_summed = ath10k_htt_rx_get_csum_state(skb);
950
951 /* First frame in an A-MSDU chain has more decapped data. */
952 if (skb == first) {
953 len = round_up(ieee80211_hdrlen(hdr->frame_control), 4);
954 len += round_up(ath10k_htt_rx_crypto_param_len(ar,
955 enctype), 4);
956 decap_hdr += len;
957 }
958 921
959 switch (fmt) { 922 /* original 802.11 header has a different DA and in
960 case RX_MSDU_DECAP_RAW: 923 * case of 4addr it may also have different SA
961 /* remove trailing FCS */ 924 */
962 skb_trim(skb, skb->len - FCS_LEN); 925 hdr = (struct ieee80211_hdr *)msdu->data;
963 break; 926 ether_addr_copy(ieee80211_get_DA(hdr), da);
964 case RX_MSDU_DECAP_NATIVE_WIFI: 927 ether_addr_copy(ieee80211_get_SA(hdr), sa);
965 /* pull decapped header and copy SA & DA */ 928}
966 hdr = (struct ieee80211_hdr *)skb->data;
967 hdr_len = ath10k_htt_rx_nwifi_hdrlen(hdr);
968 ether_addr_copy(da, ieee80211_get_DA(hdr));
969 ether_addr_copy(sa, ieee80211_get_SA(hdr));
970 skb_pull(skb, hdr_len);
971
972 /* push original 802.11 header */
973 hdr = (struct ieee80211_hdr *)hdr_buf;
974 hdr_len = ieee80211_hdrlen(hdr->frame_control);
975 memcpy(skb_push(skb, hdr_len), hdr, hdr_len);
976
977 /* original A-MSDU header has the bit set but we're
978 * not including A-MSDU subframe header */
979 hdr = (struct ieee80211_hdr *)skb->data;
980 qos = ieee80211_get_qos_ctl(hdr);
981 qos[0] &= ~IEEE80211_QOS_CTL_A_MSDU_PRESENT;
982
983 /* original 802.11 header has a different DA and in
984 * case of 4addr it may also have different SA
985 */
986 ether_addr_copy(ieee80211_get_DA(hdr), da);
987 ether_addr_copy(ieee80211_get_SA(hdr), sa);
988 break;
989 case RX_MSDU_DECAP_ETHERNET2_DIX:
990 /* strip ethernet header and insert decapped 802.11
991 * header, amsdu subframe header and rfc1042 header */
992 929
993 len = 0; 930static void *ath10k_htt_rx_h_find_rfc1042(struct ath10k *ar,
994 len += sizeof(struct rfc1042_hdr); 931 struct sk_buff *msdu,
995 len += sizeof(struct amsdu_subframe_hdr); 932 enum htt_rx_mpdu_encrypt_type enctype)
933{
934 struct ieee80211_hdr *hdr;
935 struct htt_rx_desc *rxd;
936 size_t hdr_len, crypto_len;
937 void *rfc1042;
938 bool is_first, is_last, is_amsdu;
996 939
997 skb_pull(skb, sizeof(struct ethhdr)); 940 rxd = (void *)msdu->data - sizeof(*rxd);
998 memcpy(skb_push(skb, len), decap_hdr, len); 941 hdr = (void *)rxd->rx_hdr_status;
999 memcpy(skb_push(skb, hdr_len), hdr, hdr_len);
1000 break;
1001 case RX_MSDU_DECAP_8023_SNAP_LLC:
1002 /* insert decapped 802.11 header making a singly
1003 * A-MSDU */
1004 memcpy(skb_push(skb, hdr_len), hdr, hdr_len);
1005 break;
1006 }
1007 942
1008 skb_in = skb; 943 is_first = !!(rxd->msdu_end.info0 &
1009 ath10k_htt_rx_h_protected(htt, rx_status, skb_in, enctype, fmt, 944 __cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU));
1010 false); 945 is_last = !!(rxd->msdu_end.info0 &
1011 skb = skb->next; 946 __cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU));
1012 skb_in->next = NULL; 947 is_amsdu = !(is_first && is_last);
1013 948
1014 if (skb) 949 rfc1042 = hdr;
1015 rx_status->flag |= RX_FLAG_AMSDU_MORE; 950
1016 else 951 if (is_first) {
1017 rx_status->flag &= ~RX_FLAG_AMSDU_MORE; 952 hdr_len = ieee80211_hdrlen(hdr->frame_control);
953 crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype);
1018 954
1019 ath10k_process_rx(htt->ar, rx_status, skb_in); 955 rfc1042 += round_up(hdr_len, 4) +
956 round_up(crypto_len, 4);
1020 } 957 }
1021 958
1022 /* FIXME: It might be nice to re-assemble the A-MSDU when there's a 959 if (is_amsdu)
1023 * monitor interface active for sniffing purposes. */ 960 rfc1042 += sizeof(struct amsdu_subframe_hdr);
961
962 return rfc1042;
1024} 963}
1025 964
1026static void ath10k_htt_rx_msdu(struct ath10k_htt *htt, 965static void ath10k_htt_rx_h_undecap_eth(struct ath10k *ar,
1027 struct ieee80211_rx_status *rx_status, 966 struct sk_buff *msdu,
1028 struct sk_buff *skb) 967 struct ieee80211_rx_status *status,
968 const u8 first_hdr[64],
969 enum htt_rx_mpdu_encrypt_type enctype)
1029{ 970{
1030 struct ath10k *ar = htt->ar;
1031 struct htt_rx_desc *rxd;
1032 struct ieee80211_hdr *hdr; 971 struct ieee80211_hdr *hdr;
1033 enum rx_msdu_decap_format fmt; 972 struct ethhdr *eth;
1034 enum htt_rx_mpdu_encrypt_type enctype; 973 size_t hdr_len;
1035 int hdr_len;
1036 void *rfc1042; 974 void *rfc1042;
975 u8 da[ETH_ALEN];
976 u8 sa[ETH_ALEN];
1037 977
1038 /* This shouldn't happen. If it does than it may be a FW bug. */ 978 /* Delivered decapped frame:
1039 if (skb->next) { 979 * [eth header] <-- replaced with 802.11 hdr & rfc1042/llc
1040 ath10k_warn(ar, "htt rx received chained non A-MSDU frame\n"); 980 * [payload]
1041 ath10k_htt_rx_free_msdu_chain(skb->next); 981 */
1042 skb->next = NULL;
1043 }
1044 982
1045 rxd = (void *)skb->data - sizeof(*rxd); 983 rfc1042 = ath10k_htt_rx_h_find_rfc1042(ar, msdu, enctype);
1046 fmt = MS(__le32_to_cpu(rxd->msdu_start.info1), 984 if (WARN_ON_ONCE(!rfc1042))
1047 RX_MSDU_START_INFO1_DECAP_FORMAT); 985 return;
1048 enctype = MS(__le32_to_cpu(rxd->mpdu_start.info0), 986
1049 RX_MPDU_START_INFO0_ENCRYPT_TYPE); 987 /* pull decapped header and copy SA & DA */
1050 hdr = (struct ieee80211_hdr *)rxd->rx_hdr_status; 988 eth = (struct ethhdr *)msdu->data;
989 ether_addr_copy(da, eth->h_dest);
990 ether_addr_copy(sa, eth->h_source);
991 skb_pull(msdu, sizeof(struct ethhdr));
992
993 /* push rfc1042/llc/snap */
994 memcpy(skb_push(msdu, sizeof(struct rfc1042_hdr)), rfc1042,
995 sizeof(struct rfc1042_hdr));
996
997 /* push original 802.11 header */
998 hdr = (struct ieee80211_hdr *)first_hdr;
1051 hdr_len = ieee80211_hdrlen(hdr->frame_control); 999 hdr_len = ieee80211_hdrlen(hdr->frame_control);
1000 memcpy(skb_push(msdu, hdr_len), hdr, hdr_len);
1001
1002 /* original 802.11 header has a different DA and in
1003 * case of 4addr it may also have different SA
1004 */
1005 hdr = (struct ieee80211_hdr *)msdu->data;
1006 ether_addr_copy(ieee80211_get_DA(hdr), da);
1007 ether_addr_copy(ieee80211_get_SA(hdr), sa);
1008}
1009
1010static void ath10k_htt_rx_h_undecap_snap(struct ath10k *ar,
1011 struct sk_buff *msdu,
1012 struct ieee80211_rx_status *status,
1013 const u8 first_hdr[64])
1014{
1015 struct ieee80211_hdr *hdr;
1016 size_t hdr_len;
1052 1017
1053 skb->ip_summed = ath10k_htt_rx_get_csum_state(skb); 1018 /* Delivered decapped frame:
1019 * [amsdu header] <-- replaced with 802.11 hdr
1020 * [rfc1042/llc]
1021 * [payload]
1022 */
1023
1024 skb_pull(msdu, sizeof(struct amsdu_subframe_hdr));
1025
1026 hdr = (struct ieee80211_hdr *)first_hdr;
1027 hdr_len = ieee80211_hdrlen(hdr->frame_control);
1028 memcpy(skb_push(msdu, hdr_len), hdr, hdr_len);
1029}
1054 1030
1055 switch (fmt) { 1031static void ath10k_htt_rx_h_undecap(struct ath10k *ar,
1032 struct sk_buff *msdu,
1033 struct ieee80211_rx_status *status,
1034 u8 first_hdr[64],
1035 enum htt_rx_mpdu_encrypt_type enctype,
1036 bool is_decrypted)
1037{
1038 struct htt_rx_desc *rxd;
1039 enum rx_msdu_decap_format decap;
1040 struct ieee80211_hdr *hdr;
1041
1042 /* First msdu's decapped header:
1043 * [802.11 header] <-- padded to 4 bytes long
1044 * [crypto param] <-- padded to 4 bytes long
1045 * [amsdu header] <-- only if A-MSDU
1046 * [rfc1042/llc]
1047 *
1048 * Other (2nd, 3rd, ..) msdu's decapped header:
1049 * [amsdu header] <-- only if A-MSDU
1050 * [rfc1042/llc]
1051 */
1052
1053 rxd = (void *)msdu->data - sizeof(*rxd);
1054 hdr = (void *)rxd->rx_hdr_status;
1055 decap = MS(__le32_to_cpu(rxd->msdu_start.info1),
1056 RX_MSDU_START_INFO1_DECAP_FORMAT);
1057
1058 switch (decap) {
1056 case RX_MSDU_DECAP_RAW: 1059 case RX_MSDU_DECAP_RAW:
1057 /* remove trailing FCS */ 1060 ath10k_htt_rx_h_undecap_raw(ar, msdu, status, enctype,
1058 skb_trim(skb, skb->len - FCS_LEN); 1061 is_decrypted);
1059 break; 1062 break;
1060 case RX_MSDU_DECAP_NATIVE_WIFI: 1063 case RX_MSDU_DECAP_NATIVE_WIFI:
1061 /* Pull decapped header */ 1064 ath10k_htt_rx_h_undecap_nwifi(ar, msdu, status, first_hdr);
1062 hdr = (struct ieee80211_hdr *)skb->data;
1063 hdr_len = ath10k_htt_rx_nwifi_hdrlen(hdr);
1064 skb_pull(skb, hdr_len);
1065
1066 /* Push original header */
1067 hdr = (struct ieee80211_hdr *)rxd->rx_hdr_status;
1068 hdr_len = ieee80211_hdrlen(hdr->frame_control);
1069 memcpy(skb_push(skb, hdr_len), hdr, hdr_len);
1070 break; 1065 break;
1071 case RX_MSDU_DECAP_ETHERNET2_DIX: 1066 case RX_MSDU_DECAP_ETHERNET2_DIX:
1072 /* strip ethernet header and insert decapped 802.11 header and 1067 ath10k_htt_rx_h_undecap_eth(ar, msdu, status, first_hdr, enctype);
1073 * rfc1042 header */
1074
1075 rfc1042 = hdr;
1076 rfc1042 += roundup(hdr_len, 4);
1077 rfc1042 += roundup(ath10k_htt_rx_crypto_param_len(ar,
1078 enctype), 4);
1079
1080 skb_pull(skb, sizeof(struct ethhdr));
1081 memcpy(skb_push(skb, sizeof(struct rfc1042_hdr)),
1082 rfc1042, sizeof(struct rfc1042_hdr));
1083 memcpy(skb_push(skb, hdr_len), hdr, hdr_len);
1084 break; 1068 break;
1085 case RX_MSDU_DECAP_8023_SNAP_LLC: 1069 case RX_MSDU_DECAP_8023_SNAP_LLC:
1086 /* remove A-MSDU subframe header and insert 1070 ath10k_htt_rx_h_undecap_snap(ar, msdu, status, first_hdr);
1087 * decapped 802.11 header. rfc1042 header is already there */
1088
1089 skb_pull(skb, sizeof(struct amsdu_subframe_hdr));
1090 memcpy(skb_push(skb, hdr_len), hdr, hdr_len);
1091 break; 1071 break;
1092 } 1072 }
1093
1094 ath10k_htt_rx_h_protected(htt, rx_status, skb, enctype, fmt, false);
1095
1096 ath10k_process_rx(htt->ar, rx_status, skb);
1097} 1073}
1098 1074
1099static int ath10k_htt_rx_get_csum_state(struct sk_buff *skb) 1075static int ath10k_htt_rx_get_csum_state(struct sk_buff *skb)
@@ -1127,10 +1103,128 @@ static int ath10k_htt_rx_get_csum_state(struct sk_buff *skb)
1127 return CHECKSUM_UNNECESSARY; 1103 return CHECKSUM_UNNECESSARY;
1128} 1104}
1129 1105
1130static int ath10k_unchain_msdu(struct sk_buff *msdu_head) 1106static void ath10k_htt_rx_h_csum_offload(struct sk_buff *msdu)
1131{ 1107{
1132 struct sk_buff *next = msdu_head->next; 1108 msdu->ip_summed = ath10k_htt_rx_get_csum_state(msdu);
1133 struct sk_buff *to_free = next; 1109}
1110
1111static void ath10k_htt_rx_h_mpdu(struct ath10k *ar,
1112 struct sk_buff_head *amsdu,
1113 struct ieee80211_rx_status *status)
1114{
1115 struct sk_buff *first;
1116 struct sk_buff *last;
1117 struct sk_buff *msdu;
1118 struct htt_rx_desc *rxd;
1119 struct ieee80211_hdr *hdr;
1120 enum htt_rx_mpdu_encrypt_type enctype;
1121 u8 first_hdr[64];
1122 u8 *qos;
1123 size_t hdr_len;
1124 bool has_fcs_err;
1125 bool has_crypto_err;
1126 bool has_tkip_err;
1127 bool has_peer_idx_invalid;
1128 bool is_decrypted;
1129 u32 attention;
1130
1131 if (skb_queue_empty(amsdu))
1132 return;
1133
1134 first = skb_peek(amsdu);
1135 rxd = (void *)first->data - sizeof(*rxd);
1136
1137 enctype = MS(__le32_to_cpu(rxd->mpdu_start.info0),
1138 RX_MPDU_START_INFO0_ENCRYPT_TYPE);
1139
1140 /* First MSDU's Rx descriptor in an A-MSDU contains full 802.11
1141 * decapped header. It'll be used for undecapping of each MSDU.
1142 */
1143 hdr = (void *)rxd->rx_hdr_status;
1144 hdr_len = ieee80211_hdrlen(hdr->frame_control);
1145 memcpy(first_hdr, hdr, hdr_len);
1146
1147 /* Each A-MSDU subframe will use the original header as the base and be
1148 * reported as a separate MSDU so strip the A-MSDU bit from QoS Ctl.
1149 */
1150 hdr = (void *)first_hdr;
1151 qos = ieee80211_get_qos_ctl(hdr);
1152 qos[0] &= ~IEEE80211_QOS_CTL_A_MSDU_PRESENT;
1153
1154 /* Some attention flags are valid only in the last MSDU. */
1155 last = skb_peek_tail(amsdu);
1156 rxd = (void *)last->data - sizeof(*rxd);
1157 attention = __le32_to_cpu(rxd->attention.flags);
1158
1159 has_fcs_err = !!(attention & RX_ATTENTION_FLAGS_FCS_ERR);
1160 has_crypto_err = !!(attention & RX_ATTENTION_FLAGS_DECRYPT_ERR);
1161 has_tkip_err = !!(attention & RX_ATTENTION_FLAGS_TKIP_MIC_ERR);
1162 has_peer_idx_invalid = !!(attention & RX_ATTENTION_FLAGS_PEER_IDX_INVALID);
1163
1164 /* Note: If hardware captures an encrypted frame that it can't decrypt,
1165 * e.g. due to fcs error, missing peer or invalid key data it will
1166 * report the frame as raw.
1167 */
1168 is_decrypted = (enctype != HTT_RX_MPDU_ENCRYPT_NONE &&
1169 !has_fcs_err &&
1170 !has_crypto_err &&
1171 !has_peer_idx_invalid);
1172
1173 /* Clear per-MPDU flags while leaving per-PPDU flags intact. */
1174 status->flag &= ~(RX_FLAG_FAILED_FCS_CRC |
1175 RX_FLAG_MMIC_ERROR |
1176 RX_FLAG_DECRYPTED |
1177 RX_FLAG_IV_STRIPPED |
1178 RX_FLAG_MMIC_STRIPPED);
1179
1180 if (has_fcs_err)
1181 status->flag |= RX_FLAG_FAILED_FCS_CRC;
1182
1183 if (has_tkip_err)
1184 status->flag |= RX_FLAG_MMIC_ERROR;
1185
1186 if (is_decrypted)
1187 status->flag |= RX_FLAG_DECRYPTED |
1188 RX_FLAG_IV_STRIPPED |
1189 RX_FLAG_MMIC_STRIPPED;
1190
1191 skb_queue_walk(amsdu, msdu) {
1192 ath10k_htt_rx_h_csum_offload(msdu);
1193 ath10k_htt_rx_h_undecap(ar, msdu, status, first_hdr, enctype,
1194 is_decrypted);
1195
1196 /* Undecapping involves copying the original 802.11 header back
1197 * to sk_buff. If frame is protected and hardware has decrypted
1198 * it then remove the protected bit.
1199 */
1200 if (!is_decrypted)
1201 continue;
1202
1203 hdr = (void *)msdu->data;
1204 hdr->frame_control &= ~__cpu_to_le16(IEEE80211_FCTL_PROTECTED);
1205 }
1206}
1207
1208static void ath10k_htt_rx_h_deliver(struct ath10k *ar,
1209 struct sk_buff_head *amsdu,
1210 struct ieee80211_rx_status *status)
1211{
1212 struct sk_buff *msdu;
1213
1214 while ((msdu = __skb_dequeue(amsdu))) {
1215 /* Setup per-MSDU flags */
1216 if (skb_queue_empty(amsdu))
1217 status->flag &= ~RX_FLAG_AMSDU_MORE;
1218 else
1219 status->flag |= RX_FLAG_AMSDU_MORE;
1220
1221 ath10k_process_rx(ar, status, msdu);
1222 }
1223}
1224
1225static int ath10k_unchain_msdu(struct sk_buff_head *amsdu)
1226{
1227 struct sk_buff *skb, *first;
1134 int space; 1228 int space;
1135 int total_len = 0; 1229 int total_len = 0;
1136 1230
@@ -1141,99 +1235,142 @@ static int ath10k_unchain_msdu(struct sk_buff *msdu_head)
1141 * skb? 1235 * skb?
1142 */ 1236 */
1143 1237
1144 msdu_head->next = NULL; 1238 first = __skb_dequeue(amsdu);
1145 1239
1146 /* Allocate total length all at once. */ 1240 /* Allocate total length all at once. */
1147 while (next) { 1241 skb_queue_walk(amsdu, skb)
1148 total_len += next->len; 1242 total_len += skb->len;
1149 next = next->next;
1150 }
1151 1243
1152 space = total_len - skb_tailroom(msdu_head); 1244 space = total_len - skb_tailroom(first);
1153 if ((space > 0) && 1245 if ((space > 0) &&
1154 (pskb_expand_head(msdu_head, 0, space, GFP_ATOMIC) < 0)) { 1246 (pskb_expand_head(first, 0, space, GFP_ATOMIC) < 0)) {
1155 /* TODO: bump some rx-oom error stat */ 1247 /* TODO: bump some rx-oom error stat */
1156 /* put it back together so we can free the 1248 /* put it back together so we can free the
1157 * whole list at once. 1249 * whole list at once.
1158 */ 1250 */
1159 msdu_head->next = to_free; 1251 __skb_queue_head(amsdu, first);
1160 return -1; 1252 return -1;
1161 } 1253 }
1162 1254
1163 /* Walk list again, copying contents into 1255 /* Walk list again, copying contents into
1164 * msdu_head 1256 * msdu_head
1165 */ 1257 */
1166 next = to_free; 1258 while ((skb = __skb_dequeue(amsdu))) {
1167 while (next) { 1259 skb_copy_from_linear_data(skb, skb_put(first, skb->len),
1168 skb_copy_from_linear_data(next, skb_put(msdu_head, next->len), 1260 skb->len);
1169 next->len); 1261 dev_kfree_skb_any(skb);
1170 next = next->next;
1171 } 1262 }
1172 1263
1173 /* If here, we have consolidated skb. Free the 1264 __skb_queue_head(amsdu, first);
1174 * fragments and pass the main skb on up the
1175 * stack.
1176 */
1177 ath10k_htt_rx_free_msdu_chain(to_free);
1178 return 0; 1265 return 0;
1179} 1266}
1180 1267
1181static bool ath10k_htt_rx_amsdu_allowed(struct ath10k_htt *htt, 1268static void ath10k_htt_rx_h_unchain(struct ath10k *ar,
1182 struct sk_buff *head, 1269 struct sk_buff_head *amsdu,
1183 bool channel_set, 1270 bool chained)
1184 u32 attention)
1185{ 1271{
1186 struct ath10k *ar = htt->ar; 1272 struct sk_buff *first;
1273 struct htt_rx_desc *rxd;
1274 enum rx_msdu_decap_format decap;
1187 1275
1188 if (head->len == 0) { 1276 first = skb_peek(amsdu);
1189 ath10k_dbg(ar, ATH10K_DBG_HTT, 1277 rxd = (void *)first->data - sizeof(*rxd);
1190 "htt rx dropping due to zero-len\n"); 1278 decap = MS(__le32_to_cpu(rxd->msdu_start.info1),
1191 return false; 1279 RX_MSDU_START_INFO1_DECAP_FORMAT);
1192 }
1193 1280
1194 if (attention & RX_ATTENTION_FLAGS_DECRYPT_ERR) { 1281 if (!chained)
1195 ath10k_dbg(ar, ATH10K_DBG_HTT, 1282 return;
1196 "htt rx dropping due to decrypt-err\n"); 1283
1197 return false; 1284 /* FIXME: Current unchaining logic can only handle simple case of raw
1285 * msdu chaining. If decapping is other than raw the chaining may be
1286 * more complex and this isn't handled by the current code. Don't even
1287 * try re-constructing such frames - it'll be pretty much garbage.
1288 */
1289 if (decap != RX_MSDU_DECAP_RAW ||
1290 skb_queue_len(amsdu) != 1 + rxd->frag_info.ring2_more_count) {
1291 __skb_queue_purge(amsdu);
1292 return;
1198 } 1293 }
1199 1294
1200 if (!channel_set) { 1295 ath10k_unchain_msdu(amsdu);
1201 ath10k_warn(ar, "no channel configured; ignoring frame!\n"); 1296}
1297
1298static bool ath10k_htt_rx_amsdu_allowed(struct ath10k *ar,
1299 struct sk_buff_head *amsdu,
1300 struct ieee80211_rx_status *rx_status)
1301{
1302 struct sk_buff *msdu;
1303 struct htt_rx_desc *rxd;
1304 bool is_mgmt;
1305 bool has_fcs_err;
1306
1307 msdu = skb_peek(amsdu);
1308 rxd = (void *)msdu->data - sizeof(*rxd);
1309
1310 /* FIXME: It might be a good idea to do some fuzzy-testing to drop
1311 * invalid/dangerous frames.
1312 */
1313
1314 if (!rx_status->freq) {
1315 ath10k_warn(ar, "no channel configured; ignoring frame(s)!\n");
1202 return false; 1316 return false;
1203 } 1317 }
1204 1318
1205 /* Skip mgmt frames while we handle this in WMI */ 1319 is_mgmt = !!(rxd->attention.flags &
1206 if (attention & RX_ATTENTION_FLAGS_MGMT_TYPE) { 1320 __cpu_to_le32(RX_ATTENTION_FLAGS_MGMT_TYPE));
1321 has_fcs_err = !!(rxd->attention.flags &
1322 __cpu_to_le32(RX_ATTENTION_FLAGS_FCS_ERR));
1323
1324 /* Management frames are handled via WMI events. The pros of such
1325 * approach is that channel is explicitly provided in WMI events
1326 * whereas HTT doesn't provide channel information for Rxed frames.
1327 *
1328 * However some firmware revisions don't report corrupted frames via
1329 * WMI so don't drop them.
1330 */
1331 if (is_mgmt && !has_fcs_err) {
1207 ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx mgmt ctrl\n"); 1332 ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx mgmt ctrl\n");
1208 return false; 1333 return false;
1209 } 1334 }
1210 1335
1211 if (test_bit(ATH10K_CAC_RUNNING, &htt->ar->dev_flags)) { 1336 if (test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags)) {
1212 ath10k_dbg(ar, ATH10K_DBG_HTT, 1337 ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx cac running\n");
1213 "htt rx CAC running\n");
1214 return false; 1338 return false;
1215 } 1339 }
1216 1340
1217 return true; 1341 return true;
1218} 1342}
1219 1343
1344static void ath10k_htt_rx_h_filter(struct ath10k *ar,
1345 struct sk_buff_head *amsdu,
1346 struct ieee80211_rx_status *rx_status)
1347{
1348 if (skb_queue_empty(amsdu))
1349 return;
1350
1351 if (ath10k_htt_rx_amsdu_allowed(ar, amsdu, rx_status))
1352 return;
1353
1354 __skb_queue_purge(amsdu);
1355}
1356
1220static void ath10k_htt_rx_handler(struct ath10k_htt *htt, 1357static void ath10k_htt_rx_handler(struct ath10k_htt *htt,
1221 struct htt_rx_indication *rx) 1358 struct htt_rx_indication *rx)
1222{ 1359{
1223 struct ath10k *ar = htt->ar; 1360 struct ath10k *ar = htt->ar;
1224 struct ieee80211_rx_status *rx_status = &htt->rx_status; 1361 struct ieee80211_rx_status *rx_status = &htt->rx_status;
1225 struct htt_rx_indication_mpdu_range *mpdu_ranges; 1362 struct htt_rx_indication_mpdu_range *mpdu_ranges;
1226 struct ieee80211_hdr *hdr; 1363 struct sk_buff_head amsdu;
1227 int num_mpdu_ranges; 1364 int num_mpdu_ranges;
1228 u32 attention;
1229 int fw_desc_len; 1365 int fw_desc_len;
1230 u8 *fw_desc; 1366 u8 *fw_desc;
1231 bool channel_set; 1367 int i, ret, mpdu_count = 0;
1232 int i, j;
1233 int ret;
1234 1368
1235 lockdep_assert_held(&htt->rx_ring.lock); 1369 lockdep_assert_held(&htt->rx_ring.lock);
1236 1370
1371 if (htt->rx_confused)
1372 return;
1373
1237 fw_desc_len = __le16_to_cpu(rx->prefix.fw_rx_desc_bytes); 1374 fw_desc_len = __le16_to_cpu(rx->prefix.fw_rx_desc_bytes);
1238 fw_desc = (u8 *)&rx->fw_desc; 1375 fw_desc = (u8 *)&rx->fw_desc;
1239 1376
@@ -1241,85 +1378,33 @@ static void ath10k_htt_rx_handler(struct ath10k_htt *htt,
1241 HTT_RX_INDICATION_INFO1_NUM_MPDU_RANGES); 1378 HTT_RX_INDICATION_INFO1_NUM_MPDU_RANGES);
1242 mpdu_ranges = htt_rx_ind_get_mpdu_ranges(rx); 1379 mpdu_ranges = htt_rx_ind_get_mpdu_ranges(rx);
1243 1380
1244 /* Fill this once, while this is per-ppdu */
1245 if (rx->ppdu.info0 & HTT_RX_INDICATION_INFO0_START_VALID) {
1246 memset(rx_status, 0, sizeof(*rx_status));
1247 rx_status->signal = ATH10K_DEFAULT_NOISE_FLOOR +
1248 rx->ppdu.combined_rssi;
1249 }
1250
1251 if (rx->ppdu.info0 & HTT_RX_INDICATION_INFO0_END_VALID) {
1252 /* TSF available only in 32-bit */
1253 rx_status->mactime = __le32_to_cpu(rx->ppdu.tsf) & 0xffffffff;
1254 rx_status->flag |= RX_FLAG_MACTIME_END;
1255 }
1256
1257 channel_set = ath10k_htt_rx_h_channel(htt->ar, rx_status);
1258
1259 if (channel_set) {
1260 ath10k_htt_rx_h_rates(htt->ar, rx_status->band,
1261 rx->ppdu.info0,
1262 __le32_to_cpu(rx->ppdu.info1),
1263 __le32_to_cpu(rx->ppdu.info2),
1264 rx_status);
1265 }
1266
1267 ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt rx ind: ", 1381 ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt rx ind: ",
1268 rx, sizeof(*rx) + 1382 rx, sizeof(*rx) +
1269 (sizeof(struct htt_rx_indication_mpdu_range) * 1383 (sizeof(struct htt_rx_indication_mpdu_range) *
1270 num_mpdu_ranges)); 1384 num_mpdu_ranges));
1271 1385
1272 for (i = 0; i < num_mpdu_ranges; i++) { 1386 for (i = 0; i < num_mpdu_ranges; i++)
1273 for (j = 0; j < mpdu_ranges[i].mpdu_count; j++) { 1387 mpdu_count += mpdu_ranges[i].mpdu_count;
1274 struct sk_buff *msdu_head, *msdu_tail; 1388
1275 1389 while (mpdu_count--) {
1276 attention = 0; 1390 __skb_queue_head_init(&amsdu);
1277 msdu_head = NULL; 1391 ret = ath10k_htt_rx_amsdu_pop(htt, &fw_desc,
1278 msdu_tail = NULL; 1392 &fw_desc_len, &amsdu);
1279 ret = ath10k_htt_rx_amsdu_pop(htt, 1393 if (ret < 0) {
1280 &fw_desc, 1394 ath10k_warn(ar, "rx ring became corrupted: %d\n", ret);
1281 &fw_desc_len, 1395 __skb_queue_purge(&amsdu);
1282 &msdu_head, 1396 /* FIXME: It's probably a good idea to reboot the
1283 &msdu_tail, 1397 * device instead of leaving it inoperable.
1284 &attention); 1398 */
1285 1399 htt->rx_confused = true;
1286 if (ret < 0) { 1400 break;
1287 ath10k_warn(ar, "failed to pop amsdu from htt rx ring %d\n",
1288 ret);
1289 ath10k_htt_rx_free_msdu_chain(msdu_head);
1290 continue;
1291 }
1292
1293 if (!ath10k_htt_rx_amsdu_allowed(htt, msdu_head,
1294 channel_set,
1295 attention)) {
1296 ath10k_htt_rx_free_msdu_chain(msdu_head);
1297 continue;
1298 }
1299
1300 if (ret > 0 &&
1301 ath10k_unchain_msdu(msdu_head) < 0) {
1302 ath10k_htt_rx_free_msdu_chain(msdu_head);
1303 continue;
1304 }
1305
1306 if (attention & RX_ATTENTION_FLAGS_FCS_ERR)
1307 rx_status->flag |= RX_FLAG_FAILED_FCS_CRC;
1308 else
1309 rx_status->flag &= ~RX_FLAG_FAILED_FCS_CRC;
1310
1311 if (attention & RX_ATTENTION_FLAGS_TKIP_MIC_ERR)
1312 rx_status->flag |= RX_FLAG_MMIC_ERROR;
1313 else
1314 rx_status->flag &= ~RX_FLAG_MMIC_ERROR;
1315
1316 hdr = ath10k_htt_rx_skb_get_hdr(msdu_head);
1317
1318 if (ath10k_htt_rx_hdr_is_amsdu(hdr))
1319 ath10k_htt_rx_amsdu(htt, rx_status, msdu_head);
1320 else
1321 ath10k_htt_rx_msdu(htt, rx_status, msdu_head);
1322 } 1401 }
1402
1403 ath10k_htt_rx_h_ppdu(ar, &amsdu, rx_status);
1404 ath10k_htt_rx_h_unchain(ar, &amsdu, ret > 0);
1405 ath10k_htt_rx_h_filter(ar, &amsdu, rx_status);
1406 ath10k_htt_rx_h_mpdu(ar, &amsdu, rx_status);
1407 ath10k_htt_rx_h_deliver(ar, &amsdu, rx_status);
1323 } 1408 }
1324 1409
1325 tasklet_schedule(&htt->rx_replenish_task); 1410 tasklet_schedule(&htt->rx_replenish_task);
@@ -1329,30 +1414,20 @@ static void ath10k_htt_rx_frag_handler(struct ath10k_htt *htt,
1329 struct htt_rx_fragment_indication *frag) 1414 struct htt_rx_fragment_indication *frag)
1330{ 1415{
1331 struct ath10k *ar = htt->ar; 1416 struct ath10k *ar = htt->ar;
1332 struct sk_buff *msdu_head, *msdu_tail;
1333 enum htt_rx_mpdu_encrypt_type enctype;
1334 struct htt_rx_desc *rxd;
1335 enum rx_msdu_decap_format fmt;
1336 struct ieee80211_rx_status *rx_status = &htt->rx_status; 1417 struct ieee80211_rx_status *rx_status = &htt->rx_status;
1337 struct ieee80211_hdr *hdr; 1418 struct sk_buff_head amsdu;
1338 int ret; 1419 int ret;
1339 bool tkip_mic_err;
1340 bool decrypt_err;
1341 u8 *fw_desc; 1420 u8 *fw_desc;
1342 int fw_desc_len, hdrlen, paramlen; 1421 int fw_desc_len;
1343 int trim;
1344 u32 attention = 0;
1345 1422
1346 fw_desc_len = __le16_to_cpu(frag->fw_rx_desc_bytes); 1423 fw_desc_len = __le16_to_cpu(frag->fw_rx_desc_bytes);
1347 fw_desc = (u8 *)frag->fw_msdu_rx_desc; 1424 fw_desc = (u8 *)frag->fw_msdu_rx_desc;
1348 1425
1349 msdu_head = NULL; 1426 __skb_queue_head_init(&amsdu);
1350 msdu_tail = NULL;
1351 1427
1352 spin_lock_bh(&htt->rx_ring.lock); 1428 spin_lock_bh(&htt->rx_ring.lock);
1353 ret = ath10k_htt_rx_amsdu_pop(htt, &fw_desc, &fw_desc_len, 1429 ret = ath10k_htt_rx_amsdu_pop(htt, &fw_desc, &fw_desc_len,
1354 &msdu_head, &msdu_tail, 1430 &amsdu);
1355 &attention);
1356 spin_unlock_bh(&htt->rx_ring.lock); 1431 spin_unlock_bh(&htt->rx_ring.lock);
1357 1432
1358 tasklet_schedule(&htt->rx_replenish_task); 1433 tasklet_schedule(&htt->rx_replenish_task);
@@ -1362,77 +1437,21 @@ static void ath10k_htt_rx_frag_handler(struct ath10k_htt *htt,
1362 if (ret) { 1437 if (ret) {
1363 ath10k_warn(ar, "failed to pop amsdu from httr rx ring for fragmented rx %d\n", 1438 ath10k_warn(ar, "failed to pop amsdu from httr rx ring for fragmented rx %d\n",
1364 ret); 1439 ret);
1365 ath10k_htt_rx_free_msdu_chain(msdu_head); 1440 __skb_queue_purge(&amsdu);
1366 return; 1441 return;
1367 } 1442 }
1368 1443
1369 /* FIXME: implement signal strength */ 1444 if (skb_queue_len(&amsdu) != 1) {
1370 rx_status->flag |= RX_FLAG_NO_SIGNAL_VAL; 1445 ath10k_warn(ar, "failed to pop frag amsdu: too many msdus\n");
1371 1446 __skb_queue_purge(&amsdu);
1372 hdr = (struct ieee80211_hdr *)msdu_head->data; 1447 return;
1373 rxd = (void *)msdu_head->data - sizeof(*rxd);
1374 tkip_mic_err = !!(attention & RX_ATTENTION_FLAGS_TKIP_MIC_ERR);
1375 decrypt_err = !!(attention & RX_ATTENTION_FLAGS_DECRYPT_ERR);
1376 fmt = MS(__le32_to_cpu(rxd->msdu_start.info1),
1377 RX_MSDU_START_INFO1_DECAP_FORMAT);
1378
1379 if (fmt != RX_MSDU_DECAP_RAW) {
1380 ath10k_warn(ar, "we dont support non-raw fragmented rx yet\n");
1381 dev_kfree_skb_any(msdu_head);
1382 goto end;
1383 }
1384
1385 enctype = MS(__le32_to_cpu(rxd->mpdu_start.info0),
1386 RX_MPDU_START_INFO0_ENCRYPT_TYPE);
1387 ath10k_htt_rx_h_protected(htt, rx_status, msdu_head, enctype, fmt,
1388 true);
1389 msdu_head->ip_summed = ath10k_htt_rx_get_csum_state(msdu_head);
1390
1391 if (tkip_mic_err)
1392 ath10k_warn(ar, "tkip mic error\n");
1393
1394 if (decrypt_err) {
1395 ath10k_warn(ar, "decryption err in fragmented rx\n");
1396 dev_kfree_skb_any(msdu_head);
1397 goto end;
1398 }
1399
1400 if (enctype != HTT_RX_MPDU_ENCRYPT_NONE) {
1401 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1402 paramlen = ath10k_htt_rx_crypto_param_len(ar, enctype);
1403
1404 /* It is more efficient to move the header than the payload */
1405 memmove((void *)msdu_head->data + paramlen,
1406 (void *)msdu_head->data,
1407 hdrlen);
1408 skb_pull(msdu_head, paramlen);
1409 hdr = (struct ieee80211_hdr *)msdu_head->data;
1410 }
1411
1412 /* remove trailing FCS */
1413 trim = 4;
1414
1415 /* remove crypto trailer */
1416 trim += ath10k_htt_rx_crypto_tail_len(ar, enctype);
1417
1418 /* last fragment of TKIP frags has MIC */
1419 if (!ieee80211_has_morefrags(hdr->frame_control) &&
1420 enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA)
1421 trim += MICHAEL_MIC_LEN;
1422
1423 if (trim > msdu_head->len) {
1424 ath10k_warn(ar, "htt rx fragment: trailer longer than the frame itself? drop\n");
1425 dev_kfree_skb_any(msdu_head);
1426 goto end;
1427 } 1448 }
1428 1449
1429 skb_trim(msdu_head, msdu_head->len - trim); 1450 ath10k_htt_rx_h_ppdu(ar, &amsdu, rx_status);
1430 1451 ath10k_htt_rx_h_filter(ar, &amsdu, rx_status);
1431 ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt rx frag mpdu: ", 1452 ath10k_htt_rx_h_mpdu(ar, &amsdu, rx_status);
1432 msdu_head->data, msdu_head->len); 1453 ath10k_htt_rx_h_deliver(ar, &amsdu, rx_status);
1433 ath10k_process_rx(htt->ar, rx_status, msdu_head);
1434 1454
1435end:
1436 if (fw_desc_len > 0) { 1455 if (fw_desc_len > 0) {
1437 ath10k_dbg(ar, ATH10K_DBG_HTT, 1456 ath10k_dbg(ar, ATH10K_DBG_HTT,
1438 "expecting more fragmented rx in one indication %d\n", 1457 "expecting more fragmented rx in one indication %d\n",
diff --git a/drivers/net/wireless/ath/ath10k/htt_tx.c b/drivers/net/wireless/ath/ath10k/htt_tx.c
index 5b7e42f7377c..4bc51d8a14a3 100644
--- a/drivers/net/wireless/ath/ath10k/htt_tx.c
+++ b/drivers/net/wireless/ath/ath10k/htt_tx.c
@@ -554,13 +554,14 @@ int ath10k_htt_tx(struct ath10k_htt *htt, struct sk_buff *msdu)
554 skb_cb->htt.txbuf->cmd_tx.len = __cpu_to_le16(msdu->len); 554 skb_cb->htt.txbuf->cmd_tx.len = __cpu_to_le16(msdu->len);
555 skb_cb->htt.txbuf->cmd_tx.id = __cpu_to_le16(msdu_id); 555 skb_cb->htt.txbuf->cmd_tx.id = __cpu_to_le16(msdu_id);
556 skb_cb->htt.txbuf->cmd_tx.frags_paddr = __cpu_to_le32(frags_paddr); 556 skb_cb->htt.txbuf->cmd_tx.frags_paddr = __cpu_to_le32(frags_paddr);
557 skb_cb->htt.txbuf->cmd_tx.peerid = __cpu_to_le32(HTT_INVALID_PEERID); 557 skb_cb->htt.txbuf->cmd_tx.peerid = __cpu_to_le16(HTT_INVALID_PEERID);
558 skb_cb->htt.txbuf->cmd_tx.freq = __cpu_to_le16(skb_cb->htt.freq);
558 559
559 trace_ath10k_htt_tx(ar, msdu_id, msdu->len, vdev_id, tid); 560 trace_ath10k_htt_tx(ar, msdu_id, msdu->len, vdev_id, tid);
560 ath10k_dbg(ar, ATH10K_DBG_HTT, 561 ath10k_dbg(ar, ATH10K_DBG_HTT,
561 "htt tx flags0 %hhu flags1 %hu len %d id %hu frags_paddr %08x, msdu_paddr %08x vdev %hhu tid %hhu\n", 562 "htt tx flags0 %hhu flags1 %hu len %d id %hu frags_paddr %08x, msdu_paddr %08x vdev %hhu tid %hhu freq %hu\n",
562 flags0, flags1, msdu->len, msdu_id, frags_paddr, 563 flags0, flags1, msdu->len, msdu_id, frags_paddr,
563 (u32)skb_cb->paddr, vdev_id, tid); 564 (u32)skb_cb->paddr, vdev_id, tid, skb_cb->htt.freq);
564 ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt tx msdu: ", 565 ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt tx msdu: ",
565 msdu->data, msdu->len); 566 msdu->data, msdu->len);
566 trace_ath10k_tx_hdr(ar, msdu->data, msdu->len); 567 trace_ath10k_tx_hdr(ar, msdu->data, msdu->len);
diff --git a/drivers/net/wireless/ath/ath10k/hw.h b/drivers/net/wireless/ath/ath10k/hw.h
index 392c2501d0a1..dfedfd0e0f34 100644
--- a/drivers/net/wireless/ath/ath10k/hw.h
+++ b/drivers/net/wireless/ath/ath10k/hw.h
@@ -97,11 +97,13 @@ struct ath10k_pktlog_hdr {
97#define TARGET_DMA_BURST_SIZE 0 97#define TARGET_DMA_BURST_SIZE 0
98#define TARGET_MAC_AGGR_DELIM 0 98#define TARGET_MAC_AGGR_DELIM 0
99#define TARGET_AST_SKID_LIMIT 16 99#define TARGET_AST_SKID_LIMIT 16
100#define TARGET_NUM_PEERS 16 100#define TARGET_NUM_STATIONS 16
101#define TARGET_NUM_PEERS ((TARGET_NUM_STATIONS) + \
102 (TARGET_NUM_VDEVS))
101#define TARGET_NUM_OFFLOAD_PEERS 0 103#define TARGET_NUM_OFFLOAD_PEERS 0
102#define TARGET_NUM_OFFLOAD_REORDER_BUFS 0 104#define TARGET_NUM_OFFLOAD_REORDER_BUFS 0
103#define TARGET_NUM_PEER_KEYS 2 105#define TARGET_NUM_PEER_KEYS 2
104#define TARGET_NUM_TIDS (2 * ((TARGET_NUM_PEERS) + (TARGET_NUM_VDEVS))) 106#define TARGET_NUM_TIDS ((TARGET_NUM_PEERS) * 2)
105#define TARGET_TX_CHAIN_MASK (BIT(0) | BIT(1) | BIT(2)) 107#define TARGET_TX_CHAIN_MASK (BIT(0) | BIT(1) | BIT(2))
106#define TARGET_RX_CHAIN_MASK (BIT(0) | BIT(1) | BIT(2)) 108#define TARGET_RX_CHAIN_MASK (BIT(0) | BIT(1) | BIT(2))
107#define TARGET_RX_TIMEOUT_LO_PRI 100 109#define TARGET_RX_TIMEOUT_LO_PRI 100
@@ -132,12 +134,15 @@ struct ath10k_pktlog_hdr {
132#define TARGET_10X_DMA_BURST_SIZE 0 134#define TARGET_10X_DMA_BURST_SIZE 0
133#define TARGET_10X_MAC_AGGR_DELIM 0 135#define TARGET_10X_MAC_AGGR_DELIM 0
134#define TARGET_10X_AST_SKID_LIMIT 16 136#define TARGET_10X_AST_SKID_LIMIT 16
135#define TARGET_10X_NUM_PEERS (128 + (TARGET_10X_NUM_VDEVS)) 137#define TARGET_10X_NUM_STATIONS 128
136#define TARGET_10X_NUM_PEERS_MAX 128 138#define TARGET_10X_NUM_PEERS ((TARGET_10X_NUM_STATIONS) + \
139 (TARGET_10X_NUM_VDEVS))
137#define TARGET_10X_NUM_OFFLOAD_PEERS 0 140#define TARGET_10X_NUM_OFFLOAD_PEERS 0
138#define TARGET_10X_NUM_OFFLOAD_REORDER_BUFS 0 141#define TARGET_10X_NUM_OFFLOAD_REORDER_BUFS 0
139#define TARGET_10X_NUM_PEER_KEYS 2 142#define TARGET_10X_NUM_PEER_KEYS 2
140#define TARGET_10X_NUM_TIDS 256 143#define TARGET_10X_NUM_TIDS_MAX 256
144#define TARGET_10X_NUM_TIDS min((TARGET_10X_NUM_TIDS_MAX), \
145 (TARGET_10X_NUM_PEERS) * 2)
141#define TARGET_10X_TX_CHAIN_MASK (BIT(0) | BIT(1) | BIT(2)) 146#define TARGET_10X_TX_CHAIN_MASK (BIT(0) | BIT(1) | BIT(2))
142#define TARGET_10X_RX_CHAIN_MASK (BIT(0) | BIT(1) | BIT(2)) 147#define TARGET_10X_RX_CHAIN_MASK (BIT(0) | BIT(1) | BIT(2))
143#define TARGET_10X_RX_TIMEOUT_LO_PRI 100 148#define TARGET_10X_RX_TIMEOUT_LO_PRI 100
diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c
index 1245ac8c5c6f..c4005670cba2 100644
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
@@ -136,7 +136,9 @@ static int ath10k_install_peer_wep_keys(struct ath10k_vif *arvif,
136 if (ret) 136 if (ret)
137 return ret; 137 return ret;
138 138
139 spin_lock_bh(&ar->data_lock);
139 peer->keys[i] = arvif->wep_keys[i]; 140 peer->keys[i] = arvif->wep_keys[i];
141 spin_unlock_bh(&ar->data_lock);
140 } 142 }
141 143
142 return 0; 144 return 0;
@@ -173,12 +175,39 @@ static int ath10k_clear_peer_keys(struct ath10k_vif *arvif,
173 ath10k_warn(ar, "failed to remove peer wep key %d: %d\n", 175 ath10k_warn(ar, "failed to remove peer wep key %d: %d\n",
174 i, ret); 176 i, ret);
175 177
178 spin_lock_bh(&ar->data_lock);
176 peer->keys[i] = NULL; 179 peer->keys[i] = NULL;
180 spin_unlock_bh(&ar->data_lock);
177 } 181 }
178 182
179 return first_errno; 183 return first_errno;
180} 184}
181 185
186bool ath10k_mac_is_peer_wep_key_set(struct ath10k *ar, const u8 *addr,
187 u8 keyidx)
188{
189 struct ath10k_peer *peer;
190 int i;
191
192 lockdep_assert_held(&ar->data_lock);
193
194 /* We don't know which vdev this peer belongs to,
195 * since WMI doesn't give us that information.
196 *
197 * FIXME: multi-bss needs to be handled.
198 */
199 peer = ath10k_peer_find(ar, 0, addr);
200 if (!peer)
201 return false;
202
203 for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
204 if (peer->keys[i] && peer->keys[i]->keyidx == keyidx)
205 return true;
206 }
207
208 return false;
209}
210
182static int ath10k_clear_vdev_key(struct ath10k_vif *arvif, 211static int ath10k_clear_vdev_key(struct ath10k_vif *arvif,
183 struct ieee80211_key_conf *key) 212 struct ieee80211_key_conf *key)
184{ 213{
@@ -326,6 +355,9 @@ static int ath10k_peer_create(struct ath10k *ar, u32 vdev_id, const u8 *addr)
326 355
327 lockdep_assert_held(&ar->conf_mutex); 356 lockdep_assert_held(&ar->conf_mutex);
328 357
358 if (ar->num_peers >= ar->max_num_peers)
359 return -ENOBUFS;
360
329 ret = ath10k_wmi_peer_create(ar, vdev_id, addr); 361 ret = ath10k_wmi_peer_create(ar, vdev_id, addr);
330 if (ret) { 362 if (ret) {
331 ath10k_warn(ar, "failed to create wmi peer %pM on vdev %i: %i\n", 363 ath10k_warn(ar, "failed to create wmi peer %pM on vdev %i: %i\n",
@@ -339,9 +371,8 @@ static int ath10k_peer_create(struct ath10k *ar, u32 vdev_id, const u8 *addr)
339 addr, vdev_id, ret); 371 addr, vdev_id, ret);
340 return ret; 372 return ret;
341 } 373 }
342 spin_lock_bh(&ar->data_lock); 374
343 ar->num_peers++; 375 ar->num_peers++;
344 spin_unlock_bh(&ar->data_lock);
345 376
346 return 0; 377 return 0;
347} 378}
@@ -391,15 +422,11 @@ static int ath10k_mac_set_kickout(struct ath10k_vif *arvif)
391 return 0; 422 return 0;
392} 423}
393 424
394static int ath10k_mac_set_rts(struct ath10k_vif *arvif, u32 value) 425static int ath10k_mac_set_rts(struct ath10k_vif *arvif, u32 value)
395{ 426{
396 struct ath10k *ar = arvif->ar; 427 struct ath10k *ar = arvif->ar;
397 u32 vdev_param; 428 u32 vdev_param;
398 429
399 if (value != 0xFFFFFFFF)
400 value = min_t(u32, arvif->ar->hw->wiphy->rts_threshold,
401 ATH10K_RTS_MAX);
402
403 vdev_param = ar->wmi.vdev_param->rts_threshold; 430 vdev_param = ar->wmi.vdev_param->rts_threshold;
404 return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, value); 431 return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, value);
405} 432}
@@ -432,9 +459,7 @@ static int ath10k_peer_delete(struct ath10k *ar, u32 vdev_id, const u8 *addr)
432 if (ret) 459 if (ret)
433 return ret; 460 return ret;
434 461
435 spin_lock_bh(&ar->data_lock);
436 ar->num_peers--; 462 ar->num_peers--;
437 spin_unlock_bh(&ar->data_lock);
438 463
439 return 0; 464 return 0;
440} 465}
@@ -471,8 +496,10 @@ static void ath10k_peer_cleanup_all(struct ath10k *ar)
471 list_del(&peer->list); 496 list_del(&peer->list);
472 kfree(peer); 497 kfree(peer);
473 } 498 }
474 ar->num_peers = 0;
475 spin_unlock_bh(&ar->data_lock); 499 spin_unlock_bh(&ar->data_lock);
500
501 ar->num_peers = 0;
502 ar->num_stations = 0;
476} 503}
477 504
478/************************/ 505/************************/
@@ -1997,6 +2024,18 @@ static void ath10k_tx_h_add_p2p_noa_ie(struct ath10k *ar,
1997 } 2024 }
1998} 2025}
1999 2026
2027static bool ath10k_mac_need_offchan_tx_work(struct ath10k *ar)
2028{
2029 /* FIXME: Not really sure since when the behaviour changed. At some
2030 * point new firmware stopped requiring creation of peer entries for
2031 * offchannel tx (and actually creating them causes issues with wmi-htc
2032 * tx credit replenishment and reliability). Assuming it's at least 3.4
2033 * because that's when the `freq` was introduced to TX_FRM HTT command.
2034 */
2035 return !(ar->htt.target_version_major >= 3 &&
2036 ar->htt.target_version_minor >= 4);
2037}
2038
2000static void ath10k_tx_htt(struct ath10k *ar, struct sk_buff *skb) 2039static void ath10k_tx_htt(struct ath10k *ar, struct sk_buff *skb)
2001{ 2040{
2002 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 2041 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
@@ -2172,10 +2211,10 @@ void __ath10k_scan_finish(struct ath10k *ar)
2172 case ATH10K_SCAN_IDLE: 2211 case ATH10K_SCAN_IDLE:
2173 break; 2212 break;
2174 case ATH10K_SCAN_RUNNING: 2213 case ATH10K_SCAN_RUNNING:
2175 case ATH10K_SCAN_ABORTING:
2176 if (ar->scan.is_roc) 2214 if (ar->scan.is_roc)
2177 ieee80211_remain_on_channel_expired(ar->hw); 2215 ieee80211_remain_on_channel_expired(ar->hw);
2178 else 2216 case ATH10K_SCAN_ABORTING:
2217 if (!ar->scan.is_roc)
2179 ieee80211_scan_completed(ar->hw, 2218 ieee80211_scan_completed(ar->hw,
2180 (ar->scan.state == 2219 (ar->scan.state ==
2181 ATH10K_SCAN_ABORTING)); 2220 ATH10K_SCAN_ABORTING));
@@ -2341,16 +2380,21 @@ static void ath10k_tx(struct ieee80211_hw *hw,
2341 2380
2342 if (info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) { 2381 if (info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) {
2343 spin_lock_bh(&ar->data_lock); 2382 spin_lock_bh(&ar->data_lock);
2344 ATH10K_SKB_CB(skb)->htt.is_offchan = true; 2383 ATH10K_SKB_CB(skb)->htt.freq = ar->scan.roc_freq;
2345 ATH10K_SKB_CB(skb)->vdev_id = ar->scan.vdev_id; 2384 ATH10K_SKB_CB(skb)->vdev_id = ar->scan.vdev_id;
2346 spin_unlock_bh(&ar->data_lock); 2385 spin_unlock_bh(&ar->data_lock);
2347 2386
2348 ath10k_dbg(ar, ATH10K_DBG_MAC, "queued offchannel skb %p\n", 2387 if (ath10k_mac_need_offchan_tx_work(ar)) {
2349 skb); 2388 ATH10K_SKB_CB(skb)->htt.freq = 0;
2389 ATH10K_SKB_CB(skb)->htt.is_offchan = true;
2350 2390
2351 skb_queue_tail(&ar->offchan_tx_queue, skb); 2391 ath10k_dbg(ar, ATH10K_DBG_MAC, "queued offchannel skb %p\n",
2352 ieee80211_queue_work(hw, &ar->offchan_tx_work); 2392 skb);
2353 return; 2393
2394 skb_queue_tail(&ar->offchan_tx_queue, skb);
2395 ieee80211_queue_work(hw, &ar->offchan_tx_work);
2396 return;
2397 }
2354 } 2398 }
2355 2399
2356 ath10k_tx_htt(ar, skb); 2400 ath10k_tx_htt(ar, skb);
@@ -2414,12 +2458,28 @@ static int ath10k_get_antenna(struct ieee80211_hw *hw, u32 *tx_ant, u32 *rx_ant)
2414 return 0; 2458 return 0;
2415} 2459}
2416 2460
2461static void ath10k_check_chain_mask(struct ath10k *ar, u32 cm, const char *dbg)
2462{
2463 /* It is not clear that allowing gaps in chainmask
2464 * is helpful. Probably it will not do what user
2465 * is hoping for, so warn in that case.
2466 */
2467 if (cm == 15 || cm == 7 || cm == 3 || cm == 1 || cm == 0)
2468 return;
2469
2470 ath10k_warn(ar, "mac %s antenna chainmask may be invalid: 0x%x. Suggested values: 15, 7, 3, 1 or 0.\n",
2471 dbg, cm);
2472}
2473
2417static int __ath10k_set_antenna(struct ath10k *ar, u32 tx_ant, u32 rx_ant) 2474static int __ath10k_set_antenna(struct ath10k *ar, u32 tx_ant, u32 rx_ant)
2418{ 2475{
2419 int ret; 2476 int ret;
2420 2477
2421 lockdep_assert_held(&ar->conf_mutex); 2478 lockdep_assert_held(&ar->conf_mutex);
2422 2479
2480 ath10k_check_chain_mask(ar, tx_ant, "tx");
2481 ath10k_check_chain_mask(ar, rx_ant, "rx");
2482
2423 ar->cfg_tx_chainmask = tx_ant; 2483 ar->cfg_tx_chainmask = tx_ant;
2424 ar->cfg_rx_chainmask = rx_ant; 2484 ar->cfg_rx_chainmask = rx_ant;
2425 2485
@@ -2782,6 +2842,17 @@ static int ath10k_config(struct ieee80211_hw *hw, u32 changed)
2782 return ret; 2842 return ret;
2783} 2843}
2784 2844
2845static u32 get_nss_from_chainmask(u16 chain_mask)
2846{
2847 if ((chain_mask & 0x15) == 0x15)
2848 return 4;
2849 else if ((chain_mask & 0x7) == 0x7)
2850 return 3;
2851 else if ((chain_mask & 0x3) == 0x3)
2852 return 2;
2853 return 1;
2854}
2855
2785/* 2856/*
2786 * TODO: 2857 * TODO:
2787 * Figure out how to handle WMI_VDEV_SUBTYPE_P2P_DEVICE, 2858 * Figure out how to handle WMI_VDEV_SUBTYPE_P2P_DEVICE,
@@ -2914,6 +2985,20 @@ static int ath10k_add_interface(struct ieee80211_hw *hw,
2914 goto err_vdev_delete; 2985 goto err_vdev_delete;
2915 } 2986 }
2916 2987
2988 if (ar->cfg_tx_chainmask) {
2989 u16 nss = get_nss_from_chainmask(ar->cfg_tx_chainmask);
2990
2991 vdev_param = ar->wmi.vdev_param->nss;
2992 ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
2993 nss);
2994 if (ret) {
2995 ath10k_warn(ar, "failed to set vdev %i chainmask 0x%x, nss %i: %d\n",
2996 arvif->vdev_id, ar->cfg_tx_chainmask, nss,
2997 ret);
2998 goto err_vdev_delete;
2999 }
3000 }
3001
2917 if (arvif->vdev_type == WMI_VDEV_TYPE_AP) { 3002 if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
2918 ret = ath10k_peer_create(ar, arvif->vdev_id, vif->addr); 3003 ret = ath10k_peer_create(ar, arvif->vdev_id, vif->addr);
2919 if (ret) { 3004 if (ret) {
@@ -3014,10 +3099,10 @@ static void ath10k_remove_interface(struct ieee80211_hw *hw,
3014 struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif); 3099 struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
3015 int ret; 3100 int ret;
3016 3101
3017 mutex_lock(&ar->conf_mutex);
3018
3019 cancel_work_sync(&arvif->wep_key_work); 3102 cancel_work_sync(&arvif->wep_key_work);
3020 3103
3104 mutex_lock(&ar->conf_mutex);
3105
3021 spin_lock_bh(&ar->data_lock); 3106 spin_lock_bh(&ar->data_lock);
3022 ath10k_mac_vif_beacon_cleanup(arvif); 3107 ath10k_mac_vif_beacon_cleanup(arvif);
3023 spin_unlock_bh(&ar->data_lock); 3108 spin_unlock_bh(&ar->data_lock);
@@ -3511,6 +3596,37 @@ static void ath10k_sta_rc_update_wk(struct work_struct *wk)
3511 mutex_unlock(&ar->conf_mutex); 3596 mutex_unlock(&ar->conf_mutex);
3512} 3597}
3513 3598
3599static int ath10k_mac_inc_num_stations(struct ath10k_vif *arvif)
3600{
3601 struct ath10k *ar = arvif->ar;
3602
3603 lockdep_assert_held(&ar->conf_mutex);
3604
3605 if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
3606 arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
3607 return 0;
3608
3609 if (ar->num_stations >= ar->max_num_stations)
3610 return -ENOBUFS;
3611
3612 ar->num_stations++;
3613
3614 return 0;
3615}
3616
3617static void ath10k_mac_dec_num_stations(struct ath10k_vif *arvif)
3618{
3619 struct ath10k *ar = arvif->ar;
3620
3621 lockdep_assert_held(&ar->conf_mutex);
3622
3623 if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
3624 arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
3625 return;
3626
3627 ar->num_stations--;
3628}
3629
3514static int ath10k_sta_state(struct ieee80211_hw *hw, 3630static int ath10k_sta_state(struct ieee80211_hw *hw,
3515 struct ieee80211_vif *vif, 3631 struct ieee80211_vif *vif,
3516 struct ieee80211_sta *sta, 3632 struct ieee80211_sta *sta,
@@ -3520,7 +3636,6 @@ static int ath10k_sta_state(struct ieee80211_hw *hw,
3520 struct ath10k *ar = hw->priv; 3636 struct ath10k *ar = hw->priv;
3521 struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif); 3637 struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
3522 struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv; 3638 struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
3523 int max_num_peers;
3524 int ret = 0; 3639 int ret = 0;
3525 3640
3526 if (old_state == IEEE80211_STA_NOTEXIST && 3641 if (old_state == IEEE80211_STA_NOTEXIST &&
@@ -3542,26 +3657,26 @@ static int ath10k_sta_state(struct ieee80211_hw *hw,
3542 /* 3657 /*
3543 * New station addition. 3658 * New station addition.
3544 */ 3659 */
3545 if (test_bit(ATH10K_FW_FEATURE_WMI_10X, ar->fw_features)) 3660 ath10k_dbg(ar, ATH10K_DBG_MAC,
3546 max_num_peers = TARGET_10X_NUM_PEERS_MAX - 1; 3661 "mac vdev %d peer create %pM (new sta) sta %d / %d peer %d / %d\n",
3547 else 3662 arvif->vdev_id, sta->addr,
3548 max_num_peers = TARGET_NUM_PEERS; 3663 ar->num_stations + 1, ar->max_num_stations,
3664 ar->num_peers + 1, ar->max_num_peers);
3549 3665
3550 if (ar->num_peers >= max_num_peers) { 3666 ret = ath10k_mac_inc_num_stations(arvif);
3551 ath10k_warn(ar, "number of peers exceeded: peers number %d (max peers %d)\n", 3667 if (ret) {
3552 ar->num_peers, max_num_peers); 3668 ath10k_warn(ar, "refusing to associate station: too many connected already (%d)\n",
3553 ret = -ENOBUFS; 3669 ar->max_num_stations);
3554 goto exit; 3670 goto exit;
3555 } 3671 }
3556 3672
3557 ath10k_dbg(ar, ATH10K_DBG_MAC,
3558 "mac vdev %d peer create %pM (new sta) num_peers %d\n",
3559 arvif->vdev_id, sta->addr, ar->num_peers);
3560
3561 ret = ath10k_peer_create(ar, arvif->vdev_id, sta->addr); 3673 ret = ath10k_peer_create(ar, arvif->vdev_id, sta->addr);
3562 if (ret) 3674 if (ret) {
3563 ath10k_warn(ar, "failed to add peer %pM for vdev %d when adding a new sta: %i\n", 3675 ath10k_warn(ar, "failed to add peer %pM for vdev %d when adding a new sta: %i\n",
3564 sta->addr, arvif->vdev_id, ret); 3676 sta->addr, arvif->vdev_id, ret);
3677 ath10k_mac_dec_num_stations(arvif);
3678 goto exit;
3679 }
3565 3680
3566 if (vif->type == NL80211_IFTYPE_STATION) { 3681 if (vif->type == NL80211_IFTYPE_STATION) {
3567 WARN_ON(arvif->is_started); 3682 WARN_ON(arvif->is_started);
@@ -3572,6 +3687,7 @@ static int ath10k_sta_state(struct ieee80211_hw *hw,
3572 arvif->vdev_id, ret); 3687 arvif->vdev_id, ret);
3573 WARN_ON(ath10k_peer_delete(ar, arvif->vdev_id, 3688 WARN_ON(ath10k_peer_delete(ar, arvif->vdev_id,
3574 sta->addr)); 3689 sta->addr));
3690 ath10k_mac_dec_num_stations(arvif);
3575 goto exit; 3691 goto exit;
3576 } 3692 }
3577 3693
@@ -3602,6 +3718,7 @@ static int ath10k_sta_state(struct ieee80211_hw *hw,
3602 ath10k_warn(ar, "failed to delete peer %pM for vdev %d: %i\n", 3718 ath10k_warn(ar, "failed to delete peer %pM for vdev %d: %i\n",
3603 sta->addr, arvif->vdev_id, ret); 3719 sta->addr, arvif->vdev_id, ret);
3604 3720
3721 ath10k_mac_dec_num_stations(arvif);
3605 } else if (old_state == IEEE80211_STA_AUTH && 3722 } else if (old_state == IEEE80211_STA_AUTH &&
3606 new_state == IEEE80211_STA_ASSOC && 3723 new_state == IEEE80211_STA_ASSOC &&
3607 (vif->type == NL80211_IFTYPE_AP || 3724 (vif->type == NL80211_IFTYPE_AP ||
@@ -3790,6 +3907,8 @@ static int ath10k_remain_on_channel(struct ieee80211_hw *hw,
3790 if (ret) 3907 if (ret)
3791 goto exit; 3908 goto exit;
3792 3909
3910 duration = max(duration, WMI_SCAN_CHAN_MIN_TIME_MSEC);
3911
3793 memset(&arg, 0, sizeof(arg)); 3912 memset(&arg, 0, sizeof(arg));
3794 ath10k_wmi_start_scan_init(ar, &arg); 3913 ath10k_wmi_start_scan_init(ar, &arg);
3795 arg.vdev_id = arvif->vdev_id; 3914 arg.vdev_id = arvif->vdev_id;
@@ -4106,6 +4225,10 @@ ath10k_default_bitrate_mask(struct ath10k *ar,
4106 u32 legacy = 0x00ff; 4225 u32 legacy = 0x00ff;
4107 u8 ht = 0xff, i; 4226 u8 ht = 0xff, i;
4108 u16 vht = 0x3ff; 4227 u16 vht = 0x3ff;
4228 u16 nrf = ar->num_rf_chains;
4229
4230 if (ar->cfg_tx_chainmask)
4231 nrf = get_nss_from_chainmask(ar->cfg_tx_chainmask);
4109 4232
4110 switch (band) { 4233 switch (band) {
4111 case IEEE80211_BAND_2GHZ: 4234 case IEEE80211_BAND_2GHZ:
@@ -4121,11 +4244,11 @@ ath10k_default_bitrate_mask(struct ath10k *ar,
4121 if (mask->control[band].legacy != legacy) 4244 if (mask->control[band].legacy != legacy)
4122 return false; 4245 return false;
4123 4246
4124 for (i = 0; i < ar->num_rf_chains; i++) 4247 for (i = 0; i < nrf; i++)
4125 if (mask->control[band].ht_mcs[i] != ht) 4248 if (mask->control[band].ht_mcs[i] != ht)
4126 return false; 4249 return false;
4127 4250
4128 for (i = 0; i < ar->num_rf_chains; i++) 4251 for (i = 0; i < nrf; i++)
4129 if (mask->control[band].vht_mcs[i] != vht) 4252 if (mask->control[band].vht_mcs[i] != vht)
4130 return false; 4253 return false;
4131 4254
@@ -4376,6 +4499,9 @@ static int ath10k_set_bitrate_mask(struct ieee80211_hw *hw,
4376 u8 fixed_nss = ar->num_rf_chains; 4499 u8 fixed_nss = ar->num_rf_chains;
4377 u8 force_sgi; 4500 u8 force_sgi;
4378 4501
4502 if (ar->cfg_tx_chainmask)
4503 fixed_nss = get_nss_from_chainmask(ar->cfg_tx_chainmask);
4504
4379 force_sgi = mask->control[band].gi; 4505 force_sgi = mask->control[band].gi;
4380 if (force_sgi == NL80211_TXRATE_FORCE_LGI) 4506 if (force_sgi == NL80211_TXRATE_FORCE_LGI)
4381 return -EINVAL; 4507 return -EINVAL;
@@ -4905,10 +5031,6 @@ int ath10k_mac_register(struct ath10k *ar)
4905 IEEE80211_HW_AP_LINK_PS | 5031 IEEE80211_HW_AP_LINK_PS |
4906 IEEE80211_HW_SPECTRUM_MGMT; 5032 IEEE80211_HW_SPECTRUM_MGMT;
4907 5033
4908 /* MSDU can have HTT TX fragment pushed in front. The additional 4
4909 * bytes is used for padding/alignment if necessary. */
4910 ar->hw->extra_tx_headroom += sizeof(struct htt_data_tx_desc_frag)*2 + 4;
4911
4912 ar->hw->wiphy->features |= NL80211_FEATURE_STATIC_SMPS; 5034 ar->hw->wiphy->features |= NL80211_FEATURE_STATIC_SMPS;
4913 5035
4914 if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS) 5036 if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS)
diff --git a/drivers/net/wireless/ath/ath10k/mac.h b/drivers/net/wireless/ath/ath10k/mac.h
index 4e3c989aa841..68296117d203 100644
--- a/drivers/net/wireless/ath/ath10k/mac.h
+++ b/drivers/net/wireless/ath/ath10k/mac.h
@@ -21,6 +21,8 @@
21#include <net/mac80211.h> 21#include <net/mac80211.h>
22#include "core.h" 22#include "core.h"
23 23
24#define WEP_KEYID_SHIFT 6
25
24struct ath10k_generic_iter { 26struct ath10k_generic_iter {
25 struct ath10k *ar; 27 struct ath10k *ar;
26 int ret; 28 int ret;
@@ -41,6 +43,8 @@ void ath10k_mgmt_over_wmi_tx_work(struct work_struct *work);
41void ath10k_halt(struct ath10k *ar); 43void ath10k_halt(struct ath10k *ar);
42void ath10k_mac_vif_beacon_free(struct ath10k_vif *arvif); 44void ath10k_mac_vif_beacon_free(struct ath10k_vif *arvif);
43void ath10k_drain_tx(struct ath10k *ar); 45void ath10k_drain_tx(struct ath10k *ar);
46bool ath10k_mac_is_peer_wep_key_set(struct ath10k *ar, const u8 *addr,
47 u8 keyidx);
44 48
45static inline struct ath10k_vif *ath10k_vif_to_arvif(struct ieee80211_vif *vif) 49static inline struct ath10k_vif *ath10k_vif_to_arvif(struct ieee80211_vif *vif)
46{ 50{
diff --git a/drivers/net/wireless/ath/ath10k/pci.c b/drivers/net/wireless/ath/ath10k/pci.c
index 3a6b8a5ca96c..7abb8367119a 100644
--- a/drivers/net/wireless/ath/ath10k/pci.c
+++ b/drivers/net/wireless/ath/ath10k/pci.c
@@ -823,20 +823,24 @@ static void ath10k_pci_ce_send_done(struct ath10k_ce_pipe *ce_state)
823 struct ath10k *ar = ce_state->ar; 823 struct ath10k *ar = ce_state->ar;
824 struct ath10k_pci *ar_pci = ath10k_pci_priv(ar); 824 struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
825 struct ath10k_hif_cb *cb = &ar_pci->msg_callbacks_current; 825 struct ath10k_hif_cb *cb = &ar_pci->msg_callbacks_current;
826 void *transfer_context; 826 struct sk_buff_head list;
827 struct sk_buff *skb;
827 u32 ce_data; 828 u32 ce_data;
828 unsigned int nbytes; 829 unsigned int nbytes;
829 unsigned int transfer_id; 830 unsigned int transfer_id;
830 831
831 while (ath10k_ce_completed_send_next(ce_state, &transfer_context, 832 __skb_queue_head_init(&list);
832 &ce_data, &nbytes, 833 while (ath10k_ce_completed_send_next(ce_state, (void **)&skb, &ce_data,
833 &transfer_id) == 0) { 834 &nbytes, &transfer_id) == 0) {
834 /* no need to call tx completion for NULL pointers */ 835 /* no need to call tx completion for NULL pointers */
835 if (transfer_context == NULL) 836 if (skb == NULL)
836 continue; 837 continue;
837 838
838 cb->tx_completion(ar, transfer_context, transfer_id); 839 __skb_queue_tail(&list, skb);
839 } 840 }
841
842 while ((skb = __skb_dequeue(&list)))
843 cb->tx_completion(ar, skb);
840} 844}
841 845
842/* Called by lower (CE) layer when data is received from the Target. */ 846/* Called by lower (CE) layer when data is received from the Target. */
@@ -847,12 +851,14 @@ static void ath10k_pci_ce_recv_data(struct ath10k_ce_pipe *ce_state)
847 struct ath10k_pci_pipe *pipe_info = &ar_pci->pipe_info[ce_state->id]; 851 struct ath10k_pci_pipe *pipe_info = &ar_pci->pipe_info[ce_state->id];
848 struct ath10k_hif_cb *cb = &ar_pci->msg_callbacks_current; 852 struct ath10k_hif_cb *cb = &ar_pci->msg_callbacks_current;
849 struct sk_buff *skb; 853 struct sk_buff *skb;
854 struct sk_buff_head list;
850 void *transfer_context; 855 void *transfer_context;
851 u32 ce_data; 856 u32 ce_data;
852 unsigned int nbytes, max_nbytes; 857 unsigned int nbytes, max_nbytes;
853 unsigned int transfer_id; 858 unsigned int transfer_id;
854 unsigned int flags; 859 unsigned int flags;
855 860
861 __skb_queue_head_init(&list);
856 while (ath10k_ce_completed_recv_next(ce_state, &transfer_context, 862 while (ath10k_ce_completed_recv_next(ce_state, &transfer_context,
857 &ce_data, &nbytes, &transfer_id, 863 &ce_data, &nbytes, &transfer_id,
858 &flags) == 0) { 864 &flags) == 0) {
@@ -869,13 +875,16 @@ static void ath10k_pci_ce_recv_data(struct ath10k_ce_pipe *ce_state)
869 } 875 }
870 876
871 skb_put(skb, nbytes); 877 skb_put(skb, nbytes);
878 __skb_queue_tail(&list, skb);
879 }
872 880
881 while ((skb = __skb_dequeue(&list))) {
873 ath10k_dbg(ar, ATH10K_DBG_PCI, "pci rx ce pipe %d len %d\n", 882 ath10k_dbg(ar, ATH10K_DBG_PCI, "pci rx ce pipe %d len %d\n",
874 ce_state->id, skb->len); 883 ce_state->id, skb->len);
875 ath10k_dbg_dump(ar, ATH10K_DBG_PCI_DUMP, NULL, "pci rx: ", 884 ath10k_dbg_dump(ar, ATH10K_DBG_PCI_DUMP, NULL, "pci rx: ",
876 skb->data, skb->len); 885 skb->data, skb->len);
877 886
878 cb->rx_completion(ar, skb, pipe_info->pipe_num); 887 cb->rx_completion(ar, skb);
879 } 888 }
880 889
881 ath10k_pci_rx_post_pipe(pipe_info); 890 ath10k_pci_rx_post_pipe(pipe_info);
@@ -1263,7 +1272,7 @@ static void ath10k_pci_tx_pipe_cleanup(struct ath10k_pci_pipe *pci_pipe)
1263 id = MS(__le16_to_cpu(ce_desc[i].flags), 1272 id = MS(__le16_to_cpu(ce_desc[i].flags),
1264 CE_DESC_FLAGS_META_DATA); 1273 CE_DESC_FLAGS_META_DATA);
1265 1274
1266 ar_pci->msg_callbacks_current.tx_completion(ar, skb, id); 1275 ar_pci->msg_callbacks_current.tx_completion(ar, skb);
1267 } 1276 }
1268} 1277}
1269 1278
@@ -1988,6 +1997,7 @@ static int ath10k_pci_hif_resume(struct ath10k *ar)
1988static const struct ath10k_hif_ops ath10k_pci_hif_ops = { 1997static const struct ath10k_hif_ops ath10k_pci_hif_ops = {
1989 .tx_sg = ath10k_pci_hif_tx_sg, 1998 .tx_sg = ath10k_pci_hif_tx_sg,
1990 .diag_read = ath10k_pci_hif_diag_read, 1999 .diag_read = ath10k_pci_hif_diag_read,
2000 .diag_write = ath10k_pci_diag_write_mem,
1991 .exchange_bmi_msg = ath10k_pci_hif_exchange_bmi_msg, 2001 .exchange_bmi_msg = ath10k_pci_hif_exchange_bmi_msg,
1992 .start = ath10k_pci_hif_start, 2002 .start = ath10k_pci_hif_start,
1993 .stop = ath10k_pci_hif_stop, 2003 .stop = ath10k_pci_hif_stop,
@@ -1998,6 +2008,8 @@ static const struct ath10k_hif_ops ath10k_pci_hif_ops = {
1998 .get_free_queue_number = ath10k_pci_hif_get_free_queue_number, 2008 .get_free_queue_number = ath10k_pci_hif_get_free_queue_number,
1999 .power_up = ath10k_pci_hif_power_up, 2009 .power_up = ath10k_pci_hif_power_up,
2000 .power_down = ath10k_pci_hif_power_down, 2010 .power_down = ath10k_pci_hif_power_down,
2011 .read32 = ath10k_pci_read32,
2012 .write32 = ath10k_pci_write32,
2001#ifdef CONFIG_PM 2013#ifdef CONFIG_PM
2002 .suspend = ath10k_pci_hif_suspend, 2014 .suspend = ath10k_pci_hif_suspend,
2003 .resume = ath10k_pci_hif_resume, 2015 .resume = ath10k_pci_hif_resume,
diff --git a/drivers/net/wireless/ath/ath10k/trace.h b/drivers/net/wireless/ath/ath10k/trace.h
index ceea5668f3f6..b289378b6e3e 100644
--- a/drivers/net/wireless/ath/ath10k/trace.h
+++ b/drivers/net/wireless/ath/ath10k/trace.h
@@ -21,9 +21,11 @@
21#include "core.h" 21#include "core.h"
22 22
23#if !defined(_TRACE_H_) 23#if !defined(_TRACE_H_)
24static inline u32 ath10k_frm_hdr_len(void *buf) 24static inline u32 ath10k_frm_hdr_len(const void *buf)
25{ 25{
26 return ieee80211_hdrlen(((struct ieee80211_hdr *)buf)->frame_control); 26 const struct ieee80211_hdr *hdr = buf;
27
28 return ieee80211_hdrlen(hdr->frame_control);
27} 29}
28#endif 30#endif
29 31
@@ -145,7 +147,8 @@ TRACE_EVENT(ath10k_log_dbg_dump,
145); 147);
146 148
147TRACE_EVENT(ath10k_wmi_cmd, 149TRACE_EVENT(ath10k_wmi_cmd,
148 TP_PROTO(struct ath10k *ar, int id, void *buf, size_t buf_len, int ret), 150 TP_PROTO(struct ath10k *ar, int id, const void *buf, size_t buf_len,
151 int ret),
149 152
150 TP_ARGS(ar, id, buf, buf_len, ret), 153 TP_ARGS(ar, id, buf, buf_len, ret),
151 154
@@ -178,7 +181,7 @@ TRACE_EVENT(ath10k_wmi_cmd,
178); 181);
179 182
180TRACE_EVENT(ath10k_wmi_event, 183TRACE_EVENT(ath10k_wmi_event,
181 TP_PROTO(struct ath10k *ar, int id, void *buf, size_t buf_len), 184 TP_PROTO(struct ath10k *ar, int id, const void *buf, size_t buf_len),
182 185
183 TP_ARGS(ar, id, buf, buf_len), 186 TP_ARGS(ar, id, buf, buf_len),
184 187
@@ -208,7 +211,7 @@ TRACE_EVENT(ath10k_wmi_event,
208); 211);
209 212
210TRACE_EVENT(ath10k_htt_stats, 213TRACE_EVENT(ath10k_htt_stats,
211 TP_PROTO(struct ath10k *ar, void *buf, size_t buf_len), 214 TP_PROTO(struct ath10k *ar, const void *buf, size_t buf_len),
212 215
213 TP_ARGS(ar, buf, buf_len), 216 TP_ARGS(ar, buf, buf_len),
214 217
@@ -235,7 +238,7 @@ TRACE_EVENT(ath10k_htt_stats,
235); 238);
236 239
237TRACE_EVENT(ath10k_wmi_dbglog, 240TRACE_EVENT(ath10k_wmi_dbglog,
238 TP_PROTO(struct ath10k *ar, void *buf, size_t buf_len), 241 TP_PROTO(struct ath10k *ar, const void *buf, size_t buf_len),
239 242
240 TP_ARGS(ar, buf, buf_len), 243 TP_ARGS(ar, buf, buf_len),
241 244
@@ -262,7 +265,7 @@ TRACE_EVENT(ath10k_wmi_dbglog,
262); 265);
263 266
264TRACE_EVENT(ath10k_htt_pktlog, 267TRACE_EVENT(ath10k_htt_pktlog,
265 TP_PROTO(struct ath10k *ar, void *buf, u16 buf_len), 268 TP_PROTO(struct ath10k *ar, const void *buf, u16 buf_len),
266 269
267 TP_ARGS(ar, buf, buf_len), 270 TP_ARGS(ar, buf, buf_len),
268 271
@@ -349,7 +352,7 @@ TRACE_EVENT(ath10k_txrx_tx_unref,
349); 352);
350 353
351DECLARE_EVENT_CLASS(ath10k_hdr_event, 354DECLARE_EVENT_CLASS(ath10k_hdr_event,
352 TP_PROTO(struct ath10k *ar, void *data, size_t len), 355 TP_PROTO(struct ath10k *ar, const void *data, size_t len),
353 356
354 TP_ARGS(ar, data, len), 357 TP_ARGS(ar, data, len),
355 358
@@ -376,7 +379,7 @@ DECLARE_EVENT_CLASS(ath10k_hdr_event,
376); 379);
377 380
378DECLARE_EVENT_CLASS(ath10k_payload_event, 381DECLARE_EVENT_CLASS(ath10k_payload_event,
379 TP_PROTO(struct ath10k *ar, void *data, size_t len), 382 TP_PROTO(struct ath10k *ar, const void *data, size_t len),
380 383
381 TP_ARGS(ar, data, len), 384 TP_ARGS(ar, data, len),
382 385
@@ -404,27 +407,27 @@ DECLARE_EVENT_CLASS(ath10k_payload_event,
404); 407);
405 408
406DEFINE_EVENT(ath10k_hdr_event, ath10k_tx_hdr, 409DEFINE_EVENT(ath10k_hdr_event, ath10k_tx_hdr,
407 TP_PROTO(struct ath10k *ar, void *data, size_t len), 410 TP_PROTO(struct ath10k *ar, const void *data, size_t len),
408 TP_ARGS(ar, data, len) 411 TP_ARGS(ar, data, len)
409); 412);
410 413
411DEFINE_EVENT(ath10k_payload_event, ath10k_tx_payload, 414DEFINE_EVENT(ath10k_payload_event, ath10k_tx_payload,
412 TP_PROTO(struct ath10k *ar, void *data, size_t len), 415 TP_PROTO(struct ath10k *ar, const void *data, size_t len),
413 TP_ARGS(ar, data, len) 416 TP_ARGS(ar, data, len)
414); 417);
415 418
416DEFINE_EVENT(ath10k_hdr_event, ath10k_rx_hdr, 419DEFINE_EVENT(ath10k_hdr_event, ath10k_rx_hdr,
417 TP_PROTO(struct ath10k *ar, void *data, size_t len), 420 TP_PROTO(struct ath10k *ar, const void *data, size_t len),
418 TP_ARGS(ar, data, len) 421 TP_ARGS(ar, data, len)
419); 422);
420 423
421DEFINE_EVENT(ath10k_payload_event, ath10k_rx_payload, 424DEFINE_EVENT(ath10k_payload_event, ath10k_rx_payload,
422 TP_PROTO(struct ath10k *ar, void *data, size_t len), 425 TP_PROTO(struct ath10k *ar, const void *data, size_t len),
423 TP_ARGS(ar, data, len) 426 TP_ARGS(ar, data, len)
424); 427);
425 428
426TRACE_EVENT(ath10k_htt_rx_desc, 429TRACE_EVENT(ath10k_htt_rx_desc,
427 TP_PROTO(struct ath10k *ar, void *data, size_t len), 430 TP_PROTO(struct ath10k *ar, const void *data, size_t len),
428 431
429 TP_ARGS(ar, data, len), 432 TP_ARGS(ar, data, len),
430 433
diff --git a/drivers/net/wireless/ath/ath10k/wmi.c b/drivers/net/wireless/ath/ath10k/wmi.c
index c2bc8282f6cb..c0f3e4d09263 100644
--- a/drivers/net/wireless/ath/ath10k/wmi.c
+++ b/drivers/net/wireless/ath/ath10k/wmi.c
@@ -1113,6 +1113,40 @@ static inline u8 get_rate_idx(u32 rate, enum ieee80211_band band)
1113 return rate_idx; 1113 return rate_idx;
1114} 1114}
1115 1115
1116/* If keys are configured, HW decrypts all frames
1117 * with protected bit set. Mark such frames as decrypted.
1118 */
1119static void ath10k_wmi_handle_wep_reauth(struct ath10k *ar,
1120 struct sk_buff *skb,
1121 struct ieee80211_rx_status *status)
1122{
1123 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1124 unsigned int hdrlen;
1125 bool peer_key;
1126 u8 *addr, keyidx;
1127
1128 if (!ieee80211_is_auth(hdr->frame_control) ||
1129 !ieee80211_has_protected(hdr->frame_control))
1130 return;
1131
1132 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1133 if (skb->len < (hdrlen + IEEE80211_WEP_IV_LEN))
1134 return;
1135
1136 keyidx = skb->data[hdrlen + (IEEE80211_WEP_IV_LEN - 1)] >> WEP_KEYID_SHIFT;
1137 addr = ieee80211_get_SA(hdr);
1138
1139 spin_lock_bh(&ar->data_lock);
1140 peer_key = ath10k_mac_is_peer_wep_key_set(ar, addr, keyidx);
1141 spin_unlock_bh(&ar->data_lock);
1142
1143 if (peer_key) {
1144 ath10k_dbg(ar, ATH10K_DBG_MAC,
1145 "mac wep key present for peer %pM\n", addr);
1146 status->flag |= RX_FLAG_DECRYPTED;
1147 }
1148}
1149
1116static int ath10k_wmi_event_mgmt_rx(struct ath10k *ar, struct sk_buff *skb) 1150static int ath10k_wmi_event_mgmt_rx(struct ath10k *ar, struct sk_buff *skb)
1117{ 1151{
1118 struct wmi_mgmt_rx_event_v1 *ev_v1; 1152 struct wmi_mgmt_rx_event_v1 *ev_v1;
@@ -1166,8 +1200,11 @@ static int ath10k_wmi_event_mgmt_rx(struct ath10k *ar, struct sk_buff *skb)
1166 return 0; 1200 return 0;
1167 } 1201 }
1168 1202
1169 if (rx_status & WMI_RX_STATUS_ERR_CRC) 1203 if (rx_status & WMI_RX_STATUS_ERR_CRC) {
1170 status->flag |= RX_FLAG_FAILED_FCS_CRC; 1204 dev_kfree_skb(skb);
1205 return 0;
1206 }
1207
1171 if (rx_status & WMI_RX_STATUS_ERR_MIC) 1208 if (rx_status & WMI_RX_STATUS_ERR_MIC)
1172 status->flag |= RX_FLAG_MMIC_ERROR; 1209 status->flag |= RX_FLAG_MMIC_ERROR;
1173 1210
@@ -1200,6 +1237,8 @@ static int ath10k_wmi_event_mgmt_rx(struct ath10k *ar, struct sk_buff *skb)
1200 hdr = (struct ieee80211_hdr *)skb->data; 1237 hdr = (struct ieee80211_hdr *)skb->data;
1201 fc = le16_to_cpu(hdr->frame_control); 1238 fc = le16_to_cpu(hdr->frame_control);
1202 1239
1240 ath10k_wmi_handle_wep_reauth(ar, skb, status);
1241
1203 /* FW delivers WEP Shared Auth frame with Protected Bit set and 1242 /* FW delivers WEP Shared Auth frame with Protected Bit set and
1204 * encrypted payload. However in case of PMF it delivers decrypted 1243 * encrypted payload. However in case of PMF it delivers decrypted
1205 * frames with Protected Bit set. */ 1244 * frames with Protected Bit set. */
@@ -2261,7 +2300,7 @@ static void ath10k_wmi_event_debug_print(struct ath10k *ar,
2261 /* the last byte is always reserved for the null character */ 2300 /* the last byte is always reserved for the null character */
2262 buf[i] = '\0'; 2301 buf[i] = '\0';
2263 2302
2264 ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi event debug print '%s'\n", buf); 2303 ath10k_dbg(ar, ATH10K_DBG_WMI_PRINT, "wmi print '%s'\n", buf);
2265} 2304}
2266 2305
2267static void ath10k_wmi_event_pdev_qvit(struct ath10k *ar, struct sk_buff *skb) 2306static void ath10k_wmi_event_pdev_qvit(struct ath10k *ar, struct sk_buff *skb)
@@ -2418,6 +2457,7 @@ static int ath10k_wmi_main_pull_svc_rdy_ev(struct sk_buff *skb,
2418 arg->eeprom_rd = ev->hal_reg_capabilities.eeprom_rd; 2457 arg->eeprom_rd = ev->hal_reg_capabilities.eeprom_rd;
2419 arg->num_mem_reqs = ev->num_mem_reqs; 2458 arg->num_mem_reqs = ev->num_mem_reqs;
2420 arg->service_map = ev->wmi_service_bitmap; 2459 arg->service_map = ev->wmi_service_bitmap;
2460 arg->service_map_len = sizeof(ev->wmi_service_bitmap);
2421 2461
2422 n = min_t(size_t, __le32_to_cpu(arg->num_mem_reqs), 2462 n = min_t(size_t, __le32_to_cpu(arg->num_mem_reqs),
2423 ARRAY_SIZE(arg->mem_reqs)); 2463 ARRAY_SIZE(arg->mem_reqs));
@@ -2452,6 +2492,7 @@ static int ath10k_wmi_10x_pull_svc_rdy_ev(struct sk_buff *skb,
2452 arg->eeprom_rd = ev->hal_reg_capabilities.eeprom_rd; 2492 arg->eeprom_rd = ev->hal_reg_capabilities.eeprom_rd;
2453 arg->num_mem_reqs = ev->num_mem_reqs; 2493 arg->num_mem_reqs = ev->num_mem_reqs;
2454 arg->service_map = ev->wmi_service_bitmap; 2494 arg->service_map = ev->wmi_service_bitmap;
2495 arg->service_map_len = sizeof(ev->wmi_service_bitmap);
2455 2496
2456 n = min_t(size_t, __le32_to_cpu(arg->num_mem_reqs), 2497 n = min_t(size_t, __le32_to_cpu(arg->num_mem_reqs),
2457 ARRAY_SIZE(arg->mem_reqs)); 2498 ARRAY_SIZE(arg->mem_reqs));
@@ -2470,15 +2511,18 @@ static void ath10k_wmi_event_service_ready(struct ath10k *ar,
2470{ 2511{
2471 struct wmi_svc_rdy_ev_arg arg = {}; 2512 struct wmi_svc_rdy_ev_arg arg = {};
2472 u32 num_units, req_id, unit_size, num_mem_reqs, num_unit_info, i; 2513 u32 num_units, req_id, unit_size, num_mem_reqs, num_unit_info, i;
2473 DECLARE_BITMAP(svc_bmap, WMI_SERVICE_MAX) = {};
2474 int ret; 2514 int ret;
2475 2515
2516 memset(&ar->wmi.svc_map, 0, sizeof(ar->wmi.svc_map));
2517
2476 if (test_bit(ATH10K_FW_FEATURE_WMI_10X, ar->fw_features)) { 2518 if (test_bit(ATH10K_FW_FEATURE_WMI_10X, ar->fw_features)) {
2477 ret = ath10k_wmi_10x_pull_svc_rdy_ev(skb, &arg); 2519 ret = ath10k_wmi_10x_pull_svc_rdy_ev(skb, &arg);
2478 wmi_10x_svc_map(arg.service_map, svc_bmap); 2520 wmi_10x_svc_map(arg.service_map, ar->wmi.svc_map,
2521 arg.service_map_len);
2479 } else { 2522 } else {
2480 ret = ath10k_wmi_main_pull_svc_rdy_ev(skb, &arg); 2523 ret = ath10k_wmi_main_pull_svc_rdy_ev(skb, &arg);
2481 wmi_main_svc_map(arg.service_map, svc_bmap); 2524 wmi_main_svc_map(arg.service_map, ar->wmi.svc_map,
2525 arg.service_map_len);
2482 } 2526 }
2483 2527
2484 if (ret) { 2528 if (ret) {
@@ -2500,9 +2544,8 @@ static void ath10k_wmi_event_service_ready(struct ath10k *ar,
2500 ar->num_rf_chains = __le32_to_cpu(arg.num_rf_chains); 2544 ar->num_rf_chains = __le32_to_cpu(arg.num_rf_chains);
2501 ar->ath_common.regulatory.current_rd = __le32_to_cpu(arg.eeprom_rd); 2545 ar->ath_common.regulatory.current_rd = __le32_to_cpu(arg.eeprom_rd);
2502 2546
2503 ath10k_debug_read_service_map(ar, svc_bmap, sizeof(svc_bmap));
2504 ath10k_dbg_dump(ar, ATH10K_DBG_WMI, NULL, "wmi svc: ", 2547 ath10k_dbg_dump(ar, ATH10K_DBG_WMI, NULL, "wmi svc: ",
2505 arg.service_map, sizeof(arg.service_map)); 2548 arg.service_map, arg.service_map_len);
2506 2549
2507 /* only manually set fw features when not using FW IE format */ 2550 /* only manually set fw features when not using FW IE format */
2508 if (ar->fw_api == 1 && ar->fw_version_build > 636) 2551 if (ar->fw_api == 1 && ar->fw_version_build > 636)
@@ -3142,7 +3185,7 @@ static int ath10k_wmi_main_cmd_init(struct ath10k *ar)
3142 u32 len, val; 3185 u32 len, val;
3143 3186
3144 config.num_vdevs = __cpu_to_le32(TARGET_NUM_VDEVS); 3187 config.num_vdevs = __cpu_to_le32(TARGET_NUM_VDEVS);
3145 config.num_peers = __cpu_to_le32(TARGET_NUM_PEERS + TARGET_NUM_VDEVS); 3188 config.num_peers = __cpu_to_le32(TARGET_NUM_PEERS);
3146 config.num_offload_peers = __cpu_to_le32(TARGET_NUM_OFFLOAD_PEERS); 3189 config.num_offload_peers = __cpu_to_le32(TARGET_NUM_OFFLOAD_PEERS);
3147 3190
3148 config.num_offload_reorder_bufs = 3191 config.num_offload_reorder_bufs =
diff --git a/drivers/net/wireless/ath/ath10k/wmi.h b/drivers/net/wireless/ath/ath10k/wmi.h
index a38d788a6101..21391929d318 100644
--- a/drivers/net/wireless/ath/ath10k/wmi.h
+++ b/drivers/net/wireless/ath/ath10k/wmi.h
@@ -222,128 +222,131 @@ static inline char *wmi_service_name(int service_id)
222#undef SVCSTR 222#undef SVCSTR
223} 223}
224 224
225#define WMI_SERVICE_IS_ENABLED(wmi_svc_bmap, svc_id) \ 225#define WMI_SERVICE_IS_ENABLED(wmi_svc_bmap, svc_id, len) \
226 (__le32_to_cpu((wmi_svc_bmap)[(svc_id)/(sizeof(u32))]) & \ 226 ((svc_id) < (len) && \
227 __le32_to_cpu((wmi_svc_bmap)[(svc_id)/(sizeof(u32))]) & \
227 BIT((svc_id)%(sizeof(u32)))) 228 BIT((svc_id)%(sizeof(u32))))
228 229
229#define SVCMAP(x, y) \ 230#define SVCMAP(x, y, len) \
230 do { \ 231 do { \
231 if (WMI_SERVICE_IS_ENABLED((in), (x))) \ 232 if (WMI_SERVICE_IS_ENABLED((in), (x), (len))) \
232 __set_bit(y, out); \ 233 __set_bit(y, out); \
233 } while (0) 234 } while (0)
234 235
235static inline void wmi_10x_svc_map(const __le32 *in, unsigned long *out) 236static inline void wmi_10x_svc_map(const __le32 *in, unsigned long *out,
237 size_t len)
236{ 238{
237 SVCMAP(WMI_10X_SERVICE_BEACON_OFFLOAD, 239 SVCMAP(WMI_10X_SERVICE_BEACON_OFFLOAD,
238 WMI_SERVICE_BEACON_OFFLOAD); 240 WMI_SERVICE_BEACON_OFFLOAD, len);
239 SVCMAP(WMI_10X_SERVICE_SCAN_OFFLOAD, 241 SVCMAP(WMI_10X_SERVICE_SCAN_OFFLOAD,
240 WMI_SERVICE_SCAN_OFFLOAD); 242 WMI_SERVICE_SCAN_OFFLOAD, len);
241 SVCMAP(WMI_10X_SERVICE_ROAM_OFFLOAD, 243 SVCMAP(WMI_10X_SERVICE_ROAM_OFFLOAD,
242 WMI_SERVICE_ROAM_OFFLOAD); 244 WMI_SERVICE_ROAM_OFFLOAD, len);
243 SVCMAP(WMI_10X_SERVICE_BCN_MISS_OFFLOAD, 245 SVCMAP(WMI_10X_SERVICE_BCN_MISS_OFFLOAD,
244 WMI_SERVICE_BCN_MISS_OFFLOAD); 246 WMI_SERVICE_BCN_MISS_OFFLOAD, len);
245 SVCMAP(WMI_10X_SERVICE_STA_PWRSAVE, 247 SVCMAP(WMI_10X_SERVICE_STA_PWRSAVE,
246 WMI_SERVICE_STA_PWRSAVE); 248 WMI_SERVICE_STA_PWRSAVE, len);
247 SVCMAP(WMI_10X_SERVICE_STA_ADVANCED_PWRSAVE, 249 SVCMAP(WMI_10X_SERVICE_STA_ADVANCED_PWRSAVE,
248 WMI_SERVICE_STA_ADVANCED_PWRSAVE); 250 WMI_SERVICE_STA_ADVANCED_PWRSAVE, len);
249 SVCMAP(WMI_10X_SERVICE_AP_UAPSD, 251 SVCMAP(WMI_10X_SERVICE_AP_UAPSD,
250 WMI_SERVICE_AP_UAPSD); 252 WMI_SERVICE_AP_UAPSD, len);
251 SVCMAP(WMI_10X_SERVICE_AP_DFS, 253 SVCMAP(WMI_10X_SERVICE_AP_DFS,
252 WMI_SERVICE_AP_DFS); 254 WMI_SERVICE_AP_DFS, len);
253 SVCMAP(WMI_10X_SERVICE_11AC, 255 SVCMAP(WMI_10X_SERVICE_11AC,
254 WMI_SERVICE_11AC); 256 WMI_SERVICE_11AC, len);
255 SVCMAP(WMI_10X_SERVICE_BLOCKACK, 257 SVCMAP(WMI_10X_SERVICE_BLOCKACK,
256 WMI_SERVICE_BLOCKACK); 258 WMI_SERVICE_BLOCKACK, len);
257 SVCMAP(WMI_10X_SERVICE_PHYERR, 259 SVCMAP(WMI_10X_SERVICE_PHYERR,
258 WMI_SERVICE_PHYERR); 260 WMI_SERVICE_PHYERR, len);
259 SVCMAP(WMI_10X_SERVICE_BCN_FILTER, 261 SVCMAP(WMI_10X_SERVICE_BCN_FILTER,
260 WMI_SERVICE_BCN_FILTER); 262 WMI_SERVICE_BCN_FILTER, len);
261 SVCMAP(WMI_10X_SERVICE_RTT, 263 SVCMAP(WMI_10X_SERVICE_RTT,
262 WMI_SERVICE_RTT); 264 WMI_SERVICE_RTT, len);
263 SVCMAP(WMI_10X_SERVICE_RATECTRL, 265 SVCMAP(WMI_10X_SERVICE_RATECTRL,
264 WMI_SERVICE_RATECTRL); 266 WMI_SERVICE_RATECTRL, len);
265 SVCMAP(WMI_10X_SERVICE_WOW, 267 SVCMAP(WMI_10X_SERVICE_WOW,
266 WMI_SERVICE_WOW); 268 WMI_SERVICE_WOW, len);
267 SVCMAP(WMI_10X_SERVICE_RATECTRL_CACHE, 269 SVCMAP(WMI_10X_SERVICE_RATECTRL_CACHE,
268 WMI_SERVICE_RATECTRL_CACHE); 270 WMI_SERVICE_RATECTRL_CACHE, len);
269 SVCMAP(WMI_10X_SERVICE_IRAM_TIDS, 271 SVCMAP(WMI_10X_SERVICE_IRAM_TIDS,
270 WMI_SERVICE_IRAM_TIDS); 272 WMI_SERVICE_IRAM_TIDS, len);
271 SVCMAP(WMI_10X_SERVICE_BURST, 273 SVCMAP(WMI_10X_SERVICE_BURST,
272 WMI_SERVICE_BURST); 274 WMI_SERVICE_BURST, len);
273 SVCMAP(WMI_10X_SERVICE_SMART_ANTENNA_SW_SUPPORT, 275 SVCMAP(WMI_10X_SERVICE_SMART_ANTENNA_SW_SUPPORT,
274 WMI_SERVICE_SMART_ANTENNA_SW_SUPPORT); 276 WMI_SERVICE_SMART_ANTENNA_SW_SUPPORT, len);
275 SVCMAP(WMI_10X_SERVICE_FORCE_FW_HANG, 277 SVCMAP(WMI_10X_SERVICE_FORCE_FW_HANG,
276 WMI_SERVICE_FORCE_FW_HANG); 278 WMI_SERVICE_FORCE_FW_HANG, len);
277 SVCMAP(WMI_10X_SERVICE_SMART_ANTENNA_HW_SUPPORT, 279 SVCMAP(WMI_10X_SERVICE_SMART_ANTENNA_HW_SUPPORT,
278 WMI_SERVICE_SMART_ANTENNA_HW_SUPPORT); 280 WMI_SERVICE_SMART_ANTENNA_HW_SUPPORT, len);
279} 281}
280 282
281static inline void wmi_main_svc_map(const __le32 *in, unsigned long *out) 283static inline void wmi_main_svc_map(const __le32 *in, unsigned long *out,
284 size_t len)
282{ 285{
283 SVCMAP(WMI_MAIN_SERVICE_BEACON_OFFLOAD, 286 SVCMAP(WMI_MAIN_SERVICE_BEACON_OFFLOAD,
284 WMI_SERVICE_BEACON_OFFLOAD); 287 WMI_SERVICE_BEACON_OFFLOAD, len);
285 SVCMAP(WMI_MAIN_SERVICE_SCAN_OFFLOAD, 288 SVCMAP(WMI_MAIN_SERVICE_SCAN_OFFLOAD,
286 WMI_SERVICE_SCAN_OFFLOAD); 289 WMI_SERVICE_SCAN_OFFLOAD, len);
287 SVCMAP(WMI_MAIN_SERVICE_ROAM_OFFLOAD, 290 SVCMAP(WMI_MAIN_SERVICE_ROAM_OFFLOAD,
288 WMI_SERVICE_ROAM_OFFLOAD); 291 WMI_SERVICE_ROAM_OFFLOAD, len);
289 SVCMAP(WMI_MAIN_SERVICE_BCN_MISS_OFFLOAD, 292 SVCMAP(WMI_MAIN_SERVICE_BCN_MISS_OFFLOAD,
290 WMI_SERVICE_BCN_MISS_OFFLOAD); 293 WMI_SERVICE_BCN_MISS_OFFLOAD, len);
291 SVCMAP(WMI_MAIN_SERVICE_STA_PWRSAVE, 294 SVCMAP(WMI_MAIN_SERVICE_STA_PWRSAVE,
292 WMI_SERVICE_STA_PWRSAVE); 295 WMI_SERVICE_STA_PWRSAVE, len);
293 SVCMAP(WMI_MAIN_SERVICE_STA_ADVANCED_PWRSAVE, 296 SVCMAP(WMI_MAIN_SERVICE_STA_ADVANCED_PWRSAVE,
294 WMI_SERVICE_STA_ADVANCED_PWRSAVE); 297 WMI_SERVICE_STA_ADVANCED_PWRSAVE, len);
295 SVCMAP(WMI_MAIN_SERVICE_AP_UAPSD, 298 SVCMAP(WMI_MAIN_SERVICE_AP_UAPSD,
296 WMI_SERVICE_AP_UAPSD); 299 WMI_SERVICE_AP_UAPSD, len);
297 SVCMAP(WMI_MAIN_SERVICE_AP_DFS, 300 SVCMAP(WMI_MAIN_SERVICE_AP_DFS,
298 WMI_SERVICE_AP_DFS); 301 WMI_SERVICE_AP_DFS, len);
299 SVCMAP(WMI_MAIN_SERVICE_11AC, 302 SVCMAP(WMI_MAIN_SERVICE_11AC,
300 WMI_SERVICE_11AC); 303 WMI_SERVICE_11AC, len);
301 SVCMAP(WMI_MAIN_SERVICE_BLOCKACK, 304 SVCMAP(WMI_MAIN_SERVICE_BLOCKACK,
302 WMI_SERVICE_BLOCKACK); 305 WMI_SERVICE_BLOCKACK, len);
303 SVCMAP(WMI_MAIN_SERVICE_PHYERR, 306 SVCMAP(WMI_MAIN_SERVICE_PHYERR,
304 WMI_SERVICE_PHYERR); 307 WMI_SERVICE_PHYERR, len);
305 SVCMAP(WMI_MAIN_SERVICE_BCN_FILTER, 308 SVCMAP(WMI_MAIN_SERVICE_BCN_FILTER,
306 WMI_SERVICE_BCN_FILTER); 309 WMI_SERVICE_BCN_FILTER, len);
307 SVCMAP(WMI_MAIN_SERVICE_RTT, 310 SVCMAP(WMI_MAIN_SERVICE_RTT,
308 WMI_SERVICE_RTT); 311 WMI_SERVICE_RTT, len);
309 SVCMAP(WMI_MAIN_SERVICE_RATECTRL, 312 SVCMAP(WMI_MAIN_SERVICE_RATECTRL,
310 WMI_SERVICE_RATECTRL); 313 WMI_SERVICE_RATECTRL, len);
311 SVCMAP(WMI_MAIN_SERVICE_WOW, 314 SVCMAP(WMI_MAIN_SERVICE_WOW,
312 WMI_SERVICE_WOW); 315 WMI_SERVICE_WOW, len);
313 SVCMAP(WMI_MAIN_SERVICE_RATECTRL_CACHE, 316 SVCMAP(WMI_MAIN_SERVICE_RATECTRL_CACHE,
314 WMI_SERVICE_RATECTRL_CACHE); 317 WMI_SERVICE_RATECTRL_CACHE, len);
315 SVCMAP(WMI_MAIN_SERVICE_IRAM_TIDS, 318 SVCMAP(WMI_MAIN_SERVICE_IRAM_TIDS,
316 WMI_SERVICE_IRAM_TIDS); 319 WMI_SERVICE_IRAM_TIDS, len);
317 SVCMAP(WMI_MAIN_SERVICE_ARPNS_OFFLOAD, 320 SVCMAP(WMI_MAIN_SERVICE_ARPNS_OFFLOAD,
318 WMI_SERVICE_ARPNS_OFFLOAD); 321 WMI_SERVICE_ARPNS_OFFLOAD, len);
319 SVCMAP(WMI_MAIN_SERVICE_NLO, 322 SVCMAP(WMI_MAIN_SERVICE_NLO,
320 WMI_SERVICE_NLO); 323 WMI_SERVICE_NLO, len);
321 SVCMAP(WMI_MAIN_SERVICE_GTK_OFFLOAD, 324 SVCMAP(WMI_MAIN_SERVICE_GTK_OFFLOAD,
322 WMI_SERVICE_GTK_OFFLOAD); 325 WMI_SERVICE_GTK_OFFLOAD, len);
323 SVCMAP(WMI_MAIN_SERVICE_SCAN_SCH, 326 SVCMAP(WMI_MAIN_SERVICE_SCAN_SCH,
324 WMI_SERVICE_SCAN_SCH); 327 WMI_SERVICE_SCAN_SCH, len);
325 SVCMAP(WMI_MAIN_SERVICE_CSA_OFFLOAD, 328 SVCMAP(WMI_MAIN_SERVICE_CSA_OFFLOAD,
326 WMI_SERVICE_CSA_OFFLOAD); 329 WMI_SERVICE_CSA_OFFLOAD, len);
327 SVCMAP(WMI_MAIN_SERVICE_CHATTER, 330 SVCMAP(WMI_MAIN_SERVICE_CHATTER,
328 WMI_SERVICE_CHATTER); 331 WMI_SERVICE_CHATTER, len);
329 SVCMAP(WMI_MAIN_SERVICE_COEX_FREQAVOID, 332 SVCMAP(WMI_MAIN_SERVICE_COEX_FREQAVOID,
330 WMI_SERVICE_COEX_FREQAVOID); 333 WMI_SERVICE_COEX_FREQAVOID, len);
331 SVCMAP(WMI_MAIN_SERVICE_PACKET_POWER_SAVE, 334 SVCMAP(WMI_MAIN_SERVICE_PACKET_POWER_SAVE,
332 WMI_SERVICE_PACKET_POWER_SAVE); 335 WMI_SERVICE_PACKET_POWER_SAVE, len);
333 SVCMAP(WMI_MAIN_SERVICE_FORCE_FW_HANG, 336 SVCMAP(WMI_MAIN_SERVICE_FORCE_FW_HANG,
334 WMI_SERVICE_FORCE_FW_HANG); 337 WMI_SERVICE_FORCE_FW_HANG, len);
335 SVCMAP(WMI_MAIN_SERVICE_GPIO, 338 SVCMAP(WMI_MAIN_SERVICE_GPIO,
336 WMI_SERVICE_GPIO); 339 WMI_SERVICE_GPIO, len);
337 SVCMAP(WMI_MAIN_SERVICE_STA_DTIM_PS_MODULATED_DTIM, 340 SVCMAP(WMI_MAIN_SERVICE_STA_DTIM_PS_MODULATED_DTIM,
338 WMI_SERVICE_STA_DTIM_PS_MODULATED_DTIM); 341 WMI_SERVICE_STA_DTIM_PS_MODULATED_DTIM, len);
339 SVCMAP(WMI_MAIN_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG, 342 SVCMAP(WMI_MAIN_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG,
340 WMI_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG); 343 WMI_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG, len);
341 SVCMAP(WMI_MAIN_SERVICE_STA_UAPSD_VAR_AUTO_TRIG, 344 SVCMAP(WMI_MAIN_SERVICE_STA_UAPSD_VAR_AUTO_TRIG,
342 WMI_SERVICE_STA_UAPSD_VAR_AUTO_TRIG); 345 WMI_SERVICE_STA_UAPSD_VAR_AUTO_TRIG, len);
343 SVCMAP(WMI_MAIN_SERVICE_STA_KEEP_ALIVE, 346 SVCMAP(WMI_MAIN_SERVICE_STA_KEEP_ALIVE,
344 WMI_SERVICE_STA_KEEP_ALIVE); 347 WMI_SERVICE_STA_KEEP_ALIVE, len);
345 SVCMAP(WMI_MAIN_SERVICE_TX_ENCAP, 348 SVCMAP(WMI_MAIN_SERVICE_TX_ENCAP,
346 WMI_SERVICE_TX_ENCAP); 349 WMI_SERVICE_TX_ENCAP, len);
347} 350}
348 351
349#undef SVCMAP 352#undef SVCMAP
@@ -1952,6 +1955,11 @@ struct wmi_ssid_list {
1952#define WLAN_SCAN_PARAMS_MAX_BSSID 4 1955#define WLAN_SCAN_PARAMS_MAX_BSSID 4
1953#define WLAN_SCAN_PARAMS_MAX_IE_LEN 256 1956#define WLAN_SCAN_PARAMS_MAX_IE_LEN 256
1954 1957
1958/* Values lower than this may be refused by some firmware revisions with a scan
1959 * completion with a timedout reason.
1960 */
1961#define WMI_SCAN_CHAN_MIN_TIME_MSEC 40
1962
1955/* Scan priority numbers must be sequential, starting with 0 */ 1963/* Scan priority numbers must be sequential, starting with 0 */
1956enum wmi_scan_priority { 1964enum wmi_scan_priority {
1957 WMI_SCAN_PRIORITY_VERY_LOW = 0, 1965 WMI_SCAN_PRIORITY_VERY_LOW = 0,
@@ -4547,7 +4555,6 @@ struct wmi_dbglog_cfg_cmd {
4547 __le32 config_valid; 4555 __le32 config_valid;
4548} __packed; 4556} __packed;
4549 4557
4550#define ATH10K_RTS_MAX 2347
4551#define ATH10K_FRAGMT_THRESHOLD_MIN 540 4558#define ATH10K_FRAGMT_THRESHOLD_MIN 540
4552#define ATH10K_FRAGMT_THRESHOLD_MAX 2346 4559#define ATH10K_FRAGMT_THRESHOLD_MAX 2346
4553 4560
@@ -4572,6 +4579,7 @@ struct wmi_svc_rdy_ev_arg {
4572 __le32 eeprom_rd; 4579 __le32 eeprom_rd;
4573 __le32 num_mem_reqs; 4580 __le32 num_mem_reqs;
4574 const __le32 *service_map; 4581 const __le32 *service_map;
4582 size_t service_map_len;
4575 const struct wlan_host_mem_req *mem_reqs[WMI_MAX_MEM_REQS]; 4583 const struct wlan_host_mem_req *mem_reqs[WMI_MAX_MEM_REQS];
4576}; 4584};
4577 4585
diff --git a/drivers/net/wireless/ath/ath5k/qcu.c b/drivers/net/wireless/ath/ath5k/qcu.c
index 0583c69d26db..ddaad712c59a 100644
--- a/drivers/net/wireless/ath/ath5k/qcu.c
+++ b/drivers/net/wireless/ath/ath5k/qcu.c
@@ -225,13 +225,7 @@ ath5k_hw_setup_tx_queue(struct ath5k_hw *ah, enum ath5k_tx_queue queue_type,
225 } else { 225 } else {
226 switch (queue_type) { 226 switch (queue_type) {
227 case AR5K_TX_QUEUE_DATA: 227 case AR5K_TX_QUEUE_DATA:
228 for (queue = AR5K_TX_QUEUE_ID_DATA_MIN; 228 queue = queue_info->tqi_subtype;
229 ah->ah_txq[queue].tqi_type !=
230 AR5K_TX_QUEUE_INACTIVE; queue++) {
231
232 if (queue > AR5K_TX_QUEUE_ID_DATA_MAX)
233 return -EINVAL;
234 }
235 break; 229 break;
236 case AR5K_TX_QUEUE_UAPSD: 230 case AR5K_TX_QUEUE_UAPSD:
237 queue = AR5K_TX_QUEUE_ID_UAPSD; 231 queue = AR5K_TX_QUEUE_ID_UAPSD;
diff --git a/drivers/net/wireless/ath/ath9k/ar9002_mac.c b/drivers/net/wireless/ath/ath9k/ar9002_mac.c
index 2a93519f4bdf..f816909d9474 100644
--- a/drivers/net/wireless/ath/ath9k/ar9002_mac.c
+++ b/drivers/net/wireless/ath/ath9k/ar9002_mac.c
@@ -281,7 +281,7 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
281 281
282 ACCESS_ONCE(ads->ds_ctl0) = (i->pkt_len & AR_FrameLen) 282 ACCESS_ONCE(ads->ds_ctl0) = (i->pkt_len & AR_FrameLen)
283 | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0) 283 | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0)
284 | SM(i->txpower, AR_XmitPower0) 284 | SM(i->txpower[0], AR_XmitPower0)
285 | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0) 285 | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0)
286 | (i->flags & ATH9K_TXDESC_INTREQ ? AR_TxIntrReq : 0) 286 | (i->flags & ATH9K_TXDESC_INTREQ ? AR_TxIntrReq : 0)
287 | (i->keyix != ATH9K_TXKEYIX_INVALID ? AR_DestIdxValid : 0) 287 | (i->keyix != ATH9K_TXKEYIX_INVALID ? AR_DestIdxValid : 0)
@@ -307,9 +307,9 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
307 | set11nRateFlags(i->rates, 3) 307 | set11nRateFlags(i->rates, 3)
308 | SM(i->rtscts_rate, AR_RTSCTSRate); 308 | SM(i->rtscts_rate, AR_RTSCTSRate);
309 309
310 ACCESS_ONCE(ads->ds_ctl9) = SM(i->txpower, AR_XmitPower1); 310 ACCESS_ONCE(ads->ds_ctl9) = SM(i->txpower[1], AR_XmitPower1);
311 ACCESS_ONCE(ads->ds_ctl10) = SM(i->txpower, AR_XmitPower2); 311 ACCESS_ONCE(ads->ds_ctl10) = SM(i->txpower[2], AR_XmitPower2);
312 ACCESS_ONCE(ads->ds_ctl11) = SM(i->txpower, AR_XmitPower3); 312 ACCESS_ONCE(ads->ds_ctl11) = SM(i->txpower[3], AR_XmitPower3);
313} 313}
314 314
315static int ar9002_hw_proc_txdesc(struct ath_hw *ah, void *ds, 315static int ar9002_hw_proc_txdesc(struct ath_hw *ah, void *ds,
diff --git a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
index e726e405152c..08225a0067c2 100644
--- a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
+++ b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
@@ -4377,6 +4377,25 @@ static u8 ar9003_hw_eeprom_get_cck_tgt_pwr(struct ath_hw *ah,
4377 targetPowerArray, numPiers); 4377 targetPowerArray, numPiers);
4378} 4378}
4379 4379
4380static void ar9003_hw_selfgen_tpc_txpower(struct ath_hw *ah,
4381 struct ath9k_channel *chan,
4382 u8 *pwr_array)
4383{
4384 u32 val;
4385
4386 /* target power values for self generated frames (ACK,RTS/CTS) */
4387 if (IS_CHAN_2GHZ(chan)) {
4388 val = SM(pwr_array[ALL_TARGET_LEGACY_1L_5L], AR_TPC_ACK) |
4389 SM(pwr_array[ALL_TARGET_LEGACY_1L_5L], AR_TPC_CTS) |
4390 SM(0x3f, AR_TPC_CHIRP) | SM(0x3f, AR_TPC_RPT);
4391 } else {
4392 val = SM(pwr_array[ALL_TARGET_LEGACY_6_24], AR_TPC_ACK) |
4393 SM(pwr_array[ALL_TARGET_LEGACY_6_24], AR_TPC_CTS) |
4394 SM(0x3f, AR_TPC_CHIRP) | SM(0x3f, AR_TPC_RPT);
4395 }
4396 REG_WRITE(ah, AR_TPC, val);
4397}
4398
4380/* Set tx power registers to array of values passed in */ 4399/* Set tx power registers to array of values passed in */
4381static int ar9003_hw_tx_power_regwrite(struct ath_hw *ah, u8 * pPwrArray) 4400static int ar9003_hw_tx_power_regwrite(struct ath_hw *ah, u8 * pPwrArray)
4382{ 4401{
@@ -5312,6 +5331,7 @@ static void ath9k_hw_ar9300_set_txpower(struct ath_hw *ah,
5312 struct ar9300_modal_eep_header *modal_hdr; 5331 struct ar9300_modal_eep_header *modal_hdr;
5313 u8 targetPowerValT2[ar9300RateSize]; 5332 u8 targetPowerValT2[ar9300RateSize];
5314 u8 target_power_val_t2_eep[ar9300RateSize]; 5333 u8 target_power_val_t2_eep[ar9300RateSize];
5334 u8 targetPowerValT2_tpc[ar9300RateSize];
5315 unsigned int i = 0, paprd_scale_factor = 0; 5335 unsigned int i = 0, paprd_scale_factor = 0;
5316 u8 pwr_idx, min_pwridx = 0; 5336 u8 pwr_idx, min_pwridx = 0;
5317 5337
@@ -5363,6 +5383,9 @@ static void ath9k_hw_ar9300_set_txpower(struct ath_hw *ah,
5363 twiceAntennaReduction, 5383 twiceAntennaReduction,
5364 powerLimit); 5384 powerLimit);
5365 5385
5386 memcpy(targetPowerValT2_tpc, targetPowerValT2,
5387 sizeof(targetPowerValT2));
5388
5366 if (ar9003_is_paprd_enabled(ah)) { 5389 if (ar9003_is_paprd_enabled(ah)) {
5367 for (i = 0; i < ar9300RateSize; i++) { 5390 for (i = 0; i < ar9300RateSize; i++) {
5368 if ((ah->paprd_ratemask & (1 << i)) && 5391 if ((ah->paprd_ratemask & (1 << i)) &&
@@ -5396,6 +5419,30 @@ static void ath9k_hw_ar9300_set_txpower(struct ath_hw *ah,
5396 ar9003_hw_tx_power_regwrite(ah, targetPowerValT2); 5419 ar9003_hw_tx_power_regwrite(ah, targetPowerValT2);
5397 ar9003_hw_calibration_apply(ah, chan->channel); 5420 ar9003_hw_calibration_apply(ah, chan->channel);
5398 ar9003_paprd_set_txpower(ah, chan, targetPowerValT2); 5421 ar9003_paprd_set_txpower(ah, chan, targetPowerValT2);
5422
5423 ar9003_hw_selfgen_tpc_txpower(ah, chan, targetPowerValT2);
5424
5425 /* TPC initializations */
5426 if (ah->tpc_enabled) {
5427 u32 val;
5428
5429 ar9003_hw_init_rate_txpower(ah, targetPowerValT2_tpc, chan);
5430
5431 /* Enable TPC */
5432 REG_WRITE(ah, AR_PHY_PWRTX_MAX,
5433 AR_PHY_POWER_TX_RATE_MAX_TPC_ENABLE);
5434 /* Disable per chain power reduction */
5435 val = REG_READ(ah, AR_PHY_POWER_TX_SUB);
5436 if (AR_SREV_9340(ah))
5437 REG_WRITE(ah, AR_PHY_POWER_TX_SUB,
5438 val & 0xFFFFFFC0);
5439 else
5440 REG_WRITE(ah, AR_PHY_POWER_TX_SUB,
5441 val & 0xFFFFF000);
5442 } else {
5443 /* Disable TPC */
5444 REG_WRITE(ah, AR_PHY_PWRTX_MAX, 0);
5445 }
5399} 5446}
5400 5447
5401static u16 ath9k_hw_ar9300_get_spur_channel(struct ath_hw *ah, 5448static u16 ath9k_hw_ar9300_get_spur_channel(struct ath_hw *ah,
diff --git a/drivers/net/wireless/ath/ath9k/ar9003_mac.c b/drivers/net/wireless/ath/ath9k/ar9003_mac.c
index 057b1657c428..da84b705cbcd 100644
--- a/drivers/net/wireless/ath/ath9k/ar9003_mac.c
+++ b/drivers/net/wireless/ath/ath9k/ar9003_mac.c
@@ -101,7 +101,7 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
101 101
102 ACCESS_ONCE(ads->ctl11) = (i->pkt_len & AR_FrameLen) 102 ACCESS_ONCE(ads->ctl11) = (i->pkt_len & AR_FrameLen)
103 | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0) 103 | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0)
104 | SM(i->txpower, AR_XmitPower0) 104 | SM(i->txpower[0], AR_XmitPower0)
105 | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0) 105 | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0)
106 | (i->keyix != ATH9K_TXKEYIX_INVALID ? AR_DestIdxValid : 0) 106 | (i->keyix != ATH9K_TXKEYIX_INVALID ? AR_DestIdxValid : 0)
107 | (i->flags & ATH9K_TXDESC_LOWRXCHAIN ? AR_LowRxChain : 0) 107 | (i->flags & ATH9K_TXDESC_LOWRXCHAIN ? AR_LowRxChain : 0)
@@ -152,9 +152,9 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
152 152
153 ACCESS_ONCE(ads->ctl19) = AR_Not_Sounding; 153 ACCESS_ONCE(ads->ctl19) = AR_Not_Sounding;
154 154
155 ACCESS_ONCE(ads->ctl20) = SM(i->txpower, AR_XmitPower1); 155 ACCESS_ONCE(ads->ctl20) = SM(i->txpower[1], AR_XmitPower1);
156 ACCESS_ONCE(ads->ctl21) = SM(i->txpower, AR_XmitPower2); 156 ACCESS_ONCE(ads->ctl21) = SM(i->txpower[2], AR_XmitPower2);
157 ACCESS_ONCE(ads->ctl22) = SM(i->txpower, AR_XmitPower3); 157 ACCESS_ONCE(ads->ctl22) = SM(i->txpower[3], AR_XmitPower3);
158} 158}
159 159
160static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads) 160static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads)
diff --git a/drivers/net/wireless/ath/ath9k/ar9003_phy.c b/drivers/net/wireless/ath/ath9k/ar9003_phy.c
index 2df6d2ee70c2..ae6cde273414 100644
--- a/drivers/net/wireless/ath/ath9k/ar9003_phy.c
+++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.c
@@ -18,6 +18,21 @@
18#include "hw.h" 18#include "hw.h"
19#include "ar9003_phy.h" 19#include "ar9003_phy.h"
20 20
21#define AR9300_OFDM_RATES 8
22#define AR9300_HT_SS_RATES 8
23#define AR9300_HT_DS_RATES 8
24#define AR9300_HT_TS_RATES 8
25
26#define AR9300_11NA_OFDM_SHIFT 0
27#define AR9300_11NA_HT_SS_SHIFT 8
28#define AR9300_11NA_HT_DS_SHIFT 16
29#define AR9300_11NA_HT_TS_SHIFT 24
30
31#define AR9300_11NG_OFDM_SHIFT 4
32#define AR9300_11NG_HT_SS_SHIFT 12
33#define AR9300_11NG_HT_DS_SHIFT 20
34#define AR9300_11NG_HT_TS_SHIFT 28
35
21static const int firstep_table[] = 36static const int firstep_table[] =
22/* level: 0 1 2 3 4 5 6 7 8 */ 37/* level: 0 1 2 3 4 5 6 7 8 */
23 { -4, -2, 0, 2, 4, 6, 8, 10, 12 }; /* lvl 0-8, default 2 */ 38 { -4, -2, 0, 2, 4, 6, 8, 10, 12 }; /* lvl 0-8, default 2 */
@@ -40,6 +55,71 @@ static const int m2ThreshLowExt_off = 127;
40static const int m1ThreshExt_off = 127; 55static const int m1ThreshExt_off = 127;
41static const int m2ThreshExt_off = 127; 56static const int m2ThreshExt_off = 127;
42 57
58static const u8 ofdm2pwr[] = {
59 ALL_TARGET_LEGACY_6_24,
60 ALL_TARGET_LEGACY_6_24,
61 ALL_TARGET_LEGACY_6_24,
62 ALL_TARGET_LEGACY_6_24,
63 ALL_TARGET_LEGACY_6_24,
64 ALL_TARGET_LEGACY_36,
65 ALL_TARGET_LEGACY_48,
66 ALL_TARGET_LEGACY_54
67};
68
69static const u8 mcs2pwr_ht20[] = {
70 ALL_TARGET_HT20_0_8_16,
71 ALL_TARGET_HT20_1_3_9_11_17_19,
72 ALL_TARGET_HT20_1_3_9_11_17_19,
73 ALL_TARGET_HT20_1_3_9_11_17_19,
74 ALL_TARGET_HT20_4,
75 ALL_TARGET_HT20_5,
76 ALL_TARGET_HT20_6,
77 ALL_TARGET_HT20_7,
78 ALL_TARGET_HT20_0_8_16,
79 ALL_TARGET_HT20_1_3_9_11_17_19,
80 ALL_TARGET_HT20_1_3_9_11_17_19,
81 ALL_TARGET_HT20_1_3_9_11_17_19,
82 ALL_TARGET_HT20_12,
83 ALL_TARGET_HT20_13,
84 ALL_TARGET_HT20_14,
85 ALL_TARGET_HT20_15,
86 ALL_TARGET_HT20_0_8_16,
87 ALL_TARGET_HT20_1_3_9_11_17_19,
88 ALL_TARGET_HT20_1_3_9_11_17_19,
89 ALL_TARGET_HT20_1_3_9_11_17_19,
90 ALL_TARGET_HT20_20,
91 ALL_TARGET_HT20_21,
92 ALL_TARGET_HT20_22,
93 ALL_TARGET_HT20_23
94};
95
96static const u8 mcs2pwr_ht40[] = {
97 ALL_TARGET_HT40_0_8_16,
98 ALL_TARGET_HT40_1_3_9_11_17_19,
99 ALL_TARGET_HT40_1_3_9_11_17_19,
100 ALL_TARGET_HT40_1_3_9_11_17_19,
101 ALL_TARGET_HT40_4,
102 ALL_TARGET_HT40_5,
103 ALL_TARGET_HT40_6,
104 ALL_TARGET_HT40_7,
105 ALL_TARGET_HT40_0_8_16,
106 ALL_TARGET_HT40_1_3_9_11_17_19,
107 ALL_TARGET_HT40_1_3_9_11_17_19,
108 ALL_TARGET_HT40_1_3_9_11_17_19,
109 ALL_TARGET_HT40_12,
110 ALL_TARGET_HT40_13,
111 ALL_TARGET_HT40_14,
112 ALL_TARGET_HT40_15,
113 ALL_TARGET_HT40_0_8_16,
114 ALL_TARGET_HT40_1_3_9_11_17_19,
115 ALL_TARGET_HT40_1_3_9_11_17_19,
116 ALL_TARGET_HT40_1_3_9_11_17_19,
117 ALL_TARGET_HT40_20,
118 ALL_TARGET_HT40_21,
119 ALL_TARGET_HT40_22,
120 ALL_TARGET_HT40_23,
121};
122
43/** 123/**
44 * ar9003_hw_set_channel - set channel on single-chip device 124 * ar9003_hw_set_channel - set channel on single-chip device
45 * @ah: atheros hardware structure 125 * @ah: atheros hardware structure
@@ -1799,6 +1879,100 @@ static void ar9003_hw_tx99_set_txpower(struct ath_hw *ah, u8 txpower)
1799 ATH9K_POW_SM(p_pwr_array[ALL_TARGET_HT40_14], 0)); 1879 ATH9K_POW_SM(p_pwr_array[ALL_TARGET_HT40_14], 0));
1800} 1880}
1801 1881
1882static void ar9003_hw_init_txpower_cck(struct ath_hw *ah, u8 *rate_array)
1883{
1884 ah->tx_power[0] = rate_array[ALL_TARGET_LEGACY_1L_5L];
1885 ah->tx_power[1] = rate_array[ALL_TARGET_LEGACY_1L_5L];
1886 ah->tx_power[2] = min(rate_array[ALL_TARGET_LEGACY_1L_5L],
1887 rate_array[ALL_TARGET_LEGACY_5S]);
1888 ah->tx_power[3] = min(rate_array[ALL_TARGET_LEGACY_11L],
1889 rate_array[ALL_TARGET_LEGACY_11S]);
1890}
1891
1892static void ar9003_hw_init_txpower_ofdm(struct ath_hw *ah, u8 *rate_array,
1893 int offset)
1894{
1895 int i, j;
1896
1897 for (i = offset; i < offset + AR9300_OFDM_RATES; i++) {
1898 /* OFDM rate to power table idx */
1899 j = ofdm2pwr[i - offset];
1900 ah->tx_power[i] = rate_array[j];
1901 }
1902}
1903
1904static void ar9003_hw_init_txpower_ht(struct ath_hw *ah, u8 *rate_array,
1905 int ss_offset, int ds_offset,
1906 int ts_offset, bool is_40)
1907{
1908 int i, j, mcs_idx = 0;
1909 const u8 *mcs2pwr = (is_40) ? mcs2pwr_ht40 : mcs2pwr_ht20;
1910
1911 for (i = ss_offset; i < ss_offset + AR9300_HT_SS_RATES; i++) {
1912 j = mcs2pwr[mcs_idx];
1913 ah->tx_power[i] = rate_array[j];
1914 mcs_idx++;
1915 }
1916
1917 for (i = ds_offset; i < ds_offset + AR9300_HT_DS_RATES; i++) {
1918 j = mcs2pwr[mcs_idx];
1919 ah->tx_power[i] = rate_array[j];
1920 mcs_idx++;
1921 }
1922
1923 for (i = ts_offset; i < ts_offset + AR9300_HT_TS_RATES; i++) {
1924 j = mcs2pwr[mcs_idx];
1925 ah->tx_power[i] = rate_array[j];
1926 mcs_idx++;
1927 }
1928}
1929
1930static void ar9003_hw_init_txpower_stbc(struct ath_hw *ah, int ss_offset,
1931 int ds_offset, int ts_offset)
1932{
1933 memcpy(&ah->tx_power_stbc[ss_offset], &ah->tx_power[ss_offset],
1934 AR9300_HT_SS_RATES);
1935 memcpy(&ah->tx_power_stbc[ds_offset], &ah->tx_power[ds_offset],
1936 AR9300_HT_DS_RATES);
1937 memcpy(&ah->tx_power_stbc[ts_offset], &ah->tx_power[ts_offset],
1938 AR9300_HT_TS_RATES);
1939}
1940
1941void ar9003_hw_init_rate_txpower(struct ath_hw *ah, u8 *rate_array,
1942 struct ath9k_channel *chan)
1943{
1944 if (IS_CHAN_5GHZ(chan)) {
1945 ar9003_hw_init_txpower_ofdm(ah, rate_array,
1946 AR9300_11NA_OFDM_SHIFT);
1947 if (IS_CHAN_HT20(chan) || IS_CHAN_HT40(chan)) {
1948 ar9003_hw_init_txpower_ht(ah, rate_array,
1949 AR9300_11NA_HT_SS_SHIFT,
1950 AR9300_11NA_HT_DS_SHIFT,
1951 AR9300_11NA_HT_TS_SHIFT,
1952 IS_CHAN_HT40(chan));
1953 ar9003_hw_init_txpower_stbc(ah,
1954 AR9300_11NA_HT_SS_SHIFT,
1955 AR9300_11NA_HT_DS_SHIFT,
1956 AR9300_11NA_HT_TS_SHIFT);
1957 }
1958 } else {
1959 ar9003_hw_init_txpower_cck(ah, rate_array);
1960 ar9003_hw_init_txpower_ofdm(ah, rate_array,
1961 AR9300_11NG_OFDM_SHIFT);
1962 if (IS_CHAN_HT20(chan) || IS_CHAN_HT40(chan)) {
1963 ar9003_hw_init_txpower_ht(ah, rate_array,
1964 AR9300_11NG_HT_SS_SHIFT,
1965 AR9300_11NG_HT_DS_SHIFT,
1966 AR9300_11NG_HT_TS_SHIFT,
1967 IS_CHAN_HT40(chan));
1968 ar9003_hw_init_txpower_stbc(ah,
1969 AR9300_11NG_HT_SS_SHIFT,
1970 AR9300_11NG_HT_DS_SHIFT,
1971 AR9300_11NG_HT_TS_SHIFT);
1972 }
1973 }
1974}
1975
1802void ar9003_hw_attach_phy_ops(struct ath_hw *ah) 1976void ar9003_hw_attach_phy_ops(struct ath_hw *ah)
1803{ 1977{
1804 struct ath_hw_private_ops *priv_ops = ath9k_hw_private_ops(ah); 1978 struct ath_hw_private_ops *priv_ops = ath9k_hw_private_ops(ah);
diff --git a/drivers/net/wireless/ath/ath9k/ath9k.h b/drivers/net/wireless/ath/ath9k/ath9k.h
index abe8bd6b972d..1a9fe0983a6b 100644
--- a/drivers/net/wireless/ath/ath9k/ath9k.h
+++ b/drivers/net/wireless/ath/ath9k/ath9k.h
@@ -189,6 +189,7 @@ struct ath_frame_info {
189 u8 rtscts_rate; 189 u8 rtscts_rate;
190 u8 retries : 7; 190 u8 retries : 7;
191 u8 baw_tracked : 1; 191 u8 baw_tracked : 1;
192 u8 tx_power;
192}; 193};
193 194
194struct ath_rxbuf { 195struct ath_rxbuf {
diff --git a/drivers/net/wireless/ath/ath9k/beacon.c b/drivers/net/wireless/ath/ath9k/beacon.c
index ecb783beeec2..cb366adc820b 100644
--- a/drivers/net/wireless/ath/ath9k/beacon.c
+++ b/drivers/net/wireless/ath/ath9k/beacon.c
@@ -78,7 +78,7 @@ static void ath9k_beacon_setup(struct ath_softc *sc, struct ieee80211_vif *vif,
78 struct ath_tx_info info; 78 struct ath_tx_info info;
79 struct ieee80211_supported_band *sband; 79 struct ieee80211_supported_band *sband;
80 u8 chainmask = ah->txchainmask; 80 u8 chainmask = ah->txchainmask;
81 u8 rate = 0; 81 u8 i, rate = 0;
82 82
83 sband = &common->sbands[sc->cur_chandef.chan->band]; 83 sband = &common->sbands[sc->cur_chandef.chan->band];
84 rate = sband->bitrates[rateidx].hw_value; 84 rate = sband->bitrates[rateidx].hw_value;
@@ -88,7 +88,8 @@ static void ath9k_beacon_setup(struct ath_softc *sc, struct ieee80211_vif *vif,
88 memset(&info, 0, sizeof(info)); 88 memset(&info, 0, sizeof(info));
89 info.pkt_len = skb->len + FCS_LEN; 89 info.pkt_len = skb->len + FCS_LEN;
90 info.type = ATH9K_PKT_TYPE_BEACON; 90 info.type = ATH9K_PKT_TYPE_BEACON;
91 info.txpower = MAX_RATE_POWER; 91 for (i = 0; i < 4; i++)
92 info.txpower[i] = MAX_RATE_POWER;
92 info.keyix = ATH9K_TXKEYIX_INVALID; 93 info.keyix = ATH9K_TXKEYIX_INVALID;
93 info.keytype = ATH9K_KEY_TYPE_CLEAR; 94 info.keytype = ATH9K_KEY_TYPE_CLEAR;
94 info.flags = ATH9K_TXDESC_NOACK | ATH9K_TXDESC_CLRDMASK; 95 info.flags = ATH9K_TXDESC_NOACK | ATH9K_TXDESC_CLRDMASK;
diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h
index 4cf9e0ac0743..1cbd33551513 100644
--- a/drivers/net/wireless/ath/ath9k/hw.h
+++ b/drivers/net/wireless/ath/ath9k/hw.h
@@ -217,8 +217,8 @@
217#define AH_WOW_BEACON_MISS BIT(3) 217#define AH_WOW_BEACON_MISS BIT(3)
218 218
219enum ath_hw_txq_subtype { 219enum ath_hw_txq_subtype {
220 ATH_TXQ_AC_BE = 0, 220 ATH_TXQ_AC_BK = 0,
221 ATH_TXQ_AC_BK = 1, 221 ATH_TXQ_AC_BE = 1,
222 ATH_TXQ_AC_VI = 2, 222 ATH_TXQ_AC_VI = 2,
223 ATH_TXQ_AC_VO = 3, 223 ATH_TXQ_AC_VO = 3,
224}; 224};
@@ -940,6 +940,10 @@ struct ath_hw {
940 const struct firmware *eeprom_blob; 940 const struct firmware *eeprom_blob;
941 941
942 struct ath_dynack dynack; 942 struct ath_dynack dynack;
943
944 bool tpc_enabled;
945 u8 tx_power[Ar5416RateSize];
946 u8 tx_power_stbc[Ar5416RateSize];
943}; 947};
944 948
945struct ath_bus_ops { 949struct ath_bus_ops {
@@ -1080,6 +1084,8 @@ int ar9003_paprd_init_table(struct ath_hw *ah);
1080bool ar9003_paprd_is_done(struct ath_hw *ah); 1084bool ar9003_paprd_is_done(struct ath_hw *ah);
1081bool ar9003_is_paprd_enabled(struct ath_hw *ah); 1085bool ar9003_is_paprd_enabled(struct ath_hw *ah);
1082void ar9003_hw_set_chain_masks(struct ath_hw *ah, u8 rx, u8 tx); 1086void ar9003_hw_set_chain_masks(struct ath_hw *ah, u8 rx, u8 tx);
1087void ar9003_hw_init_rate_txpower(struct ath_hw *ah, u8 *rate_array,
1088 struct ath9k_channel *chan);
1083 1089
1084/* Hardware family op attach helpers */ 1090/* Hardware family op attach helpers */
1085int ar5008_hw_attach_phy_ops(struct ath_hw *ah); 1091int ar5008_hw_attach_phy_ops(struct ath_hw *ah);
diff --git a/drivers/net/wireless/ath/ath9k/init.c b/drivers/net/wireless/ath/ath9k/init.c
index 59d679cebc89..d1c39346b264 100644
--- a/drivers/net/wireless/ath/ath9k/init.c
+++ b/drivers/net/wireless/ath/ath9k/init.c
@@ -532,10 +532,14 @@ static int ath9k_init_softc(u16 devid, struct ath_softc *sc,
532 ah->reg_ops.read = ath9k_ioread32; 532 ah->reg_ops.read = ath9k_ioread32;
533 ah->reg_ops.write = ath9k_iowrite32; 533 ah->reg_ops.write = ath9k_iowrite32;
534 ah->reg_ops.rmw = ath9k_reg_rmw; 534 ah->reg_ops.rmw = ath9k_reg_rmw;
535 sc->sc_ah = ah;
536 pCap = &ah->caps; 535 pCap = &ah->caps;
537 536
538 common = ath9k_hw_common(ah); 537 common = ath9k_hw_common(ah);
538
539 /* Will be cleared in ath9k_start() */
540 set_bit(ATH_OP_INVALID, &common->op_flags);
541
542 sc->sc_ah = ah;
539 sc->dfs_detector = dfs_pattern_detector_init(common, NL80211_DFS_UNSET); 543 sc->dfs_detector = dfs_pattern_detector_init(common, NL80211_DFS_UNSET);
540 sc->tx99_power = MAX_RATE_POWER + 1; 544 sc->tx99_power = MAX_RATE_POWER + 1;
541 init_waitqueue_head(&sc->tx_wait); 545 init_waitqueue_head(&sc->tx_wait);
@@ -896,9 +900,6 @@ int ath9k_init_device(u16 devid, struct ath_softc *sc,
896 common = ath9k_hw_common(ah); 900 common = ath9k_hw_common(ah);
897 ath9k_set_hw_capab(sc, hw); 901 ath9k_set_hw_capab(sc, hw);
898 902
899 /* Will be cleared in ath9k_start() */
900 set_bit(ATH_OP_INVALID, &common->op_flags);
901
902 /* Initialize regulatory */ 903 /* Initialize regulatory */
903 error = ath_regd_init(&common->regulatory, sc->hw->wiphy, 904 error = ath_regd_init(&common->regulatory, sc->hw->wiphy,
904 ath9k_reg_notifier); 905 ath9k_reg_notifier);
diff --git a/drivers/net/wireless/ath/ath9k/mac.c b/drivers/net/wireless/ath/ath9k/mac.c
index 275205ab5f15..3e58bfa0c1fd 100644
--- a/drivers/net/wireless/ath/ath9k/mac.c
+++ b/drivers/net/wireless/ath/ath9k/mac.c
@@ -311,14 +311,7 @@ int ath9k_hw_setuptxqueue(struct ath_hw *ah, enum ath9k_tx_queue type,
311 q = ATH9K_NUM_TX_QUEUES - 3; 311 q = ATH9K_NUM_TX_QUEUES - 3;
312 break; 312 break;
313 case ATH9K_TX_QUEUE_DATA: 313 case ATH9K_TX_QUEUE_DATA:
314 for (q = 0; q < ATH9K_NUM_TX_QUEUES; q++) 314 q = qinfo->tqi_subtype;
315 if (ah->txq[q].tqi_type ==
316 ATH9K_TX_QUEUE_INACTIVE)
317 break;
318 if (q == ATH9K_NUM_TX_QUEUES) {
319 ath_err(common, "No available TX queue\n");
320 return -1;
321 }
322 break; 315 break;
323 default: 316 default:
324 ath_err(common, "Invalid TX queue type: %u\n", type); 317 ath_err(common, "Invalid TX queue type: %u\n", type);
diff --git a/drivers/net/wireless/ath/ath9k/mac.h b/drivers/net/wireless/ath/ath9k/mac.h
index aa69ceaad0be..e55fa11894b6 100644
--- a/drivers/net/wireless/ath/ath9k/mac.h
+++ b/drivers/net/wireless/ath/ath9k/mac.h
@@ -704,7 +704,7 @@ struct ath_tx_info {
704 enum ath9k_pkt_type type; 704 enum ath9k_pkt_type type;
705 enum ath9k_key_type keytype; 705 enum ath9k_key_type keytype;
706 u8 keyix; 706 u8 keyix;
707 u8 txpower; 707 u8 txpower[4];
708}; 708};
709 709
710struct ath_hw; 710struct ath_hw;
diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c
index ebbbfc7a193b..9a72640237cb 100644
--- a/drivers/net/wireless/ath/ath9k/main.c
+++ b/drivers/net/wireless/ath/ath9k/main.c
@@ -512,16 +512,13 @@ irqreturn_t ath_isr(int irq, void *dev)
512 if (!ah || test_bit(ATH_OP_INVALID, &common->op_flags)) 512 if (!ah || test_bit(ATH_OP_INVALID, &common->op_flags))
513 return IRQ_NONE; 513 return IRQ_NONE;
514 514
515 /* shared irq, not for us */ 515 if (!AR_SREV_9100(ah) && test_bit(ATH_OP_HW_RESET, &common->op_flags))
516 return IRQ_NONE;
516 517
518 /* shared irq, not for us */
517 if (!ath9k_hw_intrpend(ah)) 519 if (!ath9k_hw_intrpend(ah))
518 return IRQ_NONE; 520 return IRQ_NONE;
519 521
520 if (test_bit(ATH_OP_HW_RESET, &common->op_flags)) {
521 ath9k_hw_kill_interrupts(ah);
522 return IRQ_HANDLED;
523 }
524
525 /* 522 /*
526 * Figure out the reason(s) for the interrupt. Note 523 * Figure out the reason(s) for the interrupt. Note
527 * that the hal returns a pseudo-ISR that may include 524 * that the hal returns a pseudo-ISR that may include
@@ -532,6 +529,9 @@ irqreturn_t ath_isr(int irq, void *dev)
532 ath9k_debug_sync_cause(sc, sync_cause); 529 ath9k_debug_sync_cause(sc, sync_cause);
533 status &= ah->imask; /* discard unasked-for bits */ 530 status &= ah->imask; /* discard unasked-for bits */
534 531
532 if (AR_SREV_9100(ah) && test_bit(ATH_OP_HW_RESET, &common->op_flags))
533 return IRQ_HANDLED;
534
535 /* 535 /*
536 * If there are no status bits set, then this interrupt was not 536 * If there are no status bits set, then this interrupt was not
537 * for me (should have been caught above). 537 * for me (should have been caught above).
@@ -613,6 +613,7 @@ int ath_reset(struct ath_softc *sc, struct ath9k_channel *hchan)
613 struct ath_common *common = ath9k_hw_common(sc->sc_ah); 613 struct ath_common *common = ath9k_hw_common(sc->sc_ah);
614 int r; 614 int r;
615 615
616 ath9k_hw_kill_interrupts(sc->sc_ah);
616 set_bit(ATH_OP_HW_RESET, &common->op_flags); 617 set_bit(ATH_OP_HW_RESET, &common->op_flags);
617 618
618 ath9k_ps_wakeup(sc); 619 ath9k_ps_wakeup(sc);
@@ -633,6 +634,7 @@ void ath9k_queue_reset(struct ath_softc *sc, enum ath_reset_type type)
633#ifdef CONFIG_ATH9K_DEBUGFS 634#ifdef CONFIG_ATH9K_DEBUGFS
634 RESET_STAT_INC(sc, type); 635 RESET_STAT_INC(sc, type);
635#endif 636#endif
637 ath9k_hw_kill_interrupts(sc->sc_ah);
636 set_bit(ATH_OP_HW_RESET, &common->op_flags); 638 set_bit(ATH_OP_HW_RESET, &common->op_flags);
637 ieee80211_queue_work(sc->hw, &sc->hw_reset_work); 639 ieee80211_queue_work(sc->hw, &sc->hw_reset_work);
638} 640}
@@ -887,6 +889,9 @@ static void ath9k_stop(struct ieee80211_hw *hw)
887 &sc->cur_chan->chandef); 889 &sc->cur_chan->chandef);
888 890
889 ath9k_hw_reset(ah, ah->curchan, ah->caldata, false); 891 ath9k_hw_reset(ah, ah->curchan, ah->caldata, false);
892
893 set_bit(ATH_OP_INVALID, &common->op_flags);
894
890 ath9k_hw_phy_disable(ah); 895 ath9k_hw_phy_disable(ah);
891 896
892 ath9k_hw_configpcipowersave(ah, true); 897 ath9k_hw_configpcipowersave(ah, true);
@@ -895,7 +900,6 @@ static void ath9k_stop(struct ieee80211_hw *hw)
895 900
896 ath9k_ps_restore(sc); 901 ath9k_ps_restore(sc);
897 902
898 set_bit(ATH_OP_INVALID, &common->op_flags);
899 sc->ps_idle = prev_idle; 903 sc->ps_idle = prev_idle;
900 904
901 mutex_unlock(&sc->mutex); 905 mutex_unlock(&sc->mutex);
diff --git a/drivers/net/wireless/ath/ath9k/reg.h b/drivers/net/wireless/ath/ath9k/reg.h
index ced36b475acc..fb11a9172f38 100644
--- a/drivers/net/wireless/ath/ath9k/reg.h
+++ b/drivers/net/wireless/ath/ath9k/reg.h
@@ -1724,6 +1724,8 @@ enum {
1724#define AR_TPC_CTS_S 8 1724#define AR_TPC_CTS_S 8
1725#define AR_TPC_CHIRP 0x003f0000 1725#define AR_TPC_CHIRP 0x003f0000
1726#define AR_TPC_CHIRP_S 16 1726#define AR_TPC_CHIRP_S 16
1727#define AR_TPC_RPT 0x3f000000
1728#define AR_TPC_RPT_S 24
1727 1729
1728#define AR_QUIET1 0x80fc 1730#define AR_QUIET1 0x80fc
1729#define AR_QUIET1_NEXT_QUIET_S 0 1731#define AR_QUIET1_NEXT_QUIET_S 0
diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c
index d6e54a3c88f6..e9bd02c2e844 100644
--- a/drivers/net/wireless/ath/ath9k/xmit.c
+++ b/drivers/net/wireless/ath/ath9k/xmit.c
@@ -1096,6 +1096,37 @@ void ath_update_max_aggr_framelen(struct ath_softc *sc, int queue, int txop)
1096 } 1096 }
1097} 1097}
1098 1098
1099static u8 ath_get_rate_txpower(struct ath_softc *sc, struct ath_buf *bf,
1100 u8 rateidx)
1101{
1102 u8 max_power;
1103 struct ath_hw *ah = sc->sc_ah;
1104
1105 if (sc->tx99_state)
1106 return MAX_RATE_POWER;
1107
1108 if (!AR_SREV_9300_20_OR_LATER(ah)) {
1109 /* ar9002 is not sipported for the moment */
1110 return MAX_RATE_POWER;
1111 }
1112
1113 if (!bf->bf_state.bfs_paprd) {
1114 struct sk_buff *skb = bf->bf_mpdu;
1115 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1116 struct ath_frame_info *fi = get_frame_info(skb);
1117
1118 if (rateidx < 8 && (info->flags & IEEE80211_TX_CTL_STBC))
1119 max_power = min(ah->tx_power_stbc[rateidx],
1120 fi->tx_power);
1121 else
1122 max_power = min(ah->tx_power[rateidx], fi->tx_power);
1123 } else {
1124 max_power = ah->paprd_training_power;
1125 }
1126
1127 return max_power;
1128}
1129
1099static void ath_buf_set_rate(struct ath_softc *sc, struct ath_buf *bf, 1130static void ath_buf_set_rate(struct ath_softc *sc, struct ath_buf *bf,
1100 struct ath_tx_info *info, int len, bool rts) 1131 struct ath_tx_info *info, int len, bool rts)
1101{ 1132{
@@ -1166,6 +1197,8 @@ static void ath_buf_set_rate(struct ath_softc *sc, struct ath_buf *bf,
1166 is_40, is_sgi, is_sp); 1197 is_40, is_sgi, is_sp);
1167 if (rix < 8 && (tx_info->flags & IEEE80211_TX_CTL_STBC)) 1198 if (rix < 8 && (tx_info->flags & IEEE80211_TX_CTL_STBC))
1168 info->rates[i].RateFlags |= ATH9K_RATESERIES_STBC; 1199 info->rates[i].RateFlags |= ATH9K_RATESERIES_STBC;
1200
1201 info->txpower[i] = ath_get_rate_txpower(sc, bf, rix);
1169 continue; 1202 continue;
1170 } 1203 }
1171 1204
@@ -1193,6 +1226,8 @@ static void ath_buf_set_rate(struct ath_softc *sc, struct ath_buf *bf,
1193 1226
1194 info->rates[i].PktDuration = ath9k_hw_computetxtime(sc->sc_ah, 1227 info->rates[i].PktDuration = ath9k_hw_computetxtime(sc->sc_ah,
1195 phy, rate->bitrate * 100, len, rix, is_sp); 1228 phy, rate->bitrate * 100, len, rix, is_sp);
1229
1230 info->txpower[i] = ath_get_rate_txpower(sc, bf, rix);
1196 } 1231 }
1197 1232
1198 /* For AR5416 - RTS cannot be followed by a frame larger than 8K */ 1233 /* For AR5416 - RTS cannot be followed by a frame larger than 8K */
@@ -1239,7 +1274,6 @@ static void ath_tx_fill_desc(struct ath_softc *sc, struct ath_buf *bf,
1239 memset(&info, 0, sizeof(info)); 1274 memset(&info, 0, sizeof(info));
1240 info.is_first = true; 1275 info.is_first = true;
1241 info.is_last = true; 1276 info.is_last = true;
1242 info.txpower = MAX_RATE_POWER;
1243 info.qcu = txq->axq_qnum; 1277 info.qcu = txq->axq_qnum;
1244 1278
1245 while (bf) { 1279 while (bf) {
@@ -2063,6 +2097,7 @@ static void setup_frame_info(struct ieee80211_hw *hw,
2063 fi->keyix = ATH9K_TXKEYIX_INVALID; 2097 fi->keyix = ATH9K_TXKEYIX_INVALID;
2064 fi->keytype = keytype; 2098 fi->keytype = keytype;
2065 fi->framelen = framelen; 2099 fi->framelen = framelen;
2100 fi->tx_power = MAX_RATE_POWER;
2066 2101
2067 if (!rate) 2102 if (!rate)
2068 return; 2103 return;
diff --git a/drivers/net/wireless/ath/dfs_pattern_detector.c b/drivers/net/wireless/ath/dfs_pattern_detector.c
index 650be79c7ac9..cfd0554cf140 100644
--- a/drivers/net/wireless/ath/dfs_pattern_detector.c
+++ b/drivers/net/wireless/ath/dfs_pattern_detector.c
@@ -86,7 +86,7 @@ static const struct radar_detector_specs fcc_radar_ref_types[] = {
86 FCC_PATTERN(1, 0, 5, 150, 230, 1, 23), 86 FCC_PATTERN(1, 0, 5, 150, 230, 1, 23),
87 FCC_PATTERN(2, 6, 10, 200, 500, 1, 16), 87 FCC_PATTERN(2, 6, 10, 200, 500, 1, 16),
88 FCC_PATTERN(3, 11, 20, 200, 500, 1, 12), 88 FCC_PATTERN(3, 11, 20, 200, 500, 1, 12),
89 FCC_PATTERN(4, 50, 100, 1000, 2000, 20, 1), 89 FCC_PATTERN(4, 50, 100, 1000, 2000, 1, 20),
90 FCC_PATTERN(5, 0, 1, 333, 333, 1, 9), 90 FCC_PATTERN(5, 0, 1, 333, 333, 1, 9),
91}; 91};
92 92
@@ -105,7 +105,7 @@ static const struct radar_detector_specs jp_radar_ref_types[] = {
105 JP_PATTERN(4, 0, 5, 150, 230, 1, 23), 105 JP_PATTERN(4, 0, 5, 150, 230, 1, 23),
106 JP_PATTERN(5, 6, 10, 200, 500, 1, 16), 106 JP_PATTERN(5, 6, 10, 200, 500, 1, 16),
107 JP_PATTERN(6, 11, 20, 200, 500, 1, 12), 107 JP_PATTERN(6, 11, 20, 200, 500, 1, 12),
108 JP_PATTERN(7, 50, 100, 1000, 2000, 20, 1), 108 JP_PATTERN(7, 50, 100, 1000, 2000, 1, 20),
109 JP_PATTERN(5, 0, 1, 333, 333, 1, 9), 109 JP_PATTERN(5, 0, 1, 333, 333, 1, 9),
110}; 110};
111 111
diff --git a/drivers/net/wireless/ath/wil6210/cfg80211.c b/drivers/net/wireless/ath/wil6210/cfg80211.c
index 0fc0b9f8e605..38332a6dfb3a 100644
--- a/drivers/net/wireless/ath/wil6210/cfg80211.c
+++ b/drivers/net/wireless/ath/wil6210/cfg80211.c
@@ -798,7 +798,7 @@ static int wil_cfg80211_del_station(struct wiphy *wiphy,
798 struct wil6210_priv *wil = wiphy_to_wil(wiphy); 798 struct wil6210_priv *wil = wiphy_to_wil(wiphy);
799 799
800 mutex_lock(&wil->mutex); 800 mutex_lock(&wil->mutex);
801 wil6210_disconnect(wil, params->mac, false); 801 wil6210_disconnect(wil, params->mac, params->reason_code, false);
802 mutex_unlock(&wil->mutex); 802 mutex_unlock(&wil->mutex);
803 803
804 return 0; 804 return 0;
diff --git a/drivers/net/wireless/ath/wil6210/debug.c b/drivers/net/wireless/ath/wil6210/debug.c
index 8d99021d27a8..3249562d93b4 100644
--- a/drivers/net/wireless/ath/wil6210/debug.c
+++ b/drivers/net/wireless/ath/wil6210/debug.c
@@ -32,6 +32,23 @@ void wil_err(struct wil6210_priv *wil, const char *fmt, ...)
32 va_end(args); 32 va_end(args);
33} 33}
34 34
35void wil_err_ratelimited(struct wil6210_priv *wil, const char *fmt, ...)
36{
37 if (net_ratelimit()) {
38 struct net_device *ndev = wil_to_ndev(wil);
39 struct va_format vaf = {
40 .fmt = fmt,
41 };
42 va_list args;
43
44 va_start(args, fmt);
45 vaf.va = &args;
46 netdev_err(ndev, "%pV", &vaf);
47 trace_wil6210_log_err(&vaf);
48 va_end(args);
49 }
50}
51
35void wil_info(struct wil6210_priv *wil, const char *fmt, ...) 52void wil_info(struct wil6210_priv *wil, const char *fmt, ...)
36{ 53{
37 struct net_device *ndev = wil_to_ndev(wil); 54 struct net_device *ndev = wil_to_ndev(wil);
diff --git a/drivers/net/wireless/ath/wil6210/debugfs.c b/drivers/net/wireless/ath/wil6210/debugfs.c
index 54a6ddc6301b..4e6e14501c2f 100644
--- a/drivers/net/wireless/ath/wil6210/debugfs.c
+++ b/drivers/net/wireless/ath/wil6210/debugfs.c
@@ -573,8 +573,10 @@ static ssize_t wil_write_file_txmgmt(struct file *file, const char __user *buf,
573 if (!frame) 573 if (!frame)
574 return -ENOMEM; 574 return -ENOMEM;
575 575
576 if (copy_from_user(frame, buf, len)) 576 if (copy_from_user(frame, buf, len)) {
577 kfree(frame);
577 return -EIO; 578 return -EIO;
579 }
578 580
579 params.buf = frame; 581 params.buf = frame;
580 params.len = len; 582 params.len = len;
@@ -614,8 +616,10 @@ static ssize_t wil_write_file_wmi(struct file *file, const char __user *buf,
614 return -ENOMEM; 616 return -ENOMEM;
615 617
616 rc = simple_write_to_buffer(wmi, len, ppos, buf, len); 618 rc = simple_write_to_buffer(wmi, len, ppos, buf, len);
617 if (rc < 0) 619 if (rc < 0) {
620 kfree(wmi);
618 return rc; 621 return rc;
622 }
619 623
620 cmd = &wmi[1]; 624 cmd = &wmi[1];
621 cmdid = le16_to_cpu(wmi->id); 625 cmdid = le16_to_cpu(wmi->id);
diff --git a/drivers/net/wireless/ath/wil6210/fw.c b/drivers/net/wireless/ath/wil6210/fw.c
index 8c6f3b041f77..93c5cc16c515 100644
--- a/drivers/net/wireless/ath/wil6210/fw.c
+++ b/drivers/net/wireless/ath/wil6210/fw.c
@@ -15,7 +15,6 @@
15 */ 15 */
16#include <linux/firmware.h> 16#include <linux/firmware.h>
17#include <linux/module.h> 17#include <linux/module.h>
18#include <linux/pci.h>
19#include <linux/crc32.h> 18#include <linux/crc32.h>
20#include "wil6210.h" 19#include "wil6210.h"
21#include "fw.h" 20#include "fw.h"
diff --git a/drivers/net/wireless/ath/wil6210/fw_inc.c b/drivers/net/wireless/ath/wil6210/fw_inc.c
index 44cb71f5ea5b..d4acf93a9a02 100644
--- a/drivers/net/wireless/ath/wil6210/fw_inc.c
+++ b/drivers/net/wireless/ath/wil6210/fw_inc.c
@@ -446,7 +446,7 @@ static int wil_fw_load(struct wil6210_priv *wil, const void *data, size_t size)
446 if (size >= sizeof(*hdr)) { 446 if (size >= sizeof(*hdr)) {
447 wil_err_fw(wil, "Stop at offset %ld" 447 wil_err_fw(wil, "Stop at offset %ld"
448 " record type %d [%zd bytes]\n", 448 " record type %d [%zd bytes]\n",
449 (const void *)hdr - data, 449 (long)((const void *)hdr - data),
450 le16_to_cpu(hdr->type), hdr_sz); 450 le16_to_cpu(hdr->type), hdr_sz);
451 } 451 }
452 return -EINVAL; 452 return -EINVAL;
@@ -471,7 +471,7 @@ int wil_request_firmware(struct wil6210_priv *wil, const char *name)
471 size_t sz; 471 size_t sz;
472 const void *d; 472 const void *d;
473 473
474 rc = request_firmware(&fw, name, wil_to_pcie_dev(wil)); 474 rc = request_firmware(&fw, name, wil_to_dev(wil));
475 if (rc) { 475 if (rc) {
476 wil_err_fw(wil, "Failed to load firmware %s\n", name); 476 wil_err_fw(wil, "Failed to load firmware %s\n", name);
477 return rc; 477 return rc;
diff --git a/drivers/net/wireless/ath/wil6210/interrupt.c b/drivers/net/wireless/ath/wil6210/interrupt.c
index 90f416f239bd..4bcbd6297b3e 100644
--- a/drivers/net/wireless/ath/wil6210/interrupt.c
+++ b/drivers/net/wireless/ath/wil6210/interrupt.c
@@ -36,7 +36,8 @@
36 */ 36 */
37 37
38#define WIL6210_IRQ_DISABLE (0xFFFFFFFFUL) 38#define WIL6210_IRQ_DISABLE (0xFFFFFFFFUL)
39#define WIL6210_IMC_RX BIT_DMA_EP_RX_ICR_RX_DONE 39#define WIL6210_IMC_RX (BIT_DMA_EP_RX_ICR_RX_DONE | \
40 BIT_DMA_EP_RX_ICR_RX_HTRSH)
40#define WIL6210_IMC_TX (BIT_DMA_EP_TX_ICR_TX_DONE | \ 41#define WIL6210_IMC_TX (BIT_DMA_EP_TX_ICR_TX_DONE | \
41 BIT_DMA_EP_TX_ICR_TX_DONE_N(0)) 42 BIT_DMA_EP_TX_ICR_TX_DONE_N(0))
42#define WIL6210_IMC_MISC (ISR_MISC_FW_READY | \ 43#define WIL6210_IMC_MISC (ISR_MISC_FW_READY | \
@@ -171,6 +172,7 @@ static irqreturn_t wil6210_irq_rx(int irq, void *cookie)
171 u32 isr = wil_ioread32_and_clear(wil->csr + 172 u32 isr = wil_ioread32_and_clear(wil->csr +
172 HOSTADDR(RGF_DMA_EP_RX_ICR) + 173 HOSTADDR(RGF_DMA_EP_RX_ICR) +
173 offsetof(struct RGF_ICR, ICR)); 174 offsetof(struct RGF_ICR, ICR));
175 bool need_unmask = true;
174 176
175 trace_wil6210_irq_rx(isr); 177 trace_wil6210_irq_rx(isr);
176 wil_dbg_irq(wil, "ISR RX 0x%08x\n", isr); 178 wil_dbg_irq(wil, "ISR RX 0x%08x\n", isr);
@@ -182,12 +184,24 @@ static irqreturn_t wil6210_irq_rx(int irq, void *cookie)
182 184
183 wil6210_mask_irq_rx(wil); 185 wil6210_mask_irq_rx(wil);
184 186
185 if (isr & BIT_DMA_EP_RX_ICR_RX_DONE) { 187 /* RX_DONE and RX_HTRSH interrupts are the same if interrupt
188 * moderation is not used. Interrupt moderation may cause RX
189 * buffer overflow while RX_DONE is delayed. The required
190 * action is always the same - should empty the accumulated
191 * packets from the RX ring.
192 */
193 if (isr & (BIT_DMA_EP_RX_ICR_RX_DONE | BIT_DMA_EP_RX_ICR_RX_HTRSH)) {
186 wil_dbg_irq(wil, "RX done\n"); 194 wil_dbg_irq(wil, "RX done\n");
187 isr &= ~BIT_DMA_EP_RX_ICR_RX_DONE; 195
196 if (isr & BIT_DMA_EP_RX_ICR_RX_HTRSH)
197 wil_err_ratelimited(wil, "Received \"Rx buffer is in risk "
198 "of overflow\" interrupt\n");
199
200 isr &= ~(BIT_DMA_EP_RX_ICR_RX_DONE | BIT_DMA_EP_RX_ICR_RX_HTRSH);
188 if (test_bit(wil_status_reset_done, &wil->status)) { 201 if (test_bit(wil_status_reset_done, &wil->status)) {
189 if (test_bit(wil_status_napi_en, &wil->status)) { 202 if (test_bit(wil_status_napi_en, &wil->status)) {
190 wil_dbg_txrx(wil, "NAPI(Rx) schedule\n"); 203 wil_dbg_txrx(wil, "NAPI(Rx) schedule\n");
204 need_unmask = false;
191 napi_schedule(&wil->napi_rx); 205 napi_schedule(&wil->napi_rx);
192 } else { 206 } else {
193 wil_err(wil, "Got Rx interrupt while " 207 wil_err(wil, "Got Rx interrupt while "
@@ -204,6 +218,10 @@ static irqreturn_t wil6210_irq_rx(int irq, void *cookie)
204 /* Rx IRQ will be enabled when NAPI processing finished */ 218 /* Rx IRQ will be enabled when NAPI processing finished */
205 219
206 atomic_inc(&wil->isr_count_rx); 220 atomic_inc(&wil->isr_count_rx);
221
222 if (unlikely(need_unmask))
223 wil6210_unmask_irq_rx(wil);
224
207 return IRQ_HANDLED; 225 return IRQ_HANDLED;
208} 226}
209 227
@@ -213,6 +231,7 @@ static irqreturn_t wil6210_irq_tx(int irq, void *cookie)
213 u32 isr = wil_ioread32_and_clear(wil->csr + 231 u32 isr = wil_ioread32_and_clear(wil->csr +
214 HOSTADDR(RGF_DMA_EP_TX_ICR) + 232 HOSTADDR(RGF_DMA_EP_TX_ICR) +
215 offsetof(struct RGF_ICR, ICR)); 233 offsetof(struct RGF_ICR, ICR));
234 bool need_unmask = true;
216 235
217 trace_wil6210_irq_tx(isr); 236 trace_wil6210_irq_tx(isr);
218 wil_dbg_irq(wil, "ISR TX 0x%08x\n", isr); 237 wil_dbg_irq(wil, "ISR TX 0x%08x\n", isr);
@@ -231,6 +250,7 @@ static irqreturn_t wil6210_irq_tx(int irq, void *cookie)
231 isr &= ~(BIT(25) - 1UL); 250 isr &= ~(BIT(25) - 1UL);
232 if (test_bit(wil_status_reset_done, &wil->status)) { 251 if (test_bit(wil_status_reset_done, &wil->status)) {
233 wil_dbg_txrx(wil, "NAPI(Tx) schedule\n"); 252 wil_dbg_txrx(wil, "NAPI(Tx) schedule\n");
253 need_unmask = false;
234 napi_schedule(&wil->napi_tx); 254 napi_schedule(&wil->napi_tx);
235 } else { 255 } else {
236 wil_err(wil, "Got Tx interrupt while in reset\n"); 256 wil_err(wil, "Got Tx interrupt while in reset\n");
@@ -243,6 +263,10 @@ static irqreturn_t wil6210_irq_tx(int irq, void *cookie)
243 /* Tx IRQ will be enabled when NAPI processing finished */ 263 /* Tx IRQ will be enabled when NAPI processing finished */
244 264
245 atomic_inc(&wil->isr_count_tx); 265 atomic_inc(&wil->isr_count_tx);
266
267 if (unlikely(need_unmask))
268 wil6210_unmask_irq_tx(wil);
269
246 return IRQ_HANDLED; 270 return IRQ_HANDLED;
247} 271}
248 272
diff --git a/drivers/net/wireless/ath/wil6210/main.c b/drivers/net/wireless/ath/wil6210/main.c
index 6212983fede2..8ff3fe34fe05 100644
--- a/drivers/net/wireless/ath/wil6210/main.c
+++ b/drivers/net/wireless/ath/wil6210/main.c
@@ -67,6 +67,36 @@ static struct kernel_param_ops mtu_max_ops = {
67module_param_cb(mtu_max, &mtu_max_ops, &mtu_max, S_IRUGO); 67module_param_cb(mtu_max, &mtu_max_ops, &mtu_max, S_IRUGO);
68MODULE_PARM_DESC(mtu_max, " Max MTU value."); 68MODULE_PARM_DESC(mtu_max, " Max MTU value.");
69 69
70static uint rx_ring_order = WIL_RX_RING_SIZE_ORDER_DEFAULT;
71static uint tx_ring_order = WIL_TX_RING_SIZE_ORDER_DEFAULT;
72
73static int ring_order_set(const char *val, const struct kernel_param *kp)
74{
75 int ret;
76 uint x;
77
78 ret = kstrtouint(val, 0, &x);
79 if (ret)
80 return ret;
81
82 if ((x < WIL_RING_SIZE_ORDER_MIN) || (x > WIL_RING_SIZE_ORDER_MAX))
83 return -EINVAL;
84
85 *((uint *)kp->arg) = x;
86
87 return 0;
88}
89
90static struct kernel_param_ops ring_order_ops = {
91 .set = ring_order_set,
92 .get = param_get_uint,
93};
94
95module_param_cb(rx_ring_order, &ring_order_ops, &rx_ring_order, S_IRUGO);
96MODULE_PARM_DESC(rx_ring_order, " Rx ring order; size = 1 << order");
97module_param_cb(tx_ring_order, &ring_order_ops, &tx_ring_order, S_IRUGO);
98MODULE_PARM_DESC(tx_ring_order, " Tx ring order; size = 1 << order");
99
70#define RST_DELAY (20) /* msec, for loop in @wil_target_reset */ 100#define RST_DELAY (20) /* msec, for loop in @wil_target_reset */
71#define RST_COUNT (1 + 1000/RST_DELAY) /* round up to be above 1 sec total */ 101#define RST_COUNT (1 + 1000/RST_DELAY) /* round up to be above 1 sec total */
72 102
@@ -104,7 +134,7 @@ void wil_memcpy_toio_32(volatile void __iomem *dst, const void *src,
104} 134}
105 135
106static void wil_disconnect_cid(struct wil6210_priv *wil, int cid, 136static void wil_disconnect_cid(struct wil6210_priv *wil, int cid,
107 bool from_event) 137 u16 reason_code, bool from_event)
108{ 138{
109 uint i; 139 uint i;
110 struct net_device *ndev = wil_to_ndev(wil); 140 struct net_device *ndev = wil_to_ndev(wil);
@@ -117,8 +147,7 @@ static void wil_disconnect_cid(struct wil6210_priv *wil, int cid,
117 sta->data_port_open = false; 147 sta->data_port_open = false;
118 if (sta->status != wil_sta_unused) { 148 if (sta->status != wil_sta_unused) {
119 if (!from_event) 149 if (!from_event)
120 wmi_disconnect_sta(wil, sta->addr, 150 wmi_disconnect_sta(wil, sta->addr, reason_code);
121 WLAN_REASON_DEAUTH_LEAVING);
122 151
123 switch (wdev->iftype) { 152 switch (wdev->iftype) {
124 case NL80211_IFTYPE_AP: 153 case NL80211_IFTYPE_AP:
@@ -152,7 +181,7 @@ static void wil_disconnect_cid(struct wil6210_priv *wil, int cid,
152} 181}
153 182
154static void _wil6210_disconnect(struct wil6210_priv *wil, const u8 *bssid, 183static void _wil6210_disconnect(struct wil6210_priv *wil, const u8 *bssid,
155 bool from_event) 184 u16 reason_code, bool from_event)
156{ 185{
157 int cid = -ENOENT; 186 int cid = -ENOENT;
158 struct net_device *ndev = wil_to_ndev(wil); 187 struct net_device *ndev = wil_to_ndev(wil);
@@ -167,10 +196,10 @@ static void _wil6210_disconnect(struct wil6210_priv *wil, const u8 *bssid,
167 } 196 }
168 197
169 if (cid >= 0) /* disconnect 1 peer */ 198 if (cid >= 0) /* disconnect 1 peer */
170 wil_disconnect_cid(wil, cid, from_event); 199 wil_disconnect_cid(wil, cid, reason_code, from_event);
171 else /* disconnect all */ 200 else /* disconnect all */
172 for (cid = 0; cid < WIL6210_MAX_CID; cid++) 201 for (cid = 0; cid < WIL6210_MAX_CID; cid++)
173 wil_disconnect_cid(wil, cid, from_event); 202 wil_disconnect_cid(wil, cid, reason_code, from_event);
174 203
175 /* link state */ 204 /* link state */
176 switch (wdev->iftype) { 205 switch (wdev->iftype) {
@@ -179,8 +208,7 @@ static void _wil6210_disconnect(struct wil6210_priv *wil, const u8 *bssid,
179 wil_link_off(wil); 208 wil_link_off(wil);
180 if (test_bit(wil_status_fwconnected, &wil->status)) { 209 if (test_bit(wil_status_fwconnected, &wil->status)) {
181 clear_bit(wil_status_fwconnected, &wil->status); 210 clear_bit(wil_status_fwconnected, &wil->status);
182 cfg80211_disconnected(ndev, 211 cfg80211_disconnected(ndev, reason_code,
183 WLAN_STATUS_UNSPECIFIED_FAILURE,
184 NULL, 0, GFP_KERNEL); 212 NULL, 0, GFP_KERNEL);
185 } else if (test_bit(wil_status_fwconnecting, &wil->status)) { 213 } else if (test_bit(wil_status_fwconnecting, &wil->status)) {
186 cfg80211_connect_result(ndev, bssid, NULL, 0, NULL, 0, 214 cfg80211_connect_result(ndev, bssid, NULL, 0, NULL, 0,
@@ -200,7 +228,7 @@ static void wil_disconnect_worker(struct work_struct *work)
200 struct wil6210_priv, disconnect_worker); 228 struct wil6210_priv, disconnect_worker);
201 229
202 mutex_lock(&wil->mutex); 230 mutex_lock(&wil->mutex);
203 _wil6210_disconnect(wil, NULL, false); 231 _wil6210_disconnect(wil, NULL, WLAN_REASON_UNSPECIFIED, false);
204 mutex_unlock(&wil->mutex); 232 mutex_unlock(&wil->mutex);
205} 233}
206 234
@@ -222,6 +250,7 @@ static void wil_scan_timer_fn(ulong x)
222 250
223 clear_bit(wil_status_fwready, &wil->status); 251 clear_bit(wil_status_fwready, &wil->status);
224 wil_err(wil, "Scan timeout detected, start fw error recovery\n"); 252 wil_err(wil, "Scan timeout detected, start fw error recovery\n");
253 wil->recovery_state = fw_recovery_pending;
225 schedule_work(&wil->fw_error_worker); 254 schedule_work(&wil->fw_error_worker);
226} 255}
227 256
@@ -333,7 +362,7 @@ static void wil_connect_worker(struct work_struct *work)
333 362
334 wil_dbg_wmi(wil, "Configure for connection CID %d\n", cid); 363 wil_dbg_wmi(wil, "Configure for connection CID %d\n", cid);
335 364
336 rc = wil_vring_init_tx(wil, ringid, WIL6210_TX_RING_SIZE, cid, 0); 365 rc = wil_vring_init_tx(wil, ringid, 1 << tx_ring_order, cid, 0);
337 wil->pending_connect_cid = -1; 366 wil->pending_connect_cid = -1;
338 if (rc == 0) { 367 if (rc == 0) {
339 wil->sta[cid].status = wil_sta_connected; 368 wil->sta[cid].status = wil_sta_connected;
@@ -392,18 +421,19 @@ int wil_priv_init(struct wil6210_priv *wil)
392 * wil6210_disconnect - disconnect one connection 421 * wil6210_disconnect - disconnect one connection
393 * @wil: driver context 422 * @wil: driver context
394 * @bssid: peer to disconnect, NULL to disconnect all 423 * @bssid: peer to disconnect, NULL to disconnect all
424 * @reason_code: Reason code for the Disassociation frame
395 * @from_event: whether is invoked from FW event handler 425 * @from_event: whether is invoked from FW event handler
396 * 426 *
397 * Disconnect and release associated resources. If invoked not from the 427 * Disconnect and release associated resources. If invoked not from the
398 * FW event handler, issue WMI command(s) to trigger MAC disconnect. 428 * FW event handler, issue WMI command(s) to trigger MAC disconnect.
399 */ 429 */
400void wil6210_disconnect(struct wil6210_priv *wil, const u8 *bssid, 430void wil6210_disconnect(struct wil6210_priv *wil, const u8 *bssid,
401 bool from_event) 431 u16 reason_code, bool from_event)
402{ 432{
403 wil_dbg_misc(wil, "%s()\n", __func__); 433 wil_dbg_misc(wil, "%s()\n", __func__);
404 434
405 del_timer_sync(&wil->connect_timer); 435 del_timer_sync(&wil->connect_timer);
406 _wil6210_disconnect(wil, bssid, from_event); 436 _wil6210_disconnect(wil, bssid, reason_code, from_event);
407} 437}
408 438
409void wil_priv_deinit(struct wil6210_priv *wil) 439void wil_priv_deinit(struct wil6210_priv *wil)
@@ -415,7 +445,7 @@ void wil_priv_deinit(struct wil6210_priv *wil)
415 cancel_work_sync(&wil->disconnect_worker); 445 cancel_work_sync(&wil->disconnect_worker);
416 cancel_work_sync(&wil->fw_error_worker); 446 cancel_work_sync(&wil->fw_error_worker);
417 mutex_lock(&wil->mutex); 447 mutex_lock(&wil->mutex);
418 wil6210_disconnect(wil, NULL, false); 448 wil6210_disconnect(wil, NULL, WLAN_REASON_DEAUTH_LEAVING, false);
419 mutex_unlock(&wil->mutex); 449 mutex_unlock(&wil->mutex);
420 wmi_event_flush(wil); 450 wmi_event_flush(wil);
421 destroy_workqueue(wil->wmi_wq_conn); 451 destroy_workqueue(wil->wmi_wq_conn);
@@ -463,6 +493,9 @@ static int wil_target_reset(struct wil6210_priv *wil)
463 493
464 wil_halt_cpu(wil); 494 wil_halt_cpu(wil);
465 495
496 /* Clear Fw Download notification */
497 C(RGF_USER_USAGE_6, BIT(0));
498
466 if (is_sparrow) { 499 if (is_sparrow) {
467 S(RGF_CAF_OSC_CONTROL, BIT_CAF_OSC_XTAL_EN); 500 S(RGF_CAF_OSC_CONTROL, BIT_CAF_OSC_XTAL_EN);
468 /* XTAL stabilization should take about 3ms */ 501 /* XTAL stabilization should take about 3ms */
@@ -600,7 +633,7 @@ int wil_reset(struct wil6210_priv *wil)
600 WARN_ON(test_bit(wil_status_napi_en, &wil->status)); 633 WARN_ON(test_bit(wil_status_napi_en, &wil->status));
601 634
602 cancel_work_sync(&wil->disconnect_worker); 635 cancel_work_sync(&wil->disconnect_worker);
603 wil6210_disconnect(wil, NULL, false); 636 wil6210_disconnect(wil, NULL, WLAN_REASON_DEAUTH_LEAVING, false);
604 637
605 wil->status = 0; /* prevent NAPI from being scheduled */ 638 wil->status = 0; /* prevent NAPI from being scheduled */
606 639
@@ -705,7 +738,7 @@ int __wil_up(struct wil6210_priv *wil)
705 return rc; 738 return rc;
706 739
707 /* Rx VRING. After MAC and beacon */ 740 /* Rx VRING. After MAC and beacon */
708 rc = wil_rx_init(wil); 741 rc = wil_rx_init(wil, 1 << rx_ring_order);
709 if (rc) 742 if (rc)
710 return rc; 743 return rc;
711 744
diff --git a/drivers/net/wireless/ath/wil6210/txrx.c b/drivers/net/wireless/ath/wil6210/txrx.c
index c680906bc0dc..e3f8bdce5abc 100644
--- a/drivers/net/wireless/ath/wil6210/txrx.c
+++ b/drivers/net/wireless/ath/wil6210/txrx.c
@@ -210,8 +210,6 @@ static int wil_vring_alloc_skb(struct wil6210_priv *wil, struct vring *vring,
210 struct vring_rx_desc dd, *d = &dd; 210 struct vring_rx_desc dd, *d = &dd;
211 volatile struct vring_rx_desc *_d = &vring->va[i].rx; 211 volatile struct vring_rx_desc *_d = &vring->va[i].rx;
212 dma_addr_t pa; 212 dma_addr_t pa;
213
214 /* TODO align */
215 struct sk_buff *skb = dev_alloc_skb(sz + headroom); 213 struct sk_buff *skb = dev_alloc_skb(sz + headroom);
216 214
217 if (unlikely(!skb)) 215 if (unlikely(!skb))
@@ -596,7 +594,7 @@ void wil_rx_handle(struct wil6210_priv *wil, int *quota)
596 wil_rx_refill(wil, v->size); 594 wil_rx_refill(wil, v->size);
597} 595}
598 596
599int wil_rx_init(struct wil6210_priv *wil) 597int wil_rx_init(struct wil6210_priv *wil, u16 size)
600{ 598{
601 struct vring *vring = &wil->vring_rx; 599 struct vring *vring = &wil->vring_rx;
602 int rc; 600 int rc;
@@ -608,7 +606,7 @@ int wil_rx_init(struct wil6210_priv *wil)
608 return -EINVAL; 606 return -EINVAL;
609 } 607 }
610 608
611 vring->size = WIL6210_RX_RING_SIZE; 609 vring->size = size;
612 rc = wil_vring_alloc(wil, vring); 610 rc = wil_vring_alloc(wil, vring);
613 if (rc) 611 if (rc)
614 return rc; 612 return rc;
@@ -928,8 +926,9 @@ static int wil_tx_vring(struct wil6210_priv *wil, struct vring *vring,
928 wil_dbg_txrx(wil, "%s()\n", __func__); 926 wil_dbg_txrx(wil, "%s()\n", __func__);
929 927
930 if (avail < 1 + nr_frags) { 928 if (avail < 1 + nr_frags) {
931 wil_err(wil, "Tx ring full. No space for %d fragments\n", 929 wil_err_ratelimited(wil,
932 1 + nr_frags); 930 "Tx ring full. No space for %d fragments\n",
931 1 + nr_frags);
933 return -ENOMEM; 932 return -ENOMEM;
934 } 933 }
935 _d = &vring->va[i].tx; 934 _d = &vring->va[i].tx;
diff --git a/drivers/net/wireless/ath/wil6210/wil6210.h b/drivers/net/wireless/ath/wil6210/wil6210.h
index 95d3a062d35c..c6ec5b99ac7d 100644
--- a/drivers/net/wireless/ath/wil6210/wil6210.h
+++ b/drivers/net/wireless/ath/wil6210/wil6210.h
@@ -49,8 +49,11 @@ static inline u32 WIL_GET_BITS(u32 x, int b0, int b1)
49 49
50#define WIL6210_MEM_SIZE (2*1024*1024UL) 50#define WIL6210_MEM_SIZE (2*1024*1024UL)
51 51
52#define WIL6210_RX_RING_SIZE (128) 52#define WIL_RX_RING_SIZE_ORDER_DEFAULT (9)
53#define WIL6210_TX_RING_SIZE (512) 53#define WIL_TX_RING_SIZE_ORDER_DEFAULT (9)
54/* limit ring size in range [32..32k] */
55#define WIL_RING_SIZE_ORDER_MIN (5)
56#define WIL_RING_SIZE_ORDER_MAX (15)
54#define WIL6210_MAX_TX_RINGS (24) /* HW limit */ 57#define WIL6210_MAX_TX_RINGS (24) /* HW limit */
55#define WIL6210_MAX_CID (8) /* HW limit */ 58#define WIL6210_MAX_CID (8) /* HW limit */
56#define WIL6210_NAPI_BUDGET (16) /* arbitrary */ 59#define WIL6210_NAPI_BUDGET (16) /* arbitrary */
@@ -126,6 +129,7 @@ struct RGF_ICR {
126 #define BIT_DMA_EP_TX_ICR_TX_DONE_N(n) BIT(n+1) /* n = [0..23] */ 129 #define BIT_DMA_EP_TX_ICR_TX_DONE_N(n) BIT(n+1) /* n = [0..23] */
127#define RGF_DMA_EP_RX_ICR (0x881bd0) /* struct RGF_ICR */ 130#define RGF_DMA_EP_RX_ICR (0x881bd0) /* struct RGF_ICR */
128 #define BIT_DMA_EP_RX_ICR_RX_DONE BIT(0) 131 #define BIT_DMA_EP_RX_ICR_RX_DONE BIT(0)
132 #define BIT_DMA_EP_RX_ICR_RX_HTRSH BIT(1)
129#define RGF_DMA_EP_MISC_ICR (0x881bec) /* struct RGF_ICR */ 133#define RGF_DMA_EP_MISC_ICR (0x881bec) /* struct RGF_ICR */
130 #define BIT_DMA_EP_MISC_ICR_RX_HTRSH BIT(0) 134 #define BIT_DMA_EP_MISC_ICR_RX_HTRSH BIT(0)
131 #define BIT_DMA_EP_MISC_ICR_TX_NO_ACT BIT(1) 135 #define BIT_DMA_EP_MISC_ICR_TX_NO_ACT BIT(1)
@@ -468,13 +472,14 @@ struct wil6210_priv {
468#define wdev_to_wil(w) (struct wil6210_priv *)(wdev_priv(w)) 472#define wdev_to_wil(w) (struct wil6210_priv *)(wdev_priv(w))
469#define wil_to_ndev(i) (wil_to_wdev(i)->netdev) 473#define wil_to_ndev(i) (wil_to_wdev(i)->netdev)
470#define ndev_to_wil(n) (wdev_to_wil(n->ieee80211_ptr)) 474#define ndev_to_wil(n) (wdev_to_wil(n->ieee80211_ptr))
471#define wil_to_pcie_dev(i) (&i->pdev->dev)
472 475
473__printf(2, 3) 476__printf(2, 3)
474void wil_dbg_trace(struct wil6210_priv *wil, const char *fmt, ...); 477void wil_dbg_trace(struct wil6210_priv *wil, const char *fmt, ...);
475__printf(2, 3) 478__printf(2, 3)
476void wil_err(struct wil6210_priv *wil, const char *fmt, ...); 479void wil_err(struct wil6210_priv *wil, const char *fmt, ...);
477__printf(2, 3) 480__printf(2, 3)
481void wil_err_ratelimited(struct wil6210_priv *wil, const char *fmt, ...);
482__printf(2, 3)
478void wil_info(struct wil6210_priv *wil, const char *fmt, ...); 483void wil_info(struct wil6210_priv *wil, const char *fmt, ...);
479#define wil_dbg(wil, fmt, arg...) do { \ 484#define wil_dbg(wil, fmt, arg...) do { \
480 netdev_dbg(wil_to_ndev(wil), fmt, ##arg); \ 485 netdev_dbg(wil_to_ndev(wil), fmt, ##arg); \
@@ -586,9 +591,9 @@ int wmi_set_mac_address(struct wil6210_priv *wil, void *addr);
586int wmi_pcp_start(struct wil6210_priv *wil, int bi, u8 wmi_nettype, u8 chan); 591int wmi_pcp_start(struct wil6210_priv *wil, int bi, u8 wmi_nettype, u8 chan);
587int wmi_pcp_stop(struct wil6210_priv *wil); 592int wmi_pcp_stop(struct wil6210_priv *wil);
588void wil6210_disconnect(struct wil6210_priv *wil, const u8 *bssid, 593void wil6210_disconnect(struct wil6210_priv *wil, const u8 *bssid,
589 bool from_event); 594 u16 reason_code, bool from_event);
590 595
591int wil_rx_init(struct wil6210_priv *wil); 596int wil_rx_init(struct wil6210_priv *wil, u16 size);
592void wil_rx_fini(struct wil6210_priv *wil); 597void wil_rx_fini(struct wil6210_priv *wil);
593 598
594/* TX API */ 599/* TX API */
diff --git a/drivers/net/wireless/ath/wil6210/wmi.c b/drivers/net/wireless/ath/wil6210/wmi.c
index bb1e066f756a..63476c86cd0e 100644
--- a/drivers/net/wireless/ath/wil6210/wmi.c
+++ b/drivers/net/wireless/ath/wil6210/wmi.c
@@ -478,15 +478,15 @@ static void wmi_evt_disconnect(struct wil6210_priv *wil, int id,
478 void *d, int len) 478 void *d, int len)
479{ 479{
480 struct wmi_disconnect_event *evt = d; 480 struct wmi_disconnect_event *evt = d;
481 u16 reason_code = le16_to_cpu(evt->protocol_reason_status);
481 482
482 wil_dbg_wmi(wil, "Disconnect %pM reason %d proto %d wmi\n", 483 wil_dbg_wmi(wil, "Disconnect %pM reason [proto %d wmi %d]\n",
483 evt->bssid, 484 evt->bssid, reason_code, evt->disconnect_reason);
484 evt->protocol_reason_status, evt->disconnect_reason);
485 485
486 wil->sinfo_gen++; 486 wil->sinfo_gen++;
487 487
488 mutex_lock(&wil->mutex); 488 mutex_lock(&wil->mutex);
489 wil6210_disconnect(wil, evt->bssid, true); 489 wil6210_disconnect(wil, evt->bssid, reason_code, true);
490 mutex_unlock(&wil->mutex); 490 mutex_unlock(&wil->mutex);
491} 491}
492 492
diff --git a/drivers/net/wireless/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/brcm80211/brcmfmac/cfg80211.c
index f8a9dfa657ba..3aecc5f48719 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/cfg80211.c
@@ -520,6 +520,95 @@ brcmf_cfg80211_update_proto_addr_mode(struct wireless_dev *wdev)
520 ADDR_INDIRECT); 520 ADDR_INDIRECT);
521} 521}
522 522
523static int brcmf_cfg80211_request_ap_if(struct brcmf_if *ifp)
524{
525 struct brcmf_mbss_ssid_le mbss_ssid_le;
526 int bsscfgidx;
527 int err;
528
529 memset(&mbss_ssid_le, 0, sizeof(mbss_ssid_le));
530 bsscfgidx = brcmf_get_next_free_bsscfgidx(ifp->drvr);
531 if (bsscfgidx < 0)
532 return bsscfgidx;
533
534 mbss_ssid_le.bsscfgidx = cpu_to_le32(bsscfgidx);
535 mbss_ssid_le.SSID_len = cpu_to_le32(5);
536 sprintf(mbss_ssid_le.SSID, "ssid%d" , bsscfgidx);
537
538 err = brcmf_fil_bsscfg_data_set(ifp, "bsscfg:ssid", &mbss_ssid_le,
539 sizeof(mbss_ssid_le));
540 if (err < 0)
541 brcmf_err("setting ssid failed %d\n", err);
542
543 return err;
544}
545
546/**
547 * brcmf_ap_add_vif() - create a new AP virtual interface for multiple BSS
548 *
549 * @wiphy: wiphy device of new interface.
550 * @name: name of the new interface.
551 * @flags: not used.
552 * @params: contains mac address for AP device.
553 */
554static
555struct wireless_dev *brcmf_ap_add_vif(struct wiphy *wiphy, const char *name,
556 u32 *flags, struct vif_params *params)
557{
558 struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
559 struct brcmf_if *ifp = netdev_priv(cfg_to_ndev(cfg));
560 struct brcmf_cfg80211_vif *vif;
561 int err;
562
563 if (brcmf_cfg80211_vif_event_armed(cfg))
564 return ERR_PTR(-EBUSY);
565
566 brcmf_dbg(INFO, "Adding vif \"%s\"\n", name);
567
568 vif = brcmf_alloc_vif(cfg, NL80211_IFTYPE_AP, false);
569 if (IS_ERR(vif))
570 return (struct wireless_dev *)vif;
571
572 brcmf_cfg80211_arm_vif_event(cfg, vif);
573
574 err = brcmf_cfg80211_request_ap_if(ifp);
575 if (err) {
576 brcmf_cfg80211_arm_vif_event(cfg, NULL);
577 goto fail;
578 }
579
580 /* wait for firmware event */
581 err = brcmf_cfg80211_wait_vif_event_timeout(cfg, BRCMF_E_IF_ADD,
582 msecs_to_jiffies(1500));
583 brcmf_cfg80211_arm_vif_event(cfg, NULL);
584 if (!err) {
585 brcmf_err("timeout occurred\n");
586 err = -EIO;
587 goto fail;
588 }
589
590 /* interface created in firmware */
591 ifp = vif->ifp;
592 if (!ifp) {
593 brcmf_err("no if pointer provided\n");
594 err = -ENOENT;
595 goto fail;
596 }
597
598 strncpy(ifp->ndev->name, name, sizeof(ifp->ndev->name) - 1);
599 err = brcmf_net_attach(ifp, true);
600 if (err) {
601 brcmf_err("Registering netdevice failed\n");
602 goto fail;
603 }
604
605 return &ifp->vif->wdev;
606
607fail:
608 brcmf_free_vif(vif);
609 return ERR_PTR(err);
610}
611
523static bool brcmf_is_apmode(struct brcmf_cfg80211_vif *vif) 612static bool brcmf_is_apmode(struct brcmf_cfg80211_vif *vif)
524{ 613{
525 enum nl80211_iftype iftype; 614 enum nl80211_iftype iftype;
@@ -545,12 +634,16 @@ static struct wireless_dev *brcmf_cfg80211_add_iface(struct wiphy *wiphy,
545 switch (type) { 634 switch (type) {
546 case NL80211_IFTYPE_ADHOC: 635 case NL80211_IFTYPE_ADHOC:
547 case NL80211_IFTYPE_STATION: 636 case NL80211_IFTYPE_STATION:
548 case NL80211_IFTYPE_AP:
549 case NL80211_IFTYPE_AP_VLAN: 637 case NL80211_IFTYPE_AP_VLAN:
550 case NL80211_IFTYPE_WDS: 638 case NL80211_IFTYPE_WDS:
551 case NL80211_IFTYPE_MONITOR: 639 case NL80211_IFTYPE_MONITOR:
552 case NL80211_IFTYPE_MESH_POINT: 640 case NL80211_IFTYPE_MESH_POINT:
553 return ERR_PTR(-EOPNOTSUPP); 641 return ERR_PTR(-EOPNOTSUPP);
642 case NL80211_IFTYPE_AP:
643 wdev = brcmf_ap_add_vif(wiphy, name, flags, params);
644 if (!IS_ERR(wdev))
645 brcmf_cfg80211_update_proto_addr_mode(wdev);
646 return wdev;
554 case NL80211_IFTYPE_P2P_CLIENT: 647 case NL80211_IFTYPE_P2P_CLIENT:
555 case NL80211_IFTYPE_P2P_GO: 648 case NL80211_IFTYPE_P2P_GO:
556 case NL80211_IFTYPE_P2P_DEVICE: 649 case NL80211_IFTYPE_P2P_DEVICE:
@@ -1815,6 +1908,7 @@ brcmf_cfg80211_disconnect(struct wiphy *wiphy, struct net_device *ndev,
1815 return -EIO; 1908 return -EIO;
1816 1909
1817 clear_bit(BRCMF_VIF_STATUS_CONNECTED, &ifp->vif->sme_state); 1910 clear_bit(BRCMF_VIF_STATUS_CONNECTED, &ifp->vif->sme_state);
1911 clear_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
1818 cfg80211_disconnected(ndev, reason_code, NULL, 0, GFP_KERNEL); 1912 cfg80211_disconnected(ndev, reason_code, NULL, 0, GFP_KERNEL);
1819 1913
1820 memcpy(&scbval.ea, &profile->bssid, ETH_ALEN); 1914 memcpy(&scbval.ea, &profile->bssid, ETH_ALEN);
@@ -2932,7 +3026,7 @@ brcmf_update_pmklist(struct net_device *ndev,
2932 struct brcmf_cfg80211_pmk_list *pmk_list, s32 err) 3026 struct brcmf_cfg80211_pmk_list *pmk_list, s32 err)
2933{ 3027{
2934 int i, j; 3028 int i, j;
2935 int pmkid_len; 3029 u32 pmkid_len;
2936 3030
2937 pmkid_len = le32_to_cpu(pmk_list->pmkids.npmkid); 3031 pmkid_len = le32_to_cpu(pmk_list->pmkids.npmkid);
2938 3032
@@ -2960,8 +3054,7 @@ brcmf_cfg80211_set_pmksa(struct wiphy *wiphy, struct net_device *ndev,
2960 struct brcmf_if *ifp = netdev_priv(ndev); 3054 struct brcmf_if *ifp = netdev_priv(ndev);
2961 struct pmkid_list *pmkids = &cfg->pmk_list->pmkids; 3055 struct pmkid_list *pmkids = &cfg->pmk_list->pmkids;
2962 s32 err = 0; 3056 s32 err = 0;
2963 int i; 3057 u32 pmkid_len, i;
2964 int pmkid_len;
2965 3058
2966 brcmf_dbg(TRACE, "Enter\n"); 3059 brcmf_dbg(TRACE, "Enter\n");
2967 if (!check_vif_up(ifp->vif)) 3060 if (!check_vif_up(ifp->vif))
@@ -3000,7 +3093,7 @@ brcmf_cfg80211_del_pmksa(struct wiphy *wiphy, struct net_device *ndev,
3000 struct brcmf_if *ifp = netdev_priv(ndev); 3093 struct brcmf_if *ifp = netdev_priv(ndev);
3001 struct pmkid_list pmkid; 3094 struct pmkid_list pmkid;
3002 s32 err = 0; 3095 s32 err = 0;
3003 int i, pmkid_len; 3096 u32 pmkid_len, i;
3004 3097
3005 brcmf_dbg(TRACE, "Enter\n"); 3098 brcmf_dbg(TRACE, "Enter\n");
3006 if (!check_vif_up(ifp->vif)) 3099 if (!check_vif_up(ifp->vif))
@@ -3361,11 +3454,10 @@ static bool brcmf_valid_wpa_oui(u8 *oui, bool is_rsn_ie)
3361} 3454}
3362 3455
3363static s32 3456static s32
3364brcmf_configure_wpaie(struct net_device *ndev, 3457brcmf_configure_wpaie(struct brcmf_if *ifp,
3365 const struct brcmf_vs_tlv *wpa_ie, 3458 const struct brcmf_vs_tlv *wpa_ie,
3366 bool is_rsn_ie) 3459 bool is_rsn_ie)
3367{ 3460{
3368 struct brcmf_if *ifp = netdev_priv(ndev);
3369 u32 auth = 0; /* d11 open authentication */ 3461 u32 auth = 0; /* d11 open authentication */
3370 u16 count; 3462 u16 count;
3371 s32 err = 0; 3463 s32 err = 0;
@@ -3840,6 +3932,7 @@ brcmf_cfg80211_start_ap(struct wiphy *wiphy, struct net_device *ndev,
3840 enum nl80211_iftype dev_role; 3932 enum nl80211_iftype dev_role;
3841 struct brcmf_fil_bss_enable_le bss_enable; 3933 struct brcmf_fil_bss_enable_le bss_enable;
3842 u16 chanspec; 3934 u16 chanspec;
3935 bool mbss;
3843 3936
3844 brcmf_dbg(TRACE, "ctrlchn=%d, center=%d, bw=%d, beacon_interval=%d, dtim_period=%d,\n", 3937 brcmf_dbg(TRACE, "ctrlchn=%d, center=%d, bw=%d, beacon_interval=%d, dtim_period=%d,\n",
3845 settings->chandef.chan->hw_value, 3938 settings->chandef.chan->hw_value,
@@ -3850,6 +3943,7 @@ brcmf_cfg80211_start_ap(struct wiphy *wiphy, struct net_device *ndev,
3850 settings->inactivity_timeout); 3943 settings->inactivity_timeout);
3851 3944
3852 dev_role = ifp->vif->wdev.iftype; 3945 dev_role = ifp->vif->wdev.iftype;
3946 mbss = ifp->vif->mbss;
3853 3947
3854 memset(&ssid_le, 0, sizeof(ssid_le)); 3948 memset(&ssid_le, 0, sizeof(ssid_le));
3855 if (settings->ssid == NULL || settings->ssid_len == 0) { 3949 if (settings->ssid == NULL || settings->ssid_len == 0) {
@@ -3869,8 +3963,10 @@ brcmf_cfg80211_start_ap(struct wiphy *wiphy, struct net_device *ndev,
3869 ssid_le.SSID_len = cpu_to_le32((u32)settings->ssid_len); 3963 ssid_le.SSID_len = cpu_to_le32((u32)settings->ssid_len);
3870 } 3964 }
3871 3965
3872 brcmf_set_mpc(ifp, 0); 3966 if (!mbss) {
3873 brcmf_configure_arp_offload(ifp, false); 3967 brcmf_set_mpc(ifp, 0);
3968 brcmf_configure_arp_offload(ifp, false);
3969 }
3874 3970
3875 /* find the RSN_IE */ 3971 /* find the RSN_IE */
3876 rsn_ie = brcmf_parse_tlvs((u8 *)settings->beacon.tail, 3972 rsn_ie = brcmf_parse_tlvs((u8 *)settings->beacon.tail,
@@ -3884,13 +3980,16 @@ brcmf_cfg80211_start_ap(struct wiphy *wiphy, struct net_device *ndev,
3884 brcmf_dbg(TRACE, "WPA(2) IE is found\n"); 3980 brcmf_dbg(TRACE, "WPA(2) IE is found\n");
3885 if (wpa_ie != NULL) { 3981 if (wpa_ie != NULL) {
3886 /* WPA IE */ 3982 /* WPA IE */
3887 err = brcmf_configure_wpaie(ndev, wpa_ie, false); 3983 err = brcmf_configure_wpaie(ifp, wpa_ie, false);
3888 if (err < 0) 3984 if (err < 0)
3889 goto exit; 3985 goto exit;
3890 } else { 3986 } else {
3987 struct brcmf_vs_tlv *tmp_ie;
3988
3989 tmp_ie = (struct brcmf_vs_tlv *)rsn_ie;
3990
3891 /* RSN IE */ 3991 /* RSN IE */
3892 err = brcmf_configure_wpaie(ndev, 3992 err = brcmf_configure_wpaie(ifp, tmp_ie, true);
3893 (struct brcmf_vs_tlv *)rsn_ie, true);
3894 if (err < 0) 3993 if (err < 0)
3895 goto exit; 3994 goto exit;
3896 } 3995 }
@@ -3901,45 +4000,53 @@ brcmf_cfg80211_start_ap(struct wiphy *wiphy, struct net_device *ndev,
3901 4000
3902 brcmf_config_ap_mgmt_ie(ifp->vif, &settings->beacon); 4001 brcmf_config_ap_mgmt_ie(ifp->vif, &settings->beacon);
3903 4002
3904 chanspec = chandef_to_chanspec(&cfg->d11inf, &settings->chandef); 4003 if (!mbss) {
3905 err = brcmf_fil_iovar_int_set(ifp, "chanspec", chanspec); 4004 chanspec = chandef_to_chanspec(&cfg->d11inf,
3906 if (err < 0) { 4005 &settings->chandef);
3907 brcmf_err("Set Channel failed: chspec=%d, %d\n", chanspec, err); 4006 err = brcmf_fil_iovar_int_set(ifp, "chanspec", chanspec);
3908 goto exit;
3909 }
3910
3911 if (settings->beacon_interval) {
3912 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_BCNPRD,
3913 settings->beacon_interval);
3914 if (err < 0) { 4007 if (err < 0) {
3915 brcmf_err("Beacon Interval Set Error, %d\n", err); 4008 brcmf_err("Set Channel failed: chspec=%d, %d\n",
4009 chanspec, err);
3916 goto exit; 4010 goto exit;
3917 } 4011 }
3918 } 4012
3919 if (settings->dtim_period) { 4013 if (settings->beacon_interval) {
3920 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_DTIMPRD, 4014 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_BCNPRD,
3921 settings->dtim_period); 4015 settings->beacon_interval);
3922 if (err < 0) { 4016 if (err < 0) {
3923 brcmf_err("DTIM Interval Set Error, %d\n", err); 4017 brcmf_err("Beacon Interval Set Error, %d\n",
3924 goto exit; 4018 err);
4019 goto exit;
4020 }
4021 }
4022 if (settings->dtim_period) {
4023 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_DTIMPRD,
4024 settings->dtim_period);
4025 if (err < 0) {
4026 brcmf_err("DTIM Interval Set Error, %d\n", err);
4027 goto exit;
4028 }
3925 } 4029 }
3926 }
3927 4030
3928 if (dev_role == NL80211_IFTYPE_AP) { 4031 if (dev_role == NL80211_IFTYPE_AP) {
3929 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_DOWN, 1); 4032 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_DOWN, 1);
4033 if (err < 0) {
4034 brcmf_err("BRCMF_C_DOWN error %d\n", err);
4035 goto exit;
4036 }
4037 brcmf_fil_iovar_int_set(ifp, "apsta", 0);
4038 }
4039
4040 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_INFRA, 1);
3930 if (err < 0) { 4041 if (err < 0) {
3931 brcmf_err("BRCMF_C_DOWN error %d\n", err); 4042 brcmf_err("SET INFRA error %d\n", err);
3932 goto exit; 4043 goto exit;
3933 } 4044 }
3934 brcmf_fil_iovar_int_set(ifp, "apsta", 0);
3935 }
3936
3937 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_INFRA, 1);
3938 if (err < 0) {
3939 brcmf_err("SET INFRA error %d\n", err);
3940 goto exit;
3941 } 4045 }
3942 if (dev_role == NL80211_IFTYPE_AP) { 4046 if (dev_role == NL80211_IFTYPE_AP) {
4047 if ((brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MBSS)) && (!mbss))
4048 brcmf_fil_iovar_int_set(ifp, "mbss", 1);
4049
3943 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_AP, 1); 4050 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_AP, 1);
3944 if (err < 0) { 4051 if (err < 0) {
3945 brcmf_err("setting AP mode failed %d\n", err); 4052 brcmf_err("setting AP mode failed %d\n", err);
@@ -3984,7 +4091,7 @@ brcmf_cfg80211_start_ap(struct wiphy *wiphy, struct net_device *ndev,
3984 set_bit(BRCMF_VIF_STATUS_AP_CREATED, &ifp->vif->sme_state); 4091 set_bit(BRCMF_VIF_STATUS_AP_CREATED, &ifp->vif->sme_state);
3985 4092
3986exit: 4093exit:
3987 if (err) { 4094 if ((err) && (!mbss)) {
3988 brcmf_set_mpc(ifp, 1); 4095 brcmf_set_mpc(ifp, 1);
3989 brcmf_configure_arp_offload(ifp, true); 4096 brcmf_configure_arp_offload(ifp, true);
3990 } 4097 }
@@ -4005,20 +4112,31 @@ static int brcmf_cfg80211_stop_ap(struct wiphy *wiphy, struct net_device *ndev)
4005 /* first to make sure they get processed by fw. */ 4112 /* first to make sure they get processed by fw. */
4006 msleep(400); 4113 msleep(400);
4007 4114
4115 if (ifp->vif->mbss) {
4116 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_DOWN, 1);
4117 return err;
4118 }
4119
4008 memset(&join_params, 0, sizeof(join_params)); 4120 memset(&join_params, 0, sizeof(join_params));
4009 err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID, 4121 err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID,
4010 &join_params, sizeof(join_params)); 4122 &join_params, sizeof(join_params));
4011 if (err < 0) 4123 if (err < 0)
4012 brcmf_err("SET SSID error (%d)\n", err); 4124 brcmf_err("SET SSID error (%d)\n", err);
4013 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_UP, 0); 4125 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_DOWN, 1);
4014 if (err < 0) 4126 if (err < 0)
4015 brcmf_err("BRCMF_C_UP error %d\n", err); 4127 brcmf_err("BRCMF_C_DOWN error %d\n", err);
4016 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_AP, 0); 4128 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_AP, 0);
4017 if (err < 0) 4129 if (err < 0)
4018 brcmf_err("setting AP mode failed %d\n", err); 4130 brcmf_err("setting AP mode failed %d\n", err);
4019 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_INFRA, 0); 4131 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_INFRA, 0);
4020 if (err < 0) 4132 if (err < 0)
4021 brcmf_err("setting INFRA mode failed %d\n", err); 4133 brcmf_err("setting INFRA mode failed %d\n", err);
4134 if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MBSS))
4135 brcmf_fil_iovar_int_set(ifp, "mbss", 0);
4136 /* Bring device back up so it can be used again */
4137 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_UP, 1);
4138 if (err < 0)
4139 brcmf_err("BRCMF_C_UP error %d\n", err);
4022 } else { 4140 } else {
4023 bss_enable.bsscfg_idx = cpu_to_le32(ifp->bssidx); 4141 bss_enable.bsscfg_idx = cpu_to_le32(ifp->bssidx);
4024 bss_enable.enable = cpu_to_le32(0); 4142 bss_enable.enable = cpu_to_le32(0);
@@ -4370,7 +4488,9 @@ struct brcmf_cfg80211_vif *brcmf_alloc_vif(struct brcmf_cfg80211_info *cfg,
4370 enum nl80211_iftype type, 4488 enum nl80211_iftype type,
4371 bool pm_block) 4489 bool pm_block)
4372{ 4490{
4491 struct brcmf_cfg80211_vif *vif_walk;
4373 struct brcmf_cfg80211_vif *vif; 4492 struct brcmf_cfg80211_vif *vif;
4493 bool mbss;
4374 4494
4375 brcmf_dbg(TRACE, "allocating virtual interface (size=%zu)\n", 4495 brcmf_dbg(TRACE, "allocating virtual interface (size=%zu)\n",
4376 sizeof(*vif)); 4496 sizeof(*vif));
@@ -4386,6 +4506,17 @@ struct brcmf_cfg80211_vif *brcmf_alloc_vif(struct brcmf_cfg80211_info *cfg,
4386 4506
4387 brcmf_init_prof(&vif->profile); 4507 brcmf_init_prof(&vif->profile);
4388 4508
4509 if (type == NL80211_IFTYPE_AP) {
4510 mbss = false;
4511 list_for_each_entry(vif_walk, &cfg->vif_list, list) {
4512 if (vif_walk->wdev.iftype == NL80211_IFTYPE_AP) {
4513 mbss = true;
4514 break;
4515 }
4516 }
4517 vif->mbss = mbss;
4518 }
4519
4389 list_add_tail(&vif->list, &cfg->vif_list); 4520 list_add_tail(&vif->list, &cfg->vif_list);
4390 return vif; 4521 return vif;
4391} 4522}
@@ -4628,6 +4759,7 @@ brcmf_notify_connect_status_ap(struct brcmf_cfg80211_info *cfg,
4628 struct net_device *ndev, 4759 struct net_device *ndev,
4629 const struct brcmf_event_msg *e, void *data) 4760 const struct brcmf_event_msg *e, void *data)
4630{ 4761{
4762 struct brcmf_if *ifp = netdev_priv(ndev);
4631 static int generation; 4763 static int generation;
4632 u32 event = e->event_code; 4764 u32 event = e->event_code;
4633 u32 reason = e->reason; 4765 u32 reason = e->reason;
@@ -4638,6 +4770,8 @@ brcmf_notify_connect_status_ap(struct brcmf_cfg80211_info *cfg,
4638 ndev != cfg_to_ndev(cfg)) { 4770 ndev != cfg_to_ndev(cfg)) {
4639 brcmf_dbg(CONN, "AP mode link down\n"); 4771 brcmf_dbg(CONN, "AP mode link down\n");
4640 complete(&cfg->vif_disabled); 4772 complete(&cfg->vif_disabled);
4773 if (ifp->vif->mbss)
4774 brcmf_remove_interface(ifp->drvr, ifp->bssidx);
4641 return 0; 4775 return 0;
4642 } 4776 }
4643 4777
@@ -5429,7 +5563,28 @@ static int brcmf_setup_wiphybands(struct wiphy *wiphy)
5429 return 0; 5563 return 0;
5430} 5564}
5431 5565
5432static const struct ieee80211_iface_limit brcmf_iface_limits[] = { 5566static const struct ieee80211_iface_limit brcmf_iface_limits_mbss[] = {
5567 {
5568 .max = 1,
5569 .types = BIT(NL80211_IFTYPE_STATION) |
5570 BIT(NL80211_IFTYPE_ADHOC)
5571 },
5572 {
5573 .max = 4,
5574 .types = BIT(NL80211_IFTYPE_AP)
5575 },
5576 {
5577 .max = 1,
5578 .types = BIT(NL80211_IFTYPE_P2P_CLIENT) |
5579 BIT(NL80211_IFTYPE_P2P_GO)
5580 },
5581 {
5582 .max = 1,
5583 .types = BIT(NL80211_IFTYPE_P2P_DEVICE)
5584 }
5585};
5586
5587static const struct ieee80211_iface_limit brcmf_iface_limits_sbss[] = {
5433 { 5588 {
5434 .max = 2, 5589 .max = 2,
5435 .types = BIT(NL80211_IFTYPE_STATION) | 5590 .types = BIT(NL80211_IFTYPE_STATION) |
@@ -5450,8 +5605,8 @@ static struct ieee80211_iface_combination brcmf_iface_combos[] = {
5450 { 5605 {
5451 .max_interfaces = BRCMF_IFACE_MAX_CNT, 5606 .max_interfaces = BRCMF_IFACE_MAX_CNT,
5452 .num_different_channels = 1, 5607 .num_different_channels = 1,
5453 .n_limits = ARRAY_SIZE(brcmf_iface_limits), 5608 .n_limits = ARRAY_SIZE(brcmf_iface_limits_sbss),
5454 .limits = brcmf_iface_limits 5609 .limits = brcmf_iface_limits_sbss,
5455 } 5610 }
5456}; 5611};
5457 5612
@@ -5527,6 +5682,10 @@ static int brcmf_setup_wiphy(struct wiphy *wiphy, struct brcmf_if *ifp)
5527 ifc_combo = brcmf_iface_combos[0]; 5682 ifc_combo = brcmf_iface_combos[0];
5528 if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MCHAN)) 5683 if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MCHAN))
5529 ifc_combo.num_different_channels = 2; 5684 ifc_combo.num_different_channels = 2;
5685 if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MBSS)) {
5686 ifc_combo.n_limits = ARRAY_SIZE(brcmf_iface_limits_mbss),
5687 ifc_combo.limits = brcmf_iface_limits_mbss;
5688 }
5530 wiphy->iface_combinations = kmemdup(&ifc_combo, 5689 wiphy->iface_combinations = kmemdup(&ifc_combo,
5531 sizeof(ifc_combo), 5690 sizeof(ifc_combo),
5532 GFP_KERNEL); 5691 GFP_KERNEL);
diff --git a/drivers/net/wireless/brcm80211/brcmfmac/cfg80211.h b/drivers/net/wireless/brcm80211/brcmfmac/cfg80211.h
index 2a5b22cb3fef..9e98b8d52757 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/cfg80211.h
+++ b/drivers/net/wireless/brcm80211/brcmfmac/cfg80211.h
@@ -183,6 +183,7 @@ struct vif_saved_ie {
183 * @pm_block: power-management blocked. 183 * @pm_block: power-management blocked.
184 * @list: linked list. 184 * @list: linked list.
185 * @mgmt_rx_reg: registered rx mgmt frame types. 185 * @mgmt_rx_reg: registered rx mgmt frame types.
186 * @mbss: Multiple BSS type, set if not first AP (not relevant for P2P).
186 */ 187 */
187struct brcmf_cfg80211_vif { 188struct brcmf_cfg80211_vif {
188 struct brcmf_if *ifp; 189 struct brcmf_if *ifp;
@@ -194,6 +195,7 @@ struct brcmf_cfg80211_vif {
194 struct vif_saved_ie saved_ie; 195 struct vif_saved_ie saved_ie;
195 struct list_head list; 196 struct list_head list;
196 u16 mgmt_rx_reg; 197 u16 mgmt_rx_reg;
198 bool mbss;
197}; 199};
198 200
199/* association inform */ 201/* association inform */
diff --git a/drivers/net/wireless/brcm80211/brcmfmac/core.c b/drivers/net/wireless/brcm80211/brcmfmac/core.c
index f407665cb1ea..effe6d7831d9 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/core.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/core.c
@@ -836,7 +836,7 @@ struct brcmf_if *brcmf_add_if(struct brcmf_pub *drvr, s32 bssidx, s32 ifidx,
836 return ifp; 836 return ifp;
837} 837}
838 838
839void brcmf_del_if(struct brcmf_pub *drvr, s32 bssidx) 839static void brcmf_del_if(struct brcmf_pub *drvr, s32 bssidx)
840{ 840{
841 struct brcmf_if *ifp; 841 struct brcmf_if *ifp;
842 842
@@ -869,6 +869,38 @@ void brcmf_del_if(struct brcmf_pub *drvr, s32 bssidx)
869 } 869 }
870} 870}
871 871
872void brcmf_remove_interface(struct brcmf_pub *drvr, u32 bssidx)
873{
874 if (drvr->iflist[bssidx]) {
875 brcmf_fws_del_interface(drvr->iflist[bssidx]);
876 brcmf_del_if(drvr, bssidx);
877 }
878}
879
880int brcmf_get_next_free_bsscfgidx(struct brcmf_pub *drvr)
881{
882 int ifidx;
883 int bsscfgidx;
884 bool available;
885 int highest;
886
887 available = false;
888 bsscfgidx = 2;
889 highest = 2;
890 for (ifidx = 0; ifidx < BRCMF_MAX_IFS; ifidx++) {
891 if (drvr->iflist[ifidx]) {
892 if (drvr->iflist[ifidx]->bssidx == bsscfgidx)
893 bsscfgidx = highest + 1;
894 else if (drvr->iflist[ifidx]->bssidx > highest)
895 highest = drvr->iflist[ifidx]->bssidx;
896 } else {
897 available = true;
898 }
899 }
900
901 return available ? bsscfgidx : -ENOMEM;
902}
903
872int brcmf_attach(struct device *dev) 904int brcmf_attach(struct device *dev)
873{ 905{
874 struct brcmf_pub *drvr = NULL; 906 struct brcmf_pub *drvr = NULL;
@@ -1033,10 +1065,7 @@ void brcmf_detach(struct device *dev)
1033 1065
1034 /* make sure primary interface removed last */ 1066 /* make sure primary interface removed last */
1035 for (i = BRCMF_MAX_IFS-1; i > -1; i--) 1067 for (i = BRCMF_MAX_IFS-1; i > -1; i--)
1036 if (drvr->iflist[i]) { 1068 brcmf_remove_interface(drvr, i);
1037 brcmf_fws_del_interface(drvr->iflist[i]);
1038 brcmf_del_if(drvr, i);
1039 }
1040 1069
1041 brcmf_cfg80211_detach(drvr->config); 1070 brcmf_cfg80211_detach(drvr->config);
1042 1071
diff --git a/drivers/net/wireless/brcm80211/brcmfmac/core.h b/drivers/net/wireless/brcm80211/brcmfmac/core.h
index 98228e922d3a..23f74b139cc8 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/core.h
+++ b/drivers/net/wireless/brcm80211/brcmfmac/core.h
@@ -175,7 +175,8 @@ char *brcmf_ifname(struct brcmf_pub *drvr, int idx);
175int brcmf_net_attach(struct brcmf_if *ifp, bool rtnl_locked); 175int brcmf_net_attach(struct brcmf_if *ifp, bool rtnl_locked);
176struct brcmf_if *brcmf_add_if(struct brcmf_pub *drvr, s32 bssidx, s32 ifidx, 176struct brcmf_if *brcmf_add_if(struct brcmf_pub *drvr, s32 bssidx, s32 ifidx,
177 char *name, u8 *mac_addr); 177 char *name, u8 *mac_addr);
178void brcmf_del_if(struct brcmf_pub *drvr, s32 bssidx); 178void brcmf_remove_interface(struct brcmf_pub *drvr, u32 bssidx);
179int brcmf_get_next_free_bsscfgidx(struct brcmf_pub *drvr);
179void brcmf_txflowblock_if(struct brcmf_if *ifp, 180void brcmf_txflowblock_if(struct brcmf_if *ifp,
180 enum brcmf_netif_stop_reason reason, bool state); 181 enum brcmf_netif_stop_reason reason, bool state);
181void brcmf_txfinalize(struct brcmf_pub *drvr, struct sk_buff *txp, u8 ifidx, 182void brcmf_txfinalize(struct brcmf_pub *drvr, struct sk_buff *txp, u8 ifidx,
diff --git a/drivers/net/wireless/brcm80211/brcmfmac/feature.c b/drivers/net/wireless/brcm80211/brcmfmac/feature.c
index 931f68aefaa4..defb7a44e0bc 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/feature.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/feature.c
@@ -97,6 +97,28 @@ static void brcmf_feat_iovar_int_get(struct brcmf_if *ifp,
97 } 97 }
98} 98}
99 99
100/**
101 * brcmf_feat_iovar_int_set() - determine feature through iovar set.
102 *
103 * @ifp: interface to query.
104 * @id: feature id.
105 * @name: iovar name.
106 */
107static void brcmf_feat_iovar_int_set(struct brcmf_if *ifp,
108 enum brcmf_feat_id id, char *name, u32 val)
109{
110 int err;
111
112 err = brcmf_fil_iovar_int_set(ifp, name, val);
113 if (err == 0) {
114 brcmf_dbg(INFO, "enabling feature: %s\n", brcmf_feat_names[id]);
115 ifp->drvr->feat_flags |= BIT(id);
116 } else {
117 brcmf_dbg(TRACE, "%s feature check failed: %d\n",
118 brcmf_feat_names[id], err);
119 }
120}
121
100void brcmf_feat_attach(struct brcmf_pub *drvr) 122void brcmf_feat_attach(struct brcmf_pub *drvr)
101{ 123{
102 struct brcmf_if *ifp = drvr->iflist[0]; 124 struct brcmf_if *ifp = drvr->iflist[0];
@@ -104,6 +126,7 @@ void brcmf_feat_attach(struct brcmf_pub *drvr)
104 brcmf_feat_iovar_int_get(ifp, BRCMF_FEAT_MCHAN, "mchan"); 126 brcmf_feat_iovar_int_get(ifp, BRCMF_FEAT_MCHAN, "mchan");
105 if (drvr->bus_if->wowl_supported) 127 if (drvr->bus_if->wowl_supported)
106 brcmf_feat_iovar_int_get(ifp, BRCMF_FEAT_WOWL, "wowl"); 128 brcmf_feat_iovar_int_get(ifp, BRCMF_FEAT_WOWL, "wowl");
129 brcmf_feat_iovar_int_set(ifp, BRCMF_FEAT_MBSS, "mbss", 0);
107 130
108 /* set chip related quirks */ 131 /* set chip related quirks */
109 switch (drvr->bus_if->chip) { 132 switch (drvr->bus_if->chip) {
diff --git a/drivers/net/wireless/brcm80211/brcmfmac/feature.h b/drivers/net/wireless/brcm80211/brcmfmac/feature.h
index b9a796d0a44d..f5832e077bb7 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/feature.h
+++ b/drivers/net/wireless/brcm80211/brcmfmac/feature.h
@@ -22,6 +22,7 @@
22 * MCHAN: multi-channel for concurrent P2P. 22 * MCHAN: multi-channel for concurrent P2P.
23 */ 23 */
24#define BRCMF_FEAT_LIST \ 24#define BRCMF_FEAT_LIST \
25 BRCMF_FEAT_DEF(MBSS) \
25 BRCMF_FEAT_DEF(MCHAN) \ 26 BRCMF_FEAT_DEF(MCHAN) \
26 BRCMF_FEAT_DEF(WOWL) 27 BRCMF_FEAT_DEF(WOWL)
27/* 28/*
diff --git a/drivers/net/wireless/brcm80211/brcmfmac/fweh.c b/drivers/net/wireless/brcm80211/brcmfmac/fweh.c
index 7338b335e153..ec62492ffa69 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/fweh.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/fweh.c
@@ -221,10 +221,8 @@ static void brcmf_fweh_handle_if_event(struct brcmf_pub *drvr,
221 221
222 err = brcmf_fweh_call_event_handler(ifp, emsg->event_code, emsg, data); 222 err = brcmf_fweh_call_event_handler(ifp, emsg->event_code, emsg, data);
223 223
224 if (ifp && ifevent->action == BRCMF_E_IF_DEL) { 224 if (ifp && ifevent->action == BRCMF_E_IF_DEL)
225 brcmf_fws_del_interface(ifp); 225 brcmf_remove_interface(drvr, ifevent->bssidx);
226 brcmf_del_if(drvr, ifevent->bssidx);
227 }
228} 226}
229 227
230/** 228/**
diff --git a/drivers/net/wireless/brcm80211/brcmfmac/fwil.c b/drivers/net/wireless/brcm80211/brcmfmac/fwil.c
index 51f88c11e642..03f2c406a17b 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/fwil.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/fwil.c
@@ -136,7 +136,7 @@ brcmf_fil_cmd_data_set(struct brcmf_if *ifp, u32 cmd, void *data, u32 len)
136 136
137 mutex_lock(&ifp->drvr->proto_block); 137 mutex_lock(&ifp->drvr->proto_block);
138 138
139 brcmf_dbg(FIL, "cmd=%d, len=%d\n", cmd, len); 139 brcmf_dbg(FIL, "ifidx=%d, cmd=%d, len=%d\n", ifp->ifidx, cmd, len);
140 brcmf_dbg_hex_dump(BRCMF_FIL_ON(), data, 140 brcmf_dbg_hex_dump(BRCMF_FIL_ON(), data,
141 min_t(uint, len, MAX_HEX_DUMP_LEN), "data\n"); 141 min_t(uint, len, MAX_HEX_DUMP_LEN), "data\n");
142 142
@@ -154,7 +154,7 @@ brcmf_fil_cmd_data_get(struct brcmf_if *ifp, u32 cmd, void *data, u32 len)
154 mutex_lock(&ifp->drvr->proto_block); 154 mutex_lock(&ifp->drvr->proto_block);
155 err = brcmf_fil_cmd_data(ifp, cmd, data, len, false); 155 err = brcmf_fil_cmd_data(ifp, cmd, data, len, false);
156 156
157 brcmf_dbg(FIL, "cmd=%d, len=%d\n", cmd, len); 157 brcmf_dbg(FIL, "ifidx=%d, cmd=%d, len=%d\n", ifp->ifidx, cmd, len);
158 brcmf_dbg_hex_dump(BRCMF_FIL_ON(), data, 158 brcmf_dbg_hex_dump(BRCMF_FIL_ON(), data,
159 min_t(uint, len, MAX_HEX_DUMP_LEN), "data\n"); 159 min_t(uint, len, MAX_HEX_DUMP_LEN), "data\n");
160 160
@@ -171,7 +171,7 @@ brcmf_fil_cmd_int_set(struct brcmf_if *ifp, u32 cmd, u32 data)
171 __le32 data_le = cpu_to_le32(data); 171 __le32 data_le = cpu_to_le32(data);
172 172
173 mutex_lock(&ifp->drvr->proto_block); 173 mutex_lock(&ifp->drvr->proto_block);
174 brcmf_dbg(FIL, "cmd=%d, value=%d\n", cmd, data); 174 brcmf_dbg(FIL, "ifidx=%d, cmd=%d, value=%d\n", ifp->ifidx, cmd, data);
175 err = brcmf_fil_cmd_data(ifp, cmd, &data_le, sizeof(data_le), true); 175 err = brcmf_fil_cmd_data(ifp, cmd, &data_le, sizeof(data_le), true);
176 mutex_unlock(&ifp->drvr->proto_block); 176 mutex_unlock(&ifp->drvr->proto_block);
177 177
@@ -188,7 +188,7 @@ brcmf_fil_cmd_int_get(struct brcmf_if *ifp, u32 cmd, u32 *data)
188 err = brcmf_fil_cmd_data(ifp, cmd, &data_le, sizeof(data_le), false); 188 err = brcmf_fil_cmd_data(ifp, cmd, &data_le, sizeof(data_le), false);
189 mutex_unlock(&ifp->drvr->proto_block); 189 mutex_unlock(&ifp->drvr->proto_block);
190 *data = le32_to_cpu(data_le); 190 *data = le32_to_cpu(data_le);
191 brcmf_dbg(FIL, "cmd=%d, value=%d\n", cmd, *data); 191 brcmf_dbg(FIL, "ifidx=%d, cmd=%d, value=%d\n", ifp->ifidx, cmd, *data);
192 192
193 return err; 193 return err;
194} 194}
@@ -224,7 +224,7 @@ brcmf_fil_iovar_data_set(struct brcmf_if *ifp, char *name, const void *data,
224 224
225 mutex_lock(&drvr->proto_block); 225 mutex_lock(&drvr->proto_block);
226 226
227 brcmf_dbg(FIL, "name=%s, len=%d\n", name, len); 227 brcmf_dbg(FIL, "ifidx=%d, name=%s, len=%d\n", ifp->ifidx, name, len);
228 brcmf_dbg_hex_dump(BRCMF_FIL_ON(), data, 228 brcmf_dbg_hex_dump(BRCMF_FIL_ON(), data,
229 min_t(uint, len, MAX_HEX_DUMP_LEN), "data\n"); 229 min_t(uint, len, MAX_HEX_DUMP_LEN), "data\n");
230 230
@@ -264,7 +264,7 @@ brcmf_fil_iovar_data_get(struct brcmf_if *ifp, char *name, void *data,
264 brcmf_err("Creating iovar failed\n"); 264 brcmf_err("Creating iovar failed\n");
265 } 265 }
266 266
267 brcmf_dbg(FIL, "name=%s, len=%d\n", name, len); 267 brcmf_dbg(FIL, "ifidx=%d, name=%s, len=%d\n", ifp->ifidx, name, len);
268 brcmf_dbg_hex_dump(BRCMF_FIL_ON(), data, 268 brcmf_dbg_hex_dump(BRCMF_FIL_ON(), data,
269 min_t(uint, len, MAX_HEX_DUMP_LEN), "data\n"); 269 min_t(uint, len, MAX_HEX_DUMP_LEN), "data\n");
270 270
@@ -347,7 +347,8 @@ brcmf_fil_bsscfg_data_set(struct brcmf_if *ifp, char *name,
347 347
348 mutex_lock(&drvr->proto_block); 348 mutex_lock(&drvr->proto_block);
349 349
350 brcmf_dbg(FIL, "bssidx=%d, name=%s, len=%d\n", ifp->bssidx, name, len); 350 brcmf_dbg(FIL, "ifidx=%d, bssidx=%d, name=%s, len=%d\n", ifp->ifidx,
351 ifp->bssidx, name, len);
351 brcmf_dbg_hex_dump(BRCMF_FIL_ON(), data, 352 brcmf_dbg_hex_dump(BRCMF_FIL_ON(), data,
352 min_t(uint, len, MAX_HEX_DUMP_LEN), "data\n"); 353 min_t(uint, len, MAX_HEX_DUMP_LEN), "data\n");
353 354
@@ -386,7 +387,8 @@ brcmf_fil_bsscfg_data_get(struct brcmf_if *ifp, char *name,
386 err = -EPERM; 387 err = -EPERM;
387 brcmf_err("Creating bsscfg failed\n"); 388 brcmf_err("Creating bsscfg failed\n");
388 } 389 }
389 brcmf_dbg(FIL, "bssidx=%d, name=%s, len=%d\n", ifp->bssidx, name, len); 390 brcmf_dbg(FIL, "ifidx=%d, bssidx=%d, name=%s, len=%d\n", ifp->ifidx,
391 ifp->bssidx, name, len);
390 brcmf_dbg_hex_dump(BRCMF_FIL_ON(), data, 392 brcmf_dbg_hex_dump(BRCMF_FIL_ON(), data,
391 min_t(uint, len, MAX_HEX_DUMP_LEN), "data\n"); 393 min_t(uint, len, MAX_HEX_DUMP_LEN), "data\n");
392 394
diff --git a/drivers/net/wireless/brcm80211/brcmfmac/fwil_types.h b/drivers/net/wireless/brcm80211/brcmfmac/fwil_types.h
index ba64b292f7a5..50891c02c4c1 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/fwil_types.h
+++ b/drivers/net/wireless/brcm80211/brcmfmac/fwil_types.h
@@ -519,4 +519,10 @@ struct brcmf_fil_wowl_pattern_le {
519 /* u8 pattern[] - Pattern follows the mask is at 'patternoffset' */ 519 /* u8 pattern[] - Pattern follows the mask is at 'patternoffset' */
520}; 520};
521 521
522struct brcmf_mbss_ssid_le {
523 __le32 bsscfgidx;
524 __le32 SSID_len;
525 unsigned char SSID[32];
526};
527
522#endif /* FWIL_TYPES_H_ */ 528#endif /* FWIL_TYPES_H_ */
diff --git a/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c b/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c
index 9f783db34ae5..456944a6a2db 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c
@@ -1080,8 +1080,17 @@ brcmf_msgbuf_rx_skb(struct brcmf_msgbuf *msgbuf, struct sk_buff *skb,
1080{ 1080{
1081 struct brcmf_if *ifp; 1081 struct brcmf_if *ifp;
1082 1082
1083 /* The ifidx is the idx to map to matching netdev/ifp. When receiving
1084 * events this is easy because it contains the bssidx which maps
1085 * 1-on-1 to the netdev/ifp. But for data frames the ifidx is rcvd.
1086 * bssidx 1 is used for p2p0 and no data can be received or
1087 * transmitted on it. Therefor bssidx is ifidx + 1 if ifidx > 0
1088 */
1089 if (ifidx)
1090 (ifidx)++;
1083 ifp = msgbuf->drvr->iflist[ifidx]; 1091 ifp = msgbuf->drvr->iflist[ifidx];
1084 if (!ifp || !ifp->ndev) { 1092 if (!ifp || !ifp->ndev) {
1093 brcmf_err("Received pkt for invalid ifidx %d\n", ifidx);
1085 brcmu_pkt_buf_free_skb(skb); 1094 brcmu_pkt_buf_free_skb(skb);
1086 return; 1095 return;
1087 } 1096 }
@@ -1354,6 +1363,7 @@ int brcmf_proto_msgbuf_attach(struct brcmf_pub *drvr)
1354 } 1363 }
1355 INIT_WORK(&msgbuf->txflow_work, brcmf_msgbuf_txflow_worker); 1364 INIT_WORK(&msgbuf->txflow_work, brcmf_msgbuf_txflow_worker);
1356 count = BITS_TO_LONGS(if_msgbuf->nrof_flowrings); 1365 count = BITS_TO_LONGS(if_msgbuf->nrof_flowrings);
1366 count = count * sizeof(unsigned long);
1357 msgbuf->flow_map = kzalloc(count, GFP_KERNEL); 1367 msgbuf->flow_map = kzalloc(count, GFP_KERNEL);
1358 if (!msgbuf->flow_map) 1368 if (!msgbuf->flow_map)
1359 goto fail; 1369 goto fail;
diff --git a/drivers/net/wireless/brcm80211/brcmfmac/pcie.c b/drivers/net/wireless/brcm80211/brcmfmac/pcie.c
index 138691a1365a..905991fdb7b1 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/pcie.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/pcie.c
@@ -798,12 +798,14 @@ static int brcmf_pcie_request_irq(struct brcmf_pciedev_info *devinfo)
798 brcmf_dbg(PCIE, "Enter\n"); 798 brcmf_dbg(PCIE, "Enter\n");
799 /* is it a v1 or v2 implementation */ 799 /* is it a v1 or v2 implementation */
800 devinfo->irq_requested = false; 800 devinfo->irq_requested = false;
801 pci_enable_msi(pdev);
801 if (devinfo->generic_corerev == BRCMF_PCIE_GENREV1) { 802 if (devinfo->generic_corerev == BRCMF_PCIE_GENREV1) {
802 if (request_threaded_irq(pdev->irq, 803 if (request_threaded_irq(pdev->irq,
803 brcmf_pcie_quick_check_isr_v1, 804 brcmf_pcie_quick_check_isr_v1,
804 brcmf_pcie_isr_thread_v1, 805 brcmf_pcie_isr_thread_v1,
805 IRQF_SHARED, "brcmf_pcie_intr", 806 IRQF_SHARED, "brcmf_pcie_intr",
806 devinfo)) { 807 devinfo)) {
808 pci_disable_msi(pdev);
807 brcmf_err("Failed to request IRQ %d\n", pdev->irq); 809 brcmf_err("Failed to request IRQ %d\n", pdev->irq);
808 return -EIO; 810 return -EIO;
809 } 811 }
@@ -813,6 +815,7 @@ static int brcmf_pcie_request_irq(struct brcmf_pciedev_info *devinfo)
813 brcmf_pcie_isr_thread_v2, 815 brcmf_pcie_isr_thread_v2,
814 IRQF_SHARED, "brcmf_pcie_intr", 816 IRQF_SHARED, "brcmf_pcie_intr",
815 devinfo)) { 817 devinfo)) {
818 pci_disable_msi(pdev);
816 brcmf_err("Failed to request IRQ %d\n", pdev->irq); 819 brcmf_err("Failed to request IRQ %d\n", pdev->irq);
817 return -EIO; 820 return -EIO;
818 } 821 }
@@ -839,6 +842,7 @@ static void brcmf_pcie_release_irq(struct brcmf_pciedev_info *devinfo)
839 return; 842 return;
840 devinfo->irq_requested = false; 843 devinfo->irq_requested = false;
841 free_irq(pdev->irq, devinfo); 844 free_irq(pdev->irq, devinfo);
845 pci_disable_msi(pdev);
842 846
843 msleep(50); 847 msleep(50);
844 count = 0; 848 count = 0;
@@ -1857,6 +1861,8 @@ static struct pci_device_id brcmf_pcie_devid_table[] = {
1857 BRCMF_PCIE_DEVICE(BRCM_PCIE_43567_DEVICE_ID), 1861 BRCMF_PCIE_DEVICE(BRCM_PCIE_43567_DEVICE_ID),
1858 BRCMF_PCIE_DEVICE(BRCM_PCIE_43570_DEVICE_ID), 1862 BRCMF_PCIE_DEVICE(BRCM_PCIE_43570_DEVICE_ID),
1859 BRCMF_PCIE_DEVICE(BRCM_PCIE_43602_DEVICE_ID), 1863 BRCMF_PCIE_DEVICE(BRCM_PCIE_43602_DEVICE_ID),
1864 BRCMF_PCIE_DEVICE(BRCM_PCIE_43602_2G_DEVICE_ID),
1865 BRCMF_PCIE_DEVICE(BRCM_PCIE_43602_5G_DEVICE_ID),
1860 { /* end: all zeroes */ } 1866 { /* end: all zeroes */ }
1861}; 1867};
1862 1868
diff --git a/drivers/net/wireless/brcm80211/brcmfmac/vendor.c b/drivers/net/wireless/brcm80211/brcmfmac/vendor.c
index 222f26a39642..50cdf7090198 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/vendor.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/vendor.c
@@ -31,8 +31,8 @@ static int brcmf_cfg80211_vndr_cmds_dcmd_handler(struct wiphy *wiphy,
31 struct wireless_dev *wdev, 31 struct wireless_dev *wdev,
32 const void *data, int len) 32 const void *data, int len)
33{ 33{
34 struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy); 34 struct brcmf_cfg80211_vif *vif;
35 struct net_device *ndev = cfg_to_ndev(cfg); 35 struct brcmf_if *ifp;
36 const struct brcmf_vndr_dcmd_hdr *cmdhdr = data; 36 const struct brcmf_vndr_dcmd_hdr *cmdhdr = data;
37 struct sk_buff *reply; 37 struct sk_buff *reply;
38 int ret, payload, ret_len; 38 int ret, payload, ret_len;
@@ -42,6 +42,9 @@ static int brcmf_cfg80211_vndr_cmds_dcmd_handler(struct wiphy *wiphy,
42 brcmf_dbg(TRACE, "cmd %x set %d len %d\n", cmdhdr->cmd, cmdhdr->set, 42 brcmf_dbg(TRACE, "cmd %x set %d len %d\n", cmdhdr->cmd, cmdhdr->set,
43 cmdhdr->len); 43 cmdhdr->len);
44 44
45 vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
46 ifp = vif->ifp;
47
45 len -= sizeof(struct brcmf_vndr_dcmd_hdr); 48 len -= sizeof(struct brcmf_vndr_dcmd_hdr);
46 ret_len = cmdhdr->len; 49 ret_len = cmdhdr->len;
47 if (ret_len > 0 || len > 0) { 50 if (ret_len > 0 || len > 0) {
@@ -63,11 +66,11 @@ static int brcmf_cfg80211_vndr_cmds_dcmd_handler(struct wiphy *wiphy,
63 } 66 }
64 67
65 if (cmdhdr->set) 68 if (cmdhdr->set)
66 ret = brcmf_fil_cmd_data_set(netdev_priv(ndev), cmdhdr->cmd, 69 ret = brcmf_fil_cmd_data_set(ifp, cmdhdr->cmd, dcmd_buf,
67 dcmd_buf, ret_len); 70 ret_len);
68 else 71 else
69 ret = brcmf_fil_cmd_data_get(netdev_priv(ndev), cmdhdr->cmd, 72 ret = brcmf_fil_cmd_data_get(ifp, cmdhdr->cmd, dcmd_buf,
70 dcmd_buf, ret_len); 73 ret_len);
71 if (ret != 0) 74 if (ret != 0)
72 goto exit; 75 goto exit;
73 76
diff --git a/drivers/net/wireless/brcm80211/brcmsmac/debug.c b/drivers/net/wireless/brcm80211/brcmsmac/debug.c
index 19740c1b1566..c9a8b9360ab1 100644
--- a/drivers/net/wireless/brcm80211/brcmsmac/debug.c
+++ b/drivers/net/wireless/brcm80211/brcmsmac/debug.c
@@ -30,6 +30,7 @@
30#include "main.h" 30#include "main.h"
31#include "debug.h" 31#include "debug.h"
32#include "brcms_trace_events.h" 32#include "brcms_trace_events.h"
33#include "phy/phy_int.h"
33 34
34static struct dentry *root_folder; 35static struct dentry *root_folder;
35 36
@@ -74,20 +75,33 @@ static
74int brcms_debugfs_hardware_read(struct seq_file *s, void *data) 75int brcms_debugfs_hardware_read(struct seq_file *s, void *data)
75{ 76{
76 struct brcms_pub *drvr = s->private; 77 struct brcms_pub *drvr = s->private;
78 struct brcms_hardware *hw = drvr->wlc->hw;
79 struct bcma_device *core = hw->d11core;
80 struct bcma_bus *bus = core->bus;
81 char boardrev[10];
77 82
78 seq_printf(s, "board vendor: %x\n" 83 seq_printf(s, "chipnum 0x%x\n"
79 "board type: %x\n" 84 "chiprev 0x%x\n"
80 "board revision: %x\n" 85 "chippackage 0x%x\n"
81 "board flags: %x\n" 86 "corerev 0x%x\n"
82 "board flags2: %x\n" 87 "boardid 0x%x\n"
83 "firmware revision: %x\n", 88 "boardvendor 0x%x\n"
84 drvr->wlc->hw->d11core->bus->boardinfo.vendor, 89 "boardrev %s\n"
85 drvr->wlc->hw->d11core->bus->boardinfo.type, 90 "boardflags 0x%x\n"
86 drvr->wlc->hw->boardrev, 91 "boardflags2 0x%x\n"
87 drvr->wlc->hw->boardflags, 92 "ucoderev 0x%x\n"
88 drvr->wlc->hw->boardflags2, 93 "radiorev 0x%x\n"
89 drvr->wlc->ucode_rev); 94 "phytype 0x%x\n"
90 95 "phyrev 0x%x\n"
96 "anarev 0x%x\n"
97 "nvramrev %d\n",
98 bus->chipinfo.id, bus->chipinfo.rev, bus->chipinfo.pkg,
99 core->id.rev, bus->boardinfo.type, bus->boardinfo.vendor,
100 brcmu_boardrev_str(hw->boardrev, boardrev),
101 drvr->wlc->hw->boardflags, drvr->wlc->hw->boardflags2,
102 drvr->wlc->ucode_rev, hw->band->radiorev,
103 hw->band->phytype, hw->band->phyrev, hw->band->pi->ana_rev,
104 hw->sromrev);
91 return 0; 105 return 0;
92} 106}
93 107
diff --git a/drivers/net/wireless/brcm80211/brcmsmac/main.c b/drivers/net/wireless/brcm80211/brcmsmac/main.c
index 738cfaca1e0f..a104d7ac3796 100644
--- a/drivers/net/wireless/brcm80211/brcmsmac/main.c
+++ b/drivers/net/wireless/brcm80211/brcmsmac/main.c
@@ -445,18 +445,18 @@ static void brcms_c_detach_mfree(struct brcms_c_info *wlc)
445 kfree(wlc->protection); 445 kfree(wlc->protection);
446 kfree(wlc->stf); 446 kfree(wlc->stf);
447 kfree(wlc->bandstate[0]); 447 kfree(wlc->bandstate[0]);
448 kfree(wlc->corestate->macstat_snapshot); 448 if (wlc->corestate)
449 kfree(wlc->corestate->macstat_snapshot);
449 kfree(wlc->corestate); 450 kfree(wlc->corestate);
450 kfree(wlc->hw->bandstate[0]); 451 if (wlc->hw)
452 kfree(wlc->hw->bandstate[0]);
451 kfree(wlc->hw); 453 kfree(wlc->hw);
452 if (wlc->beacon) 454 if (wlc->beacon)
453 dev_kfree_skb_any(wlc->beacon); 455 dev_kfree_skb_any(wlc->beacon);
454 if (wlc->probe_resp) 456 if (wlc->probe_resp)
455 dev_kfree_skb_any(wlc->probe_resp); 457 dev_kfree_skb_any(wlc->probe_resp);
456 458
457 /* free the wlc */
458 kfree(wlc); 459 kfree(wlc);
459 wlc = NULL;
460} 460}
461 461
462static struct brcms_bss_cfg *brcms_c_bsscfg_malloc(uint unit) 462static struct brcms_bss_cfg *brcms_c_bsscfg_malloc(uint unit)
diff --git a/drivers/net/wireless/brcm80211/brcmutil/utils.c b/drivers/net/wireless/brcm80211/brcmutil/utils.c
index 0f7e1c7b6f58..906e89ddf319 100644
--- a/drivers/net/wireless/brcm80211/brcmutil/utils.c
+++ b/drivers/net/wireless/brcm80211/brcmutil/utils.c
@@ -261,6 +261,21 @@ struct sk_buff *brcmu_pktq_mdeq(struct pktq *pq, uint prec_bmp,
261} 261}
262EXPORT_SYMBOL(brcmu_pktq_mdeq); 262EXPORT_SYMBOL(brcmu_pktq_mdeq);
263 263
264/* Produce a human-readable string for boardrev */
265char *brcmu_boardrev_str(u32 brev, char *buf)
266{
267 char c;
268
269 if (brev < 0x100) {
270 snprintf(buf, 8, "%d.%d", (brev & 0xf0) >> 4, brev & 0xf);
271 } else {
272 c = (brev & 0xf000) == 0x1000 ? 'P' : 'A';
273 snprintf(buf, 8, "%c%03x", c, brev & 0xfff);
274 }
275 return buf;
276}
277EXPORT_SYMBOL(brcmu_boardrev_str);
278
264#if defined(DEBUG) 279#if defined(DEBUG)
265/* pretty hex print a pkt buffer chain */ 280/* pretty hex print a pkt buffer chain */
266void brcmu_prpkt(const char *msg, struct sk_buff *p0) 281void brcmu_prpkt(const char *msg, struct sk_buff *p0)
@@ -292,4 +307,5 @@ void brcmu_dbg_hex_dump(const void *data, size_t size, const char *fmt, ...)
292 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, data, size); 307 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, data, size);
293} 308}
294EXPORT_SYMBOL(brcmu_dbg_hex_dump); 309EXPORT_SYMBOL(brcmu_dbg_hex_dump);
310
295#endif /* defined(DEBUG) */ 311#endif /* defined(DEBUG) */
diff --git a/drivers/net/wireless/brcm80211/include/brcm_hw_ids.h b/drivers/net/wireless/brcm80211/include/brcm_hw_ids.h
index af26e0de1e5c..6996fcc144cf 100644
--- a/drivers/net/wireless/brcm80211/include/brcm_hw_ids.h
+++ b/drivers/net/wireless/brcm80211/include/brcm_hw_ids.h
@@ -68,6 +68,8 @@
68#define BRCM_PCIE_43567_DEVICE_ID 0x43d3 68#define BRCM_PCIE_43567_DEVICE_ID 0x43d3
69#define BRCM_PCIE_43570_DEVICE_ID 0x43d9 69#define BRCM_PCIE_43570_DEVICE_ID 0x43d9
70#define BRCM_PCIE_43602_DEVICE_ID 0x43ba 70#define BRCM_PCIE_43602_DEVICE_ID 0x43ba
71#define BRCM_PCIE_43602_2G_DEVICE_ID 0x43bb
72#define BRCM_PCIE_43602_5G_DEVICE_ID 0x43bc
71 73
72/* brcmsmac IDs */ 74/* brcmsmac IDs */
73#define BCM4313_D11N2G_ID 0x4727 /* 4313 802.11n 2.4G device */ 75#define BCM4313_D11N2G_ID 0x4727 /* 4313 802.11n 2.4G device */
diff --git a/drivers/net/wireless/brcm80211/include/brcmu_utils.h b/drivers/net/wireless/brcm80211/include/brcmu_utils.h
index 8ba445b3fd72..a043e29f07e2 100644
--- a/drivers/net/wireless/brcm80211/include/brcmu_utils.h
+++ b/drivers/net/wireless/brcm80211/include/brcmu_utils.h
@@ -218,4 +218,6 @@ void brcmu_dbg_hex_dump(const void *data, size_t size, const char *fmt, ...)
218} 218}
219#endif 219#endif
220 220
221char *brcmu_boardrev_str(u32 brev, char *buf);
222
221#endif /* _BRCMU_UTILS_H_ */ 223#endif /* _BRCMU_UTILS_H_ */
diff --git a/drivers/net/wireless/iwlwifi/Kconfig b/drivers/net/wireless/iwlwifi/Kconfig
index 139de90c2aaf..ab019b45551b 100644
--- a/drivers/net/wireless/iwlwifi/Kconfig
+++ b/drivers/net/wireless/iwlwifi/Kconfig
@@ -59,7 +59,7 @@ config IWLDVM
59 59
60config IWLMVM 60config IWLMVM
61 tristate "Intel Wireless WiFi MVM Firmware support" 61 tristate "Intel Wireless WiFi MVM Firmware support"
62 select BACKPORT_WANT_DEV_COREDUMP 62 select WANT_DEV_COREDUMP
63 help 63 help
64 This is the driver that supports the MVM firmware which is 64 This is the driver that supports the MVM firmware which is
65 currently only available for 7260 and 3160 devices. 65 currently only available for 7260 and 3160 devices.
diff --git a/drivers/net/wireless/iwlwifi/dvm/commands.h b/drivers/net/wireless/iwlwifi/dvm/commands.h
index 751ae1d10b7f..7a34e4d158d1 100644
--- a/drivers/net/wireless/iwlwifi/dvm/commands.h
+++ b/drivers/net/wireless/iwlwifi/dvm/commands.h
@@ -966,21 +966,21 @@ struct iwl_rem_sta_cmd {
966 966
967 967
968/* WiFi queues mask */ 968/* WiFi queues mask */
969#define IWL_SCD_BK_MSK cpu_to_le32(BIT(0)) 969#define IWL_SCD_BK_MSK BIT(0)
970#define IWL_SCD_BE_MSK cpu_to_le32(BIT(1)) 970#define IWL_SCD_BE_MSK BIT(1)
971#define IWL_SCD_VI_MSK cpu_to_le32(BIT(2)) 971#define IWL_SCD_VI_MSK BIT(2)
972#define IWL_SCD_VO_MSK cpu_to_le32(BIT(3)) 972#define IWL_SCD_VO_MSK BIT(3)
973#define IWL_SCD_MGMT_MSK cpu_to_le32(BIT(3)) 973#define IWL_SCD_MGMT_MSK BIT(3)
974 974
975/* PAN queues mask */ 975/* PAN queues mask */
976#define IWL_PAN_SCD_BK_MSK cpu_to_le32(BIT(4)) 976#define IWL_PAN_SCD_BK_MSK BIT(4)
977#define IWL_PAN_SCD_BE_MSK cpu_to_le32(BIT(5)) 977#define IWL_PAN_SCD_BE_MSK BIT(5)
978#define IWL_PAN_SCD_VI_MSK cpu_to_le32(BIT(6)) 978#define IWL_PAN_SCD_VI_MSK BIT(6)
979#define IWL_PAN_SCD_VO_MSK cpu_to_le32(BIT(7)) 979#define IWL_PAN_SCD_VO_MSK BIT(7)
980#define IWL_PAN_SCD_MGMT_MSK cpu_to_le32(BIT(7)) 980#define IWL_PAN_SCD_MGMT_MSK BIT(7)
981#define IWL_PAN_SCD_MULTICAST_MSK cpu_to_le32(BIT(8)) 981#define IWL_PAN_SCD_MULTICAST_MSK BIT(8)
982 982
983#define IWL_AGG_TX_QUEUE_MSK cpu_to_le32(0xffc00) 983#define IWL_AGG_TX_QUEUE_MSK 0xffc00
984 984
985#define IWL_DROP_ALL BIT(1) 985#define IWL_DROP_ALL BIT(1)
986 986
@@ -1005,12 +1005,17 @@ struct iwl_rem_sta_cmd {
1005 * 1: Dump multiple MSDU according to PS, INVALID STA, TTL, TID disable. 1005 * 1: Dump multiple MSDU according to PS, INVALID STA, TTL, TID disable.
1006 * 2: Dump all FIFO 1006 * 2: Dump all FIFO
1007 */ 1007 */
1008struct iwl_txfifo_flush_cmd { 1008struct iwl_txfifo_flush_cmd_v3 {
1009 __le32 queue_control; 1009 __le32 queue_control;
1010 __le16 flush_control; 1010 __le16 flush_control;
1011 __le16 reserved; 1011 __le16 reserved;
1012} __packed; 1012} __packed;
1013 1013
1014struct iwl_txfifo_flush_cmd_v2 {
1015 __le16 queue_control;
1016 __le16 flush_control;
1017} __packed;
1018
1014/* 1019/*
1015 * REPLY_WEP_KEY = 0x20 1020 * REPLY_WEP_KEY = 0x20
1016 */ 1021 */
diff --git a/drivers/net/wireless/iwlwifi/dvm/lib.c b/drivers/net/wireless/iwlwifi/dvm/lib.c
index 02e4ede2b042..1d2223df5cb0 100644
--- a/drivers/net/wireless/iwlwifi/dvm/lib.c
+++ b/drivers/net/wireless/iwlwifi/dvm/lib.c
@@ -137,37 +137,38 @@ int iwlagn_manage_ibss_station(struct iwl_priv *priv,
137 */ 137 */
138int iwlagn_txfifo_flush(struct iwl_priv *priv, u32 scd_q_msk) 138int iwlagn_txfifo_flush(struct iwl_priv *priv, u32 scd_q_msk)
139{ 139{
140 struct iwl_txfifo_flush_cmd flush_cmd; 140 struct iwl_txfifo_flush_cmd_v3 flush_cmd_v3 = {
141 struct iwl_host_cmd cmd = { 141 .flush_control = cpu_to_le16(IWL_DROP_ALL),
142 .id = REPLY_TXFIFO_FLUSH, 142 };
143 .len = { sizeof(struct iwl_txfifo_flush_cmd), }, 143 struct iwl_txfifo_flush_cmd_v2 flush_cmd_v2 = {
144 .data = { &flush_cmd, }, 144 .flush_control = cpu_to_le16(IWL_DROP_ALL),
145 }; 145 };
146 146
147 memset(&flush_cmd, 0, sizeof(flush_cmd)); 147 u32 queue_control = IWL_SCD_VO_MSK | IWL_SCD_VI_MSK |
148 IWL_SCD_BE_MSK | IWL_SCD_BK_MSK | IWL_SCD_MGMT_MSK;
148 149
149 flush_cmd.queue_control = IWL_SCD_VO_MSK | IWL_SCD_VI_MSK |
150 IWL_SCD_BE_MSK | IWL_SCD_BK_MSK |
151 IWL_SCD_MGMT_MSK;
152 if ((priv->valid_contexts != BIT(IWL_RXON_CTX_BSS))) 150 if ((priv->valid_contexts != BIT(IWL_RXON_CTX_BSS)))
153 flush_cmd.queue_control |= IWL_PAN_SCD_VO_MSK | 151 queue_control |= IWL_PAN_SCD_VO_MSK | IWL_PAN_SCD_VI_MSK |
154 IWL_PAN_SCD_VI_MSK | 152 IWL_PAN_SCD_BE_MSK | IWL_PAN_SCD_BK_MSK |
155 IWL_PAN_SCD_BE_MSK | 153 IWL_PAN_SCD_MGMT_MSK |
156 IWL_PAN_SCD_BK_MSK | 154 IWL_PAN_SCD_MULTICAST_MSK;
157 IWL_PAN_SCD_MGMT_MSK |
158 IWL_PAN_SCD_MULTICAST_MSK;
159 155
160 if (priv->nvm_data->sku_cap_11n_enable) 156 if (priv->nvm_data->sku_cap_11n_enable)
161 flush_cmd.queue_control |= IWL_AGG_TX_QUEUE_MSK; 157 queue_control |= IWL_AGG_TX_QUEUE_MSK;
162 158
163 if (scd_q_msk) 159 if (scd_q_msk)
164 flush_cmd.queue_control = cpu_to_le32(scd_q_msk); 160 queue_control = scd_q_msk;
165 161
166 IWL_DEBUG_INFO(priv, "queue control: 0x%x\n", 162 IWL_DEBUG_INFO(priv, "queue control: 0x%x\n", queue_control);
167 flush_cmd.queue_control); 163 flush_cmd_v3.queue_control = cpu_to_le32(queue_control);
168 flush_cmd.flush_control = cpu_to_le16(IWL_DROP_ALL); 164 flush_cmd_v2.queue_control = cpu_to_le16((u16)queue_control);
169 165
170 return iwl_dvm_send_cmd(priv, &cmd); 166 if (IWL_UCODE_API(priv->fw->ucode_ver) > 2)
167 return iwl_dvm_send_cmd_pdu(priv, REPLY_TXFIFO_FLUSH, 0,
168 sizeof(flush_cmd_v3),
169 &flush_cmd_v3);
170 return iwl_dvm_send_cmd_pdu(priv, REPLY_TXFIFO_FLUSH, 0,
171 sizeof(flush_cmd_v2), &flush_cmd_v2);
171} 172}
172 173
173void iwlagn_dev_txfifo_flush(struct iwl_priv *priv) 174void iwlagn_dev_txfifo_flush(struct iwl_priv *priv)
diff --git a/drivers/net/wireless/iwlwifi/iwl-7000.c b/drivers/net/wireless/iwlwifi/iwl-7000.c
index b04b8858c690..e5be2d21868f 100644
--- a/drivers/net/wireless/iwlwifi/iwl-7000.c
+++ b/drivers/net/wireless/iwlwifi/iwl-7000.c
@@ -73,12 +73,12 @@
73#define IWL3160_UCODE_API_MAX 10 73#define IWL3160_UCODE_API_MAX 10
74 74
75/* Oldest version we won't warn about */ 75/* Oldest version we won't warn about */
76#define IWL7260_UCODE_API_OK 9 76#define IWL7260_UCODE_API_OK 10
77#define IWL3160_UCODE_API_OK 9 77#define IWL3160_UCODE_API_OK 10
78 78
79/* Lowest firmware API version supported */ 79/* Lowest firmware API version supported */
80#define IWL7260_UCODE_API_MIN 8 80#define IWL7260_UCODE_API_MIN 9
81#define IWL3160_UCODE_API_MIN 8 81#define IWL3160_UCODE_API_MIN 9
82 82
83/* NVM versions */ 83/* NVM versions */
84#define IWL7260_NVM_VERSION 0x0a1d 84#define IWL7260_NVM_VERSION 0x0a1d
@@ -89,6 +89,8 @@
89#define IWL3165_TX_POWER_VERSION 0xffff /* meaningless */ 89#define IWL3165_TX_POWER_VERSION 0xffff /* meaningless */
90#define IWL7265_NVM_VERSION 0x0a1d 90#define IWL7265_NVM_VERSION 0x0a1d
91#define IWL7265_TX_POWER_VERSION 0xffff /* meaningless */ 91#define IWL7265_TX_POWER_VERSION 0xffff /* meaningless */
92#define IWL7265D_NVM_VERSION 0x0c11
93#define IWL7265_TX_POWER_VERSION 0xffff /* meaningless */
92 94
93#define IWL7260_FW_PRE "iwlwifi-7260-" 95#define IWL7260_FW_PRE "iwlwifi-7260-"
94#define IWL7260_MODULE_FIRMWARE(api) IWL7260_FW_PRE __stringify(api) ".ucode" 96#define IWL7260_MODULE_FIRMWARE(api) IWL7260_FW_PRE __stringify(api) ".ucode"
@@ -102,6 +104,9 @@
102#define IWL7265_FW_PRE "iwlwifi-7265-" 104#define IWL7265_FW_PRE "iwlwifi-7265-"
103#define IWL7265_MODULE_FIRMWARE(api) IWL7265_FW_PRE __stringify(api) ".ucode" 105#define IWL7265_MODULE_FIRMWARE(api) IWL7265_FW_PRE __stringify(api) ".ucode"
104 106
107#define IWL7265D_FW_PRE "iwlwifi-7265D-"
108#define IWL7265D_MODULE_FIRMWARE(api) IWL7265_FW_PRE __stringify(api) ".ucode"
109
105#define NVM_HW_SECTION_NUM_FAMILY_7000 0 110#define NVM_HW_SECTION_NUM_FAMILY_7000 0
106 111
107static const struct iwl_base_params iwl7000_base_params = { 112static const struct iwl_base_params iwl7000_base_params = {
@@ -132,8 +137,8 @@ static const struct iwl_ht_params iwl7000_ht_params = {
132 .base_params = &iwl7000_base_params, \ 137 .base_params = &iwl7000_base_params, \
133 .led_mode = IWL_LED_RF_STATE, \ 138 .led_mode = IWL_LED_RF_STATE, \
134 .nvm_hw_section_num = NVM_HW_SECTION_NUM_FAMILY_7000, \ 139 .nvm_hw_section_num = NVM_HW_SECTION_NUM_FAMILY_7000, \
135 .non_shared_ant = ANT_A 140 .non_shared_ant = ANT_A, \
136 141 .max_ht_ampdu_exponent = IEEE80211_HT_MAX_AMPDU_64K
137 142
138const struct iwl_cfg iwl7260_2ac_cfg = { 143const struct iwl_cfg iwl7260_2ac_cfg = {
139 .name = "Intel(R) Dual Band Wireless AC 7260", 144 .name = "Intel(R) Dual Band Wireless AC 7260",
@@ -267,7 +272,38 @@ const struct iwl_cfg iwl7265_n_cfg = {
267 .pwr_tx_backoffs = iwl7265_pwr_tx_backoffs, 272 .pwr_tx_backoffs = iwl7265_pwr_tx_backoffs,
268}; 273};
269 274
275const struct iwl_cfg iwl7265d_2ac_cfg = {
276 .name = "Intel(R) Dual Band Wireless AC 7265",
277 .fw_name_pre = IWL7265D_FW_PRE,
278 IWL_DEVICE_7000,
279 .ht_params = &iwl7265_ht_params,
280 .nvm_ver = IWL7265D_NVM_VERSION,
281 .nvm_calib_ver = IWL7265_TX_POWER_VERSION,
282 .pwr_tx_backoffs = iwl7265_pwr_tx_backoffs,
283};
284
285const struct iwl_cfg iwl7265d_2n_cfg = {
286 .name = "Intel(R) Dual Band Wireless N 7265",
287 .fw_name_pre = IWL7265D_FW_PRE,
288 IWL_DEVICE_7000,
289 .ht_params = &iwl7265_ht_params,
290 .nvm_ver = IWL7265D_NVM_VERSION,
291 .nvm_calib_ver = IWL7265_TX_POWER_VERSION,
292 .pwr_tx_backoffs = iwl7265_pwr_tx_backoffs,
293};
294
295const struct iwl_cfg iwl7265d_n_cfg = {
296 .name = "Intel(R) Wireless N 7265",
297 .fw_name_pre = IWL7265D_FW_PRE,
298 IWL_DEVICE_7000,
299 .ht_params = &iwl7265_ht_params,
300 .nvm_ver = IWL7265D_NVM_VERSION,
301 .nvm_calib_ver = IWL7265_TX_POWER_VERSION,
302 .pwr_tx_backoffs = iwl7265_pwr_tx_backoffs,
303};
304
270MODULE_FIRMWARE(IWL7260_MODULE_FIRMWARE(IWL7260_UCODE_API_OK)); 305MODULE_FIRMWARE(IWL7260_MODULE_FIRMWARE(IWL7260_UCODE_API_OK));
271MODULE_FIRMWARE(IWL3160_MODULE_FIRMWARE(IWL3160_UCODE_API_OK)); 306MODULE_FIRMWARE(IWL3160_MODULE_FIRMWARE(IWL3160_UCODE_API_OK));
272MODULE_FIRMWARE(IWL3165_MODULE_FIRMWARE(IWL3160_UCODE_API_OK)); 307MODULE_FIRMWARE(IWL3165_MODULE_FIRMWARE(IWL3160_UCODE_API_OK));
273MODULE_FIRMWARE(IWL7265_MODULE_FIRMWARE(IWL7260_UCODE_API_OK)); 308MODULE_FIRMWARE(IWL7265_MODULE_FIRMWARE(IWL7260_UCODE_API_OK));
309MODULE_FIRMWARE(IWL7265D_MODULE_FIRMWARE(IWL7260_UCODE_API_OK));
diff --git a/drivers/net/wireless/iwlwifi/iwl-8000.c b/drivers/net/wireless/iwlwifi/iwl-8000.c
index 896ea906549c..bf0a95cb7153 100644
--- a/drivers/net/wireless/iwlwifi/iwl-8000.c
+++ b/drivers/net/wireless/iwlwifi/iwl-8000.c
@@ -72,10 +72,10 @@
72#define IWL8000_UCODE_API_MAX 10 72#define IWL8000_UCODE_API_MAX 10
73 73
74/* Oldest version we won't warn about */ 74/* Oldest version we won't warn about */
75#define IWL8000_UCODE_API_OK 8 75#define IWL8000_UCODE_API_OK 10
76 76
77/* Lowest firmware API version supported */ 77/* Lowest firmware API version supported */
78#define IWL8000_UCODE_API_MIN 8 78#define IWL8000_UCODE_API_MIN 9
79 79
80/* NVM versions */ 80/* NVM versions */
81#define IWL8000_NVM_VERSION 0x0a1d 81#define IWL8000_NVM_VERSION 0x0a1d
@@ -91,6 +91,10 @@
91/* Max SDIO RX aggregation size of the ADDBA request/response */ 91/* Max SDIO RX aggregation size of the ADDBA request/response */
92#define MAX_RX_AGG_SIZE_8260_SDIO 28 92#define MAX_RX_AGG_SIZE_8260_SDIO 28
93 93
94/* Max A-MPDU exponent for HT and VHT */
95#define MAX_HT_AMPDU_EXPONENT_8260_SDIO IEEE80211_HT_MAX_AMPDU_32K
96#define MAX_VHT_AMPDU_EXPONENT_8260_SDIO IEEE80211_VHT_MAX_AMPDU_32K
97
94static const struct iwl_base_params iwl8000_base_params = { 98static const struct iwl_base_params iwl8000_base_params = {
95 .eeprom_size = OTP_LOW_IMAGE_SIZE_FAMILY_8000, 99 .eeprom_size = OTP_LOW_IMAGE_SIZE_FAMILY_8000,
96 .num_of_queues = IWLAGN_NUM_QUEUES, 100 .num_of_queues = IWLAGN_NUM_QUEUES,
@@ -119,6 +123,7 @@ static const struct iwl_ht_params iwl8000_ht_params = {
119 .base_params = &iwl8000_base_params, \ 123 .base_params = &iwl8000_base_params, \
120 .led_mode = IWL_LED_RF_STATE, \ 124 .led_mode = IWL_LED_RF_STATE, \
121 .nvm_hw_section_num = NVM_HW_SECTION_NUM_FAMILY_8000, \ 125 .nvm_hw_section_num = NVM_HW_SECTION_NUM_FAMILY_8000, \
126 .d0i3 = true, \
122 .non_shared_ant = ANT_A 127 .non_shared_ant = ANT_A
123 128
124const struct iwl_cfg iwl8260_2n_cfg = { 129const struct iwl_cfg iwl8260_2n_cfg = {
@@ -137,6 +142,7 @@ const struct iwl_cfg iwl8260_2ac_cfg = {
137 .ht_params = &iwl8000_ht_params, 142 .ht_params = &iwl8000_ht_params,
138 .nvm_ver = IWL8000_NVM_VERSION, 143 .nvm_ver = IWL8000_NVM_VERSION,
139 .nvm_calib_ver = IWL8000_TX_POWER_VERSION, 144 .nvm_calib_ver = IWL8000_TX_POWER_VERSION,
145 .max_ht_ampdu_exponent = IEEE80211_HT_MAX_AMPDU_64K,
140}; 146};
141 147
142const struct iwl_cfg iwl8260_2ac_sdio_cfg = { 148const struct iwl_cfg iwl8260_2ac_sdio_cfg = {
@@ -149,6 +155,23 @@ const struct iwl_cfg iwl8260_2ac_sdio_cfg = {
149 .default_nvm_file = DEFAULT_NVM_FILE_FAMILY_8000, 155 .default_nvm_file = DEFAULT_NVM_FILE_FAMILY_8000,
150 .max_rx_agg_size = MAX_RX_AGG_SIZE_8260_SDIO, 156 .max_rx_agg_size = MAX_RX_AGG_SIZE_8260_SDIO,
151 .disable_dummy_notification = true, 157 .disable_dummy_notification = true,
158 .max_ht_ampdu_exponent = MAX_HT_AMPDU_EXPONENT_8260_SDIO,
159 .max_vht_ampdu_exponent = MAX_VHT_AMPDU_EXPONENT_8260_SDIO,
160};
161
162const struct iwl_cfg iwl4165_2ac_sdio_cfg = {
163 .name = "Intel(R) Dual Band Wireless-AC 4165",
164 .fw_name_pre = IWL8000_FW_PRE,
165 IWL_DEVICE_8000,
166 .ht_params = &iwl8000_ht_params,
167 .nvm_ver = IWL8000_NVM_VERSION,
168 .nvm_calib_ver = IWL8000_TX_POWER_VERSION,
169 .default_nvm_file = DEFAULT_NVM_FILE_FAMILY_8000,
170 .max_rx_agg_size = MAX_RX_AGG_SIZE_8260_SDIO,
171 .bt_shared_single_ant = true,
172 .disable_dummy_notification = true,
173 .max_ht_ampdu_exponent = MAX_HT_AMPDU_EXPONENT_8260_SDIO,
174 .max_vht_ampdu_exponent = MAX_VHT_AMPDU_EXPONENT_8260_SDIO,
152}; 175};
153 176
154MODULE_FIRMWARE(IWL8000_MODULE_FIRMWARE(IWL8000_UCODE_API_OK)); 177MODULE_FIRMWARE(IWL8000_MODULE_FIRMWARE(IWL8000_UCODE_API_OK));
diff --git a/drivers/net/wireless/iwlwifi/iwl-config.h b/drivers/net/wireless/iwlwifi/iwl-config.h
index f8aa9cf08279..3a4b9c7fc083 100644
--- a/drivers/net/wireless/iwlwifi/iwl-config.h
+++ b/drivers/net/wireless/iwlwifi/iwl-config.h
@@ -257,6 +257,10 @@ struct iwl_pwr_tx_backoff {
257 * @pwr_tx_backoffs: translation table between power limits and backoffs 257 * @pwr_tx_backoffs: translation table between power limits and backoffs
258 * @max_rx_agg_size: max RX aggregation size of the ADDBA request/response 258 * @max_rx_agg_size: max RX aggregation size of the ADDBA request/response
259 * @max_tx_agg_size: max TX aggregation size of the ADDBA request/response 259 * @max_tx_agg_size: max TX aggregation size of the ADDBA request/response
260 * @max_ht_ampdu_factor: the exponent of the max length of A-MPDU that the
261 * station can receive in HT
262 * @max_vht_ampdu_exponent: the exponent of the max length of A-MPDU that the
263 * station can receive in VHT
260 * 264 *
261 * We enable the driver to be backward compatible wrt. hardware features. 265 * We enable the driver to be backward compatible wrt. hardware features.
262 * API differences in uCode shouldn't be handled here but through TLVs 266 * API differences in uCode shouldn't be handled here but through TLVs
@@ -297,6 +301,8 @@ struct iwl_cfg {
297 unsigned int max_rx_agg_size; 301 unsigned int max_rx_agg_size;
298 bool disable_dummy_notification; 302 bool disable_dummy_notification;
299 unsigned int max_tx_agg_size; 303 unsigned int max_tx_agg_size;
304 unsigned int max_ht_ampdu_exponent;
305 unsigned int max_vht_ampdu_exponent;
300}; 306};
301 307
302/* 308/*
@@ -358,9 +364,14 @@ extern const struct iwl_cfg iwl3165_2ac_cfg;
358extern const struct iwl_cfg iwl7265_2ac_cfg; 364extern const struct iwl_cfg iwl7265_2ac_cfg;
359extern const struct iwl_cfg iwl7265_2n_cfg; 365extern const struct iwl_cfg iwl7265_2n_cfg;
360extern const struct iwl_cfg iwl7265_n_cfg; 366extern const struct iwl_cfg iwl7265_n_cfg;
367extern const struct iwl_cfg iwl7265d_2ac_cfg;
368extern const struct iwl_cfg iwl7265d_2n_cfg;
369extern const struct iwl_cfg iwl7265d_n_cfg;
361extern const struct iwl_cfg iwl8260_2n_cfg; 370extern const struct iwl_cfg iwl8260_2n_cfg;
362extern const struct iwl_cfg iwl8260_2ac_cfg; 371extern const struct iwl_cfg iwl8260_2ac_cfg;
363extern const struct iwl_cfg iwl8260_2ac_sdio_cfg; 372extern const struct iwl_cfg iwl8260_2ac_sdio_cfg;
373extern const struct iwl_cfg iwl4265_2ac_sdio_cfg;
374extern const struct iwl_cfg iwl4165_2ac_sdio_cfg;
364#endif /* CONFIG_IWLMVM */ 375#endif /* CONFIG_IWLMVM */
365 376
366#endif /* __IWL_CONFIG_H__ */ 377#endif /* __IWL_CONFIG_H__ */
diff --git a/drivers/net/wireless/iwlwifi/iwl-csr.h b/drivers/net/wireless/iwlwifi/iwl-csr.h
index 3f6f015285e5..aff63c3f5bf8 100644
--- a/drivers/net/wireless/iwlwifi/iwl-csr.h
+++ b/drivers/net/wireless/iwlwifi/iwl-csr.h
@@ -129,6 +129,8 @@
129#define CSR_UCODE_DRV_GP1_CLR (CSR_BASE+0x05c) 129#define CSR_UCODE_DRV_GP1_CLR (CSR_BASE+0x05c)
130#define CSR_UCODE_DRV_GP2 (CSR_BASE+0x060) 130#define CSR_UCODE_DRV_GP2 (CSR_BASE+0x060)
131 131
132#define CSR_MBOX_SET_REG (CSR_BASE + 0x88)
133
132#define CSR_LED_REG (CSR_BASE+0x094) 134#define CSR_LED_REG (CSR_BASE+0x094)
133#define CSR_DRAM_INT_TBL_REG (CSR_BASE+0x0A0) 135#define CSR_DRAM_INT_TBL_REG (CSR_BASE+0x0A0)
134#define CSR_MAC_SHADOW_REG_CTRL (CSR_BASE+0x0A8) /* 6000 and up */ 136#define CSR_MAC_SHADOW_REG_CTRL (CSR_BASE+0x0A8) /* 6000 and up */
@@ -184,6 +186,8 @@
184#define CSR_HW_IF_CONFIG_REG_PREPARE (0x08000000) /* WAKE_ME */ 186#define CSR_HW_IF_CONFIG_REG_PREPARE (0x08000000) /* WAKE_ME */
185#define CSR_HW_IF_CONFIG_REG_PERSIST_MODE (0x40000000) /* PERSISTENCE */ 187#define CSR_HW_IF_CONFIG_REG_PERSIST_MODE (0x40000000) /* PERSISTENCE */
186 188
189#define CSR_MBOX_SET_REG_OS_ALIVE BIT(5)
190
187#define CSR_INT_PERIODIC_DIS (0x00) /* disable periodic int*/ 191#define CSR_INT_PERIODIC_DIS (0x00) /* disable periodic int*/
188#define CSR_INT_PERIODIC_ENA (0xFF) /* 255*32 usec ~ 8 msec*/ 192#define CSR_INT_PERIODIC_ENA (0xFF) /* 255*32 usec ~ 8 msec*/
189 193
@@ -305,23 +309,24 @@ enum {
305}; 309};
306 310
307 311
308#define CSR_HW_REV_TYPE_MSK (0x000FFF0) 312#define CSR_HW_REV_TYPE_MSK (0x000FFF0)
309#define CSR_HW_REV_TYPE_5300 (0x0000020) 313#define CSR_HW_REV_TYPE_5300 (0x0000020)
310#define CSR_HW_REV_TYPE_5350 (0x0000030) 314#define CSR_HW_REV_TYPE_5350 (0x0000030)
311#define CSR_HW_REV_TYPE_5100 (0x0000050) 315#define CSR_HW_REV_TYPE_5100 (0x0000050)
312#define CSR_HW_REV_TYPE_5150 (0x0000040) 316#define CSR_HW_REV_TYPE_5150 (0x0000040)
313#define CSR_HW_REV_TYPE_1000 (0x0000060) 317#define CSR_HW_REV_TYPE_1000 (0x0000060)
314#define CSR_HW_REV_TYPE_6x00 (0x0000070) 318#define CSR_HW_REV_TYPE_6x00 (0x0000070)
315#define CSR_HW_REV_TYPE_6x50 (0x0000080) 319#define CSR_HW_REV_TYPE_6x50 (0x0000080)
316#define CSR_HW_REV_TYPE_6150 (0x0000084) 320#define CSR_HW_REV_TYPE_6150 (0x0000084)
317#define CSR_HW_REV_TYPE_6x05 (0x00000B0) 321#define CSR_HW_REV_TYPE_6x05 (0x00000B0)
318#define CSR_HW_REV_TYPE_6x30 CSR_HW_REV_TYPE_6x05 322#define CSR_HW_REV_TYPE_6x30 CSR_HW_REV_TYPE_6x05
319#define CSR_HW_REV_TYPE_6x35 CSR_HW_REV_TYPE_6x05 323#define CSR_HW_REV_TYPE_6x35 CSR_HW_REV_TYPE_6x05
320#define CSR_HW_REV_TYPE_2x30 (0x00000C0) 324#define CSR_HW_REV_TYPE_2x30 (0x00000C0)
321#define CSR_HW_REV_TYPE_2x00 (0x0000100) 325#define CSR_HW_REV_TYPE_2x00 (0x0000100)
322#define CSR_HW_REV_TYPE_105 (0x0000110) 326#define CSR_HW_REV_TYPE_105 (0x0000110)
323#define CSR_HW_REV_TYPE_135 (0x0000120) 327#define CSR_HW_REV_TYPE_135 (0x0000120)
324#define CSR_HW_REV_TYPE_NONE (0x00001F0) 328#define CSR_HW_REV_TYPE_7265D (0x0000210)
329#define CSR_HW_REV_TYPE_NONE (0x00001F0)
325 330
326/* EEPROM REG */ 331/* EEPROM REG */
327#define CSR_EEPROM_REG_READ_VALID_MSK (0x00000001) 332#define CSR_EEPROM_REG_READ_VALID_MSK (0x00000001)
diff --git a/drivers/net/wireless/iwlwifi/iwl-debug.h b/drivers/net/wireless/iwlwifi/iwl-debug.h
index 0a70bcd241f5..684254553558 100644
--- a/drivers/net/wireless/iwlwifi/iwl-debug.h
+++ b/drivers/net/wireless/iwlwifi/iwl-debug.h
@@ -143,7 +143,7 @@ do { \
143#define IWL_DL_INFO 0x00000001 143#define IWL_DL_INFO 0x00000001
144#define IWL_DL_MAC80211 0x00000002 144#define IWL_DL_MAC80211 0x00000002
145#define IWL_DL_HCMD 0x00000004 145#define IWL_DL_HCMD 0x00000004
146#define IWL_DL_STATE 0x00000008 146#define IWL_DL_TDLS 0x00000008
147/* 0x000000F0 - 0x00000010 */ 147/* 0x000000F0 - 0x00000010 */
148#define IWL_DL_QUOTA 0x00000010 148#define IWL_DL_QUOTA 0x00000010
149#define IWL_DL_TE 0x00000020 149#define IWL_DL_TE 0x00000020
@@ -180,6 +180,7 @@ do { \
180#define IWL_DL_TX_QUEUES 0x80000000 180#define IWL_DL_TX_QUEUES 0x80000000
181 181
182#define IWL_DEBUG_INFO(p, f, a...) IWL_DEBUG(p, IWL_DL_INFO, f, ## a) 182#define IWL_DEBUG_INFO(p, f, a...) IWL_DEBUG(p, IWL_DL_INFO, f, ## a)
183#define IWL_DEBUG_TDLS(p, f, a...) IWL_DEBUG(p, IWL_DL_TDLS, f, ## a)
183#define IWL_DEBUG_MAC80211(p, f, a...) IWL_DEBUG(p, IWL_DL_MAC80211, f, ## a) 184#define IWL_DEBUG_MAC80211(p, f, a...) IWL_DEBUG(p, IWL_DL_MAC80211, f, ## a)
184#define IWL_DEBUG_EXTERNAL(p, f, a...) IWL_DEBUG(p, IWL_DL_EXTERNAL, f, ## a) 185#define IWL_DEBUG_EXTERNAL(p, f, a...) IWL_DEBUG(p, IWL_DL_EXTERNAL, f, ## a)
185#define IWL_DEBUG_TEMP(p, f, a...) IWL_DEBUG(p, IWL_DL_TEMP, f, ## a) 186#define IWL_DEBUG_TEMP(p, f, a...) IWL_DEBUG(p, IWL_DL_TEMP, f, ## a)
diff --git a/drivers/net/wireless/iwlwifi/iwl-drv.c b/drivers/net/wireless/iwlwifi/iwl-drv.c
index d9fa8e034da2..38de1513e4de 100644
--- a/drivers/net/wireless/iwlwifi/iwl-drv.c
+++ b/drivers/net/wireless/iwlwifi/iwl-drv.c
@@ -78,9 +78,6 @@
78#include "iwl-config.h" 78#include "iwl-config.h"
79#include "iwl-modparams.h" 79#include "iwl-modparams.h"
80 80
81/* private includes */
82#include "iwl-fw-file.h"
83
84/****************************************************************************** 81/******************************************************************************
85 * 82 *
86 * module boiler plate 83 * module boiler plate
@@ -187,6 +184,11 @@ static void iwl_free_fw_img(struct iwl_drv *drv, struct fw_img *img)
187static void iwl_dealloc_ucode(struct iwl_drv *drv) 184static void iwl_dealloc_ucode(struct iwl_drv *drv)
188{ 185{
189 int i; 186 int i;
187
188 kfree(drv->fw.dbg_dest_tlv);
189 for (i = 0; i < ARRAY_SIZE(drv->fw.dbg_conf_tlv); i++)
190 kfree(drv->fw.dbg_conf_tlv[i]);
191
190 for (i = 0; i < IWL_UCODE_TYPE_MAX; i++) 192 for (i = 0; i < IWL_UCODE_TYPE_MAX; i++)
191 iwl_free_fw_img(drv, drv->fw.img + i); 193 iwl_free_fw_img(drv, drv->fw.img + i);
192} 194}
@@ -248,6 +250,9 @@ static int iwl_request_firmware(struct iwl_drv *drv, bool first)
248 /* 250 /*
249 * Starting 8000B - FW name format has changed. This overwrites the 251 * Starting 8000B - FW name format has changed. This overwrites the
250 * previous name and uses the new format. 252 * previous name and uses the new format.
253 *
254 * TODO:
255 * Once there is only one supported step for 8000 family - delete this!
251 */ 256 */
252 if (drv->trans->cfg->device_family == IWL_DEVICE_FAMILY_8000) { 257 if (drv->trans->cfg->device_family == IWL_DEVICE_FAMILY_8000) {
253 char rev_step[2] = { 258 char rev_step[2] = {
@@ -258,6 +263,13 @@ static int iwl_request_firmware(struct iwl_drv *drv, bool first)
258 if (CSR_HW_REV_STEP(drv->trans->hw_rev) == SILICON_A_STEP) 263 if (CSR_HW_REV_STEP(drv->trans->hw_rev) == SILICON_A_STEP)
259 rev_step[0] = 0; 264 rev_step[0] = 0;
260 265
266 /*
267 * If hw_rev wasn't set yet - default as B-step. If it IS A-step
268 * we'll reload that FW later instead.
269 */
270 if (drv->trans->hw_rev == 0)
271 rev_step[0] = 'B';
272
261 snprintf(drv->firmware_name, sizeof(drv->firmware_name), 273 snprintf(drv->firmware_name, sizeof(drv->firmware_name),
262 "%s%s-%s.ucode", name_pre, rev_step, tag); 274 "%s%s-%s.ucode", name_pre, rev_step, tag);
263 } 275 }
@@ -301,6 +313,11 @@ struct iwl_firmware_pieces {
301 313
302 u32 init_evtlog_ptr, init_evtlog_size, init_errlog_ptr; 314 u32 init_evtlog_ptr, init_evtlog_size, init_errlog_ptr;
303 u32 inst_evtlog_ptr, inst_evtlog_size, inst_errlog_ptr; 315 u32 inst_evtlog_ptr, inst_evtlog_size, inst_errlog_ptr;
316
317 /* FW debug data parsed for driver usage */
318 struct iwl_fw_dbg_dest_tlv *dbg_dest_tlv;
319 struct iwl_fw_dbg_conf_tlv *dbg_conf_tlv[FW_DBG_MAX];
320 size_t dbg_conf_tlv_len[FW_DBG_MAX];
304}; 321};
305 322
306/* 323/*
@@ -574,6 +591,8 @@ static int iwl_parse_tlv_firmware(struct iwl_drv *drv,
574 char buildstr[25]; 591 char buildstr[25];
575 u32 build; 592 u32 build;
576 int num_of_cpus; 593 int num_of_cpus;
594 bool usniffer_images = false;
595 bool usniffer_req = false;
577 596
578 if (len < sizeof(*ucode)) { 597 if (len < sizeof(*ucode)) {
579 IWL_ERR(drv, "uCode has invalid length: %zd\n", len); 598 IWL_ERR(drv, "uCode has invalid length: %zd\n", len);
@@ -846,12 +865,79 @@ static int iwl_parse_tlv_firmware(struct iwl_drv *drv,
846 capa->n_scan_channels = 865 capa->n_scan_channels =
847 le32_to_cpup((__le32 *)tlv_data); 866 le32_to_cpup((__le32 *)tlv_data);
848 break; 867 break;
868 case IWL_UCODE_TLV_FW_DBG_DEST: {
869 struct iwl_fw_dbg_dest_tlv *dest = (void *)tlv_data;
870
871 if (pieces->dbg_dest_tlv) {
872 IWL_ERR(drv,
873 "dbg destination ignored, already exists\n");
874 break;
875 }
876
877 pieces->dbg_dest_tlv = dest;
878 IWL_INFO(drv, "Found debug destination: %s\n",
879 get_fw_dbg_mode_string(dest->monitor_mode));
880
881 drv->fw.dbg_dest_reg_num =
882 tlv_len - offsetof(struct iwl_fw_dbg_dest_tlv,
883 reg_ops);
884 drv->fw.dbg_dest_reg_num /=
885 sizeof(drv->fw.dbg_dest_tlv->reg_ops[0]);
886
887 break;
888 }
889 case IWL_UCODE_TLV_FW_DBG_CONF: {
890 struct iwl_fw_dbg_conf_tlv *conf = (void *)tlv_data;
891
892 if (!pieces->dbg_dest_tlv) {
893 IWL_ERR(drv,
894 "Ignore dbg config %d - no destination configured\n",
895 conf->id);
896 break;
897 }
898
899 if (conf->id >= ARRAY_SIZE(drv->fw.dbg_conf_tlv)) {
900 IWL_ERR(drv,
901 "Skip unknown configuration: %d\n",
902 conf->id);
903 break;
904 }
905
906 if (pieces->dbg_conf_tlv[conf->id]) {
907 IWL_ERR(drv,
908 "Ignore duplicate dbg config %d\n",
909 conf->id);
910 break;
911 }
912
913 if (conf->usniffer)
914 usniffer_req = true;
915
916 IWL_INFO(drv, "Found debug configuration: %d\n",
917 conf->id);
918
919 pieces->dbg_conf_tlv[conf->id] = conf;
920 pieces->dbg_conf_tlv_len[conf->id] = tlv_len;
921 break;
922 }
923 case IWL_UCODE_TLV_SEC_RT_USNIFFER:
924 usniffer_images = true;
925 iwl_store_ucode_sec(pieces, tlv_data,
926 IWL_UCODE_REGULAR_USNIFFER,
927 tlv_len);
928 break;
849 default: 929 default:
850 IWL_DEBUG_INFO(drv, "unknown TLV: %d\n", tlv_type); 930 IWL_DEBUG_INFO(drv, "unknown TLV: %d\n", tlv_type);
851 break; 931 break;
852 } 932 }
853 } 933 }
854 934
935 if (usniffer_req && !usniffer_images) {
936 IWL_ERR(drv,
937 "user selected to work with usniffer but usniffer image isn't available in ucode package\n");
938 return -EINVAL;
939 }
940
855 if (len) { 941 if (len) {
856 IWL_ERR(drv, "invalid TLV after parsing: %zd\n", len); 942 IWL_ERR(drv, "invalid TLV after parsing: %zd\n", len);
857 iwl_print_hex_dump(drv, IWL_DL_FW, (u8 *)data, len); 943 iwl_print_hex_dump(drv, IWL_DL_FW, (u8 *)data, len);
@@ -989,13 +1075,14 @@ static void iwl_req_fw_callback(const struct firmware *ucode_raw, void *context)
989 struct iwl_ucode_header *ucode; 1075 struct iwl_ucode_header *ucode;
990 struct iwlwifi_opmode_table *op; 1076 struct iwlwifi_opmode_table *op;
991 int err; 1077 int err;
992 struct iwl_firmware_pieces pieces; 1078 struct iwl_firmware_pieces *pieces;
993 const unsigned int api_max = drv->cfg->ucode_api_max; 1079 const unsigned int api_max = drv->cfg->ucode_api_max;
994 unsigned int api_ok = drv->cfg->ucode_api_ok; 1080 unsigned int api_ok = drv->cfg->ucode_api_ok;
995 const unsigned int api_min = drv->cfg->ucode_api_min; 1081 const unsigned int api_min = drv->cfg->ucode_api_min;
996 u32 api_ver; 1082 u32 api_ver;
997 int i; 1083 int i;
998 bool load_module = false; 1084 bool load_module = false;
1085 u32 hw_rev = drv->trans->hw_rev;
999 1086
1000 fw->ucode_capa.max_probe_length = IWL_DEFAULT_MAX_PROBE_LENGTH; 1087 fw->ucode_capa.max_probe_length = IWL_DEFAULT_MAX_PROBE_LENGTH;
1001 fw->ucode_capa.standard_phy_calibration_size = 1088 fw->ucode_capa.standard_phy_calibration_size =
@@ -1005,7 +1092,9 @@ static void iwl_req_fw_callback(const struct firmware *ucode_raw, void *context)
1005 if (!api_ok) 1092 if (!api_ok)
1006 api_ok = api_max; 1093 api_ok = api_max;
1007 1094
1008 memset(&pieces, 0, sizeof(pieces)); 1095 pieces = kzalloc(sizeof(*pieces), GFP_KERNEL);
1096 if (!pieces)
1097 return;
1009 1098
1010 if (!ucode_raw) { 1099 if (!ucode_raw) {
1011 if (drv->fw_index <= api_ok) 1100 if (drv->fw_index <= api_ok)
@@ -1028,10 +1117,10 @@ static void iwl_req_fw_callback(const struct firmware *ucode_raw, void *context)
1028 ucode = (struct iwl_ucode_header *)ucode_raw->data; 1117 ucode = (struct iwl_ucode_header *)ucode_raw->data;
1029 1118
1030 if (ucode->ver) 1119 if (ucode->ver)
1031 err = iwl_parse_v1_v2_firmware(drv, ucode_raw, &pieces); 1120 err = iwl_parse_v1_v2_firmware(drv, ucode_raw, pieces);
1032 else 1121 else
1033 err = iwl_parse_tlv_firmware(drv, ucode_raw, &pieces, 1122 err = iwl_parse_tlv_firmware(drv, ucode_raw, pieces,
1034 &fw->ucode_capa); 1123 &fw->ucode_capa);
1035 1124
1036 if (err) 1125 if (err)
1037 goto try_again; 1126 goto try_again;
@@ -1071,7 +1160,7 @@ static void iwl_req_fw_callback(const struct firmware *ucode_raw, void *context)
1071 * In mvm uCode there is no difference between data and instructions 1160 * In mvm uCode there is no difference between data and instructions
1072 * sections. 1161 * sections.
1073 */ 1162 */
1074 if (!fw->mvm_fw && validate_sec_sizes(drv, &pieces, drv->cfg)) 1163 if (!fw->mvm_fw && validate_sec_sizes(drv, pieces, drv->cfg))
1075 goto try_again; 1164 goto try_again;
1076 1165
1077 /* Allocate ucode buffers for card's bus-master loading ... */ 1166 /* Allocate ucode buffers for card's bus-master loading ... */
@@ -1080,9 +1169,33 @@ static void iwl_req_fw_callback(const struct firmware *ucode_raw, void *context)
1080 * 1) unmodified from disk 1169 * 1) unmodified from disk
1081 * 2) backup cache for save/restore during power-downs */ 1170 * 2) backup cache for save/restore during power-downs */
1082 for (i = 0; i < IWL_UCODE_TYPE_MAX; i++) 1171 for (i = 0; i < IWL_UCODE_TYPE_MAX; i++)
1083 if (iwl_alloc_ucode(drv, &pieces, i)) 1172 if (iwl_alloc_ucode(drv, pieces, i))
1084 goto out_free_fw; 1173 goto out_free_fw;
1085 1174
1175 if (pieces->dbg_dest_tlv) {
1176 drv->fw.dbg_dest_tlv =
1177 kmemdup(pieces->dbg_dest_tlv,
1178 sizeof(*pieces->dbg_dest_tlv) +
1179 sizeof(pieces->dbg_dest_tlv->reg_ops[0]) *
1180 drv->fw.dbg_dest_reg_num, GFP_KERNEL);
1181
1182 if (!drv->fw.dbg_dest_tlv)
1183 goto out_free_fw;
1184 }
1185
1186 for (i = 0; i < ARRAY_SIZE(drv->fw.dbg_conf_tlv); i++) {
1187 if (pieces->dbg_conf_tlv[i]) {
1188 drv->fw.dbg_conf_tlv_len[i] =
1189 pieces->dbg_conf_tlv_len[i];
1190 drv->fw.dbg_conf_tlv[i] =
1191 kmemdup(pieces->dbg_conf_tlv[i],
1192 drv->fw.dbg_conf_tlv_len[i],
1193 GFP_KERNEL);
1194 if (!drv->fw.dbg_conf_tlv[i])
1195 goto out_free_fw;
1196 }
1197 }
1198
1086 /* Now that we can no longer fail, copy information */ 1199 /* Now that we can no longer fail, copy information */
1087 1200
1088 /* 1201 /*
@@ -1090,20 +1203,20 @@ static void iwl_req_fw_callback(const struct firmware *ucode_raw, void *context)
1090 * for each event, which is of mode 1 (including timestamp) for all 1203 * for each event, which is of mode 1 (including timestamp) for all
1091 * new microcodes that include this information. 1204 * new microcodes that include this information.
1092 */ 1205 */
1093 fw->init_evtlog_ptr = pieces.init_evtlog_ptr; 1206 fw->init_evtlog_ptr = pieces->init_evtlog_ptr;
1094 if (pieces.init_evtlog_size) 1207 if (pieces->init_evtlog_size)
1095 fw->init_evtlog_size = (pieces.init_evtlog_size - 16)/12; 1208 fw->init_evtlog_size = (pieces->init_evtlog_size - 16)/12;
1096 else 1209 else
1097 fw->init_evtlog_size = 1210 fw->init_evtlog_size =
1098 drv->cfg->base_params->max_event_log_size; 1211 drv->cfg->base_params->max_event_log_size;
1099 fw->init_errlog_ptr = pieces.init_errlog_ptr; 1212 fw->init_errlog_ptr = pieces->init_errlog_ptr;
1100 fw->inst_evtlog_ptr = pieces.inst_evtlog_ptr; 1213 fw->inst_evtlog_ptr = pieces->inst_evtlog_ptr;
1101 if (pieces.inst_evtlog_size) 1214 if (pieces->inst_evtlog_size)
1102 fw->inst_evtlog_size = (pieces.inst_evtlog_size - 16)/12; 1215 fw->inst_evtlog_size = (pieces->inst_evtlog_size - 16)/12;
1103 else 1216 else
1104 fw->inst_evtlog_size = 1217 fw->inst_evtlog_size =
1105 drv->cfg->base_params->max_event_log_size; 1218 drv->cfg->base_params->max_event_log_size;
1106 fw->inst_errlog_ptr = pieces.inst_errlog_ptr; 1219 fw->inst_errlog_ptr = pieces->inst_errlog_ptr;
1107 1220
1108 /* 1221 /*
1109 * figure out the offset of chain noise reset and gain commands 1222 * figure out the offset of chain noise reset and gain commands
@@ -1162,10 +1275,55 @@ static void iwl_req_fw_callback(const struct firmware *ucode_raw, void *context)
1162 op->name, err); 1275 op->name, err);
1163#endif 1276#endif
1164 } 1277 }
1278
1279 /*
1280 * We may have loaded the wrong FW file in 8000 HW family if it is an
1281 * A-step card, and if drv->trans->hw_rev wasn't properly read when
1282 * the FW file had been loaded. (This might happen in SDIO.) In such a
1283 * case - unload and reload the correct file.
1284 *
1285 * TODO:
1286 * Once there is only one supported step for 8000 family - delete this!
1287 */
1288 if (drv->trans->cfg->device_family == IWL_DEVICE_FAMILY_8000 &&
1289 CSR_HW_REV_STEP(drv->trans->hw_rev) == SILICON_A_STEP &&
1290 drv->trans->hw_rev != hw_rev) {
1291 char firmware_name[32];
1292
1293 /* Free previous FW resources */
1294 if (drv->op_mode)
1295 _iwl_op_mode_stop(drv);
1296 iwl_dealloc_ucode(drv);
1297
1298 /* Build name of correct-step FW */
1299 snprintf(firmware_name, sizeof(firmware_name),
1300 strrchr(drv->firmware_name, '-'));
1301 snprintf(drv->firmware_name, sizeof(drv->firmware_name),
1302 "%s%s", drv->cfg->fw_name_pre, firmware_name);
1303
1304 /* Clear data before loading correct FW */
1305 list_del(&drv->list);
1306
1307 /* Request correct FW file this time */
1308 IWL_DEBUG_INFO(drv, "attempting to load A-step FW %s\n",
1309 drv->firmware_name);
1310 err = request_firmware(&ucode_raw, drv->firmware_name,
1311 drv->trans->dev);
1312 if (err) {
1313 IWL_ERR(drv, "Failed swapping FW!\n");
1314 goto out_unbind;
1315 }
1316
1317 /* Redo callback function - this time with right FW */
1318 iwl_req_fw_callback(ucode_raw, context);
1319 }
1320
1321 kfree(pieces);
1165 return; 1322 return;
1166 1323
1167 try_again: 1324 try_again:
1168 /* try next, if any */ 1325 /* try next, if any */
1326 kfree(pieces);
1169 release_firmware(ucode_raw); 1327 release_firmware(ucode_raw);
1170 if (iwl_request_firmware(drv, false)) 1328 if (iwl_request_firmware(drv, false))
1171 goto out_unbind; 1329 goto out_unbind;
@@ -1176,6 +1334,7 @@ static void iwl_req_fw_callback(const struct firmware *ucode_raw, void *context)
1176 iwl_dealloc_ucode(drv); 1334 iwl_dealloc_ucode(drv);
1177 release_firmware(ucode_raw); 1335 release_firmware(ucode_raw);
1178 out_unbind: 1336 out_unbind:
1337 kfree(pieces);
1179 complete(&drv->request_firmware_complete); 1338 complete(&drv->request_firmware_complete);
1180 device_release_driver(drv->trans->dev); 1339 device_release_driver(drv->trans->dev);
1181} 1340}
diff --git a/drivers/net/wireless/iwlwifi/iwl-eeprom-parse.c b/drivers/net/wireless/iwlwifi/iwl-eeprom-parse.c
index 74b796dc4242..41ff85de7334 100644
--- a/drivers/net/wireless/iwlwifi/iwl-eeprom-parse.c
+++ b/drivers/net/wireless/iwlwifi/iwl-eeprom-parse.c
@@ -764,7 +764,7 @@ void iwl_init_ht_hw_capab(const struct iwl_cfg *cfg,
764 if (iwlwifi_mod_params.amsdu_size_8K) 764 if (iwlwifi_mod_params.amsdu_size_8K)
765 ht_info->cap |= IEEE80211_HT_CAP_MAX_AMSDU; 765 ht_info->cap |= IEEE80211_HT_CAP_MAX_AMSDU;
766 766
767 ht_info->ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K; 767 ht_info->ampdu_factor = cfg->max_ht_ampdu_exponent;
768 ht_info->ampdu_density = IEEE80211_HT_MPDU_DENSITY_4; 768 ht_info->ampdu_density = IEEE80211_HT_MPDU_DENSITY_4;
769 769
770 ht_info->mcs.rx_mask[0] = 0xFF; 770 ht_info->mcs.rx_mask[0] = 0xFF;
diff --git a/drivers/net/wireless/iwlwifi/iwl-fw-error-dump.h b/drivers/net/wireless/iwlwifi/iwl-fw-error-dump.h
index e30a41d04c8b..20a8a64c9fe3 100644
--- a/drivers/net/wireless/iwlwifi/iwl-fw-error-dump.h
+++ b/drivers/net/wireless/iwlwifi/iwl-fw-error-dump.h
@@ -81,6 +81,7 @@
81 * @IWL_FW_ERROR_DUMP_FW_MONITOR: firmware monitor 81 * @IWL_FW_ERROR_DUMP_FW_MONITOR: firmware monitor
82 * @IWL_FW_ERROR_DUMP_PRPH: range of periphery registers - there can be several 82 * @IWL_FW_ERROR_DUMP_PRPH: range of periphery registers - there can be several
83 * sections like this in a single file. 83 * sections like this in a single file.
84 * @IWL_FW_ERROR_DUMP_FH_REGS: range of FH registers
84 */ 85 */
85enum iwl_fw_error_dump_type { 86enum iwl_fw_error_dump_type {
86 IWL_FW_ERROR_DUMP_SRAM = 0, 87 IWL_FW_ERROR_DUMP_SRAM = 0,
@@ -90,6 +91,8 @@ enum iwl_fw_error_dump_type {
90 IWL_FW_ERROR_DUMP_DEV_FW_INFO = 4, 91 IWL_FW_ERROR_DUMP_DEV_FW_INFO = 4,
91 IWL_FW_ERROR_DUMP_FW_MONITOR = 5, 92 IWL_FW_ERROR_DUMP_FW_MONITOR = 5,
92 IWL_FW_ERROR_DUMP_PRPH = 6, 93 IWL_FW_ERROR_DUMP_PRPH = 6,
94 IWL_FW_ERROR_DUMP_TXF = 7,
95 IWL_FW_ERROR_DUMP_FH_REGS = 8,
93 96
94 IWL_FW_ERROR_DUMP_MAX, 97 IWL_FW_ERROR_DUMP_MAX,
95}; 98};
diff --git a/drivers/net/wireless/iwlwifi/iwl-fw-file.h b/drivers/net/wireless/iwlwifi/iwl-fw-file.h
index 401f7be36b93..f2a047f6bb3e 100644
--- a/drivers/net/wireless/iwlwifi/iwl-fw-file.h
+++ b/drivers/net/wireless/iwlwifi/iwl-fw-file.h
@@ -131,6 +131,9 @@ enum iwl_ucode_tlv_type {
131 IWL_UCODE_TLV_API_CHANGES_SET = 29, 131 IWL_UCODE_TLV_API_CHANGES_SET = 29,
132 IWL_UCODE_TLV_ENABLED_CAPABILITIES = 30, 132 IWL_UCODE_TLV_ENABLED_CAPABILITIES = 30,
133 IWL_UCODE_TLV_N_SCAN_CHANNELS = 31, 133 IWL_UCODE_TLV_N_SCAN_CHANNELS = 31,
134 IWL_UCODE_TLV_SEC_RT_USNIFFER = 34,
135 IWL_UCODE_TLV_FW_DBG_DEST = 38,
136 IWL_UCODE_TLV_FW_DBG_CONF = 39,
134}; 137};
135 138
136struct iwl_ucode_tlv { 139struct iwl_ucode_tlv {
@@ -179,4 +182,309 @@ struct iwl_ucode_capa {
179 __le32 api_capa; 182 __le32 api_capa;
180} __packed; 183} __packed;
181 184
185/**
186 * enum iwl_ucode_tlv_flag - ucode API flags
187 * @IWL_UCODE_TLV_FLAGS_PAN: This is PAN capable microcode; this previously
188 * was a separate TLV but moved here to save space.
189 * @IWL_UCODE_TLV_FLAGS_NEWSCAN: new uCode scan behaviour on hidden SSID,
190 * treats good CRC threshold as a boolean
191 * @IWL_UCODE_TLV_FLAGS_MFP: This uCode image supports MFP (802.11w).
192 * @IWL_UCODE_TLV_FLAGS_P2P: This uCode image supports P2P.
193 * @IWL_UCODE_TLV_FLAGS_DW_BC_TABLE: The SCD byte count table is in DWORDS
194 * @IWL_UCODE_TLV_FLAGS_UAPSD_SUPPORT: This uCode image supports uAPSD
195 * @IWL_UCODE_TLV_FLAGS_SHORT_BL: 16 entries of black list instead of 64 in scan
196 * offload profile config command.
197 * @IWL_UCODE_TLV_FLAGS_D3_6_IPV6_ADDRS: D3 image supports up to six
198 * (rather than two) IPv6 addresses
199 * @IWL_UCODE_TLV_FLAGS_NO_BASIC_SSID: not sending a probe with the SSID element
200 * from the probe request template.
201 * @IWL_UCODE_TLV_FLAGS_NEW_NSOFFL_SMALL: new NS offload (small version)
202 * @IWL_UCODE_TLV_FLAGS_NEW_NSOFFL_LARGE: new NS offload (large version)
203 * @IWL_UCODE_TLV_FLAGS_P2P_PM: P2P client supports PM as a stand alone MAC
204 * @IWL_UCODE_TLV_FLAGS_P2P_BSS_PS_DCM: support power save on BSS station and
205 * P2P client interfaces simultaneously if they are in different bindings.
206 * @IWL_UCODE_TLV_FLAGS_P2P_BSS_PS_SCM: support power save on BSS station and
207 * P2P client interfaces simultaneously if they are in same bindings.
208 * @IWL_UCODE_TLV_FLAGS_UAPSD_SUPPORT: General support for uAPSD
209 * @IWL_UCODE_TLV_FLAGS_P2P_PS_UAPSD: P2P client supports uAPSD power save
210 * @IWL_UCODE_TLV_FLAGS_BCAST_FILTERING: uCode supports broadcast filtering.
211 * @IWL_UCODE_TLV_FLAGS_GO_UAPSD: AP/GO interfaces support uAPSD clients
212 * @IWL_UCODE_TLV_FLAGS_EBS_SUPPORT: this uCode image supports EBS.
213 */
214enum iwl_ucode_tlv_flag {
215 IWL_UCODE_TLV_FLAGS_PAN = BIT(0),
216 IWL_UCODE_TLV_FLAGS_NEWSCAN = BIT(1),
217 IWL_UCODE_TLV_FLAGS_MFP = BIT(2),
218 IWL_UCODE_TLV_FLAGS_P2P = BIT(3),
219 IWL_UCODE_TLV_FLAGS_DW_BC_TABLE = BIT(4),
220 IWL_UCODE_TLV_FLAGS_SHORT_BL = BIT(7),
221 IWL_UCODE_TLV_FLAGS_D3_6_IPV6_ADDRS = BIT(10),
222 IWL_UCODE_TLV_FLAGS_NO_BASIC_SSID = BIT(12),
223 IWL_UCODE_TLV_FLAGS_NEW_NSOFFL_SMALL = BIT(15),
224 IWL_UCODE_TLV_FLAGS_NEW_NSOFFL_LARGE = BIT(16),
225 IWL_UCODE_TLV_FLAGS_P2P_PM = BIT(21),
226 IWL_UCODE_TLV_FLAGS_BSS_P2P_PS_DCM = BIT(22),
227 IWL_UCODE_TLV_FLAGS_BSS_P2P_PS_SCM = BIT(23),
228 IWL_UCODE_TLV_FLAGS_UAPSD_SUPPORT = BIT(24),
229 IWL_UCODE_TLV_FLAGS_EBS_SUPPORT = BIT(25),
230 IWL_UCODE_TLV_FLAGS_P2P_PS_UAPSD = BIT(26),
231 IWL_UCODE_TLV_FLAGS_BCAST_FILTERING = BIT(29),
232 IWL_UCODE_TLV_FLAGS_GO_UAPSD = BIT(30),
233};
234
235/**
236 * enum iwl_ucode_tlv_api - ucode api
237 * @IWL_UCODE_TLV_API_WOWLAN_CONFIG_TID: wowlan config includes tid field.
238 * @IWL_UCODE_TLV_CAPA_EXTENDED_BEACON: Support Extended beacon notification
239 * @IWL_UCODE_TLV_API_BT_COEX_SPLIT: new API for BT Coex
240 * @IWL_UCODE_TLV_API_CSA_FLOW: ucode can do unbind-bind flow for CSA.
241 * @IWL_UCODE_TLV_API_DISABLE_STA_TX: ucode supports tx_disable bit.
242 * @IWL_UCODE_TLV_API_LMAC_SCAN: This ucode uses LMAC unified scan API.
243 * @IWL_UCODE_TLV_API_SF_NO_DUMMY_NOTIF: ucode supports disabling dummy notif.
244 * @IWL_UCODE_TLV_API_FRAGMENTED_SCAN: This ucode supports active dwell time
245 * longer than the passive one, which is essential for fragmented scan.
246 */
247enum iwl_ucode_tlv_api {
248 IWL_UCODE_TLV_API_WOWLAN_CONFIG_TID = BIT(0),
249 IWL_UCODE_TLV_CAPA_EXTENDED_BEACON = BIT(1),
250 IWL_UCODE_TLV_API_BT_COEX_SPLIT = BIT(3),
251 IWL_UCODE_TLV_API_CSA_FLOW = BIT(4),
252 IWL_UCODE_TLV_API_DISABLE_STA_TX = BIT(5),
253 IWL_UCODE_TLV_API_LMAC_SCAN = BIT(6),
254 IWL_UCODE_TLV_API_SF_NO_DUMMY_NOTIF = BIT(7),
255 IWL_UCODE_TLV_API_FRAGMENTED_SCAN = BIT(8),
256};
257
258/**
259 * enum iwl_ucode_tlv_capa - ucode capabilities
260 * @IWL_UCODE_TLV_CAPA_D0I3_SUPPORT: supports D0i3
261 * @IWL_UCODE_TLV_CAPA_LAR_SUPPORT: supports Location Aware Regulatory
262 * @IWL_UCODE_TLV_CAPA_UMAC_SCAN: supports UMAC scan.
263 * @IWL_UCODE_TLV_CAPA_TDLS_SUPPORT: support basic TDLS functionality
264 * @IWL_UCODE_TLV_CAPA_TXPOWER_INSERTION_SUPPORT: supports insertion of current
265 * tx power value into TPC Report action frame and Link Measurement Report
266 * action frame
267 * @IWL_UCODE_TLV_CAPA_DS_PARAM_SET_IE_SUPPORT: supports updating current
268 * channel in DS parameter set element in probe requests.
269 * @IWL_UCODE_TLV_CAPA_WFA_TPC_REP_IE_SUPPORT: supports adding TPC Report IE in
270 * probe requests.
271 * @IWL_UCODE_TLV_CAPA_QUIET_PERIOD_SUPPORT: supports Quiet Period requests
272 * @IWL_UCODE_TLV_CAPA_DQA_SUPPORT: supports dynamic queue allocation (DQA),
273 * which also implies support for the scheduler configuration command
274 * @IWL_UCODE_TLV_CAPA_TDLS_CHANNEL_SWITCH: supports TDLS channel switching
275 * @IWL_UCODE_TLV_CAPA_HOTSPOT_SUPPORT: supports Hot Spot Command
276 */
277enum iwl_ucode_tlv_capa {
278 IWL_UCODE_TLV_CAPA_D0I3_SUPPORT = BIT(0),
279 IWL_UCODE_TLV_CAPA_LAR_SUPPORT = BIT(1),
280 IWL_UCODE_TLV_CAPA_UMAC_SCAN = BIT(2),
281 IWL_UCODE_TLV_CAPA_TDLS_SUPPORT = BIT(6),
282 IWL_UCODE_TLV_CAPA_TXPOWER_INSERTION_SUPPORT = BIT(8),
283 IWL_UCODE_TLV_CAPA_DS_PARAM_SET_IE_SUPPORT = BIT(9),
284 IWL_UCODE_TLV_CAPA_WFA_TPC_REP_IE_SUPPORT = BIT(10),
285 IWL_UCODE_TLV_CAPA_QUIET_PERIOD_SUPPORT = BIT(11),
286 IWL_UCODE_TLV_CAPA_DQA_SUPPORT = BIT(12),
287 IWL_UCODE_TLV_CAPA_TDLS_CHANNEL_SWITCH = BIT(13),
288 IWL_UCODE_TLV_CAPA_HOTSPOT_SUPPORT = BIT(18),
289};
290
291/* The default calibrate table size if not specified by firmware file */
292#define IWL_DEFAULT_STANDARD_PHY_CALIBRATE_TBL_SIZE 18
293#define IWL_MAX_STANDARD_PHY_CALIBRATE_TBL_SIZE 19
294#define IWL_MAX_PHY_CALIBRATE_TBL_SIZE 253
295
296/* The default max probe length if not specified by the firmware file */
297#define IWL_DEFAULT_MAX_PROBE_LENGTH 200
298
299/*
300 * For 16.0 uCode and above, there is no differentiation between sections,
301 * just an offset to the HW address.
302 */
303#define IWL_UCODE_SECTION_MAX 12
304#define IWL_API_ARRAY_SIZE 1
305#define IWL_CAPABILITIES_ARRAY_SIZE 1
306#define CPU1_CPU2_SEPARATOR_SECTION 0xFFFFCCCC
307
308/* uCode version contains 4 values: Major/Minor/API/Serial */
309#define IWL_UCODE_MAJOR(ver) (((ver) & 0xFF000000) >> 24)
310#define IWL_UCODE_MINOR(ver) (((ver) & 0x00FF0000) >> 16)
311#define IWL_UCODE_API(ver) (((ver) & 0x0000FF00) >> 8)
312#define IWL_UCODE_SERIAL(ver) ((ver) & 0x000000FF)
313
314/*
315 * Calibration control struct.
316 * Sent as part of the phy configuration command.
317 * @flow_trigger: bitmap for which calibrations to perform according to
318 * flow triggers.
319 * @event_trigger: bitmap for which calibrations to perform according to
320 * event triggers.
321 */
322struct iwl_tlv_calib_ctrl {
323 __le32 flow_trigger;
324 __le32 event_trigger;
325} __packed;
326
327enum iwl_fw_phy_cfg {
328 FW_PHY_CFG_RADIO_TYPE_POS = 0,
329 FW_PHY_CFG_RADIO_TYPE = 0x3 << FW_PHY_CFG_RADIO_TYPE_POS,
330 FW_PHY_CFG_RADIO_STEP_POS = 2,
331 FW_PHY_CFG_RADIO_STEP = 0x3 << FW_PHY_CFG_RADIO_STEP_POS,
332 FW_PHY_CFG_RADIO_DASH_POS = 4,
333 FW_PHY_CFG_RADIO_DASH = 0x3 << FW_PHY_CFG_RADIO_DASH_POS,
334 FW_PHY_CFG_TX_CHAIN_POS = 16,
335 FW_PHY_CFG_TX_CHAIN = 0xf << FW_PHY_CFG_TX_CHAIN_POS,
336 FW_PHY_CFG_RX_CHAIN_POS = 20,
337 FW_PHY_CFG_RX_CHAIN = 0xf << FW_PHY_CFG_RX_CHAIN_POS,
338};
339
340#define IWL_UCODE_MAX_CS 1
341
342/**
343 * struct iwl_fw_cipher_scheme - a cipher scheme supported by FW.
344 * @cipher: a cipher suite selector
345 * @flags: cipher scheme flags (currently reserved for a future use)
346 * @hdr_len: a size of MPDU security header
347 * @pn_len: a size of PN
348 * @pn_off: an offset of pn from the beginning of the security header
349 * @key_idx_off: an offset of key index byte in the security header
350 * @key_idx_mask: a bit mask of key_idx bits
351 * @key_idx_shift: bit shift needed to get key_idx
352 * @mic_len: mic length in bytes
353 * @hw_cipher: a HW cipher index used in host commands
354 */
355struct iwl_fw_cipher_scheme {
356 __le32 cipher;
357 u8 flags;
358 u8 hdr_len;
359 u8 pn_len;
360 u8 pn_off;
361 u8 key_idx_off;
362 u8 key_idx_mask;
363 u8 key_idx_shift;
364 u8 mic_len;
365 u8 hw_cipher;
366} __packed;
367
368enum iwl_fw_dbg_reg_operator {
369 CSR_ASSIGN,
370 CSR_SETBIT,
371 CSR_CLEARBIT,
372
373 PRPH_ASSIGN,
374 PRPH_SETBIT,
375 PRPH_CLEARBIT,
376};
377
378/**
379 * struct iwl_fw_dbg_reg_op - an operation on a register
380 *
381 * @op: %enum iwl_fw_dbg_reg_operator
382 * @addr: offset of the register
383 * @val: value
384 */
385struct iwl_fw_dbg_reg_op {
386 u8 op;
387 u8 reserved[3];
388 __le32 addr;
389 __le32 val;
390} __packed;
391
392/**
393 * enum iwl_fw_dbg_monitor_mode - available monitor recording modes
394 *
395 * @SMEM_MODE: monitor stores the data in SMEM
396 * @EXTERNAL_MODE: monitor stores the data in allocated DRAM
397 * @MARBH_MODE: monitor stores the data in MARBH buffer
398 */
399enum iwl_fw_dbg_monitor_mode {
400 SMEM_MODE = 0,
401 EXTERNAL_MODE = 1,
402 MARBH_MODE = 2,
403};
404
405/**
406 * struct iwl_fw_dbg_dest_tlv - configures the destination of the debug data
407 *
408 * @version: version of the TLV - currently 0
409 * @monitor_mode: %enum iwl_fw_dbg_monitor_mode
410 * @base_reg: addr of the base addr register (PRPH)
411 * @end_reg: addr of the end addr register (PRPH)
412 * @write_ptr_reg: the addr of the reg of the write pointer
413 * @wrap_count: the addr of the reg of the wrap_count
414 * @base_shift: shift right of the base addr reg
415 * @end_shift: shift right of the end addr reg
416 * @reg_ops: array of registers operations
417 *
418 * This parses IWL_UCODE_TLV_FW_DBG_DEST
419 */
420struct iwl_fw_dbg_dest_tlv {
421 u8 version;
422 u8 monitor_mode;
423 u8 reserved[2];
424 __le32 base_reg;
425 __le32 end_reg;
426 __le32 write_ptr_reg;
427 __le32 wrap_count;
428 u8 base_shift;
429 u8 end_shift;
430 struct iwl_fw_dbg_reg_op reg_ops[0];
431} __packed;
432
433struct iwl_fw_dbg_conf_hcmd {
434 u8 id;
435 u8 reserved;
436 __le16 len;
437 u8 data[0];
438} __packed;
439
440/**
441 * struct iwl_fw_dbg_trigger - a TLV that describes a debug configuration
442 *
443 * @enabled: is this trigger enabled
444 * @reserved:
445 * @len: length, in bytes, of the %trigger field
446 * @trigger: pointer to a trigger struct
447 */
448struct iwl_fw_dbg_trigger {
449 u8 enabled;
450 u8 reserved;
451 u8 len;
452 u8 trigger[0];
453} __packed;
454
455/**
456 * enum iwl_fw_dbg_conf - configurations available
457 *
458 * @FW_DBG_CUSTOM: take this configuration from alive
459 * Note that the trigger is NO-OP for this configuration
460 */
461enum iwl_fw_dbg_conf {
462 FW_DBG_CUSTOM = 0,
463
464 /* must be last */
465 FW_DBG_MAX,
466 FW_DBG_INVALID = 0xff,
467};
468
469/**
470 * struct iwl_fw_dbg_conf_tlv - a TLV that describes a debug configuration
471 *
472 * @id: %enum iwl_fw_dbg_conf
473 * @usniffer: should the uSniffer image be used
474 * @num_of_hcmds: how many HCMDs to send are present here
475 * @hcmd: a variable length host command to be sent to apply the configuration.
476 * If there is more than one HCMD to send, they will appear one after the
477 * other and be sent in the order that they appear in.
478 * This parses IWL_UCODE_TLV_FW_DBG_CONF
479 */
480struct iwl_fw_dbg_conf_tlv {
481 u8 id;
482 u8 usniffer;
483 u8 reserved;
484 u8 num_of_hcmds;
485 struct iwl_fw_dbg_conf_hcmd hcmd;
486
487 /* struct iwl_fw_dbg_trigger sits after all variable length hcmds */
488} __packed;
489
182#endif /* __iwl_fw_file_h__ */ 490#endif /* __iwl_fw_file_h__ */
diff --git a/drivers/net/wireless/iwlwifi/iwl-fw.h b/drivers/net/wireless/iwlwifi/iwl-fw.h
index 649fdae77383..e6dc3b870949 100644
--- a/drivers/net/wireless/iwlwifi/iwl-fw.h
+++ b/drivers/net/wireless/iwlwifi/iwl-fw.h
@@ -70,112 +70,6 @@
70#include "iwl-fw-file.h" 70#include "iwl-fw-file.h"
71 71
72/** 72/**
73 * enum iwl_ucode_tlv_flag - ucode API flags
74 * @IWL_UCODE_TLV_FLAGS_PAN: This is PAN capable microcode; this previously
75 * was a separate TLV but moved here to save space.
76 * @IWL_UCODE_TLV_FLAGS_NEWSCAN: new uCode scan behaviour on hidden SSID,
77 * treats good CRC threshold as a boolean
78 * @IWL_UCODE_TLV_FLAGS_MFP: This uCode image supports MFP (802.11w).
79 * @IWL_UCODE_TLV_FLAGS_P2P: This uCode image supports P2P.
80 * @IWL_UCODE_TLV_FLAGS_DW_BC_TABLE: The SCD byte count table is in DWORDS
81 * @IWL_UCODE_TLV_FLAGS_UAPSD_SUPPORT: This uCode image supports uAPSD
82 * @IWL_UCODE_TLV_FLAGS_SHORT_BL: 16 entries of black list instead of 64 in scan
83 * offload profile config command.
84 * @IWL_UCODE_TLV_FLAGS_D3_6_IPV6_ADDRS: D3 image supports up to six
85 * (rather than two) IPv6 addresses
86 * @IWL_UCODE_TLV_FLAGS_NO_BASIC_SSID: not sending a probe with the SSID element
87 * from the probe request template.
88 * @IWL_UCODE_TLV_FLAGS_NEW_NSOFFL_SMALL: new NS offload (small version)
89 * @IWL_UCODE_TLV_FLAGS_NEW_NSOFFL_LARGE: new NS offload (large version)
90 * @IWL_UCODE_TLV_FLAGS_P2P_PM: P2P client supports PM as a stand alone MAC
91 * @IWL_UCODE_TLV_FLAGS_P2P_BSS_PS_DCM: support power save on BSS station and
92 * P2P client interfaces simultaneously if they are in different bindings.
93 * @IWL_UCODE_TLV_FLAGS_P2P_BSS_PS_SCM: support power save on BSS station and
94 * P2P client interfaces simultaneously if they are in same bindings.
95 * @IWL_UCODE_TLV_FLAGS_UAPSD_SUPPORT: General support for uAPSD
96 * @IWL_UCODE_TLV_FLAGS_P2P_PS_UAPSD: P2P client supports uAPSD power save
97 * @IWL_UCODE_TLV_FLAGS_BCAST_FILTERING: uCode supports broadcast filtering.
98 * @IWL_UCODE_TLV_FLAGS_GO_UAPSD: AP/GO interfaces support uAPSD clients
99 * @IWL_UCODE_TLV_FLAGS_EBS_SUPPORT: this uCode image supports EBS.
100 */
101enum iwl_ucode_tlv_flag {
102 IWL_UCODE_TLV_FLAGS_PAN = BIT(0),
103 IWL_UCODE_TLV_FLAGS_NEWSCAN = BIT(1),
104 IWL_UCODE_TLV_FLAGS_MFP = BIT(2),
105 IWL_UCODE_TLV_FLAGS_P2P = BIT(3),
106 IWL_UCODE_TLV_FLAGS_DW_BC_TABLE = BIT(4),
107 IWL_UCODE_TLV_FLAGS_SHORT_BL = BIT(7),
108 IWL_UCODE_TLV_FLAGS_D3_6_IPV6_ADDRS = BIT(10),
109 IWL_UCODE_TLV_FLAGS_NO_BASIC_SSID = BIT(12),
110 IWL_UCODE_TLV_FLAGS_NEW_NSOFFL_SMALL = BIT(15),
111 IWL_UCODE_TLV_FLAGS_NEW_NSOFFL_LARGE = BIT(16),
112 IWL_UCODE_TLV_FLAGS_P2P_PM = BIT(21),
113 IWL_UCODE_TLV_FLAGS_BSS_P2P_PS_DCM = BIT(22),
114 IWL_UCODE_TLV_FLAGS_BSS_P2P_PS_SCM = BIT(23),
115 IWL_UCODE_TLV_FLAGS_UAPSD_SUPPORT = BIT(24),
116 IWL_UCODE_TLV_FLAGS_EBS_SUPPORT = BIT(25),
117 IWL_UCODE_TLV_FLAGS_P2P_PS_UAPSD = BIT(26),
118 IWL_UCODE_TLV_FLAGS_BCAST_FILTERING = BIT(29),
119 IWL_UCODE_TLV_FLAGS_GO_UAPSD = BIT(30),
120};
121
122/**
123 * enum iwl_ucode_tlv_api - ucode api
124 * @IWL_UCODE_TLV_API_WOWLAN_CONFIG_TID: wowlan config includes tid field.
125 * @IWL_UCODE_TLV_CAPA_EXTENDED_BEACON: Support Extended beacon notification
126 * @IWL_UCODE_TLV_API_BT_COEX_SPLIT: new API for BT Coex
127 * @IWL_UCODE_TLV_API_CSA_FLOW: ucode can do unbind-bind flow for CSA.
128 * @IWL_UCODE_TLV_API_DISABLE_STA_TX: ucode supports tx_disable bit.
129 * @IWL_UCODE_TLV_API_LMAC_SCAN: This ucode uses LMAC unified scan API.
130 * @IWL_UCODE_TLV_API_SF_NO_DUMMY_NOTIF: ucode supports disabling dummy notif.
131 * @IWL_UCODE_TLV_API_FRAGMENTED_SCAN: This ucode supports active dwell time
132 * longer than the passive one, which is essential for fragmented scan.
133 */
134enum iwl_ucode_tlv_api {
135 IWL_UCODE_TLV_API_WOWLAN_CONFIG_TID = BIT(0),
136 IWL_UCODE_TLV_CAPA_EXTENDED_BEACON = BIT(1),
137 IWL_UCODE_TLV_API_BT_COEX_SPLIT = BIT(3),
138 IWL_UCODE_TLV_API_CSA_FLOW = BIT(4),
139 IWL_UCODE_TLV_API_DISABLE_STA_TX = BIT(5),
140 IWL_UCODE_TLV_API_LMAC_SCAN = BIT(6),
141 IWL_UCODE_TLV_API_SF_NO_DUMMY_NOTIF = BIT(7),
142 IWL_UCODE_TLV_API_FRAGMENTED_SCAN = BIT(8),
143};
144
145/**
146 * enum iwl_ucode_tlv_capa - ucode capabilities
147 * @IWL_UCODE_TLV_CAPA_D0I3_SUPPORT: supports D0i3
148 * @IWL_UCODE_TLV_CAPA_TXPOWER_INSERTION_SUPPORT: supports insertion of current
149 * tx power value into TPC Report action frame and Link Measurement Report
150 * action frame
151 * @IWL_UCODE_TLV_CAPA_DS_PARAM_SET_IE_SUPPORT: supports adding DS params
152 * element in probe requests.
153 * @IWL_UCODE_TLV_CAPA_WFA_TPC_REP_IE_SUPPORT: supports adding TPC Report IE in
154 * probe requests.
155 * @IWL_UCODE_TLV_CAPA_QUIET_PERIOD_SUPPORT: supports Quiet Period requests
156 * @IWL_UCODE_TLV_CAPA_DQA_SUPPORT: supports dynamic queue allocation (DQA),
157 * which also implies support for the scheduler configuration command
158 * @IWL_UCODE_TLV_CAPA_HOTSPOT_SUPPORT: supports Hot Spot Command
159 */
160enum iwl_ucode_tlv_capa {
161 IWL_UCODE_TLV_CAPA_D0I3_SUPPORT = BIT(0),
162 IWL_UCODE_TLV_CAPA_TXPOWER_INSERTION_SUPPORT = BIT(8),
163 IWL_UCODE_TLV_CAPA_DS_PARAM_SET_IE_SUPPORT = BIT(9),
164 IWL_UCODE_TLV_CAPA_WFA_TPC_REP_IE_SUPPORT = BIT(10),
165 IWL_UCODE_TLV_CAPA_QUIET_PERIOD_SUPPORT = BIT(11),
166 IWL_UCODE_TLV_CAPA_DQA_SUPPORT = BIT(12),
167 IWL_UCODE_TLV_CAPA_HOTSPOT_SUPPORT = BIT(18),
168};
169
170/* The default calibrate table size if not specified by firmware file */
171#define IWL_DEFAULT_STANDARD_PHY_CALIBRATE_TBL_SIZE 18
172#define IWL_MAX_STANDARD_PHY_CALIBRATE_TBL_SIZE 19
173#define IWL_MAX_PHY_CALIBRATE_TBL_SIZE 253
174
175/* The default max probe length if not specified by the firmware file */
176#define IWL_DEFAULT_MAX_PROBE_LENGTH 200
177
178/**
179 * enum iwl_ucode_type 73 * enum iwl_ucode_type
180 * 74 *
181 * The type of ucode. 75 * The type of ucode.
@@ -183,11 +77,13 @@ enum iwl_ucode_tlv_capa {
183 * @IWL_UCODE_REGULAR: Normal runtime ucode 77 * @IWL_UCODE_REGULAR: Normal runtime ucode
184 * @IWL_UCODE_INIT: Initial ucode 78 * @IWL_UCODE_INIT: Initial ucode
185 * @IWL_UCODE_WOWLAN: Wake on Wireless enabled ucode 79 * @IWL_UCODE_WOWLAN: Wake on Wireless enabled ucode
80 * @IWL_UCODE_REGULAR_USNIFFER: Normal runtime ucode when using usniffer image
186 */ 81 */
187enum iwl_ucode_type { 82enum iwl_ucode_type {
188 IWL_UCODE_REGULAR, 83 IWL_UCODE_REGULAR,
189 IWL_UCODE_INIT, 84 IWL_UCODE_INIT,
190 IWL_UCODE_WOWLAN, 85 IWL_UCODE_WOWLAN,
86 IWL_UCODE_REGULAR_USNIFFER,
191 IWL_UCODE_TYPE_MAX, 87 IWL_UCODE_TYPE_MAX,
192}; 88};
193 89
@@ -202,14 +98,6 @@ enum iwl_ucode_sec {
202 IWL_UCODE_SECTION_DATA, 98 IWL_UCODE_SECTION_DATA,
203 IWL_UCODE_SECTION_INST, 99 IWL_UCODE_SECTION_INST,
204}; 100};
205/*
206 * For 16.0 uCode and above, there is no differentiation between sections,
207 * just an offset to the HW address.
208 */
209#define IWL_UCODE_SECTION_MAX 12
210#define IWL_API_ARRAY_SIZE 1
211#define IWL_CAPABILITIES_ARRAY_SIZE 1
212#define CPU1_CPU2_SEPARATOR_SECTION 0xFFFFCCCC
213 101
214struct iwl_ucode_capabilities { 102struct iwl_ucode_capabilities {
215 u32 max_probe_length; 103 u32 max_probe_length;
@@ -237,66 +125,6 @@ struct iwl_sf_region {
237 u32 size; 125 u32 size;
238}; 126};
239 127
240/* uCode version contains 4 values: Major/Minor/API/Serial */
241#define IWL_UCODE_MAJOR(ver) (((ver) & 0xFF000000) >> 24)
242#define IWL_UCODE_MINOR(ver) (((ver) & 0x00FF0000) >> 16)
243#define IWL_UCODE_API(ver) (((ver) & 0x0000FF00) >> 8)
244#define IWL_UCODE_SERIAL(ver) ((ver) & 0x000000FF)
245
246/*
247 * Calibration control struct.
248 * Sent as part of the phy configuration command.
249 * @flow_trigger: bitmap for which calibrations to perform according to
250 * flow triggers.
251 * @event_trigger: bitmap for which calibrations to perform according to
252 * event triggers.
253 */
254struct iwl_tlv_calib_ctrl {
255 __le32 flow_trigger;
256 __le32 event_trigger;
257} __packed;
258
259enum iwl_fw_phy_cfg {
260 FW_PHY_CFG_RADIO_TYPE_POS = 0,
261 FW_PHY_CFG_RADIO_TYPE = 0x3 << FW_PHY_CFG_RADIO_TYPE_POS,
262 FW_PHY_CFG_RADIO_STEP_POS = 2,
263 FW_PHY_CFG_RADIO_STEP = 0x3 << FW_PHY_CFG_RADIO_STEP_POS,
264 FW_PHY_CFG_RADIO_DASH_POS = 4,
265 FW_PHY_CFG_RADIO_DASH = 0x3 << FW_PHY_CFG_RADIO_DASH_POS,
266 FW_PHY_CFG_TX_CHAIN_POS = 16,
267 FW_PHY_CFG_TX_CHAIN = 0xf << FW_PHY_CFG_TX_CHAIN_POS,
268 FW_PHY_CFG_RX_CHAIN_POS = 20,
269 FW_PHY_CFG_RX_CHAIN = 0xf << FW_PHY_CFG_RX_CHAIN_POS,
270};
271
272#define IWL_UCODE_MAX_CS 1
273
274/**
275 * struct iwl_fw_cipher_scheme - a cipher scheme supported by FW.
276 * @cipher: a cipher suite selector
277 * @flags: cipher scheme flags (currently reserved for a future use)
278 * @hdr_len: a size of MPDU security header
279 * @pn_len: a size of PN
280 * @pn_off: an offset of pn from the beginning of the security header
281 * @key_idx_off: an offset of key index byte in the security header
282 * @key_idx_mask: a bit mask of key_idx bits
283 * @key_idx_shift: bit shift needed to get key_idx
284 * @mic_len: mic length in bytes
285 * @hw_cipher: a HW cipher index used in host commands
286 */
287struct iwl_fw_cipher_scheme {
288 __le32 cipher;
289 u8 flags;
290 u8 hdr_len;
291 u8 pn_len;
292 u8 pn_off;
293 u8 key_idx_off;
294 u8 key_idx_mask;
295 u8 key_idx_shift;
296 u8 mic_len;
297 u8 hw_cipher;
298} __packed;
299
300/** 128/**
301 * struct iwl_fw_cscheme_list - a cipher scheme list 129 * struct iwl_fw_cscheme_list - a cipher scheme list
302 * @size: a number of entries 130 * @size: a number of entries
@@ -323,6 +151,11 @@ struct iwl_fw_cscheme_list {
323 * @inst_errlog_ptr: error log offfset for runtime ucode. 151 * @inst_errlog_ptr: error log offfset for runtime ucode.
324 * @mvm_fw: indicates this is MVM firmware 152 * @mvm_fw: indicates this is MVM firmware
325 * @cipher_scheme: optional external cipher scheme. 153 * @cipher_scheme: optional external cipher scheme.
154 * @human_readable: human readable version
155 * @dbg_dest_tlv: points to the destination TLV for debug
156 * @dbg_conf_tlv: array of pointers to configuration TLVs for debug
157 * @dbg_conf_tlv_len: lengths of the @dbg_conf_tlv entries
158 * @dbg_dest_reg_num: num of reg_ops in %dbg_dest_tlv
326 */ 159 */
327struct iwl_fw { 160struct iwl_fw {
328 u32 ucode_ver; 161 u32 ucode_ver;
@@ -347,6 +180,68 @@ struct iwl_fw {
347 180
348 struct ieee80211_cipher_scheme cs[IWL_UCODE_MAX_CS]; 181 struct ieee80211_cipher_scheme cs[IWL_UCODE_MAX_CS];
349 u8 human_readable[FW_VER_HUMAN_READABLE_SZ]; 182 u8 human_readable[FW_VER_HUMAN_READABLE_SZ];
183
184 struct iwl_fw_dbg_dest_tlv *dbg_dest_tlv;
185 struct iwl_fw_dbg_conf_tlv *dbg_conf_tlv[FW_DBG_MAX];
186 size_t dbg_conf_tlv_len[FW_DBG_MAX];
187
188 u8 dbg_dest_reg_num;
350}; 189};
351 190
191static inline const char *get_fw_dbg_mode_string(int mode)
192{
193 switch (mode) {
194 case SMEM_MODE:
195 return "SMEM";
196 case EXTERNAL_MODE:
197 return "EXTERNAL_DRAM";
198 case MARBH_MODE:
199 return "MARBH";
200 default:
201 return "UNKNOWN";
202 }
203}
204
205static inline const struct iwl_fw_dbg_trigger *
206iwl_fw_dbg_conf_get_trigger(const struct iwl_fw *fw, u8 id)
207{
208 const struct iwl_fw_dbg_conf_tlv *conf_tlv = fw->dbg_conf_tlv[id];
209 u8 *ptr;
210 int i;
211
212 if (!conf_tlv)
213 return NULL;
214
215 ptr = (void *)&conf_tlv->hcmd;
216 for (i = 0; i < conf_tlv->num_of_hcmds; i++) {
217 ptr += sizeof(conf_tlv->hcmd);
218 ptr += le16_to_cpu(conf_tlv->hcmd.len);
219 }
220
221 return (const struct iwl_fw_dbg_trigger *)ptr;
222}
223
224static inline bool
225iwl_fw_dbg_conf_enabled(const struct iwl_fw *fw, u8 id)
226{
227 const struct iwl_fw_dbg_trigger *trigger =
228 iwl_fw_dbg_conf_get_trigger(fw, id);
229
230 if (!trigger)
231 return false;
232
233 return trigger->enabled;
234}
235
236static inline bool
237iwl_fw_dbg_conf_usniffer(const struct iwl_fw *fw, u8 id)
238{
239 const struct iwl_fw_dbg_conf_tlv *conf_tlv = fw->dbg_conf_tlv[id];
240
241 if (!conf_tlv)
242 return false;
243
244 return conf_tlv->usniffer;
245}
246
352#endif /* __iwl_fw_h__ */ 247#endif /* __iwl_fw_h__ */
diff --git a/drivers/net/wireless/iwlwifi/iwl-nvm-parse.c b/drivers/net/wireless/iwlwifi/iwl-nvm-parse.c
index c302e7468559..06e02fcd6f7b 100644
--- a/drivers/net/wireless/iwlwifi/iwl-nvm-parse.c
+++ b/drivers/net/wireless/iwlwifi/iwl-nvm-parse.c
@@ -325,6 +325,8 @@ static void iwl_init_vht_hw_capab(const struct iwl_cfg *cfg,
325{ 325{
326 int num_rx_ants = num_of_ant(rx_chains); 326 int num_rx_ants = num_of_ant(rx_chains);
327 int num_tx_ants = num_of_ant(tx_chains); 327 int num_tx_ants = num_of_ant(tx_chains);
328 unsigned int max_ampdu_exponent = (cfg->max_vht_ampdu_exponent ?:
329 IEEE80211_VHT_MAX_AMPDU_1024K);
328 330
329 vht_cap->vht_supported = true; 331 vht_cap->vht_supported = true;
330 332
@@ -332,7 +334,8 @@ static void iwl_init_vht_hw_capab(const struct iwl_cfg *cfg,
332 IEEE80211_VHT_CAP_RXSTBC_1 | 334 IEEE80211_VHT_CAP_RXSTBC_1 |
333 IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE | 335 IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
334 3 << IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT | 336 3 << IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT |
335 7 << IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT; 337 max_ampdu_exponent <<
338 IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT;
336 339
337 if (cfg->ht_params->ldpc) 340 if (cfg->ht_params->ldpc)
338 vht_cap->cap |= IEEE80211_VHT_CAP_RXLDPC; 341 vht_cap->cap |= IEEE80211_VHT_CAP_RXLDPC;
diff --git a/drivers/net/wireless/iwlwifi/iwl-op-mode.h b/drivers/net/wireless/iwlwifi/iwl-op-mode.h
index b6d666ee8359..17de6d46222a 100644
--- a/drivers/net/wireless/iwlwifi/iwl-op-mode.h
+++ b/drivers/net/wireless/iwlwifi/iwl-op-mode.h
@@ -138,7 +138,8 @@ struct iwl_cfg;
138 * @nic_config: configure NIC, called before firmware is started. 138 * @nic_config: configure NIC, called before firmware is started.
139 * May sleep 139 * May sleep
140 * @wimax_active: invoked when WiMax becomes active. May sleep 140 * @wimax_active: invoked when WiMax becomes active. May sleep
141 * @enter_d0i3: configure the fw to enter d0i3. May sleep. 141 * @enter_d0i3: configure the fw to enter d0i3. return 1 to indicate d0i3
142 * entrance is aborted (e.g. due to held reference). May sleep.
142 * @exit_d0i3: configure the fw to exit d0i3. May sleep. 143 * @exit_d0i3: configure the fw to exit d0i3. May sleep.
143 */ 144 */
144struct iwl_op_mode_ops { 145struct iwl_op_mode_ops {
diff --git a/drivers/net/wireless/iwlwifi/iwl-prph.h b/drivers/net/wireless/iwlwifi/iwl-prph.h
index 1560f4576c7d..2df51eab1348 100644
--- a/drivers/net/wireless/iwlwifi/iwl-prph.h
+++ b/drivers/net/wireless/iwlwifi/iwl-prph.h
@@ -322,6 +322,7 @@ enum secure_boot_config_reg {
322 LMPM_SECURE_BOOT_CONFIG_INSPECTOR_NOT_REQ = 0x00000002, 322 LMPM_SECURE_BOOT_CONFIG_INSPECTOR_NOT_REQ = 0x00000002,
323}; 323};
324 324
325#define LMPM_SECURE_BOOT_CPU1_STATUS_ADDR_B0 (0xA01E30)
325#define LMPM_SECURE_BOOT_CPU1_STATUS_ADDR (0x1E30) 326#define LMPM_SECURE_BOOT_CPU1_STATUS_ADDR (0x1E30)
326#define LMPM_SECURE_BOOT_CPU2_STATUS_ADDR (0x1E34) 327#define LMPM_SECURE_BOOT_CPU2_STATUS_ADDR (0x1E34)
327enum secure_boot_status_reg { 328enum secure_boot_status_reg {
@@ -333,6 +334,7 @@ enum secure_boot_status_reg {
333 LMPM_SECURE_BOOT_STATUS_SUCCESS = 0x00000003, 334 LMPM_SECURE_BOOT_STATUS_SUCCESS = 0x00000003,
334}; 335};
335 336
337#define FH_UCODE_LOAD_STATUS (0x1AF0)
336#define CSR_UCODE_LOAD_STATUS_ADDR (0x1E70) 338#define CSR_UCODE_LOAD_STATUS_ADDR (0x1E70)
337enum secure_load_status_reg { 339enum secure_load_status_reg {
338 LMPM_CPU_UCODE_LOADING_STARTED = 0x00000001, 340 LMPM_CPU_UCODE_LOADING_STARTED = 0x00000001,
@@ -352,7 +354,7 @@ enum secure_load_status_reg {
352#define LMPM_SECURE_CPU1_HDR_MEM_SPACE (0x420000) 354#define LMPM_SECURE_CPU1_HDR_MEM_SPACE (0x420000)
353#define LMPM_SECURE_CPU2_HDR_MEM_SPACE (0x420400) 355#define LMPM_SECURE_CPU2_HDR_MEM_SPACE (0x420400)
354 356
355#define LMPM_SECURE_TIME_OUT (100) 357#define LMPM_SECURE_TIME_OUT (100) /* 10 micro */
356 358
357/* Rx FIFO */ 359/* Rx FIFO */
358#define RXF_SIZE_ADDR (0xa00c88) 360#define RXF_SIZE_ADDR (0xa00c88)
@@ -368,4 +370,10 @@ enum secure_load_status_reg {
368#define MON_BUFF_WRPTR (0xa03c44) 370#define MON_BUFF_WRPTR (0xa03c44)
369#define MON_BUFF_CYCLE_CNT (0xa03c48) 371#define MON_BUFF_CYCLE_CNT (0xa03c48)
370 372
373/* FW chicken bits */
374#define LMPM_CHICK 0xA01FF8
375enum {
376 LMPM_CHICK_EXTENDED_ADDR_SPACE = BIT(0),
377};
378
371#endif /* __iwl_prph_h__ */ 379#endif /* __iwl_prph_h__ */
diff --git a/drivers/net/wireless/iwlwifi/iwl-trans.h b/drivers/net/wireless/iwlwifi/iwl-trans.h
index 0768f83e709d..028408a6ecba 100644
--- a/drivers/net/wireless/iwlwifi/iwl-trans.h
+++ b/drivers/net/wireless/iwlwifi/iwl-trans.h
@@ -534,6 +534,8 @@ struct iwl_trans_ops {
534 u32 value); 534 u32 value);
535 void (*ref)(struct iwl_trans *trans); 535 void (*ref)(struct iwl_trans *trans);
536 void (*unref)(struct iwl_trans *trans); 536 void (*unref)(struct iwl_trans *trans);
537 void (*suspend)(struct iwl_trans *trans);
538 void (*resume)(struct iwl_trans *trans);
537 539
538 struct iwl_trans_dump_data *(*dump_data)(struct iwl_trans *trans); 540 struct iwl_trans_dump_data *(*dump_data)(struct iwl_trans *trans);
539}; 541};
@@ -572,6 +574,9 @@ enum iwl_trans_state {
572 * @rx_mpdu_cmd_hdr_size: used for tracing, amount of data before the 574 * @rx_mpdu_cmd_hdr_size: used for tracing, amount of data before the
573 * start of the 802.11 header in the @rx_mpdu_cmd 575 * start of the 802.11 header in the @rx_mpdu_cmd
574 * @dflt_pwr_limit: default power limit fetched from the platform (ACPI) 576 * @dflt_pwr_limit: default power limit fetched from the platform (ACPI)
577 * @dbg_dest_tlv: points to the destination TLV for debug
578 * @dbg_conf_tlv: array of pointers to configuration TLVs for debug
579 * @dbg_dest_reg_num: num of reg_ops in %dbg_dest_tlv
575 */ 580 */
576struct iwl_trans { 581struct iwl_trans {
577 const struct iwl_trans_ops *ops; 582 const struct iwl_trans_ops *ops;
@@ -603,6 +608,10 @@ struct iwl_trans {
603 608
604 u64 dflt_pwr_limit; 609 u64 dflt_pwr_limit;
605 610
611 const struct iwl_fw_dbg_dest_tlv *dbg_dest_tlv;
612 const struct iwl_fw_dbg_conf_tlv *dbg_conf_tlv[FW_DBG_MAX];
613 u8 dbg_dest_reg_num;
614
606 /* pointer to trans specific struct */ 615 /* pointer to trans specific struct */
607 /*Ensure that this pointer will always be aligned to sizeof pointer */ 616 /*Ensure that this pointer will always be aligned to sizeof pointer */
608 char trans_specific[0] __aligned(sizeof(void *)); 617 char trans_specific[0] __aligned(sizeof(void *));
@@ -702,6 +711,18 @@ static inline void iwl_trans_unref(struct iwl_trans *trans)
702 trans->ops->unref(trans); 711 trans->ops->unref(trans);
703} 712}
704 713
714static inline void iwl_trans_suspend(struct iwl_trans *trans)
715{
716 if (trans->ops->suspend)
717 trans->ops->suspend(trans);
718}
719
720static inline void iwl_trans_resume(struct iwl_trans *trans)
721{
722 if (trans->ops->resume)
723 trans->ops->resume(trans);
724}
725
705static inline struct iwl_trans_dump_data * 726static inline struct iwl_trans_dump_data *
706iwl_trans_dump_data(struct iwl_trans *trans) 727iwl_trans_dump_data(struct iwl_trans *trans)
707{ 728{
diff --git a/drivers/net/wireless/iwlwifi/mvm/coex.c b/drivers/net/wireless/iwlwifi/mvm/coex.c
index 508c81359e41..a3bfda45d9e6 100644
--- a/drivers/net/wireless/iwlwifi/mvm/coex.c
+++ b/drivers/net/wireless/iwlwifi/mvm/coex.c
@@ -1137,6 +1137,22 @@ bool iwl_mvm_bt_coex_is_mimo_allowed(struct iwl_mvm *mvm,
1137 return lut_type != BT_COEX_LOOSE_LUT; 1137 return lut_type != BT_COEX_LOOSE_LUT;
1138} 1138}
1139 1139
1140bool iwl_mvm_bt_coex_is_ant_avail(struct iwl_mvm *mvm, u8 ant)
1141{
1142 /* there is no other antenna, shared antenna is always available */
1143 if (mvm->cfg->bt_shared_single_ant)
1144 return true;
1145
1146 if (ant & mvm->cfg->non_shared_ant)
1147 return true;
1148
1149 if (!(mvm->fw->ucode_capa.api[0] & IWL_UCODE_TLV_API_BT_COEX_SPLIT))
1150 return iwl_mvm_bt_coex_is_shared_ant_avail_old(mvm);
1151
1152 return le32_to_cpu(mvm->last_bt_notif.bt_activity_grading) <
1153 BT_HIGH_TRAFFIC;
1154}
1155
1140bool iwl_mvm_bt_coex_is_shared_ant_avail(struct iwl_mvm *mvm) 1156bool iwl_mvm_bt_coex_is_shared_ant_avail(struct iwl_mvm *mvm)
1141{ 1157{
1142 /* there is no other antenna, shared antenna is always available */ 1158 /* there is no other antenna, shared antenna is always available */
diff --git a/drivers/net/wireless/iwlwifi/mvm/coex_legacy.c b/drivers/net/wireless/iwlwifi/mvm/coex_legacy.c
index b571e1b0550c..b3210cfbecc8 100644
--- a/drivers/net/wireless/iwlwifi/mvm/coex_legacy.c
+++ b/drivers/net/wireless/iwlwifi/mvm/coex_legacy.c
@@ -612,7 +612,9 @@ int iwl_send_bt_init_conf_old(struct iwl_mvm *mvm)
612 BT_VALID_ANT_ISOLATION_THRS | 612 BT_VALID_ANT_ISOLATION_THRS |
613 BT_VALID_TXTX_DELTA_FREQ_THRS | 613 BT_VALID_TXTX_DELTA_FREQ_THRS |
614 BT_VALID_TXRX_MAX_FREQ_0 | 614 BT_VALID_TXRX_MAX_FREQ_0 |
615 BT_VALID_SYNC_TO_SCO); 615 BT_VALID_SYNC_TO_SCO |
616 BT_VALID_TTC |
617 BT_VALID_RRC);
616 618
617 if (IWL_MVM_BT_COEX_SYNC2SCO) 619 if (IWL_MVM_BT_COEX_SYNC2SCO)
618 bt_cmd->flags |= cpu_to_le32(BT_COEX_SYNC2SCO); 620 bt_cmd->flags |= cpu_to_le32(BT_COEX_SYNC2SCO);
@@ -628,6 +630,12 @@ int iwl_send_bt_init_conf_old(struct iwl_mvm *mvm)
628 bt_cmd->valid_bit_msk |= cpu_to_le32(BT_VALID_MULTI_PRIO_LUT); 630 bt_cmd->valid_bit_msk |= cpu_to_le32(BT_VALID_MULTI_PRIO_LUT);
629 } 631 }
630 632
633 if (IWL_MVM_BT_COEX_TTC)
634 bt_cmd->flags |= cpu_to_le32(BT_COEX_TTC);
635
636 if (IWL_MVM_BT_COEX_RRC)
637 bt_cmd->flags |= cpu_to_le32(BT_COEX_RRC);
638
631 if (mvm->cfg->bt_shared_single_ant) 639 if (mvm->cfg->bt_shared_single_ant)
632 memcpy(&bt_cmd->decision_lut, iwl_single_shared_ant, 640 memcpy(&bt_cmd->decision_lut, iwl_single_shared_ant,
633 sizeof(iwl_single_shared_ant)); 641 sizeof(iwl_single_shared_ant));
@@ -824,6 +832,9 @@ static void iwl_mvm_bt_notif_iterator(void *_data, u8 *mac,
824 if (!vif->bss_conf.assoc) 832 if (!vif->bss_conf.assoc)
825 smps_mode = IEEE80211_SMPS_AUTOMATIC; 833 smps_mode = IEEE80211_SMPS_AUTOMATIC;
826 834
835 if (data->notif->rrc_enabled & BIT(mvmvif->phy_ctxt->id))
836 smps_mode = IEEE80211_SMPS_AUTOMATIC;
837
827 IWL_DEBUG_COEX(data->mvm, 838 IWL_DEBUG_COEX(data->mvm,
828 "mac %d: bt_status %d bt_activity_grading %d smps_req %d\n", 839 "mac %d: bt_status %d bt_activity_grading %d smps_req %d\n",
829 mvmvif->id, data->notif->bt_status, bt_activity_grading, 840 mvmvif->id, data->notif->bt_status, bt_activity_grading,
@@ -1156,6 +1167,12 @@ bool iwl_mvm_bt_coex_is_mimo_allowed_old(struct iwl_mvm *mvm,
1156 return lut_type != BT_COEX_LOOSE_LUT; 1167 return lut_type != BT_COEX_LOOSE_LUT;
1157} 1168}
1158 1169
1170bool iwl_mvm_bt_coex_is_ant_avail_old(struct iwl_mvm *mvm, u8 ant)
1171{
1172 u32 ag = le32_to_cpu(mvm->last_bt_notif_old.bt_activity_grading);
1173 return ag < BT_HIGH_TRAFFIC;
1174}
1175
1159bool iwl_mvm_bt_coex_is_shared_ant_avail_old(struct iwl_mvm *mvm) 1176bool iwl_mvm_bt_coex_is_shared_ant_avail_old(struct iwl_mvm *mvm)
1160{ 1177{
1161 u32 ag = le32_to_cpu(mvm->last_bt_notif_old.bt_activity_grading); 1178 u32 ag = le32_to_cpu(mvm->last_bt_notif_old.bt_activity_grading);
diff --git a/drivers/net/wireless/iwlwifi/mvm/constants.h b/drivers/net/wireless/iwlwifi/mvm/constants.h
index 5c1ea80d5e3b..3bd93476ec1c 100644
--- a/drivers/net/wireless/iwlwifi/mvm/constants.h
+++ b/drivers/net/wireless/iwlwifi/mvm/constants.h
@@ -92,8 +92,10 @@
92#define IWL_MVM_BT_COEX_SYNC2SCO 1 92#define IWL_MVM_BT_COEX_SYNC2SCO 1
93#define IWL_MVM_BT_COEX_CORUNNING 0 93#define IWL_MVM_BT_COEX_CORUNNING 0
94#define IWL_MVM_BT_COEX_MPLUT 1 94#define IWL_MVM_BT_COEX_MPLUT 1
95#define IWL_MVM_BT_COEX_MPLUT_REG0 0x2e402280 95#define IWL_MVM_BT_COEX_RRC 1
96#define IWL_MVM_BT_COEX_MPLUT_REG1 0x7711a751 96#define IWL_MVM_BT_COEX_TTC 1
97#define IWL_MVM_BT_COEX_MPLUT_REG0 0x28412201
98#define IWL_MVM_BT_COEX_MPLUT_REG1 0x11118451
97#define IWL_MVM_BT_COEX_ANTENNA_COUPLING_THRS 30 99#define IWL_MVM_BT_COEX_ANTENNA_COUPLING_THRS 30
98#define IWL_MVM_FW_MCAST_FILTER_PASS_ALL 0 100#define IWL_MVM_FW_MCAST_FILTER_PASS_ALL 0
99#define IWL_MVM_FW_BCAST_FILTER_PASS_ALL 0 101#define IWL_MVM_FW_BCAST_FILTER_PASS_ALL 0
diff --git a/drivers/net/wireless/iwlwifi/mvm/d3.c b/drivers/net/wireless/iwlwifi/mvm/d3.c
index 3bbb511b0b38..744de262373e 100644
--- a/drivers/net/wireless/iwlwifi/mvm/d3.c
+++ b/drivers/net/wireless/iwlwifi/mvm/d3.c
@@ -786,32 +786,18 @@ static int iwl_mvm_switch_to_d3(struct iwl_mvm *mvm)
786} 786}
787 787
788static int 788static int
789iwl_mvm_send_wowlan_config_cmd(struct iwl_mvm *mvm,
790 const struct iwl_wowlan_config_cmd_v3 *cmd)
791{
792 /* start only with the v2 part of the command */
793 u16 cmd_len = sizeof(cmd->common);
794
795 if (mvm->fw->ucode_capa.api[0] & IWL_UCODE_TLV_API_WOWLAN_CONFIG_TID)
796 cmd_len = sizeof(*cmd);
797
798 return iwl_mvm_send_cmd_pdu(mvm, WOWLAN_CONFIGURATION, 0,
799 cmd_len, cmd);
800}
801
802static int
803iwl_mvm_get_wowlan_config(struct iwl_mvm *mvm, 789iwl_mvm_get_wowlan_config(struct iwl_mvm *mvm,
804 struct cfg80211_wowlan *wowlan, 790 struct cfg80211_wowlan *wowlan,
805 struct iwl_wowlan_config_cmd_v3 *wowlan_config_cmd, 791 struct iwl_wowlan_config_cmd *wowlan_config_cmd,
806 struct ieee80211_vif *vif, struct iwl_mvm_vif *mvmvif, 792 struct ieee80211_vif *vif, struct iwl_mvm_vif *mvmvif,
807 struct ieee80211_sta *ap_sta) 793 struct ieee80211_sta *ap_sta)
808{ 794{
809 int ret; 795 int ret;
810 struct iwl_mvm_sta *mvm_ap_sta = (struct iwl_mvm_sta *)ap_sta->drv_priv; 796 struct iwl_mvm_sta *mvm_ap_sta = (struct iwl_mvm_sta *)ap_sta->drv_priv;
811 797
812 /* TODO: wowlan_config_cmd->common.wowlan_ba_teardown_tids */ 798 /* TODO: wowlan_config_cmd->wowlan_ba_teardown_tids */
813 799
814 wowlan_config_cmd->common.is_11n_connection = 800 wowlan_config_cmd->is_11n_connection =
815 ap_sta->ht_cap.ht_supported; 801 ap_sta->ht_cap.ht_supported;
816 802
817 /* Query the last used seqno and set it */ 803 /* Query the last used seqno and set it */
@@ -819,32 +805,32 @@ iwl_mvm_get_wowlan_config(struct iwl_mvm *mvm,
819 if (ret < 0) 805 if (ret < 0)
820 return ret; 806 return ret;
821 807
822 wowlan_config_cmd->common.non_qos_seq = cpu_to_le16(ret); 808 wowlan_config_cmd->non_qos_seq = cpu_to_le16(ret);
823 809
824 iwl_mvm_set_wowlan_qos_seq(mvm_ap_sta, &wowlan_config_cmd->common); 810 iwl_mvm_set_wowlan_qos_seq(mvm_ap_sta, wowlan_config_cmd);
825 811
826 if (wowlan->disconnect) 812 if (wowlan->disconnect)
827 wowlan_config_cmd->common.wakeup_filter |= 813 wowlan_config_cmd->wakeup_filter |=
828 cpu_to_le32(IWL_WOWLAN_WAKEUP_BEACON_MISS | 814 cpu_to_le32(IWL_WOWLAN_WAKEUP_BEACON_MISS |
829 IWL_WOWLAN_WAKEUP_LINK_CHANGE); 815 IWL_WOWLAN_WAKEUP_LINK_CHANGE);
830 if (wowlan->magic_pkt) 816 if (wowlan->magic_pkt)
831 wowlan_config_cmd->common.wakeup_filter |= 817 wowlan_config_cmd->wakeup_filter |=
832 cpu_to_le32(IWL_WOWLAN_WAKEUP_MAGIC_PACKET); 818 cpu_to_le32(IWL_WOWLAN_WAKEUP_MAGIC_PACKET);
833 if (wowlan->gtk_rekey_failure) 819 if (wowlan->gtk_rekey_failure)
834 wowlan_config_cmd->common.wakeup_filter |= 820 wowlan_config_cmd->wakeup_filter |=
835 cpu_to_le32(IWL_WOWLAN_WAKEUP_GTK_REKEY_FAIL); 821 cpu_to_le32(IWL_WOWLAN_WAKEUP_GTK_REKEY_FAIL);
836 if (wowlan->eap_identity_req) 822 if (wowlan->eap_identity_req)
837 wowlan_config_cmd->common.wakeup_filter |= 823 wowlan_config_cmd->wakeup_filter |=
838 cpu_to_le32(IWL_WOWLAN_WAKEUP_EAP_IDENT_REQ); 824 cpu_to_le32(IWL_WOWLAN_WAKEUP_EAP_IDENT_REQ);
839 if (wowlan->four_way_handshake) 825 if (wowlan->four_way_handshake)
840 wowlan_config_cmd->common.wakeup_filter |= 826 wowlan_config_cmd->wakeup_filter |=
841 cpu_to_le32(IWL_WOWLAN_WAKEUP_4WAY_HANDSHAKE); 827 cpu_to_le32(IWL_WOWLAN_WAKEUP_4WAY_HANDSHAKE);
842 if (wowlan->n_patterns) 828 if (wowlan->n_patterns)
843 wowlan_config_cmd->common.wakeup_filter |= 829 wowlan_config_cmd->wakeup_filter |=
844 cpu_to_le32(IWL_WOWLAN_WAKEUP_PATTERN_MATCH); 830 cpu_to_le32(IWL_WOWLAN_WAKEUP_PATTERN_MATCH);
845 831
846 if (wowlan->rfkill_release) 832 if (wowlan->rfkill_release)
847 wowlan_config_cmd->common.wakeup_filter |= 833 wowlan_config_cmd->wakeup_filter |=
848 cpu_to_le32(IWL_WOWLAN_WAKEUP_RF_KILL_DEASSERT); 834 cpu_to_le32(IWL_WOWLAN_WAKEUP_RF_KILL_DEASSERT);
849 835
850 if (wowlan->tcp) { 836 if (wowlan->tcp) {
@@ -852,7 +838,7 @@ iwl_mvm_get_wowlan_config(struct iwl_mvm *mvm,
852 * Set the "link change" (really "link lost") flag as well 838 * Set the "link change" (really "link lost") flag as well
853 * since that implies losing the TCP connection. 839 * since that implies losing the TCP connection.
854 */ 840 */
855 wowlan_config_cmd->common.wakeup_filter |= 841 wowlan_config_cmd->wakeup_filter |=
856 cpu_to_le32(IWL_WOWLAN_WAKEUP_REMOTE_LINK_LOSS | 842 cpu_to_le32(IWL_WOWLAN_WAKEUP_REMOTE_LINK_LOSS |
857 IWL_WOWLAN_WAKEUP_REMOTE_SIGNATURE_TABLE | 843 IWL_WOWLAN_WAKEUP_REMOTE_SIGNATURE_TABLE |
858 IWL_WOWLAN_WAKEUP_REMOTE_WAKEUP_PACKET | 844 IWL_WOWLAN_WAKEUP_REMOTE_WAKEUP_PACKET |
@@ -865,7 +851,7 @@ iwl_mvm_get_wowlan_config(struct iwl_mvm *mvm,
865static int 851static int
866iwl_mvm_wowlan_config(struct iwl_mvm *mvm, 852iwl_mvm_wowlan_config(struct iwl_mvm *mvm,
867 struct cfg80211_wowlan *wowlan, 853 struct cfg80211_wowlan *wowlan,
868 struct iwl_wowlan_config_cmd_v3 *wowlan_config_cmd, 854 struct iwl_wowlan_config_cmd *wowlan_config_cmd,
869 struct ieee80211_vif *vif, struct iwl_mvm_vif *mvmvif, 855 struct ieee80211_vif *vif, struct iwl_mvm_vif *mvmvif,
870 struct ieee80211_sta *ap_sta) 856 struct ieee80211_sta *ap_sta)
871{ 857{
@@ -878,6 +864,10 @@ iwl_mvm_wowlan_config(struct iwl_mvm *mvm,
878 }; 864 };
879 int ret; 865 int ret;
880 866
867 ret = iwl_mvm_switch_to_d3(mvm);
868 if (ret)
869 return ret;
870
881 ret = iwl_mvm_d3_reprogram(mvm, vif, ap_sta); 871 ret = iwl_mvm_d3_reprogram(mvm, vif, ap_sta);
882 if (ret) 872 if (ret)
883 return ret; 873 return ret;
@@ -943,7 +933,9 @@ iwl_mvm_wowlan_config(struct iwl_mvm *mvm,
943 } 933 }
944 } 934 }
945 935
946 ret = iwl_mvm_send_wowlan_config_cmd(mvm, wowlan_config_cmd); 936 ret = iwl_mvm_send_cmd_pdu(mvm, WOWLAN_CONFIGURATION, 0,
937 sizeof(*wowlan_config_cmd),
938 wowlan_config_cmd);
947 if (ret) 939 if (ret)
948 goto out; 940 goto out;
949 941
@@ -962,6 +954,68 @@ out:
962 return ret; 954 return ret;
963} 955}
964 956
957static int
958iwl_mvm_netdetect_config(struct iwl_mvm *mvm,
959 struct cfg80211_wowlan *wowlan,
960 struct cfg80211_sched_scan_request *nd_config,
961 struct ieee80211_vif *vif)
962{
963 struct iwl_wowlan_config_cmd wowlan_config_cmd = {};
964 int ret;
965
966 ret = iwl_mvm_switch_to_d3(mvm);
967 if (ret)
968 return ret;
969
970 /* rfkill release can be either for wowlan or netdetect */
971 if (wowlan->rfkill_release)
972 wowlan_config_cmd.wakeup_filter |=
973 cpu_to_le32(IWL_WOWLAN_WAKEUP_RF_KILL_DEASSERT);
974
975 ret = iwl_mvm_send_cmd_pdu(mvm, WOWLAN_CONFIGURATION, 0,
976 sizeof(wowlan_config_cmd),
977 &wowlan_config_cmd);
978 if (ret)
979 return ret;
980
981 ret = iwl_mvm_scan_offload_start(mvm, vif, nd_config, &mvm->nd_ies);
982 if (ret)
983 return ret;
984
985 if (WARN_ON(mvm->nd_match_sets || mvm->nd_channels))
986 return -EBUSY;
987
988 /* save the sched scan matchsets... */
989 if (nd_config->n_match_sets) {
990 mvm->nd_match_sets = kmemdup(nd_config->match_sets,
991 sizeof(*nd_config->match_sets) *
992 nd_config->n_match_sets,
993 GFP_KERNEL);
994 if (mvm->nd_match_sets)
995 mvm->n_nd_match_sets = nd_config->n_match_sets;
996 }
997
998 /* ...and the sched scan channels for later reporting */
999 mvm->nd_channels = kmemdup(nd_config->channels,
1000 sizeof(*nd_config->channels) *
1001 nd_config->n_channels,
1002 GFP_KERNEL);
1003 if (mvm->nd_channels)
1004 mvm->n_nd_channels = nd_config->n_channels;
1005
1006 return 0;
1007}
1008
1009static void iwl_mvm_free_nd(struct iwl_mvm *mvm)
1010{
1011 kfree(mvm->nd_match_sets);
1012 mvm->nd_match_sets = NULL;
1013 mvm->n_nd_match_sets = 0;
1014 kfree(mvm->nd_channels);
1015 mvm->nd_channels = NULL;
1016 mvm->n_nd_channels = 0;
1017}
1018
965static int __iwl_mvm_suspend(struct ieee80211_hw *hw, 1019static int __iwl_mvm_suspend(struct ieee80211_hw *hw,
966 struct cfg80211_wowlan *wowlan, 1020 struct cfg80211_wowlan *wowlan,
967 bool test) 1021 bool test)
@@ -970,7 +1024,6 @@ static int __iwl_mvm_suspend(struct ieee80211_hw *hw,
970 struct ieee80211_vif *vif = NULL; 1024 struct ieee80211_vif *vif = NULL;
971 struct iwl_mvm_vif *mvmvif = NULL; 1025 struct iwl_mvm_vif *mvmvif = NULL;
972 struct ieee80211_sta *ap_sta = NULL; 1026 struct ieee80211_sta *ap_sta = NULL;
973 struct iwl_wowlan_config_cmd_v3 wowlan_config_cmd = {};
974 struct iwl_d3_manager_config d3_cfg_cmd_data = { 1027 struct iwl_d3_manager_config d3_cfg_cmd_data = {
975 /* 1028 /*
976 * Program the minimum sleep time to 10 seconds, as many 1029 * Program the minimum sleep time to 10 seconds, as many
@@ -1007,8 +1060,22 @@ static int __iwl_mvm_suspend(struct ieee80211_hw *hw,
1007 1060
1008 mvmvif = iwl_mvm_vif_from_mac80211(vif); 1061 mvmvif = iwl_mvm_vif_from_mac80211(vif);
1009 1062
1010 /* if we're associated, this is wowlan */ 1063 if (mvmvif->ap_sta_id == IWL_MVM_STATION_COUNT) {
1011 if (mvmvif->ap_sta_id != IWL_MVM_STATION_COUNT) { 1064 /* if we're not associated, this must be netdetect */
1065 if (!wowlan->nd_config && !mvm->nd_config) {
1066 ret = 1;
1067 goto out_noreset;
1068 }
1069
1070 ret = iwl_mvm_netdetect_config(
1071 mvm, wowlan, wowlan->nd_config ?: mvm->nd_config, vif);
1072 if (ret)
1073 goto out;
1074
1075 mvm->net_detect = true;
1076 } else {
1077 struct iwl_wowlan_config_cmd wowlan_config_cmd = {};
1078
1012 ap_sta = rcu_dereference_protected( 1079 ap_sta = rcu_dereference_protected(
1013 mvm->fw_id_to_mac_id[mvmvif->ap_sta_id], 1080 mvm->fw_id_to_mac_id[mvmvif->ap_sta_id],
1014 lockdep_is_held(&mvm->mutex)); 1081 lockdep_is_held(&mvm->mutex));
@@ -1021,27 +1088,12 @@ static int __iwl_mvm_suspend(struct ieee80211_hw *hw,
1021 vif, mvmvif, ap_sta); 1088 vif, mvmvif, ap_sta);
1022 if (ret) 1089 if (ret)
1023 goto out_noreset; 1090 goto out_noreset;
1024
1025 ret = iwl_mvm_switch_to_d3(mvm);
1026 if (ret)
1027 goto out;
1028
1029 ret = iwl_mvm_wowlan_config(mvm, wowlan, &wowlan_config_cmd, 1091 ret = iwl_mvm_wowlan_config(mvm, wowlan, &wowlan_config_cmd,
1030 vif, mvmvif, ap_sta); 1092 vif, mvmvif, ap_sta);
1031 if (ret) 1093 if (ret)
1032 goto out; 1094 goto out;
1033 } else if (mvm->nd_config) {
1034 ret = iwl_mvm_switch_to_d3(mvm);
1035 if (ret)
1036 goto out;
1037 1095
1038 ret = iwl_mvm_scan_offload_start(mvm, vif, mvm->nd_config, 1096 mvm->net_detect = false;
1039 mvm->nd_ies);
1040 if (ret)
1041 goto out;
1042 } else {
1043 ret = 1;
1044 goto out_noreset;
1045 } 1097 }
1046 1098
1047 ret = iwl_mvm_power_update_device(mvm); 1099 ret = iwl_mvm_power_update_device(mvm);
@@ -1075,8 +1127,10 @@ static int __iwl_mvm_suspend(struct ieee80211_hw *hw,
1075 1127
1076 iwl_trans_d3_suspend(mvm->trans, test); 1128 iwl_trans_d3_suspend(mvm->trans, test);
1077 out: 1129 out:
1078 if (ret < 0) 1130 if (ret < 0) {
1079 ieee80211_restart_hw(mvm->hw); 1131 ieee80211_restart_hw(mvm->hw);
1132 iwl_mvm_free_nd(mvm);
1133 }
1080 out_noreset: 1134 out_noreset:
1081 mutex_unlock(&mvm->mutex); 1135 mutex_unlock(&mvm->mutex);
1082 1136
@@ -1087,6 +1141,7 @@ int iwl_mvm_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
1087{ 1141{
1088 struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw); 1142 struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
1089 1143
1144 iwl_trans_suspend(mvm->trans);
1090 if (iwl_mvm_is_d0i3_supported(mvm)) { 1145 if (iwl_mvm_is_d0i3_supported(mvm)) {
1091 mutex_lock(&mvm->d0i3_suspend_mutex); 1146 mutex_lock(&mvm->d0i3_suspend_mutex);
1092 __set_bit(D0I3_DEFER_WAKEUP, &mvm->d0i3_suspend_flags); 1147 __set_bit(D0I3_DEFER_WAKEUP, &mvm->d0i3_suspend_flags);
@@ -1465,9 +1520,8 @@ out:
1465 return true; 1520 return true;
1466} 1521}
1467 1522
1468/* releases the MVM mutex */ 1523static struct iwl_wowlan_status *
1469static bool iwl_mvm_query_wakeup_reasons(struct iwl_mvm *mvm, 1524iwl_mvm_get_wakeup_status(struct iwl_mvm *mvm, struct ieee80211_vif *vif)
1470 struct ieee80211_vif *vif)
1471{ 1525{
1472 u32 base = mvm->error_event_table; 1526 u32 base = mvm->error_event_table;
1473 struct error_table_start { 1527 struct error_table_start {
@@ -1479,19 +1533,15 @@ static bool iwl_mvm_query_wakeup_reasons(struct iwl_mvm *mvm,
1479 .id = WOWLAN_GET_STATUSES, 1533 .id = WOWLAN_GET_STATUSES,
1480 .flags = CMD_WANT_SKB, 1534 .flags = CMD_WANT_SKB,
1481 }; 1535 };
1482 struct iwl_wowlan_status_data status; 1536 struct iwl_wowlan_status *status, *fw_status;
1483 struct iwl_wowlan_status *fw_status; 1537 int ret, len, status_size;
1484 int ret, len, status_size, i;
1485 bool keep;
1486 struct ieee80211_sta *ap_sta;
1487 struct iwl_mvm_sta *mvm_ap_sta;
1488 1538
1489 iwl_trans_read_mem_bytes(mvm->trans, base, 1539 iwl_trans_read_mem_bytes(mvm->trans, base,
1490 &err_info, sizeof(err_info)); 1540 &err_info, sizeof(err_info));
1491 1541
1492 if (err_info.valid) { 1542 if (err_info.valid) {
1493 IWL_INFO(mvm, "error table is valid (%d)\n", 1543 IWL_INFO(mvm, "error table is valid (%d) with error (%d)\n",
1494 err_info.valid); 1544 err_info.valid, err_info.error_id);
1495 if (err_info.error_id == RF_KILL_INDICATOR_FOR_WOWLAN) { 1545 if (err_info.error_id == RF_KILL_INDICATOR_FOR_WOWLAN) {
1496 struct cfg80211_wowlan_wakeup wakeup = { 1546 struct cfg80211_wowlan_wakeup wakeup = {
1497 .rfkill_release = true, 1547 .rfkill_release = true,
@@ -1499,7 +1549,7 @@ static bool iwl_mvm_query_wakeup_reasons(struct iwl_mvm *mvm,
1499 ieee80211_report_wowlan_wakeup(vif, &wakeup, 1549 ieee80211_report_wowlan_wakeup(vif, &wakeup,
1500 GFP_KERNEL); 1550 GFP_KERNEL);
1501 } 1551 }
1502 goto out_unlock; 1552 return ERR_PTR(-EIO);
1503 } 1553 }
1504 1554
1505 /* only for tracing for now */ 1555 /* only for tracing for now */
@@ -1510,22 +1560,53 @@ static bool iwl_mvm_query_wakeup_reasons(struct iwl_mvm *mvm,
1510 ret = iwl_mvm_send_cmd(mvm, &cmd); 1560 ret = iwl_mvm_send_cmd(mvm, &cmd);
1511 if (ret) { 1561 if (ret) {
1512 IWL_ERR(mvm, "failed to query status (%d)\n", ret); 1562 IWL_ERR(mvm, "failed to query status (%d)\n", ret);
1513 goto out_unlock; 1563 return ERR_PTR(ret);
1514 } 1564 }
1515 1565
1516 /* RF-kill already asserted again... */ 1566 /* RF-kill already asserted again... */
1517 if (!cmd.resp_pkt) 1567 if (!cmd.resp_pkt) {
1518 goto out_unlock; 1568 ret = -ERFKILL;
1569 goto out_free_resp;
1570 }
1519 1571
1520 status_size = sizeof(*fw_status); 1572 status_size = sizeof(*fw_status);
1521 1573
1522 len = iwl_rx_packet_payload_len(cmd.resp_pkt); 1574 len = iwl_rx_packet_payload_len(cmd.resp_pkt);
1523 if (len < status_size) { 1575 if (len < status_size) {
1524 IWL_ERR(mvm, "Invalid WoWLAN status response!\n"); 1576 IWL_ERR(mvm, "Invalid WoWLAN status response!\n");
1577 ret = -EIO;
1525 goto out_free_resp; 1578 goto out_free_resp;
1526 } 1579 }
1527 1580
1528 fw_status = (void *)cmd.resp_pkt->data; 1581 status = (void *)cmd.resp_pkt->data;
1582 if (len != (status_size +
1583 ALIGN(le32_to_cpu(status->wake_packet_bufsize), 4))) {
1584 IWL_ERR(mvm, "Invalid WoWLAN status response!\n");
1585 ret = -EIO;
1586 goto out_free_resp;
1587 }
1588
1589 fw_status = kmemdup(status, len, GFP_KERNEL);
1590
1591out_free_resp:
1592 iwl_free_resp(&cmd);
1593 return ret ? ERR_PTR(ret) : fw_status;
1594}
1595
1596/* releases the MVM mutex */
1597static bool iwl_mvm_query_wakeup_reasons(struct iwl_mvm *mvm,
1598 struct ieee80211_vif *vif)
1599{
1600 struct iwl_wowlan_status_data status;
1601 struct iwl_wowlan_status *fw_status;
1602 int i;
1603 bool keep;
1604 struct ieee80211_sta *ap_sta;
1605 struct iwl_mvm_sta *mvm_ap_sta;
1606
1607 fw_status = iwl_mvm_get_wakeup_status(mvm, vif);
1608 if (IS_ERR_OR_NULL(fw_status))
1609 goto out_unlock;
1529 1610
1530 status.pattern_number = le16_to_cpu(fw_status->pattern_number); 1611 status.pattern_number = le16_to_cpu(fw_status->pattern_number);
1531 for (i = 0; i < 8; i++) 1612 for (i = 0; i < 8; i++)
@@ -1538,17 +1619,12 @@ static bool iwl_mvm_query_wakeup_reasons(struct iwl_mvm *mvm,
1538 le32_to_cpu(fw_status->wake_packet_bufsize); 1619 le32_to_cpu(fw_status->wake_packet_bufsize);
1539 status.wake_packet = fw_status->wake_packet; 1620 status.wake_packet = fw_status->wake_packet;
1540 1621
1541 if (len != status_size + ALIGN(status.wake_packet_bufsize, 4)) {
1542 IWL_ERR(mvm, "Invalid WoWLAN status response!\n");
1543 goto out_free_resp;
1544 }
1545
1546 /* still at hard-coded place 0 for D3 image */ 1622 /* still at hard-coded place 0 for D3 image */
1547 ap_sta = rcu_dereference_protected( 1623 ap_sta = rcu_dereference_protected(
1548 mvm->fw_id_to_mac_id[0], 1624 mvm->fw_id_to_mac_id[0],
1549 lockdep_is_held(&mvm->mutex)); 1625 lockdep_is_held(&mvm->mutex));
1550 if (IS_ERR_OR_NULL(ap_sta)) 1626 if (IS_ERR_OR_NULL(ap_sta))
1551 goto out_free_resp; 1627 goto out_free;
1552 1628
1553 mvm_ap_sta = (struct iwl_mvm_sta *)ap_sta->drv_priv; 1629 mvm_ap_sta = (struct iwl_mvm_sta *)ap_sta->drv_priv;
1554 for (i = 0; i < IWL_MAX_TID_COUNT; i++) { 1630 for (i = 0; i < IWL_MAX_TID_COUNT; i++) {
@@ -1565,16 +1641,151 @@ static bool iwl_mvm_query_wakeup_reasons(struct iwl_mvm *mvm,
1565 1641
1566 keep = iwl_mvm_setup_connection_keep(mvm, vif, fw_status); 1642 keep = iwl_mvm_setup_connection_keep(mvm, vif, fw_status);
1567 1643
1568 iwl_free_resp(&cmd); 1644 kfree(fw_status);
1569 return keep; 1645 return keep;
1570 1646
1571 out_free_resp: 1647out_free:
1572 iwl_free_resp(&cmd); 1648 kfree(fw_status);
1573 out_unlock: 1649out_unlock:
1574 mutex_unlock(&mvm->mutex); 1650 mutex_unlock(&mvm->mutex);
1575 return false; 1651 return false;
1576} 1652}
1577 1653
1654struct iwl_mvm_nd_query_results {
1655 u32 matched_profiles;
1656 struct iwl_scan_offload_profile_match matches[IWL_SCAN_MAX_PROFILES];
1657};
1658
1659static int
1660iwl_mvm_netdetect_query_results(struct iwl_mvm *mvm,
1661 struct iwl_mvm_nd_query_results *results)
1662{
1663 struct iwl_scan_offload_profiles_query *query;
1664 struct iwl_host_cmd cmd = {
1665 .id = SCAN_OFFLOAD_PROFILES_QUERY_CMD,
1666 .flags = CMD_WANT_SKB,
1667 };
1668 int ret, len;
1669
1670 ret = iwl_mvm_send_cmd(mvm, &cmd);
1671 if (ret) {
1672 IWL_ERR(mvm, "failed to query matched profiles (%d)\n", ret);
1673 return ret;
1674 }
1675
1676 /* RF-kill already asserted again... */
1677 if (!cmd.resp_pkt) {
1678 ret = -ERFKILL;
1679 goto out_free_resp;
1680 }
1681
1682 len = iwl_rx_packet_payload_len(cmd.resp_pkt);
1683 if (len < sizeof(*query)) {
1684 IWL_ERR(mvm, "Invalid scan offload profiles query response!\n");
1685 ret = -EIO;
1686 goto out_free_resp;
1687 }
1688
1689 query = (void *)cmd.resp_pkt->data;
1690
1691 results->matched_profiles = le32_to_cpu(query->matched_profiles);
1692 memcpy(results->matches, query->matches, sizeof(results->matches));
1693
1694out_free_resp:
1695 iwl_free_resp(&cmd);
1696 return ret;
1697}
1698
1699static void iwl_mvm_query_netdetect_reasons(struct iwl_mvm *mvm,
1700 struct ieee80211_vif *vif)
1701{
1702 struct cfg80211_wowlan_nd_info *net_detect = NULL;
1703 struct cfg80211_wowlan_wakeup wakeup = {
1704 .pattern_idx = -1,
1705 };
1706 struct cfg80211_wowlan_wakeup *wakeup_report = &wakeup;
1707 struct iwl_mvm_nd_query_results query;
1708 struct iwl_wowlan_status *fw_status;
1709 unsigned long matched_profiles;
1710 u32 reasons = 0;
1711 int i, j, n_matches, ret;
1712
1713 fw_status = iwl_mvm_get_wakeup_status(mvm, vif);
1714 if (!IS_ERR_OR_NULL(fw_status))
1715 reasons = le32_to_cpu(fw_status->wakeup_reasons);
1716
1717 if (reasons & IWL_WOWLAN_WAKEUP_BY_RFKILL_DEASSERTED)
1718 wakeup.rfkill_release = true;
1719
1720 if (reasons != IWL_WOWLAN_WAKEUP_BY_NON_WIRELESS)
1721 goto out;
1722
1723 ret = iwl_mvm_netdetect_query_results(mvm, &query);
1724 if (ret || !query.matched_profiles) {
1725 wakeup_report = NULL;
1726 goto out;
1727 }
1728
1729 matched_profiles = query.matched_profiles;
1730 if (mvm->n_nd_match_sets) {
1731 n_matches = hweight_long(matched_profiles);
1732 } else {
1733 IWL_ERR(mvm, "no net detect match information available\n");
1734 n_matches = 0;
1735 }
1736
1737 net_detect = kzalloc(sizeof(*net_detect) +
1738 (n_matches * sizeof(net_detect->matches[0])),
1739 GFP_KERNEL);
1740 if (!net_detect || !n_matches)
1741 goto out_report_nd;
1742
1743 for_each_set_bit(i, &matched_profiles, mvm->n_nd_match_sets) {
1744 struct iwl_scan_offload_profile_match *fw_match;
1745 struct cfg80211_wowlan_nd_match *match;
1746 int n_channels = 0;
1747
1748 fw_match = &query.matches[i];
1749
1750 for (j = 0; j < SCAN_OFFLOAD_MATCHING_CHANNELS_LEN; j++)
1751 n_channels += hweight8(fw_match->matching_channels[j]);
1752
1753 match = kzalloc(sizeof(*match) +
1754 (n_channels * sizeof(*match->channels)),
1755 GFP_KERNEL);
1756 if (!match)
1757 goto out_report_nd;
1758
1759 net_detect->matches[net_detect->n_matches++] = match;
1760
1761 match->ssid.ssid_len = mvm->nd_match_sets[i].ssid.ssid_len;
1762 memcpy(match->ssid.ssid, mvm->nd_match_sets[i].ssid.ssid,
1763 match->ssid.ssid_len);
1764
1765 if (mvm->n_nd_channels < n_channels)
1766 continue;
1767
1768 for (j = 0; j < SCAN_OFFLOAD_MATCHING_CHANNELS_LEN * 8; j++)
1769 if (fw_match->matching_channels[j / 8] & (BIT(j % 8)))
1770 match->channels[match->n_channels++] =
1771 mvm->nd_channels[j]->center_freq;
1772 }
1773
1774out_report_nd:
1775 wakeup.net_detect = net_detect;
1776out:
1777 iwl_mvm_free_nd(mvm);
1778
1779 mutex_unlock(&mvm->mutex);
1780 ieee80211_report_wowlan_wakeup(vif, wakeup_report, GFP_KERNEL);
1781
1782 if (net_detect) {
1783 for (i = 0; i < net_detect->n_matches; i++)
1784 kfree(net_detect->matches[i]);
1785 kfree(net_detect);
1786 }
1787}
1788
1578static void iwl_mvm_read_d3_sram(struct iwl_mvm *mvm) 1789static void iwl_mvm_read_d3_sram(struct iwl_mvm *mvm)
1579{ 1790{
1580#ifdef CONFIG_IWLWIFI_DEBUGFS 1791#ifdef CONFIG_IWLWIFI_DEBUGFS
@@ -1632,11 +1843,15 @@ static int __iwl_mvm_resume(struct iwl_mvm *mvm, bool test)
1632 /* query SRAM first in case we want event logging */ 1843 /* query SRAM first in case we want event logging */
1633 iwl_mvm_read_d3_sram(mvm); 1844 iwl_mvm_read_d3_sram(mvm);
1634 1845
1635 keep = iwl_mvm_query_wakeup_reasons(mvm, vif); 1846 if (mvm->net_detect) {
1847 iwl_mvm_query_netdetect_reasons(mvm, vif);
1848 } else {
1849 keep = iwl_mvm_query_wakeup_reasons(mvm, vif);
1636#ifdef CONFIG_IWLWIFI_DEBUGFS 1850#ifdef CONFIG_IWLWIFI_DEBUGFS
1637 if (keep) 1851 if (keep)
1638 mvm->keep_vif = vif; 1852 mvm->keep_vif = vif;
1639#endif 1853#endif
1854 }
1640 /* has unlocked the mutex, so skip that */ 1855 /* has unlocked the mutex, so skip that */
1641 goto out; 1856 goto out;
1642 1857
@@ -1651,6 +1866,7 @@ static int __iwl_mvm_resume(struct iwl_mvm *mvm, bool test)
1651 1866
1652 /* return 1 to reconfigure the device */ 1867 /* return 1 to reconfigure the device */
1653 set_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status); 1868 set_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status);
1869 set_bit(IWL_MVM_STATUS_D3_RECONFIG, &mvm->status);
1654 return 1; 1870 return 1;
1655} 1871}
1656 1872
@@ -1658,18 +1874,10 @@ int iwl_mvm_resume(struct ieee80211_hw *hw)
1658{ 1874{
1659 struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw); 1875 struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
1660 1876
1661 if (iwl_mvm_is_d0i3_supported(mvm)) { 1877 iwl_trans_resume(mvm->trans);
1662 bool exit_now;
1663 1878
1664 mutex_lock(&mvm->d0i3_suspend_mutex); 1879 if (iwl_mvm_is_d0i3_supported(mvm))
1665 __clear_bit(D0I3_DEFER_WAKEUP, &mvm->d0i3_suspend_flags);
1666 exit_now = __test_and_clear_bit(D0I3_PENDING_WAKEUP,
1667 &mvm->d0i3_suspend_flags);
1668 mutex_unlock(&mvm->d0i3_suspend_mutex);
1669 if (exit_now)
1670 _iwl_mvm_exit_d0i3(mvm);
1671 return 0; 1880 return 0;
1672 }
1673 1881
1674 return __iwl_mvm_resume(mvm, false); 1882 return __iwl_mvm_resume(mvm, false);
1675} 1883}
diff --git a/drivers/net/wireless/iwlwifi/mvm/debugfs.c b/drivers/net/wireless/iwlwifi/mvm/debugfs.c
index 51b7116965ed..33bf915cd7ea 100644
--- a/drivers/net/wireless/iwlwifi/mvm/debugfs.c
+++ b/drivers/net/wireless/iwlwifi/mvm/debugfs.c
@@ -936,7 +936,11 @@ iwl_dbgfs_scan_ant_rxchain_write(struct iwl_mvm *mvm, char *buf,
936 if (scan_rx_ant & ~mvm->fw->valid_rx_ant) 936 if (scan_rx_ant & ~mvm->fw->valid_rx_ant)
937 return -EINVAL; 937 return -EINVAL;
938 938
939 mvm->scan_rx_ant = scan_rx_ant; 939 if (mvm->scan_rx_ant != scan_rx_ant) {
940 mvm->scan_rx_ant = scan_rx_ant;
941 if (mvm->fw->ucode_capa.capa[0] & IWL_UCODE_TLV_CAPA_UMAC_SCAN)
942 iwl_mvm_config_scan(mvm);
943 }
940 944
941 return count; 945 return count;
942} 946}
@@ -1194,14 +1198,8 @@ static ssize_t iwl_dbgfs_netdetect_write(struct iwl_mvm *mvm, char *buf,
1194 kfree(mvm->nd_config->match_sets); 1198 kfree(mvm->nd_config->match_sets);
1195 kfree(mvm->nd_config); 1199 kfree(mvm->nd_config);
1196 mvm->nd_config = NULL; 1200 mvm->nd_config = NULL;
1197 kfree(mvm->nd_ies);
1198 mvm->nd_ies = NULL;
1199 } 1201 }
1200 1202
1201 mvm->nd_ies = kzalloc(sizeof(*mvm->nd_ies), GFP_KERNEL);
1202 if (!mvm->nd_ies)
1203 return -ENOMEM;
1204
1205 mvm->nd_config = kzalloc(sizeof(*mvm->nd_config) + 1203 mvm->nd_config = kzalloc(sizeof(*mvm->nd_config) +
1206 (11 * sizeof(struct ieee80211_channel *)), 1204 (11 * sizeof(struct ieee80211_channel *)),
1207 GFP_KERNEL); 1205 GFP_KERNEL);
@@ -1258,8 +1256,6 @@ out_free:
1258 kfree(mvm->nd_config->match_sets); 1256 kfree(mvm->nd_config->match_sets);
1259 kfree(mvm->nd_config); 1257 kfree(mvm->nd_config);
1260 mvm->nd_config = NULL; 1258 mvm->nd_config = NULL;
1261 kfree(mvm->nd_ies);
1262 mvm->nd_ies = NULL;
1263out: 1259out:
1264 return ret; 1260 return ret;
1265} 1261}
@@ -1343,6 +1339,7 @@ static ssize_t iwl_dbgfs_d0i3_refs_read(struct file *file,
1343 PRINT_MVM_REF(IWL_MVM_REF_NMI); 1339 PRINT_MVM_REF(IWL_MVM_REF_NMI);
1344 PRINT_MVM_REF(IWL_MVM_REF_TM_CMD); 1340 PRINT_MVM_REF(IWL_MVM_REF_TM_CMD);
1345 PRINT_MVM_REF(IWL_MVM_REF_EXIT_WORK); 1341 PRINT_MVM_REF(IWL_MVM_REF_EXIT_WORK);
1342 PRINT_MVM_REF(IWL_MVM_REF_PROTECT_CSA);
1346 1343
1347 return simple_read_from_buffer(user_buf, count, ppos, buf, pos); 1344 return simple_read_from_buffer(user_buf, count, ppos, buf, pos);
1348} 1345}
diff --git a/drivers/net/wireless/iwlwifi/mvm/fw-api-coex.h b/drivers/net/wireless/iwlwifi/mvm/fw-api-coex.h
index 816883f9ff94..f3b11897991e 100644
--- a/drivers/net/wireless/iwlwifi/mvm/fw-api-coex.h
+++ b/drivers/net/wireless/iwlwifi/mvm/fw-api-coex.h
@@ -84,6 +84,8 @@
84 * @BT_COEX_SYNC2SCO: 84 * @BT_COEX_SYNC2SCO:
85 * @BT_COEX_CORUNNING: 85 * @BT_COEX_CORUNNING:
86 * @BT_COEX_MPLUT: 86 * @BT_COEX_MPLUT:
87 * @BT_COEX_TTC:
88 * @BT_COEX_RRC:
87 * 89 *
88 * The COEX_MODE must be set for each command. Even if it is not changed. 90 * The COEX_MODE must be set for each command. Even if it is not changed.
89 */ 91 */
@@ -100,6 +102,8 @@ enum iwl_bt_coex_flags {
100 BT_COEX_SYNC2SCO = BIT(7), 102 BT_COEX_SYNC2SCO = BIT(7),
101 BT_COEX_CORUNNING = BIT(8), 103 BT_COEX_CORUNNING = BIT(8),
102 BT_COEX_MPLUT = BIT(9), 104 BT_COEX_MPLUT = BIT(9),
105 BT_COEX_TTC = BIT(20),
106 BT_COEX_RRC = BIT(21),
103}; 107};
104 108
105/* 109/*
@@ -127,6 +131,8 @@ enum iwl_bt_coex_valid_bit_msk {
127 BT_VALID_TXTX_DELTA_FREQ_THRS = BIT(16), 131 BT_VALID_TXTX_DELTA_FREQ_THRS = BIT(16),
128 BT_VALID_TXRX_MAX_FREQ_0 = BIT(17), 132 BT_VALID_TXRX_MAX_FREQ_0 = BIT(17),
129 BT_VALID_SYNC_TO_SCO = BIT(18), 133 BT_VALID_SYNC_TO_SCO = BIT(18),
134 BT_VALID_TTC = BIT(20),
135 BT_VALID_RRC = BIT(21),
130}; 136};
131 137
132/** 138/**
@@ -506,7 +512,8 @@ struct iwl_bt_coex_profile_notif_old {
506 u8 bt_agg_traffic_load; 512 u8 bt_agg_traffic_load;
507 u8 bt_ci_compliance; 513 u8 bt_ci_compliance;
508 u8 ttc_enabled; 514 u8 ttc_enabled;
509 __le16 reserved; 515 u8 rrc_enabled;
516 u8 reserved;
510 517
511 __le32 primary_ch_lut; 518 __le32 primary_ch_lut;
512 __le32 secondary_ch_lut; 519 __le32 secondary_ch_lut;
diff --git a/drivers/net/wireless/iwlwifi/mvm/fw-api-d3.h b/drivers/net/wireless/iwlwifi/mvm/fw-api-d3.h
index e74cdf2132f8..6d3bea5c59d1 100644
--- a/drivers/net/wireless/iwlwifi/mvm/fw-api-d3.h
+++ b/drivers/net/wireless/iwlwifi/mvm/fw-api-d3.h
@@ -241,16 +241,12 @@ enum iwl_wowlan_wakeup_filters {
241 IWL_WOWLAN_WAKEUP_BCN_FILTERING = BIT(16), 241 IWL_WOWLAN_WAKEUP_BCN_FILTERING = BIT(16),
242}; /* WOWLAN_WAKEUP_FILTER_API_E_VER_4 */ 242}; /* WOWLAN_WAKEUP_FILTER_API_E_VER_4 */
243 243
244struct iwl_wowlan_config_cmd_v2 { 244struct iwl_wowlan_config_cmd {
245 __le32 wakeup_filter; 245 __le32 wakeup_filter;
246 __le16 non_qos_seq; 246 __le16 non_qos_seq;
247 __le16 qos_seq[8]; 247 __le16 qos_seq[8];
248 u8 wowlan_ba_teardown_tids; 248 u8 wowlan_ba_teardown_tids;
249 u8 is_11n_connection; 249 u8 is_11n_connection;
250} __packed; /* WOWLAN_CONFIG_API_S_VER_2 */
251
252struct iwl_wowlan_config_cmd_v3 {
253 struct iwl_wowlan_config_cmd_v2 common;
254 u8 offloading_tid; 250 u8 offloading_tid;
255 u8 reserved[3]; 251 u8 reserved[3];
256} __packed; /* WOWLAN_CONFIG_API_S_VER_3 */ 252} __packed; /* WOWLAN_CONFIG_API_S_VER_3 */
diff --git a/drivers/net/wireless/iwlwifi/mvm/fw-api-power.h b/drivers/net/wireless/iwlwifi/mvm/fw-api-power.h
index 2fd8ad4633e0..430020047b77 100644
--- a/drivers/net/wireless/iwlwifi/mvm/fw-api-power.h
+++ b/drivers/net/wireless/iwlwifi/mvm/fw-api-power.h
@@ -370,7 +370,7 @@ struct iwl_beacon_filter_cmd {
370#define IWL_BF_DEBUG_FLAG_DEFAULT 0 370#define IWL_BF_DEBUG_FLAG_DEFAULT 0
371#define IWL_BF_DEBUG_FLAG_D0I3 0 371#define IWL_BF_DEBUG_FLAG_D0I3 0
372 372
373#define IWL_BF_ESCAPE_TIMER_DEFAULT 50 373#define IWL_BF_ESCAPE_TIMER_DEFAULT 0
374#define IWL_BF_ESCAPE_TIMER_D0I3 0 374#define IWL_BF_ESCAPE_TIMER_D0I3 0
375#define IWL_BF_ESCAPE_TIMER_MAX 1024 375#define IWL_BF_ESCAPE_TIMER_MAX 1024
376#define IWL_BF_ESCAPE_TIMER_MIN 0 376#define IWL_BF_ESCAPE_TIMER_MIN 0
diff --git a/drivers/net/wireless/iwlwifi/mvm/fw-api-scan.h b/drivers/net/wireless/iwlwifi/mvm/fw-api-scan.h
index 1354c68f6468..1f2acf47bfb2 100644
--- a/drivers/net/wireless/iwlwifi/mvm/fw-api-scan.h
+++ b/drivers/net/wireless/iwlwifi/mvm/fw-api-scan.h
@@ -794,4 +794,301 @@ struct iwl_periodic_scan_complete {
794 __le32 reserved; 794 __le32 reserved;
795} __packed; 795} __packed;
796 796
797/* UMAC Scan API */
798
799/**
800 * struct iwl_mvm_umac_cmd_hdr - Command header for UMAC commands
801 * @size: size of the command (not including header)
802 * @reserved0: for future use and alignment
803 * @ver: API version number
804 */
805struct iwl_mvm_umac_cmd_hdr {
806 __le16 size;
807 u8 reserved0;
808 u8 ver;
809} __packed;
810
811#define IWL_MVM_MAX_SIMULTANEOUS_SCANS 8
812
813enum scan_config_flags {
814 SCAN_CONFIG_FLAG_ACTIVATE = BIT(0),
815 SCAN_CONFIG_FLAG_DEACTIVATE = BIT(1),
816 SCAN_CONFIG_FLAG_FORBID_CHUB_REQS = BIT(2),
817 SCAN_CONFIG_FLAG_ALLOW_CHUB_REQS = BIT(3),
818 SCAN_CONFIG_FLAG_SET_TX_CHAINS = BIT(8),
819 SCAN_CONFIG_FLAG_SET_RX_CHAINS = BIT(9),
820 SCAN_CONFIG_FLAG_SET_AUX_STA_ID = BIT(10),
821 SCAN_CONFIG_FLAG_SET_ALL_TIMES = BIT(11),
822 SCAN_CONFIG_FLAG_SET_EFFECTIVE_TIMES = BIT(12),
823 SCAN_CONFIG_FLAG_SET_CHANNEL_FLAGS = BIT(13),
824 SCAN_CONFIG_FLAG_SET_LEGACY_RATES = BIT(14),
825 SCAN_CONFIG_FLAG_SET_MAC_ADDR = BIT(15),
826 SCAN_CONFIG_FLAG_SET_FRAGMENTED = BIT(16),
827 SCAN_CONFIG_FLAG_CLEAR_FRAGMENTED = BIT(17),
828 SCAN_CONFIG_FLAG_SET_CAM_MODE = BIT(18),
829 SCAN_CONFIG_FLAG_CLEAR_CAM_MODE = BIT(19),
830 SCAN_CONFIG_FLAG_SET_PROMISC_MODE = BIT(20),
831 SCAN_CONFIG_FLAG_CLEAR_PROMISC_MODE = BIT(21),
832
833 /* Bits 26-31 are for num of channels in channel_array */
834#define SCAN_CONFIG_N_CHANNELS(n) ((n) << 26)
835};
836
837enum scan_config_rates {
838 /* OFDM basic rates */
839 SCAN_CONFIG_RATE_6M = BIT(0),
840 SCAN_CONFIG_RATE_9M = BIT(1),
841 SCAN_CONFIG_RATE_12M = BIT(2),
842 SCAN_CONFIG_RATE_18M = BIT(3),
843 SCAN_CONFIG_RATE_24M = BIT(4),
844 SCAN_CONFIG_RATE_36M = BIT(5),
845 SCAN_CONFIG_RATE_48M = BIT(6),
846 SCAN_CONFIG_RATE_54M = BIT(7),
847 /* CCK basic rates */
848 SCAN_CONFIG_RATE_1M = BIT(8),
849 SCAN_CONFIG_RATE_2M = BIT(9),
850 SCAN_CONFIG_RATE_5M = BIT(10),
851 SCAN_CONFIG_RATE_11M = BIT(11),
852
853 /* Bits 16-27 are for supported rates */
854#define SCAN_CONFIG_SUPPORTED_RATE(rate) ((rate) << 16)
855};
856
857enum iwl_channel_flags {
858 IWL_CHANNEL_FLAG_EBS = BIT(0),
859 IWL_CHANNEL_FLAG_ACCURATE_EBS = BIT(1),
860 IWL_CHANNEL_FLAG_EBS_ADD = BIT(2),
861 IWL_CHANNEL_FLAG_PRE_SCAN_PASSIVE2ACTIVE = BIT(3),
862};
863
864/**
865 * struct iwl_scan_config
866 * @hdr: umac command header
867 * @flags: enum scan_config_flags
868 * @tx_chains: valid_tx antenna - ANT_* definitions
869 * @rx_chains: valid_rx antenna - ANT_* definitions
870 * @legacy_rates: default legacy rates - enum scan_config_rates
871 * @out_of_channel_time: default max out of serving channel time
872 * @suspend_time: default max suspend time
873 * @dwell_active: default dwell time for active scan
874 * @dwell_passive: default dwell time for passive scan
875 * @dwell_fragmented: default dwell time for fragmented scan
876 * @reserved: for future use and alignment
877 * @mac_addr: default mac address to be used in probes
878 * @bcast_sta_id: the index of the station in the fw
879 * @channel_flags: default channel flags - enum iwl_channel_flags
880 * scan_config_channel_flag
881 * @channel_array: default supported channels
882 */
883struct iwl_scan_config {
884 struct iwl_mvm_umac_cmd_hdr hdr;
885 __le32 flags;
886 __le32 tx_chains;
887 __le32 rx_chains;
888 __le32 legacy_rates;
889 __le32 out_of_channel_time;
890 __le32 suspend_time;
891 u8 dwell_active;
892 u8 dwell_passive;
893 u8 dwell_fragmented;
894 u8 reserved;
895 u8 mac_addr[ETH_ALEN];
896 u8 bcast_sta_id;
897 u8 channel_flags;
898 u8 channel_array[];
899} __packed; /* SCAN_CONFIG_DB_CMD_API_S */
900
901/**
902 * iwl_umac_scan_flags
903 *@IWL_UMAC_SCAN_FLAG_PREEMPTIVE: scan process triggered by this scan request
904 * can be preempted by other scan requests with higher priority.
905 * The low priority scan is aborted.
906 *@IWL_UMAC_SCAN_FLAG_START_NOTIF: notification will be sent to the driver
907 * when scan starts.
908 */
909enum iwl_umac_scan_flags {
910 IWL_UMAC_SCAN_FLAG_PREEMPTIVE = BIT(0),
911 IWL_UMAC_SCAN_FLAG_START_NOTIF = BIT(1),
912};
913
914enum iwl_umac_scan_uid_offsets {
915 IWL_UMAC_SCAN_UID_TYPE_OFFSET = 0,
916 IWL_UMAC_SCAN_UID_SEQ_OFFSET = 8,
917};
918
919enum iwl_umac_scan_general_flags {
920 IWL_UMAC_SCAN_GEN_FLAGS_PERIODIC = BIT(0),
921 IWL_UMAC_SCAN_GEN_FLAGS_OVER_BT = BIT(1),
922 IWL_UMAC_SCAN_GEN_FLAGS_PASS_ALL = BIT(2),
923 IWL_UMAC_SCAN_GEN_FLAGS_PASSIVE = BIT(3),
924 IWL_UMAC_SCAN_GEN_FLAGS_PRE_CONNECT = BIT(4),
925 IWL_UMAC_SCAN_GEN_FLAGS_ITER_COMPLETE = BIT(5),
926 IWL_UMAC_SCAN_GEN_FLAGS_MULTIPLE_SSID = BIT(6),
927 IWL_UMAC_SCAN_GEN_FLAGS_FRAGMENTED = BIT(7),
928 IWL_UMAC_SCAN_GEN_FLAGS_RRM_ENABLED = BIT(8),
929 IWL_UMAC_SCAN_GEN_FLAGS_MATCH = BIT(9)
930};
931
932/**
933 * struct iwl_scan_channel_cfg_umac
934 * @flags: bitmap - 0-19: directed scan to i'th ssid.
935 * @channel_num: channel number 1-13 etc.
936 * @iter_count: repetition count for the channel.
937 * @iter_interval: interval between two scan interations on one channel.
938 */
939struct iwl_scan_channel_cfg_umac {
940 __le32 flags;
941 u8 channel_num;
942 u8 iter_count;
943 __le16 iter_interval;
944} __packed; /* SCAN_CHANNEL_CFG_S_VER2 */
945
946/**
947 * struct iwl_scan_umac_schedule
948 * @interval: interval in seconds between scan iterations
949 * @iter_count: num of scan iterations for schedule plan, 0xff for infinite loop
950 * @reserved: for alignment and future use
951 */
952struct iwl_scan_umac_schedule {
953 __le16 interval;
954 u8 iter_count;
955 u8 reserved;
956} __packed; /* SCAN_SCHED_PARAM_API_S_VER_1 */
957
958/**
959 * struct iwl_scan_req_umac_tail - the rest of the UMAC scan request command
960 * parameters following channels configuration array.
961 * @schedule: two scheduling plans.
962 * @delay: delay in TUs before starting the first scan iteration
963 * @reserved: for future use and alignment
964 * @preq: probe request with IEs blocks
965 * @direct_scan: list of SSIDs for directed active scan
966 */
967struct iwl_scan_req_umac_tail {
968 /* SCAN_PERIODIC_PARAMS_API_S_VER_1 */
969 struct iwl_scan_umac_schedule schedule[2];
970 __le16 delay;
971 __le16 reserved;
972 /* SCAN_PROBE_PARAMS_API_S_VER_1 */
973 struct iwl_scan_probe_req preq;
974 struct iwl_ssid_ie direct_scan[PROBE_OPTION_MAX];
975} __packed;
976
977/**
978 * struct iwl_scan_req_umac
979 * @hdr: umac command header
980 * @flags: &enum iwl_umac_scan_flags
981 * @uid: scan id, &enum iwl_umac_scan_uid_offsets
982 * @ooc_priority: out of channel priority - &enum iwl_scan_priority
983 * @general_flags: &enum iwl_umac_scan_general_flags
984 * @reserved1: for future use and alignment
985 * @active_dwell: dwell time for active scan
986 * @passive_dwell: dwell time for passive scan
987 * @fragmented_dwell: dwell time for fragmented passive scan
988 * @max_out_time: max out of serving channel time
989 * @suspend_time: max suspend time
990 * @scan_priority: scan internal prioritization &enum iwl_scan_priority
991 * @channel_flags: &enum iwl_scan_channel_flags
992 * @n_channels: num of channels in scan request
993 * @reserved2: for future use and alignment
994 * @data: &struct iwl_scan_channel_cfg_umac and
995 * &struct iwl_scan_req_umac_tail
996 */
997struct iwl_scan_req_umac {
998 struct iwl_mvm_umac_cmd_hdr hdr;
999 __le32 flags;
1000 __le32 uid;
1001 __le32 ooc_priority;
1002 /* SCAN_GENERAL_PARAMS_API_S_VER_1 */
1003 __le32 general_flags;
1004 u8 reserved1;
1005 u8 active_dwell;
1006 u8 passive_dwell;
1007 u8 fragmented_dwell;
1008 __le32 max_out_time;
1009 __le32 suspend_time;
1010 __le32 scan_priority;
1011 /* SCAN_CHANNEL_PARAMS_API_S_VER_1 */
1012 u8 channel_flags;
1013 u8 n_channels;
1014 __le16 reserved2;
1015 u8 data[];
1016} __packed; /* SCAN_REQUEST_CMD_UMAC_API_S_VER_1 */
1017
1018/**
1019 * struct iwl_umac_scan_abort
1020 * @hdr: umac command header
1021 * @uid: scan id, &enum iwl_umac_scan_uid_offsets
1022 * @flags: reserved
1023 */
1024struct iwl_umac_scan_abort {
1025 struct iwl_mvm_umac_cmd_hdr hdr;
1026 __le32 uid;
1027 __le32 flags;
1028} __packed; /* SCAN_ABORT_CMD_UMAC_API_S_VER_1 */
1029
1030/**
1031 * struct iwl_umac_scan_complete
1032 * @uid: scan id, &enum iwl_umac_scan_uid_offsets
1033 * @last_schedule: last scheduling line
1034 * @last_iter: last scan iteration number
1035 * @scan status: &enum iwl_scan_offload_complete_status
1036 * @ebs_status: &enum iwl_scan_ebs_status
1037 * @time_from_last_iter: time elapsed from last iteration
1038 * @reserved: for future use
1039 */
1040struct iwl_umac_scan_complete {
1041 __le32 uid;
1042 u8 last_schedule;
1043 u8 last_iter;
1044 u8 status;
1045 u8 ebs_status;
1046 __le32 time_from_last_iter;
1047 __le32 reserved;
1048} __packed; /* SCAN_COMPLETE_NTF_UMAC_API_S_VER_1 */
1049
1050#define SCAN_OFFLOAD_MATCHING_CHANNELS_LEN 5
1051/**
1052 * struct iwl_scan_offload_profile_match - match information
1053 * @bssid: matched bssid
1054 * @channel: channel where the match occurred
1055 * @energy:
1056 * @matching_feature:
1057 * @matching_channels: bitmap of channels that matched, referencing
1058 * the channels passed in tue scan offload request
1059 */
1060struct iwl_scan_offload_profile_match {
1061 u8 bssid[ETH_ALEN];
1062 __le16 reserved;
1063 u8 channel;
1064 u8 energy;
1065 u8 matching_feature;
1066 u8 matching_channels[SCAN_OFFLOAD_MATCHING_CHANNELS_LEN];
1067} __packed; /* SCAN_OFFLOAD_PROFILE_MATCH_RESULTS_S_VER_1 */
1068
1069/**
1070 * struct iwl_scan_offload_profiles_query - match results query response
1071 * @matched_profiles: bitmap of matched profiles, referencing the
1072 * matches passed in the scan offload request
1073 * @last_scan_age: age of the last offloaded scan
1074 * @n_scans_done: number of offloaded scans done
1075 * @gp2_d0u: GP2 when D0U occurred
1076 * @gp2_invoked: GP2 when scan offload was invoked
1077 * @resume_while_scanning: not used
1078 * @self_recovery: obsolete
1079 * @reserved: reserved
1080 * @matches: array of match information, one for each match
1081 */
1082struct iwl_scan_offload_profiles_query {
1083 __le32 matched_profiles;
1084 __le32 last_scan_age;
1085 __le32 n_scans_done;
1086 __le32 gp2_d0u;
1087 __le32 gp2_invoked;
1088 u8 resume_while_scanning;
1089 u8 self_recovery;
1090 __le16 reserved;
1091 struct iwl_scan_offload_profile_match matches[IWL_SCAN_MAX_PROFILES];
1092} __packed; /* SCAN_OFFLOAD_PROFILES_QUERY_RSP_S_VER_2 */
1093
797#endif 1094#endif
diff --git a/drivers/net/wireless/iwlwifi/mvm/fw-api.h b/drivers/net/wireless/iwlwifi/mvm/fw-api.h
index c62575d86bcd..88af6dd2ceaa 100644
--- a/drivers/net/wireless/iwlwifi/mvm/fw-api.h
+++ b/drivers/net/wireless/iwlwifi/mvm/fw-api.h
@@ -106,6 +106,12 @@ enum {
106 DBG_CFG = 0x9, 106 DBG_CFG = 0x9,
107 ANTENNA_COUPLING_NOTIFICATION = 0xa, 107 ANTENNA_COUPLING_NOTIFICATION = 0xa,
108 108
109 /* UMAC scan commands */
110 SCAN_CFG_CMD = 0xc,
111 SCAN_REQ_UMAC = 0xd,
112 SCAN_ABORT_UMAC = 0xe,
113 SCAN_COMPLETE_UMAC = 0xf,
114
109 /* station table */ 115 /* station table */
110 ADD_STA_KEY = 0x17, 116 ADD_STA_KEY = 0x17,
111 ADD_STA = 0x18, 117 ADD_STA = 0x18,
@@ -122,6 +128,11 @@ enum {
122 /* global key */ 128 /* global key */
123 WEP_KEY = 0x20, 129 WEP_KEY = 0x20,
124 130
131 /* TDLS */
132 TDLS_CHANNEL_SWITCH_CMD = 0x27,
133 TDLS_CHANNEL_SWITCH_NOTIFICATION = 0xaa,
134 TDLS_CONFIG_CMD = 0xa7,
135
125 /* MAC and Binding commands */ 136 /* MAC and Binding commands */
126 MAC_CONTEXT_CMD = 0x28, 137 MAC_CONTEXT_CMD = 0x28,
127 TIME_EVENT_CMD = 0x29, /* both CMD and response */ 138 TIME_EVENT_CMD = 0x29, /* both CMD and response */
@@ -190,6 +201,8 @@ enum {
190 /* Power - new power table command */ 201 /* Power - new power table command */
191 MAC_PM_POWER_TABLE = 0xa9, 202 MAC_PM_POWER_TABLE = 0xa9,
192 203
204 MFUART_LOAD_NOTIFICATION = 0xb1,
205
193 REPLY_RX_PHY_CMD = 0xc0, 206 REPLY_RX_PHY_CMD = 0xc0,
194 REPLY_RX_MPDU_CMD = 0xc1, 207 REPLY_RX_MPDU_CMD = 0xc1,
195 BA_NOTIF = 0xc5, 208 BA_NOTIF = 0xc5,
@@ -236,11 +249,9 @@ enum {
236 WOWLAN_TX_POWER_PER_DB = 0xe6, 249 WOWLAN_TX_POWER_PER_DB = 0xe6,
237 250
238 /* and for NetDetect */ 251 /* and for NetDetect */
239 NET_DETECT_CONFIG_CMD = 0x54, 252 SCAN_OFFLOAD_PROFILES_QUERY_CMD = 0x56,
240 NET_DETECT_PROFILES_QUERY_CMD = 0x56, 253 SCAN_OFFLOAD_HOTSPOTS_CONFIG_CMD = 0x58,
241 NET_DETECT_PROFILES_CMD = 0x57, 254 SCAN_OFFLOAD_HOTSPOTS_QUERY_CMD = 0x59,
242 NET_DETECT_HOTSPOTS_CMD = 0x58,
243 NET_DETECT_HOTSPOTS_QUERY_CMD = 0x59,
244 255
245 REPLY_MAX = 0xff, 256 REPLY_MAX = 0xff,
246}; 257};
@@ -1201,6 +1212,21 @@ struct iwl_missed_beacons_notif {
1201} __packed; /* MISSED_BEACON_NTFY_API_S_VER_3 */ 1212} __packed; /* MISSED_BEACON_NTFY_API_S_VER_3 */
1202 1213
1203/** 1214/**
1215 * struct iwl_mfuart_load_notif - mfuart image version & status
1216 * ( MFUART_LOAD_NOTIFICATION = 0xb1 )
1217 * @installed_ver: installed image version
1218 * @external_ver: external image version
1219 * @status: MFUART loading status
1220 * @duration: MFUART loading time
1221*/
1222struct iwl_mfuart_load_notif {
1223 __le32 installed_ver;
1224 __le32 external_ver;
1225 __le32 status;
1226 __le32 duration;
1227} __packed; /*MFU_LOADER_NTFY_API_S_VER_1*/
1228
1229/**
1204 * struct iwl_set_calib_default_cmd - set default value for calibration. 1230 * struct iwl_set_calib_default_cmd - set default value for calibration.
1205 * ( SET_CALIB_DEFAULT_CMD = 0x8e ) 1231 * ( SET_CALIB_DEFAULT_CMD = 0x8e )
1206 * @calib_index: the calibration to set value for 1232 * @calib_index: the calibration to set value for
@@ -1589,7 +1615,7 @@ enum iwl_sf_scenario {
1589#define SF_NUM_TIMEOUT_TYPES 2 /* Aging timer and Idle timer */ 1615#define SF_NUM_TIMEOUT_TYPES 2 /* Aging timer and Idle timer */
1590 1616
1591/* smart FIFO default values */ 1617/* smart FIFO default values */
1592#define SF_W_MARK_SISO 4096 1618#define SF_W_MARK_SISO 6144
1593#define SF_W_MARK_MIMO2 8192 1619#define SF_W_MARK_MIMO2 8192
1594#define SF_W_MARK_MIMO3 6144 1620#define SF_W_MARK_MIMO3 6144
1595#define SF_W_MARK_LEGACY 4096 1621#define SF_W_MARK_LEGACY 4096
@@ -1711,4 +1737,145 @@ struct iwl_scd_txq_cfg_cmd {
1711 u8 flags; 1737 u8 flags;
1712} __packed; 1738} __packed;
1713 1739
1740/***********************************
1741 * TDLS API
1742 ***********************************/
1743
1744/* Type of TDLS request */
1745enum iwl_tdls_channel_switch_type {
1746 TDLS_SEND_CHAN_SW_REQ = 0,
1747 TDLS_SEND_CHAN_SW_RESP_AND_MOVE_CH,
1748 TDLS_MOVE_CH,
1749}; /* TDLS_STA_CHANNEL_SWITCH_CMD_TYPE_API_E_VER_1 */
1750
1751/**
1752 * Switch timing sub-element in a TDLS channel-switch command
1753 * @frame_timestamp: GP2 timestamp of channel-switch request/response packet
1754 * received from peer
1755 * @max_offchan_duration: What amount of microseconds out of a DTIM is given
1756 * to the TDLS off-channel communication. For instance if the DTIM is
1757 * 200TU and the TDLS peer is to be given 25% of the time, the value
1758 * given will be 50TU, or 50 * 1024 if translated into microseconds.
1759 * @switch_time: switch time the peer sent in its channel switch timing IE
1760 * @switch_timout: switch timeout the peer sent in its channel switch timing IE
1761 */
1762struct iwl_tdls_channel_switch_timing {
1763 __le32 frame_timestamp; /* GP2 time of peer packet Rx */
1764 __le32 max_offchan_duration; /* given in micro-seconds */
1765 __le32 switch_time; /* given in micro-seconds */
1766 __le32 switch_timeout; /* given in micro-seconds */
1767} __packed; /* TDLS_STA_CHANNEL_SWITCH_TIMING_DATA_API_S_VER_1 */
1768
1769#define IWL_TDLS_CH_SW_FRAME_MAX_SIZE 200
1770
1771/**
1772 * TDLS channel switch frame template
1773 *
1774 * A template representing a TDLS channel-switch request or response frame
1775 *
1776 * @switch_time_offset: offset to the channel switch timing IE in the template
1777 * @tx_cmd: Tx parameters for the frame
1778 * @data: frame data
1779 */
1780struct iwl_tdls_channel_switch_frame {
1781 __le32 switch_time_offset;
1782 struct iwl_tx_cmd tx_cmd;
1783 u8 data[IWL_TDLS_CH_SW_FRAME_MAX_SIZE];
1784} __packed; /* TDLS_STA_CHANNEL_SWITCH_FRAME_API_S_VER_1 */
1785
1786/**
1787 * TDLS channel switch command
1788 *
1789 * The command is sent to initiate a channel switch and also in response to
1790 * incoming TDLS channel-switch request/response packets from remote peers.
1791 *
1792 * @switch_type: see &enum iwl_tdls_channel_switch_type
1793 * @peer_sta_id: station id of TDLS peer
1794 * @ci: channel we switch to
1795 * @timing: timing related data for command
1796 * @frame: channel-switch request/response template, depending to switch_type
1797 */
1798struct iwl_tdls_channel_switch_cmd {
1799 u8 switch_type;
1800 __le32 peer_sta_id;
1801 struct iwl_fw_channel_info ci;
1802 struct iwl_tdls_channel_switch_timing timing;
1803 struct iwl_tdls_channel_switch_frame frame;
1804} __packed; /* TDLS_STA_CHANNEL_SWITCH_CMD_API_S_VER_1 */
1805
1806/**
1807 * TDLS channel switch start notification
1808 *
1809 * @status: non-zero on success
1810 * @offchannel_duration: duration given in microseconds
1811 * @sta_id: peer currently performing the channel-switch with
1812 */
1813struct iwl_tdls_channel_switch_notif {
1814 __le32 status;
1815 __le32 offchannel_duration;
1816 __le32 sta_id;
1817} __packed; /* TDLS_STA_CHANNEL_SWITCH_NTFY_API_S_VER_1 */
1818
1819/**
1820 * TDLS station info
1821 *
1822 * @sta_id: station id of the TDLS peer
1823 * @tx_to_peer_tid: TID reserved vs. the peer for FW based Tx
1824 * @tx_to_peer_ssn: initial SSN the FW should use for Tx on its TID vs the peer
1825 * @is_initiator: 1 if the peer is the TDLS link initiator, 0 otherwise
1826 */
1827struct iwl_tdls_sta_info {
1828 u8 sta_id;
1829 u8 tx_to_peer_tid;
1830 __le16 tx_to_peer_ssn;
1831 __le32 is_initiator;
1832} __packed; /* TDLS_STA_INFO_VER_1 */
1833
1834/**
1835 * TDLS basic config command
1836 *
1837 * @id_and_color: MAC id and color being configured
1838 * @tdls_peer_count: amount of currently connected TDLS peers
1839 * @tx_to_ap_tid: TID reverved vs. the AP for FW based Tx
1840 * @tx_to_ap_ssn: initial SSN the FW should use for Tx on its TID vs. the AP
1841 * @sta_info: per-station info. Only the first tdls_peer_count entries are set
1842 * @pti_req_data_offset: offset of network-level data for the PTI template
1843 * @pti_req_tx_cmd: Tx parameters for PTI request template
1844 * @pti_req_template: PTI request template data
1845 */
1846struct iwl_tdls_config_cmd {
1847 __le32 id_and_color; /* mac id and color */
1848 u8 tdls_peer_count;
1849 u8 tx_to_ap_tid;
1850 __le16 tx_to_ap_ssn;
1851 struct iwl_tdls_sta_info sta_info[IWL_MVM_TDLS_STA_COUNT];
1852
1853 __le32 pti_req_data_offset;
1854 struct iwl_tx_cmd pti_req_tx_cmd;
1855 u8 pti_req_template[0];
1856} __packed; /* TDLS_CONFIG_CMD_API_S_VER_1 */
1857
1858/**
1859 * TDLS per-station config information from FW
1860 *
1861 * @sta_id: station id of the TDLS peer
1862 * @tx_to_peer_last_seq: last sequence number used by FW during FW-based Tx to
1863 * the peer
1864 */
1865struct iwl_tdls_config_sta_info_res {
1866 __le16 sta_id;
1867 __le16 tx_to_peer_last_seq;
1868} __packed; /* TDLS_STA_INFO_RSP_VER_1 */
1869
1870/**
1871 * TDLS config information from FW
1872 *
1873 * @tx_to_ap_last_seq: last sequence number used by FW during FW-based Tx to AP
1874 * @sta_info: per-station TDLS config information
1875 */
1876struct iwl_tdls_config_res {
1877 __le32 tx_to_ap_last_seq;
1878 struct iwl_tdls_config_sta_info_res sta_info[IWL_MVM_TDLS_STA_COUNT];
1879} __packed; /* TDLS_CONFIG_RSP_API_S_VER_1 */
1880
1714#endif /* __fw_api_h__ */ 1881#endif /* __fw_api_h__ */
diff --git a/drivers/net/wireless/iwlwifi/mvm/fw.c b/drivers/net/wireless/iwlwifi/mvm/fw.c
index eb03943f8463..d0fa6e9ed590 100644
--- a/drivers/net/wireless/iwlwifi/mvm/fw.c
+++ b/drivers/net/wireless/iwlwifi/mvm/fw.c
@@ -186,7 +186,12 @@ static int iwl_mvm_load_ucode_wait_alive(struct iwl_mvm *mvm,
186 static const u8 alive_cmd[] = { MVM_ALIVE }; 186 static const u8 alive_cmd[] = { MVM_ALIVE };
187 struct iwl_sf_region st_fwrd_space; 187 struct iwl_sf_region st_fwrd_space;
188 188
189 fw = iwl_get_ucode_image(mvm, ucode_type); 189 if (ucode_type == IWL_UCODE_REGULAR &&
190 iwl_fw_dbg_conf_usniffer(mvm->fw, FW_DBG_CUSTOM) &&
191 iwl_fw_dbg_conf_enabled(mvm->fw, FW_DBG_CUSTOM))
192 fw = iwl_get_ucode_image(mvm, IWL_UCODE_REGULAR_USNIFFER);
193 else
194 fw = iwl_get_ucode_image(mvm, ucode_type);
190 if (WARN_ON(!fw)) 195 if (WARN_ON(!fw))
191 return -EINVAL; 196 return -EINVAL;
192 mvm->cur_ucode = ucode_type; 197 mvm->cur_ucode = ucode_type;
@@ -227,6 +232,10 @@ static int iwl_mvm_load_ucode_wait_alive(struct iwl_mvm *mvm,
227 st_fwrd_space.addr = mvm->sf_space.addr; 232 st_fwrd_space.addr = mvm->sf_space.addr;
228 st_fwrd_space.size = mvm->sf_space.size; 233 st_fwrd_space.size = mvm->sf_space.size;
229 ret = iwl_trans_update_sf(mvm->trans, &st_fwrd_space); 234 ret = iwl_trans_update_sf(mvm->trans, &st_fwrd_space);
235 if (ret) {
236 IWL_ERR(mvm, "Failed to update SF size. ret %d\n", ret);
237 return ret;
238 }
230 239
231 iwl_trans_fw_alive(mvm->trans, alive_data.scd_base_addr); 240 iwl_trans_fw_alive(mvm->trans, alive_data.scd_base_addr);
232 241
@@ -390,6 +399,42 @@ out:
390 return ret; 399 return ret;
391} 400}
392 401
402static int iwl_mvm_start_fw_dbg_conf(struct iwl_mvm *mvm,
403 enum iwl_fw_dbg_conf conf_id)
404{
405 u8 *ptr;
406 int ret;
407 int i;
408
409 if (WARN_ONCE(conf_id >= ARRAY_SIZE(mvm->fw->dbg_conf_tlv),
410 "Invalid configuration %d\n", conf_id))
411 return -EINVAL;
412
413 if (!mvm->fw->dbg_conf_tlv[conf_id])
414 return -EINVAL;
415
416 if (mvm->fw_dbg_conf != FW_DBG_INVALID)
417 IWL_WARN(mvm, "FW already configured (%d) - re-configuring\n",
418 mvm->fw_dbg_conf);
419
420 /* Send all HCMDs for configuring the FW debug */
421 ptr = (void *)&mvm->fw->dbg_conf_tlv[conf_id]->hcmd;
422 for (i = 0; i < mvm->fw->dbg_conf_tlv[conf_id]->num_of_hcmds; i++) {
423 struct iwl_fw_dbg_conf_hcmd *cmd = (void *)ptr;
424
425 ret = iwl_mvm_send_cmd_pdu(mvm, cmd->id, 0,
426 le16_to_cpu(cmd->len), cmd->data);
427 if (ret)
428 return ret;
429
430 ptr += sizeof(*cmd);
431 ptr += le16_to_cpu(cmd->len);
432 }
433
434 mvm->fw_dbg_conf = conf_id;
435 return ret;
436}
437
393int iwl_mvm_up(struct iwl_mvm *mvm) 438int iwl_mvm_up(struct iwl_mvm *mvm)
394{ 439{
395 int ret, i; 440 int ret, i;
@@ -441,6 +486,9 @@ int iwl_mvm_up(struct iwl_mvm *mvm)
441 if (ret) 486 if (ret)
442 IWL_ERR(mvm, "Failed to initialize Smart Fifo\n"); 487 IWL_ERR(mvm, "Failed to initialize Smart Fifo\n");
443 488
489 mvm->fw_dbg_conf = FW_DBG_INVALID;
490 iwl_mvm_start_fw_dbg_conf(mvm, FW_DBG_CUSTOM);
491
444 ret = iwl_send_tx_ant_cfg(mvm, mvm->fw->valid_tx_ant); 492 ret = iwl_send_tx_ant_cfg(mvm, mvm->fw->valid_tx_ant);
445 if (ret) 493 if (ret)
446 goto error; 494 goto error;
@@ -462,6 +510,8 @@ int iwl_mvm_up(struct iwl_mvm *mvm)
462 for (i = 0; i < IWL_MVM_STATION_COUNT; i++) 510 for (i = 0; i < IWL_MVM_STATION_COUNT; i++)
463 RCU_INIT_POINTER(mvm->fw_id_to_mac_id[i], NULL); 511 RCU_INIT_POINTER(mvm->fw_id_to_mac_id[i], NULL);
464 512
513 mvm->tdls_cs.peer.sta_id = IWL_MVM_STATION_COUNT;
514
465 /* reset quota debouncing buffer - 0xff will yield invalid data */ 515 /* reset quota debouncing buffer - 0xff will yield invalid data */
466 memset(&mvm->last_quota_cmd, 0xff, sizeof(mvm->last_quota_cmd)); 516 memset(&mvm->last_quota_cmd, 0xff, sizeof(mvm->last_quota_cmd));
467 517
@@ -501,6 +551,12 @@ int iwl_mvm_up(struct iwl_mvm *mvm)
501 if (ret) 551 if (ret)
502 goto error; 552 goto error;
503 553
554 if (mvm->fw->ucode_capa.capa[0] & IWL_UCODE_TLV_CAPA_UMAC_SCAN) {
555 ret = iwl_mvm_config_scan(mvm);
556 if (ret)
557 goto error;
558 }
559
504 /* allow FW/transport low power modes if not during restart */ 560 /* allow FW/transport low power modes if not during restart */
505 if (!test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status)) 561 if (!test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status))
506 iwl_mvm_unref(mvm, IWL_MVM_REF_UCODE_DOWN); 562 iwl_mvm_unref(mvm, IWL_MVM_REF_UCODE_DOWN);
@@ -587,3 +643,19 @@ int iwl_mvm_rx_radio_ver(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb,
587 le32_to_cpu(radio_version->radio_dash)); 643 le32_to_cpu(radio_version->radio_dash));
588 return 0; 644 return 0;
589} 645}
646
647int iwl_mvm_rx_mfuart_notif(struct iwl_mvm *mvm,
648 struct iwl_rx_cmd_buffer *rxb,
649 struct iwl_device_cmd *cmd)
650{
651 struct iwl_rx_packet *pkt = rxb_addr(rxb);
652 struct iwl_mfuart_load_notif *mfuart_notif = (void *)pkt->data;
653
654 IWL_DEBUG_INFO(mvm,
655 "MFUART: installed ver: 0x%08x, external ver: 0x%08x, status: 0x%08x, duration: 0x%08x\n",
656 le32_to_cpu(mfuart_notif->installed_ver),
657 le32_to_cpu(mfuart_notif->external_ver),
658 le32_to_cpu(mfuart_notif->status),
659 le32_to_cpu(mfuart_notif->duration));
660 return 0;
661}
diff --git a/drivers/net/wireless/iwlwifi/mvm/mac-ctxt.c b/drivers/net/wireless/iwlwifi/mvm/mac-ctxt.c
index b8ab4a108720..f6d86ccce6a8 100644
--- a/drivers/net/wireless/iwlwifi/mvm/mac-ctxt.c
+++ b/drivers/net/wireless/iwlwifi/mvm/mac-ctxt.c
@@ -83,11 +83,15 @@ struct iwl_mvm_mac_iface_iterator_data {
83 struct ieee80211_vif *vif; 83 struct ieee80211_vif *vif;
84 unsigned long available_mac_ids[BITS_TO_LONGS(NUM_MAC_INDEX_DRIVER)]; 84 unsigned long available_mac_ids[BITS_TO_LONGS(NUM_MAC_INDEX_DRIVER)];
85 unsigned long available_tsf_ids[BITS_TO_LONGS(NUM_TSF_IDS)]; 85 unsigned long available_tsf_ids[BITS_TO_LONGS(NUM_TSF_IDS)];
86 u32 used_hw_queues;
87 enum iwl_tsf_id preferred_tsf; 86 enum iwl_tsf_id preferred_tsf;
88 bool found_vif; 87 bool found_vif;
89}; 88};
90 89
90struct iwl_mvm_hw_queues_iface_iterator_data {
91 struct ieee80211_vif *exclude_vif;
92 unsigned long used_hw_queues;
93};
94
91static void iwl_mvm_mac_tsf_id_iter(void *_data, u8 *mac, 95static void iwl_mvm_mac_tsf_id_iter(void *_data, u8 *mac,
92 struct ieee80211_vif *vif) 96 struct ieee80211_vif *vif)
93{ 97{
@@ -213,6 +217,54 @@ u32 iwl_mvm_mac_get_queues_mask(struct ieee80211_vif *vif)
213 return qmask; 217 return qmask;
214} 218}
215 219
220static void iwl_mvm_iface_hw_queues_iter(void *_data, u8 *mac,
221 struct ieee80211_vif *vif)
222{
223 struct iwl_mvm_hw_queues_iface_iterator_data *data = _data;
224
225 /* exclude the given vif */
226 if (vif == data->exclude_vif)
227 return;
228
229 data->used_hw_queues |= iwl_mvm_mac_get_queues_mask(vif);
230}
231
232static void iwl_mvm_mac_sta_hw_queues_iter(void *_data,
233 struct ieee80211_sta *sta)
234{
235 struct iwl_mvm_hw_queues_iface_iterator_data *data = _data;
236 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
237
238 /* Mark the queues used by the sta */
239 data->used_hw_queues |= mvmsta->tfd_queue_msk;
240}
241
242unsigned long iwl_mvm_get_used_hw_queues(struct iwl_mvm *mvm,
243 struct ieee80211_vif *exclude_vif)
244{
245 struct iwl_mvm_hw_queues_iface_iterator_data data = {
246 .exclude_vif = exclude_vif,
247 .used_hw_queues =
248 BIT(IWL_MVM_OFFCHANNEL_QUEUE) |
249 BIT(mvm->aux_queue) |
250 BIT(IWL_MVM_CMD_QUEUE),
251 };
252
253 lockdep_assert_held(&mvm->mutex);
254
255 /* mark all VIF used hw queues */
256 ieee80211_iterate_active_interfaces_atomic(
257 mvm->hw, IEEE80211_IFACE_ITER_RESUME_ALL,
258 iwl_mvm_iface_hw_queues_iter, &data);
259
260 /* don't assign the same hw queues as TDLS stations */
261 ieee80211_iterate_stations_atomic(mvm->hw,
262 iwl_mvm_mac_sta_hw_queues_iter,
263 &data);
264
265 return data.used_hw_queues;
266}
267
216static void iwl_mvm_mac_iface_iterator(void *_data, u8 *mac, 268static void iwl_mvm_mac_iface_iterator(void *_data, u8 *mac,
217 struct ieee80211_vif *vif) 269 struct ieee80211_vif *vif)
218{ 270{
@@ -225,9 +277,6 @@ static void iwl_mvm_mac_iface_iterator(void *_data, u8 *mac,
225 return; 277 return;
226 } 278 }
227 279
228 /* Mark the queues used by the vif */
229 data->used_hw_queues |= iwl_mvm_mac_get_queues_mask(vif);
230
231 /* Mark MAC IDs as used by clearing the available bit, and 280 /* Mark MAC IDs as used by clearing the available bit, and
232 * (below) mark TSFs as used if their existing use is not 281 * (below) mark TSFs as used if their existing use is not
233 * compatible with the new interface type. 282 * compatible with the new interface type.
@@ -274,10 +323,6 @@ static int iwl_mvm_mac_ctxt_allocate_resources(struct iwl_mvm *mvm,
274 .available_tsf_ids = { (1 << NUM_TSF_IDS) - 1 }, 323 .available_tsf_ids = { (1 << NUM_TSF_IDS) - 1 },
275 /* no preference yet */ 324 /* no preference yet */
276 .preferred_tsf = NUM_TSF_IDS, 325 .preferred_tsf = NUM_TSF_IDS,
277 .used_hw_queues =
278 BIT(IWL_MVM_OFFCHANNEL_QUEUE) |
279 BIT(mvm->aux_queue) |
280 BIT(IWL_MVM_CMD_QUEUE),
281 .found_vif = false, 326 .found_vif = false,
282 }; 327 };
283 u32 ac; 328 u32 ac;
@@ -316,6 +361,8 @@ static int iwl_mvm_mac_ctxt_allocate_resources(struct iwl_mvm *mvm,
316 mvm->hw, IEEE80211_IFACE_ITER_RESUME_ALL, 361 mvm->hw, IEEE80211_IFACE_ITER_RESUME_ALL,
317 iwl_mvm_mac_iface_iterator, &data); 362 iwl_mvm_mac_iface_iterator, &data);
318 363
364 used_hw_queues = iwl_mvm_get_used_hw_queues(mvm, vif);
365
319 /* 366 /*
320 * In the case we're getting here during resume, it's similar to 367 * In the case we're getting here during resume, it's similar to
321 * firmware restart, and with RESUME_ALL the iterator will find 368 * firmware restart, and with RESUME_ALL the iterator will find
@@ -365,8 +412,6 @@ static int iwl_mvm_mac_ctxt_allocate_resources(struct iwl_mvm *mvm,
365 return 0; 412 return 0;
366 } 413 }
367 414
368 used_hw_queues = data.used_hw_queues;
369
370 /* Find available queues, and allocate them to the ACs */ 415 /* Find available queues, and allocate them to the ACs */
371 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 416 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
372 u8 queue = find_first_zero_bit(&used_hw_queues, 417 u8 queue = find_first_zero_bit(&used_hw_queues,
@@ -1218,17 +1263,25 @@ int iwl_mvm_mac_ctxt_remove(struct iwl_mvm *mvm, struct ieee80211_vif *vif)
1218} 1263}
1219 1264
1220static void iwl_mvm_csa_count_down(struct iwl_mvm *mvm, 1265static void iwl_mvm_csa_count_down(struct iwl_mvm *mvm,
1221 struct ieee80211_vif *csa_vif, u32 gp2) 1266 struct ieee80211_vif *csa_vif, u32 gp2,
1267 bool tx_success)
1222{ 1268{
1223 struct iwl_mvm_vif *mvmvif = 1269 struct iwl_mvm_vif *mvmvif =
1224 iwl_mvm_vif_from_mac80211(csa_vif); 1270 iwl_mvm_vif_from_mac80211(csa_vif);
1225 1271
1272 /* Don't start to countdown from a failed beacon */
1273 if (!tx_success && !mvmvif->csa_countdown)
1274 return;
1275
1276 mvmvif->csa_countdown = true;
1277
1226 if (!ieee80211_csa_is_complete(csa_vif)) { 1278 if (!ieee80211_csa_is_complete(csa_vif)) {
1227 int c = ieee80211_csa_update_counter(csa_vif); 1279 int c = ieee80211_csa_update_counter(csa_vif);
1228 1280
1229 iwl_mvm_mac_ctxt_beacon_changed(mvm, csa_vif); 1281 iwl_mvm_mac_ctxt_beacon_changed(mvm, csa_vif);
1230 if (csa_vif->p2p && 1282 if (csa_vif->p2p &&
1231 !iwl_mvm_te_scheduled(&mvmvif->time_event_data) && gp2) { 1283 !iwl_mvm_te_scheduled(&mvmvif->time_event_data) && gp2 &&
1284 tx_success) {
1232 u32 rel_time = (c + 1) * 1285 u32 rel_time = (c + 1) *
1233 csa_vif->bss_conf.beacon_int - 1286 csa_vif->bss_conf.beacon_int -
1234 IWL_MVM_CHANNEL_SWITCH_TIME_GO; 1287 IWL_MVM_CHANNEL_SWITCH_TIME_GO;
@@ -1251,38 +1304,30 @@ int iwl_mvm_rx_beacon_notif(struct iwl_mvm *mvm,
1251 struct iwl_device_cmd *cmd) 1304 struct iwl_device_cmd *cmd)
1252{ 1305{
1253 struct iwl_rx_packet *pkt = rxb_addr(rxb); 1306 struct iwl_rx_packet *pkt = rxb_addr(rxb);
1307 struct iwl_extended_beacon_notif *beacon = (void *)pkt->data;
1254 struct iwl_mvm_tx_resp *beacon_notify_hdr; 1308 struct iwl_mvm_tx_resp *beacon_notify_hdr;
1255 struct ieee80211_vif *csa_vif; 1309 struct ieee80211_vif *csa_vif;
1256 struct ieee80211_vif *tx_blocked_vif; 1310 struct ieee80211_vif *tx_blocked_vif;
1257 u64 tsf; 1311 u16 status;
1258 1312
1259 lockdep_assert_held(&mvm->mutex); 1313 lockdep_assert_held(&mvm->mutex);
1260 1314
1261 if (mvm->fw->ucode_capa.api[0] & IWL_UCODE_TLV_CAPA_EXTENDED_BEACON) { 1315 beacon_notify_hdr = &beacon->beacon_notify_hdr;
1262 struct iwl_extended_beacon_notif *beacon = (void *)pkt->data; 1316 mvm->ap_last_beacon_gp2 = le32_to_cpu(beacon->gp2);
1263
1264 beacon_notify_hdr = &beacon->beacon_notify_hdr;
1265 tsf = le64_to_cpu(beacon->tsf);
1266 mvm->ap_last_beacon_gp2 = le32_to_cpu(beacon->gp2);
1267 } else {
1268 struct iwl_beacon_notif *beacon = (void *)pkt->data;
1269
1270 beacon_notify_hdr = &beacon->beacon_notify_hdr;
1271 tsf = le64_to_cpu(beacon->tsf);
1272 }
1273 1317
1318 status = le16_to_cpu(beacon_notify_hdr->status.status) & TX_STATUS_MSK;
1274 IWL_DEBUG_RX(mvm, 1319 IWL_DEBUG_RX(mvm,
1275 "beacon status %#x retries:%d tsf:0x%16llX gp2:0x%X rate:%d\n", 1320 "beacon status %#x retries:%d tsf:0x%16llX gp2:0x%X rate:%d\n",
1276 le16_to_cpu(beacon_notify_hdr->status.status) & 1321 status, beacon_notify_hdr->failure_frame,
1277 TX_STATUS_MSK, 1322 le64_to_cpu(beacon->tsf),
1278 beacon_notify_hdr->failure_frame, tsf,
1279 mvm->ap_last_beacon_gp2, 1323 mvm->ap_last_beacon_gp2,
1280 le32_to_cpu(beacon_notify_hdr->initial_rate)); 1324 le32_to_cpu(beacon_notify_hdr->initial_rate));
1281 1325
1282 csa_vif = rcu_dereference_protected(mvm->csa_vif, 1326 csa_vif = rcu_dereference_protected(mvm->csa_vif,
1283 lockdep_is_held(&mvm->mutex)); 1327 lockdep_is_held(&mvm->mutex));
1284 if (unlikely(csa_vif && csa_vif->csa_active)) 1328 if (unlikely(csa_vif && csa_vif->csa_active))
1285 iwl_mvm_csa_count_down(mvm, csa_vif, mvm->ap_last_beacon_gp2); 1329 iwl_mvm_csa_count_down(mvm, csa_vif, mvm->ap_last_beacon_gp2,
1330 (status == TX_STATUS_SUCCESS));
1286 1331
1287 tx_blocked_vif = rcu_dereference_protected(mvm->csa_tx_blocked_vif, 1332 tx_blocked_vif = rcu_dereference_protected(mvm->csa_tx_blocked_vif,
1288 lockdep_is_held(&mvm->mutex)); 1333 lockdep_is_held(&mvm->mutex));
diff --git a/drivers/net/wireless/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/iwlwifi/mvm/mac80211.c
index 1ee9dcd26ad9..31a5b3f4266c 100644
--- a/drivers/net/wireless/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/iwlwifi/mvm/mac80211.c
@@ -254,6 +254,26 @@ static void iwl_mvm_unref_all_except(struct iwl_mvm *mvm,
254 spin_unlock_bh(&mvm->refs_lock); 254 spin_unlock_bh(&mvm->refs_lock);
255} 255}
256 256
257bool iwl_mvm_ref_taken(struct iwl_mvm *mvm)
258{
259 int i;
260 bool taken = false;
261
262 if (!iwl_mvm_is_d0i3_supported(mvm))
263 return true;
264
265 spin_lock_bh(&mvm->refs_lock);
266 for (i = 0; i < IWL_MVM_REF_COUNT; i++) {
267 if (mvm->refs[i]) {
268 taken = true;
269 break;
270 }
271 }
272 spin_unlock_bh(&mvm->refs_lock);
273
274 return taken;
275}
276
257int iwl_mvm_ref_sync(struct iwl_mvm *mvm, enum iwl_mvm_ref_type ref_type) 277int iwl_mvm_ref_sync(struct iwl_mvm *mvm, enum iwl_mvm_ref_type ref_type)
258{ 278{
259 iwl_mvm_ref(mvm, ref_type); 279 iwl_mvm_ref(mvm, ref_type);
@@ -303,7 +323,8 @@ int iwl_mvm_mac_setup_register(struct iwl_mvm *mvm)
303 hw->offchannel_tx_hw_queue = IWL_MVM_OFFCHANNEL_QUEUE; 323 hw->offchannel_tx_hw_queue = IWL_MVM_OFFCHANNEL_QUEUE;
304 hw->radiotap_mcs_details |= IEEE80211_RADIOTAP_MCS_HAVE_FEC | 324 hw->radiotap_mcs_details |= IEEE80211_RADIOTAP_MCS_HAVE_FEC |
305 IEEE80211_RADIOTAP_MCS_HAVE_STBC; 325 IEEE80211_RADIOTAP_MCS_HAVE_STBC;
306 hw->radiotap_vht_details |= IEEE80211_RADIOTAP_VHT_KNOWN_STBC; 326 hw->radiotap_vht_details |= IEEE80211_RADIOTAP_VHT_KNOWN_STBC |
327 IEEE80211_RADIOTAP_VHT_KNOWN_BEAMFORMED;
307 hw->rate_control_algorithm = "iwl-mvm-rs"; 328 hw->rate_control_algorithm = "iwl-mvm-rs";
308 329
309 /* 330 /*
@@ -316,15 +337,19 @@ int iwl_mvm_mac_setup_register(struct iwl_mvm *mvm)
316 hw->flags |= IEEE80211_HW_MFP_CAPABLE; 337 hw->flags |= IEEE80211_HW_MFP_CAPABLE;
317 338
318 if (mvm->fw->ucode_capa.flags & IWL_UCODE_TLV_FLAGS_UAPSD_SUPPORT && 339 if (mvm->fw->ucode_capa.flags & IWL_UCODE_TLV_FLAGS_UAPSD_SUPPORT &&
319 IWL_UCODE_API(mvm->fw->ucode_ver) >= 9 &&
320 !iwlwifi_mod_params.uapsd_disable) { 340 !iwlwifi_mod_params.uapsd_disable) {
321 hw->flags |= IEEE80211_HW_SUPPORTS_UAPSD; 341 hw->flags |= IEEE80211_HW_SUPPORTS_UAPSD;
322 hw->uapsd_queues = IWL_MVM_UAPSD_QUEUES; 342 hw->uapsd_queues = IWL_MVM_UAPSD_QUEUES;
323 hw->uapsd_max_sp_len = IWL_UAPSD_MAX_SP; 343 hw->uapsd_max_sp_len = IWL_UAPSD_MAX_SP;
324 } 344 }
325 345
326 if (mvm->fw->ucode_capa.api[0] & IWL_UCODE_TLV_API_LMAC_SCAN) 346 if (mvm->fw->ucode_capa.api[0] & IWL_UCODE_TLV_API_LMAC_SCAN ||
347 mvm->fw->ucode_capa.capa[0] & IWL_UCODE_TLV_CAPA_UMAC_SCAN) {
327 hw->flags |= IEEE80211_SINGLE_HW_SCAN_ON_ALL_BANDS; 348 hw->flags |= IEEE80211_SINGLE_HW_SCAN_ON_ALL_BANDS;
349 hw->wiphy->features |=
350 NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR |
351 NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
352 }
328 353
329 hw->sta_data_size = sizeof(struct iwl_mvm_sta); 354 hw->sta_data_size = sizeof(struct iwl_mvm_sta);
330 hw->vif_data_size = sizeof(struct iwl_mvm_vif); 355 hw->vif_data_size = sizeof(struct iwl_mvm_vif);
@@ -344,8 +369,7 @@ int iwl_mvm_mac_setup_register(struct iwl_mvm *mvm)
344 if (mvm->fw->ucode_capa.flags & IWL_UCODE_TLV_FLAGS_GO_UAPSD) 369 if (mvm->fw->ucode_capa.flags & IWL_UCODE_TLV_FLAGS_GO_UAPSD)
345 hw->wiphy->flags |= WIPHY_FLAG_AP_UAPSD; 370 hw->wiphy->flags |= WIPHY_FLAG_AP_UAPSD;
346 371
347 if (mvm->fw->ucode_capa.api[0] & IWL_UCODE_TLV_API_CSA_FLOW) 372 hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH;
348 hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH;
349 373
350 hw->wiphy->iface_combinations = iwl_mvm_iface_combinations; 374 hw->wiphy->iface_combinations = iwl_mvm_iface_combinations;
351 hw->wiphy->n_iface_combinations = 375 hw->wiphy->n_iface_combinations =
@@ -403,7 +427,8 @@ int iwl_mvm_mac_setup_register(struct iwl_mvm *mvm)
403 NL80211_FEATURE_LOW_PRIORITY_SCAN | 427 NL80211_FEATURE_LOW_PRIORITY_SCAN |
404 NL80211_FEATURE_P2P_GO_OPPPS | 428 NL80211_FEATURE_P2P_GO_OPPPS |
405 NL80211_FEATURE_DYNAMIC_SMPS | 429 NL80211_FEATURE_DYNAMIC_SMPS |
406 NL80211_FEATURE_STATIC_SMPS; 430 NL80211_FEATURE_STATIC_SMPS |
431 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION;
407 432
408 if (mvm->fw->ucode_capa.capa[0] & 433 if (mvm->fw->ucode_capa.capa[0] &
409 IWL_UCODE_TLV_CAPA_TXPOWER_INSERTION_SUPPORT) 434 IWL_UCODE_TLV_CAPA_TXPOWER_INSERTION_SUPPORT)
@@ -441,7 +466,8 @@ int iwl_mvm_mac_setup_register(struct iwl_mvm *mvm)
441 mvm->wowlan.flags = WIPHY_WOWLAN_MAGIC_PKT | 466 mvm->wowlan.flags = WIPHY_WOWLAN_MAGIC_PKT |
442 WIPHY_WOWLAN_DISCONNECT | 467 WIPHY_WOWLAN_DISCONNECT |
443 WIPHY_WOWLAN_EAP_IDENTITY_REQ | 468 WIPHY_WOWLAN_EAP_IDENTITY_REQ |
444 WIPHY_WOWLAN_RFKILL_RELEASE; 469 WIPHY_WOWLAN_RFKILL_RELEASE |
470 WIPHY_WOWLAN_NET_DETECT;
445 if (!iwlwifi_mod_params.sw_crypto) 471 if (!iwlwifi_mod_params.sw_crypto)
446 mvm->wowlan.flags |= WIPHY_WOWLAN_SUPPORTS_GTK_REKEY | 472 mvm->wowlan.flags |= WIPHY_WOWLAN_SUPPORTS_GTK_REKEY |
447 WIPHY_WOWLAN_GTK_REKEY_FAILURE | 473 WIPHY_WOWLAN_GTK_REKEY_FAILURE |
@@ -450,6 +476,7 @@ int iwl_mvm_mac_setup_register(struct iwl_mvm *mvm)
450 mvm->wowlan.n_patterns = IWL_WOWLAN_MAX_PATTERNS; 476 mvm->wowlan.n_patterns = IWL_WOWLAN_MAX_PATTERNS;
451 mvm->wowlan.pattern_min_len = IWL_WOWLAN_MIN_PATTERN_LEN; 477 mvm->wowlan.pattern_min_len = IWL_WOWLAN_MIN_PATTERN_LEN;
452 mvm->wowlan.pattern_max_len = IWL_WOWLAN_MAX_PATTERN_LEN; 478 mvm->wowlan.pattern_max_len = IWL_WOWLAN_MAX_PATTERN_LEN;
479 mvm->wowlan.max_nd_match_sets = IWL_SCAN_MAX_PROFILES;
453 mvm->wowlan.tcp = &iwl_mvm_wowlan_tcp_support; 480 mvm->wowlan.tcp = &iwl_mvm_wowlan_tcp_support;
454 hw->wiphy->wowlan = &mvm->wowlan; 481 hw->wiphy->wowlan = &mvm->wowlan;
455 } 482 }
@@ -464,6 +491,17 @@ int iwl_mvm_mac_setup_register(struct iwl_mvm *mvm)
464 if (ret) 491 if (ret)
465 return ret; 492 return ret;
466 493
494 if (mvm->fw->ucode_capa.capa[0] & IWL_UCODE_TLV_CAPA_TDLS_SUPPORT) {
495 IWL_DEBUG_TDLS(mvm, "TDLS supported\n");
496 hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS;
497 }
498
499 if (mvm->fw->ucode_capa.capa[0] &
500 IWL_UCODE_TLV_CAPA_TDLS_CHANNEL_SWITCH) {
501 IWL_DEBUG_TDLS(mvm, "TDLS channel switch supported\n");
502 hw->wiphy->features |= NL80211_FEATURE_TDLS_CHANNEL_SWITCH;
503 }
504
467 ret = ieee80211_register_hw(mvm->hw); 505 ret = ieee80211_register_hw(mvm->hw);
468 if (ret) 506 if (ret)
469 iwl_mvm_leds_exit(mvm); 507 iwl_mvm_leds_exit(mvm);
@@ -819,7 +857,12 @@ void iwl_mvm_fw_error_dump(struct iwl_mvm *mvm)
819 857
820static void iwl_mvm_restart_cleanup(struct iwl_mvm *mvm) 858static void iwl_mvm_restart_cleanup(struct iwl_mvm *mvm)
821{ 859{
822 iwl_mvm_fw_error_dump(mvm); 860 /* clear the D3 reconfig, we only need it to avoid dumping a
861 * firmware coredump on reconfiguration, we shouldn't do that
862 * on D3->D0 transition
863 */
864 if (!test_and_clear_bit(IWL_MVM_STATUS_D3_RECONFIG, &mvm->status))
865 iwl_mvm_fw_error_dump(mvm);
823 866
824 iwl_trans_stop_device(mvm->trans); 867 iwl_trans_stop_device(mvm->trans);
825 868
@@ -840,6 +883,7 @@ static void iwl_mvm_restart_cleanup(struct iwl_mvm *mvm)
840 iwl_mvm_reset_phy_ctxts(mvm); 883 iwl_mvm_reset_phy_ctxts(mvm);
841 memset(mvm->fw_key_table, 0, sizeof(mvm->fw_key_table)); 884 memset(mvm->fw_key_table, 0, sizeof(mvm->fw_key_table));
842 memset(mvm->sta_drained, 0, sizeof(mvm->sta_drained)); 885 memset(mvm->sta_drained, 0, sizeof(mvm->sta_drained));
886 memset(mvm->tfd_drained, 0, sizeof(mvm->tfd_drained));
843 memset(&mvm->last_bt_notif, 0, sizeof(mvm->last_bt_notif)); 887 memset(&mvm->last_bt_notif, 0, sizeof(mvm->last_bt_notif));
844 memset(&mvm->last_bt_notif_old, 0, sizeof(mvm->last_bt_notif_old)); 888 memset(&mvm->last_bt_notif_old, 0, sizeof(mvm->last_bt_notif_old));
845 memset(&mvm->last_bt_ci_cmd, 0, sizeof(mvm->last_bt_ci_cmd)); 889 memset(&mvm->last_bt_ci_cmd, 0, sizeof(mvm->last_bt_ci_cmd));
@@ -912,9 +956,34 @@ static void iwl_mvm_restart_complete(struct iwl_mvm *mvm)
912 /* allow transport/FW low power modes */ 956 /* allow transport/FW low power modes */
913 iwl_mvm_unref(mvm, IWL_MVM_REF_UCODE_DOWN); 957 iwl_mvm_unref(mvm, IWL_MVM_REF_UCODE_DOWN);
914 958
959 /*
960 * If we have TDLS peers, remove them. We don't know the last seqno/PN
961 * of packets the FW sent out, so we must reconnect.
962 */
963 iwl_mvm_teardown_tdls_peers(mvm);
964
915 mutex_unlock(&mvm->mutex); 965 mutex_unlock(&mvm->mutex);
916} 966}
917 967
968static void iwl_mvm_resume_complete(struct iwl_mvm *mvm)
969{
970 bool exit_now;
971
972 if (!iwl_mvm_is_d0i3_supported(mvm))
973 return;
974
975 mutex_lock(&mvm->d0i3_suspend_mutex);
976 __clear_bit(D0I3_DEFER_WAKEUP, &mvm->d0i3_suspend_flags);
977 exit_now = __test_and_clear_bit(D0I3_PENDING_WAKEUP,
978 &mvm->d0i3_suspend_flags);
979 mutex_unlock(&mvm->d0i3_suspend_mutex);
980
981 if (exit_now) {
982 IWL_DEBUG_RPM(mvm, "Run deferred d0i3 exit\n");
983 _iwl_mvm_exit_d0i3(mvm);
984 }
985}
986
918static void 987static void
919iwl_mvm_mac_reconfig_complete(struct ieee80211_hw *hw, 988iwl_mvm_mac_reconfig_complete(struct ieee80211_hw *hw,
920 enum ieee80211_reconfig_type reconfig_type) 989 enum ieee80211_reconfig_type reconfig_type)
@@ -926,6 +995,7 @@ iwl_mvm_mac_reconfig_complete(struct ieee80211_hw *hw,
926 iwl_mvm_restart_complete(mvm); 995 iwl_mvm_restart_complete(mvm);
927 break; 996 break;
928 case IEEE80211_RECONFIG_TYPE_SUSPEND: 997 case IEEE80211_RECONFIG_TYPE_SUSPEND:
998 iwl_mvm_resume_complete(mvm);
929 break; 999 break;
930 } 1000 }
931} 1001}
@@ -1889,9 +1959,11 @@ static int iwl_mvm_mac_hw_scan(struct ieee80211_hw *hw,
1889 req->n_channels > mvm->fw->ucode_capa.n_scan_channels) 1959 req->n_channels > mvm->fw->ucode_capa.n_scan_channels)
1890 return -EINVAL; 1960 return -EINVAL;
1891 1961
1892 ret = iwl_mvm_cancel_scan_wait_notif(mvm, IWL_MVM_SCAN_SCHED); 1962 if (!(mvm->fw->ucode_capa.capa[0] & IWL_UCODE_TLV_CAPA_UMAC_SCAN)) {
1893 if (ret) 1963 ret = iwl_mvm_cancel_scan_wait_notif(mvm, IWL_MVM_SCAN_SCHED);
1894 return ret; 1964 if (ret)
1965 return ret;
1966 }
1895 1967
1896 mutex_lock(&mvm->mutex); 1968 mutex_lock(&mvm->mutex);
1897 1969
@@ -1902,7 +1974,9 @@ static int iwl_mvm_mac_hw_scan(struct ieee80211_hw *hw,
1902 1974
1903 iwl_mvm_ref(mvm, IWL_MVM_REF_SCAN); 1975 iwl_mvm_ref(mvm, IWL_MVM_REF_SCAN);
1904 1976
1905 if (mvm->fw->ucode_capa.api[0] & IWL_UCODE_TLV_API_LMAC_SCAN) 1977 if (mvm->fw->ucode_capa.capa[0] & IWL_UCODE_TLV_CAPA_UMAC_SCAN)
1978 ret = iwl_mvm_scan_umac(mvm, vif, hw_req);
1979 else if (mvm->fw->ucode_capa.api[0] & IWL_UCODE_TLV_API_LMAC_SCAN)
1906 ret = iwl_mvm_unified_scan_lmac(mvm, vif, hw_req); 1980 ret = iwl_mvm_unified_scan_lmac(mvm, vif, hw_req);
1907 else 1981 else
1908 ret = iwl_mvm_scan_request(mvm, vif, req); 1982 ret = iwl_mvm_scan_request(mvm, vif, req);
@@ -2119,6 +2193,15 @@ static int iwl_mvm_mac_sta_state(struct ieee80211_hw *hw,
2119 out_unlock: 2193 out_unlock:
2120 mutex_unlock(&mvm->mutex); 2194 mutex_unlock(&mvm->mutex);
2121 2195
2196 if (sta->tdls && ret == 0) {
2197 if (old_state == IEEE80211_STA_NOTEXIST &&
2198 new_state == IEEE80211_STA_NONE)
2199 ieee80211_reserve_tid(sta, IWL_MVM_TDLS_FW_TID);
2200 else if (old_state == IEEE80211_STA_NONE &&
2201 new_state == IEEE80211_STA_NOTEXIST)
2202 ieee80211_unreserve_tid(sta, IWL_MVM_TDLS_FW_TID);
2203 }
2204
2122 return ret; 2205 return ret;
2123} 2206}
2124 2207
@@ -2201,9 +2284,11 @@ static int iwl_mvm_mac_sched_scan_start(struct ieee80211_hw *hw,
2201 struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw); 2284 struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
2202 int ret; 2285 int ret;
2203 2286
2204 ret = iwl_mvm_cancel_scan_wait_notif(mvm, IWL_MVM_SCAN_OS); 2287 if (!(mvm->fw->ucode_capa.capa[0] & IWL_UCODE_TLV_CAPA_UMAC_SCAN)) {
2205 if (ret) 2288 ret = iwl_mvm_cancel_scan_wait_notif(mvm, IWL_MVM_SCAN_OS);
2206 return ret; 2289 if (ret)
2290 return ret;
2291 }
2207 2292
2208 mutex_lock(&mvm->mutex); 2293 mutex_lock(&mvm->mutex);
2209 2294
@@ -2223,11 +2308,10 @@ static int iwl_mvm_mac_sched_scan_start(struct ieee80211_hw *hw,
2223 goto out; 2308 goto out;
2224 } 2309 }
2225 2310
2226 mvm->scan_status = IWL_MVM_SCAN_SCHED;
2227
2228 ret = iwl_mvm_scan_offload_start(mvm, vif, req, ies); 2311 ret = iwl_mvm_scan_offload_start(mvm, vif, req, ies);
2229 if (ret) 2312 if (ret)
2230 mvm->scan_status = IWL_MVM_SCAN_NONE; 2313 mvm->scan_status = IWL_MVM_SCAN_NONE;
2314
2231out: 2315out:
2232 mutex_unlock(&mvm->mutex); 2316 mutex_unlock(&mvm->mutex);
2233 return ret; 2317 return ret;
@@ -2245,6 +2329,7 @@ static int iwl_mvm_mac_sched_scan_stop(struct ieee80211_hw *hw,
2245 iwl_mvm_wait_for_async_handlers(mvm); 2329 iwl_mvm_wait_for_async_handlers(mvm);
2246 2330
2247 return ret; 2331 return ret;
2332
2248} 2333}
2249 2334
2250static int iwl_mvm_mac_set_key(struct ieee80211_hw *hw, 2335static int iwl_mvm_mac_set_key(struct ieee80211_hw *hw,
@@ -2273,12 +2358,16 @@ static int iwl_mvm_mac_set_key(struct ieee80211_hw *hw,
2273 break; 2358 break;
2274 case WLAN_CIPHER_SUITE_WEP40: 2359 case WLAN_CIPHER_SUITE_WEP40:
2275 case WLAN_CIPHER_SUITE_WEP104: 2360 case WLAN_CIPHER_SUITE_WEP104:
2276 /* 2361 /* For non-client mode, only use WEP keys for TX as we probably
2277 * Support for TX only, at least for now, so accept 2362 * don't have a station yet anyway and would then have to keep
2278 * the key and do nothing else. Then mac80211 will 2363 * track of the keys, linking them to each of the clients/peers
2279 * pass it for TX but we don't have to use it for RX. 2364 * as they appear. For now, don't do that, for performance WEP
2365 * offload doesn't really matter much, but we need it for some
2366 * other offload features in client mode.
2280 */ 2367 */
2281 return 0; 2368 if (vif->type != NL80211_IFTYPE_STATION)
2369 return 0;
2370 break;
2282 default: 2371 default:
2283 /* currently FW supports only one optional cipher scheme */ 2372 /* currently FW supports only one optional cipher scheme */
2284 if (hw->n_cipher_schemes && 2373 if (hw->n_cipher_schemes &&
@@ -2601,7 +2690,7 @@ static int iwl_mvm_cancel_roc(struct ieee80211_hw *hw)
2601 IWL_DEBUG_MAC80211(mvm, "enter\n"); 2690 IWL_DEBUG_MAC80211(mvm, "enter\n");
2602 2691
2603 mutex_lock(&mvm->mutex); 2692 mutex_lock(&mvm->mutex);
2604 iwl_mvm_stop_p2p_roc(mvm); 2693 iwl_mvm_stop_roc(mvm);
2605 mutex_unlock(&mvm->mutex); 2694 mutex_unlock(&mvm->mutex);
2606 2695
2607 IWL_DEBUG_MAC80211(mvm, "leave\n"); 2696 IWL_DEBUG_MAC80211(mvm, "leave\n");
@@ -2714,8 +2803,8 @@ static int __iwl_mvm_assign_vif_chanctx(struct iwl_mvm *mvm,
2714 2803
2715 switch (vif->type) { 2804 switch (vif->type) {
2716 case NL80211_IFTYPE_AP: 2805 case NL80211_IFTYPE_AP:
2717 /* Unless it's a CSA flow we have nothing to do here */ 2806 /* only needed if we're switching chanctx (i.e. during CSA) */
2718 if (vif->csa_active) { 2807 if (switching_chanctx) {
2719 mvmvif->ap_ibss_active = true; 2808 mvmvif->ap_ibss_active = true;
2720 break; 2809 break;
2721 } 2810 }
@@ -2759,23 +2848,32 @@ static int __iwl_mvm_assign_vif_chanctx(struct iwl_mvm *mvm,
2759 } 2848 }
2760 2849
2761 /* Handle binding during CSA */ 2850 /* Handle binding during CSA */
2762 if ((vif->type == NL80211_IFTYPE_AP) || 2851 if (vif->type == NL80211_IFTYPE_AP) {
2763 (switching_chanctx && (vif->type == NL80211_IFTYPE_STATION))) {
2764 iwl_mvm_update_quotas(mvm, NULL); 2852 iwl_mvm_update_quotas(mvm, NULL);
2765 iwl_mvm_mac_ctxt_changed(mvm, vif, false, NULL); 2853 iwl_mvm_mac_ctxt_changed(mvm, vif, false, NULL);
2766 } 2854 }
2767 2855
2768 if (vif->csa_active && vif->type == NL80211_IFTYPE_STATION) { 2856 if (switching_chanctx && vif->type == NL80211_IFTYPE_STATION) {
2769 struct iwl_mvm_sta *mvmsta; 2857 u32 duration = 2 * vif->bss_conf.beacon_int;
2770 2858
2771 mvmsta = iwl_mvm_sta_from_staid_protected(mvm, 2859 /* iwl_mvm_protect_session() reads directly from the
2772 mvmvif->ap_sta_id); 2860 * device (the system time), so make sure it is
2861 * available.
2862 */
2863 ret = iwl_mvm_ref_sync(mvm, IWL_MVM_REF_PROTECT_CSA);
2864 if (ret)
2865 goto out_remove_binding;
2773 2866
2774 if (WARN_ON(!mvmsta)) 2867 /* Protect the session to make sure we hear the first
2775 goto out; 2868 * beacon on the new channel.
2869 */
2870 iwl_mvm_protect_session(mvm, vif, duration, duration,
2871 vif->bss_conf.beacon_int / 2,
2872 true);
2776 2873
2777 /* TODO: only re-enable after the first beacon */ 2874 iwl_mvm_unref(mvm, IWL_MVM_REF_PROTECT_CSA);
2778 iwl_mvm_sta_modify_disable_tx(mvm, mvmsta, false); 2875
2876 iwl_mvm_update_quotas(mvm, NULL);
2779 } 2877 }
2780 2878
2781 goto out; 2879 goto out;
@@ -2809,7 +2907,6 @@ static void __iwl_mvm_unassign_vif_chanctx(struct iwl_mvm *mvm,
2809{ 2907{
2810 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 2908 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
2811 struct ieee80211_vif *disabled_vif = NULL; 2909 struct ieee80211_vif *disabled_vif = NULL;
2812 struct iwl_mvm_sta *mvmsta;
2813 2910
2814 lockdep_assert_held(&mvm->mutex); 2911 lockdep_assert_held(&mvm->mutex);
2815 2912
@@ -2824,9 +2921,11 @@ static void __iwl_mvm_unassign_vif_chanctx(struct iwl_mvm *mvm,
2824 break; 2921 break;
2825 case NL80211_IFTYPE_AP: 2922 case NL80211_IFTYPE_AP:
2826 /* This part is triggered only during CSA */ 2923 /* This part is triggered only during CSA */
2827 if (!vif->csa_active || !mvmvif->ap_ibss_active) 2924 if (!switching_chanctx || !mvmvif->ap_ibss_active)
2828 goto out; 2925 goto out;
2829 2926
2927 mvmvif->csa_countdown = false;
2928
2830 /* Set CS bit on all the stations */ 2929 /* Set CS bit on all the stations */
2831 iwl_mvm_modify_all_sta_disable_tx(mvm, mvmvif, true); 2930 iwl_mvm_modify_all_sta_disable_tx(mvm, mvmvif, true);
2832 2931
@@ -2841,12 +2940,6 @@ static void __iwl_mvm_unassign_vif_chanctx(struct iwl_mvm *mvm,
2841 2940
2842 disabled_vif = vif; 2941 disabled_vif = vif;
2843 2942
2844 mvmsta = iwl_mvm_sta_from_staid_protected(mvm,
2845 mvmvif->ap_sta_id);
2846
2847 if (!WARN_ON(!mvmsta))
2848 iwl_mvm_sta_modify_disable_tx(mvm, mvmsta, true);
2849
2850 iwl_mvm_mac_ctxt_changed(mvm, vif, true, NULL); 2943 iwl_mvm_mac_ctxt_changed(mvm, vif, true, NULL);
2851 break; 2944 break;
2852 default: 2945 default:
@@ -2872,18 +2965,12 @@ static void iwl_mvm_unassign_vif_chanctx(struct ieee80211_hw *hw,
2872 mutex_unlock(&mvm->mutex); 2965 mutex_unlock(&mvm->mutex);
2873} 2966}
2874 2967
2875static int iwl_mvm_switch_vif_chanctx(struct ieee80211_hw *hw, 2968static int
2876 struct ieee80211_vif_chanctx_switch *vifs, 2969iwl_mvm_switch_vif_chanctx_swap(struct iwl_mvm *mvm,
2877 int n_vifs, 2970 struct ieee80211_vif_chanctx_switch *vifs)
2878 enum ieee80211_chanctx_switch_mode mode)
2879{ 2971{
2880 struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
2881 int ret; 2972 int ret;
2882 2973
2883 /* we only support SWAP_CONTEXTS and with a single-vif right now */
2884 if (mode != CHANCTX_SWMODE_SWAP_CONTEXTS || n_vifs > 1)
2885 return -EOPNOTSUPP;
2886
2887 mutex_lock(&mvm->mutex); 2974 mutex_lock(&mvm->mutex);
2888 __iwl_mvm_unassign_vif_chanctx(mvm, vifs[0].vif, vifs[0].old_ctx, true); 2975 __iwl_mvm_unassign_vif_chanctx(mvm, vifs[0].vif, vifs[0].old_ctx, true);
2889 __iwl_mvm_remove_chanctx(mvm, vifs[0].old_ctx); 2976 __iwl_mvm_remove_chanctx(mvm, vifs[0].old_ctx);
@@ -2912,15 +2999,51 @@ out_remove:
2912 __iwl_mvm_remove_chanctx(mvm, vifs[0].new_ctx); 2999 __iwl_mvm_remove_chanctx(mvm, vifs[0].new_ctx);
2913 3000
2914out_reassign: 3001out_reassign:
2915 ret = __iwl_mvm_add_chanctx(mvm, vifs[0].old_ctx); 3002 if (__iwl_mvm_add_chanctx(mvm, vifs[0].old_ctx)) {
2916 if (ret) {
2917 IWL_ERR(mvm, "failed to add old_ctx back after failure.\n"); 3003 IWL_ERR(mvm, "failed to add old_ctx back after failure.\n");
2918 goto out_restart; 3004 goto out_restart;
2919 } 3005 }
2920 3006
2921 ret = __iwl_mvm_assign_vif_chanctx(mvm, vifs[0].vif, vifs[0].old_ctx, 3007 if (__iwl_mvm_assign_vif_chanctx(mvm, vifs[0].vif, vifs[0].old_ctx,
3008 true)) {
3009 IWL_ERR(mvm, "failed to reassign old_ctx after failure.\n");
3010 goto out_restart;
3011 }
3012
3013 goto out;
3014
3015out_restart:
3016 /* things keep failing, better restart the hw */
3017 iwl_mvm_nic_restart(mvm, false);
3018
3019out:
3020 mutex_unlock(&mvm->mutex);
3021
3022 return ret;
3023}
3024
3025static int
3026iwl_mvm_switch_vif_chanctx_reassign(struct iwl_mvm *mvm,
3027 struct ieee80211_vif_chanctx_switch *vifs)
3028{
3029 int ret;
3030
3031 mutex_lock(&mvm->mutex);
3032 __iwl_mvm_unassign_vif_chanctx(mvm, vifs[0].vif, vifs[0].old_ctx, true);
3033
3034 ret = __iwl_mvm_assign_vif_chanctx(mvm, vifs[0].vif, vifs[0].new_ctx,
2922 true); 3035 true);
2923 if (ret) { 3036 if (ret) {
3037 IWL_ERR(mvm,
3038 "failed to assign new_ctx during channel switch\n");
3039 goto out_reassign;
3040 }
3041
3042 goto out;
3043
3044out_reassign:
3045 if (__iwl_mvm_assign_vif_chanctx(mvm, vifs[0].vif, vifs[0].old_ctx,
3046 true)) {
2924 IWL_ERR(mvm, "failed to reassign old_ctx after failure.\n"); 3047 IWL_ERR(mvm, "failed to reassign old_ctx after failure.\n");
2925 goto out_restart; 3048 goto out_restart;
2926 } 3049 }
@@ -2933,6 +3056,34 @@ out_restart:
2933 3056
2934out: 3057out:
2935 mutex_unlock(&mvm->mutex); 3058 mutex_unlock(&mvm->mutex);
3059
3060 return ret;
3061}
3062
3063static int iwl_mvm_switch_vif_chanctx(struct ieee80211_hw *hw,
3064 struct ieee80211_vif_chanctx_switch *vifs,
3065 int n_vifs,
3066 enum ieee80211_chanctx_switch_mode mode)
3067{
3068 struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
3069 int ret;
3070
3071 /* we only support a single-vif right now */
3072 if (n_vifs > 1)
3073 return -EOPNOTSUPP;
3074
3075 switch (mode) {
3076 case CHANCTX_SWMODE_SWAP_CONTEXTS:
3077 ret = iwl_mvm_switch_vif_chanctx_swap(mvm, vifs);
3078 break;
3079 case CHANCTX_SWMODE_REASSIGN_VIF:
3080 ret = iwl_mvm_switch_vif_chanctx_reassign(mvm, vifs);
3081 break;
3082 default:
3083 ret = -EOPNOTSUPP;
3084 break;
3085 }
3086
2936 return ret; 3087 return ret;
2937} 3088}
2938 3089
@@ -3018,27 +3169,134 @@ static int iwl_mvm_mac_testmode_cmd(struct ieee80211_hw *hw,
3018} 3169}
3019#endif 3170#endif
3020 3171
3021static void iwl_mvm_channel_switch_beacon(struct ieee80211_hw *hw, 3172static void iwl_mvm_channel_switch(struct ieee80211_hw *hw,
3022 struct ieee80211_vif *vif, 3173 struct ieee80211_vif *vif,
3023 struct cfg80211_chan_def *chandef) 3174 struct ieee80211_channel_switch *chsw)
3175{
3176 /* By implementing this operation, we prevent mac80211 from
3177 * starting its own channel switch timer, so that we can call
3178 * ieee80211_chswitch_done() ourselves at the right time
3179 * (which is when the absence time event starts).
3180 */
3181
3182 IWL_DEBUG_MAC80211(IWL_MAC80211_GET_MVM(hw),
3183 "dummy channel switch op\n");
3184}
3185
3186static int iwl_mvm_pre_channel_switch(struct ieee80211_hw *hw,
3187 struct ieee80211_vif *vif,
3188 struct ieee80211_channel_switch *chsw)
3024{ 3189{
3025 struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw); 3190 struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
3026 struct ieee80211_vif *csa_vif; 3191 struct ieee80211_vif *csa_vif;
3192 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
3193 u32 apply_time;
3194 int ret;
3027 3195
3028 mutex_lock(&mvm->mutex); 3196 mutex_lock(&mvm->mutex);
3029 3197
3030 csa_vif = rcu_dereference_protected(mvm->csa_vif, 3198 IWL_DEBUG_MAC80211(mvm, "pre CSA to freq %d\n",
3031 lockdep_is_held(&mvm->mutex)); 3199 chsw->chandef.center_freq1);
3032 if (WARN(csa_vif && csa_vif->csa_active, 3200
3033 "Another CSA is already in progress")) 3201 switch (vif->type) {
3202 case NL80211_IFTYPE_AP:
3203 csa_vif =
3204 rcu_dereference_protected(mvm->csa_vif,
3205 lockdep_is_held(&mvm->mutex));
3206 if (WARN_ONCE(csa_vif && csa_vif->csa_active,
3207 "Another CSA is already in progress")) {
3208 ret = -EBUSY;
3209 goto out_unlock;
3210 }
3211
3212 rcu_assign_pointer(mvm->csa_vif, vif);
3213
3214 if (WARN_ONCE(mvmvif->csa_countdown,
3215 "Previous CSA countdown didn't complete")) {
3216 ret = -EBUSY;
3217 goto out_unlock;
3218 }
3219
3220 break;
3221 case NL80211_IFTYPE_STATION:
3222 /* Schedule the time event to a bit before beacon 1,
3223 * to make sure we're in the new channel when the
3224 * GO/AP arrives.
3225 */
3226 apply_time = chsw->device_timestamp +
3227 ((vif->bss_conf.beacon_int * (chsw->count - 1) -
3228 IWL_MVM_CHANNEL_SWITCH_TIME_CLIENT) * 1024);
3229
3230 if (chsw->block_tx)
3231 iwl_mvm_csa_client_absent(mvm, vif);
3232
3233 iwl_mvm_schedule_csa_period(mvm, vif, vif->bss_conf.beacon_int,
3234 apply_time);
3235 if (mvmvif->bf_data.bf_enabled) {
3236 ret = iwl_mvm_disable_beacon_filter(mvm, vif, 0);
3237 if (ret)
3238 goto out_unlock;
3239 }
3240
3241 break;
3242 default:
3243 break;
3244 }
3245
3246 mvmvif->ps_disabled = true;
3247
3248 ret = iwl_mvm_power_update_ps(mvm);
3249 if (ret)
3034 goto out_unlock; 3250 goto out_unlock;
3035 3251
3036 IWL_DEBUG_MAC80211(mvm, "CSA started to freq %d\n", 3252 /* we won't be on this channel any longer */
3037 chandef->center_freq1); 3253 iwl_mvm_teardown_tdls_peers(mvm);
3038 rcu_assign_pointer(mvm->csa_vif, vif); 3254
3255out_unlock:
3256 mutex_unlock(&mvm->mutex);
3257
3258 return ret;
3259}
3260
3261static int iwl_mvm_post_channel_switch(struct ieee80211_hw *hw,
3262 struct ieee80211_vif *vif)
3263{
3264 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
3265 struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
3266 int ret;
3267
3268 mutex_lock(&mvm->mutex);
3269
3270 if (vif->type == NL80211_IFTYPE_STATION) {
3271 struct iwl_mvm_sta *mvmsta;
3272
3273 mvmsta = iwl_mvm_sta_from_staid_protected(mvm,
3274 mvmvif->ap_sta_id);
3275
3276 if (WARN_ON(!mvmsta)) {
3277 ret = -EIO;
3278 goto out_unlock;
3279 }
3280
3281 iwl_mvm_sta_modify_disable_tx(mvm, mvmsta, false);
3282
3283 iwl_mvm_mac_ctxt_changed(mvm, vif, false, NULL);
3284
3285 ret = iwl_mvm_enable_beacon_filter(mvm, vif, 0);
3286 if (ret)
3287 goto out_unlock;
3288
3289 iwl_mvm_stop_session_protection(mvm, vif);
3290 }
3291
3292 mvmvif->ps_disabled = false;
3293
3294 ret = iwl_mvm_power_update_ps(mvm);
3039 3295
3040out_unlock: 3296out_unlock:
3041 mutex_unlock(&mvm->mutex); 3297 mutex_unlock(&mvm->mutex);
3298
3299 return ret;
3042} 3300}
3043 3301
3044static void iwl_mvm_mac_flush(struct ieee80211_hw *hw, 3302static void iwl_mvm_mac_flush(struct ieee80211_hw *hw,
@@ -3047,31 +3305,44 @@ static void iwl_mvm_mac_flush(struct ieee80211_hw *hw,
3047 struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw); 3305 struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
3048 struct iwl_mvm_vif *mvmvif; 3306 struct iwl_mvm_vif *mvmvif;
3049 struct iwl_mvm_sta *mvmsta; 3307 struct iwl_mvm_sta *mvmsta;
3308 struct ieee80211_sta *sta;
3309 int i;
3310 u32 msk = 0;
3050 3311
3051 if (!vif || vif->type != NL80211_IFTYPE_STATION) 3312 if (!vif || vif->type != NL80211_IFTYPE_STATION)
3052 return; 3313 return;
3053 3314
3054 mutex_lock(&mvm->mutex); 3315 mutex_lock(&mvm->mutex);
3055 mvmvif = iwl_mvm_vif_from_mac80211(vif); 3316 mvmvif = iwl_mvm_vif_from_mac80211(vif);
3056 mvmsta = iwl_mvm_sta_from_staid_protected(mvm, mvmvif->ap_sta_id);
3057 3317
3058 if (WARN_ON_ONCE(!mvmsta)) { 3318 /* flush the AP-station and all TDLS peers */
3059 mutex_unlock(&mvm->mutex); 3319 for (i = 0; i < IWL_MVM_STATION_COUNT; i++) {
3060 return; 3320 sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[i],
3321 lockdep_is_held(&mvm->mutex));
3322 if (IS_ERR_OR_NULL(sta))
3323 continue;
3324
3325 mvmsta = iwl_mvm_sta_from_mac80211(sta);
3326 if (mvmsta->vif != vif)
3327 continue;
3328
3329 /* make sure only TDLS peers or the AP are flushed */
3330 WARN_ON(i != mvmvif->ap_sta_id && !sta->tdls);
3331
3332 msk |= mvmsta->tfd_queue_msk;
3061 } 3333 }
3062 3334
3063 if (drop) { 3335 if (drop) {
3064 if (iwl_mvm_flush_tx_path(mvm, mvmsta->tfd_queue_msk, true)) 3336 if (iwl_mvm_flush_tx_path(mvm, msk, true))
3065 IWL_ERR(mvm, "flush request fail\n"); 3337 IWL_ERR(mvm, "flush request fail\n");
3066 mutex_unlock(&mvm->mutex); 3338 mutex_unlock(&mvm->mutex);
3067 } else { 3339 } else {
3068 u32 tfd_queue_msk = mvmsta->tfd_queue_msk;
3069 mutex_unlock(&mvm->mutex); 3340 mutex_unlock(&mvm->mutex);
3070 3341
3071 /* this can take a while, and we may need/want other operations 3342 /* this can take a while, and we may need/want other operations
3072 * to succeed while doing this, so do it without the mutex held 3343 * to succeed while doing this, so do it without the mutex held
3073 */ 3344 */
3074 iwl_trans_wait_tx_queue_empty(mvm->trans, tfd_queue_msk); 3345 iwl_trans_wait_tx_queue_empty(mvm->trans, msk);
3075 } 3346 }
3076} 3347}
3077 3348
@@ -3120,7 +3391,13 @@ const struct ieee80211_ops iwl_mvm_hw_ops = {
3120 3391
3121 .set_tim = iwl_mvm_set_tim, 3392 .set_tim = iwl_mvm_set_tim,
3122 3393
3123 .channel_switch_beacon = iwl_mvm_channel_switch_beacon, 3394 .channel_switch = iwl_mvm_channel_switch,
3395 .pre_channel_switch = iwl_mvm_pre_channel_switch,
3396 .post_channel_switch = iwl_mvm_post_channel_switch,
3397
3398 .tdls_channel_switch = iwl_mvm_tdls_channel_switch,
3399 .tdls_cancel_channel_switch = iwl_mvm_tdls_cancel_channel_switch,
3400 .tdls_recv_channel_switch = iwl_mvm_tdls_recv_channel_switch,
3124 3401
3125 CFG80211_TESTMODE_CMD(iwl_mvm_mac_testmode_cmd) 3402 CFG80211_TESTMODE_CMD(iwl_mvm_mac_testmode_cmd)
3126 3403
diff --git a/drivers/net/wireless/iwlwifi/mvm/mvm.h b/drivers/net/wireless/iwlwifi/mvm/mvm.h
index d015fac06a62..d24660fb4ef2 100644
--- a/drivers/net/wireless/iwlwifi/mvm/mvm.h
+++ b/drivers/net/wireless/iwlwifi/mvm/mvm.h
@@ -87,12 +87,18 @@
87/* A TimeUnit is 1024 microsecond */ 87/* A TimeUnit is 1024 microsecond */
88#define MSEC_TO_TU(_msec) (_msec*1000/1024) 88#define MSEC_TO_TU(_msec) (_msec*1000/1024)
89 89
90/* This value represents the number of TUs before CSA "beacon 0" TBTT 90/* For GO, this value represents the number of TUs before CSA "beacon
91 * when the CSA time-event needs to be scheduled to start. It must be 91 * 0" TBTT when the CSA time-event needs to be scheduled to start. It
92 * big enough to ensure that we switch in time. 92 * must be big enough to ensure that we switch in time.
93 */ 93 */
94#define IWL_MVM_CHANNEL_SWITCH_TIME_GO 40 94#define IWL_MVM_CHANNEL_SWITCH_TIME_GO 40
95 95
96/* For client, this value represents the number of TUs before CSA
97 * "beacon 1" TBTT, instead. This is because we don't know when the
98 * GO/AP will be in the new channel, so we switch early enough.
99 */
100#define IWL_MVM_CHANNEL_SWITCH_TIME_CLIENT 10
101
96/* 102/*
97 * This value (in TUs) is used to fine tune the CSA NoA end time which should 103 * This value (in TUs) is used to fine tune the CSA NoA end time which should
98 * be just before "beacon 0" TBTT. 104 * be just before "beacon 0" TBTT.
@@ -269,6 +275,7 @@ enum iwl_mvm_ref_type {
269 IWL_MVM_REF_NMI, 275 IWL_MVM_REF_NMI,
270 IWL_MVM_REF_TM_CMD, 276 IWL_MVM_REF_TM_CMD,
271 IWL_MVM_REF_EXIT_WORK, 277 IWL_MVM_REF_EXIT_WORK,
278 IWL_MVM_REF_PROTECT_CSA,
272 279
273 /* update debugfs.c when changing this */ 280 /* update debugfs.c when changing this */
274 281
@@ -288,7 +295,6 @@ enum iwl_bt_force_ant_mode {
288* struct iwl_mvm_vif_bf_data - beacon filtering related data 295* struct iwl_mvm_vif_bf_data - beacon filtering related data
289* @bf_enabled: indicates if beacon filtering is enabled 296* @bf_enabled: indicates if beacon filtering is enabled
290* @ba_enabled: indicated if beacon abort is enabled 297* @ba_enabled: indicated if beacon abort is enabled
291* @last_beacon_signal: last beacon rssi signal in dbm
292* @ave_beacon_signal: average beacon signal 298* @ave_beacon_signal: average beacon signal
293* @last_cqm_event: rssi of the last cqm event 299* @last_cqm_event: rssi of the last cqm event
294* @bt_coex_min_thold: minimum threshold for BT coex 300* @bt_coex_min_thold: minimum threshold for BT coex
@@ -399,6 +405,9 @@ struct iwl_mvm_vif {
399 405
400 /* FW identified misbehaving AP */ 406 /* FW identified misbehaving AP */
401 u8 uapsd_misbehaving_bssid[ETH_ALEN]; 407 u8 uapsd_misbehaving_bssid[ETH_ALEN];
408
409 /* Indicates that CSA countdown may be started */
410 bool csa_countdown;
402}; 411};
403 412
404static inline struct iwl_mvm_vif * 413static inline struct iwl_mvm_vif *
@@ -519,6 +528,13 @@ enum {
519#define IWL_MVM_DEBUG_SET_TEMPERATURE_MIN -100 528#define IWL_MVM_DEBUG_SET_TEMPERATURE_MIN -100
520#define IWL_MVM_DEBUG_SET_TEMPERATURE_MAX 200 529#define IWL_MVM_DEBUG_SET_TEMPERATURE_MAX 200
521 530
531enum iwl_mvm_tdls_cs_state {
532 IWL_MVM_TDLS_SW_IDLE = 0,
533 IWL_MVM_TDLS_SW_REQ_SENT,
534 IWL_MVM_TDLS_SW_REQ_RCVD,
535 IWL_MVM_TDLS_SW_ACTIVE,
536};
537
522struct iwl_mvm { 538struct iwl_mvm {
523 /* for logger access */ 539 /* for logger access */
524 struct device *dev; 540 struct device *dev;
@@ -578,6 +594,7 @@ struct iwl_mvm {
578 struct work_struct sta_drained_wk; 594 struct work_struct sta_drained_wk;
579 unsigned long sta_drained[BITS_TO_LONGS(IWL_MVM_STATION_COUNT)]; 595 unsigned long sta_drained[BITS_TO_LONGS(IWL_MVM_STATION_COUNT)];
580 atomic_t pending_frames[IWL_MVM_STATION_COUNT]; 596 atomic_t pending_frames[IWL_MVM_STATION_COUNT];
597 u32 tfd_drained[IWL_MVM_STATION_COUNT];
581 u8 rx_ba_sessions; 598 u8 rx_ba_sessions;
582 599
583 /* configured by mac80211 */ 600 /* configured by mac80211 */
@@ -588,6 +605,10 @@ struct iwl_mvm {
588 void *scan_cmd; 605 void *scan_cmd;
589 struct iwl_mcast_filter_cmd *mcast_filter_cmd; 606 struct iwl_mcast_filter_cmd *mcast_filter_cmd;
590 607
608 /* UMAC scan tracking */
609 u32 scan_uid[IWL_MVM_MAX_SIMULTANEOUS_SCANS];
610 u8 scan_seq_num, sched_scan_seq_num;
611
591 /* rx chain antennas set through debugfs for the scan command */ 612 /* rx chain antennas set through debugfs for the scan command */
592 u8 scan_rx_ant; 613 u8 scan_rx_ant;
593 614
@@ -649,6 +670,7 @@ struct iwl_mvm {
649 /* -1 for always, 0 for never, >0 for that many times */ 670 /* -1 for always, 0 for never, >0 for that many times */
650 s8 restart_fw; 671 s8 restart_fw;
651 struct work_struct fw_error_dump_wk; 672 struct work_struct fw_error_dump_wk;
673 enum iwl_fw_dbg_conf fw_dbg_conf;
652 674
653#ifdef CONFIG_IWLWIFI_LEDS 675#ifdef CONFIG_IWLWIFI_LEDS
654 struct led_classdev led; 676 struct led_classdev led;
@@ -662,7 +684,12 @@ struct iwl_mvm {
662 684
663 /* sched scan settings for net detect */ 685 /* sched scan settings for net detect */
664 struct cfg80211_sched_scan_request *nd_config; 686 struct cfg80211_sched_scan_request *nd_config;
665 struct ieee80211_scan_ies *nd_ies; 687 struct ieee80211_scan_ies nd_ies;
688 struct cfg80211_match_set *nd_match_sets;
689 int n_nd_match_sets;
690 struct ieee80211_channel **nd_channels;
691 int n_nd_channels;
692 bool net_detect;
666#ifdef CONFIG_IWLWIFI_DEBUGFS 693#ifdef CONFIG_IWLWIFI_DEBUGFS
667 u32 d3_wake_sysassert; /* must be u32 for debugfs_create_bool */ 694 u32 d3_wake_sysassert; /* must be u32 for debugfs_create_bool */
668 bool d3_test_active; 695 bool d3_test_active;
@@ -735,6 +762,28 @@ struct iwl_mvm {
735 u32 ap_last_beacon_gp2; 762 u32 ap_last_beacon_gp2;
736 763
737 u8 low_latency_agg_frame_limit; 764 u8 low_latency_agg_frame_limit;
765
766 /* TDLS channel switch data */
767 struct {
768 struct delayed_work dwork;
769 enum iwl_mvm_tdls_cs_state state;
770
771 /*
772 * Current cs sta - might be different from periodic cs peer
773 * station. Value is meaningless when the cs-state is idle.
774 */
775 u8 cur_sta_id;
776
777 /* TDLS periodic channel-switch peer */
778 struct {
779 u8 sta_id;
780 u8 op_class;
781 bool initiator; /* are we the link initiator */
782 struct cfg80211_chan_def chandef;
783 struct sk_buff *skb; /* ch sw template */
784 u32 ch_sw_tm_ie;
785 } peer;
786 } tdls_cs;
738}; 787};
739 788
740/* Extract MVM priv from op_mode and _hw */ 789/* Extract MVM priv from op_mode and _hw */
@@ -751,6 +800,7 @@ enum iwl_mvm_status {
751 IWL_MVM_STATUS_IN_HW_RESTART, 800 IWL_MVM_STATUS_IN_HW_RESTART,
752 IWL_MVM_STATUS_IN_D0I3, 801 IWL_MVM_STATUS_IN_D0I3,
753 IWL_MVM_STATUS_ROC_AUX_RUNNING, 802 IWL_MVM_STATUS_ROC_AUX_RUNNING,
803 IWL_MVM_STATUS_D3_RECONFIG,
754}; 804};
755 805
756static inline bool iwl_mvm_is_radio_killed(struct iwl_mvm *mvm) 806static inline bool iwl_mvm_is_radio_killed(struct iwl_mvm *mvm)
@@ -759,6 +809,26 @@ static inline bool iwl_mvm_is_radio_killed(struct iwl_mvm *mvm)
759 test_bit(IWL_MVM_STATUS_HW_CTKILL, &mvm->status); 809 test_bit(IWL_MVM_STATUS_HW_CTKILL, &mvm->status);
760} 810}
761 811
812/* Must be called with rcu_read_lock() held and it can only be
813 * released when mvmsta is not needed anymore.
814 */
815static inline struct iwl_mvm_sta *
816iwl_mvm_sta_from_staid_rcu(struct iwl_mvm *mvm, u8 sta_id)
817{
818 struct ieee80211_sta *sta;
819
820 if (sta_id >= ARRAY_SIZE(mvm->fw_id_to_mac_id))
821 return NULL;
822
823 sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]);
824
825 /* This can happen if the station has been removed right now */
826 if (IS_ERR_OR_NULL(sta))
827 return NULL;
828
829 return iwl_mvm_sta_from_mac80211(sta);
830}
831
762static inline struct iwl_mvm_sta * 832static inline struct iwl_mvm_sta *
763iwl_mvm_sta_from_staid_protected(struct iwl_mvm *mvm, u8 sta_id) 833iwl_mvm_sta_from_staid_protected(struct iwl_mvm *mvm, u8 sta_id)
764{ 834{
@@ -832,6 +902,16 @@ int __must_check iwl_mvm_send_cmd_pdu_status(struct iwl_mvm *mvm, u8 id,
832int iwl_mvm_tx_skb(struct iwl_mvm *mvm, struct sk_buff *skb, 902int iwl_mvm_tx_skb(struct iwl_mvm *mvm, struct sk_buff *skb,
833 struct ieee80211_sta *sta); 903 struct ieee80211_sta *sta);
834int iwl_mvm_tx_skb_non_sta(struct iwl_mvm *mvm, struct sk_buff *skb); 904int iwl_mvm_tx_skb_non_sta(struct iwl_mvm *mvm, struct sk_buff *skb);
905void iwl_mvm_set_tx_cmd(struct iwl_mvm *mvm, struct sk_buff *skb,
906 struct iwl_tx_cmd *tx_cmd,
907 struct ieee80211_tx_info *info, u8 sta_id);
908void iwl_mvm_set_tx_cmd_crypto(struct iwl_mvm *mvm,
909 struct ieee80211_tx_info *info,
910 struct iwl_tx_cmd *tx_cmd,
911 struct sk_buff *skb_frag);
912void iwl_mvm_set_tx_cmd_rate(struct iwl_mvm *mvm, struct iwl_tx_cmd *tx_cmd,
913 struct ieee80211_tx_info *info,
914 struct ieee80211_sta *sta, __le16 fc);
835#ifdef CONFIG_IWLWIFI_DEBUG 915#ifdef CONFIG_IWLWIFI_DEBUG
836const char *iwl_mvm_get_tx_fail_reason(u32 status); 916const char *iwl_mvm_get_tx_fail_reason(u32 status);
837#else 917#else
@@ -888,6 +968,8 @@ int iwl_mvm_rx_card_state_notif(struct iwl_mvm *mvm,
888 struct iwl_device_cmd *cmd); 968 struct iwl_device_cmd *cmd);
889int iwl_mvm_rx_radio_ver(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb, 969int iwl_mvm_rx_radio_ver(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb,
890 struct iwl_device_cmd *cmd); 970 struct iwl_device_cmd *cmd);
971int iwl_mvm_rx_mfuart_notif(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb,
972 struct iwl_device_cmd *cmd);
891 973
892/* MVM PHY */ 974/* MVM PHY */
893int iwl_mvm_phy_ctxt_add(struct iwl_mvm *mvm, struct iwl_mvm_phy_ctxt *ctxt, 975int iwl_mvm_phy_ctxt_add(struct iwl_mvm *mvm, struct iwl_mvm_phy_ctxt *ctxt,
@@ -901,6 +983,8 @@ void iwl_mvm_phy_ctxt_ref(struct iwl_mvm *mvm,
901void iwl_mvm_phy_ctxt_unref(struct iwl_mvm *mvm, 983void iwl_mvm_phy_ctxt_unref(struct iwl_mvm *mvm,
902 struct iwl_mvm_phy_ctxt *ctxt); 984 struct iwl_mvm_phy_ctxt *ctxt);
903int iwl_mvm_phy_ctx_count(struct iwl_mvm *mvm); 985int iwl_mvm_phy_ctx_count(struct iwl_mvm *mvm);
986u8 iwl_mvm_get_channel_width(struct cfg80211_chan_def *chandef);
987u8 iwl_mvm_get_ctrl_pos(struct cfg80211_chan_def *chandef);
904 988
905/* MAC (virtual interface) programming */ 989/* MAC (virtual interface) programming */
906int iwl_mvm_mac_ctxt_init(struct iwl_mvm *mvm, struct ieee80211_vif *vif); 990int iwl_mvm_mac_ctxt_init(struct iwl_mvm *mvm, struct ieee80211_vif *vif);
@@ -920,6 +1004,8 @@ int iwl_mvm_rx_missed_beacons_notif(struct iwl_mvm *mvm,
920 struct iwl_device_cmd *cmd); 1004 struct iwl_device_cmd *cmd);
921void iwl_mvm_mac_ctxt_recalc_tsf_id(struct iwl_mvm *mvm, 1005void iwl_mvm_mac_ctxt_recalc_tsf_id(struct iwl_mvm *mvm,
922 struct ieee80211_vif *vif); 1006 struct ieee80211_vif *vif);
1007unsigned long iwl_mvm_get_used_hw_queues(struct iwl_mvm *mvm,
1008 struct ieee80211_vif *exclude_vif);
923 1009
924/* Bindings */ 1010/* Bindings */
925int iwl_mvm_binding_add_vif(struct iwl_mvm *mvm, struct ieee80211_vif *vif); 1011int iwl_mvm_binding_add_vif(struct iwl_mvm *mvm, struct ieee80211_vif *vif);
@@ -930,6 +1016,7 @@ int iwl_mvm_update_quotas(struct iwl_mvm *mvm,
930 struct ieee80211_vif *disabled_vif); 1016 struct ieee80211_vif *disabled_vif);
931 1017
932/* Scanning */ 1018/* Scanning */
1019int iwl_mvm_scan_size(struct iwl_mvm *mvm);
933int iwl_mvm_scan_request(struct iwl_mvm *mvm, 1020int iwl_mvm_scan_request(struct iwl_mvm *mvm,
934 struct ieee80211_vif *vif, 1021 struct ieee80211_vif *vif,
935 struct cfg80211_scan_request *req); 1022 struct cfg80211_scan_request *req);
@@ -970,6 +1057,17 @@ int iwl_mvm_unified_sched_scan_lmac(struct iwl_mvm *mvm,
970 struct cfg80211_sched_scan_request *req, 1057 struct cfg80211_sched_scan_request *req,
971 struct ieee80211_scan_ies *ies); 1058 struct ieee80211_scan_ies *ies);
972 1059
1060/* UMAC scan */
1061int iwl_mvm_config_scan(struct iwl_mvm *mvm);
1062int iwl_mvm_scan_umac(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
1063 struct ieee80211_scan_request *req);
1064int iwl_mvm_sched_scan_umac(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
1065 struct cfg80211_sched_scan_request *req,
1066 struct ieee80211_scan_ies *ies);
1067int iwl_mvm_rx_umac_scan_complete_notif(struct iwl_mvm *mvm,
1068 struct iwl_rx_cmd_buffer *rxb,
1069 struct iwl_device_cmd *cmd);
1070
973/* MVM debugfs */ 1071/* MVM debugfs */
974#ifdef CONFIG_IWLWIFI_DEBUGFS 1072#ifdef CONFIG_IWLWIFI_DEBUGFS
975int iwl_mvm_dbgfs_register(struct iwl_mvm *mvm, struct dentry *dbgfs_dir); 1073int iwl_mvm_dbgfs_register(struct iwl_mvm *mvm, struct dentry *dbgfs_dir);
@@ -1049,7 +1147,7 @@ iwl_mvm_set_last_nonqos_seq(struct iwl_mvm *mvm, struct ieee80211_vif *vif)
1049} 1147}
1050#endif 1148#endif
1051void iwl_mvm_set_wowlan_qos_seq(struct iwl_mvm_sta *mvm_ap_sta, 1149void iwl_mvm_set_wowlan_qos_seq(struct iwl_mvm_sta *mvm_ap_sta,
1052 struct iwl_wowlan_config_cmd_v2 *cmd); 1150 struct iwl_wowlan_config_cmd *cmd);
1053int iwl_mvm_send_proto_offload(struct iwl_mvm *mvm, 1151int iwl_mvm_send_proto_offload(struct iwl_mvm *mvm,
1054 struct ieee80211_vif *vif, 1152 struct ieee80211_vif *vif,
1055 bool disable_offloading, 1153 bool disable_offloading,
@@ -1059,6 +1157,7 @@ int iwl_mvm_send_proto_offload(struct iwl_mvm *mvm,
1059void iwl_mvm_ref(struct iwl_mvm *mvm, enum iwl_mvm_ref_type ref_type); 1157void iwl_mvm_ref(struct iwl_mvm *mvm, enum iwl_mvm_ref_type ref_type);
1060void iwl_mvm_unref(struct iwl_mvm *mvm, enum iwl_mvm_ref_type ref_type); 1158void iwl_mvm_unref(struct iwl_mvm *mvm, enum iwl_mvm_ref_type ref_type);
1061int iwl_mvm_ref_sync(struct iwl_mvm *mvm, enum iwl_mvm_ref_type ref_type); 1159int iwl_mvm_ref_sync(struct iwl_mvm *mvm, enum iwl_mvm_ref_type ref_type);
1160bool iwl_mvm_ref_taken(struct iwl_mvm *mvm);
1062void iwl_mvm_d0i3_enable_tx(struct iwl_mvm *mvm, __le16 *qos_seq); 1161void iwl_mvm_d0i3_enable_tx(struct iwl_mvm *mvm, __le16 *qos_seq);
1063int _iwl_mvm_exit_d0i3(struct iwl_mvm *mvm); 1162int _iwl_mvm_exit_d0i3(struct iwl_mvm *mvm);
1064 1163
@@ -1074,12 +1173,14 @@ u16 iwl_mvm_coex_agg_time_limit(struct iwl_mvm *mvm,
1074 struct ieee80211_sta *sta); 1173 struct ieee80211_sta *sta);
1075bool iwl_mvm_bt_coex_is_mimo_allowed(struct iwl_mvm *mvm, 1174bool iwl_mvm_bt_coex_is_mimo_allowed(struct iwl_mvm *mvm,
1076 struct ieee80211_sta *sta); 1175 struct ieee80211_sta *sta);
1176bool iwl_mvm_bt_coex_is_ant_avail(struct iwl_mvm *mvm, u8 ant);
1077bool iwl_mvm_bt_coex_is_shared_ant_avail(struct iwl_mvm *mvm); 1177bool iwl_mvm_bt_coex_is_shared_ant_avail(struct iwl_mvm *mvm);
1078bool iwl_mvm_bt_coex_is_tpc_allowed(struct iwl_mvm *mvm, 1178bool iwl_mvm_bt_coex_is_tpc_allowed(struct iwl_mvm *mvm,
1079 enum ieee80211_band band); 1179 enum ieee80211_band band);
1080u8 iwl_mvm_bt_coex_tx_prio(struct iwl_mvm *mvm, struct ieee80211_hdr *hdr, 1180u8 iwl_mvm_bt_coex_tx_prio(struct iwl_mvm *mvm, struct ieee80211_hdr *hdr,
1081 struct ieee80211_tx_info *info, u8 ac); 1181 struct ieee80211_tx_info *info, u8 ac);
1082 1182
1183bool iwl_mvm_bt_coex_is_ant_avail_old(struct iwl_mvm *mvm, u8 ant);
1083bool iwl_mvm_bt_coex_is_shared_ant_avail_old(struct iwl_mvm *mvm); 1184bool iwl_mvm_bt_coex_is_shared_ant_avail_old(struct iwl_mvm *mvm);
1084void iwl_mvm_bt_coex_vif_change_old(struct iwl_mvm *mvm); 1185void iwl_mvm_bt_coex_vif_change_old(struct iwl_mvm *mvm);
1085int iwl_send_bt_init_conf_old(struct iwl_mvm *mvm); 1186int iwl_send_bt_init_conf_old(struct iwl_mvm *mvm);
@@ -1195,6 +1296,10 @@ bool iwl_mvm_is_idle(struct iwl_mvm *mvm);
1195 1296
1196/* Thermal management and CT-kill */ 1297/* Thermal management and CT-kill */
1197void iwl_mvm_tt_tx_backoff(struct iwl_mvm *mvm, u32 backoff); 1298void iwl_mvm_tt_tx_backoff(struct iwl_mvm *mvm, u32 backoff);
1299void iwl_mvm_tt_temp_changed(struct iwl_mvm *mvm, u32 temp);
1300int iwl_mvm_temp_notif(struct iwl_mvm *mvm,
1301 struct iwl_rx_cmd_buffer *rxb,
1302 struct iwl_device_cmd *cmd);
1198void iwl_mvm_tt_handler(struct iwl_mvm *mvm); 1303void iwl_mvm_tt_handler(struct iwl_mvm *mvm);
1199void iwl_mvm_tt_initialize(struct iwl_mvm *mvm, u32 min_backoff); 1304void iwl_mvm_tt_initialize(struct iwl_mvm *mvm, u32 min_backoff);
1200void iwl_mvm_tt_exit(struct iwl_mvm *mvm); 1305void iwl_mvm_tt_exit(struct iwl_mvm *mvm);
@@ -1206,12 +1311,33 @@ int iwl_mvm_sf_update(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
1206 bool added_vif); 1311 bool added_vif);
1207 1312
1208/* TDLS */ 1313/* TDLS */
1314
1315/*
1316 * We use TID 4 (VI) as a FW-used-only TID when TDLS connections are present.
1317 * This TID is marked as used vs the AP and all connected TDLS peers.
1318 */
1319#define IWL_MVM_TDLS_FW_TID 4
1320
1209int iwl_mvm_tdls_sta_count(struct iwl_mvm *mvm, struct ieee80211_vif *vif); 1321int iwl_mvm_tdls_sta_count(struct iwl_mvm *mvm, struct ieee80211_vif *vif);
1210void iwl_mvm_teardown_tdls_peers(struct iwl_mvm *mvm); 1322void iwl_mvm_teardown_tdls_peers(struct iwl_mvm *mvm);
1211void iwl_mvm_recalc_tdls_state(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 1323void iwl_mvm_recalc_tdls_state(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
1212 bool sta_added); 1324 bool sta_added);
1213void iwl_mvm_mac_mgd_protect_tdls_discover(struct ieee80211_hw *hw, 1325void iwl_mvm_mac_mgd_protect_tdls_discover(struct ieee80211_hw *hw,
1214 struct ieee80211_vif *vif); 1326 struct ieee80211_vif *vif);
1327int iwl_mvm_tdls_channel_switch(struct ieee80211_hw *hw,
1328 struct ieee80211_vif *vif,
1329 struct ieee80211_sta *sta, u8 oper_class,
1330 struct cfg80211_chan_def *chandef,
1331 struct sk_buff *tmpl_skb, u32 ch_sw_tm_ie);
1332void iwl_mvm_tdls_recv_channel_switch(struct ieee80211_hw *hw,
1333 struct ieee80211_vif *vif,
1334 struct ieee80211_tdls_ch_sw_params *params);
1335void iwl_mvm_tdls_cancel_channel_switch(struct ieee80211_hw *hw,
1336 struct ieee80211_vif *vif,
1337 struct ieee80211_sta *sta);
1338int iwl_mvm_rx_tdls_notif(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb,
1339 struct iwl_device_cmd *cmd);
1340void iwl_mvm_tdls_ch_switch_work(struct work_struct *work);
1215 1341
1216struct ieee80211_vif *iwl_mvm_get_bss_vif(struct iwl_mvm *mvm); 1342struct ieee80211_vif *iwl_mvm_get_bss_vif(struct iwl_mvm *mvm);
1217 1343
diff --git a/drivers/net/wireless/iwlwifi/mvm/nvm.c b/drivers/net/wireless/iwlwifi/mvm/nvm.c
index af074563e770..d55fd8e3654c 100644
--- a/drivers/net/wireless/iwlwifi/mvm/nvm.c
+++ b/drivers/net/wireless/iwlwifi/mvm/nvm.c
@@ -339,11 +339,15 @@ static int iwl_mvm_read_external_nvm(struct iwl_mvm *mvm)
339 } *file_sec; 339 } *file_sec;
340 const u8 *eof, *temp; 340 const u8 *eof, *temp;
341 int max_section_size; 341 int max_section_size;
342 const __le32 *dword_buff;
342 343
343#define NVM_WORD1_LEN(x) (8 * (x & 0x03FF)) 344#define NVM_WORD1_LEN(x) (8 * (x & 0x03FF))
344#define NVM_WORD2_ID(x) (x >> 12) 345#define NVM_WORD2_ID(x) (x >> 12)
345#define NVM_WORD2_LEN_FAMILY_8000(x) (2 * ((x & 0xFF) << 8 | x >> 8)) 346#define NVM_WORD2_LEN_FAMILY_8000(x) (2 * ((x & 0xFF) << 8 | x >> 8))
346#define NVM_WORD1_ID_FAMILY_8000(x) (x >> 4) 347#define NVM_WORD1_ID_FAMILY_8000(x) (x >> 4)
348#define NVM_HEADER_0 (0x2A504C54)
349#define NVM_HEADER_1 (0x4E564D2A)
350#define NVM_HEADER_SIZE (4 * sizeof(u32))
347 351
348 IWL_DEBUG_EEPROM(mvm->trans->dev, "Read from external NVM\n"); 352 IWL_DEBUG_EEPROM(mvm->trans->dev, "Read from external NVM\n");
349 353
@@ -372,12 +376,6 @@ static int iwl_mvm_read_external_nvm(struct iwl_mvm *mvm)
372 IWL_INFO(mvm, "Loaded NVM file %s (%zu bytes)\n", 376 IWL_INFO(mvm, "Loaded NVM file %s (%zu bytes)\n",
373 mvm->nvm_file_name, fw_entry->size); 377 mvm->nvm_file_name, fw_entry->size);
374 378
375 if (fw_entry->size < sizeof(*file_sec)) {
376 IWL_ERR(mvm, "NVM file too small\n");
377 ret = -EINVAL;
378 goto out;
379 }
380
381 if (fw_entry->size > MAX_NVM_FILE_LEN) { 379 if (fw_entry->size > MAX_NVM_FILE_LEN) {
382 IWL_ERR(mvm, "NVM file too large\n"); 380 IWL_ERR(mvm, "NVM file too large\n");
383 ret = -EINVAL; 381 ret = -EINVAL;
@@ -385,8 +383,25 @@ static int iwl_mvm_read_external_nvm(struct iwl_mvm *mvm)
385 } 383 }
386 384
387 eof = fw_entry->data + fw_entry->size; 385 eof = fw_entry->data + fw_entry->size;
388 386 dword_buff = (__le32 *)fw_entry->data;
389 file_sec = (void *)fw_entry->data; 387
388 /* some NVM file will contain a header.
389 * The header is identified by 2 dwords header as follow:
390 * dword[0] = 0x2A504C54
391 * dword[1] = 0x4E564D2A
392 *
393 * This header must be skipped when providing the NVM data to the FW.
394 */
395 if (fw_entry->size > NVM_HEADER_SIZE &&
396 dword_buff[0] == cpu_to_le32(NVM_HEADER_0) &&
397 dword_buff[1] == cpu_to_le32(NVM_HEADER_1)) {
398 file_sec = (void *)(fw_entry->data + NVM_HEADER_SIZE);
399 IWL_INFO(mvm, "NVM Version %08X\n", le32_to_cpu(dword_buff[2]));
400 IWL_INFO(mvm, "NVM Manufacturing date %08X\n",
401 le32_to_cpu(dword_buff[3]));
402 } else {
403 file_sec = (void *)fw_entry->data;
404 }
390 405
391 while (true) { 406 while (true) {
392 if (file_sec->data > eof) { 407 if (file_sec->data > eof) {
diff --git a/drivers/net/wireless/iwlwifi/mvm/offloading.c b/drivers/net/wireless/iwlwifi/mvm/offloading.c
index adcbf4c8edd8..68b0169c8892 100644
--- a/drivers/net/wireless/iwlwifi/mvm/offloading.c
+++ b/drivers/net/wireless/iwlwifi/mvm/offloading.c
@@ -67,7 +67,7 @@
67#include "mvm.h" 67#include "mvm.h"
68 68
69void iwl_mvm_set_wowlan_qos_seq(struct iwl_mvm_sta *mvm_ap_sta, 69void iwl_mvm_set_wowlan_qos_seq(struct iwl_mvm_sta *mvm_ap_sta,
70 struct iwl_wowlan_config_cmd_v2 *cmd) 70 struct iwl_wowlan_config_cmd *cmd)
71{ 71{
72 int i; 72 int i;
73 73
diff --git a/drivers/net/wireless/iwlwifi/mvm/ops.c b/drivers/net/wireless/iwlwifi/mvm/ops.c
index 7a9578567f4f..97dfba50c682 100644
--- a/drivers/net/wireless/iwlwifi/mvm/ops.c
+++ b/drivers/net/wireless/iwlwifi/mvm/ops.c
@@ -244,6 +244,8 @@ static const struct iwl_rx_handlers iwl_mvm_rx_handlers[] = {
244 iwl_mvm_rx_scan_offload_complete_notif, true), 244 iwl_mvm_rx_scan_offload_complete_notif, true),
245 RX_HANDLER(MATCH_FOUND_NOTIFICATION, iwl_mvm_rx_scan_offload_results, 245 RX_HANDLER(MATCH_FOUND_NOTIFICATION, iwl_mvm_rx_scan_offload_results,
246 false), 246 false),
247 RX_HANDLER(SCAN_COMPLETE_UMAC, iwl_mvm_rx_umac_scan_complete_notif,
248 true),
247 249
248 RX_HANDLER(RADIO_VERSION_NOTIFICATION, iwl_mvm_rx_radio_ver, false), 250 RX_HANDLER(RADIO_VERSION_NOTIFICATION, iwl_mvm_rx_radio_ver, false),
249 RX_HANDLER(CARD_STATE_NOTIFICATION, iwl_mvm_rx_card_state_notif, false), 251 RX_HANDLER(CARD_STATE_NOTIFICATION, iwl_mvm_rx_card_state_notif, false),
@@ -254,6 +256,12 @@ static const struct iwl_rx_handlers iwl_mvm_rx_handlers[] = {
254 RX_HANDLER(REPLY_ERROR, iwl_mvm_rx_fw_error, false), 256 RX_HANDLER(REPLY_ERROR, iwl_mvm_rx_fw_error, false),
255 RX_HANDLER(PSM_UAPSD_AP_MISBEHAVING_NOTIFICATION, 257 RX_HANDLER(PSM_UAPSD_AP_MISBEHAVING_NOTIFICATION,
256 iwl_mvm_power_uapsd_misbehaving_ap_notif, false), 258 iwl_mvm_power_uapsd_misbehaving_ap_notif, false),
259 RX_HANDLER(DTS_MEASUREMENT_NOTIFICATION, iwl_mvm_temp_notif, true),
260
261 RX_HANDLER(TDLS_CHANNEL_SWITCH_NOTIFICATION, iwl_mvm_rx_tdls_notif,
262 true),
263 RX_HANDLER(MFUART_LOAD_NOTIFICATION, iwl_mvm_rx_mfuart_notif, false),
264
257}; 265};
258#undef RX_HANDLER 266#undef RX_HANDLER
259#define CMD(x) [x] = #x 267#define CMD(x) [x] = #x
@@ -317,11 +325,9 @@ static const char *const iwl_mvm_cmd_strings[REPLY_MAX] = {
317 CMD(WOWLAN_KEK_KCK_MATERIAL), 325 CMD(WOWLAN_KEK_KCK_MATERIAL),
318 CMD(WOWLAN_GET_STATUSES), 326 CMD(WOWLAN_GET_STATUSES),
319 CMD(WOWLAN_TX_POWER_PER_DB), 327 CMD(WOWLAN_TX_POWER_PER_DB),
320 CMD(NET_DETECT_CONFIG_CMD), 328 CMD(SCAN_OFFLOAD_PROFILES_QUERY_CMD),
321 CMD(NET_DETECT_PROFILES_QUERY_CMD), 329 CMD(SCAN_OFFLOAD_HOTSPOTS_CONFIG_CMD),
322 CMD(NET_DETECT_PROFILES_CMD), 330 CMD(SCAN_OFFLOAD_HOTSPOTS_QUERY_CMD),
323 CMD(NET_DETECT_HOTSPOTS_CMD),
324 CMD(NET_DETECT_HOTSPOTS_QUERY_CMD),
325 CMD(CARD_STATE_NOTIFICATION), 331 CMD(CARD_STATE_NOTIFICATION),
326 CMD(MISSED_BEACONS_NOTIFICATION), 332 CMD(MISSED_BEACONS_NOTIFICATION),
327 CMD(BT_COEX_PRIO_TABLE), 333 CMD(BT_COEX_PRIO_TABLE),
@@ -344,6 +350,13 @@ static const char *const iwl_mvm_cmd_strings[REPLY_MAX] = {
344 CMD(PSM_UAPSD_AP_MISBEHAVING_NOTIFICATION), 350 CMD(PSM_UAPSD_AP_MISBEHAVING_NOTIFICATION),
345 CMD(ANTENNA_COUPLING_NOTIFICATION), 351 CMD(ANTENNA_COUPLING_NOTIFICATION),
346 CMD(SCD_QUEUE_CFG), 352 CMD(SCD_QUEUE_CFG),
353 CMD(SCAN_CFG_CMD),
354 CMD(SCAN_REQ_UMAC),
355 CMD(SCAN_ABORT_UMAC),
356 CMD(SCAN_COMPLETE_UMAC),
357 CMD(TDLS_CHANNEL_SWITCH_CMD),
358 CMD(TDLS_CHANNEL_SWITCH_NOTIFICATION),
359 CMD(TDLS_CONFIG_CMD),
347}; 360};
348#undef CMD 361#undef CMD
349 362
@@ -442,6 +455,7 @@ iwl_op_mode_mvm_start(struct iwl_trans *trans, const struct iwl_cfg *cfg,
442 INIT_WORK(&mvm->sta_drained_wk, iwl_mvm_sta_drained_wk); 455 INIT_WORK(&mvm->sta_drained_wk, iwl_mvm_sta_drained_wk);
443 INIT_WORK(&mvm->d0i3_exit_work, iwl_mvm_d0i3_exit_work); 456 INIT_WORK(&mvm->d0i3_exit_work, iwl_mvm_d0i3_exit_work);
444 INIT_WORK(&mvm->fw_error_dump_wk, iwl_mvm_fw_error_dump_wk); 457 INIT_WORK(&mvm->fw_error_dump_wk, iwl_mvm_fw_error_dump_wk);
458 INIT_DELAYED_WORK(&mvm->tdls_cs.dwork, iwl_mvm_tdls_ch_switch_work);
445 459
446 spin_lock_init(&mvm->d0i3_tx_lock); 460 spin_lock_init(&mvm->d0i3_tx_lock);
447 spin_lock_init(&mvm->refs_lock); 461 spin_lock_init(&mvm->refs_lock);
@@ -482,6 +496,10 @@ iwl_op_mode_mvm_start(struct iwl_trans *trans, const struct iwl_cfg *cfg,
482 496
483 trans->rx_mpdu_cmd = REPLY_RX_MPDU_CMD; 497 trans->rx_mpdu_cmd = REPLY_RX_MPDU_CMD;
484 trans->rx_mpdu_cmd_hdr_size = sizeof(struct iwl_rx_mpdu_res_start); 498 trans->rx_mpdu_cmd_hdr_size = sizeof(struct iwl_rx_mpdu_res_start);
499 trans->dbg_dest_tlv = mvm->fw->dbg_dest_tlv;
500 trans->dbg_dest_reg_num = mvm->fw->dbg_dest_reg_num;
501 memcpy(trans->dbg_conf_tlv, mvm->fw->dbg_conf_tlv,
502 sizeof(trans->dbg_conf_tlv));
485 503
486 /* set up notification wait support */ 504 /* set up notification wait support */
487 iwl_notification_wait_init(&mvm->notif_wait); 505 iwl_notification_wait_init(&mvm->notif_wait);
@@ -525,7 +543,8 @@ iwl_op_mode_mvm_start(struct iwl_trans *trans, const struct iwl_cfg *cfg,
525 543
526 mutex_lock(&mvm->mutex); 544 mutex_lock(&mvm->mutex);
527 err = iwl_run_init_mvm_ucode(mvm, true); 545 err = iwl_run_init_mvm_ucode(mvm, true);
528 iwl_trans_stop_device(trans); 546 if (!err || !iwlmvm_mod_params.init_dbg)
547 iwl_trans_stop_device(trans);
529 mutex_unlock(&mvm->mutex); 548 mutex_unlock(&mvm->mutex);
530 /* returns 0 if successful, 1 if success but in rfkill */ 549 /* returns 0 if successful, 1 if success but in rfkill */
531 if (err < 0 && !iwlmvm_mod_params.init_dbg) { 550 if (err < 0 && !iwlmvm_mod_params.init_dbg) {
@@ -534,16 +553,7 @@ iwl_op_mode_mvm_start(struct iwl_trans *trans, const struct iwl_cfg *cfg,
534 } 553 }
535 } 554 }
536 555
537 if (mvm->fw->ucode_capa.api[0] & IWL_UCODE_TLV_API_LMAC_SCAN) 556 scan_size = iwl_mvm_scan_size(mvm);
538 scan_size = sizeof(struct iwl_scan_req_unified_lmac) +
539 sizeof(struct iwl_scan_channel_cfg_lmac) *
540 mvm->fw->ucode_capa.n_scan_channels +
541 sizeof(struct iwl_scan_probe_req);
542 else
543 scan_size = sizeof(struct iwl_scan_cmd) +
544 mvm->fw->ucode_capa.max_probe_length +
545 mvm->fw->ucode_capa.n_scan_channels *
546 sizeof(struct iwl_scan_channel);
547 557
548 mvm->scan_cmd = kmalloc(scan_size, GFP_KERNEL); 558 mvm->scan_cmd = kmalloc(scan_size, GFP_KERNEL);
549 if (!mvm->scan_cmd) 559 if (!mvm->scan_cmd)
@@ -597,8 +607,6 @@ static void iwl_op_mode_mvm_stop(struct iwl_op_mode *op_mode)
597 kfree(mvm->nd_config->match_sets); 607 kfree(mvm->nd_config->match_sets);
598 kfree(mvm->nd_config); 608 kfree(mvm->nd_config);
599 mvm->nd_config = NULL; 609 mvm->nd_config = NULL;
600 kfree(mvm->nd_ies);
601 mvm->nd_ies = NULL;
602 } 610 }
603#endif 611#endif
604 612
@@ -996,7 +1004,7 @@ static void iwl_mvm_enter_d0i3_iterator(void *_data, u8 *mac,
996} 1004}
997 1005
998static void iwl_mvm_set_wowlan_data(struct iwl_mvm *mvm, 1006static void iwl_mvm_set_wowlan_data(struct iwl_mvm *mvm,
999 struct iwl_wowlan_config_cmd_v3 *cmd, 1007 struct iwl_wowlan_config_cmd *cmd,
1000 struct iwl_d0i3_iter_data *iter_data) 1008 struct iwl_d0i3_iter_data *iter_data)
1001{ 1009{
1002 struct ieee80211_sta *ap_sta; 1010 struct ieee80211_sta *ap_sta;
@@ -1012,14 +1020,14 @@ static void iwl_mvm_set_wowlan_data(struct iwl_mvm *mvm,
1012 goto out; 1020 goto out;
1013 1021
1014 mvm_ap_sta = iwl_mvm_sta_from_mac80211(ap_sta); 1022 mvm_ap_sta = iwl_mvm_sta_from_mac80211(ap_sta);
1015 cmd->common.is_11n_connection = ap_sta->ht_cap.ht_supported; 1023 cmd->is_11n_connection = ap_sta->ht_cap.ht_supported;
1016 cmd->offloading_tid = iter_data->offloading_tid; 1024 cmd->offloading_tid = iter_data->offloading_tid;
1017 1025
1018 /* 1026 /*
1019 * The d0i3 uCode takes care of the nonqos counters, 1027 * The d0i3 uCode takes care of the nonqos counters,
1020 * so configure only the qos seq ones. 1028 * so configure only the qos seq ones.
1021 */ 1029 */
1022 iwl_mvm_set_wowlan_qos_seq(mvm_ap_sta, &cmd->common); 1030 iwl_mvm_set_wowlan_qos_seq(mvm_ap_sta, cmd);
1023out: 1031out:
1024 rcu_read_unlock(); 1032 rcu_read_unlock();
1025} 1033}
@@ -1031,14 +1039,11 @@ static int iwl_mvm_enter_d0i3(struct iwl_op_mode *op_mode)
1031 struct iwl_d0i3_iter_data d0i3_iter_data = { 1039 struct iwl_d0i3_iter_data d0i3_iter_data = {
1032 .mvm = mvm, 1040 .mvm = mvm,
1033 }; 1041 };
1034 struct iwl_wowlan_config_cmd_v3 wowlan_config_cmd = { 1042 struct iwl_wowlan_config_cmd wowlan_config_cmd = {
1035 .common = { 1043 .wakeup_filter = cpu_to_le32(IWL_WOWLAN_WAKEUP_RX_FRAME |
1036 .wakeup_filter = 1044 IWL_WOWLAN_WAKEUP_BEACON_MISS |
1037 cpu_to_le32(IWL_WOWLAN_WAKEUP_RX_FRAME | 1045 IWL_WOWLAN_WAKEUP_LINK_CHANGE |
1038 IWL_WOWLAN_WAKEUP_BEACON_MISS | 1046 IWL_WOWLAN_WAKEUP_BCN_FILTERING),
1039 IWL_WOWLAN_WAKEUP_LINK_CHANGE |
1040 IWL_WOWLAN_WAKEUP_BCN_FILTERING),
1041 },
1042 }; 1047 };
1043 struct iwl_d3_manager_config d3_cfg_cmd = { 1048 struct iwl_d3_manager_config d3_cfg_cmd = {
1044 .min_sleep_time = cpu_to_le32(1000), 1049 .min_sleep_time = cpu_to_le32(1000),
@@ -1050,6 +1055,19 @@ static int iwl_mvm_enter_d0i3(struct iwl_op_mode *op_mode)
1050 set_bit(IWL_MVM_STATUS_IN_D0I3, &mvm->status); 1055 set_bit(IWL_MVM_STATUS_IN_D0I3, &mvm->status);
1051 synchronize_net(); 1056 synchronize_net();
1052 1057
1058 /*
1059 * iwl_mvm_ref_sync takes a reference before checking the flag.
1060 * so by checking there is no held reference we prevent a state
1061 * in which iwl_mvm_ref_sync continues successfully while we
1062 * configure the firmware to enter d0i3
1063 */
1064 if (iwl_mvm_ref_taken(mvm)) {
1065 IWL_DEBUG_RPM(mvm->trans, "abort d0i3 due to taken ref\n");
1066 clear_bit(IWL_MVM_STATUS_IN_D0I3, &mvm->status);
1067 wake_up(&mvm->d0i3_exit_waitq);
1068 return 1;
1069 }
1070
1053 ieee80211_iterate_active_interfaces_atomic(mvm->hw, 1071 ieee80211_iterate_active_interfaces_atomic(mvm->hw,
1054 IEEE80211_IFACE_ITER_NORMAL, 1072 IEEE80211_IFACE_ITER_NORMAL,
1055 iwl_mvm_enter_d0i3_iterator, 1073 iwl_mvm_enter_d0i3_iterator,
diff --git a/drivers/net/wireless/iwlwifi/mvm/phy-ctxt.c b/drivers/net/wireless/iwlwifi/mvm/phy-ctxt.c
index 12283b55ee84..1c0d4a45c1a8 100644
--- a/drivers/net/wireless/iwlwifi/mvm/phy-ctxt.c
+++ b/drivers/net/wireless/iwlwifi/mvm/phy-ctxt.c
@@ -68,7 +68,7 @@
68#include "mvm.h" 68#include "mvm.h"
69 69
70/* Maps the driver specific channel width definition to the the fw values */ 70/* Maps the driver specific channel width definition to the the fw values */
71static inline u8 iwl_mvm_get_channel_width(struct cfg80211_chan_def *chandef) 71u8 iwl_mvm_get_channel_width(struct cfg80211_chan_def *chandef)
72{ 72{
73 switch (chandef->width) { 73 switch (chandef->width) {
74 case NL80211_CHAN_WIDTH_20_NOHT: 74 case NL80211_CHAN_WIDTH_20_NOHT:
@@ -90,7 +90,7 @@ static inline u8 iwl_mvm_get_channel_width(struct cfg80211_chan_def *chandef)
90 * Maps the driver specific control channel position (relative to the center 90 * Maps the driver specific control channel position (relative to the center
91 * freq) definitions to the the fw values 91 * freq) definitions to the the fw values
92 */ 92 */
93static inline u8 iwl_mvm_get_ctrl_pos(struct cfg80211_chan_def *chandef) 93u8 iwl_mvm_get_ctrl_pos(struct cfg80211_chan_def *chandef)
94{ 94{
95 switch (chandef->chan->center_freq - chandef->center_freq1) { 95 switch (chandef->chan->center_freq - chandef->center_freq1) {
96 case -70: 96 case -70:
diff --git a/drivers/net/wireless/iwlwifi/mvm/power.c b/drivers/net/wireless/iwlwifi/mvm/power.c
index 5b85b0cc7a2a..2620dd0c45f9 100644
--- a/drivers/net/wireless/iwlwifi/mvm/power.c
+++ b/drivers/net/wireless/iwlwifi/mvm/power.c
@@ -286,6 +286,27 @@ static bool iwl_mvm_power_allow_uapsd(struct iwl_mvm *mvm,
286 return true; 286 return true;
287} 287}
288 288
289static int iwl_mvm_power_get_skip_over_dtim(int dtimper, int bi)
290{
291 int numerator;
292 int dtim_interval = dtimper * bi;
293
294 if (WARN_ON(!dtim_interval))
295 return 0;
296
297 if (dtimper == 1) {
298 if (bi > 100)
299 numerator = 408;
300 else
301 numerator = 510;
302 } else if (dtimper < 10) {
303 numerator = 612;
304 } else {
305 return 0;
306 }
307 return max(1, (numerator / dtim_interval));
308}
309
289static bool iwl_mvm_power_is_radar(struct ieee80211_vif *vif) 310static bool iwl_mvm_power_is_radar(struct ieee80211_vif *vif)
290{ 311{
291 struct ieee80211_chanctx_conf *chanctx_conf; 312 struct ieee80211_chanctx_conf *chanctx_conf;
@@ -308,7 +329,7 @@ static void iwl_mvm_power_build_cmd(struct iwl_mvm *mvm,
308 struct ieee80211_vif *vif, 329 struct ieee80211_vif *vif,
309 struct iwl_mac_power_cmd *cmd) 330 struct iwl_mac_power_cmd *cmd)
310{ 331{
311 int dtimper, dtimper_msec; 332 int dtimper, bi;
312 int keep_alive; 333 int keep_alive;
313 bool radar_detect = false; 334 bool radar_detect = false;
314 struct iwl_mvm_vif *mvmvif __maybe_unused = 335 struct iwl_mvm_vif *mvmvif __maybe_unused =
@@ -317,6 +338,7 @@ static void iwl_mvm_power_build_cmd(struct iwl_mvm *mvm,
317 cmd->id_and_color = cpu_to_le32(FW_CMD_ID_AND_COLOR(mvmvif->id, 338 cmd->id_and_color = cpu_to_le32(FW_CMD_ID_AND_COLOR(mvmvif->id,
318 mvmvif->color)); 339 mvmvif->color));
319 dtimper = vif->bss_conf.dtim_period; 340 dtimper = vif->bss_conf.dtim_period;
341 bi = vif->bss_conf.beacon_int;
320 342
321 /* 343 /*
322 * Regardless of power management state the driver must set 344 * Regardless of power management state the driver must set
@@ -324,10 +346,9 @@ static void iwl_mvm_power_build_cmd(struct iwl_mvm *mvm,
324 * immediately after association. Check that keep alive period 346 * immediately after association. Check that keep alive period
325 * is at least 3 * DTIM 347 * is at least 3 * DTIM
326 */ 348 */
327 dtimper_msec = dtimper * vif->bss_conf.beacon_int; 349 keep_alive = DIV_ROUND_UP(ieee80211_tu_to_usec(3 * dtimper * bi),
328 keep_alive = max_t(int, 3 * dtimper_msec, 350 USEC_PER_SEC);
329 MSEC_PER_SEC * POWER_KEEP_ALIVE_PERIOD_SEC); 351 keep_alive = max(keep_alive, POWER_KEEP_ALIVE_PERIOD_SEC);
330 keep_alive = DIV_ROUND_UP(keep_alive, MSEC_PER_SEC);
331 cmd->keep_alive_seconds = cpu_to_le16(keep_alive); 352 cmd->keep_alive_seconds = cpu_to_le16(keep_alive);
332 353
333 if (mvm->ps_disabled) 354 if (mvm->ps_disabled)
@@ -352,11 +373,14 @@ static void iwl_mvm_power_build_cmd(struct iwl_mvm *mvm,
352 radar_detect = iwl_mvm_power_is_radar(vif); 373 radar_detect = iwl_mvm_power_is_radar(vif);
353 374
354 /* Check skip over DTIM conditions */ 375 /* Check skip over DTIM conditions */
355 if (!radar_detect && (dtimper <= 10) && 376 if (!radar_detect && (dtimper < 10) &&
356 (iwlmvm_mod_params.power_scheme == IWL_POWER_SCHEME_LP || 377 (iwlmvm_mod_params.power_scheme == IWL_POWER_SCHEME_LP ||
357 mvm->cur_ucode == IWL_UCODE_WOWLAN)) { 378 mvm->cur_ucode == IWL_UCODE_WOWLAN)) {
358 cmd->flags |= cpu_to_le16(POWER_FLAGS_SKIP_OVER_DTIM_MSK); 379 cmd->skip_dtim_periods =
359 cmd->skip_dtim_periods = 3; 380 iwl_mvm_power_get_skip_over_dtim(dtimper, bi);
381 if (cmd->skip_dtim_periods)
382 cmd->flags |=
383 cpu_to_le16(POWER_FLAGS_SKIP_OVER_DTIM_MSK);
360 } 384 }
361 385
362 if (mvm->cur_ucode != IWL_UCODE_WOWLAN) { 386 if (mvm->cur_ucode != IWL_UCODE_WOWLAN) {
diff --git a/drivers/net/wireless/iwlwifi/mvm/rs.c b/drivers/net/wireless/iwlwifi/mvm/rs.c
index ce884847cc8a..30ceb67ed7a7 100644
--- a/drivers/net/wireless/iwlwifi/mvm/rs.c
+++ b/drivers/net/wireless/iwlwifi/mvm/rs.c
@@ -158,6 +158,12 @@ struct rs_tx_column {
158 allow_column_func_t checks[MAX_COLUMN_CHECKS]; 158 allow_column_func_t checks[MAX_COLUMN_CHECKS];
159}; 159};
160 160
161static bool rs_ant_allow(struct iwl_mvm *mvm, struct ieee80211_sta *sta,
162 struct iwl_scale_tbl_info *tbl)
163{
164 return iwl_mvm_bt_coex_is_ant_avail(mvm, tbl->rate.ant);
165}
166
161static bool rs_mimo_allow(struct iwl_mvm *mvm, struct ieee80211_sta *sta, 167static bool rs_mimo_allow(struct iwl_mvm *mvm, struct ieee80211_sta *sta,
162 struct iwl_scale_tbl_info *tbl) 168 struct iwl_scale_tbl_info *tbl)
163{ 169{
@@ -218,6 +224,9 @@ static const struct rs_tx_column rs_tx_columns[] = {
218 RS_COLUMN_INVALID, 224 RS_COLUMN_INVALID,
219 RS_COLUMN_INVALID, 225 RS_COLUMN_INVALID,
220 }, 226 },
227 .checks = {
228 rs_ant_allow,
229 },
221 }, 230 },
222 [RS_COLUMN_LEGACY_ANT_B] = { 231 [RS_COLUMN_LEGACY_ANT_B] = {
223 .mode = RS_LEGACY, 232 .mode = RS_LEGACY,
@@ -231,6 +240,9 @@ static const struct rs_tx_column rs_tx_columns[] = {
231 RS_COLUMN_INVALID, 240 RS_COLUMN_INVALID,
232 RS_COLUMN_INVALID, 241 RS_COLUMN_INVALID,
233 }, 242 },
243 .checks = {
244 rs_ant_allow,
245 },
234 }, 246 },
235 [RS_COLUMN_SISO_ANT_A] = { 247 [RS_COLUMN_SISO_ANT_A] = {
236 .mode = RS_SISO, 248 .mode = RS_SISO,
@@ -246,6 +258,7 @@ static const struct rs_tx_column rs_tx_columns[] = {
246 }, 258 },
247 .checks = { 259 .checks = {
248 rs_siso_allow, 260 rs_siso_allow,
261 rs_ant_allow,
249 }, 262 },
250 }, 263 },
251 [RS_COLUMN_SISO_ANT_B] = { 264 [RS_COLUMN_SISO_ANT_B] = {
@@ -262,6 +275,7 @@ static const struct rs_tx_column rs_tx_columns[] = {
262 }, 275 },
263 .checks = { 276 .checks = {
264 rs_siso_allow, 277 rs_siso_allow,
278 rs_ant_allow,
265 }, 279 },
266 }, 280 },
267 [RS_COLUMN_SISO_ANT_A_SGI] = { 281 [RS_COLUMN_SISO_ANT_A_SGI] = {
@@ -279,6 +293,7 @@ static const struct rs_tx_column rs_tx_columns[] = {
279 }, 293 },
280 .checks = { 294 .checks = {
281 rs_siso_allow, 295 rs_siso_allow,
296 rs_ant_allow,
282 rs_sgi_allow, 297 rs_sgi_allow,
283 }, 298 },
284 }, 299 },
@@ -297,6 +312,7 @@ static const struct rs_tx_column rs_tx_columns[] = {
297 }, 312 },
298 .checks = { 313 .checks = {
299 rs_siso_allow, 314 rs_siso_allow,
315 rs_ant_allow,
300 rs_sgi_allow, 316 rs_sgi_allow,
301 }, 317 },
302 }, 318 },
@@ -506,7 +522,7 @@ static inline void rs_dump_rate(struct iwl_mvm *mvm, const struct rs_rate *rate,
506 const char *prefix) 522 const char *prefix)
507{ 523{
508 IWL_DEBUG_RATE(mvm, 524 IWL_DEBUG_RATE(mvm,
509 "%s: (%s: %d) ANT: %s BW: %d SGI: %d LDPC: %d STBC %d\n", 525 "%s: (%s: %d) ANT: %s BW: %d SGI: %d LDPC: %d STBC: %d\n",
510 prefix, rs_pretty_lq_type(rate->type), 526 prefix, rs_pretty_lq_type(rate->type),
511 rate->index, rs_pretty_ant(rate->ant), 527 rate->index, rs_pretty_ant(rate->ant),
512 rate->bw, rate->sgi, rate->ldpc, rate->stbc); 528 rate->bw, rate->sgi, rate->ldpc, rate->stbc);
@@ -816,7 +832,7 @@ static int rs_rate_from_ucode_rate(const u32 ucode_rate,
816 832
817 if (nss == 1) { 833 if (nss == 1) {
818 rate->type = LQ_VHT_SISO; 834 rate->type = LQ_VHT_SISO;
819 WARN_ON_ONCE(num_of_ant != 1); 835 WARN_ON_ONCE(!rate->stbc && num_of_ant != 1);
820 } else if (nss == 2) { 836 } else if (nss == 2) {
821 rate->type = LQ_VHT_MIMO2; 837 rate->type = LQ_VHT_MIMO2;
822 WARN_ON_ONCE(num_of_ant != 2); 838 WARN_ON_ONCE(num_of_ant != 2);
@@ -1110,10 +1126,11 @@ void iwl_mvm_rs_tx_status(struct iwl_mvm *mvm, struct ieee80211_sta *sta,
1110 1126
1111 if (time_after(jiffies, 1127 if (time_after(jiffies,
1112 (unsigned long)(lq_sta->last_tx + RS_IDLE_TIMEOUT))) { 1128 (unsigned long)(lq_sta->last_tx + RS_IDLE_TIMEOUT))) {
1113 int tid; 1129 int t;
1130
1114 IWL_DEBUG_RATE(mvm, "Tx idle for too long. reinit rs\n"); 1131 IWL_DEBUG_RATE(mvm, "Tx idle for too long. reinit rs\n");
1115 for (tid = 0; tid < IWL_MAX_TID_COUNT; tid++) 1132 for (t = 0; t < IWL_MAX_TID_COUNT; t++)
1116 ieee80211_stop_tx_ba_session(sta, tid); 1133 ieee80211_stop_tx_ba_session(sta, t);
1117 1134
1118 iwl_mvm_rs_rate_init(mvm, sta, info->band, false); 1135 iwl_mvm_rs_rate_init(mvm, sta, info->band, false);
1119 return; 1136 return;
@@ -1154,16 +1171,15 @@ void iwl_mvm_rs_tx_status(struct iwl_mvm *mvm, struct ieee80211_sta *sta,
1154 /* Rate did match, so reset the missed_rate_counter */ 1171 /* Rate did match, so reset the missed_rate_counter */
1155 lq_sta->missed_rate_counter = 0; 1172 lq_sta->missed_rate_counter = 0;
1156 1173
1157 /* Figure out if rate scale algorithm is in active or search table */ 1174 if (!lq_sta->search_better_tbl) {
1158 if (rs_rate_match(&rate,
1159 &(lq_sta->lq_info[lq_sta->active_tbl].rate))) {
1160 curr_tbl = &(lq_sta->lq_info[lq_sta->active_tbl]); 1175 curr_tbl = &(lq_sta->lq_info[lq_sta->active_tbl]);
1161 other_tbl = &(lq_sta->lq_info[1 - lq_sta->active_tbl]); 1176 other_tbl = &(lq_sta->lq_info[1 - lq_sta->active_tbl]);
1162 } else if (rs_rate_match(&rate, 1177 } else {
1163 &lq_sta->lq_info[1 - lq_sta->active_tbl].rate)) {
1164 curr_tbl = &(lq_sta->lq_info[1 - lq_sta->active_tbl]); 1178 curr_tbl = &(lq_sta->lq_info[1 - lq_sta->active_tbl]);
1165 other_tbl = &(lq_sta->lq_info[lq_sta->active_tbl]); 1179 other_tbl = &(lq_sta->lq_info[lq_sta->active_tbl]);
1166 } else { 1180 }
1181
1182 if (WARN_ON_ONCE(!rs_rate_match(&rate, &curr_tbl->rate))) {
1167 IWL_DEBUG_RATE(mvm, 1183 IWL_DEBUG_RATE(mvm,
1168 "Neither active nor search matches tx rate\n"); 1184 "Neither active nor search matches tx rate\n");
1169 tmp_tbl = &(lq_sta->lq_info[lq_sta->active_tbl]); 1185 tmp_tbl = &(lq_sta->lq_info[lq_sta->active_tbl]);
@@ -1188,6 +1204,13 @@ void iwl_mvm_rs_tx_status(struct iwl_mvm *mvm, struct ieee80211_sta *sta,
1188 * first index into rate scale table. 1204 * first index into rate scale table.
1189 */ 1205 */
1190 if (info->flags & IEEE80211_TX_STAT_AMPDU) { 1206 if (info->flags & IEEE80211_TX_STAT_AMPDU) {
1207 /* ampdu_ack_len = 0 marks no BA was received. In this case
1208 * treat it as a single frame loss as we don't want the success
1209 * ratio to dip too quickly because a BA wasn't received
1210 */
1211 if (info->status.ampdu_ack_len == 0)
1212 info->status.ampdu_len = 1;
1213
1191 ucode_rate = le32_to_cpu(table->rs_table[0]); 1214 ucode_rate = le32_to_cpu(table->rs_table[0]);
1192 rs_rate_from_ucode_rate(ucode_rate, info->band, &rate); 1215 rs_rate_from_ucode_rate(ucode_rate, info->band, &rate);
1193 rs_collect_tx_data(lq_sta, curr_tbl, rate.index, 1216 rs_collect_tx_data(lq_sta, curr_tbl, rate.index,
diff --git a/drivers/net/wireless/iwlwifi/mvm/rx.c b/drivers/net/wireless/iwlwifi/mvm/rx.c
index 3cf40f3f58ec..94b6e7297a1e 100644
--- a/drivers/net/wireless/iwlwifi/mvm/rx.c
+++ b/drivers/net/wireless/iwlwifi/mvm/rx.c
@@ -96,27 +96,27 @@ int iwl_mvm_rx_rx_phy_cmd(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb,
96 * Adds the rxb to a new skb and give it to mac80211 96 * Adds the rxb to a new skb and give it to mac80211
97 */ 97 */
98static void iwl_mvm_pass_packet_to_mac80211(struct iwl_mvm *mvm, 98static void iwl_mvm_pass_packet_to_mac80211(struct iwl_mvm *mvm,
99 struct sk_buff *skb,
99 struct ieee80211_hdr *hdr, u16 len, 100 struct ieee80211_hdr *hdr, u16 len,
100 u32 ampdu_status, 101 u32 ampdu_status, u8 crypt_len,
101 struct iwl_rx_cmd_buffer *rxb, 102 struct iwl_rx_cmd_buffer *rxb)
102 struct ieee80211_rx_status *stats)
103{ 103{
104 struct sk_buff *skb;
105 unsigned int hdrlen, fraglen; 104 unsigned int hdrlen, fraglen;
106 105
107 /* Dont use dev_alloc_skb(), we'll have enough headroom once
108 * ieee80211_hdr pulled.
109 */
110 skb = alloc_skb(128, GFP_ATOMIC);
111 if (!skb) {
112 IWL_ERR(mvm, "alloc_skb failed\n");
113 return;
114 }
115 /* If frame is small enough to fit in skb->head, pull it completely. 106 /* If frame is small enough to fit in skb->head, pull it completely.
116 * If not, only pull ieee80211_hdr so that splice() or TCP coalesce 107 * If not, only pull ieee80211_hdr (including crypto if present, and
117 * are more efficient. 108 * an additional 8 bytes for SNAP/ethertype, see below) so that
109 * splice() or TCP coalesce are more efficient.
110 *
111 * Since, in addition, ieee80211_data_to_8023() always pull in at
112 * least 8 bytes (possibly more for mesh) we can do the same here
113 * to save the cost of doing it later. That still doesn't pull in
114 * the actual IP header since the typical case has a SNAP header.
115 * If the latter changes (there are efforts in the standards group
116 * to do so) we should revisit this and ieee80211_data_to_8023().
118 */ 117 */
119 hdrlen = (len <= skb_tailroom(skb)) ? len : sizeof(*hdr); 118 hdrlen = (len <= skb_tailroom(skb)) ? len :
119 sizeof(*hdr) + crypt_len + 8;
120 120
121 memcpy(skb_put(skb, hdrlen), hdr, hdrlen); 121 memcpy(skb_put(skb, hdrlen), hdr, hdrlen);
122 fraglen = len - hdrlen; 122 fraglen = len - hdrlen;
@@ -129,8 +129,6 @@ static void iwl_mvm_pass_packet_to_mac80211(struct iwl_mvm *mvm,
129 fraglen, rxb->truesize); 129 fraglen, rxb->truesize);
130 } 130 }
131 131
132 memcpy(IEEE80211_SKB_RXCB(skb), stats, sizeof(*stats));
133
134 ieee80211_rx(mvm->hw, skb); 132 ieee80211_rx(mvm->hw, skb);
135} 133}
136 134
@@ -185,7 +183,8 @@ static void iwl_mvm_get_signal_strength(struct iwl_mvm *mvm,
185static u32 iwl_mvm_set_mac80211_rx_flag(struct iwl_mvm *mvm, 183static u32 iwl_mvm_set_mac80211_rx_flag(struct iwl_mvm *mvm,
186 struct ieee80211_hdr *hdr, 184 struct ieee80211_hdr *hdr,
187 struct ieee80211_rx_status *stats, 185 struct ieee80211_rx_status *stats,
188 u32 rx_pkt_status) 186 u32 rx_pkt_status,
187 u8 *crypt_len)
189{ 188{
190 if (!ieee80211_has_protected(hdr->frame_control) || 189 if (!ieee80211_has_protected(hdr->frame_control) ||
191 (rx_pkt_status & RX_MPDU_RES_STATUS_SEC_ENC_MSK) == 190 (rx_pkt_status & RX_MPDU_RES_STATUS_SEC_ENC_MSK) ==
@@ -205,12 +204,14 @@ static u32 iwl_mvm_set_mac80211_rx_flag(struct iwl_mvm *mvm,
205 204
206 stats->flag |= RX_FLAG_DECRYPTED; 205 stats->flag |= RX_FLAG_DECRYPTED;
207 IWL_DEBUG_WEP(mvm, "hw decrypted CCMP successfully\n"); 206 IWL_DEBUG_WEP(mvm, "hw decrypted CCMP successfully\n");
207 *crypt_len = IEEE80211_CCMP_HDR_LEN;
208 return 0; 208 return 0;
209 209
210 case RX_MPDU_RES_STATUS_SEC_TKIP_ENC: 210 case RX_MPDU_RES_STATUS_SEC_TKIP_ENC:
211 /* Don't drop the frame and decrypt it in SW */ 211 /* Don't drop the frame and decrypt it in SW */
212 if (!(rx_pkt_status & RX_MPDU_RES_STATUS_TTAK_OK)) 212 if (!(rx_pkt_status & RX_MPDU_RES_STATUS_TTAK_OK))
213 return 0; 213 return 0;
214 *crypt_len = IEEE80211_TKIP_IV_LEN;
214 /* fall through if TTAK OK */ 215 /* fall through if TTAK OK */
215 216
216 case RX_MPDU_RES_STATUS_SEC_WEP_ENC: 217 case RX_MPDU_RES_STATUS_SEC_WEP_ENC:
@@ -218,6 +219,9 @@ static u32 iwl_mvm_set_mac80211_rx_flag(struct iwl_mvm *mvm,
218 return -1; 219 return -1;
219 220
220 stats->flag |= RX_FLAG_DECRYPTED; 221 stats->flag |= RX_FLAG_DECRYPTED;
222 if ((rx_pkt_status & RX_MPDU_RES_STATUS_SEC_ENC_MSK) ==
223 RX_MPDU_RES_STATUS_SEC_WEP_ENC)
224 *crypt_len = IEEE80211_WEP_IV_LEN;
221 return 0; 225 return 0;
222 226
223 case RX_MPDU_RES_STATUS_SEC_EXT_ENC: 227 case RX_MPDU_RES_STATUS_SEC_EXT_ENC:
@@ -242,15 +246,17 @@ int iwl_mvm_rx_rx_mpdu(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb,
242 struct iwl_device_cmd *cmd) 246 struct iwl_device_cmd *cmd)
243{ 247{
244 struct ieee80211_hdr *hdr; 248 struct ieee80211_hdr *hdr;
245 struct ieee80211_rx_status rx_status = {}; 249 struct ieee80211_rx_status *rx_status;
246 struct iwl_rx_packet *pkt = rxb_addr(rxb); 250 struct iwl_rx_packet *pkt = rxb_addr(rxb);
247 struct iwl_rx_phy_info *phy_info; 251 struct iwl_rx_phy_info *phy_info;
248 struct iwl_rx_mpdu_res_start *rx_res; 252 struct iwl_rx_mpdu_res_start *rx_res;
249 struct ieee80211_sta *sta; 253 struct ieee80211_sta *sta;
254 struct sk_buff *skb;
250 u32 len; 255 u32 len;
251 u32 ampdu_status; 256 u32 ampdu_status;
252 u32 rate_n_flags; 257 u32 rate_n_flags;
253 u32 rx_pkt_status; 258 u32 rx_pkt_status;
259 u8 crypt_len = 0;
254 260
255 phy_info = &mvm->last_phy_info; 261 phy_info = &mvm->last_phy_info;
256 rx_res = (struct iwl_rx_mpdu_res_start *)pkt->data; 262 rx_res = (struct iwl_rx_mpdu_res_start *)pkt->data;
@@ -259,20 +265,32 @@ int iwl_mvm_rx_rx_mpdu(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb,
259 rx_pkt_status = le32_to_cpup((__le32 *) 265 rx_pkt_status = le32_to_cpup((__le32 *)
260 (pkt->data + sizeof(*rx_res) + len)); 266 (pkt->data + sizeof(*rx_res) + len));
261 267
262 memset(&rx_status, 0, sizeof(rx_status)); 268 /* Dont use dev_alloc_skb(), we'll have enough headroom once
269 * ieee80211_hdr pulled.
270 */
271 skb = alloc_skb(128, GFP_ATOMIC);
272 if (!skb) {
273 IWL_ERR(mvm, "alloc_skb failed\n");
274 return 0;
275 }
276
277 rx_status = IEEE80211_SKB_RXCB(skb);
263 278
264 /* 279 /*
265 * drop the packet if it has failed being decrypted by HW 280 * drop the packet if it has failed being decrypted by HW
266 */ 281 */
267 if (iwl_mvm_set_mac80211_rx_flag(mvm, hdr, &rx_status, rx_pkt_status)) { 282 if (iwl_mvm_set_mac80211_rx_flag(mvm, hdr, rx_status, rx_pkt_status,
283 &crypt_len)) {
268 IWL_DEBUG_DROP(mvm, "Bad decryption results 0x%08x\n", 284 IWL_DEBUG_DROP(mvm, "Bad decryption results 0x%08x\n",
269 rx_pkt_status); 285 rx_pkt_status);
286 kfree_skb(skb);
270 return 0; 287 return 0;
271 } 288 }
272 289
273 if ((unlikely(phy_info->cfg_phy_cnt > 20))) { 290 if ((unlikely(phy_info->cfg_phy_cnt > 20))) {
274 IWL_DEBUG_DROP(mvm, "dsp size out of range [0,20]: %d\n", 291 IWL_DEBUG_DROP(mvm, "dsp size out of range [0,20]: %d\n",
275 phy_info->cfg_phy_cnt); 292 phy_info->cfg_phy_cnt);
293 kfree_skb(skb);
276 return 0; 294 return 0;
277 } 295 }
278 296
@@ -283,31 +301,31 @@ int iwl_mvm_rx_rx_mpdu(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb,
283 if (!(rx_pkt_status & RX_MPDU_RES_STATUS_CRC_OK) || 301 if (!(rx_pkt_status & RX_MPDU_RES_STATUS_CRC_OK) ||
284 !(rx_pkt_status & RX_MPDU_RES_STATUS_OVERRUN_OK)) { 302 !(rx_pkt_status & RX_MPDU_RES_STATUS_OVERRUN_OK)) {
285 IWL_DEBUG_RX(mvm, "Bad CRC or FIFO: 0x%08X.\n", rx_pkt_status); 303 IWL_DEBUG_RX(mvm, "Bad CRC or FIFO: 0x%08X.\n", rx_pkt_status);
286 rx_status.flag |= RX_FLAG_FAILED_FCS_CRC; 304 rx_status->flag |= RX_FLAG_FAILED_FCS_CRC;
287 } 305 }
288 306
289 /* This will be used in several places later */ 307 /* This will be used in several places later */
290 rate_n_flags = le32_to_cpu(phy_info->rate_n_flags); 308 rate_n_flags = le32_to_cpu(phy_info->rate_n_flags);
291 309
292 /* rx_status carries information about the packet to mac80211 */ 310 /* rx_status carries information about the packet to mac80211 */
293 rx_status.mactime = le64_to_cpu(phy_info->timestamp); 311 rx_status->mactime = le64_to_cpu(phy_info->timestamp);
294 rx_status.device_timestamp = le32_to_cpu(phy_info->system_timestamp); 312 rx_status->device_timestamp = le32_to_cpu(phy_info->system_timestamp);
295 rx_status.band = 313 rx_status->band =
296 (phy_info->phy_flags & cpu_to_le16(RX_RES_PHY_FLAGS_BAND_24)) ? 314 (phy_info->phy_flags & cpu_to_le16(RX_RES_PHY_FLAGS_BAND_24)) ?
297 IEEE80211_BAND_2GHZ : IEEE80211_BAND_5GHZ; 315 IEEE80211_BAND_2GHZ : IEEE80211_BAND_5GHZ;
298 rx_status.freq = 316 rx_status->freq =
299 ieee80211_channel_to_frequency(le16_to_cpu(phy_info->channel), 317 ieee80211_channel_to_frequency(le16_to_cpu(phy_info->channel),
300 rx_status.band); 318 rx_status->band);
301 /* 319 /*
302 * TSF as indicated by the fw is at INA time, but mac80211 expects the 320 * TSF as indicated by the fw is at INA time, but mac80211 expects the
303 * TSF at the beginning of the MPDU. 321 * TSF at the beginning of the MPDU.
304 */ 322 */
305 /*rx_status.flag |= RX_FLAG_MACTIME_MPDU;*/ 323 /*rx_status->flag |= RX_FLAG_MACTIME_MPDU;*/
306 324
307 iwl_mvm_get_signal_strength(mvm, phy_info, &rx_status); 325 iwl_mvm_get_signal_strength(mvm, phy_info, rx_status);
308 326
309 IWL_DEBUG_STATS_LIMIT(mvm, "Rssi %d, TSF %llu\n", rx_status.signal, 327 IWL_DEBUG_STATS_LIMIT(mvm, "Rssi %d, TSF %llu\n", rx_status->signal,
310 (unsigned long long)rx_status.mactime); 328 (unsigned long long)rx_status->mactime);
311 329
312 rcu_read_lock(); 330 rcu_read_lock();
313 /* 331 /*
@@ -326,15 +344,14 @@ int iwl_mvm_rx_rx_mpdu(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb,
326 if (sta) { 344 if (sta) {
327 struct iwl_mvm_sta *mvmsta; 345 struct iwl_mvm_sta *mvmsta;
328 mvmsta = iwl_mvm_sta_from_mac80211(sta); 346 mvmsta = iwl_mvm_sta_from_mac80211(sta);
329 rs_update_last_rssi(mvm, &mvmsta->lq_sta, 347 rs_update_last_rssi(mvm, &mvmsta->lq_sta, rx_status);
330 &rx_status);
331 } 348 }
332 349
333 rcu_read_unlock(); 350 rcu_read_unlock();
334 351
335 /* set the preamble flag if appropriate */ 352 /* set the preamble flag if appropriate */
336 if (phy_info->phy_flags & cpu_to_le16(RX_RES_PHY_FLAGS_SHORT_PREAMBLE)) 353 if (phy_info->phy_flags & cpu_to_le16(RX_RES_PHY_FLAGS_SHORT_PREAMBLE))
337 rx_status.flag |= RX_FLAG_SHORTPRE; 354 rx_status->flag |= RX_FLAG_SHORTPRE;
338 355
339 if (phy_info->phy_flags & cpu_to_le16(RX_RES_PHY_FLAGS_AGG)) { 356 if (phy_info->phy_flags & cpu_to_le16(RX_RES_PHY_FLAGS_AGG)) {
340 /* 357 /*
@@ -342,8 +359,8 @@ int iwl_mvm_rx_rx_mpdu(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb,
342 * together since we get a single PHY response 359 * together since we get a single PHY response
343 * from the firmware for all of them 360 * from the firmware for all of them
344 */ 361 */
345 rx_status.flag |= RX_FLAG_AMPDU_DETAILS; 362 rx_status->flag |= RX_FLAG_AMPDU_DETAILS;
346 rx_status.ampdu_reference = mvm->ampdu_ref; 363 rx_status->ampdu_reference = mvm->ampdu_ref;
347 } 364 }
348 365
349 /* Set up the HT phy flags */ 366 /* Set up the HT phy flags */
@@ -351,50 +368,50 @@ int iwl_mvm_rx_rx_mpdu(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb,
351 case RATE_MCS_CHAN_WIDTH_20: 368 case RATE_MCS_CHAN_WIDTH_20:
352 break; 369 break;
353 case RATE_MCS_CHAN_WIDTH_40: 370 case RATE_MCS_CHAN_WIDTH_40:
354 rx_status.flag |= RX_FLAG_40MHZ; 371 rx_status->flag |= RX_FLAG_40MHZ;
355 break; 372 break;
356 case RATE_MCS_CHAN_WIDTH_80: 373 case RATE_MCS_CHAN_WIDTH_80:
357 rx_status.vht_flag |= RX_VHT_FLAG_80MHZ; 374 rx_status->vht_flag |= RX_VHT_FLAG_80MHZ;
358 break; 375 break;
359 case RATE_MCS_CHAN_WIDTH_160: 376 case RATE_MCS_CHAN_WIDTH_160:
360 rx_status.vht_flag |= RX_VHT_FLAG_160MHZ; 377 rx_status->vht_flag |= RX_VHT_FLAG_160MHZ;
361 break; 378 break;
362 } 379 }
363 if (rate_n_flags & RATE_MCS_SGI_MSK) 380 if (rate_n_flags & RATE_MCS_SGI_MSK)
364 rx_status.flag |= RX_FLAG_SHORT_GI; 381 rx_status->flag |= RX_FLAG_SHORT_GI;
365 if (rate_n_flags & RATE_HT_MCS_GF_MSK) 382 if (rate_n_flags & RATE_HT_MCS_GF_MSK)
366 rx_status.flag |= RX_FLAG_HT_GF; 383 rx_status->flag |= RX_FLAG_HT_GF;
367 if (rate_n_flags & RATE_MCS_LDPC_MSK) 384 if (rate_n_flags & RATE_MCS_LDPC_MSK)
368 rx_status.flag |= RX_FLAG_LDPC; 385 rx_status->flag |= RX_FLAG_LDPC;
369 if (rate_n_flags & RATE_MCS_HT_MSK) { 386 if (rate_n_flags & RATE_MCS_HT_MSK) {
370 u8 stbc = (rate_n_flags & RATE_MCS_HT_STBC_MSK) >> 387 u8 stbc = (rate_n_flags & RATE_MCS_HT_STBC_MSK) >>
371 RATE_MCS_STBC_POS; 388 RATE_MCS_STBC_POS;
372 rx_status.flag |= RX_FLAG_HT; 389 rx_status->flag |= RX_FLAG_HT;
373 rx_status.rate_idx = rate_n_flags & RATE_HT_MCS_INDEX_MSK; 390 rx_status->rate_idx = rate_n_flags & RATE_HT_MCS_INDEX_MSK;
374 rx_status.flag |= stbc << RX_FLAG_STBC_SHIFT; 391 rx_status->flag |= stbc << RX_FLAG_STBC_SHIFT;
375 } else if (rate_n_flags & RATE_MCS_VHT_MSK) { 392 } else if (rate_n_flags & RATE_MCS_VHT_MSK) {
376 u8 stbc = (rate_n_flags & RATE_MCS_VHT_STBC_MSK) >> 393 u8 stbc = (rate_n_flags & RATE_MCS_VHT_STBC_MSK) >>
377 RATE_MCS_STBC_POS; 394 RATE_MCS_STBC_POS;
378 rx_status.vht_nss = 395 rx_status->vht_nss =
379 ((rate_n_flags & RATE_VHT_MCS_NSS_MSK) >> 396 ((rate_n_flags & RATE_VHT_MCS_NSS_MSK) >>
380 RATE_VHT_MCS_NSS_POS) + 1; 397 RATE_VHT_MCS_NSS_POS) + 1;
381 rx_status.rate_idx = rate_n_flags & RATE_VHT_MCS_RATE_CODE_MSK; 398 rx_status->rate_idx = rate_n_flags & RATE_VHT_MCS_RATE_CODE_MSK;
382 rx_status.flag |= RX_FLAG_VHT; 399 rx_status->flag |= RX_FLAG_VHT;
383 rx_status.flag |= stbc << RX_FLAG_STBC_SHIFT; 400 rx_status->flag |= stbc << RX_FLAG_STBC_SHIFT;
384 if (rate_n_flags & RATE_MCS_BF_MSK) 401 if (rate_n_flags & RATE_MCS_BF_MSK)
385 rx_status.vht_flag |= RX_VHT_FLAG_BF; 402 rx_status->vht_flag |= RX_VHT_FLAG_BF;
386 } else { 403 } else {
387 rx_status.rate_idx = 404 rx_status->rate_idx =
388 iwl_mvm_legacy_rate_to_mac80211_idx(rate_n_flags, 405 iwl_mvm_legacy_rate_to_mac80211_idx(rate_n_flags,
389 rx_status.band); 406 rx_status->band);
390 } 407 }
391 408
392#ifdef CONFIG_IWLWIFI_DEBUGFS 409#ifdef CONFIG_IWLWIFI_DEBUGFS
393 iwl_mvm_update_frame_stats(mvm, &mvm->drv_rx_stats, rate_n_flags, 410 iwl_mvm_update_frame_stats(mvm, &mvm->drv_rx_stats, rate_n_flags,
394 rx_status.flag & RX_FLAG_AMPDU_DETAILS); 411 rx_status->flag & RX_FLAG_AMPDU_DETAILS);
395#endif 412#endif
396 iwl_mvm_pass_packet_to_mac80211(mvm, hdr, len, ampdu_status, 413 iwl_mvm_pass_packet_to_mac80211(mvm, skb, hdr, len, ampdu_status,
397 rxb, &rx_status); 414 crypt_len, rxb);
398 return 0; 415 return 0;
399} 416}
400 417
@@ -500,29 +517,8 @@ int iwl_mvm_rx_statistics(struct iwl_mvm *mvm,
500 .mvm = mvm, 517 .mvm = mvm,
501 }; 518 };
502 519
503 /* 520 iwl_mvm_tt_temp_changed(mvm, le32_to_cpu(common->temperature));
504 * set temperature debug enabled - ignore FW temperature updates
505 * and use the user set temperature.
506 */
507 if (mvm->temperature_test) {
508 if (mvm->temperature < le32_to_cpu(common->temperature))
509 IWL_DEBUG_TEMP(mvm,
510 "Ignoring FW temperature update that is greater than the debug set temperature (debug temp = %d, fw temp = %d)\n",
511 mvm->temperature,
512 le32_to_cpu(common->temperature));
513 /*
514 * skip iwl_mvm_tt_handler since we are in
515 * temperature debug mode and we are ignoring
516 * the new temperature value
517 */
518 goto update;
519 }
520 521
521 if (mvm->temperature != le32_to_cpu(common->temperature)) {
522 mvm->temperature = le32_to_cpu(common->temperature);
523 iwl_mvm_tt_handler(mvm);
524 }
525update:
526 iwl_mvm_update_rx_statistics(mvm, stats); 522 iwl_mvm_update_rx_statistics(mvm, stats);
527 523
528 ieee80211_iterate_active_interfaces(mvm->hw, 524 ieee80211_iterate_active_interfaces(mvm->hw,
diff --git a/drivers/net/wireless/iwlwifi/mvm/scan.c b/drivers/net/wireless/iwlwifi/mvm/scan.c
index fb2a8628b8fc..e5294d01181e 100644
--- a/drivers/net/wireless/iwlwifi/mvm/scan.c
+++ b/drivers/net/wireless/iwlwifi/mvm/scan.c
@@ -83,15 +83,29 @@ struct iwl_mvm_scan_params {
83 } dwell[IEEE80211_NUM_BANDS]; 83 } dwell[IEEE80211_NUM_BANDS];
84}; 84};
85 85
86enum iwl_umac_scan_uid_type {
87 IWL_UMAC_SCAN_UID_REG_SCAN = BIT(0),
88 IWL_UMAC_SCAN_UID_SCHED_SCAN = BIT(1),
89 IWL_UMAC_SCAN_UID_ALL = IWL_UMAC_SCAN_UID_REG_SCAN |
90 IWL_UMAC_SCAN_UID_SCHED_SCAN,
91};
92
93static int iwl_umac_scan_stop(struct iwl_mvm *mvm,
94 enum iwl_umac_scan_uid_type type, bool notify);
95
96static u8 iwl_mvm_scan_rx_ant(struct iwl_mvm *mvm)
97{
98 if (mvm->scan_rx_ant != ANT_NONE)
99 return mvm->scan_rx_ant;
100 return mvm->fw->valid_rx_ant;
101}
102
86static inline __le16 iwl_mvm_scan_rx_chain(struct iwl_mvm *mvm) 103static inline __le16 iwl_mvm_scan_rx_chain(struct iwl_mvm *mvm)
87{ 104{
88 u16 rx_chain; 105 u16 rx_chain;
89 u8 rx_ant; 106 u8 rx_ant;
90 107
91 if (mvm->scan_rx_ant != ANT_NONE) 108 rx_ant = iwl_mvm_scan_rx_ant(mvm);
92 rx_ant = mvm->scan_rx_ant;
93 else
94 rx_ant = mvm->fw->valid_rx_ant;
95 rx_chain = rx_ant << PHY_RX_CHAIN_VALID_POS; 109 rx_chain = rx_ant << PHY_RX_CHAIN_VALID_POS;
96 rx_chain |= rx_ant << PHY_RX_CHAIN_FORCE_MIMO_SEL_POS; 110 rx_chain |= rx_ant << PHY_RX_CHAIN_FORCE_MIMO_SEL_POS;
97 rx_chain |= rx_ant << PHY_RX_CHAIN_FORCE_SEL_POS; 111 rx_chain |= rx_ant << PHY_RX_CHAIN_FORCE_SEL_POS;
@@ -366,6 +380,10 @@ static int iwl_mvm_max_scan_ie_fw_cmd_room(struct iwl_mvm *mvm,
366 !is_sched_scan) 380 !is_sched_scan)
367 max_probe_len -= 32; 381 max_probe_len -= 32;
368 382
383 /* DS parameter set element is added on 2.4GHZ band if required */
384 if (iwl_mvm_rrm_scan_needed(mvm))
385 max_probe_len -= 3;
386
369 return max_probe_len; 387 return max_probe_len;
370} 388}
371 389
@@ -537,23 +555,17 @@ int iwl_mvm_rx_scan_offload_results(struct iwl_mvm *mvm,
537 struct iwl_device_cmd *cmd) 555 struct iwl_device_cmd *cmd)
538{ 556{
539 struct iwl_rx_packet *pkt = rxb_addr(rxb); 557 struct iwl_rx_packet *pkt = rxb_addr(rxb);
540 u8 client_bitmap = 0;
541 558
542 if (!(mvm->fw->ucode_capa.api[0] & IWL_UCODE_TLV_API_LMAC_SCAN)) { 559 if (!(mvm->fw->ucode_capa.capa[0] & IWL_UCODE_TLV_CAPA_UMAC_SCAN) &&
560 !(mvm->fw->ucode_capa.api[0] & IWL_UCODE_TLV_API_LMAC_SCAN)) {
543 struct iwl_sched_scan_results *notif = (void *)pkt->data; 561 struct iwl_sched_scan_results *notif = (void *)pkt->data;
544 562
545 client_bitmap = notif->client_bitmap; 563 if (!(notif->client_bitmap & SCAN_CLIENT_SCHED_SCAN))
564 return 0;
546 } 565 }
547 566
548 if (mvm->fw->ucode_capa.api[0] & IWL_UCODE_TLV_API_LMAC_SCAN || 567 IWL_DEBUG_SCAN(mvm, "Scheduled scan results\n");
549 client_bitmap & SCAN_CLIENT_SCHED_SCAN) { 568 ieee80211_sched_scan_results(mvm->hw);
550 if (mvm->scan_status == IWL_MVM_SCAN_SCHED) {
551 IWL_DEBUG_SCAN(mvm, "Scheduled scan results\n");
552 ieee80211_sched_scan_results(mvm->hw);
553 } else {
554 IWL_DEBUG_SCAN(mvm, "Scan results\n");
555 }
556 }
557 569
558 return 0; 570 return 0;
559} 571}
@@ -965,6 +977,20 @@ free_blacklist:
965 return ret; 977 return ret;
966} 978}
967 979
980static bool iwl_mvm_scan_pass_all(struct iwl_mvm *mvm,
981 struct cfg80211_sched_scan_request *req)
982{
983 if (req->n_match_sets && req->match_sets[0].ssid.ssid_len) {
984 IWL_DEBUG_SCAN(mvm,
985 "Sending scheduled scan with filtering, n_match_sets %d\n",
986 req->n_match_sets);
987 return false;
988 }
989
990 IWL_DEBUG_SCAN(mvm, "Sending Scheduled scan without filtering\n");
991 return true;
992}
993
968int iwl_mvm_sched_scan_start(struct iwl_mvm *mvm, 994int iwl_mvm_sched_scan_start(struct iwl_mvm *mvm,
969 struct cfg80211_sched_scan_request *req) 995 struct cfg80211_sched_scan_request *req)
970{ 996{
@@ -980,15 +1006,8 @@ int iwl_mvm_sched_scan_start(struct iwl_mvm *mvm,
980 .schedule_line[1].full_scan_mul = IWL_FULL_SCAN_MULTIPLIER, 1006 .schedule_line[1].full_scan_mul = IWL_FULL_SCAN_MULTIPLIER,
981 }; 1007 };
982 1008
983 if (req->n_match_sets && req->match_sets[0].ssid.ssid_len) { 1009 if (iwl_mvm_scan_pass_all(mvm, req))
984 IWL_DEBUG_SCAN(mvm,
985 "Sending scheduled scan with filtering, filter len %d\n",
986 req->n_match_sets);
987 } else {
988 IWL_DEBUG_SCAN(mvm,
989 "Sending Scheduled scan without filtering\n");
990 scan_req.flags |= cpu_to_le16(IWL_SCAN_OFFLOAD_FLAG_PASS_ALL); 1010 scan_req.flags |= cpu_to_le16(IWL_SCAN_OFFLOAD_FLAG_PASS_ALL);
991 }
992 1011
993 if (mvm->last_ebs_successful && 1012 if (mvm->last_ebs_successful &&
994 mvm->fw->ucode_capa.flags & IWL_UCODE_TLV_FLAGS_EBS_SUPPORT) 1013 mvm->fw->ucode_capa.flags & IWL_UCODE_TLV_FLAGS_EBS_SUPPORT)
@@ -1006,12 +1025,19 @@ int iwl_mvm_scan_offload_start(struct iwl_mvm *mvm,
1006{ 1025{
1007 int ret; 1026 int ret;
1008 1027
1009 if ((mvm->fw->ucode_capa.api[0] & IWL_UCODE_TLV_API_LMAC_SCAN)) { 1028 if (mvm->fw->ucode_capa.capa[0] & IWL_UCODE_TLV_CAPA_UMAC_SCAN) {
1029 ret = iwl_mvm_config_sched_scan_profiles(mvm, req);
1030 if (ret)
1031 return ret;
1032 ret = iwl_mvm_sched_scan_umac(mvm, vif, req, ies);
1033 } else if ((mvm->fw->ucode_capa.api[0] & IWL_UCODE_TLV_API_LMAC_SCAN)) {
1034 mvm->scan_status = IWL_MVM_SCAN_SCHED;
1010 ret = iwl_mvm_config_sched_scan_profiles(mvm, req); 1035 ret = iwl_mvm_config_sched_scan_profiles(mvm, req);
1011 if (ret) 1036 if (ret)
1012 return ret; 1037 return ret;
1013 ret = iwl_mvm_unified_sched_scan_lmac(mvm, vif, req, ies); 1038 ret = iwl_mvm_unified_sched_scan_lmac(mvm, vif, req, ies);
1014 } else { 1039 } else {
1040 mvm->scan_status = IWL_MVM_SCAN_SCHED;
1015 ret = iwl_mvm_config_sched_scan(mvm, vif, req, ies); 1041 ret = iwl_mvm_config_sched_scan(mvm, vif, req, ies);
1016 if (ret) 1042 if (ret)
1017 return ret; 1043 return ret;
@@ -1068,6 +1094,10 @@ int iwl_mvm_scan_offload_stop(struct iwl_mvm *mvm, bool notify)
1068 1094
1069 lockdep_assert_held(&mvm->mutex); 1095 lockdep_assert_held(&mvm->mutex);
1070 1096
1097 if (mvm->fw->ucode_capa.capa[0] & IWL_UCODE_TLV_CAPA_UMAC_SCAN)
1098 return iwl_umac_scan_stop(mvm, IWL_UMAC_SCAN_UID_SCHED_SCAN,
1099 notify);
1100
1071 if (mvm->scan_status != IWL_MVM_SCAN_SCHED && 1101 if (mvm->scan_status != IWL_MVM_SCAN_SCHED &&
1072 (!(mvm->fw->ucode_capa.api[0] & IWL_UCODE_TLV_API_LMAC_SCAN) || 1102 (!(mvm->fw->ucode_capa.api[0] & IWL_UCODE_TLV_API_LMAC_SCAN) ||
1073 mvm->scan_status != IWL_MVM_SCAN_OS)) { 1103 mvm->scan_status != IWL_MVM_SCAN_OS)) {
@@ -1155,20 +1185,64 @@ iwl_mvm_lmac_scan_cfg_channels(struct iwl_mvm *mvm,
1155 } 1185 }
1156} 1186}
1157 1187
1188static u8 *iwl_mvm_copy_and_insert_ds_elem(struct iwl_mvm *mvm, const u8 *ies,
1189 size_t len, u8 *const pos)
1190{
1191 static const u8 before_ds_params[] = {
1192 WLAN_EID_SSID,
1193 WLAN_EID_SUPP_RATES,
1194 WLAN_EID_REQUEST,
1195 WLAN_EID_EXT_SUPP_RATES,
1196 };
1197 size_t offs;
1198 u8 *newpos = pos;
1199
1200 if (!iwl_mvm_rrm_scan_needed(mvm)) {
1201 memcpy(newpos, ies, len);
1202 return newpos + len;
1203 }
1204
1205 offs = ieee80211_ie_split(ies, len,
1206 before_ds_params,
1207 ARRAY_SIZE(before_ds_params),
1208 0);
1209
1210 memcpy(newpos, ies, offs);
1211 newpos += offs;
1212
1213 /* Add a placeholder for DS Parameter Set element */
1214 *newpos++ = WLAN_EID_DS_PARAMS;
1215 *newpos++ = 1;
1216 *newpos++ = 0;
1217
1218 memcpy(newpos, ies + offs, len - offs);
1219 newpos += len - offs;
1220
1221 return newpos;
1222}
1223
1158static void 1224static void
1159iwl_mvm_build_unified_scan_probe(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 1225iwl_mvm_build_unified_scan_probe(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
1160 struct ieee80211_scan_ies *ies, 1226 struct ieee80211_scan_ies *ies,
1161 struct iwl_scan_req_unified_lmac *cmd) 1227 struct iwl_scan_probe_req *preq,
1228 const u8 *mac_addr, const u8 *mac_addr_mask)
1162{ 1229{
1163 struct iwl_scan_probe_req *preq = (void *)(cmd->data +
1164 sizeof(struct iwl_scan_channel_cfg_lmac) *
1165 mvm->fw->ucode_capa.n_scan_channels);
1166 struct ieee80211_mgmt *frame = (struct ieee80211_mgmt *)preq->buf; 1230 struct ieee80211_mgmt *frame = (struct ieee80211_mgmt *)preq->buf;
1167 u8 *pos; 1231 u8 *pos, *newpos;
1232
1233 /*
1234 * Unfortunately, right now the offload scan doesn't support randomising
1235 * within the firmware, so until the firmware API is ready we implement
1236 * it in the driver. This means that the scan iterations won't really be
1237 * random, only when it's restarted, but at least that helps a bit.
1238 */
1239 if (mac_addr)
1240 get_random_mask_addr(frame->sa, mac_addr, mac_addr_mask);
1241 else
1242 memcpy(frame->sa, vif->addr, ETH_ALEN);
1168 1243
1169 frame->frame_control = cpu_to_le16(IEEE80211_STYPE_PROBE_REQ); 1244 frame->frame_control = cpu_to_le16(IEEE80211_STYPE_PROBE_REQ);
1170 eth_broadcast_addr(frame->da); 1245 eth_broadcast_addr(frame->da);
1171 memcpy(frame->sa, vif->addr, ETH_ALEN);
1172 eth_broadcast_addr(frame->bssid); 1246 eth_broadcast_addr(frame->bssid);
1173 frame->seq_ctrl = 0; 1247 frame->seq_ctrl = 0;
1174 1248
@@ -1179,11 +1253,14 @@ iwl_mvm_build_unified_scan_probe(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
1179 preq->mac_header.offset = 0; 1253 preq->mac_header.offset = 0;
1180 preq->mac_header.len = cpu_to_le16(24 + 2); 1254 preq->mac_header.len = cpu_to_le16(24 + 2);
1181 1255
1182 memcpy(pos, ies->ies[IEEE80211_BAND_2GHZ], 1256 /* Insert ds parameter set element on 2.4 GHz band */
1183 ies->len[IEEE80211_BAND_2GHZ]); 1257 newpos = iwl_mvm_copy_and_insert_ds_elem(mvm,
1258 ies->ies[IEEE80211_BAND_2GHZ],
1259 ies->len[IEEE80211_BAND_2GHZ],
1260 pos);
1184 preq->band_data[0].offset = cpu_to_le16(pos - preq->buf); 1261 preq->band_data[0].offset = cpu_to_le16(pos - preq->buf);
1185 preq->band_data[0].len = cpu_to_le16(ies->len[IEEE80211_BAND_2GHZ]); 1262 preq->band_data[0].len = cpu_to_le16(newpos - pos);
1186 pos += ies->len[IEEE80211_BAND_2GHZ]; 1263 pos = newpos;
1187 1264
1188 memcpy(pos, ies->ies[IEEE80211_BAND_5GHZ], 1265 memcpy(pos, ies->ies[IEEE80211_BAND_5GHZ],
1189 ies->len[IEEE80211_BAND_5GHZ]); 1266 ies->len[IEEE80211_BAND_5GHZ]);
@@ -1244,9 +1321,10 @@ int iwl_mvm_unified_scan_lmac(struct iwl_mvm *mvm,
1244 .dataflags = { IWL_HCMD_DFL_NOCOPY, }, 1321 .dataflags = { IWL_HCMD_DFL_NOCOPY, },
1245 }; 1322 };
1246 struct iwl_scan_req_unified_lmac *cmd = mvm->scan_cmd; 1323 struct iwl_scan_req_unified_lmac *cmd = mvm->scan_cmd;
1324 struct iwl_scan_probe_req *preq;
1247 struct iwl_mvm_scan_params params = {}; 1325 struct iwl_mvm_scan_params params = {};
1248 u32 flags; 1326 u32 flags;
1249 int ssid_bitmap = 0; 1327 u32 ssid_bitmap = 0;
1250 int ret, i; 1328 int ret, i;
1251 1329
1252 lockdep_assert_held(&mvm->mutex); 1330 lockdep_assert_held(&mvm->mutex);
@@ -1305,7 +1383,13 @@ int iwl_mvm_unified_scan_lmac(struct iwl_mvm *mvm,
1305 req->req.n_channels, ssid_bitmap, 1383 req->req.n_channels, ssid_bitmap,
1306 cmd); 1384 cmd);
1307 1385
1308 iwl_mvm_build_unified_scan_probe(mvm, vif, &req->ies, cmd); 1386 preq = (void *)(cmd->data + sizeof(struct iwl_scan_channel_cfg_lmac) *
1387 mvm->fw->ucode_capa.n_scan_channels);
1388
1389 iwl_mvm_build_unified_scan_probe(mvm, vif, &req->ies, preq,
1390 req->req.flags & NL80211_SCAN_FLAG_RANDOM_ADDR ?
1391 req->req.mac_addr : NULL,
1392 req->req.mac_addr_mask);
1309 1393
1310 ret = iwl_mvm_send_cmd(mvm, &hcmd); 1394 ret = iwl_mvm_send_cmd(mvm, &hcmd);
1311 if (!ret) { 1395 if (!ret) {
@@ -1338,6 +1422,7 @@ int iwl_mvm_unified_sched_scan_lmac(struct iwl_mvm *mvm,
1338 .dataflags = { IWL_HCMD_DFL_NOCOPY, }, 1422 .dataflags = { IWL_HCMD_DFL_NOCOPY, },
1339 }; 1423 };
1340 struct iwl_scan_req_unified_lmac *cmd = mvm->scan_cmd; 1424 struct iwl_scan_req_unified_lmac *cmd = mvm->scan_cmd;
1425 struct iwl_scan_probe_req *preq;
1341 struct iwl_mvm_scan_params params = {}; 1426 struct iwl_mvm_scan_params params = {};
1342 int ret; 1427 int ret;
1343 u32 flags = 0, ssid_bitmap = 0; 1428 u32 flags = 0, ssid_bitmap = 0;
@@ -1361,15 +1446,8 @@ int iwl_mvm_unified_sched_scan_lmac(struct iwl_mvm *mvm,
1361 1446
1362 cmd->n_channels = (u8)req->n_channels; 1447 cmd->n_channels = (u8)req->n_channels;
1363 1448
1364 if (req->n_match_sets && req->match_sets[0].ssid.ssid_len) { 1449 if (iwl_mvm_scan_pass_all(mvm, req))
1365 IWL_DEBUG_SCAN(mvm,
1366 "Sending scheduled scan with filtering, n_match_sets %d\n",
1367 req->n_match_sets);
1368 } else {
1369 IWL_DEBUG_SCAN(mvm,
1370 "Sending Scheduled scan without filtering\n");
1371 flags |= IWL_MVM_LMAC_SCAN_FLAG_PASS_ALL; 1450 flags |= IWL_MVM_LMAC_SCAN_FLAG_PASS_ALL;
1372 }
1373 1451
1374 if (req->n_ssids == 1 && req->ssids[0].ssid_len != 0) 1452 if (req->n_ssids == 1 && req->ssids[0].ssid_len != 0)
1375 flags |= IWL_MVM_LMAC_SCAN_FLAG_PRE_CONNECTION; 1453 flags |= IWL_MVM_LMAC_SCAN_FLAG_PRE_CONNECTION;
@@ -1399,7 +1477,13 @@ int iwl_mvm_unified_sched_scan_lmac(struct iwl_mvm *mvm,
1399 iwl_mvm_lmac_scan_cfg_channels(mvm, req->channels, req->n_channels, 1477 iwl_mvm_lmac_scan_cfg_channels(mvm, req->channels, req->n_channels,
1400 ssid_bitmap, cmd); 1478 ssid_bitmap, cmd);
1401 1479
1402 iwl_mvm_build_unified_scan_probe(mvm, vif, ies, cmd); 1480 preq = (void *)(cmd->data + sizeof(struct iwl_scan_channel_cfg_lmac) *
1481 mvm->fw->ucode_capa.n_scan_channels);
1482
1483 iwl_mvm_build_unified_scan_probe(mvm, vif, ies, preq,
1484 req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR ?
1485 req->mac_addr : NULL,
1486 req->mac_addr_mask);
1403 1487
1404 ret = iwl_mvm_send_cmd(mvm, &hcmd); 1488 ret = iwl_mvm_send_cmd(mvm, &hcmd);
1405 if (!ret) { 1489 if (!ret) {
@@ -1421,6 +1505,10 @@ int iwl_mvm_unified_sched_scan_lmac(struct iwl_mvm *mvm,
1421 1505
1422int iwl_mvm_cancel_scan(struct iwl_mvm *mvm) 1506int iwl_mvm_cancel_scan(struct iwl_mvm *mvm)
1423{ 1507{
1508 if (mvm->fw->ucode_capa.capa[0] & IWL_UCODE_TLV_CAPA_UMAC_SCAN)
1509 return iwl_umac_scan_stop(mvm, IWL_UMAC_SCAN_UID_REG_SCAN,
1510 true);
1511
1424 if (mvm->scan_status == IWL_MVM_SCAN_NONE) 1512 if (mvm->scan_status == IWL_MVM_SCAN_NONE)
1425 return 0; 1513 return 0;
1426 1514
@@ -1435,3 +1523,576 @@ int iwl_mvm_cancel_scan(struct iwl_mvm *mvm)
1435 return iwl_mvm_scan_offload_stop(mvm, true); 1523 return iwl_mvm_scan_offload_stop(mvm, true);
1436 return iwl_mvm_cancel_regular_scan(mvm); 1524 return iwl_mvm_cancel_regular_scan(mvm);
1437} 1525}
1526
1527/* UMAC scan API */
1528
1529struct iwl_umac_scan_done {
1530 struct iwl_mvm *mvm;
1531 enum iwl_umac_scan_uid_type type;
1532};
1533
1534static int rate_to_scan_rate_flag(unsigned int rate)
1535{
1536 static const int rate_to_scan_rate[IWL_RATE_COUNT] = {
1537 [IWL_RATE_1M_INDEX] = SCAN_CONFIG_RATE_1M,
1538 [IWL_RATE_2M_INDEX] = SCAN_CONFIG_RATE_2M,
1539 [IWL_RATE_5M_INDEX] = SCAN_CONFIG_RATE_5M,
1540 [IWL_RATE_11M_INDEX] = SCAN_CONFIG_RATE_11M,
1541 [IWL_RATE_6M_INDEX] = SCAN_CONFIG_RATE_6M,
1542 [IWL_RATE_9M_INDEX] = SCAN_CONFIG_RATE_9M,
1543 [IWL_RATE_12M_INDEX] = SCAN_CONFIG_RATE_12M,
1544 [IWL_RATE_18M_INDEX] = SCAN_CONFIG_RATE_18M,
1545 [IWL_RATE_24M_INDEX] = SCAN_CONFIG_RATE_24M,
1546 [IWL_RATE_36M_INDEX] = SCAN_CONFIG_RATE_36M,
1547 [IWL_RATE_48M_INDEX] = SCAN_CONFIG_RATE_48M,
1548 [IWL_RATE_54M_INDEX] = SCAN_CONFIG_RATE_54M,
1549 };
1550
1551 return rate_to_scan_rate[rate];
1552}
1553
1554static __le32 iwl_mvm_scan_config_rates(struct iwl_mvm *mvm)
1555{
1556 struct ieee80211_supported_band *band;
1557 unsigned int rates = 0;
1558 int i;
1559
1560 band = &mvm->nvm_data->bands[IEEE80211_BAND_2GHZ];
1561 for (i = 0; i < band->n_bitrates; i++)
1562 rates |= rate_to_scan_rate_flag(band->bitrates[i].hw_value);
1563 band = &mvm->nvm_data->bands[IEEE80211_BAND_5GHZ];
1564 for (i = 0; i < band->n_bitrates; i++)
1565 rates |= rate_to_scan_rate_flag(band->bitrates[i].hw_value);
1566
1567 /* Set both basic rates and supported rates */
1568 rates |= SCAN_CONFIG_SUPPORTED_RATE(rates);
1569
1570 return cpu_to_le32(rates);
1571}
1572
1573int iwl_mvm_config_scan(struct iwl_mvm *mvm)
1574{
1575
1576 struct iwl_scan_config *scan_config;
1577 struct ieee80211_supported_band *band;
1578 int num_channels =
1579 mvm->nvm_data->bands[IEEE80211_BAND_2GHZ].n_channels +
1580 mvm->nvm_data->bands[IEEE80211_BAND_5GHZ].n_channels;
1581 int ret, i, j = 0, cmd_size, data_size;
1582 struct iwl_host_cmd cmd = {
1583 .id = SCAN_CFG_CMD,
1584 };
1585
1586 if (WARN_ON(num_channels > mvm->fw->ucode_capa.n_scan_channels))
1587 return -ENOBUFS;
1588
1589 cmd_size = sizeof(*scan_config) + mvm->fw->ucode_capa.n_scan_channels;
1590
1591 scan_config = kzalloc(cmd_size, GFP_KERNEL);
1592 if (!scan_config)
1593 return -ENOMEM;
1594
1595 data_size = cmd_size - sizeof(struct iwl_mvm_umac_cmd_hdr);
1596 scan_config->hdr.size = cpu_to_le16(data_size);
1597 scan_config->flags = cpu_to_le32(SCAN_CONFIG_FLAG_ACTIVATE |
1598 SCAN_CONFIG_FLAG_ALLOW_CHUB_REQS |
1599 SCAN_CONFIG_FLAG_SET_TX_CHAINS |
1600 SCAN_CONFIG_FLAG_SET_RX_CHAINS |
1601 SCAN_CONFIG_FLAG_SET_ALL_TIMES |
1602 SCAN_CONFIG_FLAG_SET_LEGACY_RATES |
1603 SCAN_CONFIG_FLAG_SET_MAC_ADDR |
1604 SCAN_CONFIG_FLAG_SET_CHANNEL_FLAGS|
1605 SCAN_CONFIG_N_CHANNELS(num_channels));
1606 scan_config->tx_chains = cpu_to_le32(mvm->fw->valid_tx_ant);
1607 scan_config->rx_chains = cpu_to_le32(iwl_mvm_scan_rx_ant(mvm));
1608 scan_config->legacy_rates = iwl_mvm_scan_config_rates(mvm);
1609 scan_config->out_of_channel_time = cpu_to_le32(170);
1610 scan_config->suspend_time = cpu_to_le32(30);
1611 scan_config->dwell_active = 20;
1612 scan_config->dwell_passive = 110;
1613 scan_config->dwell_fragmented = 20;
1614
1615 memcpy(&scan_config->mac_addr, &mvm->addresses[0].addr, ETH_ALEN);
1616
1617 scan_config->bcast_sta_id = mvm->aux_sta.sta_id;
1618 scan_config->channel_flags = IWL_CHANNEL_FLAG_EBS |
1619 IWL_CHANNEL_FLAG_ACCURATE_EBS |
1620 IWL_CHANNEL_FLAG_EBS_ADD |
1621 IWL_CHANNEL_FLAG_PRE_SCAN_PASSIVE2ACTIVE;
1622
1623 band = &mvm->nvm_data->bands[IEEE80211_BAND_2GHZ];
1624 for (i = 0; i < band->n_channels; i++, j++)
1625 scan_config->channel_array[j] = band->channels[i].center_freq;
1626 band = &mvm->nvm_data->bands[IEEE80211_BAND_5GHZ];
1627 for (i = 0; i < band->n_channels; i++, j++)
1628 scan_config->channel_array[j] = band->channels[i].center_freq;
1629
1630 cmd.data[0] = scan_config;
1631 cmd.len[0] = cmd_size;
1632 cmd.dataflags[0] = IWL_HCMD_DFL_NOCOPY;
1633
1634 IWL_DEBUG_SCAN(mvm, "Sending UMAC scan config\n");
1635
1636 ret = iwl_mvm_send_cmd(mvm, &cmd);
1637
1638 kfree(scan_config);
1639 return ret;
1640}
1641
1642static int iwl_mvm_find_scan_uid(struct iwl_mvm *mvm, u32 uid)
1643{
1644 int i;
1645
1646 for (i = 0; i < IWL_MVM_MAX_SIMULTANEOUS_SCANS; i++)
1647 if (mvm->scan_uid[i] == uid)
1648 return i;
1649
1650 return i;
1651}
1652
1653static int iwl_mvm_find_free_scan_uid(struct iwl_mvm *mvm)
1654{
1655 return iwl_mvm_find_scan_uid(mvm, 0);
1656}
1657
1658static bool iwl_mvm_find_scan_type(struct iwl_mvm *mvm,
1659 enum iwl_umac_scan_uid_type type)
1660{
1661 int i;
1662
1663 for (i = 0; i < IWL_MVM_MAX_SIMULTANEOUS_SCANS; i++)
1664 if (mvm->scan_uid[i] & type)
1665 return true;
1666
1667 return false;
1668}
1669
1670static u32 iwl_generate_scan_uid(struct iwl_mvm *mvm,
1671 enum iwl_umac_scan_uid_type type)
1672{
1673 u32 uid;
1674
1675 /* make sure exactly one bit is on in scan type */
1676 WARN_ON(hweight8(type) != 1);
1677
1678 /*
1679 * Make sure scan uids are unique. If one scan lasts long time while
1680 * others are completing frequently, the seq number will wrap up and
1681 * we may have more than one scan with the same uid.
1682 */
1683 do {
1684 uid = type | (mvm->scan_seq_num <<
1685 IWL_UMAC_SCAN_UID_SEQ_OFFSET);
1686 mvm->scan_seq_num++;
1687 } while (iwl_mvm_find_scan_uid(mvm, uid) <
1688 IWL_MVM_MAX_SIMULTANEOUS_SCANS);
1689
1690 IWL_DEBUG_SCAN(mvm, "Generated scan UID %u\n", uid);
1691
1692 return uid;
1693}
1694
1695static void
1696iwl_mvm_build_generic_umac_scan_cmd(struct iwl_mvm *mvm,
1697 struct iwl_scan_req_umac *cmd,
1698 struct iwl_mvm_scan_params *params)
1699{
1700 memset(cmd, 0, ksize(cmd));
1701 cmd->hdr.size = cpu_to_le16(iwl_mvm_scan_size(mvm) -
1702 sizeof(struct iwl_mvm_umac_cmd_hdr));
1703 cmd->active_dwell = params->dwell[IEEE80211_BAND_2GHZ].active;
1704 cmd->passive_dwell = params->dwell[IEEE80211_BAND_2GHZ].passive;
1705 if (params->passive_fragmented)
1706 cmd->fragmented_dwell =
1707 params->dwell[IEEE80211_BAND_2GHZ].passive;
1708 cmd->max_out_time = cpu_to_le32(params->max_out_time);
1709 cmd->suspend_time = cpu_to_le32(params->suspend_time);
1710 cmd->scan_priority = cpu_to_le32(IWL_SCAN_PRIORITY_HIGH);
1711}
1712
1713static void
1714iwl_mvm_umac_scan_cfg_channels(struct iwl_mvm *mvm,
1715 struct ieee80211_channel **channels,
1716 int n_channels, u32 ssid_bitmap,
1717 struct iwl_scan_req_umac *cmd)
1718{
1719 struct iwl_scan_channel_cfg_umac *channel_cfg = (void *)&cmd->data;
1720 int i;
1721
1722 for (i = 0; i < n_channels; i++) {
1723 channel_cfg[i].flags = cpu_to_le32(ssid_bitmap);
1724 channel_cfg[i].channel_num = channels[i]->hw_value;
1725 channel_cfg[i].iter_count = 1;
1726 channel_cfg[i].iter_interval = 0;
1727 }
1728}
1729
1730static u32 iwl_mvm_scan_umac_common_flags(struct iwl_mvm *mvm, int n_ssids,
1731 struct cfg80211_ssid *ssids,
1732 int fragmented)
1733{
1734 int flags = 0;
1735
1736 if (n_ssids == 0)
1737 flags = IWL_UMAC_SCAN_GEN_FLAGS_PASSIVE;
1738
1739 if (n_ssids == 1 && ssids[0].ssid_len != 0)
1740 flags |= IWL_UMAC_SCAN_GEN_FLAGS_PRE_CONNECT;
1741
1742 if (fragmented)
1743 flags |= IWL_UMAC_SCAN_GEN_FLAGS_FRAGMENTED;
1744
1745 if (iwl_mvm_rrm_scan_needed(mvm))
1746 flags |= IWL_UMAC_SCAN_GEN_FLAGS_RRM_ENABLED;
1747
1748 return flags;
1749}
1750
1751int iwl_mvm_scan_umac(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
1752 struct ieee80211_scan_request *req)
1753{
1754 struct iwl_host_cmd hcmd = {
1755 .id = SCAN_REQ_UMAC,
1756 .len = { iwl_mvm_scan_size(mvm), },
1757 .data = { mvm->scan_cmd, },
1758 .dataflags = { IWL_HCMD_DFL_NOCOPY, },
1759 };
1760 struct iwl_scan_req_umac *cmd = mvm->scan_cmd;
1761 struct iwl_scan_req_umac_tail *sec_part = (void *)&cmd->data +
1762 sizeof(struct iwl_scan_channel_cfg_umac) *
1763 mvm->fw->ucode_capa.n_scan_channels;
1764 struct iwl_mvm_scan_params params = {};
1765 u32 uid, flags;
1766 u32 ssid_bitmap = 0;
1767 int ret, i, uid_idx;
1768
1769 lockdep_assert_held(&mvm->mutex);
1770
1771 uid_idx = iwl_mvm_find_free_scan_uid(mvm);
1772 if (uid_idx >= IWL_MVM_MAX_SIMULTANEOUS_SCANS)
1773 return -EBUSY;
1774
1775 /* we should have failed registration if scan_cmd was NULL */
1776 if (WARN_ON(mvm->scan_cmd == NULL))
1777 return -ENOMEM;
1778
1779 if (WARN_ON(req->req.n_ssids > PROBE_OPTION_MAX ||
1780 req->ies.common_ie_len +
1781 req->ies.len[NL80211_BAND_2GHZ] +
1782 req->ies.len[NL80211_BAND_5GHZ] + 24 + 2 >
1783 SCAN_OFFLOAD_PROBE_REQ_SIZE || req->req.n_channels >
1784 mvm->fw->ucode_capa.n_scan_channels))
1785 return -ENOBUFS;
1786
1787 iwl_mvm_scan_calc_params(mvm, vif, req->req.n_ssids, req->req.flags,
1788 &params);
1789
1790 iwl_mvm_build_generic_umac_scan_cmd(mvm, cmd, &params);
1791
1792 uid = iwl_generate_scan_uid(mvm, IWL_UMAC_SCAN_UID_REG_SCAN);
1793 mvm->scan_uid[uid_idx] = uid;
1794 cmd->uid = cpu_to_le32(uid);
1795
1796 cmd->ooc_priority = cpu_to_le32(IWL_SCAN_PRIORITY_HIGH);
1797
1798 flags = iwl_mvm_scan_umac_common_flags(mvm, req->req.n_ssids,
1799 req->req.ssids,
1800 params.passive_fragmented);
1801
1802 flags |= IWL_UMAC_SCAN_GEN_FLAGS_PASS_ALL;
1803
1804 cmd->general_flags = cpu_to_le32(flags);
1805 cmd->n_channels = req->req.n_channels;
1806
1807 for (i = 0; i < req->req.n_ssids; i++)
1808 ssid_bitmap |= BIT(i);
1809
1810 iwl_mvm_umac_scan_cfg_channels(mvm, req->req.channels,
1811 req->req.n_channels, ssid_bitmap, cmd);
1812
1813 sec_part->schedule[0].iter_count = 1;
1814 sec_part->delay = 0;
1815
1816 iwl_mvm_build_unified_scan_probe(mvm, vif, &req->ies, &sec_part->preq,
1817 req->req.flags & NL80211_SCAN_FLAG_RANDOM_ADDR ?
1818 req->req.mac_addr : NULL,
1819 req->req.mac_addr_mask);
1820
1821 iwl_mvm_scan_fill_ssids(sec_part->direct_scan, req->req.ssids,
1822 req->req.n_ssids, 0);
1823
1824 ret = iwl_mvm_send_cmd(mvm, &hcmd);
1825 if (!ret) {
1826 IWL_DEBUG_SCAN(mvm,
1827 "Scan request was sent successfully\n");
1828 } else {
1829 /*
1830 * If the scan failed, it usually means that the FW was unable
1831 * to allocate the time events. Warn on it, but maybe we
1832 * should try to send the command again with different params.
1833 */
1834 IWL_ERR(mvm, "Scan failed! ret %d\n", ret);
1835 }
1836 return ret;
1837}
1838
1839int iwl_mvm_sched_scan_umac(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
1840 struct cfg80211_sched_scan_request *req,
1841 struct ieee80211_scan_ies *ies)
1842{
1843
1844 struct iwl_host_cmd hcmd = {
1845 .id = SCAN_REQ_UMAC,
1846 .len = { iwl_mvm_scan_size(mvm), },
1847 .data = { mvm->scan_cmd, },
1848 .dataflags = { IWL_HCMD_DFL_NOCOPY, },
1849 };
1850 struct iwl_scan_req_umac *cmd = mvm->scan_cmd;
1851 struct iwl_scan_req_umac_tail *sec_part = (void *)&cmd->data +
1852 sizeof(struct iwl_scan_channel_cfg_umac) *
1853 mvm->fw->ucode_capa.n_scan_channels;
1854 struct iwl_mvm_scan_params params = {};
1855 u32 uid, flags;
1856 u32 ssid_bitmap = 0;
1857 int ret, uid_idx;
1858
1859 lockdep_assert_held(&mvm->mutex);
1860
1861 uid_idx = iwl_mvm_find_free_scan_uid(mvm);
1862 if (uid_idx >= IWL_MVM_MAX_SIMULTANEOUS_SCANS)
1863 return -EBUSY;
1864
1865 /* we should have failed registration if scan_cmd was NULL */
1866 if (WARN_ON(mvm->scan_cmd == NULL))
1867 return -ENOMEM;
1868
1869 if (WARN_ON(req->n_ssids > PROBE_OPTION_MAX ||
1870 ies->common_ie_len + ies->len[NL80211_BAND_2GHZ] +
1871 ies->len[NL80211_BAND_5GHZ] + 24 + 2 >
1872 SCAN_OFFLOAD_PROBE_REQ_SIZE || req->n_channels >
1873 mvm->fw->ucode_capa.n_scan_channels))
1874 return -ENOBUFS;
1875
1876 iwl_mvm_scan_calc_params(mvm, vif, req->n_ssids, req->flags,
1877 &params);
1878
1879 iwl_mvm_build_generic_umac_scan_cmd(mvm, cmd, &params);
1880
1881 cmd->flags = cpu_to_le32(IWL_UMAC_SCAN_FLAG_PREEMPTIVE);
1882
1883 uid = iwl_generate_scan_uid(mvm, IWL_UMAC_SCAN_UID_SCHED_SCAN);
1884 mvm->scan_uid[uid_idx] = uid;
1885 cmd->uid = cpu_to_le32(uid);
1886
1887 cmd->ooc_priority = cpu_to_le32(IWL_SCAN_PRIORITY_LOW);
1888
1889 flags = iwl_mvm_scan_umac_common_flags(mvm, req->n_ssids, req->ssids,
1890 params.passive_fragmented);
1891
1892 flags |= IWL_UMAC_SCAN_GEN_FLAGS_PERIODIC;
1893
1894 if (iwl_mvm_scan_pass_all(mvm, req))
1895 flags |= IWL_UMAC_SCAN_GEN_FLAGS_PASS_ALL;
1896 else
1897 flags |= IWL_UMAC_SCAN_GEN_FLAGS_MATCH;
1898
1899 cmd->general_flags = cpu_to_le32(flags);
1900
1901 if (mvm->fw->ucode_capa.flags & IWL_UCODE_TLV_FLAGS_EBS_SUPPORT &&
1902 mvm->last_ebs_successful)
1903 cmd->channel_flags = IWL_SCAN_CHANNEL_FLAG_EBS |
1904 IWL_SCAN_CHANNEL_FLAG_EBS_ACCURATE |
1905 IWL_SCAN_CHANNEL_FLAG_CACHE_ADD;
1906
1907 cmd->n_channels = req->n_channels;
1908
1909 iwl_scan_offload_build_ssid(req, sec_part->direct_scan, &ssid_bitmap,
1910 false);
1911
1912 /* This API uses bits 0-19 instead of 1-20. */
1913 ssid_bitmap = ssid_bitmap >> 1;
1914
1915 iwl_mvm_umac_scan_cfg_channels(mvm, req->channels, req->n_channels,
1916 ssid_bitmap, cmd);
1917
1918 sec_part->schedule[0].interval =
1919 cpu_to_le16(req->interval / MSEC_PER_SEC);
1920 sec_part->schedule[0].iter_count = 0xff;
1921
1922 sec_part->delay = 0;
1923
1924 iwl_mvm_build_unified_scan_probe(mvm, vif, ies, &sec_part->preq,
1925 req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR ?
1926 req->mac_addr : NULL,
1927 req->mac_addr_mask);
1928
1929 ret = iwl_mvm_send_cmd(mvm, &hcmd);
1930 if (!ret) {
1931 IWL_DEBUG_SCAN(mvm,
1932 "Sched scan request was sent successfully\n");
1933 } else {
1934 /*
1935 * If the scan failed, it usually means that the FW was unable
1936 * to allocate the time events. Warn on it, but maybe we
1937 * should try to send the command again with different params.
1938 */
1939 IWL_ERR(mvm, "Sched scan failed! ret %d\n", ret);
1940 }
1941 return ret;
1942}
1943
1944int iwl_mvm_rx_umac_scan_complete_notif(struct iwl_mvm *mvm,
1945 struct iwl_rx_cmd_buffer *rxb,
1946 struct iwl_device_cmd *cmd)
1947{
1948 struct iwl_rx_packet *pkt = rxb_addr(rxb);
1949 struct iwl_umac_scan_complete *notif = (void *)pkt->data;
1950 u32 uid = __le32_to_cpu(notif->uid);
1951 bool sched = !!(uid & IWL_UMAC_SCAN_UID_SCHED_SCAN);
1952 int uid_idx = iwl_mvm_find_scan_uid(mvm, uid);
1953
1954 /*
1955 * Scan uid may be set to zero in case of scan abort request from above.
1956 */
1957 if (uid_idx >= IWL_MVM_MAX_SIMULTANEOUS_SCANS)
1958 return 0;
1959
1960 IWL_DEBUG_SCAN(mvm,
1961 "Scan completed, uid %u type %s, status %s, EBS status %s\n",
1962 uid, sched ? "sched" : "regular",
1963 notif->status == IWL_SCAN_OFFLOAD_COMPLETED ?
1964 "completed" : "aborted",
1965 notif->ebs_status == IWL_SCAN_EBS_SUCCESS ?
1966 "success" : "failed");
1967
1968 mvm->last_ebs_successful = !notif->ebs_status;
1969 mvm->scan_uid[uid_idx] = 0;
1970
1971 if (!sched) {
1972 ieee80211_scan_completed(mvm->hw,
1973 notif->status ==
1974 IWL_SCAN_OFFLOAD_ABORTED);
1975 iwl_mvm_unref(mvm, IWL_MVM_REF_SCAN);
1976 } else if (!iwl_mvm_find_scan_type(mvm, IWL_UMAC_SCAN_UID_SCHED_SCAN)) {
1977 ieee80211_sched_scan_stopped(mvm->hw);
1978 } else {
1979 IWL_DEBUG_SCAN(mvm, "Another sched scan is running\n");
1980 }
1981
1982 return 0;
1983}
1984
1985static bool iwl_scan_umac_done_check(struct iwl_notif_wait_data *notif_wait,
1986 struct iwl_rx_packet *pkt, void *data)
1987{
1988 struct iwl_umac_scan_done *scan_done = data;
1989 struct iwl_umac_scan_complete *notif = (void *)pkt->data;
1990 u32 uid = __le32_to_cpu(notif->uid);
1991 int uid_idx = iwl_mvm_find_scan_uid(scan_done->mvm, uid);
1992
1993 if (WARN_ON(pkt->hdr.cmd != SCAN_COMPLETE_UMAC))
1994 return false;
1995
1996 if (uid_idx >= IWL_MVM_MAX_SIMULTANEOUS_SCANS)
1997 return false;
1998
1999 /*
2000 * Clear scan uid of scans that was aborted from above and completed
2001 * in FW so the RX handler does nothing.
2002 */
2003 scan_done->mvm->scan_uid[uid_idx] = 0;
2004
2005 return !iwl_mvm_find_scan_type(scan_done->mvm, scan_done->type);
2006}
2007
2008static int iwl_umac_scan_abort_one(struct iwl_mvm *mvm, u32 uid)
2009{
2010 struct iwl_umac_scan_abort cmd = {
2011 .hdr.size = cpu_to_le16(sizeof(struct iwl_umac_scan_abort) -
2012 sizeof(struct iwl_mvm_umac_cmd_hdr)),
2013 .uid = cpu_to_le32(uid),
2014 };
2015
2016 lockdep_assert_held(&mvm->mutex);
2017
2018 IWL_DEBUG_SCAN(mvm, "Sending scan abort, uid %u\n", uid);
2019
2020 return iwl_mvm_send_cmd_pdu(mvm, SCAN_ABORT_UMAC, 0, sizeof(cmd), &cmd);
2021}
2022
2023static int iwl_umac_scan_stop(struct iwl_mvm *mvm,
2024 enum iwl_umac_scan_uid_type type, bool notify)
2025{
2026 struct iwl_notification_wait wait_scan_done;
2027 static const u8 scan_done_notif[] = { SCAN_COMPLETE_UMAC, };
2028 struct iwl_umac_scan_done scan_done = {
2029 .mvm = mvm,
2030 .type = type,
2031 };
2032 int i, ret = -EIO;
2033
2034 iwl_init_notification_wait(&mvm->notif_wait, &wait_scan_done,
2035 scan_done_notif,
2036 ARRAY_SIZE(scan_done_notif),
2037 iwl_scan_umac_done_check, &scan_done);
2038
2039 IWL_DEBUG_SCAN(mvm, "Preparing to stop scan, type %x\n", type);
2040
2041 for (i = 0; i < IWL_MVM_MAX_SIMULTANEOUS_SCANS; i++) {
2042 if (mvm->scan_uid[i] & type) {
2043 int err;
2044
2045 if (iwl_mvm_is_radio_killed(mvm) &&
2046 (type & IWL_UMAC_SCAN_UID_REG_SCAN)) {
2047 ieee80211_scan_completed(mvm->hw, true);
2048 iwl_mvm_unref(mvm, IWL_MVM_REF_SCAN);
2049 break;
2050 }
2051
2052 err = iwl_umac_scan_abort_one(mvm, mvm->scan_uid[i]);
2053 if (!err)
2054 ret = 0;
2055 }
2056 }
2057
2058 if (ret) {
2059 IWL_DEBUG_SCAN(mvm, "Couldn't stop scan\n");
2060 iwl_remove_notification(&mvm->notif_wait, &wait_scan_done);
2061 return ret;
2062 }
2063
2064 ret = iwl_wait_notification(&mvm->notif_wait, &wait_scan_done, 1 * HZ);
2065 if (ret)
2066 return ret;
2067
2068 if (notify) {
2069 if (type & IWL_UMAC_SCAN_UID_SCHED_SCAN)
2070 ieee80211_sched_scan_stopped(mvm->hw);
2071 if (type & IWL_UMAC_SCAN_UID_REG_SCAN) {
2072 ieee80211_scan_completed(mvm->hw, true);
2073 iwl_mvm_unref(mvm, IWL_MVM_REF_SCAN);
2074 }
2075 }
2076
2077 return ret;
2078}
2079
2080int iwl_mvm_scan_size(struct iwl_mvm *mvm)
2081{
2082 if (mvm->fw->ucode_capa.capa[0] & IWL_UCODE_TLV_CAPA_UMAC_SCAN)
2083 return sizeof(struct iwl_scan_req_umac) +
2084 sizeof(struct iwl_scan_channel_cfg_umac) *
2085 mvm->fw->ucode_capa.n_scan_channels +
2086 sizeof(struct iwl_scan_req_umac_tail);
2087
2088 if (mvm->fw->ucode_capa.api[0] & IWL_UCODE_TLV_API_LMAC_SCAN)
2089 return sizeof(struct iwl_scan_req_unified_lmac) +
2090 sizeof(struct iwl_scan_channel_cfg_lmac) *
2091 mvm->fw->ucode_capa.n_scan_channels +
2092 sizeof(struct iwl_scan_probe_req);
2093
2094 return sizeof(struct iwl_scan_cmd) +
2095 mvm->fw->ucode_capa.max_probe_length +
2096 mvm->fw->ucode_capa.n_scan_channels *
2097 sizeof(struct iwl_scan_channel);
2098}
diff --git a/drivers/net/wireless/iwlwifi/mvm/sta.c b/drivers/net/wireless/iwlwifi/mvm/sta.c
index dd0dc5bf8583..d86fe432e51f 100644
--- a/drivers/net/wireless/iwlwifi/mvm/sta.c
+++ b/drivers/net/wireless/iwlwifi/mvm/sta.c
@@ -204,6 +204,56 @@ int iwl_mvm_sta_send_to_fw(struct iwl_mvm *mvm, struct ieee80211_sta *sta,
204 return ret; 204 return ret;
205} 205}
206 206
207static int iwl_mvm_tdls_sta_init(struct iwl_mvm *mvm,
208 struct ieee80211_sta *sta)
209{
210 unsigned long used_hw_queues;
211 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
212 u32 ac;
213
214 lockdep_assert_held(&mvm->mutex);
215
216 used_hw_queues = iwl_mvm_get_used_hw_queues(mvm, NULL);
217
218 /* Find available queues, and allocate them to the ACs */
219 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
220 u8 queue = find_first_zero_bit(&used_hw_queues,
221 mvm->first_agg_queue);
222
223 if (queue >= mvm->first_agg_queue) {
224 IWL_ERR(mvm, "Failed to allocate STA queue\n");
225 return -EBUSY;
226 }
227
228 __set_bit(queue, &used_hw_queues);
229 mvmsta->hw_queue[ac] = queue;
230 }
231
232 /* Found a place for all queues - enable them */
233 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
234 iwl_mvm_enable_ac_txq(mvm, mvmsta->hw_queue[ac],
235 iwl_mvm_ac_to_tx_fifo[ac]);
236 mvmsta->tfd_queue_msk |= BIT(mvmsta->hw_queue[ac]);
237 }
238
239 return 0;
240}
241
242static void iwl_mvm_tdls_sta_deinit(struct iwl_mvm *mvm,
243 struct ieee80211_sta *sta)
244{
245 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
246 unsigned long sta_msk;
247 int i;
248
249 lockdep_assert_held(&mvm->mutex);
250
251 /* disable the TDLS STA-specific queues */
252 sta_msk = mvmsta->tfd_queue_msk;
253 for_each_set_bit(i, &sta_msk, sizeof(sta_msk))
254 iwl_mvm_disable_txq(mvm, i);
255}
256
207int iwl_mvm_add_sta(struct iwl_mvm *mvm, 257int iwl_mvm_add_sta(struct iwl_mvm *mvm,
208 struct ieee80211_vif *vif, 258 struct ieee80211_vif *vif,
209 struct ieee80211_sta *sta) 259 struct ieee80211_sta *sta)
@@ -237,9 +287,17 @@ int iwl_mvm_add_sta(struct iwl_mvm *mvm,
237 atomic_set(&mvm->pending_frames[sta_id], 0); 287 atomic_set(&mvm->pending_frames[sta_id], 0);
238 mvm_sta->tid_disable_agg = 0; 288 mvm_sta->tid_disable_agg = 0;
239 mvm_sta->tfd_queue_msk = 0; 289 mvm_sta->tfd_queue_msk = 0;
240 for (i = 0; i < IEEE80211_NUM_ACS; i++) 290
241 if (vif->hw_queue[i] != IEEE80211_INVAL_HW_QUEUE) 291 /* allocate new queues for a TDLS station */
242 mvm_sta->tfd_queue_msk |= BIT(vif->hw_queue[i]); 292 if (sta->tdls) {
293 ret = iwl_mvm_tdls_sta_init(mvm, sta);
294 if (ret)
295 return ret;
296 } else {
297 for (i = 0; i < IEEE80211_NUM_ACS; i++)
298 if (vif->hw_queue[i] != IEEE80211_INVAL_HW_QUEUE)
299 mvm_sta->tfd_queue_msk |= BIT(vif->hw_queue[i]);
300 }
243 301
244 /* for HW restart - reset everything but the sequence number */ 302 /* for HW restart - reset everything but the sequence number */
245 for (i = 0; i < IWL_MAX_TID_COUNT; i++) { 303 for (i = 0; i < IWL_MAX_TID_COUNT; i++) {
@@ -251,7 +309,7 @@ int iwl_mvm_add_sta(struct iwl_mvm *mvm,
251 309
252 ret = iwl_mvm_sta_send_to_fw(mvm, sta, false); 310 ret = iwl_mvm_sta_send_to_fw(mvm, sta, false);
253 if (ret) 311 if (ret)
254 return ret; 312 goto err;
255 313
256 if (vif->type == NL80211_IFTYPE_STATION) { 314 if (vif->type == NL80211_IFTYPE_STATION) {
257 if (!sta->tdls) { 315 if (!sta->tdls) {
@@ -265,6 +323,10 @@ int iwl_mvm_add_sta(struct iwl_mvm *mvm,
265 rcu_assign_pointer(mvm->fw_id_to_mac_id[sta_id], sta); 323 rcu_assign_pointer(mvm->fw_id_to_mac_id[sta_id], sta);
266 324
267 return 0; 325 return 0;
326
327err:
328 iwl_mvm_tdls_sta_deinit(mvm, sta);
329 return ret;
268} 330}
269 331
270int iwl_mvm_update_sta(struct iwl_mvm *mvm, 332int iwl_mvm_update_sta(struct iwl_mvm *mvm,
@@ -398,6 +460,17 @@ void iwl_mvm_sta_drained_wk(struct work_struct *wk)
398 } 460 }
399 RCU_INIT_POINTER(mvm->fw_id_to_mac_id[sta_id], NULL); 461 RCU_INIT_POINTER(mvm->fw_id_to_mac_id[sta_id], NULL);
400 clear_bit(sta_id, mvm->sta_drained); 462 clear_bit(sta_id, mvm->sta_drained);
463
464 if (mvm->tfd_drained[sta_id]) {
465 unsigned long i, msk = mvm->tfd_drained[sta_id];
466
467 for_each_set_bit(i, &msk, sizeof(msk))
468 iwl_mvm_disable_txq(mvm, i);
469
470 mvm->tfd_drained[sta_id] = 0;
471 IWL_DEBUG_TDLS(mvm, "Drained sta %d, with queues %ld\n",
472 sta_id, msk);
473 }
401 } 474 }
402 475
403 mutex_unlock(&mvm->mutex); 476 mutex_unlock(&mvm->mutex);
@@ -431,6 +504,15 @@ int iwl_mvm_rm_sta(struct iwl_mvm *mvm,
431 } 504 }
432 505
433 /* 506 /*
507 * This shouldn't happen - the TDLS channel switch should be canceled
508 * before the STA is removed.
509 */
510 if (WARN_ON_ONCE(mvm->tdls_cs.peer.sta_id == mvm_sta->sta_id)) {
511 mvm->tdls_cs.peer.sta_id = IWL_MVM_STATION_COUNT;
512 cancel_delayed_work(&mvm->tdls_cs.dwork);
513 }
514
515 /*
434 * Make sure that the tx response code sees the station as -EBUSY and 516 * Make sure that the tx response code sees the station as -EBUSY and
435 * calls the drain worker. 517 * calls the drain worker.
436 */ 518 */
@@ -443,9 +525,22 @@ int iwl_mvm_rm_sta(struct iwl_mvm *mvm,
443 rcu_assign_pointer(mvm->fw_id_to_mac_id[mvm_sta->sta_id], 525 rcu_assign_pointer(mvm->fw_id_to_mac_id[mvm_sta->sta_id],
444 ERR_PTR(-EBUSY)); 526 ERR_PTR(-EBUSY));
445 spin_unlock_bh(&mvm_sta->lock); 527 spin_unlock_bh(&mvm_sta->lock);
528
529 /* disable TDLS sta queues on drain complete */
530 if (sta->tdls) {
531 mvm->tfd_drained[mvm_sta->sta_id] =
532 mvm_sta->tfd_queue_msk;
533 IWL_DEBUG_TDLS(mvm, "Draining TDLS sta %d\n",
534 mvm_sta->sta_id);
535 }
536
446 ret = iwl_mvm_drain_sta(mvm, mvm_sta, true); 537 ret = iwl_mvm_drain_sta(mvm, mvm_sta, true);
447 } else { 538 } else {
448 spin_unlock_bh(&mvm_sta->lock); 539 spin_unlock_bh(&mvm_sta->lock);
540
541 if (sta->tdls)
542 iwl_mvm_tdls_sta_deinit(mvm, sta);
543
449 ret = iwl_mvm_rm_sta_common(mvm, mvm_sta->sta_id); 544 ret = iwl_mvm_rm_sta_common(mvm, mvm_sta->sta_id);
450 RCU_INIT_POINTER(mvm->fw_id_to_mac_id[mvm_sta->sta_id], NULL); 545 RCU_INIT_POINTER(mvm->fw_id_to_mac_id[mvm_sta->sta_id], NULL);
451 } 546 }
@@ -1071,15 +1166,16 @@ static u8 iwl_mvm_get_key_sta_id(struct ieee80211_vif *vif,
1071 1166
1072static int iwl_mvm_send_sta_key(struct iwl_mvm *mvm, 1167static int iwl_mvm_send_sta_key(struct iwl_mvm *mvm,
1073 struct iwl_mvm_sta *mvm_sta, 1168 struct iwl_mvm_sta *mvm_sta,
1074 struct ieee80211_key_conf *keyconf, 1169 struct ieee80211_key_conf *keyconf, bool mcast,
1075 u8 sta_id, u32 tkip_iv32, u16 *tkip_p1k, 1170 u32 tkip_iv32, u16 *tkip_p1k, u32 cmd_flags)
1076 u32 cmd_flags)
1077{ 1171{
1078 struct iwl_mvm_add_sta_key_cmd cmd = {}; 1172 struct iwl_mvm_add_sta_key_cmd cmd = {};
1079 __le16 key_flags; 1173 __le16 key_flags;
1080 int ret, status; 1174 int ret;
1175 u32 status;
1081 u16 keyidx; 1176 u16 keyidx;
1082 int i; 1177 int i;
1178 u8 sta_id = mvm_sta->sta_id;
1083 1179
1084 keyidx = (keyconf->keyidx << STA_KEY_FLG_KEYID_POS) & 1180 keyidx = (keyconf->keyidx << STA_KEY_FLG_KEYID_POS) &
1085 STA_KEY_FLG_KEYID_MSK; 1181 STA_KEY_FLG_KEYID_MSK;
@@ -1098,12 +1194,18 @@ static int iwl_mvm_send_sta_key(struct iwl_mvm *mvm,
1098 key_flags |= cpu_to_le16(STA_KEY_FLG_CCM); 1194 key_flags |= cpu_to_le16(STA_KEY_FLG_CCM);
1099 memcpy(cmd.key, keyconf->key, keyconf->keylen); 1195 memcpy(cmd.key, keyconf->key, keyconf->keylen);
1100 break; 1196 break;
1197 case WLAN_CIPHER_SUITE_WEP104:
1198 key_flags |= cpu_to_le16(STA_KEY_FLG_WEP_13BYTES);
1199 case WLAN_CIPHER_SUITE_WEP40:
1200 key_flags |= cpu_to_le16(STA_KEY_FLG_WEP);
1201 memcpy(cmd.key + 3, keyconf->key, keyconf->keylen);
1202 break;
1101 default: 1203 default:
1102 key_flags |= cpu_to_le16(STA_KEY_FLG_EXT); 1204 key_flags |= cpu_to_le16(STA_KEY_FLG_EXT);
1103 memcpy(cmd.key, keyconf->key, keyconf->keylen); 1205 memcpy(cmd.key, keyconf->key, keyconf->keylen);
1104 } 1206 }
1105 1207
1106 if (!(keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE)) 1208 if (mcast)
1107 key_flags |= cpu_to_le16(STA_KEY_MULTICAST); 1209 key_flags |= cpu_to_le16(STA_KEY_MULTICAST);
1108 1210
1109 cmd.key_offset = keyconf->hw_key_idx; 1211 cmd.key_offset = keyconf->hw_key_idx;
@@ -1195,17 +1297,88 @@ static inline u8 *iwl_mvm_get_mac_addr(struct iwl_mvm *mvm,
1195 return NULL; 1297 return NULL;
1196} 1298}
1197 1299
1300static int __iwl_mvm_set_sta_key(struct iwl_mvm *mvm,
1301 struct ieee80211_vif *vif,
1302 struct ieee80211_sta *sta,
1303 struct ieee80211_key_conf *keyconf,
1304 bool mcast)
1305{
1306 struct iwl_mvm_sta *mvm_sta = iwl_mvm_sta_from_mac80211(sta);
1307 int ret;
1308 const u8 *addr;
1309 struct ieee80211_key_seq seq;
1310 u16 p1k[5];
1311
1312 switch (keyconf->cipher) {
1313 case WLAN_CIPHER_SUITE_TKIP:
1314 addr = iwl_mvm_get_mac_addr(mvm, vif, sta);
1315 /* get phase 1 key from mac80211 */
1316 ieee80211_get_key_rx_seq(keyconf, 0, &seq);
1317 ieee80211_get_tkip_rx_p1k(keyconf, addr, seq.tkip.iv32, p1k);
1318 ret = iwl_mvm_send_sta_key(mvm, mvm_sta, keyconf, mcast,
1319 seq.tkip.iv32, p1k, 0);
1320 break;
1321 case WLAN_CIPHER_SUITE_CCMP:
1322 case WLAN_CIPHER_SUITE_WEP40:
1323 case WLAN_CIPHER_SUITE_WEP104:
1324 ret = iwl_mvm_send_sta_key(mvm, mvm_sta, keyconf, mcast,
1325 0, NULL, 0);
1326 break;
1327 default:
1328 ret = iwl_mvm_send_sta_key(mvm, mvm_sta, keyconf, mcast,
1329 0, NULL, 0);
1330 }
1331
1332 return ret;
1333}
1334
1335static int __iwl_mvm_remove_sta_key(struct iwl_mvm *mvm, u8 sta_id,
1336 struct ieee80211_key_conf *keyconf,
1337 bool mcast)
1338{
1339 struct iwl_mvm_add_sta_key_cmd cmd = {};
1340 __le16 key_flags;
1341 int ret;
1342 u32 status;
1343
1344 key_flags = cpu_to_le16((keyconf->keyidx << STA_KEY_FLG_KEYID_POS) &
1345 STA_KEY_FLG_KEYID_MSK);
1346 key_flags |= cpu_to_le16(STA_KEY_FLG_NO_ENC | STA_KEY_FLG_WEP_KEY_MAP);
1347 key_flags |= cpu_to_le16(STA_KEY_NOT_VALID);
1348
1349 if (mcast)
1350 key_flags |= cpu_to_le16(STA_KEY_MULTICAST);
1351
1352 cmd.key_flags = key_flags;
1353 cmd.key_offset = keyconf->hw_key_idx;
1354 cmd.sta_id = sta_id;
1355
1356 status = ADD_STA_SUCCESS;
1357 ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA_KEY, sizeof(cmd),
1358 &cmd, &status);
1359
1360 switch (status) {
1361 case ADD_STA_SUCCESS:
1362 IWL_DEBUG_WEP(mvm, "MODIFY_STA: remove sta key passed\n");
1363 break;
1364 default:
1365 ret = -EIO;
1366 IWL_ERR(mvm, "MODIFY_STA: remove sta key failed\n");
1367 break;
1368 }
1369
1370 return ret;
1371}
1372
1198int iwl_mvm_set_sta_key(struct iwl_mvm *mvm, 1373int iwl_mvm_set_sta_key(struct iwl_mvm *mvm,
1199 struct ieee80211_vif *vif, 1374 struct ieee80211_vif *vif,
1200 struct ieee80211_sta *sta, 1375 struct ieee80211_sta *sta,
1201 struct ieee80211_key_conf *keyconf, 1376 struct ieee80211_key_conf *keyconf,
1202 bool have_key_offset) 1377 bool have_key_offset)
1203{ 1378{
1204 struct iwl_mvm_sta *mvm_sta; 1379 bool mcast = !(keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE);
1380 u8 sta_id;
1205 int ret; 1381 int ret;
1206 u8 *addr, sta_id;
1207 struct ieee80211_key_seq seq;
1208 u16 p1k[5];
1209 1382
1210 lockdep_assert_held(&mvm->mutex); 1383 lockdep_assert_held(&mvm->mutex);
1211 1384
@@ -1234,8 +1407,7 @@ int iwl_mvm_set_sta_key(struct iwl_mvm *mvm,
1234 } 1407 }
1235 } 1408 }
1236 1409
1237 mvm_sta = (struct iwl_mvm_sta *)sta->drv_priv; 1410 if (WARN_ON_ONCE(iwl_mvm_sta_from_mac80211(sta)->vif != vif))
1238 if (WARN_ON_ONCE(mvm_sta->vif != vif))
1239 return -EINVAL; 1411 return -EINVAL;
1240 1412
1241 if (!have_key_offset) { 1413 if (!have_key_offset) {
@@ -1249,26 +1421,26 @@ int iwl_mvm_set_sta_key(struct iwl_mvm *mvm,
1249 return -ENOSPC; 1421 return -ENOSPC;
1250 } 1422 }
1251 1423
1252 switch (keyconf->cipher) { 1424 ret = __iwl_mvm_set_sta_key(mvm, vif, sta, keyconf, mcast);
1253 case WLAN_CIPHER_SUITE_TKIP: 1425 if (ret) {
1254 addr = iwl_mvm_get_mac_addr(mvm, vif, sta); 1426 __clear_bit(keyconf->hw_key_idx, mvm->fw_key_table);
1255 /* get phase 1 key from mac80211 */ 1427 goto end;
1256 ieee80211_get_key_rx_seq(keyconf, 0, &seq);
1257 ieee80211_get_tkip_rx_p1k(keyconf, addr, seq.tkip.iv32, p1k);
1258 ret = iwl_mvm_send_sta_key(mvm, mvm_sta, keyconf, sta_id,
1259 seq.tkip.iv32, p1k, 0);
1260 break;
1261 case WLAN_CIPHER_SUITE_CCMP:
1262 ret = iwl_mvm_send_sta_key(mvm, mvm_sta, keyconf, sta_id,
1263 0, NULL, 0);
1264 break;
1265 default:
1266 ret = iwl_mvm_send_sta_key(mvm, mvm_sta, keyconf,
1267 sta_id, 0, NULL, 0);
1268 } 1428 }
1269 1429
1270 if (ret) 1430 /*
1271 __clear_bit(keyconf->hw_key_idx, mvm->fw_key_table); 1431 * For WEP, the same key is used for multicast and unicast. Upload it
1432 * again, using the same key offset, and now pointing the other one
1433 * to the same key slot (offset).
1434 * If this fails, remove the original as well.
1435 */
1436 if (keyconf->cipher == WLAN_CIPHER_SUITE_WEP40 ||
1437 keyconf->cipher == WLAN_CIPHER_SUITE_WEP104) {
1438 ret = __iwl_mvm_set_sta_key(mvm, vif, sta, keyconf, !mcast);
1439 if (ret) {
1440 __clear_bit(keyconf->hw_key_idx, mvm->fw_key_table);
1441 __iwl_mvm_remove_sta_key(mvm, sta_id, keyconf, mcast);
1442 }
1443 }
1272 1444
1273end: 1445end:
1274 IWL_DEBUG_WEP(mvm, "key: cipher=%x len=%d idx=%d sta=%pM ret=%d\n", 1446 IWL_DEBUG_WEP(mvm, "key: cipher=%x len=%d idx=%d sta=%pM ret=%d\n",
@@ -1282,11 +1454,9 @@ int iwl_mvm_remove_sta_key(struct iwl_mvm *mvm,
1282 struct ieee80211_sta *sta, 1454 struct ieee80211_sta *sta,
1283 struct ieee80211_key_conf *keyconf) 1455 struct ieee80211_key_conf *keyconf)
1284{ 1456{
1285 struct iwl_mvm_sta *mvm_sta; 1457 bool mcast = !(keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE);
1286 struct iwl_mvm_add_sta_key_cmd cmd = {};
1287 __le16 key_flags;
1288 int ret, status;
1289 u8 sta_id; 1458 u8 sta_id;
1459 int ret;
1290 1460
1291 lockdep_assert_held(&mvm->mutex); 1461 lockdep_assert_held(&mvm->mutex);
1292 1462
@@ -1299,8 +1469,7 @@ int iwl_mvm_remove_sta_key(struct iwl_mvm *mvm,
1299 if (keyconf->cipher == WLAN_CIPHER_SUITE_AES_CMAC) 1469 if (keyconf->cipher == WLAN_CIPHER_SUITE_AES_CMAC)
1300 return iwl_mvm_send_sta_igtk(mvm, keyconf, sta_id, true); 1470 return iwl_mvm_send_sta_igtk(mvm, keyconf, sta_id, true);
1301 1471
1302 ret = __test_and_clear_bit(keyconf->hw_key_idx, mvm->fw_key_table); 1472 if (!__test_and_clear_bit(keyconf->hw_key_idx, mvm->fw_key_table)) {
1303 if (!ret) {
1304 IWL_ERR(mvm, "offset %d not used in fw key table.\n", 1473 IWL_ERR(mvm, "offset %d not used in fw key table.\n",
1305 keyconf->hw_key_idx); 1474 keyconf->hw_key_idx);
1306 return -ENOENT; 1475 return -ENOENT;
@@ -1326,35 +1495,17 @@ int iwl_mvm_remove_sta_key(struct iwl_mvm *mvm,
1326 } 1495 }
1327 } 1496 }
1328 1497
1329 mvm_sta = (struct iwl_mvm_sta *)sta->drv_priv; 1498 if (WARN_ON_ONCE(iwl_mvm_sta_from_mac80211(sta)->vif != vif))
1330 if (WARN_ON_ONCE(mvm_sta->vif != vif))
1331 return -EINVAL; 1499 return -EINVAL;
1332 1500
1333 key_flags = cpu_to_le16((keyconf->keyidx << STA_KEY_FLG_KEYID_POS) & 1501 ret = __iwl_mvm_remove_sta_key(mvm, sta_id, keyconf, mcast);
1334 STA_KEY_FLG_KEYID_MSK); 1502 if (ret)
1335 key_flags |= cpu_to_le16(STA_KEY_FLG_NO_ENC | STA_KEY_FLG_WEP_KEY_MAP); 1503 return ret;
1336 key_flags |= cpu_to_le16(STA_KEY_NOT_VALID);
1337
1338 if (!(keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE))
1339 key_flags |= cpu_to_le16(STA_KEY_MULTICAST);
1340
1341 cmd.key_flags = key_flags;
1342 cmd.key_offset = keyconf->hw_key_idx;
1343 cmd.sta_id = sta_id;
1344
1345 status = ADD_STA_SUCCESS;
1346 ret = iwl_mvm_send_cmd_pdu_status(mvm, ADD_STA_KEY, sizeof(cmd),
1347 &cmd, &status);
1348 1504
1349 switch (status) { 1505 /* delete WEP key twice to get rid of (now useless) offset */
1350 case ADD_STA_SUCCESS: 1506 if (keyconf->cipher == WLAN_CIPHER_SUITE_WEP40 ||
1351 IWL_DEBUG_WEP(mvm, "MODIFY_STA: remove sta key passed\n"); 1507 keyconf->cipher == WLAN_CIPHER_SUITE_WEP104)
1352 break; 1508 ret = __iwl_mvm_remove_sta_key(mvm, sta_id, keyconf, !mcast);
1353 default:
1354 ret = -EIO;
1355 IWL_ERR(mvm, "MODIFY_STA: remove sta key failed\n");
1356 break;
1357 }
1358 1509
1359 return ret; 1510 return ret;
1360} 1511}
@@ -1367,6 +1518,7 @@ void iwl_mvm_update_tkip_key(struct iwl_mvm *mvm,
1367{ 1518{
1368 struct iwl_mvm_sta *mvm_sta; 1519 struct iwl_mvm_sta *mvm_sta;
1369 u8 sta_id = iwl_mvm_get_key_sta_id(vif, sta); 1520 u8 sta_id = iwl_mvm_get_key_sta_id(vif, sta);
1521 bool mcast = !(keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE);
1370 1522
1371 if (WARN_ON_ONCE(sta_id == IWL_MVM_STATION_COUNT)) 1523 if (WARN_ON_ONCE(sta_id == IWL_MVM_STATION_COUNT))
1372 return; 1524 return;
@@ -1381,8 +1533,8 @@ void iwl_mvm_update_tkip_key(struct iwl_mvm *mvm,
1381 } 1533 }
1382 } 1534 }
1383 1535
1384 mvm_sta = (void *)sta->drv_priv; 1536 mvm_sta = iwl_mvm_sta_from_mac80211(sta);
1385 iwl_mvm_send_sta_key(mvm, mvm_sta, keyconf, sta_id, 1537 iwl_mvm_send_sta_key(mvm, mvm_sta, keyconf, mcast,
1386 iv32, phase1key, CMD_ASYNC); 1538 iv32, phase1key, CMD_ASYNC);
1387 rcu_read_unlock(); 1539 rcu_read_unlock();
1388} 1540}
@@ -1580,3 +1732,18 @@ void iwl_mvm_modify_all_sta_disable_tx(struct iwl_mvm *mvm,
1580 iwl_mvm_sta_modify_disable_tx_ap(mvm, sta, disable); 1732 iwl_mvm_sta_modify_disable_tx_ap(mvm, sta, disable);
1581 } 1733 }
1582} 1734}
1735
1736void iwl_mvm_csa_client_absent(struct iwl_mvm *mvm, struct ieee80211_vif *vif)
1737{
1738 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
1739 struct iwl_mvm_sta *mvmsta;
1740
1741 rcu_read_lock();
1742
1743 mvmsta = iwl_mvm_sta_from_staid_rcu(mvm, mvmvif->ap_sta_id);
1744
1745 if (!WARN_ON(!mvmsta))
1746 iwl_mvm_sta_modify_disable_tx(mvm, mvmsta, true);
1747
1748 rcu_read_unlock();
1749}
diff --git a/drivers/net/wireless/iwlwifi/mvm/sta.h b/drivers/net/wireless/iwlwifi/mvm/sta.h
index d9c0d7b0e9d4..d8f48975ad08 100644
--- a/drivers/net/wireless/iwlwifi/mvm/sta.h
+++ b/drivers/net/wireless/iwlwifi/mvm/sta.h
@@ -264,6 +264,7 @@ enum iwl_mvm_agg_state {
264 * the first packet to be sent in legacy HW queue in Tx AGG stop flow. 264 * the first packet to be sent in legacy HW queue in Tx AGG stop flow.
265 * Basically when next_reclaimed reaches ssn, we can tell mac80211 that 265 * Basically when next_reclaimed reaches ssn, we can tell mac80211 that
266 * we are ready to finish the Tx AGG stop / start flow. 266 * we are ready to finish the Tx AGG stop / start flow.
267 * @tx_time: medium time consumed by this A-MPDU
267 */ 268 */
268struct iwl_mvm_tid_data { 269struct iwl_mvm_tid_data {
269 u16 seq_number; 270 u16 seq_number;
@@ -274,6 +275,7 @@ struct iwl_mvm_tid_data {
274 enum iwl_mvm_agg_state state; 275 enum iwl_mvm_agg_state state;
275 u16 txq_id; 276 u16 txq_id;
276 u16 ssn; 277 u16 ssn;
278 u16 tx_time;
277}; 279};
278 280
279static inline u16 iwl_mvm_tid_queued(struct iwl_mvm_tid_data *tid_data) 281static inline u16 iwl_mvm_tid_queued(struct iwl_mvm_tid_data *tid_data)
@@ -286,6 +288,7 @@ static inline u16 iwl_mvm_tid_queued(struct iwl_mvm_tid_data *tid_data)
286 * struct iwl_mvm_sta - representation of a station in the driver 288 * struct iwl_mvm_sta - representation of a station in the driver
287 * @sta_id: the index of the station in the fw (will be replaced by id_n_color) 289 * @sta_id: the index of the station in the fw (will be replaced by id_n_color)
288 * @tfd_queue_msk: the tfd queues used by the station 290 * @tfd_queue_msk: the tfd queues used by the station
291 * @hw_queue: per-AC mapping of the TFD queues used by station
289 * @mac_id_n_color: the MAC context this station is linked to 292 * @mac_id_n_color: the MAC context this station is linked to
290 * @tid_disable_agg: bitmap: if bit(tid) is set, the fw won't send ampdus for 293 * @tid_disable_agg: bitmap: if bit(tid) is set, the fw won't send ampdus for
291 * tid. 294 * tid.
@@ -309,6 +312,7 @@ static inline u16 iwl_mvm_tid_queued(struct iwl_mvm_tid_data *tid_data)
309struct iwl_mvm_sta { 312struct iwl_mvm_sta {
310 u32 sta_id; 313 u32 sta_id;
311 u32 tfd_queue_msk; 314 u32 tfd_queue_msk;
315 u8 hw_queue[IEEE80211_NUM_ACS];
312 u32 mac_id_n_color; 316 u32 mac_id_n_color;
313 u16 tid_disable_agg; 317 u16 tid_disable_agg;
314 u8 max_agg_bufsize; 318 u8 max_agg_bufsize;
@@ -418,5 +422,6 @@ void iwl_mvm_sta_modify_disable_tx_ap(struct iwl_mvm *mvm,
418void iwl_mvm_modify_all_sta_disable_tx(struct iwl_mvm *mvm, 422void iwl_mvm_modify_all_sta_disable_tx(struct iwl_mvm *mvm,
419 struct iwl_mvm_vif *mvmvif, 423 struct iwl_mvm_vif *mvmvif,
420 bool disable); 424 bool disable);
425void iwl_mvm_csa_client_absent(struct iwl_mvm *mvm, struct ieee80211_vif *vif);
421 426
422#endif /* __sta_h__ */ 427#endif /* __sta_h__ */
diff --git a/drivers/net/wireless/iwlwifi/mvm/tdls.c b/drivers/net/wireless/iwlwifi/mvm/tdls.c
index 66c82df2d0a1..c0e00bae5bd0 100644
--- a/drivers/net/wireless/iwlwifi/mvm/tdls.c
+++ b/drivers/net/wireless/iwlwifi/mvm/tdls.c
@@ -61,9 +61,13 @@
61 * 61 *
62 *****************************************************************************/ 62 *****************************************************************************/
63 63
64#include <linux/etherdevice.h>
64#include "mvm.h" 65#include "mvm.h"
65#include "time-event.h" 66#include "time-event.h"
66 67
68#define TU_TO_US(x) (x * 1024)
69#define TU_TO_MS(x) (TU_TO_US(x) / 1000)
70
67void iwl_mvm_teardown_tdls_peers(struct iwl_mvm *mvm) 71void iwl_mvm_teardown_tdls_peers(struct iwl_mvm *mvm)
68{ 72{
69 struct ieee80211_sta *sta; 73 struct ieee80211_sta *sta;
@@ -113,17 +117,85 @@ int iwl_mvm_tdls_sta_count(struct iwl_mvm *mvm, struct ieee80211_vif *vif)
113 return count; 117 return count;
114} 118}
115 119
120static void iwl_mvm_tdls_config(struct iwl_mvm *mvm, struct ieee80211_vif *vif)
121{
122 struct iwl_rx_packet *pkt;
123 struct iwl_tdls_config_res *resp;
124 struct iwl_tdls_config_cmd tdls_cfg_cmd = {};
125 struct iwl_host_cmd cmd = {
126 .id = TDLS_CONFIG_CMD,
127 .flags = CMD_WANT_SKB,
128 .data = { &tdls_cfg_cmd, },
129 .len = { sizeof(struct iwl_tdls_config_cmd), },
130 };
131 struct ieee80211_sta *sta;
132 int ret, i, cnt;
133 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
134
135 lockdep_assert_held(&mvm->mutex);
136
137 tdls_cfg_cmd.id_and_color =
138 cpu_to_le32(FW_CMD_ID_AND_COLOR(mvmvif->id, mvmvif->color));
139 tdls_cfg_cmd.tx_to_ap_tid = IWL_MVM_TDLS_FW_TID;
140 tdls_cfg_cmd.tx_to_ap_ssn = cpu_to_le16(0); /* not used for now */
141
142 /* for now the Tx cmd is empty and unused */
143
144 /* populate TDLS peer data */
145 cnt = 0;
146 for (i = 0; i < IWL_MVM_STATION_COUNT; i++) {
147 sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[i],
148 lockdep_is_held(&mvm->mutex));
149 if (IS_ERR_OR_NULL(sta) || !sta->tdls)
150 continue;
151
152 tdls_cfg_cmd.sta_info[cnt].sta_id = i;
153 tdls_cfg_cmd.sta_info[cnt].tx_to_peer_tid =
154 IWL_MVM_TDLS_FW_TID;
155 tdls_cfg_cmd.sta_info[cnt].tx_to_peer_ssn = cpu_to_le16(0);
156 tdls_cfg_cmd.sta_info[cnt].is_initiator =
157 cpu_to_le32(sta->tdls_initiator ? 1 : 0);
158
159 cnt++;
160 }
161
162 tdls_cfg_cmd.tdls_peer_count = cnt;
163 IWL_DEBUG_TDLS(mvm, "send TDLS config to FW for %d peers\n", cnt);
164
165 ret = iwl_mvm_send_cmd(mvm, &cmd);
166 if (WARN_ON_ONCE(ret))
167 return;
168
169 pkt = cmd.resp_pkt;
170 if (pkt->hdr.flags & IWL_CMD_FAILED_MSK) {
171 IWL_ERR(mvm, "Bad return from TDLS_CONFIG_COMMAND (0x%08X)\n",
172 pkt->hdr.flags);
173 goto exit;
174 }
175
176 if (WARN_ON_ONCE(iwl_rx_packet_payload_len(pkt) != sizeof(*resp)))
177 goto exit;
178
179 /* we don't really care about the response at this point */
180
181exit:
182 iwl_free_resp(&cmd);
183}
184
116void iwl_mvm_recalc_tdls_state(struct iwl_mvm *mvm, struct ieee80211_vif *vif, 185void iwl_mvm_recalc_tdls_state(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
117 bool sta_added) 186 bool sta_added)
118{ 187{
119 int tdls_sta_cnt = iwl_mvm_tdls_sta_count(mvm, vif); 188 int tdls_sta_cnt = iwl_mvm_tdls_sta_count(mvm, vif);
120 189
121 /* 190 /* when the first peer joins, send a power update first */
122 * Disable ps when the first TDLS sta is added and re-enable it 191 if (tdls_sta_cnt == 1 && sta_added)
123 * when the last TDLS sta is removed 192 iwl_mvm_power_update_mac(mvm);
124 */ 193
125 if ((tdls_sta_cnt == 1 && sta_added) || 194 /* configure the FW with TDLS peer info */
126 (tdls_sta_cnt == 0 && !sta_added)) 195 iwl_mvm_tdls_config(mvm, vif);
196
197 /* when the last peer leaves, send a power update last */
198 if (tdls_sta_cnt == 0 && !sta_added)
127 iwl_mvm_power_update_mac(mvm); 199 iwl_mvm_power_update_mac(mvm);
128} 200}
129 201
@@ -147,3 +219,488 @@ void iwl_mvm_mac_mgd_protect_tdls_discover(struct ieee80211_hw *hw,
147 219
148 iwl_mvm_unref(mvm, IWL_MVM_REF_PROTECT_TDLS); 220 iwl_mvm_unref(mvm, IWL_MVM_REF_PROTECT_TDLS);
149} 221}
222
223static const char *
224iwl_mvm_tdls_cs_state_str(enum iwl_mvm_tdls_cs_state state)
225{
226 switch (state) {
227 case IWL_MVM_TDLS_SW_IDLE:
228 return "IDLE";
229 case IWL_MVM_TDLS_SW_REQ_SENT:
230 return "REQ SENT";
231 case IWL_MVM_TDLS_SW_REQ_RCVD:
232 return "REQ RECEIVED";
233 case IWL_MVM_TDLS_SW_ACTIVE:
234 return "ACTIVE";
235 }
236
237 return NULL;
238}
239
240static void iwl_mvm_tdls_update_cs_state(struct iwl_mvm *mvm,
241 enum iwl_mvm_tdls_cs_state state)
242{
243 if (mvm->tdls_cs.state == state)
244 return;
245
246 IWL_DEBUG_TDLS(mvm, "TDLS channel switch state: %s -> %s\n",
247 iwl_mvm_tdls_cs_state_str(mvm->tdls_cs.state),
248 iwl_mvm_tdls_cs_state_str(state));
249 mvm->tdls_cs.state = state;
250
251 if (state == IWL_MVM_TDLS_SW_IDLE)
252 mvm->tdls_cs.cur_sta_id = IWL_MVM_STATION_COUNT;
253}
254
255int iwl_mvm_rx_tdls_notif(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb,
256 struct iwl_device_cmd *cmd)
257{
258 struct iwl_rx_packet *pkt = rxb_addr(rxb);
259 struct iwl_tdls_channel_switch_notif *notif = (void *)pkt->data;
260 struct ieee80211_sta *sta;
261 unsigned int delay;
262 struct iwl_mvm_sta *mvmsta;
263 struct ieee80211_vif *vif;
264 u32 sta_id = le32_to_cpu(notif->sta_id);
265
266 lockdep_assert_held(&mvm->mutex);
267
268 /* can fail sometimes */
269 if (!le32_to_cpu(notif->status)) {
270 iwl_mvm_tdls_update_cs_state(mvm, IWL_MVM_TDLS_SW_IDLE);
271 goto out;
272 }
273
274 if (WARN_ON(sta_id >= IWL_MVM_STATION_COUNT))
275 goto out;
276
277 sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[sta_id],
278 lockdep_is_held(&mvm->mutex));
279 /* the station may not be here, but if it is, it must be a TDLS peer */
280 if (IS_ERR_OR_NULL(sta) || WARN_ON(!sta->tdls))
281 goto out;
282
283 mvmsta = iwl_mvm_sta_from_mac80211(sta);
284 vif = mvmsta->vif;
285
286 /*
287 * Update state and possibly switch again after this is over (DTIM).
288 * Also convert TU to msec.
289 */
290 delay = TU_TO_MS(vif->bss_conf.dtim_period * vif->bss_conf.beacon_int);
291 mod_delayed_work(system_wq, &mvm->tdls_cs.dwork,
292 msecs_to_jiffies(delay));
293
294 iwl_mvm_tdls_update_cs_state(mvm, IWL_MVM_TDLS_SW_ACTIVE);
295
296out:
297 return 0;
298}
299
300static int
301iwl_mvm_tdls_check_action(struct iwl_mvm *mvm,
302 enum iwl_tdls_channel_switch_type type,
303 const u8 *peer, bool peer_initiator)
304{
305 bool same_peer = false;
306 int ret = 0;
307
308 /* get the existing peer if it's there */
309 if (mvm->tdls_cs.state != IWL_MVM_TDLS_SW_IDLE &&
310 mvm->tdls_cs.cur_sta_id != IWL_MVM_STATION_COUNT) {
311 struct ieee80211_sta *sta = rcu_dereference_protected(
312 mvm->fw_id_to_mac_id[mvm->tdls_cs.cur_sta_id],
313 lockdep_is_held(&mvm->mutex));
314 if (!IS_ERR_OR_NULL(sta))
315 same_peer = ether_addr_equal(peer, sta->addr);
316 }
317
318 switch (mvm->tdls_cs.state) {
319 case IWL_MVM_TDLS_SW_IDLE:
320 /*
321 * might be spurious packet from the peer after the switch is
322 * already done
323 */
324 if (type == TDLS_MOVE_CH)
325 ret = -EINVAL;
326 break;
327 case IWL_MVM_TDLS_SW_REQ_SENT:
328 /*
329 * We received a ch-switch request while an outgoing one is
330 * pending. Allow it to proceed if the other peer is the same
331 * one we sent to, and we are not the link initiator.
332 */
333 if (type == TDLS_SEND_CHAN_SW_RESP_AND_MOVE_CH) {
334 if (!same_peer)
335 ret = -EBUSY;
336 else if (!peer_initiator) /* we are the initiator */
337 ret = -EBUSY;
338 }
339 break;
340 case IWL_MVM_TDLS_SW_REQ_RCVD:
341 /* as above, allow the link initiator to proceed */
342 if (type == TDLS_SEND_CHAN_SW_REQ) {
343 if (!same_peer)
344 ret = -EBUSY;
345 else if (peer_initiator) /* they are the initiator */
346 ret = -EBUSY;
347 } else if (type == TDLS_MOVE_CH) {
348 ret = -EINVAL;
349 }
350 break;
351 case IWL_MVM_TDLS_SW_ACTIVE:
352 /* we don't allow initiations during active channel switch */
353 if (type == TDLS_SEND_CHAN_SW_REQ)
354 ret = -EINVAL;
355 break;
356 }
357
358 if (ret)
359 IWL_DEBUG_TDLS(mvm,
360 "Invalid TDLS action %d state %d peer %pM same_peer %d initiator %d\n",
361 type, mvm->tdls_cs.state, peer, same_peer,
362 peer_initiator);
363
364 return ret;
365}
366
367static int
368iwl_mvm_tdls_config_channel_switch(struct iwl_mvm *mvm,
369 struct ieee80211_vif *vif,
370 enum iwl_tdls_channel_switch_type type,
371 const u8 *peer, bool peer_initiator,
372 u8 oper_class,
373 struct cfg80211_chan_def *chandef,
374 u32 timestamp, u16 switch_time,
375 u16 switch_timeout, struct sk_buff *skb,
376 u32 ch_sw_tm_ie)
377{
378 struct ieee80211_sta *sta;
379 struct iwl_mvm_sta *mvmsta;
380 struct ieee80211_tx_info *info;
381 struct ieee80211_hdr *hdr;
382 struct iwl_tdls_channel_switch_cmd cmd = {0};
383 int ret;
384
385 lockdep_assert_held(&mvm->mutex);
386
387 ret = iwl_mvm_tdls_check_action(mvm, type, peer, peer_initiator);
388 if (ret)
389 return ret;
390
391 if (!skb || WARN_ON(skb->len > IWL_TDLS_CH_SW_FRAME_MAX_SIZE)) {
392 ret = -EINVAL;
393 goto out;
394 }
395
396 cmd.switch_type = type;
397 cmd.timing.frame_timestamp = cpu_to_le32(timestamp);
398 cmd.timing.switch_time = cpu_to_le32(switch_time);
399 cmd.timing.switch_timeout = cpu_to_le32(switch_timeout);
400
401 rcu_read_lock();
402 sta = ieee80211_find_sta(vif, peer);
403 if (!sta) {
404 rcu_read_unlock();
405 ret = -ENOENT;
406 goto out;
407 }
408 mvmsta = iwl_mvm_sta_from_mac80211(sta);
409 cmd.peer_sta_id = cpu_to_le32(mvmsta->sta_id);
410
411 if (!chandef) {
412 if (mvm->tdls_cs.state == IWL_MVM_TDLS_SW_REQ_SENT &&
413 mvm->tdls_cs.peer.chandef.chan) {
414 /* actually moving to the channel */
415 chandef = &mvm->tdls_cs.peer.chandef;
416 } else if (mvm->tdls_cs.state == IWL_MVM_TDLS_SW_ACTIVE &&
417 type == TDLS_MOVE_CH) {
418 /* we need to return to base channel */
419 struct ieee80211_chanctx_conf *chanctx =
420 rcu_dereference(vif->chanctx_conf);
421
422 if (WARN_ON_ONCE(!chanctx)) {
423 rcu_read_unlock();
424 goto out;
425 }
426
427 chandef = &chanctx->def;
428 }
429 }
430
431 if (chandef) {
432 cmd.ci.band = (chandef->chan->band == IEEE80211_BAND_2GHZ ?
433 PHY_BAND_24 : PHY_BAND_5);
434 cmd.ci.channel = chandef->chan->hw_value;
435 cmd.ci.width = iwl_mvm_get_channel_width(chandef);
436 cmd.ci.ctrl_pos = iwl_mvm_get_ctrl_pos(chandef);
437 }
438
439 /* keep quota calculation simple for now - 50% of DTIM for TDLS */
440 cmd.timing.max_offchan_duration =
441 cpu_to_le32(TU_TO_US(vif->bss_conf.dtim_period *
442 vif->bss_conf.beacon_int) / 2);
443
444 /* Switch time is the first element in the switch-timing IE. */
445 cmd.frame.switch_time_offset = cpu_to_le32(ch_sw_tm_ie + 2);
446
447 info = IEEE80211_SKB_CB(skb);
448 if (info->control.hw_key)
449 iwl_mvm_set_tx_cmd_crypto(mvm, info, &cmd.frame.tx_cmd, skb);
450
451 iwl_mvm_set_tx_cmd(mvm, skb, &cmd.frame.tx_cmd, info,
452 mvmsta->sta_id);
453
454 hdr = (void *)skb->data;
455 iwl_mvm_set_tx_cmd_rate(mvm, &cmd.frame.tx_cmd, info, sta,
456 hdr->frame_control);
457 rcu_read_unlock();
458
459 memcpy(cmd.frame.data, skb->data, skb->len);
460
461 ret = iwl_mvm_send_cmd_pdu(mvm, TDLS_CHANNEL_SWITCH_CMD, 0,
462 sizeof(cmd), &cmd);
463 if (ret) {
464 IWL_ERR(mvm, "Failed to send TDLS_CHANNEL_SWITCH cmd: %d\n",
465 ret);
466 goto out;
467 }
468
469 /* channel switch has started, update state */
470 if (type != TDLS_MOVE_CH) {
471 mvm->tdls_cs.cur_sta_id = mvmsta->sta_id;
472 iwl_mvm_tdls_update_cs_state(mvm,
473 type == TDLS_SEND_CHAN_SW_REQ ?
474 IWL_MVM_TDLS_SW_REQ_SENT :
475 IWL_MVM_TDLS_SW_REQ_RCVD);
476 }
477
478out:
479
480 /* channel switch failed - we are idle */
481 if (ret)
482 iwl_mvm_tdls_update_cs_state(mvm, IWL_MVM_TDLS_SW_IDLE);
483
484 return ret;
485}
486
487void iwl_mvm_tdls_ch_switch_work(struct work_struct *work)
488{
489 struct iwl_mvm *mvm;
490 struct ieee80211_sta *sta;
491 struct iwl_mvm_sta *mvmsta;
492 struct ieee80211_vif *vif;
493 unsigned int delay;
494 int ret;
495
496 mvm = container_of(work, struct iwl_mvm, tdls_cs.dwork.work);
497 mutex_lock(&mvm->mutex);
498
499 /* called after an active channel switch has finished or timed-out */
500 iwl_mvm_tdls_update_cs_state(mvm, IWL_MVM_TDLS_SW_IDLE);
501
502 /* station might be gone, in that case do nothing */
503 if (mvm->tdls_cs.peer.sta_id == IWL_MVM_STATION_COUNT)
504 goto out;
505
506 sta = rcu_dereference_protected(
507 mvm->fw_id_to_mac_id[mvm->tdls_cs.peer.sta_id],
508 lockdep_is_held(&mvm->mutex));
509 /* the station may not be here, but if it is, it must be a TDLS peer */
510 if (!sta || IS_ERR(sta) || WARN_ON(!sta->tdls))
511 goto out;
512
513 mvmsta = iwl_mvm_sta_from_mac80211(sta);
514 vif = mvmsta->vif;
515 ret = iwl_mvm_tdls_config_channel_switch(mvm, vif,
516 TDLS_SEND_CHAN_SW_REQ,
517 sta->addr,
518 mvm->tdls_cs.peer.initiator,
519 mvm->tdls_cs.peer.op_class,
520 &mvm->tdls_cs.peer.chandef,
521 0, 0, 0,
522 mvm->tdls_cs.peer.skb,
523 mvm->tdls_cs.peer.ch_sw_tm_ie);
524 if (ret)
525 IWL_ERR(mvm, "Not sending TDLS channel switch: %d\n", ret);
526
527 /* retry after a DTIM if we failed sending now */
528 delay = TU_TO_MS(vif->bss_conf.dtim_period * vif->bss_conf.beacon_int);
529 queue_delayed_work(system_wq, &mvm->tdls_cs.dwork,
530 msecs_to_jiffies(delay));
531out:
532 mutex_unlock(&mvm->mutex);
533}
534
535int
536iwl_mvm_tdls_channel_switch(struct ieee80211_hw *hw,
537 struct ieee80211_vif *vif,
538 struct ieee80211_sta *sta, u8 oper_class,
539 struct cfg80211_chan_def *chandef,
540 struct sk_buff *tmpl_skb, u32 ch_sw_tm_ie)
541{
542 struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
543 struct iwl_mvm_sta *mvmsta;
544 unsigned int delay;
545 int ret;
546
547 mutex_lock(&mvm->mutex);
548
549 IWL_DEBUG_TDLS(mvm, "TDLS channel switch with %pM ch %d width %d\n",
550 sta->addr, chandef->chan->center_freq, chandef->width);
551
552 /* we only support a single peer for channel switching */
553 if (mvm->tdls_cs.peer.sta_id != IWL_MVM_STATION_COUNT) {
554 IWL_DEBUG_TDLS(mvm,
555 "Existing peer. Can't start switch with %pM\n",
556 sta->addr);
557 ret = -EBUSY;
558 goto out;
559 }
560
561 ret = iwl_mvm_tdls_config_channel_switch(mvm, vif,
562 TDLS_SEND_CHAN_SW_REQ,
563 sta->addr, sta->tdls_initiator,
564 oper_class, chandef, 0, 0, 0,
565 tmpl_skb, ch_sw_tm_ie);
566 if (ret)
567 goto out;
568
569 /*
570 * Mark the peer as "in tdls switch" for this vif. We only allow a
571 * single such peer per vif.
572 */
573 mvm->tdls_cs.peer.skb = skb_copy(tmpl_skb, GFP_KERNEL);
574 if (!mvm->tdls_cs.peer.skb) {
575 ret = -ENOMEM;
576 goto out;
577 }
578
579 mvmsta = iwl_mvm_sta_from_mac80211(sta);
580 mvm->tdls_cs.peer.sta_id = mvmsta->sta_id;
581 mvm->tdls_cs.peer.chandef = *chandef;
582 mvm->tdls_cs.peer.initiator = sta->tdls_initiator;
583 mvm->tdls_cs.peer.op_class = oper_class;
584 mvm->tdls_cs.peer.ch_sw_tm_ie = ch_sw_tm_ie;
585
586 /*
587 * Wait for 2 DTIM periods before attempting the next switch. The next
588 * switch will be made sooner if the current one completes before that.
589 */
590 delay = 2 * TU_TO_MS(vif->bss_conf.dtim_period *
591 vif->bss_conf.beacon_int);
592 mod_delayed_work(system_wq, &mvm->tdls_cs.dwork,
593 msecs_to_jiffies(delay));
594
595out:
596 mutex_unlock(&mvm->mutex);
597 return ret;
598}
599
600void iwl_mvm_tdls_cancel_channel_switch(struct ieee80211_hw *hw,
601 struct ieee80211_vif *vif,
602 struct ieee80211_sta *sta)
603{
604 struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
605 struct ieee80211_sta *cur_sta;
606 bool wait_for_phy = false;
607
608 mutex_lock(&mvm->mutex);
609
610 IWL_DEBUG_TDLS(mvm, "TDLS cancel channel switch with %pM\n", sta->addr);
611
612 /* we only support a single peer for channel switching */
613 if (mvm->tdls_cs.peer.sta_id == IWL_MVM_STATION_COUNT) {
614 IWL_DEBUG_TDLS(mvm, "No ch switch peer - %pM\n", sta->addr);
615 goto out;
616 }
617
618 cur_sta = rcu_dereference_protected(
619 mvm->fw_id_to_mac_id[mvm->tdls_cs.peer.sta_id],
620 lockdep_is_held(&mvm->mutex));
621 /* make sure it's the same peer */
622 if (cur_sta != sta)
623 goto out;
624
625 /*
626 * If we're currently in a switch because of the now canceled peer,
627 * wait a DTIM here to make sure the phy is back on the base channel.
628 * We can't otherwise force it.
629 */
630 if (mvm->tdls_cs.cur_sta_id == mvm->tdls_cs.peer.sta_id &&
631 mvm->tdls_cs.state != IWL_MVM_TDLS_SW_IDLE)
632 wait_for_phy = true;
633
634 mvm->tdls_cs.peer.sta_id = IWL_MVM_STATION_COUNT;
635 dev_kfree_skb(mvm->tdls_cs.peer.skb);
636 mvm->tdls_cs.peer.skb = NULL;
637
638out:
639 mutex_unlock(&mvm->mutex);
640
641 /* make sure the phy is on the base channel */
642 if (wait_for_phy)
643 msleep(TU_TO_MS(vif->bss_conf.dtim_period *
644 vif->bss_conf.beacon_int));
645
646 /* flush the channel switch state */
647 flush_delayed_work(&mvm->tdls_cs.dwork);
648
649 IWL_DEBUG_TDLS(mvm, "TDLS ending channel switch with %pM\n", sta->addr);
650}
651
652void
653iwl_mvm_tdls_recv_channel_switch(struct ieee80211_hw *hw,
654 struct ieee80211_vif *vif,
655 struct ieee80211_tdls_ch_sw_params *params)
656{
657 struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
658 enum iwl_tdls_channel_switch_type type;
659 unsigned int delay;
660
661 mutex_lock(&mvm->mutex);
662
663 IWL_DEBUG_TDLS(mvm,
664 "Received TDLS ch switch action %d from %pM status %d\n",
665 params->action_code, params->sta->addr, params->status);
666
667 /*
668 * we got a non-zero status from a peer we were switching to - move to
669 * the idle state and retry again later
670 */
671 if (params->action_code == WLAN_TDLS_CHANNEL_SWITCH_RESPONSE &&
672 params->status != 0 &&
673 mvm->tdls_cs.state == IWL_MVM_TDLS_SW_REQ_SENT &&
674 mvm->tdls_cs.cur_sta_id != IWL_MVM_STATION_COUNT) {
675 struct ieee80211_sta *cur_sta;
676
677 /* make sure it's the same peer */
678 cur_sta = rcu_dereference_protected(
679 mvm->fw_id_to_mac_id[mvm->tdls_cs.cur_sta_id],
680 lockdep_is_held(&mvm->mutex));
681 if (cur_sta == params->sta) {
682 iwl_mvm_tdls_update_cs_state(mvm,
683 IWL_MVM_TDLS_SW_IDLE);
684 goto retry;
685 }
686 }
687
688 type = (params->action_code == WLAN_TDLS_CHANNEL_SWITCH_REQUEST) ?
689 TDLS_SEND_CHAN_SW_RESP_AND_MOVE_CH : TDLS_MOVE_CH;
690
691 iwl_mvm_tdls_config_channel_switch(mvm, vif, type, params->sta->addr,
692 params->sta->tdls_initiator, 0,
693 params->chandef, params->timestamp,
694 params->switch_time,
695 params->switch_timeout,
696 params->tmpl_skb,
697 params->ch_sw_tm_ie);
698
699retry:
700 /* register a timeout in case we don't succeed in switching */
701 delay = vif->bss_conf.dtim_period * vif->bss_conf.beacon_int *
702 1024 / 1000;
703 mod_delayed_work(system_wq, &mvm->tdls_cs.dwork,
704 msecs_to_jiffies(delay));
705 mutex_unlock(&mvm->mutex);
706}
diff --git a/drivers/net/wireless/iwlwifi/mvm/time-event.c b/drivers/net/wireless/iwlwifi/mvm/time-event.c
index 6dfad230be5e..54fafbf9a711 100644
--- a/drivers/net/wireless/iwlwifi/mvm/time-event.c
+++ b/drivers/net/wireless/iwlwifi/mvm/time-event.c
@@ -191,6 +191,35 @@ static bool iwl_mvm_te_check_disconnect(struct iwl_mvm *mvm,
191 return true; 191 return true;
192} 192}
193 193
194static void
195iwl_mvm_te_handle_notify_csa(struct iwl_mvm *mvm,
196 struct iwl_mvm_time_event_data *te_data,
197 struct iwl_time_event_notif *notif)
198{
199 if (!le32_to_cpu(notif->status)) {
200 IWL_DEBUG_TE(mvm, "CSA time event failed to start\n");
201 iwl_mvm_te_clear_data(mvm, te_data);
202 return;
203 }
204
205 switch (te_data->vif->type) {
206 case NL80211_IFTYPE_AP:
207 iwl_mvm_csa_noa_start(mvm);
208 break;
209 case NL80211_IFTYPE_STATION:
210 iwl_mvm_csa_client_absent(mvm, te_data->vif);
211 ieee80211_chswitch_done(te_data->vif, true);
212 break;
213 default:
214 /* should never happen */
215 WARN_ON_ONCE(1);
216 break;
217 }
218
219 /* we don't need it anymore */
220 iwl_mvm_te_clear_data(mvm, te_data);
221}
222
194/* 223/*
195 * Handles a FW notification for an event that is known to the driver. 224 * Handles a FW notification for an event that is known to the driver.
196 * 225 *
@@ -252,14 +281,8 @@ static void iwl_mvm_te_handle_notif(struct iwl_mvm *mvm,
252 set_bit(IWL_MVM_STATUS_ROC_RUNNING, &mvm->status); 281 set_bit(IWL_MVM_STATUS_ROC_RUNNING, &mvm->status);
253 iwl_mvm_ref(mvm, IWL_MVM_REF_ROC); 282 iwl_mvm_ref(mvm, IWL_MVM_REF_ROC);
254 ieee80211_ready_on_channel(mvm->hw); 283 ieee80211_ready_on_channel(mvm->hw);
255 } else if (te_data->vif->type == NL80211_IFTYPE_AP) { 284 } else if (te_data->id == TE_CHANNEL_SWITCH_PERIOD) {
256 if (le32_to_cpu(notif->status)) 285 iwl_mvm_te_handle_notify_csa(mvm, te_data, notif);
257 iwl_mvm_csa_noa_start(mvm);
258 else
259 IWL_DEBUG_TE(mvm, "CSA NOA failed to start\n");
260
261 /* we don't need it anymore */
262 iwl_mvm_te_clear_data(mvm, te_data);
263 } 286 }
264 } else { 287 } else {
265 IWL_WARN(mvm, "Got TE with unknown action\n"); 288 IWL_WARN(mvm, "Got TE with unknown action\n");
@@ -549,18 +572,11 @@ void iwl_mvm_protect_session(struct iwl_mvm *mvm,
549 } 572 }
550} 573}
551 574
552/* 575static bool __iwl_mvm_remove_time_event(struct iwl_mvm *mvm,
553 * Explicit request to remove a time event. The removal of a time event needs to 576 struct iwl_mvm_time_event_data *te_data,
554 * be synchronized with the flow of a time event's end notification, which also 577 u32 *uid)
555 * removes the time event from the op mode data structures.
556 */
557void iwl_mvm_remove_time_event(struct iwl_mvm *mvm,
558 struct iwl_mvm_vif *mvmvif,
559 struct iwl_mvm_time_event_data *te_data)
560{ 578{
561 struct iwl_time_event_cmd time_cmd = {}; 579 u32 id;
562 u32 id, uid;
563 int ret;
564 580
565 /* 581 /*
566 * It is possible that by the time we got to this point the time 582 * It is possible that by the time we got to this point the time
@@ -569,7 +585,7 @@ void iwl_mvm_remove_time_event(struct iwl_mvm *mvm,
569 spin_lock_bh(&mvm->time_event_lock); 585 spin_lock_bh(&mvm->time_event_lock);
570 586
571 /* Save time event uid before clearing its data */ 587 /* Save time event uid before clearing its data */
572 uid = te_data->uid; 588 *uid = te_data->uid;
573 id = te_data->id; 589 id = te_data->id;
574 590
575 /* 591 /*
@@ -584,10 +600,59 @@ void iwl_mvm_remove_time_event(struct iwl_mvm *mvm,
584 * send a removal command. 600 * send a removal command.
585 */ 601 */
586 if (id == TE_MAX) { 602 if (id == TE_MAX) {
587 IWL_DEBUG_TE(mvm, "TE 0x%x has already ended\n", uid); 603 IWL_DEBUG_TE(mvm, "TE 0x%x has already ended\n", *uid);
588 return; 604 return false;
589 } 605 }
590 606
607 return true;
608}
609
610/*
611 * Explicit request to remove a aux roc time event. The removal of a time
612 * event needs to be synchronized with the flow of a time event's end
613 * notification, which also removes the time event from the op mode
614 * data structures.
615 */
616static void iwl_mvm_remove_aux_roc_te(struct iwl_mvm *mvm,
617 struct iwl_mvm_vif *mvmvif,
618 struct iwl_mvm_time_event_data *te_data)
619{
620 struct iwl_hs20_roc_req aux_cmd = {};
621 u32 uid;
622 int ret;
623
624 if (!__iwl_mvm_remove_time_event(mvm, te_data, &uid))
625 return;
626
627 aux_cmd.event_unique_id = cpu_to_le32(uid);
628 aux_cmd.action = cpu_to_le32(FW_CTXT_ACTION_REMOVE);
629 aux_cmd.id_and_color =
630 cpu_to_le32(FW_CMD_ID_AND_COLOR(mvmvif->id, mvmvif->color));
631 IWL_DEBUG_TE(mvm, "Removing BSS AUX ROC TE 0x%x\n",
632 le32_to_cpu(aux_cmd.event_unique_id));
633 ret = iwl_mvm_send_cmd_pdu(mvm, HOT_SPOT_CMD, 0,
634 sizeof(aux_cmd), &aux_cmd);
635
636 if (WARN_ON(ret))
637 return;
638}
639
640/*
641 * Explicit request to remove a time event. The removal of a time event needs to
642 * be synchronized with the flow of a time event's end notification, which also
643 * removes the time event from the op mode data structures.
644 */
645void iwl_mvm_remove_time_event(struct iwl_mvm *mvm,
646 struct iwl_mvm_vif *mvmvif,
647 struct iwl_mvm_time_event_data *te_data)
648{
649 struct iwl_time_event_cmd time_cmd = {};
650 u32 uid;
651 int ret;
652
653 if (!__iwl_mvm_remove_time_event(mvm, te_data, &uid))
654 return;
655
591 /* When we remove a TE, the UID is to be set in the id field */ 656 /* When we remove a TE, the UID is to be set in the id field */
592 time_cmd.id = cpu_to_le32(uid); 657 time_cmd.id = cpu_to_le32(uid);
593 time_cmd.action = cpu_to_le32(FW_CTXT_ACTION_REMOVE); 658 time_cmd.action = cpu_to_le32(FW_CTXT_ACTION_REMOVE);
@@ -666,13 +731,17 @@ int iwl_mvm_start_p2p_roc(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
666 return iwl_mvm_time_event_send_add(mvm, vif, te_data, &time_cmd); 731 return iwl_mvm_time_event_send_add(mvm, vif, te_data, &time_cmd);
667} 732}
668 733
669void iwl_mvm_stop_p2p_roc(struct iwl_mvm *mvm) 734void iwl_mvm_stop_roc(struct iwl_mvm *mvm)
670{ 735{
671 struct iwl_mvm_vif *mvmvif; 736 struct iwl_mvm_vif *mvmvif;
672 struct iwl_mvm_time_event_data *te_data; 737 struct iwl_mvm_time_event_data *te_data;
738 bool is_p2p = false;
673 739
674 lockdep_assert_held(&mvm->mutex); 740 lockdep_assert_held(&mvm->mutex);
675 741
742 mvmvif = NULL;
743 spin_lock_bh(&mvm->time_event_lock);
744
676 /* 745 /*
677 * Iterate over the list of time events and find the time event that is 746 * Iterate over the list of time events and find the time event that is
678 * associated with a P2P_DEVICE interface. 747 * associated with a P2P_DEVICE interface.
@@ -680,22 +749,41 @@ void iwl_mvm_stop_p2p_roc(struct iwl_mvm *mvm)
680 * event at any given time and this time event coresponds to a ROC 749 * event at any given time and this time event coresponds to a ROC
681 * request 750 * request
682 */ 751 */
683 mvmvif = NULL;
684 spin_lock_bh(&mvm->time_event_lock);
685 list_for_each_entry(te_data, &mvm->time_event_list, list) { 752 list_for_each_entry(te_data, &mvm->time_event_list, list) {
686 if (te_data->vif->type == NL80211_IFTYPE_P2P_DEVICE) { 753 if (te_data->vif->type == NL80211_IFTYPE_P2P_DEVICE &&
754 te_data->running) {
687 mvmvif = iwl_mvm_vif_from_mac80211(te_data->vif); 755 mvmvif = iwl_mvm_vif_from_mac80211(te_data->vif);
688 break; 756 is_p2p = true;
757 goto remove_te;
689 } 758 }
690 } 759 }
760
761 /*
762 * Iterate over the list of aux roc time events and find the time
763 * event that is associated with a BSS interface.
764 * This assumes that a BSS interface can have only a single time
765 * event at any given time and this time event coresponds to a ROC
766 * request
767 */
768 list_for_each_entry(te_data, &mvm->aux_roc_te_list, list) {
769 if (te_data->running) {
770 mvmvif = iwl_mvm_vif_from_mac80211(te_data->vif);
771 goto remove_te;
772 }
773 }
774
775remove_te:
691 spin_unlock_bh(&mvm->time_event_lock); 776 spin_unlock_bh(&mvm->time_event_lock);
692 777
693 if (!mvmvif) { 778 if (!mvmvif) {
694 IWL_WARN(mvm, "P2P_DEVICE no remain on channel event\n"); 779 IWL_WARN(mvm, "No remain on channel event\n");
695 return; 780 return;
696 } 781 }
697 782
698 iwl_mvm_remove_time_event(mvm, mvmvif, te_data); 783 if (is_p2p)
784 iwl_mvm_remove_time_event(mvm, mvmvif, te_data);
785 else
786 iwl_mvm_remove_aux_roc_te(mvm, mvmvif, te_data);
699 787
700 iwl_mvm_roc_finished(mvm); 788 iwl_mvm_roc_finished(mvm);
701} 789}
diff --git a/drivers/net/wireless/iwlwifi/mvm/time-event.h b/drivers/net/wireless/iwlwifi/mvm/time-event.h
index b350e47e19da..6f6b35db3ab8 100644
--- a/drivers/net/wireless/iwlwifi/mvm/time-event.h
+++ b/drivers/net/wireless/iwlwifi/mvm/time-event.h
@@ -182,14 +182,14 @@ int iwl_mvm_start_p2p_roc(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
182 int duration, enum ieee80211_roc_type type); 182 int duration, enum ieee80211_roc_type type);
183 183
184/** 184/**
185 * iwl_mvm_stop_p2p_roc - stop remain on channel for p2p device functionlity 185 * iwl_mvm_stop_roc - stop remain on channel functionality
186 * @mvm: the mvm component 186 * @mvm: the mvm component
187 * 187 *
188 * This function can be used to cancel an ongoing ROC session. 188 * This function can be used to cancel an ongoing ROC session.
189 * The function is async, it will instruct the FW to stop serving the ROC 189 * The function is async, it will instruct the FW to stop serving the ROC
190 * session, but will not wait for the actual stopping of the session. 190 * session, but will not wait for the actual stopping of the session.
191 */ 191 */
192void iwl_mvm_stop_p2p_roc(struct iwl_mvm *mvm); 192void iwl_mvm_stop_roc(struct iwl_mvm *mvm);
193 193
194/** 194/**
195 * iwl_mvm_remove_time_event - general function to clean up of time event 195 * iwl_mvm_remove_time_event - general function to clean up of time event
diff --git a/drivers/net/wireless/iwlwifi/mvm/tt.c b/drivers/net/wireless/iwlwifi/mvm/tt.c
index d4f2c29025c7..2b1e61fac34a 100644
--- a/drivers/net/wireless/iwlwifi/mvm/tt.c
+++ b/drivers/net/wireless/iwlwifi/mvm/tt.c
@@ -95,32 +95,81 @@ static void iwl_mvm_exit_ctkill(struct iwl_mvm *mvm)
95 iwl_mvm_set_hw_ctkill_state(mvm, false); 95 iwl_mvm_set_hw_ctkill_state(mvm, false);
96} 96}
97 97
98static bool iwl_mvm_temp_notif(struct iwl_notif_wait_data *notif_wait, 98void iwl_mvm_tt_temp_changed(struct iwl_mvm *mvm, u32 temp)
99 struct iwl_rx_packet *pkt, void *data) 99{
100 /* ignore the notification if we are in test mode */
101 if (mvm->temperature_test)
102 return;
103
104 if (mvm->temperature == temp)
105 return;
106
107 mvm->temperature = temp;
108 iwl_mvm_tt_handler(mvm);
109}
110
111static int iwl_mvm_temp_notif_parse(struct iwl_mvm *mvm,
112 struct iwl_rx_packet *pkt)
100{ 113{
101 struct iwl_mvm *mvm =
102 container_of(notif_wait, struct iwl_mvm, notif_wait);
103 int *temp = data;
104 struct iwl_dts_measurement_notif *notif; 114 struct iwl_dts_measurement_notif *notif;
105 int len = iwl_rx_packet_payload_len(pkt); 115 int len = iwl_rx_packet_payload_len(pkt);
116 int temp;
106 117
107 if (WARN_ON_ONCE(len != sizeof(*notif))) { 118 if (WARN_ON_ONCE(len != sizeof(*notif))) {
108 IWL_ERR(mvm, "Invalid DTS_MEASUREMENT_NOTIFICATION\n"); 119 IWL_ERR(mvm, "Invalid DTS_MEASUREMENT_NOTIFICATION\n");
109 return true; 120 return -EINVAL;
110 } 121 }
111 122
112 notif = (void *)pkt->data; 123 notif = (void *)pkt->data;
113 124
114 *temp = le32_to_cpu(notif->temp); 125 temp = le32_to_cpu(notif->temp);
115 126
116 /* shouldn't be negative, but since it's s32, make sure it isn't */ 127 /* shouldn't be negative, but since it's s32, make sure it isn't */
117 if (WARN_ON_ONCE(*temp < 0)) 128 if (WARN_ON_ONCE(temp < 0))
118 *temp = 0; 129 temp = 0;
130
131 IWL_DEBUG_TEMP(mvm, "DTS_MEASUREMENT_NOTIFICATION - %d\n", temp);
132
133 return temp;
134}
135
136static bool iwl_mvm_temp_notif_wait(struct iwl_notif_wait_data *notif_wait,
137 struct iwl_rx_packet *pkt, void *data)
138{
139 struct iwl_mvm *mvm =
140 container_of(notif_wait, struct iwl_mvm, notif_wait);
141 int *temp = data;
142 int ret;
143
144 ret = iwl_mvm_temp_notif_parse(mvm, pkt);
145 if (ret < 0)
146 return true;
147
148 *temp = ret;
119 149
120 IWL_DEBUG_TEMP(mvm, "DTS_MEASUREMENT_NOTIFICATION - %d\n", *temp);
121 return true; 150 return true;
122} 151}
123 152
153int iwl_mvm_temp_notif(struct iwl_mvm *mvm,
154 struct iwl_rx_cmd_buffer *rxb,
155 struct iwl_device_cmd *cmd)
156{
157 struct iwl_rx_packet *pkt = rxb_addr(rxb);
158 int temp;
159
160 /* the notification is handled synchronously in ctkill, so skip here */
161 if (test_bit(IWL_MVM_STATUS_HW_CTKILL, &mvm->status))
162 return 0;
163
164 temp = iwl_mvm_temp_notif_parse(mvm, pkt);
165 if (temp < 0)
166 return 0;
167
168 iwl_mvm_tt_temp_changed(mvm, temp);
169
170 return 0;
171}
172
124static int iwl_mvm_get_temp_cmd(struct iwl_mvm *mvm) 173static int iwl_mvm_get_temp_cmd(struct iwl_mvm *mvm)
125{ 174{
126 struct iwl_dts_measurement_cmd cmd = { 175 struct iwl_dts_measurement_cmd cmd = {
@@ -141,7 +190,7 @@ int iwl_mvm_get_temp(struct iwl_mvm *mvm)
141 190
142 iwl_init_notification_wait(&mvm->notif_wait, &wait_temp_notif, 191 iwl_init_notification_wait(&mvm->notif_wait, &wait_temp_notif,
143 temp_notif, ARRAY_SIZE(temp_notif), 192 temp_notif, ARRAY_SIZE(temp_notif),
144 iwl_mvm_temp_notif, &temp); 193 iwl_mvm_temp_notif_wait, &temp);
145 194
146 ret = iwl_mvm_get_temp_cmd(mvm); 195 ret = iwl_mvm_get_temp_cmd(mvm);
147 if (ret) { 196 if (ret) {
diff --git a/drivers/net/wireless/iwlwifi/mvm/tx.c b/drivers/net/wireless/iwlwifi/mvm/tx.c
index 8d848735cdb8..4f15d9decc81 100644
--- a/drivers/net/wireless/iwlwifi/mvm/tx.c
+++ b/drivers/net/wireless/iwlwifi/mvm/tx.c
@@ -73,9 +73,9 @@
73/* 73/*
74 * Sets most of the Tx cmd's fields 74 * Sets most of the Tx cmd's fields
75 */ 75 */
76static void iwl_mvm_set_tx_cmd(struct iwl_mvm *mvm, struct sk_buff *skb, 76void iwl_mvm_set_tx_cmd(struct iwl_mvm *mvm, struct sk_buff *skb,
77 struct iwl_tx_cmd *tx_cmd, 77 struct iwl_tx_cmd *tx_cmd,
78 struct ieee80211_tx_info *info, u8 sta_id) 78 struct ieee80211_tx_info *info, u8 sta_id)
79{ 79{
80 struct ieee80211_hdr *hdr = (void *)skb->data; 80 struct ieee80211_hdr *hdr = (void *)skb->data;
81 __le16 fc = hdr->frame_control; 81 __le16 fc = hdr->frame_control;
@@ -149,11 +149,9 @@ static void iwl_mvm_set_tx_cmd(struct iwl_mvm *mvm, struct sk_buff *skb,
149/* 149/*
150 * Sets the fields in the Tx cmd that are rate related 150 * Sets the fields in the Tx cmd that are rate related
151 */ 151 */
152static void iwl_mvm_set_tx_cmd_rate(struct iwl_mvm *mvm, 152void iwl_mvm_set_tx_cmd_rate(struct iwl_mvm *mvm, struct iwl_tx_cmd *tx_cmd,
153 struct iwl_tx_cmd *tx_cmd, 153 struct ieee80211_tx_info *info,
154 struct ieee80211_tx_info *info, 154 struct ieee80211_sta *sta, __le16 fc)
155 struct ieee80211_sta *sta,
156 __le16 fc)
157{ 155{
158 u32 rate_flags; 156 u32 rate_flags;
159 int rate_idx; 157 int rate_idx;
@@ -232,10 +230,10 @@ static void iwl_mvm_set_tx_cmd_rate(struct iwl_mvm *mvm,
232/* 230/*
233 * Sets the fields in the Tx cmd that are crypto related 231 * Sets the fields in the Tx cmd that are crypto related
234 */ 232 */
235static void iwl_mvm_set_tx_cmd_crypto(struct iwl_mvm *mvm, 233void iwl_mvm_set_tx_cmd_crypto(struct iwl_mvm *mvm,
236 struct ieee80211_tx_info *info, 234 struct ieee80211_tx_info *info,
237 struct iwl_tx_cmd *tx_cmd, 235 struct iwl_tx_cmd *tx_cmd,
238 struct sk_buff *skb_frag) 236 struct sk_buff *skb_frag)
239{ 237{
240 struct ieee80211_key_conf *keyconf = info->control.hw_key; 238 struct ieee80211_key_conf *keyconf = info->control.hw_key;
241 239
@@ -426,6 +424,13 @@ int iwl_mvm_tx_skb(struct iwl_mvm *mvm, struct sk_buff *skb,
426 424
427 WARN_ON_ONCE(info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM); 425 WARN_ON_ONCE(info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM);
428 426
427 if (sta->tdls) {
428 /* default to TID 0 for non-QoS packets */
429 u8 tdls_tid = tid == IWL_MAX_TID_COUNT ? 0 : tid;
430
431 txq_id = mvmsta->hw_queue[tid_to_mac80211_ac[tdls_tid]];
432 }
433
429 if (is_ampdu) { 434 if (is_ampdu) {
430 if (WARN_ON_ONCE(mvmsta->tid_data[tid].state != IWL_AGG_ON)) 435 if (WARN_ON_ONCE(mvmsta->tid_data[tid].state != IWL_AGG_ON))
431 goto drop_unlock_sta; 436 goto drop_unlock_sta;
@@ -660,6 +665,12 @@ static void iwl_mvm_rx_tx_cmd_single(struct iwl_mvm *mvm,
660 seq_ctl = le16_to_cpu(hdr->seq_ctrl); 665 seq_ctl = le16_to_cpu(hdr->seq_ctrl);
661 } 666 }
662 667
668 /*
669 * TODO: this is not accurate if we are freeing more than one
670 * packet.
671 */
672 info->status.tx_time =
673 le16_to_cpu(tx_resp->wireless_media_time);
663 BUILD_BUG_ON(ARRAY_SIZE(info->status.status_driver_data) < 1); 674 BUILD_BUG_ON(ARRAY_SIZE(info->status.status_driver_data) < 1);
664 info->status.status_driver_data[0] = 675 info->status.status_driver_data[0] =
665 (void *)(uintptr_t)tx_resp->reduced_tpc; 676 (void *)(uintptr_t)tx_resp->reduced_tpc;
@@ -852,6 +863,8 @@ static void iwl_mvm_rx_tx_cmd_agg(struct iwl_mvm *mvm,
852 mvmsta->tid_data[tid].rate_n_flags = 863 mvmsta->tid_data[tid].rate_n_flags =
853 le32_to_cpu(tx_resp->initial_rate); 864 le32_to_cpu(tx_resp->initial_rate);
854 mvmsta->tid_data[tid].reduced_tpc = tx_resp->reduced_tpc; 865 mvmsta->tid_data[tid].reduced_tpc = tx_resp->reduced_tpc;
866 mvmsta->tid_data[tid].tx_time =
867 le16_to_cpu(tx_resp->wireless_media_time);
855 } 868 }
856 869
857 rcu_read_unlock(); 870 rcu_read_unlock();
@@ -880,6 +893,8 @@ static void iwl_mvm_tx_info_from_ba_notif(struct ieee80211_tx_info *info,
880 info->status.ampdu_len = ba_notif->txed; 893 info->status.ampdu_len = ba_notif->txed;
881 iwl_mvm_hwrate_to_tx_status(tid_data->rate_n_flags, 894 iwl_mvm_hwrate_to_tx_status(tid_data->rate_n_flags,
882 info); 895 info);
896 /* TODO: not accounted if the whole A-MPDU failed */
897 info->status.tx_time = tid_data->tx_time;
883 info->status.status_driver_data[0] = 898 info->status.status_driver_data[0] =
884 (void *)(uintptr_t)tid_data->reduced_tpc; 899 (void *)(uintptr_t)tid_data->reduced_tpc;
885} 900}
diff --git a/drivers/net/wireless/iwlwifi/pcie/drv.c b/drivers/net/wireless/iwlwifi/pcie/drv.c
index 6ced8549eb3a..3ee8e3848876 100644
--- a/drivers/net/wireless/iwlwifi/pcie/drv.c
+++ b/drivers/net/wireless/iwlwifi/pcie/drv.c
@@ -499,6 +499,7 @@ static void set_dflt_pwr_limit(struct iwl_trans *trans, struct pci_dev *pdev) {}
499static int iwl_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent) 499static int iwl_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
500{ 500{
501 const struct iwl_cfg *cfg = (struct iwl_cfg *)(ent->driver_data); 501 const struct iwl_cfg *cfg = (struct iwl_cfg *)(ent->driver_data);
502 const struct iwl_cfg *cfg_7265d __maybe_unused = NULL;
502 struct iwl_trans *iwl_trans; 503 struct iwl_trans *iwl_trans;
503 struct iwl_trans_pcie *trans_pcie; 504 struct iwl_trans_pcie *trans_pcie;
504 int ret; 505 int ret;
@@ -507,6 +508,25 @@ static int iwl_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
507 if (IS_ERR(iwl_trans)) 508 if (IS_ERR(iwl_trans))
508 return PTR_ERR(iwl_trans); 509 return PTR_ERR(iwl_trans);
509 510
511#if IS_ENABLED(CONFIG_IWLMVM)
512 /*
513 * special-case 7265D, it has the same PCI IDs.
514 *
515 * Note that because we already pass the cfg to the transport above,
516 * all the parameters that the transport uses must, until that is
517 * changed, be identical to the ones in the 7265D configuration.
518 */
519 if (cfg == &iwl7265_2ac_cfg)
520 cfg_7265d = &iwl7265d_2ac_cfg;
521 else if (cfg == &iwl7265_2n_cfg)
522 cfg_7265d = &iwl7265d_2n_cfg;
523 else if (cfg == &iwl7265_n_cfg)
524 cfg_7265d = &iwl7265d_n_cfg;
525 if (cfg_7265d &&
526 (iwl_trans->hw_rev & CSR_HW_REV_TYPE_MSK) == CSR_HW_REV_TYPE_7265D)
527 cfg = cfg_7265d;
528#endif
529
510 pci_set_drvdata(pdev, iwl_trans); 530 pci_set_drvdata(pdev, iwl_trans);
511 531
512 trans_pcie = IWL_TRANS_GET_PCIE_TRANS(iwl_trans); 532 trans_pcie = IWL_TRANS_GET_PCIE_TRANS(iwl_trans);
diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c
index ea8efed25c6a..5d79a1f44b8e 100644
--- a/drivers/net/wireless/iwlwifi/pcie/trans.c
+++ b/drivers/net/wireless/iwlwifi/pcie/trans.c
@@ -78,6 +78,11 @@
78#include "iwl-agn-hw.h" 78#include "iwl-agn-hw.h"
79#include "iwl-fw-error-dump.h" 79#include "iwl-fw-error-dump.h"
80#include "internal.h" 80#include "internal.h"
81#include "iwl-fh.h"
82
83/* extended range in FW SRAM */
84#define IWL_FW_MEM_EXTENDED_START 0x40000
85#define IWL_FW_MEM_EXTENDED_END 0x57FFF
81 86
82static void iwl_pcie_free_fw_monitor(struct iwl_trans *trans) 87static void iwl_pcie_free_fw_monitor(struct iwl_trans *trans)
83{ 88{
@@ -512,6 +517,9 @@ static int iwl_pcie_set_hw_ready(struct iwl_trans *trans)
512 CSR_HW_IF_CONFIG_REG_BIT_NIC_READY, 517 CSR_HW_IF_CONFIG_REG_BIT_NIC_READY,
513 HW_READY_TIMEOUT); 518 HW_READY_TIMEOUT);
514 519
520 if (ret >= 0)
521 iwl_set_bit(trans, CSR_MBOX_SET_REG, CSR_MBOX_SET_REG_OS_ALIVE);
522
515 IWL_DEBUG_INFO(trans, "hardware%s ready\n", ret < 0 ? " not" : ""); 523 IWL_DEBUG_INFO(trans, "hardware%s ready\n", ret < 0 ? " not" : "");
516 return ret; 524 return ret;
517} 525}
@@ -624,14 +632,28 @@ static int iwl_pcie_load_section(struct iwl_trans *trans, u8 section_num,
624 } 632 }
625 633
626 for (offset = 0; offset < section->len; offset += chunk_sz) { 634 for (offset = 0; offset < section->len; offset += chunk_sz) {
627 u32 copy_size; 635 u32 copy_size, dst_addr;
636 bool extended_addr = false;
628 637
629 copy_size = min_t(u32, chunk_sz, section->len - offset); 638 copy_size = min_t(u32, chunk_sz, section->len - offset);
639 dst_addr = section->offset + offset;
640
641 if (dst_addr >= IWL_FW_MEM_EXTENDED_START &&
642 dst_addr <= IWL_FW_MEM_EXTENDED_END)
643 extended_addr = true;
644
645 if (extended_addr)
646 iwl_set_bits_prph(trans, LMPM_CHICK,
647 LMPM_CHICK_EXTENDED_ADDR_SPACE);
630 648
631 memcpy(v_addr, (u8 *)section->data + offset, copy_size); 649 memcpy(v_addr, (u8 *)section->data + offset, copy_size);
632 ret = iwl_pcie_load_firmware_chunk(trans, 650 ret = iwl_pcie_load_firmware_chunk(trans, dst_addr, p_addr,
633 section->offset + offset, 651 copy_size);
634 p_addr, copy_size); 652
653 if (extended_addr)
654 iwl_clear_bits_prph(trans, LMPM_CHICK,
655 LMPM_CHICK_EXTENDED_ADDR_SPACE);
656
635 if (ret) { 657 if (ret) {
636 IWL_ERR(trans, 658 IWL_ERR(trans,
637 "Could not load the [%d] uCode section\n", 659 "Could not load the [%d] uCode section\n",
@@ -644,14 +666,14 @@ static int iwl_pcie_load_section(struct iwl_trans *trans, u8 section_num,
644 return ret; 666 return ret;
645} 667}
646 668
647static int iwl_pcie_load_cpu_secured_sections(struct iwl_trans *trans, 669static int iwl_pcie_load_cpu_sections_8000b(struct iwl_trans *trans,
648 const struct fw_img *image, 670 const struct fw_img *image,
649 int cpu, 671 int cpu,
650 int *first_ucode_section) 672 int *first_ucode_section)
651{ 673{
652 int shift_param; 674 int shift_param;
653 int i, ret = 0; 675 int i, ret = 0, sec_num = 0x1;
654 u32 last_read_idx = 0; 676 u32 val, last_read_idx = 0;
655 677
656 if (cpu == 1) { 678 if (cpu == 1) {
657 shift_param = 0; 679 shift_param = 0;
@@ -672,21 +694,16 @@ static int iwl_pcie_load_cpu_secured_sections(struct iwl_trans *trans,
672 break; 694 break;
673 } 695 }
674 696
675 if (i == (*first_ucode_section) + 1)
676 /* set CPU to started */
677 iwl_set_bits_prph(trans,
678 CSR_UCODE_LOAD_STATUS_ADDR,
679 LMPM_CPU_HDRS_LOADING_COMPLETED
680 << shift_param);
681
682 ret = iwl_pcie_load_section(trans, i, &image->sec[i]); 697 ret = iwl_pcie_load_section(trans, i, &image->sec[i]);
683 if (ret) 698 if (ret)
684 return ret; 699 return ret;
700
701 /* Notify the ucode of the loaded section number and status */
702 val = iwl_read_direct32(trans, FH_UCODE_LOAD_STATUS);
703 val = val | (sec_num << shift_param);
704 iwl_write_direct32(trans, FH_UCODE_LOAD_STATUS, val);
705 sec_num = (sec_num << 1) | 0x1;
685 } 706 }
686 /* image loading complete */
687 iwl_set_bits_prph(trans,
688 CSR_UCODE_LOAD_STATUS_ADDR,
689 LMPM_CPU_UCODE_LOADING_COMPLETED << shift_param);
690 707
691 *first_ucode_section = last_read_idx; 708 *first_ucode_section = last_read_idx;
692 709
@@ -739,46 +756,78 @@ static int iwl_pcie_load_cpu_sections(struct iwl_trans *trans,
739 return 0; 756 return 0;
740} 757}
741 758
742static int iwl_pcie_load_given_ucode(struct iwl_trans *trans, 759static void iwl_pcie_apply_destination(struct iwl_trans *trans)
743 const struct fw_img *image)
744{ 760{
745 struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans); 761 struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
746 int ret = 0; 762 const struct iwl_fw_dbg_dest_tlv *dest = trans->dbg_dest_tlv;
747 int first_ucode_section; 763 int i;
748 764
749 IWL_DEBUG_FW(trans, 765 if (dest->version)
750 "working with %s CPU\n", 766 IWL_ERR(trans,
751 image->is_dual_cpus ? "Dual" : "Single"); 767 "DBG DEST version is %d - expect issues\n",
768 dest->version);
752 769
753 /* configure the ucode to be ready to get the secured image */ 770 IWL_INFO(trans, "Applying debug destination %s\n",
754 if (iwl_has_secure_boot(trans->hw_rev, trans->cfg->device_family)) { 771 get_fw_dbg_mode_string(dest->monitor_mode));
755 /* set secure boot inspector addresses */
756 iwl_write_prph(trans,
757 LMPM_SECURE_INSPECTOR_CODE_ADDR,
758 LMPM_SECURE_INSPECTOR_CODE_MEM_SPACE);
759 772
760 iwl_write_prph(trans, 773 if (dest->monitor_mode == EXTERNAL_MODE)
761 LMPM_SECURE_INSPECTOR_DATA_ADDR, 774 iwl_pcie_alloc_fw_monitor(trans);
762 LMPM_SECURE_INSPECTOR_DATA_MEM_SPACE); 775 else
776 IWL_WARN(trans, "PCI should have external buffer debug\n");
763 777
764 /* set CPU1 header address */ 778 for (i = 0; i < trans->dbg_dest_reg_num; i++) {
765 iwl_write_prph(trans, 779 u32 addr = le32_to_cpu(dest->reg_ops[i].addr);
766 LMPM_SECURE_UCODE_LOAD_CPU1_HDR_ADDR, 780 u32 val = le32_to_cpu(dest->reg_ops[i].val);
767 LMPM_SECURE_CPU1_HDR_MEM_SPACE);
768 781
769 /* load to FW the binary Secured sections of CPU1 */ 782 switch (dest->reg_ops[i].op) {
770 ret = iwl_pcie_load_cpu_secured_sections(trans, image, 1, 783 case CSR_ASSIGN:
771 &first_ucode_section); 784 iwl_write32(trans, addr, val);
772 if (ret) 785 break;
773 return ret; 786 case CSR_SETBIT:
787 iwl_set_bit(trans, addr, BIT(val));
788 break;
789 case CSR_CLEARBIT:
790 iwl_clear_bit(trans, addr, BIT(val));
791 break;
792 case PRPH_ASSIGN:
793 iwl_write_prph(trans, addr, val);
794 break;
795 case PRPH_SETBIT:
796 iwl_set_bits_prph(trans, addr, BIT(val));
797 break;
798 case PRPH_CLEARBIT:
799 iwl_clear_bits_prph(trans, addr, BIT(val));
800 break;
801 default:
802 IWL_ERR(trans, "FW debug - unknown OP %d\n",
803 dest->reg_ops[i].op);
804 break;
805 }
806 }
774 807
775 } else { 808 if (dest->monitor_mode == EXTERNAL_MODE && trans_pcie->fw_mon_size) {
776 /* load to FW the binary Non secured sections of CPU1 */ 809 iwl_write_prph(trans, le32_to_cpu(dest->base_reg),
777 ret = iwl_pcie_load_cpu_sections(trans, image, 1, 810 trans_pcie->fw_mon_phys >> dest->base_shift);
778 &first_ucode_section); 811 iwl_write_prph(trans, le32_to_cpu(dest->end_reg),
779 if (ret) 812 (trans_pcie->fw_mon_phys +
780 return ret; 813 trans_pcie->fw_mon_size) >> dest->end_shift);
781 } 814 }
815}
816
817static int iwl_pcie_load_given_ucode(struct iwl_trans *trans,
818 const struct fw_img *image)
819{
820 struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
821 int ret = 0;
822 int first_ucode_section;
823
824 IWL_DEBUG_FW(trans, "working with %s CPU\n",
825 image->is_dual_cpus ? "Dual" : "Single");
826
827 /* load to FW the binary non secured sections of CPU1 */
828 ret = iwl_pcie_load_cpu_sections(trans, image, 1, &first_ucode_section);
829 if (ret)
830 return ret;
782 831
783 if (image->is_dual_cpus) { 832 if (image->is_dual_cpus) {
784 /* set CPU2 header address */ 833 /* set CPU2 header address */
@@ -787,14 +836,8 @@ static int iwl_pcie_load_given_ucode(struct iwl_trans *trans,
787 LMPM_SECURE_CPU2_HDR_MEM_SPACE); 836 LMPM_SECURE_CPU2_HDR_MEM_SPACE);
788 837
789 /* load to FW the binary sections of CPU2 */ 838 /* load to FW the binary sections of CPU2 */
790 if (iwl_has_secure_boot(trans->hw_rev, 839 ret = iwl_pcie_load_cpu_sections(trans, image, 2,
791 trans->cfg->device_family)) 840 &first_ucode_section);
792 ret = iwl_pcie_load_cpu_secured_sections(
793 trans, image, 2,
794 &first_ucode_section);
795 else
796 ret = iwl_pcie_load_cpu_sections(trans, image, 2,
797 &first_ucode_section);
798 if (ret) 841 if (ret)
799 return ret; 842 return ret;
800 } 843 }
@@ -811,6 +854,8 @@ static int iwl_pcie_load_given_ucode(struct iwl_trans *trans,
811 (trans_pcie->fw_mon_phys + 854 (trans_pcie->fw_mon_phys +
812 trans_pcie->fw_mon_size) >> 4); 855 trans_pcie->fw_mon_size) >> 4);
813 } 856 }
857 } else if (trans->dbg_dest_tlv) {
858 iwl_pcie_apply_destination(trans);
814 } 859 }
815 860
816 /* release CPU reset */ 861 /* release CPU reset */
@@ -819,18 +864,50 @@ static int iwl_pcie_load_given_ucode(struct iwl_trans *trans,
819 else 864 else
820 iwl_write32(trans, CSR_RESET, 0); 865 iwl_write32(trans, CSR_RESET, 0);
821 866
822 if (iwl_has_secure_boot(trans->hw_rev, trans->cfg->device_family)) { 867 return 0;
823 /* wait for image verification to complete */ 868}
824 ret = iwl_poll_prph_bit(trans,
825 LMPM_SECURE_BOOT_CPU1_STATUS_ADDR,
826 LMPM_SECURE_BOOT_STATUS_SUCCESS,
827 LMPM_SECURE_BOOT_STATUS_SUCCESS,
828 LMPM_SECURE_TIME_OUT);
829 869
830 if (ret < 0) { 870static int iwl_pcie_load_given_ucode_8000b(struct iwl_trans *trans,
831 IWL_ERR(trans, "Time out on secure boot process\n"); 871 const struct fw_img *image)
832 return ret; 872{
833 } 873 int ret = 0;
874 int first_ucode_section;
875 u32 reg;
876
877 IWL_DEBUG_FW(trans, "working with %s CPU\n",
878 image->is_dual_cpus ? "Dual" : "Single");
879
880 /* configure the ucode to be ready to get the secured image */
881 /* release CPU reset */
882 iwl_write_prph(trans, RELEASE_CPU_RESET, RELEASE_CPU_RESET_BIT);
883
884 /* load to FW the binary Secured sections of CPU1 */
885 ret = iwl_pcie_load_cpu_sections_8000b(trans, image, 1,
886 &first_ucode_section);
887 if (ret)
888 return ret;
889
890 /* load to FW the binary sections of CPU2 */
891 ret = iwl_pcie_load_cpu_sections_8000b(trans, image, 2,
892 &first_ucode_section);
893 if (ret)
894 return ret;
895
896 /* Notify FW loading is done */
897 iwl_write_direct32(trans, FH_UCODE_LOAD_STATUS, 0xFFFFFFFF);
898
899 /* wait for image verification to complete */
900 ret = iwl_poll_prph_bit(trans, LMPM_SECURE_BOOT_CPU1_STATUS_ADDR_B0,
901 LMPM_SECURE_BOOT_STATUS_SUCCESS,
902 LMPM_SECURE_BOOT_STATUS_SUCCESS,
903 LMPM_SECURE_TIME_OUT);
904 if (ret < 0) {
905 reg = iwl_read_prph(trans,
906 LMPM_SECURE_BOOT_CPU1_STATUS_ADDR_B0);
907
908 IWL_ERR(trans, "Timeout on secure boot process, reg = %x\n",
909 reg);
910 return ret;
834 } 911 }
835 912
836 return 0; 913 return 0;
@@ -882,7 +959,11 @@ static int iwl_trans_pcie_start_fw(struct iwl_trans *trans,
882 iwl_write32(trans, CSR_UCODE_DRV_GP1_CLR, CSR_UCODE_SW_BIT_RFKILL); 959 iwl_write32(trans, CSR_UCODE_DRV_GP1_CLR, CSR_UCODE_SW_BIT_RFKILL);
883 960
884 /* Load the given image to the HW */ 961 /* Load the given image to the HW */
885 return iwl_pcie_load_given_ucode(trans, fw); 962 if ((trans->cfg->device_family == IWL_DEVICE_FAMILY_8000) &&
963 (CSR_HW_REV_STEP(trans->hw_rev) == SILICON_B_STEP))
964 return iwl_pcie_load_given_ucode_8000b(trans, fw);
965 else
966 return iwl_pcie_load_given_ucode(trans, fw);
886} 967}
887 968
888static void iwl_trans_pcie_fw_alive(struct iwl_trans *trans, u32 scd_addr) 969static void iwl_trans_pcie_fw_alive(struct iwl_trans *trans, u32 scd_addr)
@@ -939,7 +1020,8 @@ static void iwl_trans_pcie_stop_device(struct iwl_trans *trans)
939 spin_unlock(&trans_pcie->irq_lock); 1020 spin_unlock(&trans_pcie->irq_lock);
940 1021
941 /* stop and reset the on-board processor */ 1022 /* stop and reset the on-board processor */
942 iwl_write32(trans, CSR_RESET, CSR_RESET_REG_FLAG_NEVO_RESET); 1023 iwl_write32(trans, CSR_RESET, CSR_RESET_REG_FLAG_SW_RESET);
1024 udelay(20);
943 1025
944 /* clear all status bits */ 1026 /* clear all status bits */
945 clear_bit(STATUS_SYNC_HCMD_ACTIVE, &trans->status); 1027 clear_bit(STATUS_SYNC_HCMD_ACTIVE, &trans->status);
@@ -972,6 +1054,9 @@ static void iwl_trans_pcie_stop_device(struct iwl_trans *trans)
972 clear_bit(STATUS_RFKILL, &trans->status); 1054 clear_bit(STATUS_RFKILL, &trans->status);
973 if (hw_rfkill != was_hw_rfkill) 1055 if (hw_rfkill != was_hw_rfkill)
974 iwl_trans_pcie_rf_kill(trans, hw_rfkill); 1056 iwl_trans_pcie_rf_kill(trans, hw_rfkill);
1057
1058 /* re-take ownership to prevent other users from stealing the deivce */
1059 iwl_pcie_prepare_card_hw(trans);
975} 1060}
976 1061
977void iwl_trans_pcie_rf_kill(struct iwl_trans *trans, bool state) 1062void iwl_trans_pcie_rf_kill(struct iwl_trans *trans, bool state)
@@ -1031,6 +1116,9 @@ static int iwl_trans_pcie_d3_resume(struct iwl_trans *trans,
1031 iwl_set_bit(trans, CSR_GP_CNTRL, CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ); 1116 iwl_set_bit(trans, CSR_GP_CNTRL, CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1032 iwl_set_bit(trans, CSR_GP_CNTRL, CSR_GP_CNTRL_REG_FLAG_INIT_DONE); 1117 iwl_set_bit(trans, CSR_GP_CNTRL, CSR_GP_CNTRL_REG_FLAG_INIT_DONE);
1033 1118
1119 if (trans->cfg->device_family == IWL_DEVICE_FAMILY_8000)
1120 udelay(2);
1121
1034 ret = iwl_poll_bit(trans, CSR_GP_CNTRL, 1122 ret = iwl_poll_bit(trans, CSR_GP_CNTRL,
1035 CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 1123 CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY,
1036 CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 1124 CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY,
@@ -1233,6 +1321,8 @@ static bool iwl_trans_pcie_grab_nic_access(struct iwl_trans *trans, bool silent,
1233 /* this bit wakes up the NIC */ 1321 /* this bit wakes up the NIC */
1234 __iwl_trans_pcie_set_bit(trans, CSR_GP_CNTRL, 1322 __iwl_trans_pcie_set_bit(trans, CSR_GP_CNTRL,
1235 CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ); 1323 CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1324 if (trans->cfg->device_family == IWL_DEVICE_FAMILY_8000)
1325 udelay(2);
1236 1326
1237 /* 1327 /*
1238 * These bits say the device is running, and should keep running for 1328 * These bits say the device is running, and should keep running for
@@ -1941,6 +2031,31 @@ static u32 iwl_trans_pcie_dump_csr(struct iwl_trans *trans,
1941 return csr_len; 2031 return csr_len;
1942} 2032}
1943 2033
2034static u32 iwl_trans_pcie_fh_regs_dump(struct iwl_trans *trans,
2035 struct iwl_fw_error_dump_data **data)
2036{
2037 u32 fh_regs_len = FH_MEM_UPPER_BOUND - FH_MEM_LOWER_BOUND;
2038 unsigned long flags;
2039 __le32 *val;
2040 int i;
2041
2042 if (!iwl_trans_grab_nic_access(trans, false, &flags))
2043 return 0;
2044
2045 (*data)->type = cpu_to_le32(IWL_FW_ERROR_DUMP_FH_REGS);
2046 (*data)->len = cpu_to_le32(fh_regs_len);
2047 val = (void *)(*data)->data;
2048
2049 for (i = FH_MEM_LOWER_BOUND; i < FH_MEM_UPPER_BOUND; i += sizeof(u32))
2050 *val++ = cpu_to_le32(iwl_trans_pcie_read32(trans, i));
2051
2052 iwl_trans_release_nic_access(trans, &flags);
2053
2054 *data = iwl_fw_error_next_data(*data);
2055
2056 return sizeof(**data) + fh_regs_len;
2057}
2058
1944static 2059static
1945struct iwl_trans_dump_data *iwl_trans_pcie_dump_data(struct iwl_trans *trans) 2060struct iwl_trans_dump_data *iwl_trans_pcie_dump_data(struct iwl_trans *trans)
1946{ 2061{
@@ -1950,6 +2065,7 @@ struct iwl_trans_dump_data *iwl_trans_pcie_dump_data(struct iwl_trans *trans)
1950 struct iwl_fw_error_dump_txcmd *txcmd; 2065 struct iwl_fw_error_dump_txcmd *txcmd;
1951 struct iwl_trans_dump_data *dump_data; 2066 struct iwl_trans_dump_data *dump_data;
1952 u32 len; 2067 u32 len;
2068 u32 monitor_len;
1953 int i, ptr; 2069 int i, ptr;
1954 2070
1955 /* transport dump header */ 2071 /* transport dump header */
@@ -1972,10 +2088,34 @@ struct iwl_trans_dump_data *iwl_trans_pcie_dump_data(struct iwl_trans *trans)
1972 num_bytes_in_chunk; 2088 num_bytes_in_chunk;
1973 } 2089 }
1974 2090
2091 /* FH registers */
2092 len += sizeof(*data) + (FH_MEM_UPPER_BOUND - FH_MEM_LOWER_BOUND);
2093
1975 /* FW monitor */ 2094 /* FW monitor */
1976 if (trans_pcie->fw_mon_page) 2095 if (trans_pcie->fw_mon_page) {
1977 len += sizeof(*data) + sizeof(struct iwl_fw_error_dump_fw_mon) + 2096 len += sizeof(*data) + sizeof(struct iwl_fw_error_dump_fw_mon) +
1978 trans_pcie->fw_mon_size; 2097 trans_pcie->fw_mon_size;
2098 monitor_len = trans_pcie->fw_mon_size;
2099 } else if (trans->dbg_dest_tlv) {
2100 u32 base, end;
2101
2102 base = le32_to_cpu(trans->dbg_dest_tlv->base_reg);
2103 end = le32_to_cpu(trans->dbg_dest_tlv->end_reg);
2104
2105 base = iwl_read_prph(trans, base) <<
2106 trans->dbg_dest_tlv->base_shift;
2107 end = iwl_read_prph(trans, end) <<
2108 trans->dbg_dest_tlv->end_shift;
2109
2110 /* Make "end" point to the actual end */
2111 if (trans->cfg->device_family == IWL_DEVICE_FAMILY_8000)
2112 end += (1 << trans->dbg_dest_tlv->end_shift);
2113 monitor_len = end - base;
2114 len += sizeof(*data) + sizeof(struct iwl_fw_error_dump_fw_mon) +
2115 monitor_len;
2116 } else {
2117 monitor_len = 0;
2118 }
1979 2119
1980 dump_data = vzalloc(len); 2120 dump_data = vzalloc(len);
1981 if (!dump_data) 2121 if (!dump_data)
@@ -2012,36 +2152,71 @@ struct iwl_trans_dump_data *iwl_trans_pcie_dump_data(struct iwl_trans *trans)
2012 2152
2013 len += iwl_trans_pcie_dump_prph(trans, &data); 2153 len += iwl_trans_pcie_dump_prph(trans, &data);
2014 len += iwl_trans_pcie_dump_csr(trans, &data); 2154 len += iwl_trans_pcie_dump_csr(trans, &data);
2155 len += iwl_trans_pcie_fh_regs_dump(trans, &data);
2015 /* data is already pointing to the next section */ 2156 /* data is already pointing to the next section */
2016 2157
2017 if (trans_pcie->fw_mon_page) { 2158 if ((trans_pcie->fw_mon_page &&
2159 trans->cfg->device_family == IWL_DEVICE_FAMILY_7000) ||
2160 trans->dbg_dest_tlv) {
2018 struct iwl_fw_error_dump_fw_mon *fw_mon_data; 2161 struct iwl_fw_error_dump_fw_mon *fw_mon_data;
2162 u32 base, write_ptr, wrap_cnt;
2163
2164 /* If there was a dest TLV - use the values from there */
2165 if (trans->dbg_dest_tlv) {
2166 write_ptr =
2167 le32_to_cpu(trans->dbg_dest_tlv->write_ptr_reg);
2168 wrap_cnt = le32_to_cpu(trans->dbg_dest_tlv->wrap_count);
2169 base = le32_to_cpu(trans->dbg_dest_tlv->base_reg);
2170 } else {
2171 base = MON_BUFF_BASE_ADDR;
2172 write_ptr = MON_BUFF_WRPTR;
2173 wrap_cnt = MON_BUFF_CYCLE_CNT;
2174 }
2019 2175
2020 data->type = cpu_to_le32(IWL_FW_ERROR_DUMP_FW_MONITOR); 2176 data->type = cpu_to_le32(IWL_FW_ERROR_DUMP_FW_MONITOR);
2021 data->len = cpu_to_le32(trans_pcie->fw_mon_size +
2022 sizeof(*fw_mon_data));
2023 fw_mon_data = (void *)data->data; 2177 fw_mon_data = (void *)data->data;
2024 fw_mon_data->fw_mon_wr_ptr = 2178 fw_mon_data->fw_mon_wr_ptr =
2025 cpu_to_le32(iwl_read_prph(trans, MON_BUFF_WRPTR)); 2179 cpu_to_le32(iwl_read_prph(trans, write_ptr));
2026 fw_mon_data->fw_mon_cycle_cnt = 2180 fw_mon_data->fw_mon_cycle_cnt =
2027 cpu_to_le32(iwl_read_prph(trans, MON_BUFF_CYCLE_CNT)); 2181 cpu_to_le32(iwl_read_prph(trans, wrap_cnt));
2028 fw_mon_data->fw_mon_base_ptr = 2182 fw_mon_data->fw_mon_base_ptr =
2029 cpu_to_le32(iwl_read_prph(trans, MON_BUFF_BASE_ADDR)); 2183 cpu_to_le32(iwl_read_prph(trans, base));
2030 2184
2031 /* 2185 len += sizeof(*data) + sizeof(*fw_mon_data);
2032 * The firmware is now asserted, it won't write anything to 2186 if (trans_pcie->fw_mon_page) {
2033 * the buffer. CPU can take ownership to fetch the data. 2187 data->len = cpu_to_le32(trans_pcie->fw_mon_size +
2034 * The buffer will be handed back to the device before the 2188 sizeof(*fw_mon_data));
2035 * firmware will be restarted. 2189
2036 */ 2190 /*
2037 dma_sync_single_for_cpu(trans->dev, trans_pcie->fw_mon_phys, 2191 * The firmware is now asserted, it won't write anything
2038 trans_pcie->fw_mon_size, 2192 * to the buffer. CPU can take ownership to fetch the
2039 DMA_FROM_DEVICE); 2193 * data. The buffer will be handed back to the device
2040 memcpy(fw_mon_data->data, page_address(trans_pcie->fw_mon_page), 2194 * before the firmware will be restarted.
2041 trans_pcie->fw_mon_size); 2195 */
2042 2196 dma_sync_single_for_cpu(trans->dev,
2043 len += sizeof(*data) + sizeof(*fw_mon_data) + 2197 trans_pcie->fw_mon_phys,
2044 trans_pcie->fw_mon_size; 2198 trans_pcie->fw_mon_size,
2199 DMA_FROM_DEVICE);
2200 memcpy(fw_mon_data->data,
2201 page_address(trans_pcie->fw_mon_page),
2202 trans_pcie->fw_mon_size);
2203
2204 len += trans_pcie->fw_mon_size;
2205 } else {
2206 /* If we are here then the buffer is internal */
2207
2208 /*
2209 * Update pointers to reflect actual values after
2210 * shifting
2211 */
2212 base = iwl_read_prph(trans, base) <<
2213 trans->dbg_dest_tlv->base_shift;
2214 iwl_trans_read_mem(trans, base, fw_mon_data->data,
2215 monitor_len / sizeof(u32));
2216 data->len = cpu_to_le32(sizeof(*fw_mon_data) +
2217 monitor_len);
2218 len += monitor_len;
2219 }
2045 } 2220 }
2046 2221
2047 dump_data->len = len; 2222 dump_data->len = len;
diff --git a/drivers/net/wireless/iwlwifi/pcie/tx.c b/drivers/net/wireless/iwlwifi/pcie/tx.c
index eb8e2984c5e9..8a6c7a084aa1 100644
--- a/drivers/net/wireless/iwlwifi/pcie/tx.c
+++ b/drivers/net/wireless/iwlwifi/pcie/tx.c
@@ -989,6 +989,65 @@ out:
989 spin_unlock_bh(&txq->lock); 989 spin_unlock_bh(&txq->lock);
990} 990}
991 991
992static int iwl_pcie_set_cmd_in_flight(struct iwl_trans *trans)
993{
994 struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
995 int ret;
996
997 lockdep_assert_held(&trans_pcie->reg_lock);
998
999 if (trans_pcie->cmd_in_flight)
1000 return 0;
1001
1002 trans_pcie->cmd_in_flight = true;
1003
1004 /*
1005 * wake up the NIC to make sure that the firmware will see the host
1006 * command - we will let the NIC sleep once all the host commands
1007 * returned. This needs to be done only on NICs that have
1008 * apmg_wake_up_wa set.
1009 */
1010 if (trans->cfg->base_params->apmg_wake_up_wa) {
1011 __iwl_trans_pcie_set_bit(trans, CSR_GP_CNTRL,
1012 CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1013 if (trans->cfg->device_family == IWL_DEVICE_FAMILY_8000)
1014 udelay(2);
1015
1016 ret = iwl_poll_bit(trans, CSR_GP_CNTRL,
1017 CSR_GP_CNTRL_REG_VAL_MAC_ACCESS_EN,
1018 (CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY |
1019 CSR_GP_CNTRL_REG_FLAG_GOING_TO_SLEEP),
1020 15000);
1021 if (ret < 0) {
1022 __iwl_trans_pcie_clear_bit(trans, CSR_GP_CNTRL,
1023 CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1024 trans_pcie->cmd_in_flight = false;
1025 IWL_ERR(trans, "Failed to wake NIC for hcmd\n");
1026 return -EIO;
1027 }
1028 }
1029
1030 return 0;
1031}
1032
1033static int iwl_pcie_clear_cmd_in_flight(struct iwl_trans *trans)
1034{
1035 struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
1036
1037 lockdep_assert_held(&trans_pcie->reg_lock);
1038
1039 if (WARN_ON(!trans_pcie->cmd_in_flight))
1040 return 0;
1041
1042 trans_pcie->cmd_in_flight = false;
1043
1044 if (trans->cfg->base_params->apmg_wake_up_wa)
1045 __iwl_trans_pcie_clear_bit(trans, CSR_GP_CNTRL,
1046 CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1047
1048 return 0;
1049}
1050
992/* 1051/*
993 * iwl_pcie_cmdq_reclaim - Reclaim TX command queue entries already Tx'd 1052 * iwl_pcie_cmdq_reclaim - Reclaim TX command queue entries already Tx'd
994 * 1053 *
@@ -1024,14 +1083,9 @@ static void iwl_pcie_cmdq_reclaim(struct iwl_trans *trans, int txq_id, int idx)
1024 } 1083 }
1025 } 1084 }
1026 1085
1027 if (trans->cfg->base_params->apmg_wake_up_wa && 1086 if (q->read_ptr == q->write_ptr) {
1028 q->read_ptr == q->write_ptr) {
1029 spin_lock_irqsave(&trans_pcie->reg_lock, flags); 1087 spin_lock_irqsave(&trans_pcie->reg_lock, flags);
1030 WARN_ON(!trans_pcie->cmd_in_flight); 1088 iwl_pcie_clear_cmd_in_flight(trans);
1031 trans_pcie->cmd_in_flight = false;
1032 __iwl_trans_pcie_clear_bit(trans,
1033 CSR_GP_CNTRL,
1034 CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1035 spin_unlock_irqrestore(&trans_pcie->reg_lock, flags); 1089 spin_unlock_irqrestore(&trans_pcie->reg_lock, flags);
1036 } 1090 }
1037 1091
@@ -1419,32 +1473,11 @@ static int iwl_pcie_enqueue_hcmd(struct iwl_trans *trans,
1419 mod_timer(&txq->stuck_timer, jiffies + trans_pcie->wd_timeout); 1473 mod_timer(&txq->stuck_timer, jiffies + trans_pcie->wd_timeout);
1420 1474
1421 spin_lock_irqsave(&trans_pcie->reg_lock, flags); 1475 spin_lock_irqsave(&trans_pcie->reg_lock, flags);
1422 1476 ret = iwl_pcie_set_cmd_in_flight(trans);
1423 /* 1477 if (ret < 0) {
1424 * wake up the NIC to make sure that the firmware will see the host 1478 idx = ret;
1425 * command - we will let the NIC sleep once all the host commands 1479 spin_unlock_irqrestore(&trans_pcie->reg_lock, flags);
1426 * returned. This needs to be done only on NICs that have 1480 goto out;
1427 * apmg_wake_up_wa set.
1428 */
1429 if (trans->cfg->base_params->apmg_wake_up_wa &&
1430 !trans_pcie->cmd_in_flight) {
1431 trans_pcie->cmd_in_flight = true;
1432 __iwl_trans_pcie_set_bit(trans, CSR_GP_CNTRL,
1433 CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1434 ret = iwl_poll_bit(trans, CSR_GP_CNTRL,
1435 CSR_GP_CNTRL_REG_VAL_MAC_ACCESS_EN,
1436 (CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY |
1437 CSR_GP_CNTRL_REG_FLAG_GOING_TO_SLEEP),
1438 15000);
1439 if (ret < 0) {
1440 __iwl_trans_pcie_clear_bit(trans, CSR_GP_CNTRL,
1441 CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1442 spin_unlock_irqrestore(&trans_pcie->reg_lock, flags);
1443 trans_pcie->cmd_in_flight = false;
1444 IWL_ERR(trans, "Failed to wake NIC for hcmd\n");
1445 idx = -EIO;
1446 goto out;
1447 }
1448 } 1481 }
1449 1482
1450 /* Increment and update queue's write index */ 1483 /* Increment and update queue's write index */
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
index 2371d11e4190..a71b9d5e353d 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -2388,7 +2388,6 @@ static int mac80211_hwsim_new_radio(struct genl_info *info,
2388 sband->vht_cap.cap = 2388 sband->vht_cap.cap =
2389 IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454 | 2389 IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454 |
2390 IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ | 2390 IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ |
2391 IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ |
2392 IEEE80211_VHT_CAP_RXLDPC | 2391 IEEE80211_VHT_CAP_RXLDPC |
2393 IEEE80211_VHT_CAP_SHORT_GI_80 | 2392 IEEE80211_VHT_CAP_SHORT_GI_80 |
2394 IEEE80211_VHT_CAP_SHORT_GI_160 | 2393 IEEE80211_VHT_CAP_SHORT_GI_160 |
@@ -2543,7 +2542,9 @@ static int mac80211_hwsim_get_radio(struct sk_buff *skb,
2543 if (cb) 2542 if (cb)
2544 genl_dump_check_consistent(cb, hdr, &hwsim_genl_family); 2543 genl_dump_check_consistent(cb, hdr, &hwsim_genl_family);
2545 2544
2546 param.reg_alpha2 = data->alpha2; 2545 if (data->alpha2[0] && data->alpha2[1])
2546 param.reg_alpha2 = data->alpha2;
2547
2547 param.reg_strict = !!(data->hw->wiphy->regulatory_flags & 2548 param.reg_strict = !!(data->hw->wiphy->regulatory_flags &
2548 REGULATORY_STRICT_REG); 2549 REGULATORY_STRICT_REG);
2549 param.p2p_device = !!(data->hw->wiphy->interface_modes & 2550 param.p2p_device = !!(data->hw->wiphy->interface_modes &
diff --git a/drivers/net/wireless/mwifiex/11n.c b/drivers/net/wireless/mwifiex/11n.c
index 62f5dbe602d3..9d4786e7ddff 100644
--- a/drivers/net/wireless/mwifiex/11n.c
+++ b/drivers/net/wireless/mwifiex/11n.c
@@ -544,6 +544,7 @@ int mwifiex_send_addba(struct mwifiex_private *priv, int tid, u8 *peer_mac)
544 u32 tx_win_size = priv->add_ba_param.tx_win_size; 544 u32 tx_win_size = priv->add_ba_param.tx_win_size;
545 static u8 dialog_tok; 545 static u8 dialog_tok;
546 int ret; 546 int ret;
547 unsigned long flags;
547 u16 block_ack_param_set; 548 u16 block_ack_param_set;
548 549
549 dev_dbg(priv->adapter->dev, "cmd: %s: tid %d\n", __func__, tid); 550 dev_dbg(priv->adapter->dev, "cmd: %s: tid %d\n", __func__, tid);
@@ -554,15 +555,18 @@ int mwifiex_send_addba(struct mwifiex_private *priv, int tid, u8 *peer_mac)
554 memcmp(priv->cfg_bssid, peer_mac, ETH_ALEN)) { 555 memcmp(priv->cfg_bssid, peer_mac, ETH_ALEN)) {
555 struct mwifiex_sta_node *sta_ptr; 556 struct mwifiex_sta_node *sta_ptr;
556 557
558 spin_lock_irqsave(&priv->sta_list_spinlock, flags);
557 sta_ptr = mwifiex_get_sta_entry(priv, peer_mac); 559 sta_ptr = mwifiex_get_sta_entry(priv, peer_mac);
558 if (!sta_ptr) { 560 if (!sta_ptr) {
559 dev_warn(priv->adapter->dev, 561 dev_warn(priv->adapter->dev,
560 "BA setup with unknown TDLS peer %pM!\n", 562 "BA setup with unknown TDLS peer %pM!\n",
561 peer_mac); 563 peer_mac);
564 spin_unlock_irqrestore(&priv->sta_list_spinlock, flags);
562 return -1; 565 return -1;
563 } 566 }
564 if (sta_ptr->is_11ac_enabled) 567 if (sta_ptr->is_11ac_enabled)
565 tx_win_size = MWIFIEX_11AC_STA_AMPDU_DEF_TXWINSIZE; 568 tx_win_size = MWIFIEX_11AC_STA_AMPDU_DEF_TXWINSIZE;
569 spin_unlock_irqrestore(&priv->sta_list_spinlock, flags);
566 } 570 }
567 571
568 block_ack_param_set = (u16)((tid << BLOCKACKPARAM_TID_POS) | 572 block_ack_param_set = (u16)((tid << BLOCKACKPARAM_TID_POS) |
diff --git a/drivers/net/wireless/mwifiex/11n_rxreorder.c b/drivers/net/wireless/mwifiex/11n_rxreorder.c
index 5ef5a0eeba50..d73fda312c87 100644
--- a/drivers/net/wireless/mwifiex/11n_rxreorder.c
+++ b/drivers/net/wireless/mwifiex/11n_rxreorder.c
@@ -351,6 +351,7 @@ mwifiex_11n_create_rx_reorder_tbl(struct mwifiex_private *priv, u8 *ta,
351 new_node->init_win = seq_num; 351 new_node->init_win = seq_num;
352 new_node->flags = 0; 352 new_node->flags = 0;
353 353
354 spin_lock_irqsave(&priv->sta_list_spinlock, flags);
354 if (mwifiex_queuing_ra_based(priv)) { 355 if (mwifiex_queuing_ra_based(priv)) {
355 dev_dbg(priv->adapter->dev, 356 dev_dbg(priv->adapter->dev,
356 "info: AP/ADHOC:last_seq=%d start_win=%d\n", 357 "info: AP/ADHOC:last_seq=%d start_win=%d\n",
@@ -367,6 +368,7 @@ mwifiex_11n_create_rx_reorder_tbl(struct mwifiex_private *priv, u8 *ta,
367 else 368 else
368 last_seq = priv->rx_seq[tid]; 369 last_seq = priv->rx_seq[tid];
369 } 370 }
371 spin_unlock_irqrestore(&priv->sta_list_spinlock, flags);
370 372
371 if (last_seq != MWIFIEX_DEF_11N_RX_SEQ_NUM && 373 if (last_seq != MWIFIEX_DEF_11N_RX_SEQ_NUM &&
372 last_seq >= new_node->start_win) { 374 last_seq >= new_node->start_win) {
@@ -455,22 +457,26 @@ int mwifiex_cmd_11n_addba_rsp_gen(struct mwifiex_private *priv,
455 u32 rx_win_size = priv->add_ba_param.rx_win_size; 457 u32 rx_win_size = priv->add_ba_param.rx_win_size;
456 u8 tid; 458 u8 tid;
457 int win_size; 459 int win_size;
460 unsigned long flags;
458 uint16_t block_ack_param_set; 461 uint16_t block_ack_param_set;
459 462
460 if ((GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA) && 463 if ((GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA) &&
461 ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) && 464 ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) &&
462 priv->adapter->is_hw_11ac_capable && 465 priv->adapter->is_hw_11ac_capable &&
463 memcmp(priv->cfg_bssid, cmd_addba_req->peer_mac_addr, ETH_ALEN)) { 466 memcmp(priv->cfg_bssid, cmd_addba_req->peer_mac_addr, ETH_ALEN)) {
467 spin_lock_irqsave(&priv->sta_list_spinlock, flags);
464 sta_ptr = mwifiex_get_sta_entry(priv, 468 sta_ptr = mwifiex_get_sta_entry(priv,
465 cmd_addba_req->peer_mac_addr); 469 cmd_addba_req->peer_mac_addr);
466 if (!sta_ptr) { 470 if (!sta_ptr) {
467 dev_warn(priv->adapter->dev, 471 dev_warn(priv->adapter->dev,
468 "BA setup with unknown TDLS peer %pM!\n", 472 "BA setup with unknown TDLS peer %pM!\n",
469 cmd_addba_req->peer_mac_addr); 473 cmd_addba_req->peer_mac_addr);
474 spin_unlock_irqrestore(&priv->sta_list_spinlock, flags);
470 return -1; 475 return -1;
471 } 476 }
472 if (sta_ptr->is_11ac_enabled) 477 if (sta_ptr->is_11ac_enabled)
473 rx_win_size = MWIFIEX_11AC_STA_AMPDU_DEF_RXWINSIZE; 478 rx_win_size = MWIFIEX_11AC_STA_AMPDU_DEF_RXWINSIZE;
479 spin_unlock_irqrestore(&priv->sta_list_spinlock, flags);
474 } 480 }
475 481
476 cmd->command = cpu_to_le16(HostCmd_CMD_11N_ADDBA_RSP); 482 cmd->command = cpu_to_le16(HostCmd_CMD_11N_ADDBA_RSP);
diff --git a/drivers/net/wireless/mwifiex/cfg80211.c b/drivers/net/wireless/mwifiex/cfg80211.c
index 17f0ee02d6e7..4a66a6555366 100644
--- a/drivers/net/wireless/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/mwifiex/cfg80211.c
@@ -194,10 +194,17 @@ mwifiex_cfg80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
194 tx_info->pkt_len = pkt_len; 194 tx_info->pkt_len = pkt_len;
195 195
196 mwifiex_form_mgmt_frame(skb, buf, len); 196 mwifiex_form_mgmt_frame(skb, buf, len);
197 mwifiex_queue_tx_pkt(priv, skb);
198
199 *cookie = prandom_u32() | 1; 197 *cookie = prandom_u32() | 1;
200 cfg80211_mgmt_tx_status(wdev, *cookie, buf, len, true, GFP_ATOMIC); 198
199 if (ieee80211_is_action(mgmt->frame_control))
200 skb = mwifiex_clone_skb_for_tx_status(priv,
201 skb,
202 MWIFIEX_BUF_FLAG_ACTION_TX_STATUS, cookie);
203 else
204 cfg80211_mgmt_tx_status(wdev, *cookie, buf, len, true,
205 GFP_ATOMIC);
206
207 mwifiex_queue_tx_pkt(priv, skb);
201 208
202 wiphy_dbg(wiphy, "info: management frame transmitted\n"); 209 wiphy_dbg(wiphy, "info: management frame transmitted\n");
203 return 0; 210 return 0;
@@ -1289,33 +1296,30 @@ mwifiex_cfg80211_del_station(struct wiphy *wiphy, struct net_device *dev,
1289{ 1296{
1290 struct mwifiex_private *priv = mwifiex_netdev_get_priv(dev); 1297 struct mwifiex_private *priv = mwifiex_netdev_get_priv(dev);
1291 struct mwifiex_sta_node *sta_node; 1298 struct mwifiex_sta_node *sta_node;
1299 u8 deauth_mac[ETH_ALEN];
1292 unsigned long flags; 1300 unsigned long flags;
1293 1301
1294 if (list_empty(&priv->sta_list) || !priv->bss_started) 1302 if (list_empty(&priv->sta_list) || !priv->bss_started)
1295 return 0; 1303 return 0;
1296 1304
1297 if (!params->mac || is_broadcast_ether_addr(params->mac)) { 1305 if (!params->mac || is_broadcast_ether_addr(params->mac))
1298 wiphy_dbg(wiphy, "%s: NULL/broadcast mac address\n", __func__); 1306 return 0;
1299 list_for_each_entry(sta_node, &priv->sta_list, list) { 1307
1300 if (mwifiex_send_cmd(priv, HostCmd_CMD_UAP_STA_DEAUTH, 1308 wiphy_dbg(wiphy, "%s: mac address %pM\n", __func__, params->mac);
1301 HostCmd_ACT_GEN_SET, 0, 1309
1302 sta_node->mac_addr, true)) 1310 memset(deauth_mac, 0, ETH_ALEN);
1303 return -1; 1311
1304 mwifiex_uap_del_sta_data(priv, sta_node); 1312 spin_lock_irqsave(&priv->sta_list_spinlock, flags);
1305 } 1313 sta_node = mwifiex_get_sta_entry(priv, params->mac);
1306 } else { 1314 if (sta_node)
1307 wiphy_dbg(wiphy, "%s: mac address %pM\n", __func__, 1315 ether_addr_copy(deauth_mac, params->mac);
1308 params->mac); 1316 spin_unlock_irqrestore(&priv->sta_list_spinlock, flags);
1309 spin_lock_irqsave(&priv->sta_list_spinlock, flags); 1317
1310 sta_node = mwifiex_get_sta_entry(priv, params->mac); 1318 if (is_valid_ether_addr(deauth_mac)) {
1311 spin_unlock_irqrestore(&priv->sta_list_spinlock, flags); 1319 if (mwifiex_send_cmd(priv, HostCmd_CMD_UAP_STA_DEAUTH,
1312 if (sta_node) { 1320 HostCmd_ACT_GEN_SET, 0,
1313 if (mwifiex_send_cmd(priv, HostCmd_CMD_UAP_STA_DEAUTH, 1321 deauth_mac, true))
1314 HostCmd_ACT_GEN_SET, 0, 1322 return -1;
1315 sta_node->mac_addr, true))
1316 return -1;
1317 mwifiex_uap_del_sta_data(priv, sta_node);
1318 }
1319 } 1323 }
1320 1324
1321 return 0; 1325 return 0;
@@ -2988,6 +2992,9 @@ int mwifiex_register_cfg80211(struct mwifiex_adapter *adapter)
2988 NL80211_FEATURE_INACTIVITY_TIMER | 2992 NL80211_FEATURE_INACTIVITY_TIMER |
2989 NL80211_FEATURE_NEED_OBSS_SCAN; 2993 NL80211_FEATURE_NEED_OBSS_SCAN;
2990 2994
2995 if (adapter->fw_api_ver == MWIFIEX_FW_V15)
2996 wiphy->features |= NL80211_FEATURE_SK_TX_STATUS;
2997
2991 /* Reserve space for mwifiex specific private data for BSS */ 2998 /* Reserve space for mwifiex specific private data for BSS */
2992 wiphy->bss_priv_size = sizeof(struct mwifiex_bss_priv); 2999 wiphy->bss_priv_size = sizeof(struct mwifiex_bss_priv);
2993 3000
diff --git a/drivers/net/wireless/mwifiex/decl.h b/drivers/net/wireless/mwifiex/decl.h
index fc0b1ed80a6a..2269acf41ad8 100644
--- a/drivers/net/wireless/mwifiex/decl.h
+++ b/drivers/net/wireless/mwifiex/decl.h
@@ -76,6 +76,8 @@
76#define MWIFIEX_BUF_FLAG_REQUEUED_PKT BIT(0) 76#define MWIFIEX_BUF_FLAG_REQUEUED_PKT BIT(0)
77#define MWIFIEX_BUF_FLAG_BRIDGED_PKT BIT(1) 77#define MWIFIEX_BUF_FLAG_BRIDGED_PKT BIT(1)
78#define MWIFIEX_BUF_FLAG_TDLS_PKT BIT(2) 78#define MWIFIEX_BUF_FLAG_TDLS_PKT BIT(2)
79#define MWIFIEX_BUF_FLAG_EAPOL_TX_STATUS BIT(3)
80#define MWIFIEX_BUF_FLAG_ACTION_TX_STATUS BIT(4)
79 81
80#define MWIFIEX_BRIDGED_PKTS_THR_HIGH 1024 82#define MWIFIEX_BRIDGED_PKTS_THR_HIGH 1024
81#define MWIFIEX_BRIDGED_PKTS_THR_LOW 128 83#define MWIFIEX_BRIDGED_PKTS_THR_LOW 128
@@ -159,6 +161,8 @@ struct mwifiex_txinfo {
159 u8 bss_num; 161 u8 bss_num;
160 u8 bss_type; 162 u8 bss_type;
161 u32 pkt_len; 163 u32 pkt_len;
164 u8 ack_frame_id;
165 u64 cookie;
162}; 166};
163 167
164enum mwifiex_wmm_ac_e { 168enum mwifiex_wmm_ac_e {
diff --git a/drivers/net/wireless/mwifiex/fw.h b/drivers/net/wireless/mwifiex/fw.h
index e095f371545a..fb5936eb82e3 100644
--- a/drivers/net/wireless/mwifiex/fw.h
+++ b/drivers/net/wireless/mwifiex/fw.h
@@ -494,6 +494,7 @@ enum P2P_MODES {
494#define EVENT_TDLS_GENERIC_EVENT 0x00000052 494#define EVENT_TDLS_GENERIC_EVENT 0x00000052
495#define EVENT_EXT_SCAN_REPORT 0x00000058 495#define EVENT_EXT_SCAN_REPORT 0x00000058
496#define EVENT_REMAIN_ON_CHAN_EXPIRED 0x0000005f 496#define EVENT_REMAIN_ON_CHAN_EXPIRED 0x0000005f
497#define EVENT_TX_STATUS_REPORT 0x00000074
497 498
498#define EVENT_ID_MASK 0xffff 499#define EVENT_ID_MASK 0xffff
499#define BSS_NUM_MASK 0xf 500#define BSS_NUM_MASK 0xf
@@ -542,6 +543,7 @@ struct mwifiex_ie_types_data {
542#define MWIFIEX_TxPD_POWER_MGMT_LAST_PACKET 0x08 543#define MWIFIEX_TxPD_POWER_MGMT_LAST_PACKET 0x08
543#define MWIFIEX_TXPD_FLAGS_TDLS_PACKET 0x10 544#define MWIFIEX_TXPD_FLAGS_TDLS_PACKET 0x10
544#define MWIFIEX_RXPD_FLAGS_TDLS_PACKET 0x01 545#define MWIFIEX_RXPD_FLAGS_TDLS_PACKET 0x01
546#define MWIFIEX_TXPD_FLAGS_REQ_TX_STATUS 0x20
545 547
546struct txpd { 548struct txpd {
547 u8 bss_type; 549 u8 bss_type;
@@ -553,7 +555,9 @@ struct txpd {
553 u8 priority; 555 u8 priority;
554 u8 flags; 556 u8 flags;
555 u8 pkt_delay_2ms; 557 u8 pkt_delay_2ms;
556 u8 reserved1; 558 u8 reserved1[2];
559 u8 tx_token_id;
560 u8 reserved[2];
557} __packed; 561} __packed;
558 562
559struct rxpd { 563struct rxpd {
@@ -598,8 +602,9 @@ struct uap_txpd {
598 u8 priority; 602 u8 priority;
599 u8 flags; 603 u8 flags;
600 u8 pkt_delay_2ms; 604 u8 pkt_delay_2ms;
601 u8 reserved1; 605 u8 reserved1[2];
602 __le32 reserved2; 606 u8 tx_token_id;
607 u8 reserved[2];
603}; 608};
604 609
605struct uap_rxpd { 610struct uap_rxpd {
@@ -1224,6 +1229,12 @@ struct mwifiex_event_scan_result {
1224 u8 num_of_set; 1229 u8 num_of_set;
1225} __packed; 1230} __packed;
1226 1231
1232struct tx_status_event {
1233 u8 packet_type;
1234 u8 tx_token_id;
1235 u8 status;
1236} __packed;
1237
1227#define MWIFIEX_USER_SCAN_CHAN_MAX 50 1238#define MWIFIEX_USER_SCAN_CHAN_MAX 50
1228 1239
1229#define MWIFIEX_MAX_SSID_LIST_LENGTH 10 1240#define MWIFIEX_MAX_SSID_LIST_LENGTH 10
diff --git a/drivers/net/wireless/mwifiex/init.c b/drivers/net/wireless/mwifiex/init.c
index cc15ab81aa66..520ad4a3018b 100644
--- a/drivers/net/wireless/mwifiex/init.c
+++ b/drivers/net/wireless/mwifiex/init.c
@@ -473,6 +473,9 @@ int mwifiex_init_lock_list(struct mwifiex_adapter *adapter)
473 473
474 spin_lock_init(&priv->tx_ba_stream_tbl_lock); 474 spin_lock_init(&priv->tx_ba_stream_tbl_lock);
475 spin_lock_init(&priv->rx_reorder_tbl_lock); 475 spin_lock_init(&priv->rx_reorder_tbl_lock);
476
477 spin_lock_init(&priv->ack_status_lock);
478 idr_init(&priv->ack_status_frames);
476 } 479 }
477 480
478 return 0; 481 return 0;
diff --git a/drivers/net/wireless/mwifiex/main.c b/drivers/net/wireless/mwifiex/main.c
index 0e50120eb807..d4d2223d1f31 100644
--- a/drivers/net/wireless/mwifiex/main.c
+++ b/drivers/net/wireless/mwifiex/main.c
@@ -149,7 +149,8 @@ static int mwifiex_process_rx(struct mwifiex_adapter *adapter)
149 /* Check for Rx data */ 149 /* Check for Rx data */
150 while ((skb = skb_dequeue(&adapter->rx_data_q))) { 150 while ((skb = skb_dequeue(&adapter->rx_data_q))) {
151 atomic_dec(&adapter->rx_pending); 151 atomic_dec(&adapter->rx_pending);
152 if (adapter->delay_main_work && 152 if ((adapter->delay_main_work ||
153 adapter->iface_type == MWIFIEX_USB) &&
153 (atomic_read(&adapter->rx_pending) < LOW_RX_PENDING)) { 154 (atomic_read(&adapter->rx_pending) < LOW_RX_PENDING)) {
154 if (adapter->if_ops.submit_rem_rx_urbs) 155 if (adapter->if_ops.submit_rem_rx_urbs)
155 adapter->if_ops.submit_rem_rx_urbs(adapter); 156 adapter->if_ops.submit_rem_rx_urbs(adapter);
@@ -202,12 +203,15 @@ process_start:
202 (adapter->hw_status == MWIFIEX_HW_STATUS_NOT_READY)) 203 (adapter->hw_status == MWIFIEX_HW_STATUS_NOT_READY))
203 break; 204 break;
204 205
205 /* If we process interrupts first, it would increase RX pending 206 /* For non-USB interfaces, If we process interrupts first, it
206 * even further. Avoid this by checking if rx_pending has 207 * would increase RX pending even further. Avoid this by
207 * crossed high threshold and schedule rx work queue 208 * checking if rx_pending has crossed high threshold and
208 * and then process interrupts 209 * schedule rx work queue and then process interrupts.
210 * For USB interface, there are no interrupts. We already have
211 * HIGH_RX_PENDING check in usb.c
209 */ 212 */
210 if (atomic_read(&adapter->rx_pending) >= HIGH_RX_PENDING) { 213 if (atomic_read(&adapter->rx_pending) >= HIGH_RX_PENDING &&
214 adapter->iface_type != MWIFIEX_USB) {
211 adapter->delay_main_work = true; 215 adapter->delay_main_work = true;
212 if (!adapter->rx_processing) 216 if (!adapter->rx_processing)
213 queue_work(adapter->rx_workqueue, 217 queue_work(adapter->rx_workqueue,
@@ -604,6 +608,48 @@ int mwifiex_queue_tx_pkt(struct mwifiex_private *priv, struct sk_buff *skb)
604 return 0; 608 return 0;
605} 609}
606 610
611struct sk_buff *
612mwifiex_clone_skb_for_tx_status(struct mwifiex_private *priv,
613 struct sk_buff *skb, u8 flag, u64 *cookie)
614{
615 struct sk_buff *orig_skb = skb;
616 struct mwifiex_txinfo *tx_info, *orig_tx_info;
617
618 skb = skb_clone(skb, GFP_ATOMIC);
619 if (skb) {
620 unsigned long flags;
621 int id;
622
623 spin_lock_irqsave(&priv->ack_status_lock, flags);
624 id = idr_alloc(&priv->ack_status_frames, orig_skb,
625 1, 0xff, GFP_ATOMIC);
626 spin_unlock_irqrestore(&priv->ack_status_lock, flags);
627
628 if (id >= 0) {
629 tx_info = MWIFIEX_SKB_TXCB(skb);
630 tx_info->ack_frame_id = id;
631 tx_info->flags |= flag;
632 orig_tx_info = MWIFIEX_SKB_TXCB(orig_skb);
633 orig_tx_info->ack_frame_id = id;
634 orig_tx_info->flags |= flag;
635
636 if (flag == MWIFIEX_BUF_FLAG_ACTION_TX_STATUS && cookie)
637 orig_tx_info->cookie = *cookie;
638
639 } else if (skb_shared(skb)) {
640 kfree_skb(orig_skb);
641 } else {
642 kfree_skb(skb);
643 skb = orig_skb;
644 }
645 } else {
646 /* couldn't clone -- lose tx status ... */
647 skb = orig_skb;
648 }
649
650 return skb;
651}
652
607/* 653/*
608 * CFG802.11 network device handler for data transmission. 654 * CFG802.11 network device handler for data transmission.
609 */ 655 */
@@ -613,6 +659,7 @@ mwifiex_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
613 struct mwifiex_private *priv = mwifiex_netdev_get_priv(dev); 659 struct mwifiex_private *priv = mwifiex_netdev_get_priv(dev);
614 struct sk_buff *new_skb; 660 struct sk_buff *new_skb;
615 struct mwifiex_txinfo *tx_info; 661 struct mwifiex_txinfo *tx_info;
662 bool multicast;
616 663
617 dev_dbg(priv->adapter->dev, "data: %lu BSS(%d-%d): Data <= kernel\n", 664 dev_dbg(priv->adapter->dev, "data: %lu BSS(%d-%d): Data <= kernel\n",
618 jiffies, priv->bss_type, priv->bss_num); 665 jiffies, priv->bss_type, priv->bss_num);
@@ -653,6 +700,15 @@ mwifiex_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
653 tx_info->bss_type = priv->bss_type; 700 tx_info->bss_type = priv->bss_type;
654 tx_info->pkt_len = skb->len; 701 tx_info->pkt_len = skb->len;
655 702
703 multicast = is_multicast_ether_addr(skb->data);
704
705 if (unlikely(!multicast && skb->sk &&
706 skb_shinfo(skb)->tx_flags & SKBTX_WIFI_STATUS &&
707 priv->adapter->fw_api_ver == MWIFIEX_FW_V15))
708 skb = mwifiex_clone_skb_for_tx_status(priv,
709 skb,
710 MWIFIEX_BUF_FLAG_EAPOL_TX_STATUS, NULL);
711
656 /* Record the current time the packet was queued; used to 712 /* Record the current time the packet was queued; used to
657 * determine the amount of time the packet was queued in 713 * determine the amount of time the packet was queued in
658 * the driver before it was sent to the firmware. 714 * the driver before it was sent to the firmware.
diff --git a/drivers/net/wireless/mwifiex/main.h b/drivers/net/wireless/mwifiex/main.h
index 5a690d5210f0..e66993cb5daf 100644
--- a/drivers/net/wireless/mwifiex/main.h
+++ b/drivers/net/wireless/mwifiex/main.h
@@ -34,6 +34,7 @@
34#include <linux/firmware.h> 34#include <linux/firmware.h>
35#include <linux/ctype.h> 35#include <linux/ctype.h>
36#include <linux/of.h> 36#include <linux/of.h>
37#include <linux/idr.h>
37 38
38#include "decl.h" 39#include "decl.h"
39#include "ioctl.h" 40#include "ioctl.h"
@@ -578,6 +579,9 @@ struct mwifiex_private {
578 u8 check_tdls_tx; 579 u8 check_tdls_tx;
579 struct timer_list auto_tdls_timer; 580 struct timer_list auto_tdls_timer;
580 bool auto_tdls_timer_active; 581 bool auto_tdls_timer_active;
582 struct idr ack_status_frames;
583 /* spin lock for ack status */
584 spinlock_t ack_status_lock;
581}; 585};
582 586
583enum mwifiex_ba_status { 587enum mwifiex_ba_status {
@@ -971,6 +975,8 @@ int mwifiex_handle_uap_rx_forward(struct mwifiex_private *priv,
971int mwifiex_process_sta_event(struct mwifiex_private *); 975int mwifiex_process_sta_event(struct mwifiex_private *);
972int mwifiex_process_uap_event(struct mwifiex_private *); 976int mwifiex_process_uap_event(struct mwifiex_private *);
973void mwifiex_delete_all_station_list(struct mwifiex_private *priv); 977void mwifiex_delete_all_station_list(struct mwifiex_private *priv);
978void mwifiex_wmm_del_peer_ra_list(struct mwifiex_private *priv,
979 const u8 *ra_addr);
974void *mwifiex_process_sta_txpd(struct mwifiex_private *, struct sk_buff *skb); 980void *mwifiex_process_sta_txpd(struct mwifiex_private *, struct sk_buff *skb);
975void *mwifiex_process_uap_txpd(struct mwifiex_private *, struct sk_buff *skb); 981void *mwifiex_process_uap_txpd(struct mwifiex_private *, struct sk_buff *skb);
976int mwifiex_sta_init_cmd(struct mwifiex_private *, u8 first_sta); 982int mwifiex_sta_init_cmd(struct mwifiex_private *, u8 first_sta);
@@ -1335,6 +1341,13 @@ void mwifiex_add_auto_tdls_peer(struct mwifiex_private *priv, const u8 *mac);
1335void mwifiex_setup_auto_tdls_timer(struct mwifiex_private *priv); 1341void mwifiex_setup_auto_tdls_timer(struct mwifiex_private *priv);
1336void mwifiex_clean_auto_tdls(struct mwifiex_private *priv); 1342void mwifiex_clean_auto_tdls(struct mwifiex_private *priv);
1337 1343
1344void mwifiex_parse_tx_status_event(struct mwifiex_private *priv,
1345 void *event_body);
1346
1347struct sk_buff *
1348mwifiex_clone_skb_for_tx_status(struct mwifiex_private *priv,
1349 struct sk_buff *skb, u8 flag, u64 *cookie);
1350
1338#ifdef CONFIG_DEBUG_FS 1351#ifdef CONFIG_DEBUG_FS
1339void mwifiex_debugfs_init(void); 1352void mwifiex_debugfs_init(void);
1340void mwifiex_debugfs_remove(void); 1353void mwifiex_debugfs_remove(void);
diff --git a/drivers/net/wireless/mwifiex/scan.c b/drivers/net/wireless/mwifiex/scan.c
index 3a17821157d7..984a7a4fa93b 100644
--- a/drivers/net/wireless/mwifiex/scan.c
+++ b/drivers/net/wireless/mwifiex/scan.c
@@ -1623,7 +1623,7 @@ mwifiex_parse_single_response_buf(struct mwifiex_private *priv, u8 **bss_info,
1623 1623
1624 if (*bytes_left >= sizeof(beacon_size)) { 1624 if (*bytes_left >= sizeof(beacon_size)) {
1625 /* Extract & convert beacon size from command buffer */ 1625 /* Extract & convert beacon size from command buffer */
1626 memcpy(&beacon_size, *bss_info, sizeof(beacon_size)); 1626 beacon_size = le16_to_cpu(*(__le16 *)(*bss_info));
1627 *bytes_left -= sizeof(beacon_size); 1627 *bytes_left -= sizeof(beacon_size);
1628 *bss_info += sizeof(beacon_size); 1628 *bss_info += sizeof(beacon_size);
1629 } 1629 }
diff --git a/drivers/net/wireless/mwifiex/sta_event.c b/drivers/net/wireless/mwifiex/sta_event.c
index 204ecc8faa5b..b8c171df6223 100644
--- a/drivers/net/wireless/mwifiex/sta_event.c
+++ b/drivers/net/wireless/mwifiex/sta_event.c
@@ -504,6 +504,11 @@ int mwifiex_process_sta_event(struct mwifiex_private *priv)
504 ret = mwifiex_parse_tdls_event(priv, adapter->event_skb); 504 ret = mwifiex_parse_tdls_event(priv, adapter->event_skb);
505 break; 505 break;
506 506
507 case EVENT_TX_STATUS_REPORT:
508 dev_dbg(adapter->dev, "event: TX_STATUS Report\n");
509 mwifiex_parse_tx_status_event(priv, adapter->event_body);
510 break;
511
507 default: 512 default:
508 dev_dbg(adapter->dev, "event: unknown event id: %#x\n", 513 dev_dbg(adapter->dev, "event: unknown event id: %#x\n",
509 eventcause); 514 eventcause);
diff --git a/drivers/net/wireless/mwifiex/sta_tx.c b/drivers/net/wireless/mwifiex/sta_tx.c
index dab7b33c54be..b896d7375b52 100644
--- a/drivers/net/wireless/mwifiex/sta_tx.c
+++ b/drivers/net/wireless/mwifiex/sta_tx.c
@@ -77,6 +77,12 @@ void *mwifiex_process_sta_txpd(struct mwifiex_private *priv,
77 local_tx_pd->pkt_delay_2ms = 77 local_tx_pd->pkt_delay_2ms =
78 mwifiex_wmm_compute_drv_pkt_delay(priv, skb); 78 mwifiex_wmm_compute_drv_pkt_delay(priv, skb);
79 79
80 if (tx_info->flags & MWIFIEX_BUF_FLAG_EAPOL_TX_STATUS ||
81 tx_info->flags & MWIFIEX_BUF_FLAG_ACTION_TX_STATUS) {
82 local_tx_pd->tx_token_id = tx_info->ack_frame_id;
83 local_tx_pd->flags |= MWIFIEX_TXPD_FLAGS_REQ_TX_STATUS;
84 }
85
80 if (local_tx_pd->priority < 86 if (local_tx_pd->priority <
81 ARRAY_SIZE(priv->wmm.user_pri_pkt_tx_ctrl)) 87 ARRAY_SIZE(priv->wmm.user_pri_pkt_tx_ctrl))
82 /* 88 /*
diff --git a/drivers/net/wireless/mwifiex/txrx.c b/drivers/net/wireless/mwifiex/txrx.c
index a5983fc4e83a..6ae133333363 100644
--- a/drivers/net/wireless/mwifiex/txrx.c
+++ b/drivers/net/wireless/mwifiex/txrx.c
@@ -203,3 +203,34 @@ done:
203} 203}
204EXPORT_SYMBOL_GPL(mwifiex_write_data_complete); 204EXPORT_SYMBOL_GPL(mwifiex_write_data_complete);
205 205
206void mwifiex_parse_tx_status_event(struct mwifiex_private *priv,
207 void *event_body)
208{
209 struct tx_status_event *tx_status = (void *)priv->adapter->event_body;
210 struct sk_buff *ack_skb;
211 unsigned long flags;
212 struct mwifiex_txinfo *tx_info;
213
214 if (!tx_status->tx_token_id)
215 return;
216
217 spin_lock_irqsave(&priv->ack_status_lock, flags);
218 ack_skb = idr_find(&priv->ack_status_frames, tx_status->tx_token_id);
219 if (ack_skb)
220 idr_remove(&priv->ack_status_frames, tx_status->tx_token_id);
221 spin_unlock_irqrestore(&priv->ack_status_lock, flags);
222
223 if (ack_skb) {
224 tx_info = MWIFIEX_SKB_TXCB(ack_skb);
225
226 if (tx_info->flags & MWIFIEX_BUF_FLAG_EAPOL_TX_STATUS) {
227 /* consumes ack_skb */
228 skb_complete_wifi_ack(ack_skb, !tx_status->status);
229 } else {
230 cfg80211_mgmt_tx_status(priv->wdev, tx_info->cookie,
231 ack_skb->data, ack_skb->len,
232 !tx_status->status, GFP_ATOMIC);
233 dev_kfree_skb_any(ack_skb);
234 }
235 }
236}
diff --git a/drivers/net/wireless/mwifiex/uap_event.c b/drivers/net/wireless/mwifiex/uap_event.c
index 7c2b97660a03..c54a537e31fb 100644
--- a/drivers/net/wireless/mwifiex/uap_event.c
+++ b/drivers/net/wireless/mwifiex/uap_event.c
@@ -110,6 +110,7 @@ int mwifiex_process_uap_event(struct mwifiex_private *priv)
110 mwifiex_11n_del_rx_reorder_tbl_by_ta(priv, deauth_mac); 110 mwifiex_11n_del_rx_reorder_tbl_by_ta(priv, deauth_mac);
111 mwifiex_del_tx_ba_stream_tbl_by_ra(priv, deauth_mac); 111 mwifiex_del_tx_ba_stream_tbl_by_ra(priv, deauth_mac);
112 } 112 }
113 mwifiex_wmm_del_peer_ra_list(priv, deauth_mac);
113 mwifiex_del_sta_entry(priv, deauth_mac); 114 mwifiex_del_sta_entry(priv, deauth_mac);
114 break; 115 break;
115 case EVENT_UAP_BSS_IDLE: 116 case EVENT_UAP_BSS_IDLE:
@@ -172,6 +173,10 @@ int mwifiex_process_uap_event(struct mwifiex_private *priv)
172 return mwifiex_handle_event_ext_scan_report(priv, 173 return mwifiex_handle_event_ext_scan_report(priv,
173 adapter->event_skb->data); 174 adapter->event_skb->data);
174 break; 175 break;
176 case EVENT_TX_STATUS_REPORT:
177 dev_dbg(adapter->dev, "event: TX_STATUS Report\n");
178 mwifiex_parse_tx_status_event(priv, adapter->event_body);
179 break;
175 default: 180 default:
176 dev_dbg(adapter->dev, "event: unknown event id: %#x\n", 181 dev_dbg(adapter->dev, "event: unknown event id: %#x\n",
177 eventcause); 182 eventcause);
diff --git a/drivers/net/wireless/mwifiex/uap_txrx.c b/drivers/net/wireless/mwifiex/uap_txrx.c
index ec7309d096ab..be3a203a529b 100644
--- a/drivers/net/wireless/mwifiex/uap_txrx.c
+++ b/drivers/net/wireless/mwifiex/uap_txrx.c
@@ -266,6 +266,7 @@ int mwifiex_process_uap_rx_packet(struct mwifiex_private *priv,
266 struct rx_packet_hdr *rx_pkt_hdr; 266 struct rx_packet_hdr *rx_pkt_hdr;
267 u16 rx_pkt_type; 267 u16 rx_pkt_type;
268 u8 ta[ETH_ALEN], pkt_type; 268 u8 ta[ETH_ALEN], pkt_type;
269 unsigned long flags;
269 struct mwifiex_sta_node *node; 270 struct mwifiex_sta_node *node;
270 271
271 uap_rx_pd = (struct uap_rxpd *)(skb->data); 272 uap_rx_pd = (struct uap_rxpd *)(skb->data);
@@ -294,10 +295,12 @@ int mwifiex_process_uap_rx_packet(struct mwifiex_private *priv,
294 memcpy(ta, rx_pkt_hdr->eth803_hdr.h_source, ETH_ALEN); 295 memcpy(ta, rx_pkt_hdr->eth803_hdr.h_source, ETH_ALEN);
295 296
296 if (rx_pkt_type != PKT_TYPE_BAR && uap_rx_pd->priority < MAX_NUM_TID) { 297 if (rx_pkt_type != PKT_TYPE_BAR && uap_rx_pd->priority < MAX_NUM_TID) {
298 spin_lock_irqsave(&priv->sta_list_spinlock, flags);
297 node = mwifiex_get_sta_entry(priv, ta); 299 node = mwifiex_get_sta_entry(priv, ta);
298 if (node) 300 if (node)
299 node->rx_seq[uap_rx_pd->priority] = 301 node->rx_seq[uap_rx_pd->priority] =
300 le16_to_cpu(uap_rx_pd->seq_num); 302 le16_to_cpu(uap_rx_pd->seq_num);
303 spin_unlock_irqrestore(&priv->sta_list_spinlock, flags);
301 } 304 }
302 305
303 if (!priv->ap_11n_enabled || 306 if (!priv->ap_11n_enabled ||
@@ -370,10 +373,16 @@ void *mwifiex_process_uap_txpd(struct mwifiex_private *priv,
370 txpd->bss_num = priv->bss_num; 373 txpd->bss_num = priv->bss_num;
371 txpd->bss_type = priv->bss_type; 374 txpd->bss_type = priv->bss_type;
372 txpd->tx_pkt_length = cpu_to_le16((u16)(skb->len - len)); 375 txpd->tx_pkt_length = cpu_to_le16((u16)(skb->len - len));
373
374 txpd->priority = (u8)skb->priority; 376 txpd->priority = (u8)skb->priority;
377
375 txpd->pkt_delay_2ms = mwifiex_wmm_compute_drv_pkt_delay(priv, skb); 378 txpd->pkt_delay_2ms = mwifiex_wmm_compute_drv_pkt_delay(priv, skb);
376 379
380 if (tx_info->flags & MWIFIEX_BUF_FLAG_EAPOL_TX_STATUS ||
381 tx_info->flags & MWIFIEX_BUF_FLAG_ACTION_TX_STATUS) {
382 txpd->tx_token_id = tx_info->ack_frame_id;
383 txpd->flags |= MWIFIEX_TXPD_FLAGS_REQ_TX_STATUS;
384 }
385
377 if (txpd->priority < ARRAY_SIZE(priv->wmm.user_pri_pkt_tx_ctrl)) 386 if (txpd->priority < ARRAY_SIZE(priv->wmm.user_pri_pkt_tx_ctrl))
378 /* 387 /*
379 * Set the priority specific tx_control field, setting of 0 will 388 * Set the priority specific tx_control field, setting of 0 will
diff --git a/drivers/net/wireless/mwifiex/util.c b/drivers/net/wireless/mwifiex/util.c
index a113ef8f0b8b..b1768fbf98f2 100644
--- a/drivers/net/wireless/mwifiex/util.c
+++ b/drivers/net/wireless/mwifiex/util.c
@@ -149,7 +149,7 @@ mwifiex_parse_mgmt_packet(struct mwifiex_private *priv, u8 *payload, u16 len,
149 u8 category, action_code; 149 u8 category, action_code;
150 struct ieee80211_hdr *ieee_hdr = (void *)payload; 150 struct ieee80211_hdr *ieee_hdr = (void *)payload;
151 151
152 stype = (cpu_to_le16(ieee_hdr->frame_control) & IEEE80211_FCTL_STYPE); 152 stype = (le16_to_cpu(ieee_hdr->frame_control) & IEEE80211_FCTL_STYPE);
153 153
154 switch (stype) { 154 switch (stype) {
155 case IEEE80211_STYPE_ACTION: 155 case IEEE80211_STYPE_ACTION:
diff --git a/drivers/net/wireless/mwifiex/wmm.c b/drivers/net/wireless/mwifiex/wmm.c
index 94c98a86ebbe..ffffd2c5a76e 100644
--- a/drivers/net/wireless/mwifiex/wmm.c
+++ b/drivers/net/wireless/mwifiex/wmm.c
@@ -147,9 +147,6 @@ void mwifiex_ralist_add(struct mwifiex_private *priv, const u8 *ra)
147 struct mwifiex_sta_node *node; 147 struct mwifiex_sta_node *node;
148 unsigned long flags; 148 unsigned long flags;
149 149
150 spin_lock_irqsave(&priv->sta_list_spinlock, flags);
151 node = mwifiex_get_sta_entry(priv, ra);
152 spin_unlock_irqrestore(&priv->sta_list_spinlock, flags);
153 150
154 for (i = 0; i < MAX_NUM_TID; ++i) { 151 for (i = 0; i < MAX_NUM_TID; ++i) {
155 ra_list = mwifiex_wmm_allocate_ralist_node(adapter, ra); 152 ra_list = mwifiex_wmm_allocate_ralist_node(adapter, ra);
@@ -170,10 +167,13 @@ void mwifiex_ralist_add(struct mwifiex_private *priv, const u8 *ra)
170 ra_list->is_11n_enabled = IS_11N_ENABLED(priv); 167 ra_list->is_11n_enabled = IS_11N_ENABLED(priv);
171 } 168 }
172 } else { 169 } else {
170 spin_lock_irqsave(&priv->sta_list_spinlock, flags);
171 node = mwifiex_get_sta_entry(priv, ra);
173 ra_list->is_11n_enabled = 172 ra_list->is_11n_enabled =
174 mwifiex_is_sta_11n_enabled(priv, node); 173 mwifiex_is_sta_11n_enabled(priv, node);
175 if (ra_list->is_11n_enabled) 174 if (ra_list->is_11n_enabled)
176 ra_list->max_amsdu = node->max_amsdu; 175 ra_list->max_amsdu = node->max_amsdu;
176 spin_unlock_irqrestore(&priv->sta_list_spinlock, flags);
177 } 177 }
178 178
179 dev_dbg(adapter->dev, "data: ralist %p: is_11n_enabled=%d\n", 179 dev_dbg(adapter->dev, "data: ralist %p: is_11n_enabled=%d\n",
@@ -523,6 +523,13 @@ static void mwifiex_wmm_delete_all_ralist(struct mwifiex_private *priv)
523 } 523 }
524} 524}
525 525
526static int mwifiex_free_ack_frame(int id, void *p, void *data)
527{
528 pr_warn("Have pending ack frames!\n");
529 kfree_skb(p);
530 return 0;
531}
532
526/* 533/*
527 * This function cleans up the Tx and Rx queues. 534 * This function cleans up the Tx and Rx queues.
528 * 535 *
@@ -558,6 +565,9 @@ mwifiex_clean_txrx(struct mwifiex_private *priv)
558 565
559 skb_queue_walk_safe(&priv->tdls_txq, skb, tmp) 566 skb_queue_walk_safe(&priv->tdls_txq, skb, tmp)
560 mwifiex_write_data_complete(priv->adapter, skb, 0, -1); 567 mwifiex_write_data_complete(priv->adapter, skb, 0, -1);
568
569 idr_for_each(&priv->ack_status_frames, mwifiex_free_ack_frame, NULL);
570 idr_destroy(&priv->ack_status_frames);
561} 571}
562 572
563/* 573/*
@@ -601,6 +611,32 @@ mwifiex_wmm_get_queue_raptr(struct mwifiex_private *priv, u8 tid,
601} 611}
602 612
603/* 613/*
614 * This function deletes RA list nodes for given mac for all TIDs.
615 * Function also decrements TX pending count accordingly.
616 */
617void
618mwifiex_wmm_del_peer_ra_list(struct mwifiex_private *priv, const u8 *ra_addr)
619{
620 struct mwifiex_ra_list_tbl *ra_list;
621 unsigned long flags;
622 int i;
623
624 spin_lock_irqsave(&priv->wmm.ra_list_spinlock, flags);
625
626 for (i = 0; i < MAX_NUM_TID; ++i) {
627 ra_list = mwifiex_wmm_get_ralist_node(priv, i, ra_addr);
628
629 if (!ra_list)
630 continue;
631 mwifiex_wmm_del_pkts_in_ralist_node(priv, ra_list);
632 atomic_sub(ra_list->total_pkt_count, &priv->wmm.tx_pkts_queued);
633 list_del(&ra_list->list);
634 kfree(ra_list);
635 }
636 spin_unlock_irqrestore(&priv->wmm.ra_list_spinlock, flags);
637}
638
639/*
604 * This function checks if a particular RA list node exists in a given TID 640 * This function checks if a particular RA list node exists in a given TID
605 * table index. 641 * table index.
606 */ 642 */
diff --git a/drivers/net/wireless/p54/net2280.h b/drivers/net/wireless/p54/net2280.h
deleted file mode 100644
index aedfaf24f386..000000000000
--- a/drivers/net/wireless/p54/net2280.h
+++ /dev/null
@@ -1,451 +0,0 @@
1#ifndef NET2280_H
2#define NET2280_H
3/*
4 * NetChip 2280 high/full speed USB device controller.
5 * Unlike many such controllers, this one talks PCI.
6 */
7
8/*
9 * Copyright (C) 2002 NetChip Technology, Inc. (http://www.netchip.com)
10 * Copyright (C) 2003 David Brownell
11 *
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
16 *
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, see <http://www.gnu.org/licenses/>.
24 */
25
26/*-------------------------------------------------------------------------*/
27
28/* NET2280 MEMORY MAPPED REGISTERS
29 *
30 * The register layout came from the chip documentation, and the bit
31 * number definitions were extracted from chip specification.
32 *
33 * Use the shift operator ('<<') to build bit masks, with readl/writel
34 * to access the registers through PCI.
35 */
36
37/* main registers, BAR0 + 0x0000 */
38struct net2280_regs {
39 /* offset 0x0000 */
40 __le32 devinit;
41#define LOCAL_CLOCK_FREQUENCY 8
42#define FORCE_PCI_RESET 7
43#define PCI_ID 6
44#define PCI_ENABLE 5
45#define FIFO_SOFT_RESET 4
46#define CFG_SOFT_RESET 3
47#define PCI_SOFT_RESET 2
48#define USB_SOFT_RESET 1
49#define M8051_RESET 0
50 __le32 eectl;
51#define EEPROM_ADDRESS_WIDTH 23
52#define EEPROM_CHIP_SELECT_ACTIVE 22
53#define EEPROM_PRESENT 21
54#define EEPROM_VALID 20
55#define EEPROM_BUSY 19
56#define EEPROM_CHIP_SELECT_ENABLE 18
57#define EEPROM_BYTE_READ_START 17
58#define EEPROM_BYTE_WRITE_START 16
59#define EEPROM_READ_DATA 8
60#define EEPROM_WRITE_DATA 0
61 __le32 eeclkfreq;
62 u32 _unused0;
63 /* offset 0x0010 */
64
65 __le32 pciirqenb0; /* interrupt PCI master ... */
66#define SETUP_PACKET_INTERRUPT_ENABLE 7
67#define ENDPOINT_F_INTERRUPT_ENABLE 6
68#define ENDPOINT_E_INTERRUPT_ENABLE 5
69#define ENDPOINT_D_INTERRUPT_ENABLE 4
70#define ENDPOINT_C_INTERRUPT_ENABLE 3
71#define ENDPOINT_B_INTERRUPT_ENABLE 2
72#define ENDPOINT_A_INTERRUPT_ENABLE 1
73#define ENDPOINT_0_INTERRUPT_ENABLE 0
74 __le32 pciirqenb1;
75#define PCI_INTERRUPT_ENABLE 31
76#define POWER_STATE_CHANGE_INTERRUPT_ENABLE 27
77#define PCI_ARBITER_TIMEOUT_INTERRUPT_ENABLE 26
78#define PCI_PARITY_ERROR_INTERRUPT_ENABLE 25
79#define PCI_MASTER_ABORT_RECEIVED_INTERRUPT_ENABLE 20
80#define PCI_TARGET_ABORT_RECEIVED_INTERRUPT_ENABLE 19
81#define PCI_TARGET_ABORT_ASSERTED_INTERRUPT_ENABLE 18
82#define PCI_RETRY_ABORT_INTERRUPT_ENABLE 17
83#define PCI_MASTER_CYCLE_DONE_INTERRUPT_ENABLE 16
84#define GPIO_INTERRUPT_ENABLE 13
85#define DMA_D_INTERRUPT_ENABLE 12
86#define DMA_C_INTERRUPT_ENABLE 11
87#define DMA_B_INTERRUPT_ENABLE 10
88#define DMA_A_INTERRUPT_ENABLE 9
89#define EEPROM_DONE_INTERRUPT_ENABLE 8
90#define VBUS_INTERRUPT_ENABLE 7
91#define CONTROL_STATUS_INTERRUPT_ENABLE 6
92#define ROOT_PORT_RESET_INTERRUPT_ENABLE 4
93#define SUSPEND_REQUEST_INTERRUPT_ENABLE 3
94#define SUSPEND_REQUEST_CHANGE_INTERRUPT_ENABLE 2
95#define RESUME_INTERRUPT_ENABLE 1
96#define SOF_INTERRUPT_ENABLE 0
97 __le32 cpu_irqenb0; /* ... or onboard 8051 */
98#define SETUP_PACKET_INTERRUPT_ENABLE 7
99#define ENDPOINT_F_INTERRUPT_ENABLE 6
100#define ENDPOINT_E_INTERRUPT_ENABLE 5
101#define ENDPOINT_D_INTERRUPT_ENABLE 4
102#define ENDPOINT_C_INTERRUPT_ENABLE 3
103#define ENDPOINT_B_INTERRUPT_ENABLE 2
104#define ENDPOINT_A_INTERRUPT_ENABLE 1
105#define ENDPOINT_0_INTERRUPT_ENABLE 0
106 __le32 cpu_irqenb1;
107#define CPU_INTERRUPT_ENABLE 31
108#define POWER_STATE_CHANGE_INTERRUPT_ENABLE 27
109#define PCI_ARBITER_TIMEOUT_INTERRUPT_ENABLE 26
110#define PCI_PARITY_ERROR_INTERRUPT_ENABLE 25
111#define PCI_INTA_INTERRUPT_ENABLE 24
112#define PCI_PME_INTERRUPT_ENABLE 23
113#define PCI_SERR_INTERRUPT_ENABLE 22
114#define PCI_PERR_INTERRUPT_ENABLE 21
115#define PCI_MASTER_ABORT_RECEIVED_INTERRUPT_ENABLE 20
116#define PCI_TARGET_ABORT_RECEIVED_INTERRUPT_ENABLE 19
117#define PCI_RETRY_ABORT_INTERRUPT_ENABLE 17
118#define PCI_MASTER_CYCLE_DONE_INTERRUPT_ENABLE 16
119#define GPIO_INTERRUPT_ENABLE 13
120#define DMA_D_INTERRUPT_ENABLE 12
121#define DMA_C_INTERRUPT_ENABLE 11
122#define DMA_B_INTERRUPT_ENABLE 10
123#define DMA_A_INTERRUPT_ENABLE 9
124#define EEPROM_DONE_INTERRUPT_ENABLE 8
125#define VBUS_INTERRUPT_ENABLE 7
126#define CONTROL_STATUS_INTERRUPT_ENABLE 6
127#define ROOT_PORT_RESET_INTERRUPT_ENABLE 4
128#define SUSPEND_REQUEST_INTERRUPT_ENABLE 3
129#define SUSPEND_REQUEST_CHANGE_INTERRUPT_ENABLE 2
130#define RESUME_INTERRUPT_ENABLE 1
131#define SOF_INTERRUPT_ENABLE 0
132
133 /* offset 0x0020 */
134 u32 _unused1;
135 __le32 usbirqenb1;
136#define USB_INTERRUPT_ENABLE 31
137#define POWER_STATE_CHANGE_INTERRUPT_ENABLE 27
138#define PCI_ARBITER_TIMEOUT_INTERRUPT_ENABLE 26
139#define PCI_PARITY_ERROR_INTERRUPT_ENABLE 25
140#define PCI_INTA_INTERRUPT_ENABLE 24
141#define PCI_PME_INTERRUPT_ENABLE 23
142#define PCI_SERR_INTERRUPT_ENABLE 22
143#define PCI_PERR_INTERRUPT_ENABLE 21
144#define PCI_MASTER_ABORT_RECEIVED_INTERRUPT_ENABLE 20
145#define PCI_TARGET_ABORT_RECEIVED_INTERRUPT_ENABLE 19
146#define PCI_RETRY_ABORT_INTERRUPT_ENABLE 17
147#define PCI_MASTER_CYCLE_DONE_INTERRUPT_ENABLE 16
148#define GPIO_INTERRUPT_ENABLE 13
149#define DMA_D_INTERRUPT_ENABLE 12
150#define DMA_C_INTERRUPT_ENABLE 11
151#define DMA_B_INTERRUPT_ENABLE 10
152#define DMA_A_INTERRUPT_ENABLE 9
153#define EEPROM_DONE_INTERRUPT_ENABLE 8
154#define VBUS_INTERRUPT_ENABLE 7
155#define CONTROL_STATUS_INTERRUPT_ENABLE 6
156#define ROOT_PORT_RESET_INTERRUPT_ENABLE 4
157#define SUSPEND_REQUEST_INTERRUPT_ENABLE 3
158#define SUSPEND_REQUEST_CHANGE_INTERRUPT_ENABLE 2
159#define RESUME_INTERRUPT_ENABLE 1
160#define SOF_INTERRUPT_ENABLE 0
161 __le32 irqstat0;
162#define INTA_ASSERTED 12
163#define SETUP_PACKET_INTERRUPT 7
164#define ENDPOINT_F_INTERRUPT 6
165#define ENDPOINT_E_INTERRUPT 5
166#define ENDPOINT_D_INTERRUPT 4
167#define ENDPOINT_C_INTERRUPT 3
168#define ENDPOINT_B_INTERRUPT 2
169#define ENDPOINT_A_INTERRUPT 1
170#define ENDPOINT_0_INTERRUPT 0
171 __le32 irqstat1;
172#define POWER_STATE_CHANGE_INTERRUPT 27
173#define PCI_ARBITER_TIMEOUT_INTERRUPT 26
174#define PCI_PARITY_ERROR_INTERRUPT 25
175#define PCI_INTA_INTERRUPT 24
176#define PCI_PME_INTERRUPT 23
177#define PCI_SERR_INTERRUPT 22
178#define PCI_PERR_INTERRUPT 21
179#define PCI_MASTER_ABORT_RECEIVED_INTERRUPT 20
180#define PCI_TARGET_ABORT_RECEIVED_INTERRUPT 19
181#define PCI_RETRY_ABORT_INTERRUPT 17
182#define PCI_MASTER_CYCLE_DONE_INTERRUPT 16
183#define GPIO_INTERRUPT 13
184#define DMA_D_INTERRUPT 12
185#define DMA_C_INTERRUPT 11
186#define DMA_B_INTERRUPT 10
187#define DMA_A_INTERRUPT 9
188#define EEPROM_DONE_INTERRUPT 8
189#define VBUS_INTERRUPT 7
190#define CONTROL_STATUS_INTERRUPT 6
191#define ROOT_PORT_RESET_INTERRUPT 4
192#define SUSPEND_REQUEST_INTERRUPT 3
193#define SUSPEND_REQUEST_CHANGE_INTERRUPT 2
194#define RESUME_INTERRUPT 1
195#define SOF_INTERRUPT 0
196 /* offset 0x0030 */
197 __le32 idxaddr;
198 __le32 idxdata;
199 __le32 fifoctl;
200#define PCI_BASE2_RANGE 16
201#define IGNORE_FIFO_AVAILABILITY 3
202#define PCI_BASE2_SELECT 2
203#define FIFO_CONFIGURATION_SELECT 0
204 u32 _unused2;
205 /* offset 0x0040 */
206 __le32 memaddr;
207#define START 28
208#define DIRECTION 27
209#define FIFO_DIAGNOSTIC_SELECT 24
210#define MEMORY_ADDRESS 0
211 __le32 memdata0;
212 __le32 memdata1;
213 u32 _unused3;
214 /* offset 0x0050 */
215 __le32 gpioctl;
216#define GPIO3_LED_SELECT 12
217#define GPIO3_INTERRUPT_ENABLE 11
218#define GPIO2_INTERRUPT_ENABLE 10
219#define GPIO1_INTERRUPT_ENABLE 9
220#define GPIO0_INTERRUPT_ENABLE 8
221#define GPIO3_OUTPUT_ENABLE 7
222#define GPIO2_OUTPUT_ENABLE 6
223#define GPIO1_OUTPUT_ENABLE 5
224#define GPIO0_OUTPUT_ENABLE 4
225#define GPIO3_DATA 3
226#define GPIO2_DATA 2
227#define GPIO1_DATA 1
228#define GPIO0_DATA 0
229 __le32 gpiostat;
230#define GPIO3_INTERRUPT 3
231#define GPIO2_INTERRUPT 2
232#define GPIO1_INTERRUPT 1
233#define GPIO0_INTERRUPT 0
234} __packed;
235
236/* usb control, BAR0 + 0x0080 */
237struct net2280_usb_regs {
238 /* offset 0x0080 */
239 __le32 stdrsp;
240#define STALL_UNSUPPORTED_REQUESTS 31
241#define SET_TEST_MODE 16
242#define GET_OTHER_SPEED_CONFIGURATION 15
243#define GET_DEVICE_QUALIFIER 14
244#define SET_ADDRESS 13
245#define ENDPOINT_SET_CLEAR_HALT 12
246#define DEVICE_SET_CLEAR_DEVICE_REMOTE_WAKEUP 11
247#define GET_STRING_DESCRIPTOR_2 10
248#define GET_STRING_DESCRIPTOR_1 9
249#define GET_STRING_DESCRIPTOR_0 8
250#define GET_SET_INTERFACE 6
251#define GET_SET_CONFIGURATION 5
252#define GET_CONFIGURATION_DESCRIPTOR 4
253#define GET_DEVICE_DESCRIPTOR 3
254#define GET_ENDPOINT_STATUS 2
255#define GET_INTERFACE_STATUS 1
256#define GET_DEVICE_STATUS 0
257 __le32 prodvendid;
258#define PRODUCT_ID 16
259#define VENDOR_ID 0
260 __le32 relnum;
261 __le32 usbctl;
262#define SERIAL_NUMBER_INDEX 16
263#define PRODUCT_ID_STRING_ENABLE 13
264#define VENDOR_ID_STRING_ENABLE 12
265#define USB_ROOT_PORT_WAKEUP_ENABLE 11
266#define VBUS_PIN 10
267#define TIMED_DISCONNECT 9
268#define SUSPEND_IMMEDIATELY 7
269#define SELF_POWERED_USB_DEVICE 6
270#define REMOTE_WAKEUP_SUPPORT 5
271#define PME_POLARITY 4
272#define USB_DETECT_ENABLE 3
273#define PME_WAKEUP_ENABLE 2
274#define DEVICE_REMOTE_WAKEUP_ENABLE 1
275#define SELF_POWERED_STATUS 0
276 /* offset 0x0090 */
277 __le32 usbstat;
278#define HIGH_SPEED 7
279#define FULL_SPEED 6
280#define GENERATE_RESUME 5
281#define GENERATE_DEVICE_REMOTE_WAKEUP 4
282 __le32 xcvrdiag;
283#define FORCE_HIGH_SPEED_MODE 31
284#define FORCE_FULL_SPEED_MODE 30
285#define USB_TEST_MODE 24
286#define LINE_STATE 16
287#define TRANSCEIVER_OPERATION_MODE 2
288#define TRANSCEIVER_SELECT 1
289#define TERMINATION_SELECT 0
290 __le32 setup0123;
291 __le32 setup4567;
292 /* offset 0x0090 */
293 u32 _unused0;
294 __le32 ouraddr;
295#define FORCE_IMMEDIATE 7
296#define OUR_USB_ADDRESS 0
297 __le32 ourconfig;
298} __packed;
299
300/* pci control, BAR0 + 0x0100 */
301struct net2280_pci_regs {
302 /* offset 0x0100 */
303 __le32 pcimstctl;
304#define PCI_ARBITER_PARK_SELECT 13
305#define PCI_MULTI LEVEL_ARBITER 12
306#define PCI_RETRY_ABORT_ENABLE 11
307#define DMA_MEMORY_WRITE_AND_INVALIDATE_ENABLE 10
308#define DMA_READ_MULTIPLE_ENABLE 9
309#define DMA_READ_LINE_ENABLE 8
310#define PCI_MASTER_COMMAND_SELECT 6
311#define MEM_READ_OR_WRITE 0
312#define IO_READ_OR_WRITE 1
313#define CFG_READ_OR_WRITE 2
314#define PCI_MASTER_START 5
315#define PCI_MASTER_READ_WRITE 4
316#define PCI_MASTER_WRITE 0
317#define PCI_MASTER_READ 1
318#define PCI_MASTER_BYTE_WRITE_ENABLES 0
319 __le32 pcimstaddr;
320 __le32 pcimstdata;
321 __le32 pcimststat;
322#define PCI_ARBITER_CLEAR 2
323#define PCI_EXTERNAL_ARBITER 1
324#define PCI_HOST_MODE 0
325} __packed;
326
327/* dma control, BAR0 + 0x0180 ... array of four structs like this,
328 * for channels 0..3. see also struct net2280_dma: descriptor
329 * that can be loaded into some of these registers.
330 */
331struct net2280_dma_regs { /* [11.7] */
332 /* offset 0x0180, 0x01a0, 0x01c0, 0x01e0, */
333 __le32 dmactl;
334#define DMA_SCATTER_GATHER_DONE_INTERRUPT_ENABLE 25
335#define DMA_CLEAR_COUNT_ENABLE 21
336#define DESCRIPTOR_POLLING_RATE 19
337#define POLL_CONTINUOUS 0
338#define POLL_1_USEC 1
339#define POLL_100_USEC 2
340#define POLL_1_MSEC 3
341#define DMA_VALID_BIT_POLLING_ENABLE 18
342#define DMA_VALID_BIT_ENABLE 17
343#define DMA_SCATTER_GATHER_ENABLE 16
344#define DMA_OUT_AUTO_START_ENABLE 4
345#define DMA_PREEMPT_ENABLE 3
346#define DMA_FIFO_VALIDATE 2
347#define DMA_ENABLE 1
348#define DMA_ADDRESS_HOLD 0
349 __le32 dmastat;
350#define DMA_SCATTER_GATHER_DONE_INTERRUPT 25
351#define DMA_TRANSACTION_DONE_INTERRUPT 24
352#define DMA_ABORT 1
353#define DMA_START 0
354 u32 _unused0[2];
355 /* offset 0x0190, 0x01b0, 0x01d0, 0x01f0, */
356 __le32 dmacount;
357#define VALID_BIT 31
358#define DMA_DIRECTION 30
359#define DMA_DONE_INTERRUPT_ENABLE 29
360#define END_OF_CHAIN 28
361#define DMA_BYTE_COUNT_MASK ((1<<24)-1)
362#define DMA_BYTE_COUNT 0
363 __le32 dmaaddr;
364 __le32 dmadesc;
365 u32 _unused1;
366} __packed;
367
368/* dedicated endpoint registers, BAR0 + 0x0200 */
369
370struct net2280_dep_regs { /* [11.8] */
371 /* offset 0x0200, 0x0210, 0x220, 0x230, 0x240 */
372 __le32 dep_cfg;
373 /* offset 0x0204, 0x0214, 0x224, 0x234, 0x244 */
374 __le32 dep_rsp;
375 u32 _unused[2];
376} __packed;
377
378/* configurable endpoint registers, BAR0 + 0x0300 ... array of seven structs
379 * like this, for ep0 then the configurable endpoints A..F
380 * ep0 reserved for control; E and F have only 64 bytes of fifo
381 */
382struct net2280_ep_regs { /* [11.9] */
383 /* offset 0x0300, 0x0320, 0x0340, 0x0360, 0x0380, 0x03a0, 0x03c0 */
384 __le32 ep_cfg;
385#define ENDPOINT_BYTE_COUNT 16
386#define ENDPOINT_ENABLE 10
387#define ENDPOINT_TYPE 8
388#define ENDPOINT_DIRECTION 7
389#define ENDPOINT_NUMBER 0
390 __le32 ep_rsp;
391#define SET_NAK_OUT_PACKETS 15
392#define SET_EP_HIDE_STATUS_PHASE 14
393#define SET_EP_FORCE_CRC_ERROR 13
394#define SET_INTERRUPT_MODE 12
395#define SET_CONTROL_STATUS_PHASE_HANDSHAKE 11
396#define SET_NAK_OUT_PACKETS_MODE 10
397#define SET_ENDPOINT_TOGGLE 9
398#define SET_ENDPOINT_HALT 8
399#define CLEAR_NAK_OUT_PACKETS 7
400#define CLEAR_EP_HIDE_STATUS_PHASE 6
401#define CLEAR_EP_FORCE_CRC_ERROR 5
402#define CLEAR_INTERRUPT_MODE 4
403#define CLEAR_CONTROL_STATUS_PHASE_HANDSHAKE 3
404#define CLEAR_NAK_OUT_PACKETS_MODE 2
405#define CLEAR_ENDPOINT_TOGGLE 1
406#define CLEAR_ENDPOINT_HALT 0
407 __le32 ep_irqenb;
408#define SHORT_PACKET_OUT_DONE_INTERRUPT_ENABLE 6
409#define SHORT_PACKET_TRANSFERRED_INTERRUPT_ENABLE 5
410#define DATA_PACKET_RECEIVED_INTERRUPT_ENABLE 3
411#define DATA_PACKET_TRANSMITTED_INTERRUPT_ENABLE 2
412#define DATA_OUT_PING_TOKEN_INTERRUPT_ENABLE 1
413#define DATA_IN_TOKEN_INTERRUPT_ENABLE 0
414 __le32 ep_stat;
415#define FIFO_VALID_COUNT 24
416#define HIGH_BANDWIDTH_OUT_TRANSACTION_PID 22
417#define TIMEOUT 21
418#define USB_STALL_SENT 20
419#define USB_IN_NAK_SENT 19
420#define USB_IN_ACK_RCVD 18
421#define USB_OUT_PING_NAK_SENT 17
422#define USB_OUT_ACK_SENT 16
423#define FIFO_OVERFLOW 13
424#define FIFO_UNDERFLOW 12
425#define FIFO_FULL 11
426#define FIFO_EMPTY 10
427#define FIFO_FLUSH 9
428#define SHORT_PACKET_OUT_DONE_INTERRUPT 6
429#define SHORT_PACKET_TRANSFERRED_INTERRUPT 5
430#define NAK_OUT_PACKETS 4
431#define DATA_PACKET_RECEIVED_INTERRUPT 3
432#define DATA_PACKET_TRANSMITTED_INTERRUPT 2
433#define DATA_OUT_PING_TOKEN_INTERRUPT 1
434#define DATA_IN_TOKEN_INTERRUPT 0
435 /* offset 0x0310, 0x0330, 0x0350, 0x0370, 0x0390, 0x03b0, 0x03d0 */
436 __le32 ep_avail;
437 __le32 ep_data;
438 u32 _unused0[2];
439} __packed;
440
441struct net2280_reg_write {
442 __le16 port;
443 __le32 addr;
444 __le32 val;
445} __packed;
446
447struct net2280_reg_read {
448 __le16 port;
449 __le32 addr;
450} __packed;
451#endif /* NET2280_H */
diff --git a/drivers/net/wireless/p54/p54usb.h b/drivers/net/wireless/p54/p54usb.h
index d273be7272b9..a5f5f0fea3bd 100644
--- a/drivers/net/wireless/p54/p54usb.h
+++ b/drivers/net/wireless/p54/p54usb.h
@@ -16,7 +16,7 @@
16 16
17/* for isl3886 register definitions used on ver 1 devices */ 17/* for isl3886 register definitions used on ver 1 devices */
18#include "p54pci.h" 18#include "p54pci.h"
19#include "net2280.h" 19#include <linux/usb/net2280.h>
20 20
21/* pci */ 21/* pci */
22#define NET2280_BASE 0x10000000 22#define NET2280_BASE 0x10000000
@@ -93,6 +93,17 @@ enum net2280_op_type {
93 NET2280_DEV_CFG_U16 = 0x0883 93 NET2280_DEV_CFG_U16 = 0x0883
94}; 94};
95 95
96struct net2280_reg_write {
97 __le16 port;
98 __le32 addr;
99 __le32 val;
100} __packed;
101
102struct net2280_reg_read {
103 __le16 port;
104 __le32 addr;
105} __packed;
106
96#define P54U_FW_BLOCK 2048 107#define P54U_FW_BLOCK 2048
97 108
98#define X2_SIGNATURE "x2 " 109#define X2_SIGNATURE "x2 "
diff --git a/drivers/net/wireless/rt2x00/rt2500usb.c b/drivers/net/wireless/rt2x00/rt2500usb.c
index c878e3f3993c..05c64597838d 100644
--- a/drivers/net/wireless/rt2x00/rt2500usb.c
+++ b/drivers/net/wireless/rt2x00/rt2500usb.c
@@ -47,7 +47,7 @@ MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
47 * BBP and RF register require indirect register access, 47 * BBP and RF register require indirect register access,
48 * and use the CSR registers BBPCSR and RFCSR to achieve this. 48 * and use the CSR registers BBPCSR and RFCSR to achieve this.
49 * These indirect registers work with busy bits, 49 * These indirect registers work with busy bits,
50 * and we will try maximal REGISTER_BUSY_COUNT times to access 50 * and we will try maximal REGISTER_USB_BUSY_COUNT times to access
51 * the register while taking a REGISTER_BUSY_DELAY us delay 51 * the register while taking a REGISTER_BUSY_DELAY us delay
52 * between each attampt. When the busy bit is still set at that time, 52 * between each attampt. When the busy bit is still set at that time,
53 * the access attempt is considered to have failed, 53 * the access attempt is considered to have failed,
@@ -122,7 +122,7 @@ static int rt2500usb_regbusy_read(struct rt2x00_dev *rt2x00dev,
122{ 122{
123 unsigned int i; 123 unsigned int i;
124 124
125 for (i = 0; i < REGISTER_BUSY_COUNT; i++) { 125 for (i = 0; i < REGISTER_USB_BUSY_COUNT; i++) {
126 rt2500usb_register_read_lock(rt2x00dev, offset, reg); 126 rt2500usb_register_read_lock(rt2x00dev, offset, reg);
127 if (!rt2x00_get_field16(*reg, field)) 127 if (!rt2x00_get_field16(*reg, field))
128 return 1; 128 return 1;
@@ -904,7 +904,7 @@ static int rt2500usb_wait_bbp_ready(struct rt2x00_dev *rt2x00dev)
904 unsigned int i; 904 unsigned int i;
905 u8 value; 905 u8 value;
906 906
907 for (i = 0; i < REGISTER_BUSY_COUNT; i++) { 907 for (i = 0; i < REGISTER_USB_BUSY_COUNT; i++) {
908 rt2500usb_bbp_read(rt2x00dev, 0, &value); 908 rt2500usb_bbp_read(rt2x00dev, 0, &value);
909 if ((value != 0xff) && (value != 0x00)) 909 if ((value != 0xff) && (value != 0x00))
910 return 0; 910 return 0;
@@ -1023,7 +1023,7 @@ static int rt2500usb_set_state(struct rt2x00_dev *rt2x00dev,
1023 * We must wait until the register indicates that the 1023 * We must wait until the register indicates that the
1024 * device has entered the correct state. 1024 * device has entered the correct state.
1025 */ 1025 */
1026 for (i = 0; i < REGISTER_BUSY_COUNT; i++) { 1026 for (i = 0; i < REGISTER_USB_BUSY_COUNT; i++) {
1027 rt2500usb_register_read(rt2x00dev, MAC_CSR17, &reg2); 1027 rt2500usb_register_read(rt2x00dev, MAC_CSR17, &reg2);
1028 bbp_state = rt2x00_get_field16(reg2, MAC_CSR17_BBP_CURR_STATE); 1028 bbp_state = rt2x00_get_field16(reg2, MAC_CSR17_BBP_CURR_STATE);
1029 rf_state = rt2x00_get_field16(reg2, MAC_CSR17_RF_CURR_STATE); 1029 rf_state = rt2x00_get_field16(reg2, MAC_CSR17_RF_CURR_STATE);
diff --git a/drivers/net/wireless/rt2x00/rt2800lib.c b/drivers/net/wireless/rt2x00/rt2800lib.c
index 9f57a2db791c..81ee481487cf 100644
--- a/drivers/net/wireless/rt2x00/rt2800lib.c
+++ b/drivers/net/wireless/rt2x00/rt2800lib.c
@@ -4119,7 +4119,20 @@ static void rt2800_config_txpower_rt28xx(struct rt2x00_dev *rt2x00dev,
4119 * expected. We adjust it, based on TSSI reference and boundaries values 4119 * expected. We adjust it, based on TSSI reference and boundaries values
4120 * provided in EEPROM. 4120 * provided in EEPROM.
4121 */ 4121 */
4122 delta += rt2800_get_gain_calibration_delta(rt2x00dev); 4122 switch (rt2x00dev->chip.rt) {
4123 case RT2860:
4124 case RT2872:
4125 case RT2883:
4126 case RT3070:
4127 case RT3071:
4128 case RT3090:
4129 case RT3572:
4130 delta += rt2800_get_gain_calibration_delta(rt2x00dev);
4131 break;
4132 default:
4133 /* TODO: temperature compensation code for other chips. */
4134 break;
4135 }
4123 4136
4124 /* 4137 /*
4125 * Decrease power according to user settings, on devices with unknown 4138 * Decrease power according to user settings, on devices with unknown
@@ -4136,25 +4149,19 @@ static void rt2800_config_txpower_rt28xx(struct rt2x00_dev *rt2x00dev,
4136 * TODO: we do not use +6 dBm option to do not increase power beyond 4149 * TODO: we do not use +6 dBm option to do not increase power beyond
4137 * regulatory limit, however this could be utilized for devices with 4150 * regulatory limit, however this could be utilized for devices with
4138 * CAPABILITY_POWER_LIMIT. 4151 * CAPABILITY_POWER_LIMIT.
4139 * 4152 */
4140 * TODO: add different temperature compensation code for RT3290 & RT5390 4153 if (delta <= -12) {
4141 * to allow to use BBP_R1 for those chips. 4154 power_ctrl = 2;
4142 */ 4155 delta += 12;
4143 if (!rt2x00_rt(rt2x00dev, RT3290) && 4156 } else if (delta <= -6) {
4144 !rt2x00_rt(rt2x00dev, RT5390)) { 4157 power_ctrl = 1;
4145 rt2800_bbp_read(rt2x00dev, 1, &r1); 4158 delta += 6;
4146 if (delta <= -12) { 4159 } else {
4147 power_ctrl = 2; 4160 power_ctrl = 0;
4148 delta += 12;
4149 } else if (delta <= -6) {
4150 power_ctrl = 1;
4151 delta += 6;
4152 } else {
4153 power_ctrl = 0;
4154 }
4155 rt2x00_set_field8(&r1, BBP1_TX_POWER_CTRL, power_ctrl);
4156 rt2800_bbp_write(rt2x00dev, 1, r1);
4157 } 4161 }
4162 rt2800_bbp_read(rt2x00dev, 1, &r1);
4163 rt2x00_set_field8(&r1, BBP1_TX_POWER_CTRL, power_ctrl);
4164 rt2800_bbp_write(rt2x00dev, 1, r1);
4158 4165
4159 offset = TX_PWR_CFG_0; 4166 offset = TX_PWR_CFG_0;
4160 4167
diff --git a/drivers/net/wireless/rt2x00/rt2x00.h b/drivers/net/wireless/rt2x00/rt2x00.h
index 1ff81afb672c..9bb398bed9bb 100644
--- a/drivers/net/wireless/rt2x00/rt2x00.h
+++ b/drivers/net/wireless/rt2x00/rt2x00.h
@@ -1019,9 +1019,12 @@ struct rt2x00_bar_list_entry {
1019 * Register defines. 1019 * Register defines.
1020 * Some registers require multiple attempts before success, 1020 * Some registers require multiple attempts before success,
1021 * in those cases REGISTER_BUSY_COUNT attempts should be 1021 * in those cases REGISTER_BUSY_COUNT attempts should be
1022 * taken with a REGISTER_BUSY_DELAY interval. 1022 * taken with a REGISTER_BUSY_DELAY interval. Due to USB
1023 * bus delays, we do not have to loop so many times to wait
1024 * for valid register value on that bus.
1023 */ 1025 */
1024#define REGISTER_BUSY_COUNT 100 1026#define REGISTER_BUSY_COUNT 100
1027#define REGISTER_USB_BUSY_COUNT 20
1025#define REGISTER_BUSY_DELAY 100 1028#define REGISTER_BUSY_DELAY 100
1026 1029
1027/* 1030/*
diff --git a/drivers/net/wireless/rt2x00/rt2x00usb.c b/drivers/net/wireless/rt2x00/rt2x00usb.c
index dc85d3e0ffe5..892270dd3e7b 100644
--- a/drivers/net/wireless/rt2x00/rt2x00usb.c
+++ b/drivers/net/wireless/rt2x00/rt2x00usb.c
@@ -42,37 +42,27 @@ int rt2x00usb_vendor_request(struct rt2x00_dev *rt2x00dev,
42{ 42{
43 struct usb_device *usb_dev = to_usb_device_intf(rt2x00dev->dev); 43 struct usb_device *usb_dev = to_usb_device_intf(rt2x00dev->dev);
44 int status; 44 int status;
45 unsigned int i;
46 unsigned int pipe = 45 unsigned int pipe =
47 (requesttype == USB_VENDOR_REQUEST_IN) ? 46 (requesttype == USB_VENDOR_REQUEST_IN) ?
48 usb_rcvctrlpipe(usb_dev, 0) : usb_sndctrlpipe(usb_dev, 0); 47 usb_rcvctrlpipe(usb_dev, 0) : usb_sndctrlpipe(usb_dev, 0);
48 unsigned long expire = jiffies + msecs_to_jiffies(timeout);
49 49
50 if (!test_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags)) 50 if (!test_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags))
51 return -ENODEV; 51 return -ENODEV;
52 52
53 for (i = 0; i < REGISTER_BUSY_COUNT; i++) { 53 do {
54 status = usb_control_msg(usb_dev, pipe, request, requesttype, 54 status = usb_control_msg(usb_dev, pipe, request, requesttype,
55 value, offset, buffer, buffer_length, 55 value, offset, buffer, buffer_length,
56 timeout); 56 timeout / 2);
57 if (status >= 0) 57 if (status >= 0)
58 return 0; 58 return 0;
59 59
60 /* 60 if (status == -ENODEV) {
61 * Check for errors 61 /* Device has disappeared. */
62 * -ENODEV: Device has disappeared, no point continuing.
63 * All other errors: Try again.
64 */
65 else if (status == -ENODEV) {
66 clear_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags); 62 clear_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags);
67 break; 63 break;
68 } 64 }
69 } 65 } while (time_before(jiffies, expire));
70
71 /* If the port is powered down, we get a -EPROTO error, and this
72 * leads to a endless loop. So just say that the device is gone.
73 */
74 if (status == -EPROTO)
75 clear_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags);
76 66
77 rt2x00_err(rt2x00dev, 67 rt2x00_err(rt2x00dev,
78 "Vendor Request 0x%02x failed for offset 0x%04x with error %d\n", 68 "Vendor Request 0x%02x failed for offset 0x%04x with error %d\n",
@@ -154,7 +144,7 @@ int rt2x00usb_regbusy_read(struct rt2x00_dev *rt2x00dev,
154 if (!test_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags)) 144 if (!test_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags))
155 return -ENODEV; 145 return -ENODEV;
156 146
157 for (i = 0; i < REGISTER_BUSY_COUNT; i++) { 147 for (i = 0; i < REGISTER_USB_BUSY_COUNT; i++) {
158 rt2x00usb_register_read_lock(rt2x00dev, offset, reg); 148 rt2x00usb_register_read_lock(rt2x00dev, offset, reg);
159 if (!rt2x00_get_field32(*reg, field)) 149 if (!rt2x00_get_field32(*reg, field))
160 return 1; 150 return 1;
diff --git a/drivers/net/wireless/rt2x00/rt2x00usb.h b/drivers/net/wireless/rt2x00/rt2x00usb.h
index 819690e978c0..8f85fbd5f237 100644
--- a/drivers/net/wireless/rt2x00/rt2x00usb.h
+++ b/drivers/net/wireless/rt2x00/rt2x00usb.h
@@ -38,7 +38,7 @@
38 * a higher value is required. In that case we use the REGISTER_TIMEOUT_FIRMWARE 38 * a higher value is required. In that case we use the REGISTER_TIMEOUT_FIRMWARE
39 * and EEPROM_TIMEOUT. 39 * and EEPROM_TIMEOUT.
40 */ 40 */
41#define REGISTER_TIMEOUT 500 41#define REGISTER_TIMEOUT 100
42#define REGISTER_TIMEOUT_FIRMWARE 1000 42#define REGISTER_TIMEOUT_FIRMWARE 1000
43#define EEPROM_TIMEOUT 2000 43#define EEPROM_TIMEOUT 2000
44 44
diff --git a/drivers/net/wireless/rt2x00/rt73usb.c b/drivers/net/wireless/rt2x00/rt73usb.c
index 95724ff9c726..a5458cf01fb2 100644
--- a/drivers/net/wireless/rt2x00/rt73usb.c
+++ b/drivers/net/wireless/rt2x00/rt73usb.c
@@ -1295,7 +1295,7 @@ static int rt73usb_wait_bbp_ready(struct rt2x00_dev *rt2x00dev)
1295 unsigned int i; 1295 unsigned int i;
1296 u8 value; 1296 u8 value;
1297 1297
1298 for (i = 0; i < REGISTER_BUSY_COUNT; i++) { 1298 for (i = 0; i < REGISTER_USB_BUSY_COUNT; i++) {
1299 rt73usb_bbp_read(rt2x00dev, 0, &value); 1299 rt73usb_bbp_read(rt2x00dev, 0, &value);
1300 if ((value != 0xff) && (value != 0x00)) 1300 if ((value != 0xff) && (value != 0x00))
1301 return 0; 1301 return 0;
diff --git a/drivers/net/wireless/rtlwifi/core.c b/drivers/net/wireless/rtlwifi/core.c
index af52f0bdb71e..5fc6f52641bd 100644
--- a/drivers/net/wireless/rtlwifi/core.c
+++ b/drivers/net/wireless/rtlwifi/core.c
@@ -786,6 +786,7 @@ static void rtl_op_configure_filter(struct ieee80211_hw *hw,
786 unsigned int changed_flags, 786 unsigned int changed_flags,
787 unsigned int *new_flags, u64 multicast) 787 unsigned int *new_flags, u64 multicast)
788{ 788{
789 bool update_rcr = false;
789 struct rtl_priv *rtlpriv = rtl_priv(hw); 790 struct rtl_priv *rtlpriv = rtl_priv(hw);
790 struct rtl_mac *mac = rtl_mac(rtl_priv(hw)); 791 struct rtl_mac *mac = rtl_mac(rtl_priv(hw));
791 792
@@ -806,6 +807,7 @@ static void rtl_op_configure_filter(struct ieee80211_hw *hw,
806 RT_TRACE(rtlpriv, COMP_MAC80211, DBG_LOUD, 807 RT_TRACE(rtlpriv, COMP_MAC80211, DBG_LOUD,
807 "Disable receive multicast frame\n"); 808 "Disable receive multicast frame\n");
808 } 809 }
810 update_rcr = true;
809 } 811 }
810 812
811 if (changed_flags & FIF_FCSFAIL) { 813 if (changed_flags & FIF_FCSFAIL) {
@@ -818,6 +820,8 @@ static void rtl_op_configure_filter(struct ieee80211_hw *hw,
818 RT_TRACE(rtlpriv, COMP_MAC80211, DBG_LOUD, 820 RT_TRACE(rtlpriv, COMP_MAC80211, DBG_LOUD,
819 "Disable receive FCS error frame\n"); 821 "Disable receive FCS error frame\n");
820 } 822 }
823 if (!update_rcr)
824 update_rcr = true;
821 } 825 }
822 826
823 /* if ssid not set to hw don't check bssid 827 /* if ssid not set to hw don't check bssid
@@ -832,6 +836,8 @@ static void rtl_op_configure_filter(struct ieee80211_hw *hw,
832 rtlpriv->cfg->ops->set_chk_bssid(hw, false); 836 rtlpriv->cfg->ops->set_chk_bssid(hw, false);
833 else 837 else
834 rtlpriv->cfg->ops->set_chk_bssid(hw, true); 838 rtlpriv->cfg->ops->set_chk_bssid(hw, true);
839 if (update_rcr)
840 update_rcr = false;
835 } 841 }
836 } 842 }
837 843
@@ -846,6 +852,8 @@ static void rtl_op_configure_filter(struct ieee80211_hw *hw,
846 RT_TRACE(rtlpriv, COMP_MAC80211, DBG_LOUD, 852 RT_TRACE(rtlpriv, COMP_MAC80211, DBG_LOUD,
847 "Disable receive control frame.\n"); 853 "Disable receive control frame.\n");
848 } 854 }
855 if (!update_rcr)
856 update_rcr = true;
849 } 857 }
850 858
851 if (changed_flags & FIF_OTHER_BSS) { 859 if (changed_flags & FIF_OTHER_BSS) {
@@ -858,7 +866,13 @@ static void rtl_op_configure_filter(struct ieee80211_hw *hw,
858 RT_TRACE(rtlpriv, COMP_MAC80211, DBG_LOUD, 866 RT_TRACE(rtlpriv, COMP_MAC80211, DBG_LOUD,
859 "Disable receive other BSS's frame.\n"); 867 "Disable receive other BSS's frame.\n");
860 } 868 }
869 if (!update_rcr)
870 update_rcr = true;
861 } 871 }
872
873 if (update_rcr)
874 rtlpriv->cfg->ops->set_hw_reg(hw, HW_VAR_RCR,
875 (u8 *)(&mac->rx_conf));
862} 876}
863static int rtl_op_sta_add(struct ieee80211_hw *hw, 877static int rtl_op_sta_add(struct ieee80211_hw *hw,
864 struct ieee80211_vif *vif, 878 struct ieee80211_vif *vif,
diff --git a/drivers/net/wireless/rtlwifi/rtl8192ce/hw.c b/drivers/net/wireless/rtlwifi/rtl8192ce/hw.c
index 55357d69397a..d2ec5160bbf0 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192ce/hw.c
+++ b/drivers/net/wireless/rtlwifi/rtl8192ce/hw.c
@@ -1287,6 +1287,7 @@ void rtl92ce_enable_interrupt(struct ieee80211_hw *hw)
1287 1287
1288 rtl_write_dword(rtlpriv, REG_HIMR, rtlpci->irq_mask[0] & 0xFFFFFFFF); 1288 rtl_write_dword(rtlpriv, REG_HIMR, rtlpci->irq_mask[0] & 0xFFFFFFFF);
1289 rtl_write_dword(rtlpriv, REG_HIMRE, rtlpci->irq_mask[1] & 0xFFFFFFFF); 1289 rtl_write_dword(rtlpriv, REG_HIMRE, rtlpci->irq_mask[1] & 0xFFFFFFFF);
1290 rtlpci->irq_enabled = true;
1290} 1291}
1291 1292
1292void rtl92ce_disable_interrupt(struct ieee80211_hw *hw) 1293void rtl92ce_disable_interrupt(struct ieee80211_hw *hw)
@@ -1296,7 +1297,7 @@ void rtl92ce_disable_interrupt(struct ieee80211_hw *hw)
1296 1297
1297 rtl_write_dword(rtlpriv, REG_HIMR, IMR8190_DISABLED); 1298 rtl_write_dword(rtlpriv, REG_HIMR, IMR8190_DISABLED);
1298 rtl_write_dword(rtlpriv, REG_HIMRE, IMR8190_DISABLED); 1299 rtl_write_dword(rtlpriv, REG_HIMRE, IMR8190_DISABLED);
1299 synchronize_irq(rtlpci->pdev->irq); 1300 rtlpci->irq_enabled = false;
1300} 1301}
1301 1302
1302static void _rtl92ce_poweroff_adapter(struct ieee80211_hw *hw) 1303static void _rtl92ce_poweroff_adapter(struct ieee80211_hw *hw)
diff --git a/drivers/net/wireless/rtlwifi/rtl8192ce/sw.c b/drivers/net/wireless/rtlwifi/rtl8192ce/sw.c
index 46ea07605eb4..dd5aa089126a 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192ce/sw.c
+++ b/drivers/net/wireless/rtlwifi/rtl8192ce/sw.c
@@ -228,6 +228,7 @@ static struct rtl_hal_ops rtl8192ce_hal_ops = {
228 .led_control = rtl92ce_led_control, 228 .led_control = rtl92ce_led_control,
229 .set_desc = rtl92ce_set_desc, 229 .set_desc = rtl92ce_set_desc,
230 .get_desc = rtl92ce_get_desc, 230 .get_desc = rtl92ce_get_desc,
231 .is_tx_desc_closed = rtl92ce_is_tx_desc_closed,
231 .tx_polling = rtl92ce_tx_polling, 232 .tx_polling = rtl92ce_tx_polling,
232 .enable_hw_sec = rtl92ce_enable_hw_security_config, 233 .enable_hw_sec = rtl92ce_enable_hw_security_config,
233 .set_key = rtl92ce_set_key, 234 .set_key = rtl92ce_set_key,
@@ -271,6 +272,8 @@ static struct rtl_hal_cfg rtl92ce_hal_cfg = {
271 .maps[MAC_RCR_ACRC32] = ACRC32, 272 .maps[MAC_RCR_ACRC32] = ACRC32,
272 .maps[MAC_RCR_ACF] = ACF, 273 .maps[MAC_RCR_ACF] = ACF,
273 .maps[MAC_RCR_AAP] = AAP, 274 .maps[MAC_RCR_AAP] = AAP,
275 .maps[MAC_HIMR] = REG_HIMR,
276 .maps[MAC_HIMRE] = REG_HIMRE,
274 277
275 .maps[EFUSE_TEST] = REG_EFUSE_TEST, 278 .maps[EFUSE_TEST] = REG_EFUSE_TEST,
276 .maps[EFUSE_CTRL] = REG_EFUSE_CTRL, 279 .maps[EFUSE_CTRL] = REG_EFUSE_CTRL,
diff --git a/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c b/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c
index dc3d20b17a26..e88dcd0e0af1 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c
+++ b/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c
@@ -720,16 +720,15 @@ u32 rtl92ce_get_desc(u8 *p_desc, bool istx, u8 desc_name)
720 break; 720 break;
721 } 721 }
722 } else { 722 } else {
723 struct rx_desc_92c *pdesc = (struct rx_desc_92c *)p_desc;
724 switch (desc_name) { 723 switch (desc_name) {
725 case HW_DESC_OWN: 724 case HW_DESC_OWN:
726 ret = GET_RX_DESC_OWN(pdesc); 725 ret = GET_RX_DESC_OWN(p_desc);
727 break; 726 break;
728 case HW_DESC_RXPKT_LEN: 727 case HW_DESC_RXPKT_LEN:
729 ret = GET_RX_DESC_PKT_LEN(pdesc); 728 ret = GET_RX_DESC_PKT_LEN(p_desc);
730 break; 729 break;
731 case HW_DESC_RXBUFF_ADDR: 730 case HW_DESC_RXBUFF_ADDR:
732 ret = GET_RX_STATUS_DESC_BUFF_ADDR(pdesc); 731 ret = GET_RX_DESC_BUFF_ADDR(p_desc);
733 break; 732 break;
734 default: 733 default:
735 RT_ASSERT(false, "ERR rxdesc :%d not process\n", 734 RT_ASSERT(false, "ERR rxdesc :%d not process\n",
@@ -740,6 +739,23 @@ u32 rtl92ce_get_desc(u8 *p_desc, bool istx, u8 desc_name)
740 return ret; 739 return ret;
741} 740}
742 741
742bool rtl92ce_is_tx_desc_closed(struct ieee80211_hw *hw,
743 u8 hw_queue, u16 index)
744{
745 struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw));
746 struct rtl8192_tx_ring *ring = &rtlpci->tx_ring[hw_queue];
747 u8 *entry = (u8 *)(&ring->desc[ring->idx]);
748 u8 own = (u8)rtl92ce_get_desc(entry, true, HW_DESC_OWN);
749
750 /*beacon packet will only use the first
751 *descriptor defautly,and the own may not
752 *be cleared by the hardware
753 */
754 if (own)
755 return false;
756 return true;
757}
758
743void rtl92ce_tx_polling(struct ieee80211_hw *hw, u8 hw_queue) 759void rtl92ce_tx_polling(struct ieee80211_hw *hw, u8 hw_queue)
744{ 760{
745 struct rtl_priv *rtlpriv = rtl_priv(hw); 761 struct rtl_priv *rtlpriv = rtl_priv(hw);
diff --git a/drivers/net/wireless/rtlwifi/rtl8192ce/trx.h b/drivers/net/wireless/rtlwifi/rtl8192ce/trx.h
index 9a39ec4204dd..4bec4b07e3e0 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192ce/trx.h
+++ b/drivers/net/wireless/rtlwifi/rtl8192ce/trx.h
@@ -723,6 +723,8 @@ bool rtl92ce_rx_query_desc(struct ieee80211_hw *hw,
723void rtl92ce_set_desc(struct ieee80211_hw *hw, u8 *pdesc, bool istx, 723void rtl92ce_set_desc(struct ieee80211_hw *hw, u8 *pdesc, bool istx,
724 u8 desc_name, u8 *val); 724 u8 desc_name, u8 *val);
725u32 rtl92ce_get_desc(u8 *pdesc, bool istx, u8 desc_name); 725u32 rtl92ce_get_desc(u8 *pdesc, bool istx, u8 desc_name);
726bool rtl92ce_is_tx_desc_closed(struct ieee80211_hw *hw,
727 u8 hw_queue, u16 index);
726void rtl92ce_tx_polling(struct ieee80211_hw *hw, u8 hw_queue); 728void rtl92ce_tx_polling(struct ieee80211_hw *hw, u8 hw_queue);
727void rtl92ce_tx_fill_cmddesc(struct ieee80211_hw *hw, u8 *pdesc, 729void rtl92ce_tx_fill_cmddesc(struct ieee80211_hw *hw, u8 *pdesc,
728 bool b_firstseg, bool b_lastseg, 730 bool b_firstseg, bool b_lastseg,
diff --git a/drivers/net/wireless/rtlwifi/rtl8192ee/Makefile b/drivers/net/wireless/rtlwifi/rtl8192ee/Makefile
index 11952b99daf8..0315eeda9b60 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192ee/Makefile
+++ b/drivers/net/wireless/rtlwifi/rtl8192ee/Makefile
@@ -1,6 +1,3 @@
1obj-m := rtl8192ee.o
2
3
4rtl8192ee-objs := \ 1rtl8192ee-objs := \
5 dm.o \ 2 dm.o \
6 fw.o \ 3 fw.o \
@@ -14,6 +11,6 @@ rtl8192ee-objs := \
14 trx.o \ 11 trx.o \
15 12
16 13
17obj-$(CONFIG_RTL8821AE) += rtl8192ee.o 14obj-$(CONFIG_RTL8192EE) += rtl8192ee.o
18 15
19ccflags-y += -D__CHECK_ENDIAN__ 16ccflags-y += -D__CHECK_ENDIAN__
diff --git a/drivers/net/wireless/rtlwifi/rtl8723ae/Makefile b/drivers/net/wireless/rtlwifi/rtl8723ae/Makefile
index 9c34a85fdb89..6220672a96f4 100644
--- a/drivers/net/wireless/rtlwifi/rtl8723ae/Makefile
+++ b/drivers/net/wireless/rtlwifi/rtl8723ae/Makefile
@@ -1,6 +1,3 @@
1obj-m := rtl8723ae.o
2
3
4rtl8723ae-objs := \ 1rtl8723ae-objs := \
5 dm.o \ 2 dm.o \
6 fw.o \ 3 fw.o \
diff --git a/drivers/net/wireless/rtlwifi/rtl8723be/Makefile b/drivers/net/wireless/rtlwifi/rtl8723be/Makefile
index 59e416abd93a..a77c34102792 100644
--- a/drivers/net/wireless/rtlwifi/rtl8723be/Makefile
+++ b/drivers/net/wireless/rtlwifi/rtl8723be/Makefile
@@ -1,6 +1,3 @@
1obj-m := rtl8723be.o
2
3
4rtl8723be-objs := \ 1rtl8723be-objs := \
5 dm.o \ 2 dm.o \
6 fw.o \ 3 fw.o \
diff --git a/drivers/net/wireless/rtlwifi/rtl8821ae/Makefile b/drivers/net/wireless/rtlwifi/rtl8821ae/Makefile
index 87ad604a1eb3..f7a26f71197e 100644
--- a/drivers/net/wireless/rtlwifi/rtl8821ae/Makefile
+++ b/drivers/net/wireless/rtlwifi/rtl8821ae/Makefile
@@ -1,6 +1,3 @@
1obj-m := rtl8821ae.o
2
3
4rtl8821ae-objs := \ 1rtl8821ae-objs := \
5 dm.o \ 2 dm.o \
6 fw.o \ 3 fw.o \
diff --git a/drivers/net/wireless/ti/wlcore/event.c b/drivers/net/wireless/ti/wlcore/event.c
index 16d10281798d..5153640f4532 100644
--- a/drivers/net/wireless/ti/wlcore/event.c
+++ b/drivers/net/wireless/ti/wlcore/event.c
@@ -259,10 +259,7 @@ void wlcore_event_beacon_loss(struct wl1271 *wl, unsigned long roles_bitmap)
259 &wlvif->connection_loss_work, 259 &wlvif->connection_loss_work,
260 msecs_to_jiffies(delay)); 260 msecs_to_jiffies(delay));
261 261
262 ieee80211_cqm_rssi_notify( 262 ieee80211_cqm_beacon_loss_notify(vif, GFP_KERNEL);
263 vif,
264 NL80211_CQM_RSSI_BEACON_LOSS_EVENT,
265 GFP_KERNEL);
266 } 263 }
267} 264}
268EXPORT_SYMBOL_GPL(wlcore_event_beacon_loss); 265EXPORT_SYMBOL_GPL(wlcore_event_beacon_loss);
diff --git a/drivers/nfc/pn544/i2c.c b/drivers/nfc/pn544/i2c.c
index 440291ab7263..fc02e8d6a193 100644
--- a/drivers/nfc/pn544/i2c.c
+++ b/drivers/nfc/pn544/i2c.c
@@ -29,8 +29,8 @@
29#include <linux/delay.h> 29#include <linux/delay.h>
30#include <linux/nfc.h> 30#include <linux/nfc.h>
31#include <linux/firmware.h> 31#include <linux/firmware.h>
32#include <linux/unaligned/access_ok.h>
33#include <linux/platform_data/pn544.h> 32#include <linux/platform_data/pn544.h>
33#include <asm/unaligned.h>
34 34
35#include <net/nfc/hci.h> 35#include <net/nfc/hci.h>
36#include <net/nfc/llc.h> 36#include <net/nfc/llc.h>
diff --git a/drivers/nfc/st21nfca/i2c.c b/drivers/nfc/st21nfca/i2c.c
index 0ea756b77519..05722085a59f 100644
--- a/drivers/nfc/st21nfca/i2c.c
+++ b/drivers/nfc/st21nfca/i2c.c
@@ -28,8 +28,8 @@
28#include <linux/delay.h> 28#include <linux/delay.h>
29#include <linux/nfc.h> 29#include <linux/nfc.h>
30#include <linux/firmware.h> 30#include <linux/firmware.h>
31#include <linux/unaligned/access_ok.h>
32#include <linux/platform_data/st21nfca.h> 31#include <linux/platform_data/st21nfca.h>
32#include <asm/unaligned.h>
33 33
34#include <net/nfc/hci.h> 34#include <net/nfc/hci.h>
35#include <net/nfc/llc.h> 35#include <net/nfc/llc.h>
@@ -72,7 +72,6 @@ struct st21nfca_i2c_phy {
72 struct nfc_hci_dev *hdev; 72 struct nfc_hci_dev *hdev;
73 73
74 unsigned int gpio_ena; 74 unsigned int gpio_ena;
75 unsigned int gpio_irq;
76 unsigned int irq_polarity; 75 unsigned int irq_polarity;
77 76
78 struct sk_buff *pending_skb; 77 struct sk_buff *pending_skb;
@@ -531,20 +530,12 @@ static int st21nfca_hci_i2c_of_request_resources(struct i2c_client *client)
531 "clf_enable"); 530 "clf_enable");
532 if (r) { 531 if (r) {
533 nfc_err(&client->dev, "Failed to request enable pin\n"); 532 nfc_err(&client->dev, "Failed to request enable pin\n");
534 return -ENODEV; 533 return r;
535 } 534 }
536 535
537 phy->gpio_ena = gpio; 536 phy->gpio_ena = gpio;
538 537
539 /* IRQ */ 538 phy->irq_polarity = irq_get_trigger_type(client->irq);
540 r = irq_of_parse_and_map(pp, 0);
541 if (r < 0) {
542 nfc_err(&client->dev, "Unable to get irq, error: %d\n", r);
543 return r;
544 }
545
546 phy->irq_polarity = irq_get_trigger_type(r);
547 client->irq = r;
548 539
549 return 0; 540 return 0;
550} 541}
@@ -560,7 +551,6 @@ static int st21nfca_hci_i2c_request_resources(struct i2c_client *client)
560 struct st21nfca_nfc_platform_data *pdata; 551 struct st21nfca_nfc_platform_data *pdata;
561 struct st21nfca_i2c_phy *phy = i2c_get_clientdata(client); 552 struct st21nfca_i2c_phy *phy = i2c_get_clientdata(client);
562 int r; 553 int r;
563 int irq;
564 554
565 pdata = client->dev.platform_data; 555 pdata = client->dev.platform_data;
566 if (pdata == NULL) { 556 if (pdata == NULL) {
@@ -569,36 +559,18 @@ static int st21nfca_hci_i2c_request_resources(struct i2c_client *client)
569 } 559 }
570 560
571 /* store for later use */ 561 /* store for later use */
572 phy->gpio_irq = pdata->gpio_irq;
573 phy->gpio_ena = pdata->gpio_ena; 562 phy->gpio_ena = pdata->gpio_ena;
574 phy->irq_polarity = pdata->irq_polarity; 563 phy->irq_polarity = pdata->irq_polarity;
575 564
576 r = devm_gpio_request_one(&client->dev, phy->gpio_irq, GPIOF_IN,
577 "wake_up");
578 if (r) {
579 pr_err("%s : gpio_request failed\n", __FILE__);
580 return -ENODEV;
581 }
582
583 if (phy->gpio_ena > 0) { 565 if (phy->gpio_ena > 0) {
584 r = devm_gpio_request_one(&client->dev, phy->gpio_ena, 566 r = devm_gpio_request_one(&client->dev, phy->gpio_ena,
585 GPIOF_OUT_INIT_HIGH, "clf_enable"); 567 GPIOF_OUT_INIT_HIGH, "clf_enable");
586 if (r) { 568 if (r) {
587 pr_err("%s : ena gpio_request failed\n", __FILE__); 569 pr_err("%s : ena gpio_request failed\n", __FILE__);
588 return -ENODEV; 570 return r;
589 } 571 }
590 } 572 }
591 573
592 /* IRQ */
593 irq = gpio_to_irq(phy->gpio_irq);
594 if (irq < 0) {
595 nfc_err(&client->dev,
596 "Unable to get irq number for GPIO %d error %d\n",
597 phy->gpio_irq, r);
598 return -ENODEV;
599 }
600 client->irq = irq;
601
602 return 0; 574 return 0;
603} 575}
604 576
@@ -656,7 +628,7 @@ static int st21nfca_hci_i2c_probe(struct i2c_client *client,
656 r = st21nfca_hci_platform_init(phy); 628 r = st21nfca_hci_platform_init(phy);
657 if (r < 0) { 629 if (r < 0) {
658 nfc_err(&client->dev, "Unable to reboot st21nfca\n"); 630 nfc_err(&client->dev, "Unable to reboot st21nfca\n");
659 return -ENODEV; 631 return r;
660 } 632 }
661 633
662 r = devm_request_threaded_irq(&client->dev, client->irq, NULL, 634 r = devm_request_threaded_irq(&client->dev, client->irq, NULL,
@@ -687,10 +659,13 @@ static int st21nfca_hci_i2c_remove(struct i2c_client *client)
687 return 0; 659 return 0;
688} 660}
689 661
662#ifdef CONFIG_OF
690static const struct of_device_id of_st21nfca_i2c_match[] = { 663static const struct of_device_id of_st21nfca_i2c_match[] = {
691 { .compatible = "st,st21nfca_i2c", }, 664 { .compatible = "st,st21nfca_i2c", },
692 {} 665 {}
693}; 666};
667MODULE_DEVICE_TABLE(of, of_st21nfca_i2c_match);
668#endif
694 669
695static struct i2c_driver st21nfca_hci_i2c_driver = { 670static struct i2c_driver st21nfca_hci_i2c_driver = {
696 .driver = { 671 .driver = {
diff --git a/drivers/nfc/st21nfca/st21nfca.c b/drivers/nfc/st21nfca/st21nfca.c
index a89e56c2c749..f2596c8d68b0 100644
--- a/drivers/nfc/st21nfca/st21nfca.c
+++ b/drivers/nfc/st21nfca/st21nfca.c
@@ -77,10 +77,6 @@
77 ((p & 0x0f) == (ST21NFCA_DM_PIPE_CREATED | ST21NFCA_DM_PIPE_OPEN)) 77 ((p & 0x0f) == (ST21NFCA_DM_PIPE_CREATED | ST21NFCA_DM_PIPE_OPEN))
78 78
79#define ST21NFCA_NFC_MODE 0x03 /* NFC_MODE parameter*/ 79#define ST21NFCA_NFC_MODE 0x03 /* NFC_MODE parameter*/
80#define ST21NFCA_EVT_FIELD_ON 0x11
81#define ST21NFCA_EVT_CARD_DEACTIVATED 0x12
82#define ST21NFCA_EVT_CARD_ACTIVATED 0x13
83#define ST21NFCA_EVT_FIELD_OFF 0x14
84 80
85static DECLARE_BITMAP(dev_mask, ST21NFCA_NUM_DEVICES); 81static DECLARE_BITMAP(dev_mask, ST21NFCA_NUM_DEVICES);
86 82
@@ -841,31 +837,11 @@ static int st21nfca_hci_check_presence(struct nfc_hci_dev *hdev,
841static int st21nfca_hci_event_received(struct nfc_hci_dev *hdev, u8 gate, 837static int st21nfca_hci_event_received(struct nfc_hci_dev *hdev, u8 gate,
842 u8 event, struct sk_buff *skb) 838 u8 event, struct sk_buff *skb)
843{ 839{
844 int r; 840 pr_debug("hci event: %d gate: %x\n", event, gate);
845 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
846
847 pr_debug("hci event: %d\n", event);
848 841
849 switch (event) { 842 switch (gate) {
850 case ST21NFCA_EVT_CARD_ACTIVATED: 843 case ST21NFCA_RF_CARD_F_GATE:
851 if (gate == ST21NFCA_RF_CARD_F_GATE) 844 return st21nfca_dep_event_received(hdev, event, skb);
852 info->dep_info.curr_nfc_dep_pni = 0;
853 break;
854 case ST21NFCA_EVT_CARD_DEACTIVATED:
855 break;
856 case ST21NFCA_EVT_FIELD_ON:
857 break;
858 case ST21NFCA_EVT_FIELD_OFF:
859 break;
860 case ST21NFCA_EVT_SEND_DATA:
861 if (gate == ST21NFCA_RF_CARD_F_GATE) {
862 r = st21nfca_tm_event_send_data(hdev, skb, gate);
863 if (r < 0)
864 return r;
865 return 0;
866 }
867 info->dep_info.curr_nfc_dep_pni = 0;
868 return 1;
869 default: 845 default:
870 return 1; 846 return 1;
871 } 847 }
diff --git a/drivers/nfc/st21nfca/st21nfca.h b/drivers/nfc/st21nfca/st21nfca.h
index a0b77f1ba6d9..7c2a85292230 100644
--- a/drivers/nfc/st21nfca/st21nfca.h
+++ b/drivers/nfc/st21nfca/st21nfca.h
@@ -85,6 +85,4 @@ struct st21nfca_hci_info {
85 85
86#define ST21NFCA_RF_CARD_F_GATE 0x24 86#define ST21NFCA_RF_CARD_F_GATE 0x24
87 87
88#define ST21NFCA_EVT_SEND_DATA 0x10
89
90#endif /* __LOCAL_ST21NFCA_H_ */ 88#endif /* __LOCAL_ST21NFCA_H_ */
diff --git a/drivers/nfc/st21nfca/st21nfca_dep.c b/drivers/nfc/st21nfca/st21nfca_dep.c
index bfb6df56c505..8882181d65de 100644
--- a/drivers/nfc/st21nfca/st21nfca_dep.c
+++ b/drivers/nfc/st21nfca/st21nfca_dep.c
@@ -49,6 +49,12 @@
49#define ST21NFCA_LR_BITS_PAYLOAD_SIZE_254B 0x30 49#define ST21NFCA_LR_BITS_PAYLOAD_SIZE_254B 0x30
50#define ST21NFCA_GB_BIT 0x02 50#define ST21NFCA_GB_BIT 0x02
51 51
52#define ST21NFCA_EVT_SEND_DATA 0x10
53#define ST21NFCA_EVT_FIELD_ON 0x11
54#define ST21NFCA_EVT_CARD_DEACTIVATED 0x12
55#define ST21NFCA_EVT_CARD_ACTIVATED 0x13
56#define ST21NFCA_EVT_FIELD_OFF 0x14
57
52#define ST21NFCA_EVT_CARD_F_BITRATE 0x16 58#define ST21NFCA_EVT_CARD_F_BITRATE 0x16
53#define ST21NFCA_EVT_READER_F_BITRATE 0x13 59#define ST21NFCA_EVT_READER_F_BITRATE 0x13
54#define ST21NFCA_PSL_REQ_SEND_SPEED(brs) (brs & 0x38) 60#define ST21NFCA_PSL_REQ_SEND_SPEED(brs) (brs & 0x38)
@@ -372,8 +378,8 @@ exit:
372 return r; 378 return r;
373} 379}
374 380
375int st21nfca_tm_event_send_data(struct nfc_hci_dev *hdev, struct sk_buff *skb, 381static int st21nfca_tm_event_send_data(struct nfc_hci_dev *hdev,
376 u8 gate) 382 struct sk_buff *skb)
377{ 383{
378 u8 cmd0, cmd1; 384 u8 cmd0, cmd1;
379 int r; 385 int r;
@@ -400,7 +406,42 @@ int st21nfca_tm_event_send_data(struct nfc_hci_dev *hdev, struct sk_buff *skb,
400 } 406 }
401 return r; 407 return r;
402} 408}
403EXPORT_SYMBOL(st21nfca_tm_event_send_data); 409
410/*
411 * Returns:
412 * <= 0: driver handled the event, skb consumed
413 * 1: driver does not handle the event, please do standard processing
414 */
415int st21nfca_dep_event_received(struct nfc_hci_dev *hdev,
416 u8 event, struct sk_buff *skb)
417{
418 int r = 0;
419 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
420
421 pr_debug("dep event: %d\n", event);
422
423 switch (event) {
424 case ST21NFCA_EVT_CARD_ACTIVATED:
425 info->dep_info.curr_nfc_dep_pni = 0;
426 break;
427 case ST21NFCA_EVT_CARD_DEACTIVATED:
428 break;
429 case ST21NFCA_EVT_FIELD_ON:
430 break;
431 case ST21NFCA_EVT_FIELD_OFF:
432 break;
433 case ST21NFCA_EVT_SEND_DATA:
434 r = st21nfca_tm_event_send_data(hdev, skb);
435 if (r < 0)
436 return r;
437 return 0;
438 default:
439 return 1;
440 }
441 kfree_skb(skb);
442 return r;
443}
444EXPORT_SYMBOL(st21nfca_dep_event_received);
404 445
405static void st21nfca_im_send_psl_req(struct nfc_hci_dev *hdev, u8 did, u8 bsi, 446static void st21nfca_im_send_psl_req(struct nfc_hci_dev *hdev, u8 did, u8 bsi,
406 u8 bri, u8 lri) 447 u8 bri, u8 lri)
diff --git a/drivers/nfc/st21nfca/st21nfca_dep.h b/drivers/nfc/st21nfca/st21nfca_dep.h
index ca213dee9c6e..baf4664b4fc4 100644
--- a/drivers/nfc/st21nfca/st21nfca_dep.h
+++ b/drivers/nfc/st21nfca/st21nfca_dep.h
@@ -32,8 +32,8 @@ struct st21nfca_dep_info {
32 u8 lri; 32 u8 lri;
33} __packed; 33} __packed;
34 34
35int st21nfca_tm_event_send_data(struct nfc_hci_dev *hdev, struct sk_buff *skb, 35int st21nfca_dep_event_received(struct nfc_hci_dev *hdev,
36 u8 gate); 36 u8 event, struct sk_buff *skb);
37int st21nfca_tm_send_dep_res(struct nfc_hci_dev *hdev, struct sk_buff *skb); 37int st21nfca_tm_send_dep_res(struct nfc_hci_dev *hdev, struct sk_buff *skb);
38 38
39int st21nfca_im_send_atr_req(struct nfc_hci_dev *hdev, u8 *gb, size_t gb_len); 39int st21nfca_im_send_atr_req(struct nfc_hci_dev *hdev, u8 *gb, size_t gb_len);
diff --git a/drivers/nfc/st21nfcb/i2c.c b/drivers/nfc/st21nfcb/i2c.c
index c5d2427a3db2..01ba865863ee 100644
--- a/drivers/nfc/st21nfcb/i2c.c
+++ b/drivers/nfc/st21nfcb/i2c.c
@@ -50,7 +50,6 @@ struct st21nfcb_i2c_phy {
50 struct i2c_client *i2c_dev; 50 struct i2c_client *i2c_dev;
51 struct llt_ndlc *ndlc; 51 struct llt_ndlc *ndlc;
52 52
53 unsigned int gpio_irq;
54 unsigned int gpio_reset; 53 unsigned int gpio_reset;
55 unsigned int irq_polarity; 54 unsigned int irq_polarity;
56 55
@@ -81,8 +80,6 @@ static void st21nfcb_nci_i2c_disable(void *phy_id)
81{ 80{
82 struct st21nfcb_i2c_phy *phy = phy_id; 81 struct st21nfcb_i2c_phy *phy = phy_id;
83 82
84 pr_info("\n");
85
86 phy->powered = 0; 83 phy->powered = 0;
87 /* reset chip in order to flush clf */ 84 /* reset chip in order to flush clf */
88 gpio_set_value(phy->gpio_reset, 0); 85 gpio_set_value(phy->gpio_reset, 0);
@@ -258,19 +255,11 @@ static int st21nfcb_nci_i2c_of_request_resources(struct i2c_client *client)
258 GPIOF_OUT_INIT_HIGH, "clf_reset"); 255 GPIOF_OUT_INIT_HIGH, "clf_reset");
259 if (r) { 256 if (r) {
260 nfc_err(&client->dev, "Failed to request reset pin\n"); 257 nfc_err(&client->dev, "Failed to request reset pin\n");
261 return -ENODEV;
262 }
263 phy->gpio_reset = gpio;
264
265 /* IRQ */
266 r = irq_of_parse_and_map(pp, 0);
267 if (r < 0) {
268 nfc_err(&client->dev, "Unable to get irq, error: %d\n", r);
269 return r; 258 return r;
270 } 259 }
260 phy->gpio_reset = gpio;
271 261
272 phy->irq_polarity = irq_get_trigger_type(r); 262 phy->irq_polarity = irq_get_trigger_type(client->irq);
273 client->irq = r;
274 263
275 return 0; 264 return 0;
276} 265}
@@ -286,7 +275,6 @@ static int st21nfcb_nci_i2c_request_resources(struct i2c_client *client)
286 struct st21nfcb_nfc_platform_data *pdata; 275 struct st21nfcb_nfc_platform_data *pdata;
287 struct st21nfcb_i2c_phy *phy = i2c_get_clientdata(client); 276 struct st21nfcb_i2c_phy *phy = i2c_get_clientdata(client);
288 int r; 277 int r;
289 int irq;
290 278
291 pdata = client->dev.platform_data; 279 pdata = client->dev.platform_data;
292 if (pdata == NULL) { 280 if (pdata == NULL) {
@@ -295,33 +283,15 @@ static int st21nfcb_nci_i2c_request_resources(struct i2c_client *client)
295 } 283 }
296 284
297 /* store for later use */ 285 /* store for later use */
298 phy->gpio_irq = pdata->gpio_irq;
299 phy->gpio_reset = pdata->gpio_reset; 286 phy->gpio_reset = pdata->gpio_reset;
300 phy->irq_polarity = pdata->irq_polarity; 287 phy->irq_polarity = pdata->irq_polarity;
301 288
302 r = devm_gpio_request_one(&client->dev, phy->gpio_irq,
303 GPIOF_IN, "clf_irq");
304 if (r) {
305 pr_err("%s : gpio_request failed\n", __FILE__);
306 return -ENODEV;
307 }
308
309 r = devm_gpio_request_one(&client->dev, 289 r = devm_gpio_request_one(&client->dev,
310 phy->gpio_reset, GPIOF_OUT_INIT_HIGH, "clf_reset"); 290 phy->gpio_reset, GPIOF_OUT_INIT_HIGH, "clf_reset");
311 if (r) { 291 if (r) {
312 pr_err("%s : reset gpio_request failed\n", __FILE__); 292 pr_err("%s : reset gpio_request failed\n", __FILE__);
313 return -ENODEV; 293 return r;
314 }
315
316 /* IRQ */
317 irq = gpio_to_irq(phy->gpio_irq);
318 if (irq < 0) {
319 nfc_err(&client->dev,
320 "Unable to get irq number for GPIO %d error %d\n",
321 phy->gpio_irq, r);
322 return -ENODEV;
323 } 294 }
324 client->irq = irq;
325 295
326 return 0; 296 return 0;
327} 297}
@@ -401,10 +371,13 @@ static int st21nfcb_nci_i2c_remove(struct i2c_client *client)
401 return 0; 371 return 0;
402} 372}
403 373
374#ifdef CONFIG_OF
404static const struct of_device_id of_st21nfcb_i2c_match[] = { 375static const struct of_device_id of_st21nfcb_i2c_match[] = {
405 { .compatible = "st,st21nfcb_i2c", }, 376 { .compatible = "st,st21nfcb_i2c", },
406 {} 377 {}
407}; 378};
379MODULE_DEVICE_TABLE(of, of_st21nfcb_i2c_match);
380#endif
408 381
409static struct i2c_driver st21nfcb_nci_i2c_driver = { 382static struct i2c_driver st21nfcb_nci_i2c_driver = {
410 .driver = { 383 .driver = {
diff --git a/drivers/nfc/st21nfcb/ndlc.c b/drivers/nfc/st21nfcb/ndlc.c
index e7bff8921d11..bac50e805f1d 100644
--- a/drivers/nfc/st21nfcb/ndlc.c
+++ b/drivers/nfc/st21nfcb/ndlc.c
@@ -266,7 +266,7 @@ int ndlc_probe(void *phy_id, struct nfc_phy_ops *phy_ops, struct device *dev,
266 266
267 *ndlc_id = ndlc; 267 *ndlc_id = ndlc;
268 268
269 /* start timers */ 269 /* initialize timers */
270 init_timer(&ndlc->t1_timer); 270 init_timer(&ndlc->t1_timer);
271 ndlc->t1_timer.data = (unsigned long)ndlc; 271 ndlc->t1_timer.data = (unsigned long)ndlc;
272 ndlc->t1_timer.function = ndlc_t1_timeout; 272 ndlc->t1_timer.function = ndlc_t1_timeout;
diff --git a/drivers/ssb/pcihost_wrapper.c b/drivers/ssb/pcihost_wrapper.c
index 69161bbc4d0b..410215c16920 100644
--- a/drivers/ssb/pcihost_wrapper.c
+++ b/drivers/ssb/pcihost_wrapper.c
@@ -11,15 +11,17 @@
11 * Licensed under the GNU/GPL. See COPYING for details. 11 * Licensed under the GNU/GPL. See COPYING for details.
12 */ 12 */
13 13
14#include <linux/pm.h>
14#include <linux/pci.h> 15#include <linux/pci.h>
15#include <linux/export.h> 16#include <linux/export.h>
16#include <linux/slab.h> 17#include <linux/slab.h>
17#include <linux/ssb/ssb.h> 18#include <linux/ssb/ssb.h>
18 19
19 20
20#ifdef CONFIG_PM 21#ifdef CONFIG_PM_SLEEP
21static int ssb_pcihost_suspend(struct pci_dev *dev, pm_message_t state) 22static int ssb_pcihost_suspend(struct device *d)
22{ 23{
24 struct pci_dev *dev = to_pci_dev(d);
23 struct ssb_bus *ssb = pci_get_drvdata(dev); 25 struct ssb_bus *ssb = pci_get_drvdata(dev);
24 int err; 26 int err;
25 27
@@ -28,17 +30,23 @@ static int ssb_pcihost_suspend(struct pci_dev *dev, pm_message_t state)
28 return err; 30 return err;
29 pci_save_state(dev); 31 pci_save_state(dev);
30 pci_disable_device(dev); 32 pci_disable_device(dev);
31 pci_set_power_state(dev, pci_choose_state(dev, state)); 33
34 /* if there is a wakeup enabled child device on ssb bus,
35 enable pci wakeup posibility. */
36 device_set_wakeup_enable(d, d->power.wakeup_path);
37
38 pci_prepare_to_sleep(dev);
32 39
33 return 0; 40 return 0;
34} 41}
35 42
36static int ssb_pcihost_resume(struct pci_dev *dev) 43static int ssb_pcihost_resume(struct device *d)
37{ 44{
45 struct pci_dev *dev = to_pci_dev(d);
38 struct ssb_bus *ssb = pci_get_drvdata(dev); 46 struct ssb_bus *ssb = pci_get_drvdata(dev);
39 int err; 47 int err;
40 48
41 pci_set_power_state(dev, PCI_D0); 49 pci_back_from_sleep(dev);
42 err = pci_enable_device(dev); 50 err = pci_enable_device(dev);
43 if (err) 51 if (err)
44 return err; 52 return err;
@@ -49,10 +57,12 @@ static int ssb_pcihost_resume(struct pci_dev *dev)
49 57
50 return 0; 58 return 0;
51} 59}
52#else /* CONFIG_PM */ 60
53# define ssb_pcihost_suspend NULL 61static const struct dev_pm_ops ssb_pcihost_pm_ops = {
54# define ssb_pcihost_resume NULL 62 SET_SYSTEM_SLEEP_PM_OPS(ssb_pcihost_suspend, ssb_pcihost_resume)
55#endif /* CONFIG_PM */ 63};
64
65#endif /* CONFIG_PM_SLEEP */
56 66
57static int ssb_pcihost_probe(struct pci_dev *dev, 67static int ssb_pcihost_probe(struct pci_dev *dev,
58 const struct pci_device_id *id) 68 const struct pci_device_id *id)
@@ -115,8 +125,9 @@ int ssb_pcihost_register(struct pci_driver *driver)
115{ 125{
116 driver->probe = ssb_pcihost_probe; 126 driver->probe = ssb_pcihost_probe;
117 driver->remove = ssb_pcihost_remove; 127 driver->remove = ssb_pcihost_remove;
118 driver->suspend = ssb_pcihost_suspend; 128#ifdef CONFIG_PM_SLEEP
119 driver->resume = ssb_pcihost_resume; 129 driver->driver.pm = &ssb_pcihost_pm_ops;
130#endif
120 131
121 return pci_register_driver(driver); 132 return pci_register_driver(driver);
122} 133}
diff --git a/include/linux/platform_data/st21nfca.h b/include/linux/platform_data/st21nfca.h
index 1730312398ff..5087fff96d86 100644
--- a/include/linux/platform_data/st21nfca.h
+++ b/include/linux/platform_data/st21nfca.h
@@ -24,7 +24,6 @@
24#define ST21NFCA_HCI_DRIVER_NAME "st21nfca_hci" 24#define ST21NFCA_HCI_DRIVER_NAME "st21nfca_hci"
25 25
26struct st21nfca_nfc_platform_data { 26struct st21nfca_nfc_platform_data {
27 unsigned int gpio_irq;
28 unsigned int gpio_ena; 27 unsigned int gpio_ena;
29 unsigned int irq_polarity; 28 unsigned int irq_polarity;
30}; 29};
diff --git a/include/linux/platform_data/st21nfcb.h b/include/linux/platform_data/st21nfcb.h
index 2d11f1f5efab..c3b432f5b63e 100644
--- a/include/linux/platform_data/st21nfcb.h
+++ b/include/linux/platform_data/st21nfcb.h
@@ -24,7 +24,6 @@
24#define ST21NFCB_NCI_DRIVER_NAME "st21nfcb_nci" 24#define ST21NFCB_NCI_DRIVER_NAME "st21nfcb_nci"
25 25
26struct st21nfcb_nfc_platform_data { 26struct st21nfcb_nfc_platform_data {
27 unsigned int gpio_irq;
28 unsigned int gpio_reset; 27 unsigned int gpio_reset;
29 unsigned int irq_polarity; 28 unsigned int irq_polarity;
30}; 29};
diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
index e56f9099f8e3..40129b3838b2 100644
--- a/include/net/bluetooth/hci.h
+++ b/include/net/bluetooth/hci.h
@@ -163,6 +163,7 @@ enum {
163enum { 163enum {
164 HCI_DUT_MODE, 164 HCI_DUT_MODE,
165 HCI_FORCE_SC, 165 HCI_FORCE_SC,
166 HCI_FORCE_LESC,
166 HCI_FORCE_STATIC_ADDR, 167 HCI_FORCE_STATIC_ADDR,
167}; 168};
168 169
@@ -342,6 +343,7 @@ enum {
342#define HCI_LE_ENCRYPTION 0x01 343#define HCI_LE_ENCRYPTION 0x01
343#define HCI_LE_CONN_PARAM_REQ_PROC 0x02 344#define HCI_LE_CONN_PARAM_REQ_PROC 0x02
344#define HCI_LE_PING 0x10 345#define HCI_LE_PING 0x10
346#define HCI_LE_EXT_SCAN_POLICY 0x80
345 347
346/* Connection modes */ 348/* Connection modes */
347#define HCI_CM_ACTIVE 0x0000 349#define HCI_CM_ACTIVE 0x0000
@@ -411,6 +413,7 @@ enum {
411 413
412/* The core spec defines 127 as the "not available" value */ 414/* The core spec defines 127 as the "not available" value */
413#define HCI_TX_POWER_INVALID 127 415#define HCI_TX_POWER_INVALID 127
416#define HCI_RSSI_INVALID 127
414 417
415#define HCI_ROLE_MASTER 0x00 418#define HCI_ROLE_MASTER 0x00
416#define HCI_ROLE_SLAVE 0x01 419#define HCI_ROLE_SLAVE 0x01
@@ -1749,6 +1752,25 @@ struct hci_ev_le_conn_complete {
1749 __u8 clk_accurancy; 1752 __u8 clk_accurancy;
1750} __packed; 1753} __packed;
1751 1754
1755/* Advertising report event types */
1756#define LE_ADV_IND 0x00
1757#define LE_ADV_DIRECT_IND 0x01
1758#define LE_ADV_SCAN_IND 0x02
1759#define LE_ADV_NONCONN_IND 0x03
1760#define LE_ADV_SCAN_RSP 0x04
1761
1762#define ADDR_LE_DEV_PUBLIC 0x00
1763#define ADDR_LE_DEV_RANDOM 0x01
1764
1765#define HCI_EV_LE_ADVERTISING_REPORT 0x02
1766struct hci_ev_le_advertising_info {
1767 __u8 evt_type;
1768 __u8 bdaddr_type;
1769 bdaddr_t bdaddr;
1770 __u8 length;
1771 __u8 data[0];
1772} __packed;
1773
1752#define HCI_EV_LE_CONN_UPDATE_COMPLETE 0x03 1774#define HCI_EV_LE_CONN_UPDATE_COMPLETE 0x03
1753struct hci_ev_le_conn_update_complete { 1775struct hci_ev_le_conn_update_complete {
1754 __u8 status; 1776 __u8 status;
@@ -1774,23 +1796,14 @@ struct hci_ev_le_remote_conn_param_req {
1774 __le16 timeout; 1796 __le16 timeout;
1775} __packed; 1797} __packed;
1776 1798
1777/* Advertising report event types */ 1799#define HCI_EV_LE_DIRECT_ADV_REPORT 0x0B
1778#define LE_ADV_IND 0x00 1800struct hci_ev_le_direct_adv_info {
1779#define LE_ADV_DIRECT_IND 0x01
1780#define LE_ADV_SCAN_IND 0x02
1781#define LE_ADV_NONCONN_IND 0x03
1782#define LE_ADV_SCAN_RSP 0x04
1783
1784#define ADDR_LE_DEV_PUBLIC 0x00
1785#define ADDR_LE_DEV_RANDOM 0x01
1786
1787#define HCI_EV_LE_ADVERTISING_REPORT 0x02
1788struct hci_ev_le_advertising_info {
1789 __u8 evt_type; 1801 __u8 evt_type;
1790 __u8 bdaddr_type; 1802 __u8 bdaddr_type;
1791 bdaddr_t bdaddr; 1803 bdaddr_t bdaddr;
1792 __u8 length; 1804 __u8 direct_addr_type;
1793 __u8 data[0]; 1805 bdaddr_t direct_addr;
1806 __s8 rssi;
1794} __packed; 1807} __packed;
1795 1808
1796/* Internal events generated by Bluetooth stack */ 1809/* Internal events generated by Bluetooth stack */
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index a805b3d97c0b..3c7827005c25 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -75,6 +75,10 @@ struct discovery_state {
75 u32 last_adv_flags; 75 u32 last_adv_flags;
76 u8 last_adv_data[HCI_MAX_AD_LENGTH]; 76 u8 last_adv_data[HCI_MAX_AD_LENGTH];
77 u8 last_adv_data_len; 77 u8 last_adv_data_len;
78 bool report_invalid_rssi;
79 s8 rssi;
80 u16 uuid_count;
81 u8 (*uuids)[16];
78}; 82};
79 83
80struct hci_conn_hash { 84struct hci_conn_hash {
@@ -130,6 +134,7 @@ struct smp_irk {
130 134
131struct link_key { 135struct link_key {
132 struct list_head list; 136 struct list_head list;
137 struct rcu_head rcu;
133 bdaddr_t bdaddr; 138 bdaddr_t bdaddr;
134 u8 type; 139 u8 type;
135 u8 val[HCI_LINK_KEY_SIZE]; 140 u8 val[HCI_LINK_KEY_SIZE];
@@ -139,6 +144,7 @@ struct link_key {
139struct oob_data { 144struct oob_data {
140 struct list_head list; 145 struct list_head list;
141 bdaddr_t bdaddr; 146 bdaddr_t bdaddr;
147 u8 bdaddr_type;
142 u8 hash192[16]; 148 u8 hash192[16];
143 u8 rand192[16]; 149 u8 rand192[16];
144 u8 hash256[16]; 150 u8 hash256[16];
@@ -305,6 +311,7 @@ struct hci_dev {
305 __u32 req_result; 311 __u32 req_result;
306 312
307 void *smp_data; 313 void *smp_data;
314 void *smp_bredr_data;
308 315
309 struct discovery_state discovery; 316 struct discovery_state discovery;
310 struct hci_conn_hash conn_hash; 317 struct hci_conn_hash conn_hash;
@@ -500,6 +507,17 @@ static inline void discovery_init(struct hci_dev *hdev)
500 INIT_LIST_HEAD(&hdev->discovery.all); 507 INIT_LIST_HEAD(&hdev->discovery.all);
501 INIT_LIST_HEAD(&hdev->discovery.unknown); 508 INIT_LIST_HEAD(&hdev->discovery.unknown);
502 INIT_LIST_HEAD(&hdev->discovery.resolve); 509 INIT_LIST_HEAD(&hdev->discovery.resolve);
510 hdev->discovery.report_invalid_rssi = true;
511 hdev->discovery.rssi = HCI_RSSI_INVALID;
512}
513
514static inline void hci_discovery_filter_clear(struct hci_dev *hdev)
515{
516 hdev->discovery.report_invalid_rssi = true;
517 hdev->discovery.rssi = HCI_RSSI_INVALID;
518 hdev->discovery.uuid_count = 0;
519 kfree(hdev->discovery.uuids);
520 hdev->discovery.uuids = NULL;
503} 521}
504 522
505bool hci_discovery_active(struct hci_dev *hdev); 523bool hci_discovery_active(struct hci_dev *hdev);
@@ -558,6 +576,7 @@ enum {
558 HCI_CONN_AUTH_INITIATOR, 576 HCI_CONN_AUTH_INITIATOR,
559 HCI_CONN_DROP, 577 HCI_CONN_DROP,
560 HCI_CONN_PARAM_REMOVAL_PEND, 578 HCI_CONN_PARAM_REMOVAL_PEND,
579 HCI_CONN_NEW_LINK_KEY,
561}; 580};
562 581
563static inline bool hci_conn_ssp_enabled(struct hci_conn *conn) 582static inline bool hci_conn_ssp_enabled(struct hci_conn *conn)
@@ -920,13 +939,11 @@ struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr);
920struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, 939struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn,
921 bdaddr_t *bdaddr, u8 *val, u8 type, 940 bdaddr_t *bdaddr, u8 *val, u8 type,
922 u8 pin_len, bool *persistent); 941 u8 pin_len, bool *persistent);
923struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, __le64 rand,
924 u8 role);
925struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, 942struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
926 u8 addr_type, u8 type, u8 authenticated, 943 u8 addr_type, u8 type, u8 authenticated,
927 u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand); 944 u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand);
928struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr, 945struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
929 u8 addr_type, u8 role); 946 u8 addr_type, u8 role);
930int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type); 947int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type);
931void hci_smp_ltks_clear(struct hci_dev *hdev); 948void hci_smp_ltks_clear(struct hci_dev *hdev);
932int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr); 949int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr);
@@ -941,13 +958,12 @@ void hci_smp_irks_clear(struct hci_dev *hdev);
941 958
942void hci_remote_oob_data_clear(struct hci_dev *hdev); 959void hci_remote_oob_data_clear(struct hci_dev *hdev);
943struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev, 960struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
944 bdaddr_t *bdaddr); 961 bdaddr_t *bdaddr, u8 bdaddr_type);
945int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, 962int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
946 u8 *hash, u8 *rand); 963 u8 bdaddr_type, u8 *hash192, u8 *rand192,
947int hci_add_remote_oob_ext_data(struct hci_dev *hdev, bdaddr_t *bdaddr, 964 u8 *hash256, u8 *rand256);
948 u8 *hash192, u8 *rand192, 965int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
949 u8 *hash256, u8 *rand256); 966 u8 bdaddr_type);
950int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr);
951 967
952void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb); 968void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb);
953 969
@@ -998,6 +1014,9 @@ void hci_conn_del_sysfs(struct hci_conn *conn);
998 1014
999#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \ 1015#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
1000 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 1016 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1017#define bredr_sc_enabled(dev) ((lmp_sc_capable(dev) || \
1018 test_bit(HCI_FORCE_SC, &(dev)->dbg_flags)) && \
1019 test_bit(HCI_SC_ENABLED, &(dev)->dev_flags))
1001 1020
1002/* ----- HCI protocols ----- */ 1021/* ----- HCI protocols ----- */
1003#define HCI_PROTO_DEFER 0x01 1022#define HCI_PROTO_DEFER 0x01
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
index 061e648052c8..eee3ef530e79 100644
--- a/include/net/bluetooth/l2cap.h
+++ b/include/net/bluetooth/l2cap.h
@@ -141,6 +141,7 @@ struct l2cap_conninfo {
141#define L2CAP_FC_ATT 0x10 141#define L2CAP_FC_ATT 0x10
142#define L2CAP_FC_SIG_LE 0x20 142#define L2CAP_FC_SIG_LE 0x20
143#define L2CAP_FC_SMP_LE 0x40 143#define L2CAP_FC_SMP_LE 0x40
144#define L2CAP_FC_SMP_BREDR 0x80
144 145
145/* L2CAP Control Field bit masks */ 146/* L2CAP Control Field bit masks */
146#define L2CAP_CTRL_SAR 0xC000 147#define L2CAP_CTRL_SAR 0xC000
@@ -255,6 +256,7 @@ struct l2cap_conn_rsp {
255#define L2CAP_CID_ATT 0x0004 256#define L2CAP_CID_ATT 0x0004
256#define L2CAP_CID_LE_SIGNALING 0x0005 257#define L2CAP_CID_LE_SIGNALING 0x0005
257#define L2CAP_CID_SMP 0x0006 258#define L2CAP_CID_SMP 0x0006
259#define L2CAP_CID_SMP_BREDR 0x0007
258#define L2CAP_CID_DYN_START 0x0040 260#define L2CAP_CID_DYN_START 0x0040
259#define L2CAP_CID_DYN_END 0xffff 261#define L2CAP_CID_DYN_END 0xffff
260#define L2CAP_CID_LE_DYN_END 0x007f 262#define L2CAP_CID_LE_DYN_END 0x007f
@@ -619,8 +621,8 @@ struct l2cap_conn {
619 unsigned int mtu; 621 unsigned int mtu;
620 622
621 __u32 feat_mask; 623 __u32 feat_mask;
622 __u8 fixed_chan_mask; 624 __u8 remote_fixed_chan;
623 bool hs_enabled; 625 __u8 local_fixed_chan;
624 626
625 __u8 info_state; 627 __u8 info_state;
626 __u8 info_ident; 628 __u8 info_ident;
diff --git a/include/net/bluetooth/mgmt.h b/include/net/bluetooth/mgmt.h
index b391fd663468..95c34d5180fa 100644
--- a/include/net/bluetooth/mgmt.h
+++ b/include/net/bluetooth/mgmt.h
@@ -184,6 +184,9 @@ struct mgmt_cp_load_link_keys {
184 184
185#define MGMT_LTK_UNAUTHENTICATED 0x00 185#define MGMT_LTK_UNAUTHENTICATED 0x00
186#define MGMT_LTK_AUTHENTICATED 0x01 186#define MGMT_LTK_AUTHENTICATED 0x01
187#define MGMT_LTK_P256_UNAUTH 0x02
188#define MGMT_LTK_P256_AUTH 0x03
189#define MGMT_LTK_P256_DEBUG 0x04
187 190
188struct mgmt_ltk_info { 191struct mgmt_ltk_info {
189 struct mgmt_addr_info addr; 192 struct mgmt_addr_info addr;
@@ -495,6 +498,15 @@ struct mgmt_cp_set_public_address {
495} __packed; 498} __packed;
496#define MGMT_SET_PUBLIC_ADDRESS_SIZE 6 499#define MGMT_SET_PUBLIC_ADDRESS_SIZE 6
497 500
501#define MGMT_OP_START_SERVICE_DISCOVERY 0x003A
502struct mgmt_cp_start_service_discovery {
503 __u8 type;
504 __s8 rssi;
505 __le16 uuid_count;
506 __u8 uuids[0][16];
507} __packed;
508#define MGMT_START_SERVICE_DISCOVERY_SIZE 4
509
498#define MGMT_EV_CMD_COMPLETE 0x0001 510#define MGMT_EV_CMD_COMPLETE 0x0001
499struct mgmt_ev_cmd_complete { 511struct mgmt_ev_cmd_complete {
500 __le16 opcode; 512 __le16 opcode;
diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index bb748c4da5af..4ebb816241fa 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -4643,33 +4643,6 @@ void cfg80211_cqm_rssi_notify(struct net_device *dev,
4643 gfp_t gfp); 4643 gfp_t gfp);
4644 4644
4645/** 4645/**
4646 * cfg80211_radar_event - radar detection event
4647 * @wiphy: the wiphy
4648 * @chandef: chandef for the current channel
4649 * @gfp: context flags
4650 *
4651 * This function is called when a radar is detected on the current chanenl.
4652 */
4653void cfg80211_radar_event(struct wiphy *wiphy,
4654 struct cfg80211_chan_def *chandef, gfp_t gfp);
4655
4656/**
4657 * cfg80211_cac_event - Channel availability check (CAC) event
4658 * @netdev: network device
4659 * @chandef: chandef for the current channel
4660 * @event: type of event
4661 * @gfp: context flags
4662 *
4663 * This function is called when a Channel availability check (CAC) is finished
4664 * or aborted. This must be called to notify the completion of a CAC process,
4665 * also by full-MAC drivers.
4666 */
4667void cfg80211_cac_event(struct net_device *netdev,
4668 const struct cfg80211_chan_def *chandef,
4669 enum nl80211_radar_event event, gfp_t gfp);
4670
4671
4672/**
4673 * cfg80211_cqm_pktloss_notify - notify userspace about packetloss to peer 4646 * cfg80211_cqm_pktloss_notify - notify userspace about packetloss to peer
4674 * @dev: network device 4647 * @dev: network device
4675 * @peer: peer's MAC address 4648 * @peer: peer's MAC address
@@ -4697,6 +4670,42 @@ void cfg80211_cqm_txe_notify(struct net_device *dev, const u8 *peer,
4697 u32 num_packets, u32 rate, u32 intvl, gfp_t gfp); 4670 u32 num_packets, u32 rate, u32 intvl, gfp_t gfp);
4698 4671
4699/** 4672/**
4673 * cfg80211_cqm_beacon_loss_notify - beacon loss event
4674 * @dev: network device
4675 * @gfp: context flags
4676 *
4677 * Notify userspace about beacon loss from the connected AP.
4678 */
4679void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp);
4680
4681/**
4682 * cfg80211_radar_event - radar detection event
4683 * @wiphy: the wiphy
4684 * @chandef: chandef for the current channel
4685 * @gfp: context flags
4686 *
4687 * This function is called when a radar is detected on the current chanenl.
4688 */
4689void cfg80211_radar_event(struct wiphy *wiphy,
4690 struct cfg80211_chan_def *chandef, gfp_t gfp);
4691
4692/**
4693 * cfg80211_cac_event - Channel availability check (CAC) event
4694 * @netdev: network device
4695 * @chandef: chandef for the current channel
4696 * @event: type of event
4697 * @gfp: context flags
4698 *
4699 * This function is called when a Channel availability check (CAC) is finished
4700 * or aborted. This must be called to notify the completion of a CAC process,
4701 * also by full-MAC drivers.
4702 */
4703void cfg80211_cac_event(struct net_device *netdev,
4704 const struct cfg80211_chan_def *chandef,
4705 enum nl80211_radar_event event, gfp_t gfp);
4706
4707
4708/**
4700 * cfg80211_gtk_rekey_notify - notify userspace about driver rekeying 4709 * cfg80211_gtk_rekey_notify - notify userspace about driver rekeying
4701 * @dev: network device 4710 * @dev: network device
4702 * @bssid: BSSID of AP (to avoid races) 4711 * @bssid: BSSID of AP (to avoid races)
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index cff3a26a9dae..58d719ddaa60 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -3619,6 +3619,26 @@ void ieee80211_tx_status(struct ieee80211_hw *hw,
3619 struct sk_buff *skb); 3619 struct sk_buff *skb);
3620 3620
3621/** 3621/**
3622 * ieee80211_tx_status_noskb - transmit status callback without skb
3623 *
3624 * This function can be used as a replacement for ieee80211_tx_status
3625 * in drivers that cannot reliably map tx status information back to
3626 * specific skbs.
3627 *
3628 * Calls to this function for a single hardware must be synchronized
3629 * against each other. Calls to this function, ieee80211_tx_status_ni()
3630 * and ieee80211_tx_status_irqsafe() may not be mixed for a single hardware.
3631 *
3632 * @hw: the hardware the frame was transmitted by
3633 * @sta: the receiver station to which this packet is sent
3634 * (NULL for multicast packets)
3635 * @info: tx status information
3636 */
3637void ieee80211_tx_status_noskb(struct ieee80211_hw *hw,
3638 struct ieee80211_sta *sta,
3639 struct ieee80211_tx_info *info);
3640
3641/**
3622 * ieee80211_tx_status_ni - transmit status callback (in process context) 3642 * ieee80211_tx_status_ni - transmit status callback (in process context)
3623 * 3643 *
3624 * Like ieee80211_tx_status() but can be called in process context. 3644 * Like ieee80211_tx_status() but can be called in process context.
@@ -4672,6 +4692,14 @@ void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
4672 gfp_t gfp); 4692 gfp_t gfp);
4673 4693
4674/** 4694/**
4695 * ieee80211_cqm_beacon_loss_notify - inform CQM of beacon loss
4696 *
4697 * @vif: &struct ieee80211_vif pointer from the add_interface callback.
4698 * @gfp: context flags
4699 */
4700void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp);
4701
4702/**
4675 * ieee80211_radar_detected - inform that a radar was detected 4703 * ieee80211_radar_detected - inform that a radar was detected
4676 * 4704 *
4677 * @hw: pointer as obtained from ieee80211_alloc_hw() 4705 * @hw: pointer as obtained from ieee80211_alloc_hw()
@@ -4829,6 +4857,10 @@ struct rate_control_ops {
4829 void (*free_sta)(void *priv, struct ieee80211_sta *sta, 4857 void (*free_sta)(void *priv, struct ieee80211_sta *sta,
4830 void *priv_sta); 4858 void *priv_sta);
4831 4859
4860 void (*tx_status_noskb)(void *priv,
4861 struct ieee80211_supported_band *sband,
4862 struct ieee80211_sta *sta, void *priv_sta,
4863 struct ieee80211_tx_info *info);
4832 void (*tx_status)(void *priv, struct ieee80211_supported_band *sband, 4864 void (*tx_status)(void *priv, struct ieee80211_supported_band *sband,
4833 struct ieee80211_sta *sta, void *priv_sta, 4865 struct ieee80211_sta *sta, void *priv_sta,
4834 struct sk_buff *skb); 4866 struct sk_buff *skb);
diff --git a/include/net/nfc/digital.h b/include/net/nfc/digital.h
index d9a5cf7ac1c4..0ae101eef0f4 100644
--- a/include/net/nfc/digital.h
+++ b/include/net/nfc/digital.h
@@ -225,6 +225,19 @@ struct nfc_digital_dev {
225 u8 curr_protocol; 225 u8 curr_protocol;
226 u8 curr_rf_tech; 226 u8 curr_rf_tech;
227 u8 curr_nfc_dep_pni; 227 u8 curr_nfc_dep_pni;
228 u8 did;
229
230 u8 local_payload_max;
231 u8 remote_payload_max;
232
233 struct sk_buff *chaining_skb;
234 struct digital_data_exch *data_exch;
235
236 int atn_count;
237 int nack_count;
238
239 struct sk_buff *saved_skb;
240 unsigned int saved_skb_len;
228 241
229 u16 target_fsc; 242 u16 target_fsc;
230 243
diff --git a/include/net/nfc/hci.h b/include/net/nfc/hci.h
index 7ee8f4cc610b..14bd0e1c47fa 100644
--- a/include/net/nfc/hci.h
+++ b/include/net/nfc/hci.h
@@ -57,10 +57,14 @@ struct nfc_hci_ops {
57 int (*discover_se)(struct nfc_hci_dev *dev); 57 int (*discover_se)(struct nfc_hci_dev *dev);
58 int (*enable_se)(struct nfc_hci_dev *dev, u32 se_idx); 58 int (*enable_se)(struct nfc_hci_dev *dev, u32 se_idx);
59 int (*disable_se)(struct nfc_hci_dev *dev, u32 se_idx); 59 int (*disable_se)(struct nfc_hci_dev *dev, u32 se_idx);
60 int (*se_io)(struct nfc_hci_dev *dev, u32 se_idx,
61 u8 *apdu, size_t apdu_length,
62 se_io_cb_t cb, void *cb_context);
60}; 63};
61 64
62/* Pipes */ 65/* Pipes */
63#define NFC_HCI_INVALID_PIPE 0x80 66#define NFC_HCI_INVALID_PIPE 0x80
67#define NFC_HCI_DO_NOT_CREATE_PIPE 0x81
64#define NFC_HCI_LINK_MGMT_PIPE 0x00 68#define NFC_HCI_LINK_MGMT_PIPE 0x00
65#define NFC_HCI_ADMIN_PIPE 0x01 69#define NFC_HCI_ADMIN_PIPE 0x01
66 70
diff --git a/include/net/nfc/nci.h b/include/net/nfc/nci.h
index 9eca9ae2280c..e7257a4653b4 100644
--- a/include/net/nfc/nci.h
+++ b/include/net/nfc/nci.h
@@ -28,6 +28,8 @@
28#ifndef __NCI_H 28#ifndef __NCI_H
29#define __NCI_H 29#define __NCI_H
30 30
31#include <net/nfc/nfc.h>
32
31/* NCI constants */ 33/* NCI constants */
32#define NCI_MAX_NUM_MAPPING_CONFIGS 10 34#define NCI_MAX_NUM_MAPPING_CONFIGS 10
33#define NCI_MAX_NUM_RF_CONFIGS 10 35#define NCI_MAX_NUM_RF_CONFIGS 10
@@ -73,6 +75,8 @@
73#define NCI_NFC_A_ACTIVE_LISTEN_MODE 0x83 75#define NCI_NFC_A_ACTIVE_LISTEN_MODE 0x83
74#define NCI_NFC_F_ACTIVE_LISTEN_MODE 0x85 76#define NCI_NFC_F_ACTIVE_LISTEN_MODE 0x85
75 77
78#define NCI_RF_TECH_MODE_LISTEN_MASK 0x80
79
76/* NCI RF Technologies */ 80/* NCI RF Technologies */
77#define NCI_NFC_RF_TECHNOLOGY_A 0x00 81#define NCI_NFC_RF_TECHNOLOGY_A 0x00
78#define NCI_NFC_RF_TECHNOLOGY_B 0x01 82#define NCI_NFC_RF_TECHNOLOGY_B 0x01
@@ -106,6 +110,17 @@
106 110
107/* NCI Configuration Parameter Tags */ 111/* NCI Configuration Parameter Tags */
108#define NCI_PN_ATR_REQ_GEN_BYTES 0x29 112#define NCI_PN_ATR_REQ_GEN_BYTES 0x29
113#define NCI_LN_ATR_RES_GEN_BYTES 0x61
114#define NCI_LA_SEL_INFO 0x32
115#define NCI_LF_PROTOCOL_TYPE 0x50
116#define NCI_LF_CON_BITR_F 0x54
117
118/* NCI Configuration Parameters masks */
119#define NCI_LA_SEL_INFO_ISO_DEP_MASK 0x20
120#define NCI_LA_SEL_INFO_NFC_DEP_MASK 0x40
121#define NCI_LF_PROTOCOL_TYPE_NFC_DEP_MASK 0x02
122#define NCI_LF_CON_BITR_F_212 0x02
123#define NCI_LF_CON_BITR_F_424 0x04
109 124
110/* NCI Reset types */ 125/* NCI Reset types */
111#define NCI_RESET_TYPE_KEEP_CONFIG 0x00 126#define NCI_RESET_TYPE_KEEP_CONFIG 0x00
@@ -314,26 +329,31 @@ struct nci_core_intf_error_ntf {
314struct rf_tech_specific_params_nfca_poll { 329struct rf_tech_specific_params_nfca_poll {
315 __u16 sens_res; 330 __u16 sens_res;
316 __u8 nfcid1_len; /* 0, 4, 7, or 10 Bytes */ 331 __u8 nfcid1_len; /* 0, 4, 7, or 10 Bytes */
317 __u8 nfcid1[10]; 332 __u8 nfcid1[NFC_NFCID1_MAXSIZE];
318 __u8 sel_res_len; /* 0 or 1 Bytes */ 333 __u8 sel_res_len; /* 0 or 1 Bytes */
319 __u8 sel_res; 334 __u8 sel_res;
320} __packed; 335} __packed;
321 336
322struct rf_tech_specific_params_nfcb_poll { 337struct rf_tech_specific_params_nfcb_poll {
323 __u8 sensb_res_len; 338 __u8 sensb_res_len;
324 __u8 sensb_res[12]; /* 11 or 12 Bytes */ 339 __u8 sensb_res[NFC_SENSB_RES_MAXSIZE]; /* 11 or 12 Bytes */
325} __packed; 340} __packed;
326 341
327struct rf_tech_specific_params_nfcf_poll { 342struct rf_tech_specific_params_nfcf_poll {
328 __u8 bit_rate; 343 __u8 bit_rate;
329 __u8 sensf_res_len; 344 __u8 sensf_res_len;
330 __u8 sensf_res[18]; /* 16 or 18 Bytes */ 345 __u8 sensf_res[NFC_SENSF_RES_MAXSIZE]; /* 16 or 18 Bytes */
331} __packed; 346} __packed;
332 347
333struct rf_tech_specific_params_nfcv_poll { 348struct rf_tech_specific_params_nfcv_poll {
334 __u8 res_flags; 349 __u8 res_flags;
335 __u8 dsfid; 350 __u8 dsfid;
336 __u8 uid[8]; /* 8 Bytes */ 351 __u8 uid[NFC_ISO15693_UID_MAXSIZE]; /* 8 Bytes */
352} __packed;
353
354struct rf_tech_specific_params_nfcf_listen {
355 __u8 local_nfcid2_len;
356 __u8 local_nfcid2[NFC_NFCID2_MAXSIZE]; /* 0 or 8 Bytes */
337} __packed; 357} __packed;
338 358
339struct nci_rf_discover_ntf { 359struct nci_rf_discover_ntf {
@@ -365,7 +385,12 @@ struct activation_params_nfcb_poll_iso_dep {
365 385
366struct activation_params_poll_nfc_dep { 386struct activation_params_poll_nfc_dep {
367 __u8 atr_res_len; 387 __u8 atr_res_len;
368 __u8 atr_res[63]; 388 __u8 atr_res[NFC_ATR_RES_MAXSIZE - 2]; /* ATR_RES from byte 3 */
389};
390
391struct activation_params_listen_nfc_dep {
392 __u8 atr_req_len;
393 __u8 atr_req[NFC_ATR_REQ_MAXSIZE - 2]; /* ATR_REQ from byte 3 */
369}; 394};
370 395
371struct nci_rf_intf_activated_ntf { 396struct nci_rf_intf_activated_ntf {
@@ -382,6 +407,7 @@ struct nci_rf_intf_activated_ntf {
382 struct rf_tech_specific_params_nfcb_poll nfcb_poll; 407 struct rf_tech_specific_params_nfcb_poll nfcb_poll;
383 struct rf_tech_specific_params_nfcf_poll nfcf_poll; 408 struct rf_tech_specific_params_nfcf_poll nfcf_poll;
384 struct rf_tech_specific_params_nfcv_poll nfcv_poll; 409 struct rf_tech_specific_params_nfcv_poll nfcv_poll;
410 struct rf_tech_specific_params_nfcf_listen nfcf_listen;
385 } rf_tech_specific_params; 411 } rf_tech_specific_params;
386 412
387 __u8 data_exch_rf_tech_and_mode; 413 __u8 data_exch_rf_tech_and_mode;
@@ -393,6 +419,7 @@ struct nci_rf_intf_activated_ntf {
393 struct activation_params_nfca_poll_iso_dep nfca_poll_iso_dep; 419 struct activation_params_nfca_poll_iso_dep nfca_poll_iso_dep;
394 struct activation_params_nfcb_poll_iso_dep nfcb_poll_iso_dep; 420 struct activation_params_nfcb_poll_iso_dep nfcb_poll_iso_dep;
395 struct activation_params_poll_nfc_dep poll_nfc_dep; 421 struct activation_params_poll_nfc_dep poll_nfc_dep;
422 struct activation_params_listen_nfc_dep listen_nfc_dep;
396 } activation_params; 423 } activation_params;
397 424
398} __packed; 425} __packed;
diff --git a/include/net/nfc/nci_core.h b/include/net/nfc/nci_core.h
index 75d10e625c49..9e51bb4d841e 100644
--- a/include/net/nfc/nci_core.h
+++ b/include/net/nfc/nci_core.h
@@ -4,6 +4,7 @@
4 * 4 *
5 * Copyright (C) 2011 Texas Instruments, Inc. 5 * Copyright (C) 2011 Texas Instruments, Inc.
6 * Copyright (C) 2013 Intel Corporation. All rights reserved. 6 * Copyright (C) 2013 Intel Corporation. All rights reserved.
7 * Copyright (C) 2014 Marvell International Ltd.
7 * 8 *
8 * Written by Ilan Elias <ilane@ti.com> 9 * Written by Ilan Elias <ilane@ti.com>
9 * 10 *
@@ -49,6 +50,8 @@ enum nci_state {
49 NCI_W4_ALL_DISCOVERIES, 50 NCI_W4_ALL_DISCOVERIES,
50 NCI_W4_HOST_SELECT, 51 NCI_W4_HOST_SELECT,
51 NCI_POLL_ACTIVE, 52 NCI_POLL_ACTIVE,
53 NCI_LISTEN_ACTIVE,
54 NCI_LISTEN_SLEEP,
52}; 55};
53 56
54/* NCI timeouts */ 57/* NCI timeouts */
@@ -69,6 +72,12 @@ struct nci_ops {
69 int (*send)(struct nci_dev *ndev, struct sk_buff *skb); 72 int (*send)(struct nci_dev *ndev, struct sk_buff *skb);
70 int (*setup)(struct nci_dev *ndev); 73 int (*setup)(struct nci_dev *ndev);
71 __u32 (*get_rfprotocol)(struct nci_dev *ndev, __u8 rf_protocol); 74 __u32 (*get_rfprotocol)(struct nci_dev *ndev, __u8 rf_protocol);
75 int (*discover_se)(struct nci_dev *ndev);
76 int (*disable_se)(struct nci_dev *ndev, u32 se_idx);
77 int (*enable_se)(struct nci_dev *ndev, u32 se_idx);
78 int (*se_io)(struct nci_dev *ndev, u32 se_idx,
79 u8 *apdu, size_t apdu_length,
80 se_io_cb_t cb, void *cb_context);
72}; 81};
73 82
74#define NCI_MAX_SUPPORTED_RF_INTERFACES 4 83#define NCI_MAX_SUPPORTED_RF_INTERFACES 4
diff --git a/include/net/nfc/nfc.h b/include/net/nfc/nfc.h
index 6c583e244de2..12adb817c27a 100644
--- a/include/net/nfc/nfc.h
+++ b/include/net/nfc/nfc.h
@@ -1,5 +1,6 @@
1/* 1/*
2 * Copyright (C) 2011 Instituto Nokia de Tecnologia 2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
3 * Copyright (C) 2014 Marvell International Ltd.
3 * 4 *
4 * Authors: 5 * Authors:
5 * Lauro Ramos Venancio <lauro.venancio@openbossa.org> 6 * Lauro Ramos Venancio <lauro.venancio@openbossa.org>
@@ -87,6 +88,7 @@ struct nfc_ops {
87#define NFC_TARGET_IDX_ANY -1 88#define NFC_TARGET_IDX_ANY -1
88#define NFC_MAX_GT_LEN 48 89#define NFC_MAX_GT_LEN 48
89#define NFC_ATR_RES_GT_OFFSET 15 90#define NFC_ATR_RES_GT_OFFSET 15
91#define NFC_ATR_REQ_GT_OFFSET 14
90 92
91/** 93/**
92 * struct nfc_target - NFC target descriptiom 94 * struct nfc_target - NFC target descriptiom
diff --git a/include/net/regulatory.h b/include/net/regulatory.h
index dad7ab20a8cb..b776d72d84be 100644
--- a/include/net/regulatory.h
+++ b/include/net/regulatory.h
@@ -136,6 +136,17 @@ struct regulatory_request {
136 * otherwise initiating radiation is not allowed. This will enable the 136 * otherwise initiating radiation is not allowed. This will enable the
137 * relaxations enabled under the CFG80211_REG_RELAX_NO_IR configuration 137 * relaxations enabled under the CFG80211_REG_RELAX_NO_IR configuration
138 * option 138 * option
139 * @REGULATORY_IGNORE_STALE_KICKOFF: the regulatory core will _not_ make sure
140 * all interfaces on this wiphy reside on allowed channels. If this flag
141 * is not set, upon a regdomain change, the interfaces are given a grace
142 * period (currently 60 seconds) to disconnect or move to an allowed
143 * channel. Interfaces on forbidden channels are forcibly disconnected.
144 * Currently these types of interfaces are supported for enforcement:
145 * NL80211_IFTYPE_ADHOC, NL80211_IFTYPE_STATION, NL80211_IFTYPE_AP,
146 * NL80211_IFTYPE_AP_VLAN, NL80211_IFTYPE_MONITOR,
147 * NL80211_IFTYPE_P2P_CLIENT, NL80211_IFTYPE_P2P_GO,
148 * NL80211_IFTYPE_P2P_DEVICE. The flag will be set by default if a device
149 * includes any modes unsupported for enforcement checking.
139 */ 150 */
140enum ieee80211_regulatory_flags { 151enum ieee80211_regulatory_flags {
141 REGULATORY_CUSTOM_REG = BIT(0), 152 REGULATORY_CUSTOM_REG = BIT(0),
@@ -144,6 +155,7 @@ enum ieee80211_regulatory_flags {
144 REGULATORY_COUNTRY_IE_FOLLOW_POWER = BIT(3), 155 REGULATORY_COUNTRY_IE_FOLLOW_POWER = BIT(3),
145 REGULATORY_COUNTRY_IE_IGNORE = BIT(4), 156 REGULATORY_COUNTRY_IE_IGNORE = BIT(4),
146 REGULATORY_ENABLE_RELAX_NO_IR = BIT(5), 157 REGULATORY_ENABLE_RELAX_NO_IR = BIT(5),
158 REGULATORY_IGNORE_STALE_KICKOFF = BIT(6),
147}; 159};
148 160
149struct ieee80211_freq_range { 161struct ieee80211_freq_range {
diff --git a/include/uapi/linux/nfc.h b/include/uapi/linux/nfc.h
index 9b19b4461928..8119255feae4 100644
--- a/include/uapi/linux/nfc.h
+++ b/include/uapi/linux/nfc.h
@@ -116,6 +116,7 @@ enum nfc_commands {
116 NFC_EVENT_SE_TRANSACTION, 116 NFC_EVENT_SE_TRANSACTION,
117 NFC_CMD_GET_SE, 117 NFC_CMD_GET_SE,
118 NFC_CMD_SE_IO, 118 NFC_CMD_SE_IO,
119 NFC_CMD_ACTIVATE_TARGET,
119/* private: internal use only */ 120/* private: internal use only */
120 __NFC_CMD_AFTER_LAST 121 __NFC_CMD_AFTER_LAST
121}; 122};
@@ -196,15 +197,19 @@ enum nfc_sdp_attr {
196}; 197};
197#define NFC_SDP_ATTR_MAX (__NFC_SDP_ATTR_AFTER_LAST - 1) 198#define NFC_SDP_ATTR_MAX (__NFC_SDP_ATTR_AFTER_LAST - 1)
198 199
199#define NFC_DEVICE_NAME_MAXSIZE 8 200#define NFC_DEVICE_NAME_MAXSIZE 8
200#define NFC_NFCID1_MAXSIZE 10 201#define NFC_NFCID1_MAXSIZE 10
201#define NFC_NFCID2_MAXSIZE 8 202#define NFC_NFCID2_MAXSIZE 8
202#define NFC_NFCID3_MAXSIZE 10 203#define NFC_NFCID3_MAXSIZE 10
203#define NFC_SENSB_RES_MAXSIZE 12 204#define NFC_SENSB_RES_MAXSIZE 12
204#define NFC_SENSF_RES_MAXSIZE 18 205#define NFC_SENSF_RES_MAXSIZE 18
205#define NFC_GB_MAXSIZE 48 206#define NFC_ATR_REQ_MAXSIZE 64
206#define NFC_FIRMWARE_NAME_MAXSIZE 32 207#define NFC_ATR_RES_MAXSIZE 64
207#define NFC_ISO15693_UID_MAXSIZE 8 208#define NFC_ATR_REQ_GB_MAXSIZE 48
209#define NFC_ATR_RES_GB_MAXSIZE 47
210#define NFC_GB_MAXSIZE 48
211#define NFC_FIRMWARE_NAME_MAXSIZE 32
212#define NFC_ISO15693_UID_MAXSIZE 8
208 213
209/* NFC protocols */ 214/* NFC protocols */
210#define NFC_PROTO_JEWEL 1 215#define NFC_PROTO_JEWEL 1
diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index d77524510435..b37bd5a1cb82 100644
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -3451,6 +3451,8 @@ enum nl80211_ps_state {
3451 * interval in which %NL80211_ATTR_CQM_TXE_PKTS and 3451 * interval in which %NL80211_ATTR_CQM_TXE_PKTS and
3452 * %NL80211_ATTR_CQM_TXE_RATE must be satisfied before generating an 3452 * %NL80211_ATTR_CQM_TXE_RATE must be satisfied before generating an
3453 * %NL80211_CMD_NOTIFY_CQM. Set to 0 to turn off TX error reporting. 3453 * %NL80211_CMD_NOTIFY_CQM. Set to 0 to turn off TX error reporting.
3454 * @NL80211_ATTR_CQM_BEACON_LOSS_EVENT: flag attribute that's set in a beacon
3455 * loss event
3454 * @__NL80211_ATTR_CQM_AFTER_LAST: internal 3456 * @__NL80211_ATTR_CQM_AFTER_LAST: internal
3455 * @NL80211_ATTR_CQM_MAX: highest key attribute 3457 * @NL80211_ATTR_CQM_MAX: highest key attribute
3456 */ 3458 */
@@ -3463,6 +3465,7 @@ enum nl80211_attr_cqm {
3463 NL80211_ATTR_CQM_TXE_RATE, 3465 NL80211_ATTR_CQM_TXE_RATE,
3464 NL80211_ATTR_CQM_TXE_PKTS, 3466 NL80211_ATTR_CQM_TXE_PKTS,
3465 NL80211_ATTR_CQM_TXE_INTVL, 3467 NL80211_ATTR_CQM_TXE_INTVL,
3468 NL80211_ATTR_CQM_BEACON_LOSS_EVENT,
3466 3469
3467 /* keep last */ 3470 /* keep last */
3468 __NL80211_ATTR_CQM_AFTER_LAST, 3471 __NL80211_ATTR_CQM_AFTER_LAST,
@@ -3475,9 +3478,7 @@ enum nl80211_attr_cqm {
3475 * configured threshold 3478 * configured threshold
3476 * @NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH: The RSSI is higher than the 3479 * @NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH: The RSSI is higher than the
3477 * configured threshold 3480 * configured threshold
3478 * @NL80211_CQM_RSSI_BEACON_LOSS_EVENT: The device experienced beacon loss. 3481 * @NL80211_CQM_RSSI_BEACON_LOSS_EVENT: (reserved, never sent)
3479 * (Note that deauth/disassoc will still follow if the AP is not
3480 * available. This event might get used as roaming event, etc.)
3481 */ 3482 */
3482enum nl80211_cqm_rssi_threshold_event { 3483enum nl80211_cqm_rssi_threshold_event {
3483 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 3484 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
diff --git a/net/6lowpan/iphc.c b/net/6lowpan/iphc.c
index aced97db62f0..32ffec6ef164 100644
--- a/net/6lowpan/iphc.c
+++ b/net/6lowpan/iphc.c
@@ -15,9 +15,6 @@
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details. 16 * GNU General Public License for more details.
17 * 17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */ 18 */
22 19
23/* Jon's code is based on 6lowpan implementation for Contiki which is: 20/* Jon's code is based on 6lowpan implementation for Contiki which is:
diff --git a/net/bluetooth/Kconfig b/net/bluetooth/Kconfig
index 5e97a8ff850b..29bcafc41adf 100644
--- a/net/bluetooth/Kconfig
+++ b/net/bluetooth/Kconfig
@@ -10,6 +10,7 @@ menuconfig BT
10 select CRYPTO 10 select CRYPTO
11 select CRYPTO_BLKCIPHER 11 select CRYPTO_BLKCIPHER
12 select CRYPTO_AES 12 select CRYPTO_AES
13 select CRYPTO_CMAC
13 select CRYPTO_ECB 14 select CRYPTO_ECB
14 select CRYPTO_SHA256 15 select CRYPTO_SHA256
15 help 16 help
diff --git a/net/bluetooth/Makefile b/net/bluetooth/Makefile
index 886e9aa3ecf1..a5432a6a0ae6 100644
--- a/net/bluetooth/Makefile
+++ b/net/bluetooth/Makefile
@@ -13,6 +13,6 @@ bluetooth_6lowpan-y := 6lowpan.o
13 13
14bluetooth-y := af_bluetooth.o hci_core.o hci_conn.o hci_event.o mgmt.o \ 14bluetooth-y := af_bluetooth.o hci_core.o hci_conn.o hci_event.o mgmt.o \
15 hci_sock.o hci_sysfs.o l2cap_core.o l2cap_sock.o smp.o sco.o lib.o \ 15 hci_sock.o hci_sysfs.o l2cap_core.o l2cap_sock.o smp.o sco.o lib.o \
16 a2mp.o amp.o 16 a2mp.o amp.o ecc.o
17 17
18subdir-ccflags-y += -D__CHECK_ENDIAN__ 18subdir-ccflags-y += -D__CHECK_ENDIAN__
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index 0a7cc565f93e..012e3b03589d 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -31,7 +31,7 @@
31#include <net/bluetooth/bluetooth.h> 31#include <net/bluetooth/bluetooth.h>
32#include <linux/proc_fs.h> 32#include <linux/proc_fs.h>
33 33
34#define VERSION "2.19" 34#define VERSION "2.20"
35 35
36/* Bluetooth sockets */ 36/* Bluetooth sockets */
37#define BT_MAX_PROTO 8 37#define BT_MAX_PROTO 8
diff --git a/net/bluetooth/ecc.c b/net/bluetooth/ecc.c
new file mode 100644
index 000000000000..e1709f8467ac
--- /dev/null
+++ b/net/bluetooth/ecc.c
@@ -0,0 +1,816 @@
1/*
2 * Copyright (c) 2013, Kenneth MacKay
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are
7 * met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
15 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
16 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
17 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
18 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
19 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
20 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
24 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27#include <linux/random.h>
28
29#include "ecc.h"
30
31/* 256-bit curve */
32#define ECC_BYTES 32
33
34#define MAX_TRIES 16
35
36/* Number of u64's needed */
37#define NUM_ECC_DIGITS (ECC_BYTES / 8)
38
39struct ecc_point {
40 u64 x[NUM_ECC_DIGITS];
41 u64 y[NUM_ECC_DIGITS];
42};
43
44typedef struct {
45 u64 m_low;
46 u64 m_high;
47} uint128_t;
48
49#define CURVE_P_32 { 0xFFFFFFFFFFFFFFFFull, 0x00000000FFFFFFFFull, \
50 0x0000000000000000ull, 0xFFFFFFFF00000001ull }
51
52#define CURVE_G_32 { \
53 { 0xF4A13945D898C296ull, 0x77037D812DEB33A0ull, \
54 0xF8BCE6E563A440F2ull, 0x6B17D1F2E12C4247ull }, \
55 { 0xCBB6406837BF51F5ull, 0x2BCE33576B315ECEull, \
56 0x8EE7EB4A7C0F9E16ull, 0x4FE342E2FE1A7F9Bull } \
57}
58
59#define CURVE_N_32 { 0xF3B9CAC2FC632551ull, 0xBCE6FAADA7179E84ull, \
60 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFF00000000ull }
61
62static u64 curve_p[NUM_ECC_DIGITS] = CURVE_P_32;
63static struct ecc_point curve_g = CURVE_G_32;
64static u64 curve_n[NUM_ECC_DIGITS] = CURVE_N_32;
65
66static void vli_clear(u64 *vli)
67{
68 int i;
69
70 for (i = 0; i < NUM_ECC_DIGITS; i++)
71 vli[i] = 0;
72}
73
74/* Returns true if vli == 0, false otherwise. */
75static bool vli_is_zero(const u64 *vli)
76{
77 int i;
78
79 for (i = 0; i < NUM_ECC_DIGITS; i++) {
80 if (vli[i])
81 return false;
82 }
83
84 return true;
85}
86
87/* Returns nonzero if bit bit of vli is set. */
88static u64 vli_test_bit(const u64 *vli, unsigned int bit)
89{
90 return (vli[bit / 64] & ((u64) 1 << (bit % 64)));
91}
92
93/* Counts the number of 64-bit "digits" in vli. */
94static unsigned int vli_num_digits(const u64 *vli)
95{
96 int i;
97
98 /* Search from the end until we find a non-zero digit.
99 * We do it in reverse because we expect that most digits will
100 * be nonzero.
101 */
102 for (i = NUM_ECC_DIGITS - 1; i >= 0 && vli[i] == 0; i--);
103
104 return (i + 1);
105}
106
107/* Counts the number of bits required for vli. */
108static unsigned int vli_num_bits(const u64 *vli)
109{
110 unsigned int i, num_digits;
111 u64 digit;
112
113 num_digits = vli_num_digits(vli);
114 if (num_digits == 0)
115 return 0;
116
117 digit = vli[num_digits - 1];
118 for (i = 0; digit; i++)
119 digit >>= 1;
120
121 return ((num_digits - 1) * 64 + i);
122}
123
124/* Sets dest = src. */
125static void vli_set(u64 *dest, const u64 *src)
126{
127 int i;
128
129 for (i = 0; i < NUM_ECC_DIGITS; i++)
130 dest[i] = src[i];
131}
132
133/* Returns sign of left - right. */
134static int vli_cmp(const u64 *left, const u64 *right)
135{
136 int i;
137
138 for (i = NUM_ECC_DIGITS - 1; i >= 0; i--) {
139 if (left[i] > right[i])
140 return 1;
141 else if (left[i] < right[i])
142 return -1;
143 }
144
145 return 0;
146}
147
148/* Computes result = in << c, returning carry. Can modify in place
149 * (if result == in). 0 < shift < 64.
150 */
151static u64 vli_lshift(u64 *result, const u64 *in,
152 unsigned int shift)
153{
154 u64 carry = 0;
155 int i;
156
157 for (i = 0; i < NUM_ECC_DIGITS; i++) {
158 u64 temp = in[i];
159
160 result[i] = (temp << shift) | carry;
161 carry = temp >> (64 - shift);
162 }
163
164 return carry;
165}
166
167/* Computes vli = vli >> 1. */
168static void vli_rshift1(u64 *vli)
169{
170 u64 *end = vli;
171 u64 carry = 0;
172
173 vli += NUM_ECC_DIGITS;
174
175 while (vli-- > end) {
176 u64 temp = *vli;
177 *vli = (temp >> 1) | carry;
178 carry = temp << 63;
179 }
180}
181
182/* Computes result = left + right, returning carry. Can modify in place. */
183static u64 vli_add(u64 *result, const u64 *left,
184 const u64 *right)
185{
186 u64 carry = 0;
187 int i;
188
189 for (i = 0; i < NUM_ECC_DIGITS; i++) {
190 u64 sum;
191
192 sum = left[i] + right[i] + carry;
193 if (sum != left[i])
194 carry = (sum < left[i]);
195
196 result[i] = sum;
197 }
198
199 return carry;
200}
201
202/* Computes result = left - right, returning borrow. Can modify in place. */
203static u64 vli_sub(u64 *result, const u64 *left, const u64 *right)
204{
205 u64 borrow = 0;
206 int i;
207
208 for (i = 0; i < NUM_ECC_DIGITS; i++) {
209 u64 diff;
210
211 diff = left[i] - right[i] - borrow;
212 if (diff != left[i])
213 borrow = (diff > left[i]);
214
215 result[i] = diff;
216 }
217
218 return borrow;
219}
220
221static uint128_t mul_64_64(u64 left, u64 right)
222{
223 u64 a0 = left & 0xffffffffull;
224 u64 a1 = left >> 32;
225 u64 b0 = right & 0xffffffffull;
226 u64 b1 = right >> 32;
227 u64 m0 = a0 * b0;
228 u64 m1 = a0 * b1;
229 u64 m2 = a1 * b0;
230 u64 m3 = a1 * b1;
231 uint128_t result;
232
233 m2 += (m0 >> 32);
234 m2 += m1;
235
236 /* Overflow */
237 if (m2 < m1)
238 m3 += 0x100000000ull;
239
240 result.m_low = (m0 & 0xffffffffull) | (m2 << 32);
241 result.m_high = m3 + (m2 >> 32);
242
243 return result;
244}
245
246static uint128_t add_128_128(uint128_t a, uint128_t b)
247{
248 uint128_t result;
249
250 result.m_low = a.m_low + b.m_low;
251 result.m_high = a.m_high + b.m_high + (result.m_low < a.m_low);
252
253 return result;
254}
255
256static void vli_mult(u64 *result, const u64 *left, const u64 *right)
257{
258 uint128_t r01 = { 0, 0 };
259 u64 r2 = 0;
260 unsigned int i, k;
261
262 /* Compute each digit of result in sequence, maintaining the
263 * carries.
264 */
265 for (k = 0; k < NUM_ECC_DIGITS * 2 - 1; k++) {
266 unsigned int min;
267
268 if (k < NUM_ECC_DIGITS)
269 min = 0;
270 else
271 min = (k + 1) - NUM_ECC_DIGITS;
272
273 for (i = min; i <= k && i < NUM_ECC_DIGITS; i++) {
274 uint128_t product;
275
276 product = mul_64_64(left[i], right[k - i]);
277
278 r01 = add_128_128(r01, product);
279 r2 += (r01.m_high < product.m_high);
280 }
281
282 result[k] = r01.m_low;
283 r01.m_low = r01.m_high;
284 r01.m_high = r2;
285 r2 = 0;
286 }
287
288 result[NUM_ECC_DIGITS * 2 - 1] = r01.m_low;
289}
290
291static void vli_square(u64 *result, const u64 *left)
292{
293 uint128_t r01 = { 0, 0 };
294 u64 r2 = 0;
295 int i, k;
296
297 for (k = 0; k < NUM_ECC_DIGITS * 2 - 1; k++) {
298 unsigned int min;
299
300 if (k < NUM_ECC_DIGITS)
301 min = 0;
302 else
303 min = (k + 1) - NUM_ECC_DIGITS;
304
305 for (i = min; i <= k && i <= k - i; i++) {
306 uint128_t product;
307
308 product = mul_64_64(left[i], left[k - i]);
309
310 if (i < k - i) {
311 r2 += product.m_high >> 63;
312 product.m_high = (product.m_high << 1) |
313 (product.m_low >> 63);
314 product.m_low <<= 1;
315 }
316
317 r01 = add_128_128(r01, product);
318 r2 += (r01.m_high < product.m_high);
319 }
320
321 result[k] = r01.m_low;
322 r01.m_low = r01.m_high;
323 r01.m_high = r2;
324 r2 = 0;
325 }
326
327 result[NUM_ECC_DIGITS * 2 - 1] = r01.m_low;
328}
329
330/* Computes result = (left + right) % mod.
331 * Assumes that left < mod and right < mod, result != mod.
332 */
333static void vli_mod_add(u64 *result, const u64 *left, const u64 *right,
334 const u64 *mod)
335{
336 u64 carry;
337
338 carry = vli_add(result, left, right);
339
340 /* result > mod (result = mod + remainder), so subtract mod to
341 * get remainder.
342 */
343 if (carry || vli_cmp(result, mod) >= 0)
344 vli_sub(result, result, mod);
345}
346
347/* Computes result = (left - right) % mod.
348 * Assumes that left < mod and right < mod, result != mod.
349 */
350static void vli_mod_sub(u64 *result, const u64 *left, const u64 *right,
351 const u64 *mod)
352{
353 u64 borrow = vli_sub(result, left, right);
354
355 /* In this case, p_result == -diff == (max int) - diff.
356 * Since -x % d == d - x, we can get the correct result from
357 * result + mod (with overflow).
358 */
359 if (borrow)
360 vli_add(result, result, mod);
361}
362
363/* Computes result = product % curve_p
364 from http://www.nsa.gov/ia/_files/nist-routines.pdf */
365static void vli_mmod_fast(u64 *result, const u64 *product)
366{
367 u64 tmp[NUM_ECC_DIGITS];
368 int carry;
369
370 /* t */
371 vli_set(result, product);
372
373 /* s1 */
374 tmp[0] = 0;
375 tmp[1] = product[5] & 0xffffffff00000000ull;
376 tmp[2] = product[6];
377 tmp[3] = product[7];
378 carry = vli_lshift(tmp, tmp, 1);
379 carry += vli_add(result, result, tmp);
380
381 /* s2 */
382 tmp[1] = product[6] << 32;
383 tmp[2] = (product[6] >> 32) | (product[7] << 32);
384 tmp[3] = product[7] >> 32;
385 carry += vli_lshift(tmp, tmp, 1);
386 carry += vli_add(result, result, tmp);
387
388 /* s3 */
389 tmp[0] = product[4];
390 tmp[1] = product[5] & 0xffffffff;
391 tmp[2] = 0;
392 tmp[3] = product[7];
393 carry += vli_add(result, result, tmp);
394
395 /* s4 */
396 tmp[0] = (product[4] >> 32) | (product[5] << 32);
397 tmp[1] = (product[5] >> 32) | (product[6] & 0xffffffff00000000ull);
398 tmp[2] = product[7];
399 tmp[3] = (product[6] >> 32) | (product[4] << 32);
400 carry += vli_add(result, result, tmp);
401
402 /* d1 */
403 tmp[0] = (product[5] >> 32) | (product[6] << 32);
404 tmp[1] = (product[6] >> 32);
405 tmp[2] = 0;
406 tmp[3] = (product[4] & 0xffffffff) | (product[5] << 32);
407 carry -= vli_sub(result, result, tmp);
408
409 /* d2 */
410 tmp[0] = product[6];
411 tmp[1] = product[7];
412 tmp[2] = 0;
413 tmp[3] = (product[4] >> 32) | (product[5] & 0xffffffff00000000ull);
414 carry -= vli_sub(result, result, tmp);
415
416 /* d3 */
417 tmp[0] = (product[6] >> 32) | (product[7] << 32);
418 tmp[1] = (product[7] >> 32) | (product[4] << 32);
419 tmp[2] = (product[4] >> 32) | (product[5] << 32);
420 tmp[3] = (product[6] << 32);
421 carry -= vli_sub(result, result, tmp);
422
423 /* d4 */
424 tmp[0] = product[7];
425 tmp[1] = product[4] & 0xffffffff00000000ull;
426 tmp[2] = product[5];
427 tmp[3] = product[6] & 0xffffffff00000000ull;
428 carry -= vli_sub(result, result, tmp);
429
430 if (carry < 0) {
431 do {
432 carry += vli_add(result, result, curve_p);
433 } while (carry < 0);
434 } else {
435 while (carry || vli_cmp(curve_p, result) != 1)
436 carry -= vli_sub(result, result, curve_p);
437 }
438}
439
440/* Computes result = (left * right) % curve_p. */
441static void vli_mod_mult_fast(u64 *result, const u64 *left, const u64 *right)
442{
443 u64 product[2 * NUM_ECC_DIGITS];
444
445 vli_mult(product, left, right);
446 vli_mmod_fast(result, product);
447}
448
449/* Computes result = left^2 % curve_p. */
450static void vli_mod_square_fast(u64 *result, const u64 *left)
451{
452 u64 product[2 * NUM_ECC_DIGITS];
453
454 vli_square(product, left);
455 vli_mmod_fast(result, product);
456}
457
458#define EVEN(vli) (!(vli[0] & 1))
459/* Computes result = (1 / p_input) % mod. All VLIs are the same size.
460 * See "From Euclid's GCD to Montgomery Multiplication to the Great Divide"
461 * https://labs.oracle.com/techrep/2001/smli_tr-2001-95.pdf
462 */
463static void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod)
464{
465 u64 a[NUM_ECC_DIGITS], b[NUM_ECC_DIGITS];
466 u64 u[NUM_ECC_DIGITS], v[NUM_ECC_DIGITS];
467 u64 carry;
468 int cmp_result;
469
470 if (vli_is_zero(input)) {
471 vli_clear(result);
472 return;
473 }
474
475 vli_set(a, input);
476 vli_set(b, mod);
477 vli_clear(u);
478 u[0] = 1;
479 vli_clear(v);
480
481 while ((cmp_result = vli_cmp(a, b)) != 0) {
482 carry = 0;
483
484 if (EVEN(a)) {
485 vli_rshift1(a);
486
487 if (!EVEN(u))
488 carry = vli_add(u, u, mod);
489
490 vli_rshift1(u);
491 if (carry)
492 u[NUM_ECC_DIGITS - 1] |= 0x8000000000000000ull;
493 } else if (EVEN(b)) {
494 vli_rshift1(b);
495
496 if (!EVEN(v))
497 carry = vli_add(v, v, mod);
498
499 vli_rshift1(v);
500 if (carry)
501 v[NUM_ECC_DIGITS - 1] |= 0x8000000000000000ull;
502 } else if (cmp_result > 0) {
503 vli_sub(a, a, b);
504 vli_rshift1(a);
505
506 if (vli_cmp(u, v) < 0)
507 vli_add(u, u, mod);
508
509 vli_sub(u, u, v);
510 if (!EVEN(u))
511 carry = vli_add(u, u, mod);
512
513 vli_rshift1(u);
514 if (carry)
515 u[NUM_ECC_DIGITS - 1] |= 0x8000000000000000ull;
516 } else {
517 vli_sub(b, b, a);
518 vli_rshift1(b);
519
520 if (vli_cmp(v, u) < 0)
521 vli_add(v, v, mod);
522
523 vli_sub(v, v, u);
524 if (!EVEN(v))
525 carry = vli_add(v, v, mod);
526
527 vli_rshift1(v);
528 if (carry)
529 v[NUM_ECC_DIGITS - 1] |= 0x8000000000000000ull;
530 }
531 }
532
533 vli_set(result, u);
534}
535
536/* ------ Point operations ------ */
537
538/* Returns true if p_point is the point at infinity, false otherwise. */
539static bool ecc_point_is_zero(const struct ecc_point *point)
540{
541 return (vli_is_zero(point->x) && vli_is_zero(point->y));
542}
543
544/* Point multiplication algorithm using Montgomery's ladder with co-Z
545 * coordinates. From http://eprint.iacr.org/2011/338.pdf
546 */
547
548/* Double in place */
549static void ecc_point_double_jacobian(u64 *x1, u64 *y1, u64 *z1)
550{
551 /* t1 = x, t2 = y, t3 = z */
552 u64 t4[NUM_ECC_DIGITS];
553 u64 t5[NUM_ECC_DIGITS];
554
555 if (vli_is_zero(z1))
556 return;
557
558 vli_mod_square_fast(t4, y1); /* t4 = y1^2 */
559 vli_mod_mult_fast(t5, x1, t4); /* t5 = x1*y1^2 = A */
560 vli_mod_square_fast(t4, t4); /* t4 = y1^4 */
561 vli_mod_mult_fast(y1, y1, z1); /* t2 = y1*z1 = z3 */
562 vli_mod_square_fast(z1, z1); /* t3 = z1^2 */
563
564 vli_mod_add(x1, x1, z1, curve_p); /* t1 = x1 + z1^2 */
565 vli_mod_add(z1, z1, z1, curve_p); /* t3 = 2*z1^2 */
566 vli_mod_sub(z1, x1, z1, curve_p); /* t3 = x1 - z1^2 */
567 vli_mod_mult_fast(x1, x1, z1); /* t1 = x1^2 - z1^4 */
568
569 vli_mod_add(z1, x1, x1, curve_p); /* t3 = 2*(x1^2 - z1^4) */
570 vli_mod_add(x1, x1, z1, curve_p); /* t1 = 3*(x1^2 - z1^4) */
571 if (vli_test_bit(x1, 0)) {
572 u64 carry = vli_add(x1, x1, curve_p);
573 vli_rshift1(x1);
574 x1[NUM_ECC_DIGITS - 1] |= carry << 63;
575 } else {
576 vli_rshift1(x1);
577 }
578 /* t1 = 3/2*(x1^2 - z1^4) = B */
579
580 vli_mod_square_fast(z1, x1); /* t3 = B^2 */
581 vli_mod_sub(z1, z1, t5, curve_p); /* t3 = B^2 - A */
582 vli_mod_sub(z1, z1, t5, curve_p); /* t3 = B^2 - 2A = x3 */
583 vli_mod_sub(t5, t5, z1, curve_p); /* t5 = A - x3 */
584 vli_mod_mult_fast(x1, x1, t5); /* t1 = B * (A - x3) */
585 vli_mod_sub(t4, x1, t4, curve_p); /* t4 = B * (A - x3) - y1^4 = y3 */
586
587 vli_set(x1, z1);
588 vli_set(z1, y1);
589 vli_set(y1, t4);
590}
591
592/* Modify (x1, y1) => (x1 * z^2, y1 * z^3) */
593static void apply_z(u64 *x1, u64 *y1, u64 *z)
594{
595 u64 t1[NUM_ECC_DIGITS];
596
597 vli_mod_square_fast(t1, z); /* z^2 */
598 vli_mod_mult_fast(x1, x1, t1); /* x1 * z^2 */
599 vli_mod_mult_fast(t1, t1, z); /* z^3 */
600 vli_mod_mult_fast(y1, y1, t1); /* y1 * z^3 */
601}
602
603/* P = (x1, y1) => 2P, (x2, y2) => P' */
604static void xycz_initial_double(u64 *x1, u64 *y1, u64 *x2, u64 *y2,
605 u64 *p_initial_z)
606{
607 u64 z[NUM_ECC_DIGITS];
608
609 vli_set(x2, x1);
610 vli_set(y2, y1);
611
612 vli_clear(z);
613 z[0] = 1;
614
615 if (p_initial_z)
616 vli_set(z, p_initial_z);
617
618 apply_z(x1, y1, z);
619
620 ecc_point_double_jacobian(x1, y1, z);
621
622 apply_z(x2, y2, z);
623}
624
625/* Input P = (x1, y1, Z), Q = (x2, y2, Z)
626 * Output P' = (x1', y1', Z3), P + Q = (x3, y3, Z3)
627 * or P => P', Q => P + Q
628 */
629static void xycz_add(u64 *x1, u64 *y1, u64 *x2, u64 *y2)
630{
631 /* t1 = X1, t2 = Y1, t3 = X2, t4 = Y2 */
632 u64 t5[NUM_ECC_DIGITS];
633
634 vli_mod_sub(t5, x2, x1, curve_p); /* t5 = x2 - x1 */
635 vli_mod_square_fast(t5, t5); /* t5 = (x2 - x1)^2 = A */
636 vli_mod_mult_fast(x1, x1, t5); /* t1 = x1*A = B */
637 vli_mod_mult_fast(x2, x2, t5); /* t3 = x2*A = C */
638 vli_mod_sub(y2, y2, y1, curve_p); /* t4 = y2 - y1 */
639 vli_mod_square_fast(t5, y2); /* t5 = (y2 - y1)^2 = D */
640
641 vli_mod_sub(t5, t5, x1, curve_p); /* t5 = D - B */
642 vli_mod_sub(t5, t5, x2, curve_p); /* t5 = D - B - C = x3 */
643 vli_mod_sub(x2, x2, x1, curve_p); /* t3 = C - B */
644 vli_mod_mult_fast(y1, y1, x2); /* t2 = y1*(C - B) */
645 vli_mod_sub(x2, x1, t5, curve_p); /* t3 = B - x3 */
646 vli_mod_mult_fast(y2, y2, x2); /* t4 = (y2 - y1)*(B - x3) */
647 vli_mod_sub(y2, y2, y1, curve_p); /* t4 = y3 */
648
649 vli_set(x2, t5);
650}
651
652/* Input P = (x1, y1, Z), Q = (x2, y2, Z)
653 * Output P + Q = (x3, y3, Z3), P - Q = (x3', y3', Z3)
654 * or P => P - Q, Q => P + Q
655 */
656static void xycz_add_c(u64 *x1, u64 *y1, u64 *x2, u64 *y2)
657{
658 /* t1 = X1, t2 = Y1, t3 = X2, t4 = Y2 */
659 u64 t5[NUM_ECC_DIGITS];
660 u64 t6[NUM_ECC_DIGITS];
661 u64 t7[NUM_ECC_DIGITS];
662
663 vli_mod_sub(t5, x2, x1, curve_p); /* t5 = x2 - x1 */
664 vli_mod_square_fast(t5, t5); /* t5 = (x2 - x1)^2 = A */
665 vli_mod_mult_fast(x1, x1, t5); /* t1 = x1*A = B */
666 vli_mod_mult_fast(x2, x2, t5); /* t3 = x2*A = C */
667 vli_mod_add(t5, y2, y1, curve_p); /* t4 = y2 + y1 */
668 vli_mod_sub(y2, y2, y1, curve_p); /* t4 = y2 - y1 */
669
670 vli_mod_sub(t6, x2, x1, curve_p); /* t6 = C - B */
671 vli_mod_mult_fast(y1, y1, t6); /* t2 = y1 * (C - B) */
672 vli_mod_add(t6, x1, x2, curve_p); /* t6 = B + C */
673 vli_mod_square_fast(x2, y2); /* t3 = (y2 - y1)^2 */
674 vli_mod_sub(x2, x2, t6, curve_p); /* t3 = x3 */
675
676 vli_mod_sub(t7, x1, x2, curve_p); /* t7 = B - x3 */
677 vli_mod_mult_fast(y2, y2, t7); /* t4 = (y2 - y1)*(B - x3) */
678 vli_mod_sub(y2, y2, y1, curve_p); /* t4 = y3 */
679
680 vli_mod_square_fast(t7, t5); /* t7 = (y2 + y1)^2 = F */
681 vli_mod_sub(t7, t7, t6, curve_p); /* t7 = x3' */
682 vli_mod_sub(t6, t7, x1, curve_p); /* t6 = x3' - B */
683 vli_mod_mult_fast(t6, t6, t5); /* t6 = (y2 + y1)*(x3' - B) */
684 vli_mod_sub(y1, t6, y1, curve_p); /* t2 = y3' */
685
686 vli_set(x1, t7);
687}
688
689static void ecc_point_mult(struct ecc_point *result,
690 const struct ecc_point *point, u64 *scalar,
691 u64 *initial_z, int num_bits)
692{
693 /* R0 and R1 */
694 u64 rx[2][NUM_ECC_DIGITS];
695 u64 ry[2][NUM_ECC_DIGITS];
696 u64 z[NUM_ECC_DIGITS];
697 int i, nb;
698
699 vli_set(rx[1], point->x);
700 vli_set(ry[1], point->y);
701
702 xycz_initial_double(rx[1], ry[1], rx[0], ry[0], initial_z);
703
704 for (i = num_bits - 2; i > 0; i--) {
705 nb = !vli_test_bit(scalar, i);
706 xycz_add_c(rx[1 - nb], ry[1 - nb], rx[nb], ry[nb]);
707 xycz_add(rx[nb], ry[nb], rx[1 - nb], ry[1 - nb]);
708 }
709
710 nb = !vli_test_bit(scalar, 0);
711 xycz_add_c(rx[1 - nb], ry[1 - nb], rx[nb], ry[nb]);
712
713 /* Find final 1/Z value. */
714 vli_mod_sub(z, rx[1], rx[0], curve_p); /* X1 - X0 */
715 vli_mod_mult_fast(z, z, ry[1 - nb]); /* Yb * (X1 - X0) */
716 vli_mod_mult_fast(z, z, point->x); /* xP * Yb * (X1 - X0) */
717 vli_mod_inv(z, z, curve_p); /* 1 / (xP * Yb * (X1 - X0)) */
718 vli_mod_mult_fast(z, z, point->y); /* yP / (xP * Yb * (X1 - X0)) */
719 vli_mod_mult_fast(z, z, rx[1 - nb]); /* Xb * yP / (xP * Yb * (X1 - X0)) */
720 /* End 1/Z calculation */
721
722 xycz_add(rx[nb], ry[nb], rx[1 - nb], ry[1 - nb]);
723
724 apply_z(rx[0], ry[0], z);
725
726 vli_set(result->x, rx[0]);
727 vli_set(result->y, ry[0]);
728}
729
730static void ecc_bytes2native(const u8 bytes[ECC_BYTES],
731 u64 native[NUM_ECC_DIGITS])
732{
733 int i;
734
735 for (i = 0; i < NUM_ECC_DIGITS; i++) {
736 const u8 *digit = bytes + 8 * (NUM_ECC_DIGITS - 1 - i);
737
738 native[NUM_ECC_DIGITS - 1 - i] =
739 ((u64) digit[0] << 0) |
740 ((u64) digit[1] << 8) |
741 ((u64) digit[2] << 16) |
742 ((u64) digit[3] << 24) |
743 ((u64) digit[4] << 32) |
744 ((u64) digit[5] << 40) |
745 ((u64) digit[6] << 48) |
746 ((u64) digit[7] << 56);
747 }
748}
749
750static void ecc_native2bytes(const u64 native[NUM_ECC_DIGITS],
751 u8 bytes[ECC_BYTES])
752{
753 int i;
754
755 for (i = 0; i < NUM_ECC_DIGITS; i++) {
756 u8 *digit = bytes + 8 * (NUM_ECC_DIGITS - 1 - i);
757
758 digit[0] = native[NUM_ECC_DIGITS - 1 - i] >> 0;
759 digit[1] = native[NUM_ECC_DIGITS - 1 - i] >> 8;
760 digit[2] = native[NUM_ECC_DIGITS - 1 - i] >> 16;
761 digit[3] = native[NUM_ECC_DIGITS - 1 - i] >> 24;
762 digit[4] = native[NUM_ECC_DIGITS - 1 - i] >> 32;
763 digit[5] = native[NUM_ECC_DIGITS - 1 - i] >> 40;
764 digit[6] = native[NUM_ECC_DIGITS - 1 - i] >> 48;
765 digit[7] = native[NUM_ECC_DIGITS - 1 - i] >> 56;
766 }
767}
768
769bool ecc_make_key(u8 public_key[64], u8 private_key[32])
770{
771 struct ecc_point pk;
772 u64 priv[NUM_ECC_DIGITS];
773 unsigned int tries = 0;
774
775 do {
776 if (tries++ >= MAX_TRIES)
777 return false;
778
779 get_random_bytes(priv, ECC_BYTES);
780
781 if (vli_is_zero(priv))
782 continue;
783
784 /* Make sure the private key is in the range [1, n-1]. */
785 if (vli_cmp(curve_n, priv) != 1)
786 continue;
787
788 ecc_point_mult(&pk, &curve_g, priv, NULL, vli_num_bits(priv));
789 } while (ecc_point_is_zero(&pk));
790
791 ecc_native2bytes(priv, private_key);
792 ecc_native2bytes(pk.x, public_key);
793 ecc_native2bytes(pk.y, &public_key[32]);
794
795 return true;
796}
797
798bool ecdh_shared_secret(const u8 public_key[64], const u8 private_key[32],
799 u8 secret[32])
800{
801 u64 priv[NUM_ECC_DIGITS];
802 u64 rand[NUM_ECC_DIGITS];
803 struct ecc_point product, pk;
804
805 get_random_bytes(rand, ECC_BYTES);
806
807 ecc_bytes2native(public_key, pk.x);
808 ecc_bytes2native(&public_key[32], pk.y);
809 ecc_bytes2native(private_key, priv);
810
811 ecc_point_mult(&product, &pk, priv, rand, vli_num_bits(priv));
812
813 ecc_native2bytes(product.x, secret);
814
815 return !ecc_point_is_zero(&product);
816}
diff --git a/net/bluetooth/ecc.h b/net/bluetooth/ecc.h
new file mode 100644
index 000000000000..8d6a2f4d1905
--- /dev/null
+++ b/net/bluetooth/ecc.h
@@ -0,0 +1,54 @@
1/*
2 * Copyright (c) 2013, Kenneth MacKay
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are
7 * met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
15 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
16 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
17 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
18 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
19 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
20 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
24 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27/* Create a public/private key pair.
28 * Outputs:
29 * public_key - Will be filled in with the public key.
30 * private_key - Will be filled in with the private key.
31 *
32 * Returns true if the key pair was generated successfully, false
33 * if an error occurred. The keys are with the LSB first.
34 */
35bool ecc_make_key(u8 public_key[64], u8 private_key[32]);
36
37/* Compute a shared secret given your secret key and someone else's
38 * public key.
39 * Note: It is recommended that you hash the result of ecdh_shared_secret
40 * before using it for symmetric encryption or HMAC.
41 *
42 * Inputs:
43 * public_key - The public key of the remote party
44 * private_key - Your private key.
45 *
46 * Outputs:
47 * secret - Will be filled in with the shared secret value.
48 *
49 * Returns true if the shared secret was generated successfully, false
50 * if an error occurred. Both input and output parameters are with the
51 * LSB first.
52 */
53bool ecdh_shared_secret(const u8 public_key[64], const u8 private_key[32],
54 u8 secret[32]);
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 96887ae8375b..79d84b88b8f0 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -449,6 +449,7 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
449 conn->io_capability = hdev->io_capability; 449 conn->io_capability = hdev->io_capability;
450 conn->remote_auth = 0xff; 450 conn->remote_auth = 0xff;
451 conn->key_type = 0xff; 451 conn->key_type = 0xff;
452 conn->rssi = HCI_RSSI_INVALID;
452 conn->tx_power = HCI_TX_POWER_INVALID; 453 conn->tx_power = HCI_TX_POWER_INVALID;
453 conn->max_tx_power = HCI_TX_POWER_INVALID; 454 conn->max_tx_power = HCI_TX_POWER_INVALID;
454 455
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index d786958a1dec..93f92a085506 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -274,15 +274,13 @@ static const struct file_operations inquiry_cache_fops = {
274static int link_keys_show(struct seq_file *f, void *ptr) 274static int link_keys_show(struct seq_file *f, void *ptr)
275{ 275{
276 struct hci_dev *hdev = f->private; 276 struct hci_dev *hdev = f->private;
277 struct list_head *p, *n; 277 struct link_key *key;
278 278
279 hci_dev_lock(hdev); 279 rcu_read_lock();
280 list_for_each_safe(p, n, &hdev->link_keys) { 280 list_for_each_entry_rcu(key, &hdev->link_keys, list)
281 struct link_key *key = list_entry(p, struct link_key, list);
282 seq_printf(f, "%pMR %u %*phN %u\n", &key->bdaddr, key->type, 281 seq_printf(f, "%pMR %u %*phN %u\n", &key->bdaddr, key->type,
283 HCI_LINK_KEY_SIZE, key->val, key->pin_len); 282 HCI_LINK_KEY_SIZE, key->val, key->pin_len);
284 } 283 rcu_read_unlock();
285 hci_dev_unlock(hdev);
286 284
287 return 0; 285 return 0;
288} 286}
@@ -408,6 +406,49 @@ static const struct file_operations force_sc_support_fops = {
408 .llseek = default_llseek, 406 .llseek = default_llseek,
409}; 407};
410 408
409static ssize_t force_lesc_support_read(struct file *file, char __user *user_buf,
410 size_t count, loff_t *ppos)
411{
412 struct hci_dev *hdev = file->private_data;
413 char buf[3];
414
415 buf[0] = test_bit(HCI_FORCE_LESC, &hdev->dbg_flags) ? 'Y': 'N';
416 buf[1] = '\n';
417 buf[2] = '\0';
418 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
419}
420
421static ssize_t force_lesc_support_write(struct file *file,
422 const char __user *user_buf,
423 size_t count, loff_t *ppos)
424{
425 struct hci_dev *hdev = file->private_data;
426 char buf[32];
427 size_t buf_size = min(count, (sizeof(buf)-1));
428 bool enable;
429
430 if (copy_from_user(buf, user_buf, buf_size))
431 return -EFAULT;
432
433 buf[buf_size] = '\0';
434 if (strtobool(buf, &enable))
435 return -EINVAL;
436
437 if (enable == test_bit(HCI_FORCE_LESC, &hdev->dbg_flags))
438 return -EALREADY;
439
440 change_bit(HCI_FORCE_LESC, &hdev->dbg_flags);
441
442 return count;
443}
444
445static const struct file_operations force_lesc_support_fops = {
446 .open = simple_open,
447 .read = force_lesc_support_read,
448 .write = force_lesc_support_write,
449 .llseek = default_llseek,
450};
451
411static ssize_t sc_only_mode_read(struct file *file, char __user *user_buf, 452static ssize_t sc_only_mode_read(struct file *file, char __user *user_buf,
412 size_t count, loff_t *ppos) 453 size_t count, loff_t *ppos)
413{ 454{
@@ -1128,6 +1169,7 @@ struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
1128 err = hci_req_run(&req, hci_req_sync_complete); 1169 err = hci_req_run(&req, hci_req_sync_complete);
1129 if (err < 0) { 1170 if (err < 0) {
1130 remove_wait_queue(&hdev->req_wait_q, &wait); 1171 remove_wait_queue(&hdev->req_wait_q, &wait);
1172 set_current_state(TASK_RUNNING);
1131 return ERR_PTR(err); 1173 return ERR_PTR(err);
1132 } 1174 }
1133 1175
@@ -1196,6 +1238,7 @@ static int __hci_req_sync(struct hci_dev *hdev,
1196 hdev->req_status = 0; 1238 hdev->req_status = 0;
1197 1239
1198 remove_wait_queue(&hdev->req_wait_q, &wait); 1240 remove_wait_queue(&hdev->req_wait_q, &wait);
1241 set_current_state(TASK_RUNNING);
1199 1242
1200 /* ENODATA means the HCI request command queue is empty. 1243 /* ENODATA means the HCI request command queue is empty.
1201 * This can happen when a request with conditionals doesn't 1244 * This can happen when a request with conditionals doesn't
@@ -1692,6 +1735,28 @@ static void hci_init3_req(struct hci_request *req, unsigned long opt)
1692 * Parameter Request 1735 * Parameter Request
1693 */ 1736 */
1694 1737
1738 /* If the controller supports Extended Scanner Filter
1739 * Policies, enable the correspondig event.
1740 */
1741 if (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY)
1742 events[1] |= 0x04; /* LE Direct Advertising
1743 * Report
1744 */
1745
1746 /* If the controller supports the LE Read Local P-256
1747 * Public Key command, enable the corresponding event.
1748 */
1749 if (hdev->commands[34] & 0x02)
1750 events[0] |= 0x80; /* LE Read Local P-256
1751 * Public Key Complete
1752 */
1753
1754 /* If the controller supports the LE Generate DHKey
1755 * command, enable the corresponding event.
1756 */
1757 if (hdev->commands[34] & 0x04)
1758 events[1] |= 0x01; /* LE Generate DHKey Complete */
1759
1695 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events), 1760 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events),
1696 events); 1761 events);
1697 1762
@@ -1734,9 +1799,7 @@ static void hci_init4_req(struct hci_request *req, unsigned long opt)
1734 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL); 1799 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
1735 1800
1736 /* Enable Secure Connections if supported and configured */ 1801 /* Enable Secure Connections if supported and configured */
1737 if ((lmp_sc_capable(hdev) || 1802 if (bredr_sc_enabled(hdev)) {
1738 test_bit(HCI_FORCE_SC, &hdev->dbg_flags)) &&
1739 test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
1740 u8 support = 0x01; 1803 u8 support = 0x01;
1741 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT, 1804 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
1742 sizeof(support), &support); 1805 sizeof(support), &support);
@@ -1819,6 +1882,10 @@ static int __hci_init(struct hci_dev *hdev)
1819 hdev, &force_sc_support_fops); 1882 hdev, &force_sc_support_fops);
1820 debugfs_create_file("sc_only_mode", 0444, hdev->debugfs, 1883 debugfs_create_file("sc_only_mode", 0444, hdev->debugfs,
1821 hdev, &sc_only_mode_fops); 1884 hdev, &sc_only_mode_fops);
1885 if (lmp_le_capable(hdev))
1886 debugfs_create_file("force_lesc_support", 0644,
1887 hdev->debugfs, hdev,
1888 &force_lesc_support_fops);
1822 } 1889 }
1823 1890
1824 if (lmp_sniff_capable(hdev)) { 1891 if (lmp_sniff_capable(hdev)) {
@@ -2115,7 +2182,7 @@ u32 hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
2115 2182
2116 BT_DBG("cache %p, %pMR", cache, &data->bdaddr); 2183 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
2117 2184
2118 hci_remove_remote_oob_data(hdev, &data->bdaddr); 2185 hci_remove_remote_oob_data(hdev, &data->bdaddr, BDADDR_BREDR);
2119 2186
2120 if (!data->ssp_mode) 2187 if (!data->ssp_mode)
2121 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING; 2188 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
@@ -3099,15 +3166,11 @@ void hci_uuids_clear(struct hci_dev *hdev)
3099 3166
3100void hci_link_keys_clear(struct hci_dev *hdev) 3167void hci_link_keys_clear(struct hci_dev *hdev)
3101{ 3168{
3102 struct list_head *p, *n; 3169 struct link_key *key;
3103
3104 list_for_each_safe(p, n, &hdev->link_keys) {
3105 struct link_key *key;
3106
3107 key = list_entry(p, struct link_key, list);
3108 3170
3109 list_del(p); 3171 list_for_each_entry_rcu(key, &hdev->link_keys, list) {
3110 kfree(key); 3172 list_del_rcu(&key->list);
3173 kfree_rcu(key, rcu);
3111 } 3174 }
3112} 3175}
3113 3176
@@ -3135,9 +3198,14 @@ struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
3135{ 3198{
3136 struct link_key *k; 3199 struct link_key *k;
3137 3200
3138 list_for_each_entry(k, &hdev->link_keys, list) 3201 rcu_read_lock();
3139 if (bacmp(bdaddr, &k->bdaddr) == 0) 3202 list_for_each_entry_rcu(k, &hdev->link_keys, list) {
3203 if (bacmp(bdaddr, &k->bdaddr) == 0) {
3204 rcu_read_unlock();
3140 return k; 3205 return k;
3206 }
3207 }
3208 rcu_read_unlock();
3141 3209
3142 return NULL; 3210 return NULL;
3143} 3211}
@@ -3161,6 +3229,10 @@ static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
3161 if (!conn) 3229 if (!conn)
3162 return true; 3230 return true;
3163 3231
3232 /* BR/EDR key derived using SC from an LE link */
3233 if (conn->type == LE_LINK)
3234 return true;
3235
3164 /* Neither local nor remote side had no-bonding as requirement */ 3236 /* Neither local nor remote side had no-bonding as requirement */
3165 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01) 3237 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
3166 return true; 3238 return true;
@@ -3186,37 +3258,17 @@ static u8 ltk_role(u8 type)
3186 return HCI_ROLE_SLAVE; 3258 return HCI_ROLE_SLAVE;
3187} 3259}
3188 3260
3189struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, __le64 rand, 3261struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
3190 u8 role) 3262 u8 addr_type, u8 role)
3191{ 3263{
3192 struct smp_ltk *k; 3264 struct smp_ltk *k;
3193 3265
3194 rcu_read_lock(); 3266 rcu_read_lock();
3195 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) { 3267 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
3196 if (k->ediv != ediv || k->rand != rand) 3268 if (addr_type != k->bdaddr_type || bacmp(bdaddr, &k->bdaddr))
3197 continue;
3198
3199 if (ltk_role(k->type) != role)
3200 continue; 3269 continue;
3201 3270
3202 rcu_read_unlock(); 3271 if (smp_ltk_is_sc(k) || ltk_role(k->type) == role) {
3203 return k;
3204 }
3205 rcu_read_unlock();
3206
3207 return NULL;
3208}
3209
3210struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
3211 u8 addr_type, u8 role)
3212{
3213 struct smp_ltk *k;
3214
3215 rcu_read_lock();
3216 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
3217 if (addr_type == k->bdaddr_type &&
3218 bacmp(bdaddr, &k->bdaddr) == 0 &&
3219 ltk_role(k->type) == role) {
3220 rcu_read_unlock(); 3272 rcu_read_unlock();
3221 return k; 3273 return k;
3222 } 3274 }
@@ -3288,7 +3340,7 @@ struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn,
3288 key = kzalloc(sizeof(*key), GFP_KERNEL); 3340 key = kzalloc(sizeof(*key), GFP_KERNEL);
3289 if (!key) 3341 if (!key)
3290 return NULL; 3342 return NULL;
3291 list_add(&key->list, &hdev->link_keys); 3343 list_add_rcu(&key->list, &hdev->link_keys);
3292 } 3344 }
3293 3345
3294 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type); 3346 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
@@ -3326,7 +3378,7 @@ struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
3326 struct smp_ltk *key, *old_key; 3378 struct smp_ltk *key, *old_key;
3327 u8 role = ltk_role(type); 3379 u8 role = ltk_role(type);
3328 3380
3329 old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type, role); 3381 old_key = hci_find_ltk(hdev, bdaddr, addr_type, role);
3330 if (old_key) 3382 if (old_key)
3331 key = old_key; 3383 key = old_key;
3332 else { 3384 else {
@@ -3381,8 +3433,8 @@ int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
3381 3433
3382 BT_DBG("%s removing %pMR", hdev->name, bdaddr); 3434 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
3383 3435
3384 list_del(&key->list); 3436 list_del_rcu(&key->list);
3385 kfree(key); 3437 kfree_rcu(key, rcu);
3386 3438
3387 return 0; 3439 return 0;
3388} 3440}
@@ -3441,26 +3493,31 @@ static void hci_cmd_timeout(struct work_struct *work)
3441} 3493}
3442 3494
3443struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev, 3495struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
3444 bdaddr_t *bdaddr) 3496 bdaddr_t *bdaddr, u8 bdaddr_type)
3445{ 3497{
3446 struct oob_data *data; 3498 struct oob_data *data;
3447 3499
3448 list_for_each_entry(data, &hdev->remote_oob_data, list) 3500 list_for_each_entry(data, &hdev->remote_oob_data, list) {
3449 if (bacmp(bdaddr, &data->bdaddr) == 0) 3501 if (bacmp(bdaddr, &data->bdaddr) != 0)
3450 return data; 3502 continue;
3503 if (data->bdaddr_type != bdaddr_type)
3504 continue;
3505 return data;
3506 }
3451 3507
3452 return NULL; 3508 return NULL;
3453} 3509}
3454 3510
3455int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr) 3511int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
3512 u8 bdaddr_type)
3456{ 3513{
3457 struct oob_data *data; 3514 struct oob_data *data;
3458 3515
3459 data = hci_find_remote_oob_data(hdev, bdaddr); 3516 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
3460 if (!data) 3517 if (!data)
3461 return -ENOENT; 3518 return -ENOENT;
3462 3519
3463 BT_DBG("%s removing %pMR", hdev->name, bdaddr); 3520 BT_DBG("%s removing %pMR (%u)", hdev->name, bdaddr, bdaddr_type);
3464 3521
3465 list_del(&data->list); 3522 list_del(&data->list);
3466 kfree(data); 3523 kfree(data);
@@ -3479,52 +3536,37 @@ void hci_remote_oob_data_clear(struct hci_dev *hdev)
3479} 3536}
3480 3537
3481int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, 3538int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
3482 u8 *hash, u8 *rand) 3539 u8 bdaddr_type, u8 *hash192, u8 *rand192,
3540 u8 *hash256, u8 *rand256)
3483{ 3541{
3484 struct oob_data *data; 3542 struct oob_data *data;
3485 3543
3486 data = hci_find_remote_oob_data(hdev, bdaddr); 3544 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
3487 if (!data) { 3545 if (!data) {
3488 data = kmalloc(sizeof(*data), GFP_KERNEL); 3546 data = kmalloc(sizeof(*data), GFP_KERNEL);
3489 if (!data) 3547 if (!data)
3490 return -ENOMEM; 3548 return -ENOMEM;
3491 3549
3492 bacpy(&data->bdaddr, bdaddr); 3550 bacpy(&data->bdaddr, bdaddr);
3551 data->bdaddr_type = bdaddr_type;
3493 list_add(&data->list, &hdev->remote_oob_data); 3552 list_add(&data->list, &hdev->remote_oob_data);
3494 } 3553 }
3495 3554
3496 memcpy(data->hash192, hash, sizeof(data->hash192)); 3555 if (hash192 && rand192) {
3497 memcpy(data->rand192, rand, sizeof(data->rand192)); 3556 memcpy(data->hash192, hash192, sizeof(data->hash192));
3498 3557 memcpy(data->rand192, rand192, sizeof(data->rand192));
3499 memset(data->hash256, 0, sizeof(data->hash256)); 3558 } else {
3500 memset(data->rand256, 0, sizeof(data->rand256)); 3559 memset(data->hash192, 0, sizeof(data->hash192));
3501 3560 memset(data->rand192, 0, sizeof(data->rand192));
3502 BT_DBG("%s for %pMR", hdev->name, bdaddr);
3503
3504 return 0;
3505}
3506
3507int hci_add_remote_oob_ext_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
3508 u8 *hash192, u8 *rand192,
3509 u8 *hash256, u8 *rand256)
3510{
3511 struct oob_data *data;
3512
3513 data = hci_find_remote_oob_data(hdev, bdaddr);
3514 if (!data) {
3515 data = kmalloc(sizeof(*data), GFP_KERNEL);
3516 if (!data)
3517 return -ENOMEM;
3518
3519 bacpy(&data->bdaddr, bdaddr);
3520 list_add(&data->list, &hdev->remote_oob_data);
3521 } 3561 }
3522 3562
3523 memcpy(data->hash192, hash192, sizeof(data->hash192)); 3563 if (hash256 && rand256) {
3524 memcpy(data->rand192, rand192, sizeof(data->rand192)); 3564 memcpy(data->hash256, hash256, sizeof(data->hash256));
3525 3565 memcpy(data->rand256, rand256, sizeof(data->rand256));
3526 memcpy(data->hash256, hash256, sizeof(data->hash256)); 3566 } else {
3527 memcpy(data->rand256, rand256, sizeof(data->rand256)); 3567 memset(data->hash256, 0, sizeof(data->hash256));
3568 memset(data->rand256, 0, sizeof(data->rand256));
3569 }
3528 3570
3529 BT_DBG("%s for %pMR", hdev->name, bdaddr); 3571 BT_DBG("%s for %pMR", hdev->name, bdaddr);
3530 3572
@@ -4224,6 +4266,7 @@ void hci_unregister_dev(struct hci_dev *hdev)
4224 hci_remote_oob_data_clear(hdev); 4266 hci_remote_oob_data_clear(hdev);
4225 hci_bdaddr_list_clear(&hdev->le_white_list); 4267 hci_bdaddr_list_clear(&hdev->le_white_list);
4226 hci_conn_params_clear_all(hdev); 4268 hci_conn_params_clear_all(hdev);
4269 hci_discovery_filter_clear(hdev);
4227 hci_dev_unlock(hdev); 4270 hci_dev_unlock(hdev);
4228 4271
4229 hci_dev_put(hdev); 4272 hci_dev_put(hdev);
@@ -5596,6 +5639,19 @@ void hci_req_add_le_passive_scan(struct hci_request *req)
5596 */ 5639 */
5597 filter_policy = update_white_list(req); 5640 filter_policy = update_white_list(req);
5598 5641
5642 /* When the controller is using random resolvable addresses and
5643 * with that having LE privacy enabled, then controllers with
5644 * Extended Scanner Filter Policies support can now enable support
5645 * for handling directed advertising.
5646 *
5647 * So instead of using filter polices 0x00 (no whitelist)
5648 * and 0x01 (whitelist enabled) use the new filter policies
5649 * 0x02 (no whitelist) and 0x03 (whitelist enabled).
5650 */
5651 if (test_bit(HCI_PRIVACY, &hdev->dev_flags) &&
5652 (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY))
5653 filter_policy |= 0x02;
5654
5599 memset(&param_cp, 0, sizeof(param_cp)); 5655 memset(&param_cp, 0, sizeof(param_cp));
5600 param_cp.type = LE_SCAN_PASSIVE; 5656 param_cp.type = LE_SCAN_PASSIVE;
5601 param_cp.interval = cpu_to_le16(hdev->le_scan_interval); 5657 param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
@@ -5647,6 +5703,15 @@ void hci_update_background_scan(struct hci_dev *hdev)
5647 if (hdev->discovery.state != DISCOVERY_STOPPED) 5703 if (hdev->discovery.state != DISCOVERY_STOPPED)
5648 return; 5704 return;
5649 5705
5706 /* Reset RSSI and UUID filters when starting background scanning
5707 * since these filters are meant for service discovery only.
5708 *
5709 * The Start Discovery and Start Service Discovery operations
5710 * ensure to set proper values for RSSI threshold and UUID
5711 * filter list. So it is safe to just reset them here.
5712 */
5713 hci_discovery_filter_clear(hdev);
5714
5650 hci_req_init(&req, hdev); 5715 hci_req_init(&req, hdev);
5651 5716
5652 if (list_empty(&hdev->pend_le_conns) && 5717 if (list_empty(&hdev->pend_le_conns) &&
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 844f7d1ff1cd..322abbbbcef9 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -2043,13 +2043,14 @@ static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2043 data.pscan_mode = info->pscan_mode; 2043 data.pscan_mode = info->pscan_mode;
2044 memcpy(data.dev_class, info->dev_class, 3); 2044 memcpy(data.dev_class, info->dev_class, 3);
2045 data.clock_offset = info->clock_offset; 2045 data.clock_offset = info->clock_offset;
2046 data.rssi = 0x00; 2046 data.rssi = HCI_RSSI_INVALID;
2047 data.ssp_mode = 0x00; 2047 data.ssp_mode = 0x00;
2048 2048
2049 flags = hci_inquiry_cache_update(hdev, &data, false); 2049 flags = hci_inquiry_cache_update(hdev, &data, false);
2050 2050
2051 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 2051 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2052 info->dev_class, 0, flags, NULL, 0, NULL, 0); 2052 info->dev_class, HCI_RSSI_INVALID,
2053 flags, NULL, 0, NULL, 0);
2053 } 2054 }
2054 2055
2055 hci_dev_unlock(hdev); 2056 hci_dev_unlock(hdev);
@@ -3191,6 +3192,38 @@ unlock:
3191 hci_dev_unlock(hdev); 3192 hci_dev_unlock(hdev);
3192} 3193}
3193 3194
3195static void conn_set_key(struct hci_conn *conn, u8 key_type, u8 pin_len)
3196{
3197 if (key_type == HCI_LK_CHANGED_COMBINATION)
3198 return;
3199
3200 conn->pin_length = pin_len;
3201 conn->key_type = key_type;
3202
3203 switch (key_type) {
3204 case HCI_LK_LOCAL_UNIT:
3205 case HCI_LK_REMOTE_UNIT:
3206 case HCI_LK_DEBUG_COMBINATION:
3207 return;
3208 case HCI_LK_COMBINATION:
3209 if (pin_len == 16)
3210 conn->pending_sec_level = BT_SECURITY_HIGH;
3211 else
3212 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3213 break;
3214 case HCI_LK_UNAUTH_COMBINATION_P192:
3215 case HCI_LK_UNAUTH_COMBINATION_P256:
3216 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3217 break;
3218 case HCI_LK_AUTH_COMBINATION_P192:
3219 conn->pending_sec_level = BT_SECURITY_HIGH;
3220 break;
3221 case HCI_LK_AUTH_COMBINATION_P256:
3222 conn->pending_sec_level = BT_SECURITY_FIPS;
3223 break;
3224 }
3225}
3226
3194static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 3227static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3195{ 3228{
3196 struct hci_ev_link_key_req *ev = (void *) skb->data; 3229 struct hci_ev_link_key_req *ev = (void *) skb->data;
@@ -3217,6 +3250,8 @@ static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3217 3250
3218 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3251 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3219 if (conn) { 3252 if (conn) {
3253 clear_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
3254
3220 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 || 3255 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3221 key->type == HCI_LK_UNAUTH_COMBINATION_P256) && 3256 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
3222 conn->auth_type != 0xff && (conn->auth_type & 0x01)) { 3257 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
@@ -3232,8 +3267,7 @@ static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3232 goto not_found; 3267 goto not_found;
3233 } 3268 }
3234 3269
3235 conn->key_type = key->type; 3270 conn_set_key(conn, key->type, key->pin_len);
3236 conn->pin_length = key->pin_len;
3237 } 3271 }
3238 3272
3239 bacpy(&cp.bdaddr, &ev->bdaddr); 3273 bacpy(&cp.bdaddr, &ev->bdaddr);
@@ -3263,16 +3297,15 @@ static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3263 hci_dev_lock(hdev); 3297 hci_dev_lock(hdev);
3264 3298
3265 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3299 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3266 if (conn) { 3300 if (!conn)
3267 hci_conn_hold(conn); 3301 goto unlock;
3268 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3269 pin_len = conn->pin_length;
3270 3302
3271 if (ev->key_type != HCI_LK_CHANGED_COMBINATION) 3303 hci_conn_hold(conn);
3272 conn->key_type = ev->key_type; 3304 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3305 hci_conn_drop(conn);
3273 3306
3274 hci_conn_drop(conn); 3307 set_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
3275 } 3308 conn_set_key(conn, ev->key_type, conn->pin_length);
3276 3309
3277 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 3310 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3278 goto unlock; 3311 goto unlock;
@@ -3282,6 +3315,12 @@ static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3282 if (!key) 3315 if (!key)
3283 goto unlock; 3316 goto unlock;
3284 3317
3318 /* Update connection information since adding the key will have
3319 * fixed up the type in the case of changed combination keys.
3320 */
3321 if (ev->key_type == HCI_LK_CHANGED_COMBINATION)
3322 conn_set_key(conn, key->type, key->pin_len);
3323
3285 mgmt_new_link_key(hdev, key, persistent); 3324 mgmt_new_link_key(hdev, key, persistent);
3286 3325
3287 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag 3326 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
@@ -3291,15 +3330,16 @@ static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3291 */ 3330 */
3292 if (key->type == HCI_LK_DEBUG_COMBINATION && 3331 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3293 !test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) { 3332 !test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) {
3294 list_del(&key->list); 3333 list_del_rcu(&key->list);
3295 kfree(key); 3334 kfree_rcu(key, rcu);
3296 } else if (conn) { 3335 goto unlock;
3297 if (persistent)
3298 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3299 else
3300 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3301 } 3336 }
3302 3337
3338 if (persistent)
3339 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3340 else
3341 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3342
3303unlock: 3343unlock:
3304 hci_dev_unlock(hdev); 3344 hci_dev_unlock(hdev);
3305} 3345}
@@ -3734,7 +3774,7 @@ static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3734 3774
3735 cp.authentication = conn->auth_type; 3775 cp.authentication = conn->auth_type;
3736 3776
3737 if (hci_find_remote_oob_data(hdev, &conn->dst) && 3777 if (hci_find_remote_oob_data(hdev, &conn->dst, BDADDR_BREDR) &&
3738 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags))) 3778 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3739 cp.oob_data = 0x01; 3779 cp.oob_data = 0x01;
3740 else 3780 else
@@ -3989,9 +4029,9 @@ static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3989 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 4029 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3990 goto unlock; 4030 goto unlock;
3991 4031
3992 data = hci_find_remote_oob_data(hdev, &ev->bdaddr); 4032 data = hci_find_remote_oob_data(hdev, &ev->bdaddr, BDADDR_BREDR);
3993 if (data) { 4033 if (data) {
3994 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) { 4034 if (bredr_sc_enabled(hdev)) {
3995 struct hci_cp_remote_oob_ext_data_reply cp; 4035 struct hci_cp_remote_oob_ext_data_reply cp;
3996 4036
3997 bacpy(&cp.bdaddr, &ev->bdaddr); 4037 bacpy(&cp.bdaddr, &ev->bdaddr);
@@ -4386,7 +4426,8 @@ static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
4386} 4426}
4387 4427
4388static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr, 4428static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4389 u8 bdaddr_type, s8 rssi, u8 *data, u8 len) 4429 u8 bdaddr_type, bdaddr_t *direct_addr,
4430 u8 direct_addr_type, s8 rssi, u8 *data, u8 len)
4390{ 4431{
4391 struct discovery_state *d = &hdev->discovery; 4432 struct discovery_state *d = &hdev->discovery;
4392 struct smp_irk *irk; 4433 struct smp_irk *irk;
@@ -4394,6 +4435,32 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4394 bool match; 4435 bool match;
4395 u32 flags; 4436 u32 flags;
4396 4437
4438 /* If the direct address is present, then this report is from
4439 * a LE Direct Advertising Report event. In that case it is
4440 * important to see if the address is matching the local
4441 * controller address.
4442 */
4443 if (direct_addr) {
4444 /* Only resolvable random addresses are valid for these
4445 * kind of reports and others can be ignored.
4446 */
4447 if (!hci_bdaddr_is_rpa(direct_addr, direct_addr_type))
4448 return;
4449
4450 /* If the controller is not using resolvable random
4451 * addresses, then this report can be ignored.
4452 */
4453 if (!test_bit(HCI_PRIVACY, &hdev->dev_flags))
4454 return;
4455
4456 /* If the local IRK of the controller does not match
4457 * with the resolvable random address provided, then
4458 * this report can be ignored.
4459 */
4460 if (!smp_irk_matches(hdev, hdev->irk, direct_addr))
4461 return;
4462 }
4463
4397 /* Check if we need to convert to identity address */ 4464 /* Check if we need to convert to identity address */
4398 irk = hci_get_irk(hdev, bdaddr, bdaddr_type); 4465 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
4399 if (irk) { 4466 if (irk) {
@@ -4530,7 +4597,8 @@ static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
4530 4597
4531 rssi = ev->data[ev->length]; 4598 rssi = ev->data[ev->length];
4532 process_adv_report(hdev, ev->evt_type, &ev->bdaddr, 4599 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4533 ev->bdaddr_type, rssi, ev->data, ev->length); 4600 ev->bdaddr_type, NULL, 0, rssi,
4601 ev->data, ev->length);
4534 4602
4535 ptr += sizeof(*ev) + ev->length + 1; 4603 ptr += sizeof(*ev) + ev->length + 1;
4536 } 4604 }
@@ -4554,10 +4622,20 @@ static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4554 if (conn == NULL) 4622 if (conn == NULL)
4555 goto not_found; 4623 goto not_found;
4556 4624
4557 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->role); 4625 ltk = hci_find_ltk(hdev, &conn->dst, conn->dst_type, conn->role);
4558 if (ltk == NULL) 4626 if (!ltk)
4559 goto not_found; 4627 goto not_found;
4560 4628
4629 if (smp_ltk_is_sc(ltk)) {
4630 /* With SC both EDiv and Rand are set to zero */
4631 if (ev->ediv || ev->rand)
4632 goto not_found;
4633 } else {
4634 /* For non-SC keys check that EDiv and Rand match */
4635 if (ev->ediv != ltk->ediv || ev->rand != ltk->rand)
4636 goto not_found;
4637 }
4638
4561 memcpy(cp.ltk, ltk->val, sizeof(ltk->val)); 4639 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
4562 cp.handle = cpu_to_le16(conn->handle); 4640 cp.handle = cpu_to_le16(conn->handle);
4563 4641
@@ -4661,6 +4739,27 @@ static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
4661 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp); 4739 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
4662} 4740}
4663 4741
4742static void hci_le_direct_adv_report_evt(struct hci_dev *hdev,
4743 struct sk_buff *skb)
4744{
4745 u8 num_reports = skb->data[0];
4746 void *ptr = &skb->data[1];
4747
4748 hci_dev_lock(hdev);
4749
4750 while (num_reports--) {
4751 struct hci_ev_le_direct_adv_info *ev = ptr;
4752
4753 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4754 ev->bdaddr_type, &ev->direct_addr,
4755 ev->direct_addr_type, ev->rssi, NULL, 0);
4756
4757 ptr += sizeof(*ev);
4758 }
4759
4760 hci_dev_unlock(hdev);
4761}
4762
4664static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb) 4763static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
4665{ 4764{
4666 struct hci_ev_le_meta *le_ev = (void *) skb->data; 4765 struct hci_ev_le_meta *le_ev = (void *) skb->data;
@@ -4688,6 +4787,10 @@ static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
4688 hci_le_remote_conn_param_req_evt(hdev, skb); 4787 hci_le_remote_conn_param_req_evt(hdev, skb);
4689 break; 4788 break;
4690 4789
4790 case HCI_EV_LE_DIRECT_ADV_REPORT:
4791 hci_le_direct_adv_report_evt(hdev, skb);
4792 break;
4793
4691 default: 4794 default:
4692 break; 4795 break;
4693 } 4796 }
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 8e1273173020..a8da7ea9c2c0 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -46,7 +46,6 @@
46bool disable_ertm; 46bool disable_ertm;
47 47
48static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN | L2CAP_FEAT_UCD; 48static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN | L2CAP_FEAT_UCD;
49static u8 l2cap_fixed_chan[8] = { L2CAP_FC_SIG_BREDR | L2CAP_FC_CONNLESS, };
50 49
51static LIST_HEAD(chan_list); 50static LIST_HEAD(chan_list);
52static DEFINE_RWLOCK(chan_list_lock); 51static DEFINE_RWLOCK(chan_list_lock);
@@ -840,7 +839,10 @@ static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
840 if (!skb) 839 if (!skb)
841 return; 840 return;
842 841
843 if (lmp_no_flush_capable(conn->hcon->hdev)) 842 /* Use NO_FLUSH if supported or we have an LE link (which does
843 * not support auto-flushing packets) */
844 if (lmp_no_flush_capable(conn->hcon->hdev) ||
845 conn->hcon->type == LE_LINK)
844 flags = ACL_START_NO_FLUSH; 846 flags = ACL_START_NO_FLUSH;
845 else 847 else
846 flags = ACL_START; 848 flags = ACL_START;
@@ -874,8 +876,13 @@ static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
874 return; 876 return;
875 } 877 }
876 878
877 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) && 879 /* Use NO_FLUSH for LE links (where this is the only option) or
878 lmp_no_flush_capable(hcon->hdev)) 880 * if the BR/EDR link supports it and flushing has not been
881 * explicitly requested (through FLAG_FLUSHABLE).
882 */
883 if (hcon->type == LE_LINK ||
884 (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
885 lmp_no_flush_capable(hcon->hdev)))
879 flags = ACL_START_NO_FLUSH; 886 flags = ACL_START_NO_FLUSH;
880 else 887 else
881 flags = ACL_START; 888 flags = ACL_START;
@@ -1112,10 +1119,10 @@ static bool __amp_capable(struct l2cap_chan *chan)
1112 struct hci_dev *hdev; 1119 struct hci_dev *hdev;
1113 bool amp_available = false; 1120 bool amp_available = false;
1114 1121
1115 if (!conn->hs_enabled) 1122 if (!(conn->local_fixed_chan & L2CAP_FC_A2MP))
1116 return false; 1123 return false;
1117 1124
1118 if (!(conn->fixed_chan_mask & L2CAP_FC_A2MP)) 1125 if (!(conn->remote_fixed_chan & L2CAP_FC_A2MP))
1119 return false; 1126 return false;
1120 1127
1121 read_lock(&hci_dev_list_lock); 1128 read_lock(&hci_dev_list_lock);
@@ -3088,12 +3095,14 @@ static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
3088 3095
3089static inline bool __l2cap_ews_supported(struct l2cap_conn *conn) 3096static inline bool __l2cap_ews_supported(struct l2cap_conn *conn)
3090{ 3097{
3091 return conn->hs_enabled && conn->feat_mask & L2CAP_FEAT_EXT_WINDOW; 3098 return ((conn->local_fixed_chan & L2CAP_FC_A2MP) &&
3099 (conn->feat_mask & L2CAP_FEAT_EXT_WINDOW));
3092} 3100}
3093 3101
3094static inline bool __l2cap_efs_supported(struct l2cap_conn *conn) 3102static inline bool __l2cap_efs_supported(struct l2cap_conn *conn)
3095{ 3103{
3096 return conn->hs_enabled && conn->feat_mask & L2CAP_FEAT_EXT_FLOW; 3104 return ((conn->local_fixed_chan & L2CAP_FC_A2MP) &&
3105 (conn->feat_mask & L2CAP_FEAT_EXT_FLOW));
3097} 3106}
3098 3107
3099static void __l2cap_set_ertm_timeouts(struct l2cap_chan *chan, 3108static void __l2cap_set_ertm_timeouts(struct l2cap_chan *chan,
@@ -3322,7 +3331,7 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
3322 break; 3331 break;
3323 3332
3324 case L2CAP_CONF_EWS: 3333 case L2CAP_CONF_EWS:
3325 if (!chan->conn->hs_enabled) 3334 if (!(chan->conn->local_fixed_chan & L2CAP_FC_A2MP))
3326 return -ECONNREFUSED; 3335 return -ECONNREFUSED;
3327 3336
3328 set_bit(FLAG_EXT_CTRL, &chan->flags); 3337 set_bit(FLAG_EXT_CTRL, &chan->flags);
@@ -4326,7 +4335,7 @@ static inline int l2cap_information_req(struct l2cap_conn *conn,
4326 if (!disable_ertm) 4335 if (!disable_ertm)
4327 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING 4336 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
4328 | L2CAP_FEAT_FCS; 4337 | L2CAP_FEAT_FCS;
4329 if (conn->hs_enabled) 4338 if (conn->local_fixed_chan & L2CAP_FC_A2MP)
4330 feat_mask |= L2CAP_FEAT_EXT_FLOW 4339 feat_mask |= L2CAP_FEAT_EXT_FLOW
4331 | L2CAP_FEAT_EXT_WINDOW; 4340 | L2CAP_FEAT_EXT_WINDOW;
4332 4341
@@ -4337,14 +4346,10 @@ static inline int l2cap_information_req(struct l2cap_conn *conn,
4337 u8 buf[12]; 4346 u8 buf[12];
4338 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf; 4347 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
4339 4348
4340 if (conn->hs_enabled)
4341 l2cap_fixed_chan[0] |= L2CAP_FC_A2MP;
4342 else
4343 l2cap_fixed_chan[0] &= ~L2CAP_FC_A2MP;
4344
4345 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN); 4349 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
4346 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS); 4350 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
4347 memcpy(rsp->data, l2cap_fixed_chan, sizeof(l2cap_fixed_chan)); 4351 rsp->data[0] = conn->local_fixed_chan;
4352 memset(rsp->data + 1, 0, 7);
4348 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(buf), 4353 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(buf),
4349 buf); 4354 buf);
4350 } else { 4355 } else {
@@ -4410,7 +4415,7 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn,
4410 break; 4415 break;
4411 4416
4412 case L2CAP_IT_FIXED_CHAN: 4417 case L2CAP_IT_FIXED_CHAN:
4413 conn->fixed_chan_mask = rsp->data[0]; 4418 conn->remote_fixed_chan = rsp->data[0];
4414 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; 4419 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
4415 conn->info_ident = 0; 4420 conn->info_ident = 0;
4416 4421
@@ -4434,7 +4439,7 @@ static int l2cap_create_channel_req(struct l2cap_conn *conn,
4434 if (cmd_len != sizeof(*req)) 4439 if (cmd_len != sizeof(*req))
4435 return -EPROTO; 4440 return -EPROTO;
4436 4441
4437 if (!conn->hs_enabled) 4442 if (!(conn->local_fixed_chan & L2CAP_FC_A2MP))
4438 return -EINVAL; 4443 return -EINVAL;
4439 4444
4440 psm = le16_to_cpu(req->psm); 4445 psm = le16_to_cpu(req->psm);
@@ -4864,7 +4869,7 @@ static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
4864 4869
4865 BT_DBG("icid 0x%4.4x, dest_amp_id %d", icid, req->dest_amp_id); 4870 BT_DBG("icid 0x%4.4x, dest_amp_id %d", icid, req->dest_amp_id);
4866 4871
4867 if (!conn->hs_enabled) 4872 if (!(conn->local_fixed_chan & L2CAP_FC_A2MP))
4868 return -EINVAL; 4873 return -EINVAL;
4869 4874
4870 chan = l2cap_get_chan_by_dcid(conn, icid); 4875 chan = l2cap_get_chan_by_dcid(conn, icid);
@@ -6956,9 +6961,15 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon)
6956 6961
6957 conn->feat_mask = 0; 6962 conn->feat_mask = 0;
6958 6963
6959 if (hcon->type == ACL_LINK) 6964 conn->local_fixed_chan = L2CAP_FC_SIG_BREDR | L2CAP_FC_CONNLESS;
6960 conn->hs_enabled = test_bit(HCI_HS_ENABLED, 6965
6961 &hcon->hdev->dev_flags); 6966 if (hcon->type == ACL_LINK &&
6967 test_bit(HCI_HS_ENABLED, &hcon->hdev->dev_flags))
6968 conn->local_fixed_chan |= L2CAP_FC_A2MP;
6969
6970 if (bredr_sc_enabled(hcon->hdev) &&
6971 test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
6972 conn->local_fixed_chan |= L2CAP_FC_SMP_BREDR;
6962 6973
6963 mutex_init(&conn->ident_lock); 6974 mutex_init(&conn->ident_lock);
6964 mutex_init(&conn->chan_lock); 6975 mutex_init(&conn->chan_lock);
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index f3e4a16fb157..7384f1161336 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -35,7 +35,7 @@
35#include "smp.h" 35#include "smp.h"
36 36
37#define MGMT_VERSION 1 37#define MGMT_VERSION 1
38#define MGMT_REVISION 7 38#define MGMT_REVISION 8
39 39
40static const u16 mgmt_commands[] = { 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST, 41 MGMT_OP_READ_INDEX_LIST,
@@ -93,6 +93,7 @@ static const u16 mgmt_commands[] = {
93 MGMT_OP_READ_CONFIG_INFO, 93 MGMT_OP_READ_CONFIG_INFO,
94 MGMT_OP_SET_EXTERNAL_CONFIG, 94 MGMT_OP_SET_EXTERNAL_CONFIG,
95 MGMT_OP_SET_PUBLIC_ADDRESS, 95 MGMT_OP_SET_PUBLIC_ADDRESS,
96 MGMT_OP_START_SERVICE_DISCOVERY,
96}; 97};
97 98
98static const u16 mgmt_events[] = { 99static const u16 mgmt_events[] = {
@@ -134,8 +135,10 @@ struct pending_cmd {
134 u16 opcode; 135 u16 opcode;
135 int index; 136 int index;
136 void *param; 137 void *param;
138 size_t param_len;
137 struct sock *sk; 139 struct sock *sk;
138 void *user_data; 140 void *user_data;
141 void (*cmd_complete)(struct pending_cmd *cmd, u8 status);
139}; 142};
140 143
141/* HCI to MGMT error code conversion table */ 144/* HCI to MGMT error code conversion table */
@@ -574,6 +577,7 @@ static u32 get_supported_settings(struct hci_dev *hdev)
574 if (lmp_le_capable(hdev)) { 577 if (lmp_le_capable(hdev)) {
575 settings |= MGMT_SETTING_LE; 578 settings |= MGMT_SETTING_LE;
576 settings |= MGMT_SETTING_ADVERTISING; 579 settings |= MGMT_SETTING_ADVERTISING;
580 settings |= MGMT_SETTING_SECURE_CONN;
577 settings |= MGMT_SETTING_PRIVACY; 581 settings |= MGMT_SETTING_PRIVACY;
578 } 582 }
579 583
@@ -1202,14 +1206,13 @@ static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1202 cmd->opcode = opcode; 1206 cmd->opcode = opcode;
1203 cmd->index = hdev->id; 1207 cmd->index = hdev->id;
1204 1208
1205 cmd->param = kmalloc(len, GFP_KERNEL); 1209 cmd->param = kmemdup(data, len, GFP_KERNEL);
1206 if (!cmd->param) { 1210 if (!cmd->param) {
1207 kfree(cmd); 1211 kfree(cmd);
1208 return NULL; 1212 return NULL;
1209 } 1213 }
1210 1214
1211 if (data) 1215 cmd->param_len = len;
1212 memcpy(cmd->param, data, len);
1213 1216
1214 cmd->sk = sk; 1217 cmd->sk = sk;
1215 sock_hold(sk); 1218 sock_hold(sk);
@@ -1469,6 +1472,32 @@ static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1469 mgmt_pending_remove(cmd); 1472 mgmt_pending_remove(cmd);
1470} 1473}
1471 1474
1475static void cmd_complete_rsp(struct pending_cmd *cmd, void *data)
1476{
1477 if (cmd->cmd_complete) {
1478 u8 *status = data;
1479
1480 cmd->cmd_complete(cmd, *status);
1481 mgmt_pending_remove(cmd);
1482
1483 return;
1484 }
1485
1486 cmd_status_rsp(cmd, data);
1487}
1488
1489static void generic_cmd_complete(struct pending_cmd *cmd, u8 status)
1490{
1491 cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param,
1492 cmd->param_len);
1493}
1494
1495static void addr_cmd_complete(struct pending_cmd *cmd, u8 status)
1496{
1497 cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param,
1498 sizeof(struct mgmt_addr_info));
1499}
1500
1472static u8 mgmt_bredr_support(struct hci_dev *hdev) 1501static u8 mgmt_bredr_support(struct hci_dev *hdev)
1473{ 1502{
1474 if (!lmp_bredr_capable(hdev)) 1503 if (!lmp_bredr_capable(hdev))
@@ -2792,6 +2821,8 @@ static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2792 goto unlock; 2821 goto unlock;
2793 } 2822 }
2794 2823
2824 cmd->cmd_complete = addr_cmd_complete;
2825
2795 dc.handle = cpu_to_le16(conn->handle); 2826 dc.handle = cpu_to_le16(conn->handle);
2796 dc.reason = 0x13; /* Remote User Terminated Connection */ 2827 dc.reason = 0x13; /* Remote User Terminated Connection */
2797 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 2828 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
@@ -2855,6 +2886,8 @@ static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2855 goto failed; 2886 goto failed;
2856 } 2887 }
2857 2888
2889 cmd->cmd_complete = generic_cmd_complete;
2890
2858 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM); 2891 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2859 if (err < 0) 2892 if (err < 0)
2860 mgmt_pending_remove(cmd); 2893 mgmt_pending_remove(cmd);
@@ -3007,6 +3040,8 @@ static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3007 goto failed; 3040 goto failed;
3008 } 3041 }
3009 3042
3043 cmd->cmd_complete = addr_cmd_complete;
3044
3010 bacpy(&reply.bdaddr, &cp->addr.bdaddr); 3045 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3011 reply.pin_len = cp->pin_len; 3046 reply.pin_len = cp->pin_len;
3012 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 3047 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
@@ -3096,7 +3131,7 @@ void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3096 3131
3097 cmd = find_pairing(conn); 3132 cmd = find_pairing(conn);
3098 if (cmd) 3133 if (cmd)
3099 pairing_complete(cmd, status); 3134 cmd->cmd_complete(cmd, status);
3100} 3135}
3101 3136
3102static void pairing_complete_cb(struct hci_conn *conn, u8 status) 3137static void pairing_complete_cb(struct hci_conn *conn, u8 status)
@@ -3109,7 +3144,7 @@ static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3109 if (!cmd) 3144 if (!cmd)
3110 BT_DBG("Unable to find a pending command"); 3145 BT_DBG("Unable to find a pending command");
3111 else 3146 else
3112 pairing_complete(cmd, mgmt_status(status)); 3147 cmd->cmd_complete(cmd, mgmt_status(status));
3113} 3148}
3114 3149
3115static void le_pairing_complete_cb(struct hci_conn *conn, u8 status) 3150static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
@@ -3125,7 +3160,7 @@ static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3125 if (!cmd) 3160 if (!cmd)
3126 BT_DBG("Unable to find a pending command"); 3161 BT_DBG("Unable to find a pending command");
3127 else 3162 else
3128 pairing_complete(cmd, mgmt_status(status)); 3163 cmd->cmd_complete(cmd, mgmt_status(status));
3129} 3164}
3130 3165
3131static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 3166static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
@@ -3222,6 +3257,8 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3222 goto unlock; 3257 goto unlock;
3223 } 3258 }
3224 3259
3260 cmd->cmd_complete = pairing_complete;
3261
3225 /* For LE, just connecting isn't a proof that the pairing finished */ 3262 /* For LE, just connecting isn't a proof that the pairing finished */
3226 if (cp->addr.type == BDADDR_BREDR) { 3263 if (cp->addr.type == BDADDR_BREDR) {
3227 conn->connect_cfm_cb = pairing_complete_cb; 3264 conn->connect_cfm_cb = pairing_complete_cb;
@@ -3338,6 +3375,8 @@ static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3338 goto done; 3375 goto done;
3339 } 3376 }
3340 3377
3378 cmd->cmd_complete = addr_cmd_complete;
3379
3341 /* Continue with pairing via HCI */ 3380 /* Continue with pairing via HCI */
3342 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) { 3381 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3343 struct hci_cp_user_passkey_reply cp; 3382 struct hci_cp_user_passkey_reply cp;
@@ -3562,7 +3601,7 @@ static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3562 goto unlock; 3601 goto unlock;
3563 } 3602 }
3564 3603
3565 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) 3604 if (bredr_sc_enabled(hdev))
3566 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 3605 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3567 0, NULL); 3606 0, NULL);
3568 else 3607 else
@@ -3598,7 +3637,8 @@ static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3598 } 3637 }
3599 3638
3600 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 3639 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3601 cp->hash, cp->rand); 3640 cp->addr.type, cp->hash,
3641 cp->rand, NULL, NULL);
3602 if (err < 0) 3642 if (err < 0)
3603 status = MGMT_STATUS_FAILED; 3643 status = MGMT_STATUS_FAILED;
3604 else 3644 else
@@ -3608,6 +3648,7 @@ static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3608 status, &cp->addr, sizeof(cp->addr)); 3648 status, &cp->addr, sizeof(cp->addr));
3609 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) { 3649 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3610 struct mgmt_cp_add_remote_oob_ext_data *cp = data; 3650 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3651 u8 *rand192, *hash192;
3611 u8 status; 3652 u8 status;
3612 3653
3613 if (cp->addr.type != BDADDR_BREDR) { 3654 if (cp->addr.type != BDADDR_BREDR) {
@@ -3618,9 +3659,17 @@ static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3618 goto unlock; 3659 goto unlock;
3619 } 3660 }
3620 3661
3621 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr, 3662 if (bdaddr_type_is_le(cp->addr.type)) {
3622 cp->hash192, cp->rand192, 3663 rand192 = NULL;
3623 cp->hash256, cp->rand256); 3664 hash192 = NULL;
3665 } else {
3666 rand192 = cp->rand192;
3667 hash192 = cp->hash192;
3668 }
3669
3670 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3671 cp->addr.type, hash192, rand192,
3672 cp->hash256, cp->rand256);
3624 if (err < 0) 3673 if (err < 0)
3625 status = MGMT_STATUS_FAILED; 3674 status = MGMT_STATUS_FAILED;
3626 else 3675 else
@@ -3661,7 +3710,7 @@ static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3661 goto done; 3710 goto done;
3662 } 3711 }
3663 3712
3664 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr); 3713 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3665 if (err < 0) 3714 if (err < 0)
3666 status = MGMT_STATUS_INVALID_PARAMS; 3715 status = MGMT_STATUS_INVALID_PARAMS;
3667 else 3716 else
@@ -3675,64 +3724,150 @@ done:
3675 return err; 3724 return err;
3676} 3725}
3677 3726
3678static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status) 3727static bool trigger_discovery(struct hci_request *req, u8 *status)
3679{ 3728{
3680 struct pending_cmd *cmd; 3729 struct hci_dev *hdev = req->hdev;
3681 u8 type; 3730 struct hci_cp_le_set_scan_param param_cp;
3731 struct hci_cp_le_set_scan_enable enable_cp;
3732 struct hci_cp_inquiry inq_cp;
3733 /* General inquiry access code (GIAC) */
3734 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3735 u8 own_addr_type;
3682 int err; 3736 int err;
3683 3737
3684 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 3738 switch (hdev->discovery.type) {
3739 case DISCOV_TYPE_BREDR:
3740 *status = mgmt_bredr_support(hdev);
3741 if (*status)
3742 return false;
3685 3743
3686 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev); 3744 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3687 if (!cmd) 3745 *status = MGMT_STATUS_BUSY;
3688 return -ENOENT; 3746 return false;
3747 }
3689 3748
3690 type = hdev->discovery.type; 3749 hci_inquiry_cache_flush(hdev);
3691 3750
3692 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status), 3751 memset(&inq_cp, 0, sizeof(inq_cp));
3693 &type, sizeof(type)); 3752 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3694 mgmt_pending_remove(cmd); 3753 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3754 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3755 break;
3695 3756
3696 return err; 3757 case DISCOV_TYPE_LE:
3758 case DISCOV_TYPE_INTERLEAVED:
3759 *status = mgmt_le_support(hdev);
3760 if (*status)
3761 return false;
3762
3763 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3764 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3765 *status = MGMT_STATUS_NOT_SUPPORTED;
3766 return false;
3767 }
3768
3769 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3770 /* Don't let discovery abort an outgoing
3771 * connection attempt that's using directed
3772 * advertising.
3773 */
3774 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3775 BT_CONNECT)) {
3776 *status = MGMT_STATUS_REJECTED;
3777 return false;
3778 }
3779
3780 disable_advertising(req);
3781 }
3782
3783 /* If controller is scanning, it means the background scanning
3784 * is running. Thus, we should temporarily stop it in order to
3785 * set the discovery scanning parameters.
3786 */
3787 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3788 hci_req_add_le_scan_disable(req);
3789
3790 memset(&param_cp, 0, sizeof(param_cp));
3791
3792 /* All active scans will be done with either a resolvable
3793 * private address (when privacy feature has been enabled)
3794 * or unresolvable private address.
3795 */
3796 err = hci_update_random_address(req, true, &own_addr_type);
3797 if (err < 0) {
3798 *status = MGMT_STATUS_FAILED;
3799 return false;
3800 }
3801
3802 param_cp.type = LE_SCAN_ACTIVE;
3803 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3804 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3805 param_cp.own_address_type = own_addr_type;
3806 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3807 &param_cp);
3808
3809 memset(&enable_cp, 0, sizeof(enable_cp));
3810 enable_cp.enable = LE_SCAN_ENABLE;
3811 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3812 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3813 &enable_cp);
3814 break;
3815
3816 default:
3817 *status = MGMT_STATUS_INVALID_PARAMS;
3818 return false;
3819 }
3820
3821 return true;
3697} 3822}
3698 3823
3699static void start_discovery_complete(struct hci_dev *hdev, u8 status) 3824static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3700{ 3825{
3701 unsigned long timeout = 0; 3826 struct pending_cmd *cmd;
3827 unsigned long timeout;
3702 3828
3703 BT_DBG("status %d", status); 3829 BT_DBG("status %d", status);
3704 3830
3831 hci_dev_lock(hdev);
3832
3833 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3834 if (!cmd)
3835 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3836
3837 if (cmd) {
3838 cmd->cmd_complete(cmd, mgmt_status(status));
3839 mgmt_pending_remove(cmd);
3840 }
3841
3705 if (status) { 3842 if (status) {
3706 hci_dev_lock(hdev); 3843 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3707 mgmt_start_discovery_failed(hdev, status); 3844 goto unlock;
3708 hci_dev_unlock(hdev);
3709 return;
3710 } 3845 }
3711 3846
3712 hci_dev_lock(hdev);
3713 hci_discovery_set_state(hdev, DISCOVERY_FINDING); 3847 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3714 hci_dev_unlock(hdev);
3715 3848
3716 switch (hdev->discovery.type) { 3849 switch (hdev->discovery.type) {
3717 case DISCOV_TYPE_LE: 3850 case DISCOV_TYPE_LE:
3718 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT); 3851 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3719 break; 3852 break;
3720
3721 case DISCOV_TYPE_INTERLEAVED: 3853 case DISCOV_TYPE_INTERLEAVED:
3722 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout); 3854 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
3723 break; 3855 break;
3724
3725 case DISCOV_TYPE_BREDR: 3856 case DISCOV_TYPE_BREDR:
3857 timeout = 0;
3726 break; 3858 break;
3727
3728 default: 3859 default:
3729 BT_ERR("Invalid discovery type %d", hdev->discovery.type); 3860 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3861 timeout = 0;
3862 break;
3730 } 3863 }
3731 3864
3732 if (!timeout) 3865 if (timeout)
3733 return; 3866 queue_delayed_work(hdev->workqueue,
3867 &hdev->le_scan_disable, timeout);
3734 3868
3735 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout); 3869unlock:
3870 hci_dev_unlock(hdev);
3736} 3871}
3737 3872
3738static int start_discovery(struct sock *sk, struct hci_dev *hdev, 3873static int start_discovery(struct sock *sk, struct hci_dev *hdev,
@@ -3740,13 +3875,8 @@ static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3740{ 3875{
3741 struct mgmt_cp_start_discovery *cp = data; 3876 struct mgmt_cp_start_discovery *cp = data;
3742 struct pending_cmd *cmd; 3877 struct pending_cmd *cmd;
3743 struct hci_cp_le_set_scan_param param_cp;
3744 struct hci_cp_le_set_scan_enable enable_cp;
3745 struct hci_cp_inquiry inq_cp;
3746 struct hci_request req; 3878 struct hci_request req;
3747 /* General inquiry access code (GIAC) */ 3879 u8 status;
3748 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3749 u8 status, own_addr_type;
3750 int err; 3880 int err;
3751 3881
3752 BT_DBG("%s", hdev->name); 3882 BT_DBG("%s", hdev->name);
@@ -3760,184 +3890,182 @@ static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3760 goto failed; 3890 goto failed;
3761 } 3891 }
3762 3892
3763 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) { 3893 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3894 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3764 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY, 3895 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3765 MGMT_STATUS_BUSY, &cp->type, 3896 MGMT_STATUS_BUSY, &cp->type,
3766 sizeof(cp->type)); 3897 sizeof(cp->type));
3767 goto failed; 3898 goto failed;
3768 } 3899 }
3769 3900
3770 if (hdev->discovery.state != DISCOVERY_STOPPED) { 3901 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
3771 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3772 MGMT_STATUS_BUSY, &cp->type,
3773 sizeof(cp->type));
3774 goto failed;
3775 }
3776
3777 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
3778 if (!cmd) { 3902 if (!cmd) {
3779 err = -ENOMEM; 3903 err = -ENOMEM;
3780 goto failed; 3904 goto failed;
3781 } 3905 }
3782 3906
3907 cmd->cmd_complete = generic_cmd_complete;
3908
3909 /* Clear the discovery filter first to free any previously
3910 * allocated memory for the UUID list.
3911 */
3912 hci_discovery_filter_clear(hdev);
3913
3783 hdev->discovery.type = cp->type; 3914 hdev->discovery.type = cp->type;
3915 hdev->discovery.report_invalid_rssi = false;
3784 3916
3785 hci_req_init(&req, hdev); 3917 hci_req_init(&req, hdev);
3786 3918
3787 switch (hdev->discovery.type) { 3919 if (!trigger_discovery(&req, &status)) {
3788 case DISCOV_TYPE_BREDR: 3920 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3789 status = mgmt_bredr_support(hdev); 3921 status, &cp->type, sizeof(cp->type));
3790 if (status) { 3922 mgmt_pending_remove(cmd);
3791 err = cmd_complete(sk, hdev->id, 3923 goto failed;
3792 MGMT_OP_START_DISCOVERY, status, 3924 }
3793 &cp->type, sizeof(cp->type));
3794 mgmt_pending_remove(cmd);
3795 goto failed;
3796 }
3797 3925
3798 if (test_bit(HCI_INQUIRY, &hdev->flags)) { 3926 err = hci_req_run(&req, start_discovery_complete);
3799 err = cmd_complete(sk, hdev->id, 3927 if (err < 0) {
3800 MGMT_OP_START_DISCOVERY, 3928 mgmt_pending_remove(cmd);
3801 MGMT_STATUS_BUSY, &cp->type, 3929 goto failed;
3802 sizeof(cp->type)); 3930 }
3803 mgmt_pending_remove(cmd);
3804 goto failed;
3805 }
3806 3931
3807 hci_inquiry_cache_flush(hdev); 3932 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3808 3933
3809 memset(&inq_cp, 0, sizeof(inq_cp)); 3934failed:
3810 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap)); 3935 hci_dev_unlock(hdev);
3811 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN; 3936 return err;
3812 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp); 3937}
3813 break;
3814 3938
3815 case DISCOV_TYPE_LE: 3939static void service_discovery_cmd_complete(struct pending_cmd *cmd, u8 status)
3816 case DISCOV_TYPE_INTERLEAVED: 3940{
3817 status = mgmt_le_support(hdev); 3941 cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param, 1);
3818 if (status) { 3942}
3819 err = cmd_complete(sk, hdev->id,
3820 MGMT_OP_START_DISCOVERY, status,
3821 &cp->type, sizeof(cp->type));
3822 mgmt_pending_remove(cmd);
3823 goto failed;
3824 }
3825 3943
3826 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED && 3944static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3827 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) { 3945 void *data, u16 len)
3828 err = cmd_complete(sk, hdev->id, 3946{
3829 MGMT_OP_START_DISCOVERY, 3947 struct mgmt_cp_start_service_discovery *cp = data;
3830 MGMT_STATUS_NOT_SUPPORTED, 3948 struct pending_cmd *cmd;
3831 &cp->type, sizeof(cp->type)); 3949 struct hci_request req;
3832 mgmt_pending_remove(cmd); 3950 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3833 goto failed; 3951 u16 uuid_count, expected_len;
3834 } 3952 u8 status;
3953 int err;
3835 3954
3836 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) { 3955 BT_DBG("%s", hdev->name);
3837 /* Don't let discovery abort an outgoing
3838 * connection attempt that's using directed
3839 * advertising.
3840 */
3841 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3842 BT_CONNECT)) {
3843 err = cmd_complete(sk, hdev->id,
3844 MGMT_OP_START_DISCOVERY,
3845 MGMT_STATUS_REJECTED,
3846 &cp->type,
3847 sizeof(cp->type));
3848 mgmt_pending_remove(cmd);
3849 goto failed;
3850 }
3851 3956
3852 disable_advertising(&req); 3957 hci_dev_lock(hdev);
3853 }
3854 3958
3855 /* If controller is scanning, it means the background scanning 3959 if (!hdev_is_powered(hdev)) {
3856 * is running. Thus, we should temporarily stop it in order to 3960 err = cmd_complete(sk, hdev->id,
3857 * set the discovery scanning parameters. 3961 MGMT_OP_START_SERVICE_DISCOVERY,
3858 */ 3962 MGMT_STATUS_NOT_POWERED,
3859 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) 3963 &cp->type, sizeof(cp->type));
3860 hci_req_add_le_scan_disable(&req); 3964 goto failed;
3965 }
3861 3966
3862 memset(&param_cp, 0, sizeof(param_cp)); 3967 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3968 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3969 err = cmd_complete(sk, hdev->id,
3970 MGMT_OP_START_SERVICE_DISCOVERY,
3971 MGMT_STATUS_BUSY, &cp->type,
3972 sizeof(cp->type));
3973 goto failed;
3974 }
3863 3975
3864 /* All active scans will be done with either a resolvable 3976 uuid_count = __le16_to_cpu(cp->uuid_count);
3865 * private address (when privacy feature has been enabled) 3977 if (uuid_count > max_uuid_count) {
3866 * or unresolvable private address. 3978 BT_ERR("service_discovery: too big uuid_count value %u",
3867 */ 3979 uuid_count);
3868 err = hci_update_random_address(&req, true, &own_addr_type); 3980 err = cmd_complete(sk, hdev->id,
3869 if (err < 0) { 3981 MGMT_OP_START_SERVICE_DISCOVERY,
3982 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3983 sizeof(cp->type));
3984 goto failed;
3985 }
3986
3987 expected_len = sizeof(*cp) + uuid_count * 16;
3988 if (expected_len != len) {
3989 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
3990 expected_len, len);
3991 err = cmd_complete(sk, hdev->id,
3992 MGMT_OP_START_SERVICE_DISCOVERY,
3993 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3994 sizeof(cp->type));
3995 goto failed;
3996 }
3997
3998 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
3999 hdev, data, len);
4000 if (!cmd) {
4001 err = -ENOMEM;
4002 goto failed;
4003 }
4004
4005 cmd->cmd_complete = service_discovery_cmd_complete;
4006
4007 /* Clear the discovery filter first to free any previously
4008 * allocated memory for the UUID list.
4009 */
4010 hci_discovery_filter_clear(hdev);
4011
4012 hdev->discovery.type = cp->type;
4013 hdev->discovery.rssi = cp->rssi;
4014 hdev->discovery.uuid_count = uuid_count;
4015
4016 if (uuid_count > 0) {
4017 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4018 GFP_KERNEL);
4019 if (!hdev->discovery.uuids) {
3870 err = cmd_complete(sk, hdev->id, 4020 err = cmd_complete(sk, hdev->id,
3871 MGMT_OP_START_DISCOVERY, 4021 MGMT_OP_START_SERVICE_DISCOVERY,
3872 MGMT_STATUS_FAILED, 4022 MGMT_STATUS_FAILED,
3873 &cp->type, sizeof(cp->type)); 4023 &cp->type, sizeof(cp->type));
3874 mgmt_pending_remove(cmd); 4024 mgmt_pending_remove(cmd);
3875 goto failed; 4025 goto failed;
3876 } 4026 }
4027 }
3877 4028
3878 param_cp.type = LE_SCAN_ACTIVE; 4029 hci_req_init(&req, hdev);
3879 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3880 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3881 param_cp.own_address_type = own_addr_type;
3882 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3883 &param_cp);
3884
3885 memset(&enable_cp, 0, sizeof(enable_cp));
3886 enable_cp.enable = LE_SCAN_ENABLE;
3887 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3888 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3889 &enable_cp);
3890 break;
3891 4030
3892 default: 4031 if (!trigger_discovery(&req, &status)) {
3893 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY, 4032 err = cmd_complete(sk, hdev->id,
3894 MGMT_STATUS_INVALID_PARAMS, 4033 MGMT_OP_START_SERVICE_DISCOVERY,
3895 &cp->type, sizeof(cp->type)); 4034 status, &cp->type, sizeof(cp->type));
3896 mgmt_pending_remove(cmd); 4035 mgmt_pending_remove(cmd);
3897 goto failed; 4036 goto failed;
3898 } 4037 }
3899 4038
3900 err = hci_req_run(&req, start_discovery_complete); 4039 err = hci_req_run(&req, start_discovery_complete);
3901 if (err < 0) 4040 if (err < 0) {
3902 mgmt_pending_remove(cmd); 4041 mgmt_pending_remove(cmd);
3903 else 4042 goto failed;
3904 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 4043 }
4044
4045 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3905 4046
3906failed: 4047failed:
3907 hci_dev_unlock(hdev); 4048 hci_dev_unlock(hdev);
3908 return err; 4049 return err;
3909} 4050}
3910 4051
3911static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status) 4052static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3912{ 4053{
3913 struct pending_cmd *cmd; 4054 struct pending_cmd *cmd;
3914 int err;
3915 4055
3916 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3917 if (!cmd)
3918 return -ENOENT;
3919
3920 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3921 &hdev->discovery.type, sizeof(hdev->discovery.type));
3922 mgmt_pending_remove(cmd);
3923
3924 return err;
3925}
3926
3927static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3928{
3929 BT_DBG("status %d", status); 4056 BT_DBG("status %d", status);
3930 4057
3931 hci_dev_lock(hdev); 4058 hci_dev_lock(hdev);
3932 4059
3933 if (status) { 4060 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3934 mgmt_stop_discovery_failed(hdev, status); 4061 if (cmd) {
3935 goto unlock; 4062 cmd->cmd_complete(cmd, mgmt_status(status));
4063 mgmt_pending_remove(cmd);
3936 } 4064 }
3937 4065
3938 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 4066 if (!status)
4067 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3939 4068
3940unlock:
3941 hci_dev_unlock(hdev); 4069 hci_dev_unlock(hdev);
3942} 4070}
3943 4071
@@ -3967,12 +4095,14 @@ static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3967 goto unlock; 4095 goto unlock;
3968 } 4096 }
3969 4097
3970 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0); 4098 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
3971 if (!cmd) { 4099 if (!cmd) {
3972 err = -ENOMEM; 4100 err = -ENOMEM;
3973 goto unlock; 4101 goto unlock;
3974 } 4102 }
3975 4103
4104 cmd->cmd_complete = generic_cmd_complete;
4105
3976 hci_req_init(&req, hdev); 4106 hci_req_init(&req, hdev);
3977 4107
3978 hci_stop_discovery(&req); 4108 hci_stop_discovery(&req);
@@ -4572,18 +4702,13 @@ static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4572{ 4702{
4573 struct mgmt_mode *cp = data; 4703 struct mgmt_mode *cp = data;
4574 struct pending_cmd *cmd; 4704 struct pending_cmd *cmd;
4575 u8 val, status; 4705 u8 val;
4576 int err; 4706 int err;
4577 4707
4578 BT_DBG("request for %s", hdev->name); 4708 BT_DBG("request for %s", hdev->name);
4579 4709
4580 status = mgmt_bredr_support(hdev); 4710 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4581 if (status) 4711 !lmp_sc_capable(hdev) && !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
4582 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4583 status);
4584
4585 if (!lmp_sc_capable(hdev) &&
4586 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
4587 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4712 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4588 MGMT_STATUS_NOT_SUPPORTED); 4713 MGMT_STATUS_NOT_SUPPORTED);
4589 4714
@@ -4593,7 +4718,10 @@ static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4593 4718
4594 hci_dev_lock(hdev); 4719 hci_dev_lock(hdev);
4595 4720
4596 if (!hdev_is_powered(hdev)) { 4721 if (!hdev_is_powered(hdev) ||
4722 (!lmp_sc_capable(hdev) &&
4723 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags)) ||
4724 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4597 bool changed; 4725 bool changed;
4598 4726
4599 if (cp->val) { 4727 if (cp->val) {
@@ -4910,18 +5038,26 @@ static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4910 else 5038 else
4911 addr_type = ADDR_LE_DEV_RANDOM; 5039 addr_type = ADDR_LE_DEV_RANDOM;
4912 5040
4913 if (key->master)
4914 type = SMP_LTK;
4915 else
4916 type = SMP_LTK_SLAVE;
4917
4918 switch (key->type) { 5041 switch (key->type) {
4919 case MGMT_LTK_UNAUTHENTICATED: 5042 case MGMT_LTK_UNAUTHENTICATED:
4920 authenticated = 0x00; 5043 authenticated = 0x00;
5044 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4921 break; 5045 break;
4922 case MGMT_LTK_AUTHENTICATED: 5046 case MGMT_LTK_AUTHENTICATED:
4923 authenticated = 0x01; 5047 authenticated = 0x01;
5048 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5049 break;
5050 case MGMT_LTK_P256_UNAUTH:
5051 authenticated = 0x00;
5052 type = SMP_LTK_P256;
4924 break; 5053 break;
5054 case MGMT_LTK_P256_AUTH:
5055 authenticated = 0x01;
5056 type = SMP_LTK_P256;
5057 break;
5058 case MGMT_LTK_P256_DEBUG:
5059 authenticated = 0x00;
5060 type = SMP_LTK_P256_DEBUG;
4925 default: 5061 default:
4926 continue; 5062 continue;
4927 } 5063 }
@@ -4939,67 +5075,42 @@ static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4939 return err; 5075 return err;
4940} 5076}
4941 5077
4942struct cmd_conn_lookup { 5078static void conn_info_cmd_complete(struct pending_cmd *cmd, u8 status)
4943 struct hci_conn *conn;
4944 bool valid_tx_power;
4945 u8 mgmt_status;
4946};
4947
4948static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4949{ 5079{
4950 struct cmd_conn_lookup *match = data;
4951 struct mgmt_cp_get_conn_info *cp;
4952 struct mgmt_rp_get_conn_info rp;
4953 struct hci_conn *conn = cmd->user_data; 5080 struct hci_conn *conn = cmd->user_data;
5081 struct mgmt_rp_get_conn_info rp;
4954 5082
4955 if (conn != match->conn) 5083 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
4956 return;
4957
4958 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4959
4960 memset(&rp, 0, sizeof(rp));
4961 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4962 rp.addr.type = cp->addr.type;
4963 5084
4964 if (!match->mgmt_status) { 5085 if (status == MGMT_STATUS_SUCCESS) {
4965 rp.rssi = conn->rssi; 5086 rp.rssi = conn->rssi;
4966 5087 rp.tx_power = conn->tx_power;
4967 if (match->valid_tx_power) { 5088 rp.max_tx_power = conn->max_tx_power;
4968 rp.tx_power = conn->tx_power; 5089 } else {
4969 rp.max_tx_power = conn->max_tx_power; 5090 rp.rssi = HCI_RSSI_INVALID;
4970 } else { 5091 rp.tx_power = HCI_TX_POWER_INVALID;
4971 rp.tx_power = HCI_TX_POWER_INVALID; 5092 rp.max_tx_power = HCI_TX_POWER_INVALID;
4972 rp.max_tx_power = HCI_TX_POWER_INVALID;
4973 }
4974 } 5093 }
4975 5094
4976 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, 5095 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
4977 match->mgmt_status, &rp, sizeof(rp)); 5096 &rp, sizeof(rp));
4978 5097
4979 hci_conn_drop(conn); 5098 hci_conn_drop(conn);
4980 hci_conn_put(conn); 5099 hci_conn_put(conn);
4981
4982 mgmt_pending_remove(cmd);
4983} 5100}
4984 5101
4985static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status) 5102static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status)
4986{ 5103{
4987 struct hci_cp_read_rssi *cp; 5104 struct hci_cp_read_rssi *cp;
5105 struct pending_cmd *cmd;
4988 struct hci_conn *conn; 5106 struct hci_conn *conn;
4989 struct cmd_conn_lookup match;
4990 u16 handle; 5107 u16 handle;
5108 u8 status;
4991 5109
4992 BT_DBG("status 0x%02x", status); 5110 BT_DBG("status 0x%02x", hci_status);
4993 5111
4994 hci_dev_lock(hdev); 5112 hci_dev_lock(hdev);
4995 5113
4996 /* TX power data is valid in case request completed successfully,
4997 * otherwise we assume it's not valid. At the moment we assume that
4998 * either both or none of current and max values are valid to keep code
4999 * simple.
5000 */
5001 match.valid_tx_power = !status;
5002
5003 /* Commands sent in request are either Read RSSI or Read Transmit Power 5114 /* Commands sent in request are either Read RSSI or Read Transmit Power
5004 * Level so we check which one was last sent to retrieve connection 5115 * Level so we check which one was last sent to retrieve connection
5005 * handle. Both commands have handle as first parameter so it's safe to 5116 * handle. Both commands have handle as first parameter so it's safe to
@@ -5012,29 +5123,29 @@ static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
5012 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI); 5123 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5013 if (!cp) { 5124 if (!cp) {
5014 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER); 5125 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5015 status = 0; 5126 status = MGMT_STATUS_SUCCESS;
5127 } else {
5128 status = mgmt_status(hci_status);
5016 } 5129 }
5017 5130
5018 if (!cp) { 5131 if (!cp) {
5019 BT_ERR("invalid sent_cmd in response"); 5132 BT_ERR("invalid sent_cmd in conn_info response");
5020 goto unlock; 5133 goto unlock;
5021 } 5134 }
5022 5135
5023 handle = __le16_to_cpu(cp->handle); 5136 handle = __le16_to_cpu(cp->handle);
5024 conn = hci_conn_hash_lookup_handle(hdev, handle); 5137 conn = hci_conn_hash_lookup_handle(hdev, handle);
5025 if (!conn) { 5138 if (!conn) {
5026 BT_ERR("unknown handle (%d) in response", handle); 5139 BT_ERR("unknown handle (%d) in conn_info response", handle);
5027 goto unlock; 5140 goto unlock;
5028 } 5141 }
5029 5142
5030 match.conn = conn; 5143 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5031 match.mgmt_status = mgmt_status(status); 5144 if (!cmd)
5145 goto unlock;
5032 5146
5033 /* Cache refresh is complete, now reply for mgmt request for given 5147 cmd->cmd_complete(cmd, status);
5034 * connection only. 5148 mgmt_pending_remove(cmd);
5035 */
5036 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
5037 get_conn_info_complete, &match);
5038 5149
5039unlock: 5150unlock:
5040 hci_dev_unlock(hdev); 5151 hci_dev_unlock(hdev);
@@ -5080,6 +5191,12 @@ static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5080 goto unlock; 5191 goto unlock;
5081 } 5192 }
5082 5193
5194 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5195 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5196 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5197 goto unlock;
5198 }
5199
5083 /* To avoid client trying to guess when to poll again for information we 5200 /* To avoid client trying to guess when to poll again for information we
5084 * calculate conn info age as random value between min/max set in hdev. 5201 * calculate conn info age as random value between min/max set in hdev.
5085 */ 5202 */
@@ -5135,6 +5252,7 @@ static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5135 5252
5136 hci_conn_hold(conn); 5253 hci_conn_hold(conn);
5137 cmd->user_data = hci_conn_get(conn); 5254 cmd->user_data = hci_conn_get(conn);
5255 cmd->cmd_complete = conn_info_cmd_complete;
5138 5256
5139 conn->conn_info_timestamp = jiffies; 5257 conn->conn_info_timestamp = jiffies;
5140 } else { 5258 } else {
@@ -5152,10 +5270,40 @@ unlock:
5152 return err; 5270 return err;
5153} 5271}
5154 5272
5155static void get_clock_info_complete(struct hci_dev *hdev, u8 status) 5273static void clock_info_cmd_complete(struct pending_cmd *cmd, u8 status)
5156{ 5274{
5157 struct mgmt_cp_get_clock_info *cp; 5275 struct hci_conn *conn = cmd->user_data;
5158 struct mgmt_rp_get_clock_info rp; 5276 struct mgmt_rp_get_clock_info rp;
5277 struct hci_dev *hdev;
5278
5279 memset(&rp, 0, sizeof(rp));
5280 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5281
5282 if (status)
5283 goto complete;
5284
5285 hdev = hci_dev_get(cmd->index);
5286 if (hdev) {
5287 rp.local_clock = cpu_to_le32(hdev->clock);
5288 hci_dev_put(hdev);
5289 }
5290
5291 if (conn) {
5292 rp.piconet_clock = cpu_to_le32(conn->clock);
5293 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5294 }
5295
5296complete:
5297 cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp, sizeof(rp));
5298
5299 if (conn) {
5300 hci_conn_drop(conn);
5301 hci_conn_put(conn);
5302 }
5303}
5304
5305static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5306{
5159 struct hci_cp_read_clock *hci_cp; 5307 struct hci_cp_read_clock *hci_cp;
5160 struct pending_cmd *cmd; 5308 struct pending_cmd *cmd;
5161 struct hci_conn *conn; 5309 struct hci_conn *conn;
@@ -5179,29 +5327,8 @@ static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5179 if (!cmd) 5327 if (!cmd)
5180 goto unlock; 5328 goto unlock;
5181 5329
5182 cp = cmd->param; 5330 cmd->cmd_complete(cmd, mgmt_status(status));
5183
5184 memset(&rp, 0, sizeof(rp));
5185 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
5186
5187 if (status)
5188 goto send_rsp;
5189
5190 rp.local_clock = cpu_to_le32(hdev->clock);
5191
5192 if (conn) {
5193 rp.piconet_clock = cpu_to_le32(conn->clock);
5194 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5195 }
5196
5197send_rsp:
5198 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
5199 &rp, sizeof(rp));
5200 mgmt_pending_remove(cmd); 5331 mgmt_pending_remove(cmd);
5201 if (conn) {
5202 hci_conn_drop(conn);
5203 hci_conn_put(conn);
5204 }
5205 5332
5206unlock: 5333unlock:
5207 hci_dev_unlock(hdev); 5334 hci_dev_unlock(hdev);
@@ -5257,6 +5384,8 @@ static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5257 goto unlock; 5384 goto unlock;
5258 } 5385 }
5259 5386
5387 cmd->cmd_complete = clock_info_cmd_complete;
5388
5260 hci_req_init(&req, hdev); 5389 hci_req_init(&req, hdev);
5261 5390
5262 memset(&hci_cp, 0, sizeof(hci_cp)); 5391 memset(&hci_cp, 0, sizeof(hci_cp));
@@ -5746,6 +5875,7 @@ static const struct mgmt_handler {
5746 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE }, 5875 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
5747 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE }, 5876 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
5748 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE }, 5877 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
5878 { start_service_discovery,true, MGMT_START_SERVICE_DISCOVERY_SIZE },
5749}; 5879};
5750 5880
5751int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen) 5881int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
@@ -5882,7 +6012,7 @@ void mgmt_index_removed(struct hci_dev *hdev)
5882 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 6012 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5883 return; 6013 return;
5884 6014
5885 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 6015 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
5886 6016
5887 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) 6017 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5888 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL); 6018 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
@@ -6017,7 +6147,7 @@ int mgmt_powered(struct hci_dev *hdev, u8 powered)
6017 } 6147 }
6018 6148
6019 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 6149 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6020 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered); 6150 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status_not_powered);
6021 6151
6022 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) 6152 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6023 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, 6153 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
@@ -6101,8 +6231,19 @@ void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6101 6231
6102static u8 mgmt_ltk_type(struct smp_ltk *ltk) 6232static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6103{ 6233{
6104 if (ltk->authenticated) 6234 switch (ltk->type) {
6105 return MGMT_LTK_AUTHENTICATED; 6235 case SMP_LTK:
6236 case SMP_LTK_SLAVE:
6237 if (ltk->authenticated)
6238 return MGMT_LTK_AUTHENTICATED;
6239 return MGMT_LTK_UNAUTHENTICATED;
6240 case SMP_LTK_P256:
6241 if (ltk->authenticated)
6242 return MGMT_LTK_P256_AUTH;
6243 return MGMT_LTK_P256_UNAUTH;
6244 case SMP_LTK_P256_DEBUG:
6245 return MGMT_LTK_P256_DEBUG;
6246 }
6106 6247
6107 return MGMT_LTK_UNAUTHENTICATED; 6248 return MGMT_LTK_UNAUTHENTICATED;
6108} 6249}
@@ -6276,15 +6417,9 @@ void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6276 6417
6277static void disconnect_rsp(struct pending_cmd *cmd, void *data) 6418static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6278{ 6419{
6279 struct mgmt_cp_disconnect *cp = cmd->param;
6280 struct sock **sk = data; 6420 struct sock **sk = data;
6281 struct mgmt_rp_disconnect rp;
6282 6421
6283 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 6422 cmd->cmd_complete(cmd, 0);
6284 rp.addr.type = cp->addr.type;
6285
6286 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
6287 sizeof(rp));
6288 6423
6289 *sk = cmd->sk; 6424 *sk = cmd->sk;
6290 sock_hold(*sk); 6425 sock_hold(*sk);
@@ -6296,16 +6431,10 @@ static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
6296{ 6431{
6297 struct hci_dev *hdev = data; 6432 struct hci_dev *hdev = data;
6298 struct mgmt_cp_unpair_device *cp = cmd->param; 6433 struct mgmt_cp_unpair_device *cp = cmd->param;
6299 struct mgmt_rp_unpair_device rp;
6300
6301 memset(&rp, 0, sizeof(rp));
6302 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6303 rp.addr.type = cp->addr.type;
6304 6434
6305 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 6435 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6306 6436
6307 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp)); 6437 cmd->cmd_complete(cmd, 0);
6308
6309 mgmt_pending_remove(cmd); 6438 mgmt_pending_remove(cmd);
6310} 6439}
6311 6440
@@ -6366,7 +6495,6 @@ void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6366{ 6495{
6367 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type); 6496 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6368 struct mgmt_cp_disconnect *cp; 6497 struct mgmt_cp_disconnect *cp;
6369 struct mgmt_rp_disconnect rp;
6370 struct pending_cmd *cmd; 6498 struct pending_cmd *cmd;
6371 6499
6372 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 6500 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
@@ -6384,12 +6512,7 @@ void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6384 if (cp->addr.type != bdaddr_type) 6512 if (cp->addr.type != bdaddr_type)
6385 return; 6513 return;
6386 6514
6387 bacpy(&rp.addr.bdaddr, bdaddr); 6515 cmd->cmd_complete(cmd, mgmt_status(status));
6388 rp.addr.type = bdaddr_type;
6389
6390 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
6391 mgmt_status(status), &rp, sizeof(rp));
6392
6393 mgmt_pending_remove(cmd); 6516 mgmt_pending_remove(cmd);
6394} 6517}
6395 6518
@@ -6428,18 +6551,12 @@ void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6428 u8 status) 6551 u8 status)
6429{ 6552{
6430 struct pending_cmd *cmd; 6553 struct pending_cmd *cmd;
6431 struct mgmt_rp_pin_code_reply rp;
6432 6554
6433 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 6555 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
6434 if (!cmd) 6556 if (!cmd)
6435 return; 6557 return;
6436 6558
6437 bacpy(&rp.addr.bdaddr, bdaddr); 6559 cmd->cmd_complete(cmd, mgmt_status(status));
6438 rp.addr.type = BDADDR_BREDR;
6439
6440 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6441 mgmt_status(status), &rp, sizeof(rp));
6442
6443 mgmt_pending_remove(cmd); 6560 mgmt_pending_remove(cmd);
6444} 6561}
6445 6562
@@ -6447,18 +6564,12 @@ void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6447 u8 status) 6564 u8 status)
6448{ 6565{
6449 struct pending_cmd *cmd; 6566 struct pending_cmd *cmd;
6450 struct mgmt_rp_pin_code_reply rp;
6451 6567
6452 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 6568 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
6453 if (!cmd) 6569 if (!cmd)
6454 return; 6570 return;
6455 6571
6456 bacpy(&rp.addr.bdaddr, bdaddr); 6572 cmd->cmd_complete(cmd, mgmt_status(status));
6457 rp.addr.type = BDADDR_BREDR;
6458
6459 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6460 mgmt_status(status), &rp, sizeof(rp));
6461
6462 mgmt_pending_remove(cmd); 6573 mgmt_pending_remove(cmd);
6463} 6574}
6464 6575
@@ -6498,21 +6609,15 @@ static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6498 u8 opcode) 6609 u8 opcode)
6499{ 6610{
6500 struct pending_cmd *cmd; 6611 struct pending_cmd *cmd;
6501 struct mgmt_rp_user_confirm_reply rp;
6502 int err;
6503 6612
6504 cmd = mgmt_pending_find(opcode, hdev); 6613 cmd = mgmt_pending_find(opcode, hdev);
6505 if (!cmd) 6614 if (!cmd)
6506 return -ENOENT; 6615 return -ENOENT;
6507 6616
6508 bacpy(&rp.addr.bdaddr, bdaddr); 6617 cmd->cmd_complete(cmd, mgmt_status(status));
6509 rp.addr.type = link_to_bdaddr(link_type, addr_type);
6510 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
6511 &rp, sizeof(rp));
6512
6513 mgmt_pending_remove(cmd); 6618 mgmt_pending_remove(cmd);
6514 6619
6515 return err; 6620 return 0;
6516} 6621}
6517 6622
6518int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6623int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
@@ -6784,8 +6889,7 @@ void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6784 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 6889 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6785 mgmt_status(status)); 6890 mgmt_status(status));
6786 } else { 6891 } else {
6787 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) && 6892 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
6788 hash256 && rand256) {
6789 struct mgmt_rp_read_local_oob_ext_data rp; 6893 struct mgmt_rp_read_local_oob_ext_data rp;
6790 6894
6791 memcpy(rp.hash192, hash192, sizeof(rp.hash192)); 6895 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
@@ -6812,6 +6916,73 @@ void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6812 mgmt_pending_remove(cmd); 6916 mgmt_pending_remove(cmd);
6813} 6917}
6814 6918
6919static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
6920{
6921 int i;
6922
6923 for (i = 0; i < uuid_count; i++) {
6924 if (!memcmp(uuid, uuids[i], 16))
6925 return true;
6926 }
6927
6928 return false;
6929}
6930
6931static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
6932{
6933 u16 parsed = 0;
6934
6935 while (parsed < eir_len) {
6936 u8 field_len = eir[0];
6937 u8 uuid[16];
6938 int i;
6939
6940 if (field_len == 0)
6941 break;
6942
6943 if (eir_len - parsed < field_len + 1)
6944 break;
6945
6946 switch (eir[1]) {
6947 case EIR_UUID16_ALL:
6948 case EIR_UUID16_SOME:
6949 for (i = 0; i + 3 <= field_len; i += 2) {
6950 memcpy(uuid, bluetooth_base_uuid, 16);
6951 uuid[13] = eir[i + 3];
6952 uuid[12] = eir[i + 2];
6953 if (has_uuid(uuid, uuid_count, uuids))
6954 return true;
6955 }
6956 break;
6957 case EIR_UUID32_ALL:
6958 case EIR_UUID32_SOME:
6959 for (i = 0; i + 5 <= field_len; i += 4) {
6960 memcpy(uuid, bluetooth_base_uuid, 16);
6961 uuid[15] = eir[i + 5];
6962 uuid[14] = eir[i + 4];
6963 uuid[13] = eir[i + 3];
6964 uuid[12] = eir[i + 2];
6965 if (has_uuid(uuid, uuid_count, uuids))
6966 return true;
6967 }
6968 break;
6969 case EIR_UUID128_ALL:
6970 case EIR_UUID128_SOME:
6971 for (i = 0; i + 17 <= field_len; i += 16) {
6972 memcpy(uuid, eir + i + 2, 16);
6973 if (has_uuid(uuid, uuid_count, uuids))
6974 return true;
6975 }
6976 break;
6977 }
6978
6979 parsed += field_len + 1;
6980 eir += field_len + 1;
6981 }
6982
6983 return false;
6984}
6985
6815void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 6986void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6816 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags, 6987 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6817 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 6988 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
@@ -6819,6 +6990,7 @@ void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6819 char buf[512]; 6990 char buf[512];
6820 struct mgmt_ev_device_found *ev = (void *) buf; 6991 struct mgmt_ev_device_found *ev = (void *) buf;
6821 size_t ev_size; 6992 size_t ev_size;
6993 bool match;
6822 6994
6823 /* Don't send events for a non-kernel initiated discovery. With 6995 /* Don't send events for a non-kernel initiated discovery. With
6824 * LE one exception is if we have pend_le_reports > 0 in which 6996 * LE one exception is if we have pend_le_reports > 0 in which
@@ -6831,6 +7003,18 @@ void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6831 return; 7003 return;
6832 } 7004 }
6833 7005
7006 /* When using service discovery with a RSSI threshold, then check
7007 * if such a RSSI threshold is specified. If a RSSI threshold has
7008 * been specified, then all results with a RSSI smaller than the
7009 * RSSI threshold will be dropped.
7010 *
7011 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7012 * the results are also dropped.
7013 */
7014 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7015 (rssi < hdev->discovery.rssi || rssi == HCI_RSSI_INVALID))
7016 return;
7017
6834 /* Make sure that the buffer is big enough. The 5 extra bytes 7018 /* Make sure that the buffer is big enough. The 5 extra bytes
6835 * are for the potential CoD field. 7019 * are for the potential CoD field.
6836 */ 7020 */
@@ -6839,20 +7023,75 @@ void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6839 7023
6840 memset(buf, 0, sizeof(buf)); 7024 memset(buf, 0, sizeof(buf));
6841 7025
7026 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7027 * RSSI value was reported as 0 when not available. This behavior
7028 * is kept when using device discovery. This is required for full
7029 * backwards compatibility with the API.
7030 *
7031 * However when using service discovery, the value 127 will be
7032 * returned when the RSSI is not available.
7033 */
7034 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi)
7035 rssi = 0;
7036
6842 bacpy(&ev->addr.bdaddr, bdaddr); 7037 bacpy(&ev->addr.bdaddr, bdaddr);
6843 ev->addr.type = link_to_bdaddr(link_type, addr_type); 7038 ev->addr.type = link_to_bdaddr(link_type, addr_type);
6844 ev->rssi = rssi; 7039 ev->rssi = rssi;
6845 ev->flags = cpu_to_le32(flags); 7040 ev->flags = cpu_to_le32(flags);
6846 7041
6847 if (eir_len > 0) 7042 if (eir_len > 0) {
7043 /* When using service discovery and a list of UUID is
7044 * provided, results with no matching UUID should be
7045 * dropped. In case there is a match the result is
7046 * kept and checking possible scan response data
7047 * will be skipped.
7048 */
7049 if (hdev->discovery.uuid_count > 0) {
7050 match = eir_has_uuids(eir, eir_len,
7051 hdev->discovery.uuid_count,
7052 hdev->discovery.uuids);
7053 if (!match)
7054 return;
7055 }
7056
7057 /* Copy EIR or advertising data into event */
6848 memcpy(ev->eir, eir, eir_len); 7058 memcpy(ev->eir, eir, eir_len);
7059 } else {
7060 /* When using service discovery and a list of UUID is
7061 * provided, results with empty EIR or advertising data
7062 * should be dropped since they do not match any UUID.
7063 */
7064 if (hdev->discovery.uuid_count > 0)
7065 return;
7066 }
6849 7067
6850 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV)) 7068 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6851 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 7069 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
6852 dev_class, 3); 7070 dev_class, 3);
6853 7071
6854 if (scan_rsp_len > 0) 7072 if (scan_rsp_len > 0) {
7073 /* When using service discovery and a list of UUID is
7074 * provided, results with no matching UUID should be
7075 * dropped if there is no previous match from the
7076 * advertising data.
7077 */
7078 if (hdev->discovery.uuid_count > 0) {
7079 if (!match && !eir_has_uuids(scan_rsp, scan_rsp_len,
7080 hdev->discovery.uuid_count,
7081 hdev->discovery.uuids))
7082 return;
7083 }
7084
7085 /* Append scan response data to event */
6855 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len); 7086 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7087 } else {
7088 /* When using service discovery and a list of UUID is
7089 * provided, results with empty scan response and no
7090 * previous matched advertising data should be dropped.
7091 */
7092 if (hdev->discovery.uuid_count > 0 && !match)
7093 return;
7094 }
6856 7095
6857 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len); 7096 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6858 ev_size = sizeof(*ev) + eir_len + scan_rsp_len; 7097 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
@@ -6886,23 +7125,9 @@ void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6886void mgmt_discovering(struct hci_dev *hdev, u8 discovering) 7125void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
6887{ 7126{
6888 struct mgmt_ev_discovering ev; 7127 struct mgmt_ev_discovering ev;
6889 struct pending_cmd *cmd;
6890 7128
6891 BT_DBG("%s discovering %u", hdev->name, discovering); 7129 BT_DBG("%s discovering %u", hdev->name, discovering);
6892 7130
6893 if (discovering)
6894 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
6895 else
6896 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
6897
6898 if (cmd != NULL) {
6899 u8 type = hdev->discovery.type;
6900
6901 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6902 sizeof(type));
6903 mgmt_pending_remove(cmd);
6904 }
6905
6906 memset(&ev, 0, sizeof(ev)); 7131 memset(&ev, 0, sizeof(ev));
6907 ev.type = hdev->discovery.type; 7132 ev.type = hdev->discovery.type;
6908 ev.discovering = discovering; 7133 ev.discovering = discovering;
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 069b76e03b57..96bf16dcd9e9 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -29,14 +29,34 @@
29#include <net/bluetooth/l2cap.h> 29#include <net/bluetooth/l2cap.h>
30#include <net/bluetooth/mgmt.h> 30#include <net/bluetooth/mgmt.h>
31 31
32#include "ecc.h"
32#include "smp.h" 33#include "smp.h"
33 34
35/* Low-level debug macros to be used for stuff that we don't want
36 * accidentially in dmesg, i.e. the values of the various crypto keys
37 * and the inputs & outputs of crypto functions.
38 */
39#ifdef DEBUG
40#define SMP_DBG(fmt, ...) printk(KERN_DEBUG "%s: " fmt, __func__, \
41 ##__VA_ARGS__)
42#else
43#define SMP_DBG(fmt, ...) no_printk(KERN_DEBUG "%s: " fmt, __func__, \
44 ##__VA_ARGS__)
45#endif
46
34#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd) 47#define SMP_ALLOW_CMD(smp, code) set_bit(code, &smp->allow_cmd)
35 48
49/* Keys which are not distributed with Secure Connections */
50#define SMP_SC_NO_DIST (SMP_DIST_ENC_KEY | SMP_DIST_LINK_KEY);
51
36#define SMP_TIMEOUT msecs_to_jiffies(30000) 52#define SMP_TIMEOUT msecs_to_jiffies(30000)
37 53
38#define AUTH_REQ_MASK 0x07 54#define AUTH_REQ_MASK(dev) (test_bit(HCI_SC_ENABLED, &(dev)->dev_flags) ? \
39#define KEY_DIST_MASK 0x07 55 0x1f : 0x07)
56#define KEY_DIST_MASK 0x07
57
58/* Maximum message length that can be passed to aes_cmac */
59#define CMAC_MSG_MAX 80
40 60
41enum { 61enum {
42 SMP_FLAG_TK_VALID, 62 SMP_FLAG_TK_VALID,
@@ -44,6 +64,12 @@ enum {
44 SMP_FLAG_MITM_AUTH, 64 SMP_FLAG_MITM_AUTH,
45 SMP_FLAG_COMPLETE, 65 SMP_FLAG_COMPLETE,
46 SMP_FLAG_INITIATOR, 66 SMP_FLAG_INITIATOR,
67 SMP_FLAG_SC,
68 SMP_FLAG_REMOTE_PK,
69 SMP_FLAG_DEBUG_KEY,
70 SMP_FLAG_WAIT_USER,
71 SMP_FLAG_DHKEY_PENDING,
72 SMP_FLAG_OOB,
47}; 73};
48 74
49struct smp_chan { 75struct smp_chan {
@@ -57,6 +83,7 @@ struct smp_chan {
57 u8 rrnd[16]; /* SMP Pairing Random (remote) */ 83 u8 rrnd[16]; /* SMP Pairing Random (remote) */
58 u8 pcnf[16]; /* SMP Pairing Confirm */ 84 u8 pcnf[16]; /* SMP Pairing Confirm */
59 u8 tk[16]; /* SMP Temporary Key */ 85 u8 tk[16]; /* SMP Temporary Key */
86 u8 rr[16];
60 u8 enc_key_size; 87 u8 enc_key_size;
61 u8 remote_key_dist; 88 u8 remote_key_dist;
62 bdaddr_t id_addr; 89 bdaddr_t id_addr;
@@ -67,9 +94,43 @@ struct smp_chan {
67 struct smp_ltk *ltk; 94 struct smp_ltk *ltk;
68 struct smp_ltk *slave_ltk; 95 struct smp_ltk *slave_ltk;
69 struct smp_irk *remote_irk; 96 struct smp_irk *remote_irk;
97 u8 *link_key;
70 unsigned long flags; 98 unsigned long flags;
99 u8 method;
100 u8 passkey_round;
101
102 /* Secure Connections variables */
103 u8 local_pk[64];
104 u8 local_sk[32];
105 u8 remote_pk[64];
106 u8 dhkey[32];
107 u8 mackey[16];
71 108
72 struct crypto_blkcipher *tfm_aes; 109 struct crypto_blkcipher *tfm_aes;
110 struct crypto_hash *tfm_cmac;
111};
112
113/* These debug key values are defined in the SMP section of the core
114 * specification. debug_pk is the public debug key and debug_sk the
115 * private debug key.
116 */
117static const u8 debug_pk[64] = {
118 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
119 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
120 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
121 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20,
122
123 0x8b, 0xd2, 0x89, 0x15, 0xd0, 0x8e, 0x1c, 0x74,
124 0x24, 0x30, 0xed, 0x8f, 0xc2, 0x45, 0x63, 0x76,
125 0x5c, 0x15, 0x52, 0x5a, 0xbf, 0x9a, 0x32, 0x63,
126 0x6d, 0xeb, 0x2a, 0x65, 0x49, 0x9c, 0x80, 0xdc,
127};
128
129static const u8 debug_sk[32] = {
130 0xbd, 0x1a, 0x3c, 0xcd, 0xa6, 0xb8, 0x99, 0x58,
131 0x99, 0xb7, 0x40, 0xeb, 0x7b, 0x60, 0xff, 0x4a,
132 0x50, 0x3f, 0x10, 0xd2, 0xe3, 0xb3, 0xc9, 0x74,
133 0x38, 0x5f, 0xc5, 0xa3, 0xd4, 0xf6, 0x49, 0x3f,
73}; 134};
74 135
75static inline void swap_buf(const u8 *src, u8 *dst, size_t len) 136static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
@@ -80,14 +141,22 @@ static inline void swap_buf(const u8 *src, u8 *dst, size_t len)
80 dst[len - 1 - i] = src[i]; 141 dst[len - 1 - i] = src[i];
81} 142}
82 143
83static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r) 144/* The following functions map to the LE SC SMP crypto functions
145 * AES-CMAC, f4, f5, f6, g2 and h6.
146 */
147
148static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
149 size_t len, u8 mac[16])
84{ 150{
85 struct blkcipher_desc desc; 151 uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
152 struct hash_desc desc;
86 struct scatterlist sg; 153 struct scatterlist sg;
87 uint8_t tmp[16], data[16];
88 int err; 154 int err;
89 155
90 if (tfm == NULL) { 156 if (len > CMAC_MSG_MAX)
157 return -EFBIG;
158
159 if (!tfm) {
91 BT_ERR("tfm %p", tfm); 160 BT_ERR("tfm %p", tfm);
92 return -EINVAL; 161 return -EINVAL;
93 } 162 }
@@ -95,105 +164,233 @@ static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
95 desc.tfm = tfm; 164 desc.tfm = tfm;
96 desc.flags = 0; 165 desc.flags = 0;
97 166
98 /* The most significant octet of key corresponds to k[0] */ 167 crypto_hash_init(&desc);
168
169 /* Swap key and message from LSB to MSB */
99 swap_buf(k, tmp, 16); 170 swap_buf(k, tmp, 16);
171 swap_buf(m, msg_msb, len);
100 172
101 err = crypto_blkcipher_setkey(tfm, tmp, 16); 173 SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
174 SMP_DBG("key %16phN", k);
175
176 err = crypto_hash_setkey(tfm, tmp, 16);
102 if (err) { 177 if (err) {
103 BT_ERR("cipher setkey failed: %d", err); 178 BT_ERR("cipher setkey failed: %d", err);
104 return err; 179 return err;
105 } 180 }
106 181
107 /* Most significant octet of plaintextData corresponds to data[0] */ 182 sg_init_one(&sg, msg_msb, len);
108 swap_buf(r, data, 16);
109 183
110 sg_init_one(&sg, data, 16); 184 err = crypto_hash_update(&desc, &sg, len);
185 if (err) {
186 BT_ERR("Hash update error %d", err);
187 return err;
188 }
111 189
112 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16); 190 err = crypto_hash_final(&desc, mac_msb);
191 if (err) {
192 BT_ERR("Hash final error %d", err);
193 return err;
194 }
195
196 swap_buf(mac_msb, mac, 16);
197
198 SMP_DBG("mac %16phN", mac);
199
200 return 0;
201}
202
203static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
204 const u8 x[16], u8 z, u8 res[16])
205{
206 u8 m[65];
207 int err;
208
209 SMP_DBG("u %32phN", u);
210 SMP_DBG("v %32phN", v);
211 SMP_DBG("x %16phN z %02x", x, z);
212
213 m[0] = z;
214 memcpy(m + 1, v, 32);
215 memcpy(m + 33, u, 32);
216
217 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
113 if (err) 218 if (err)
114 BT_ERR("Encrypt data error %d", err); 219 return err;
115 220
116 /* Most significant octet of encryptedData corresponds to data[0] */ 221 SMP_DBG("res %16phN", res);
117 swap_buf(data, r, 16);
118 222
119 return err; 223 return err;
120} 224}
121 225
122static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3]) 226static int smp_f5(struct crypto_hash *tfm_cmac, u8 w[32], u8 n1[16], u8 n2[16],
227 u8 a1[7], u8 a2[7], u8 mackey[16], u8 ltk[16])
123{ 228{
124 u8 _res[16]; 229 /* The btle, salt and length "magic" values are as defined in
230 * the SMP section of the Bluetooth core specification. In ASCII
231 * the btle value ends up being 'btle'. The salt is just a
232 * random number whereas length is the value 256 in little
233 * endian format.
234 */
235 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
236 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37, 0x60,
237 0x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88, 0x6c };
238 const u8 length[2] = { 0x00, 0x01 };
239 u8 m[53], t[16];
125 int err; 240 int err;
126 241
127 /* r' = padding || r */ 242 SMP_DBG("w %32phN", w);
128 memcpy(_res, r, 3); 243 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
129 memset(_res + 3, 0, 13); 244 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
130 245
131 err = smp_e(tfm, irk, _res); 246 err = aes_cmac(tfm_cmac, salt, w, 32, t);
132 if (err) { 247 if (err)
133 BT_ERR("Encrypt error");
134 return err; 248 return err;
135 }
136 249
137 /* The output of the random address function ah is: 250 SMP_DBG("t %16phN", t);
138 * ah(h, r) = e(k, r') mod 2^24 251
139 * The output of the security function e is then truncated to 24 bits 252 memcpy(m, length, 2);
140 * by taking the least significant 24 bits of the output of e as the 253 memcpy(m + 2, a2, 7);
141 * result of ah. 254 memcpy(m + 9, a1, 7);
142 */ 255 memcpy(m + 16, n2, 16);
143 memcpy(res, _res, 3); 256 memcpy(m + 32, n1, 16);
257 memcpy(m + 48, btle, 4);
258
259 m[52] = 0; /* Counter */
260
261 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
262 if (err)
263 return err;
264
265 SMP_DBG("mackey %16phN", mackey);
266
267 m[52] = 1; /* Counter */
268
269 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
270 if (err)
271 return err;
272
273 SMP_DBG("ltk %16phN", ltk);
144 274
145 return 0; 275 return 0;
146} 276}
147 277
148bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr) 278static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
279 const u8 n1[16], u8 n2[16], const u8 r[16],
280 const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
281 u8 res[16])
149{ 282{
150 struct l2cap_chan *chan = hdev->smp_data; 283 u8 m[65];
151 struct crypto_blkcipher *tfm;
152 u8 hash[3];
153 int err; 284 int err;
154 285
155 if (!chan || !chan->data) 286 SMP_DBG("w %16phN", w);
156 return false; 287 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
288 SMP_DBG("r %16phN io_cap %3phN a1 %7phN a2 %7phN", r, io_cap, a1, a2);
157 289
158 tfm = chan->data; 290 memcpy(m, a2, 7);
291 memcpy(m + 7, a1, 7);
292 memcpy(m + 14, io_cap, 3);
293 memcpy(m + 17, r, 16);
294 memcpy(m + 33, n2, 16);
295 memcpy(m + 49, n1, 16);
159 296
160 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk); 297 err = aes_cmac(tfm_cmac, w, m, sizeof(m), res);
298 if (err)
299 return err;
161 300
162 err = smp_ah(tfm, irk, &bdaddr->b[3], hash); 301 BT_DBG("res %16phN", res);
302
303 return err;
304}
305
306static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
307 const u8 x[16], const u8 y[16], u32 *val)
308{
309 u8 m[80], tmp[16];
310 int err;
311
312 SMP_DBG("u %32phN", u);
313 SMP_DBG("v %32phN", v);
314 SMP_DBG("x %16phN y %16phN", x, y);
315
316 memcpy(m, y, 16);
317 memcpy(m + 16, v, 32);
318 memcpy(m + 48, u, 32);
319
320 err = aes_cmac(tfm_cmac, x, m, sizeof(m), tmp);
163 if (err) 321 if (err)
164 return false; 322 return err;
165 323
166 return !memcmp(bdaddr->b, hash, 3); 324 *val = get_unaligned_le32(tmp);
325 *val %= 1000000;
326
327 SMP_DBG("val %06u", *val);
328
329 return 0;
167} 330}
168 331
169int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa) 332static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
333 const u8 key_id[4], u8 res[16])
170{ 334{
171 struct l2cap_chan *chan = hdev->smp_data;
172 struct crypto_blkcipher *tfm;
173 int err; 335 int err;
174 336
175 if (!chan || !chan->data) 337 SMP_DBG("w %16phN key_id %4phN", w, key_id);
176 return -EOPNOTSUPP;
177 338
178 tfm = chan->data; 339 err = aes_cmac(tfm_cmac, w, key_id, 4, res);
340 if (err)
341 return err;
179 342
180 get_random_bytes(&rpa->b[3], 3); 343 SMP_DBG("res %16phN", res);
181 344
182 rpa->b[5] &= 0x3f; /* Clear two most significant bits */ 345 return err;
183 rpa->b[5] |= 0x40; /* Set second most significant bit */ 346}
184 347
185 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b); 348/* The following functions map to the legacy SMP crypto functions e, c1,
186 if (err < 0) 349 * s1 and ah.
350 */
351
352static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
353{
354 struct blkcipher_desc desc;
355 struct scatterlist sg;
356 uint8_t tmp[16], data[16];
357 int err;
358
359 if (!tfm) {
360 BT_ERR("tfm %p", tfm);
361 return -EINVAL;
362 }
363
364 desc.tfm = tfm;
365 desc.flags = 0;
366
367 /* The most significant octet of key corresponds to k[0] */
368 swap_buf(k, tmp, 16);
369
370 err = crypto_blkcipher_setkey(tfm, tmp, 16);
371 if (err) {
372 BT_ERR("cipher setkey failed: %d", err);
187 return err; 373 return err;
374 }
188 375
189 BT_DBG("RPA %pMR", rpa); 376 /* Most significant octet of plaintextData corresponds to data[0] */
377 swap_buf(r, data, 16);
190 378
191 return 0; 379 sg_init_one(&sg, data, 16);
380
381 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
382 if (err)
383 BT_ERR("Encrypt data error %d", err);
384
385 /* Most significant octet of encryptedData corresponds to data[0] */
386 swap_buf(data, r, 16);
387
388 return err;
192} 389}
193 390
194static int smp_c1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r[16], 391static int smp_c1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
195 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, u8 _rat, 392 const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
196 bdaddr_t *ra, u8 res[16]) 393 const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
197{ 394{
198 u8 p1[16], p2[16]; 395 u8 p1[16], p2[16];
199 int err; 396 int err;
@@ -232,8 +429,8 @@ static int smp_c1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r[16],
232 return err; 429 return err;
233} 430}
234 431
235static int smp_s1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r1[16], 432static int smp_s1(struct crypto_blkcipher *tfm_aes, const u8 k[16],
236 u8 r2[16], u8 _r[16]) 433 const u8 r1[16], const u8 r2[16], u8 _r[16])
237{ 434{
238 int err; 435 int err;
239 436
@@ -248,6 +445,80 @@ static int smp_s1(struct crypto_blkcipher *tfm_aes, u8 k[16], u8 r1[16],
248 return err; 445 return err;
249} 446}
250 447
448static int smp_ah(struct crypto_blkcipher *tfm, const u8 irk[16],
449 const u8 r[3], u8 res[3])
450{
451 u8 _res[16];
452 int err;
453
454 /* r' = padding || r */
455 memcpy(_res, r, 3);
456 memset(_res + 3, 0, 13);
457
458 err = smp_e(tfm, irk, _res);
459 if (err) {
460 BT_ERR("Encrypt error");
461 return err;
462 }
463
464 /* The output of the random address function ah is:
465 * ah(h, r) = e(k, r') mod 2^24
466 * The output of the security function e is then truncated to 24 bits
467 * by taking the least significant 24 bits of the output of e as the
468 * result of ah.
469 */
470 memcpy(res, _res, 3);
471
472 return 0;
473}
474
475bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
476 const bdaddr_t *bdaddr)
477{
478 struct l2cap_chan *chan = hdev->smp_data;
479 struct crypto_blkcipher *tfm;
480 u8 hash[3];
481 int err;
482
483 if (!chan || !chan->data)
484 return false;
485
486 tfm = chan->data;
487
488 BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk);
489
490 err = smp_ah(tfm, irk, &bdaddr->b[3], hash);
491 if (err)
492 return false;
493
494 return !memcmp(bdaddr->b, hash, 3);
495}
496
497int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
498{
499 struct l2cap_chan *chan = hdev->smp_data;
500 struct crypto_blkcipher *tfm;
501 int err;
502
503 if (!chan || !chan->data)
504 return -EOPNOTSUPP;
505
506 tfm = chan->data;
507
508 get_random_bytes(&rpa->b[3], 3);
509
510 rpa->b[5] &= 0x3f; /* Clear two most significant bits */
511 rpa->b[5] |= 0x40; /* Set second most significant bit */
512
513 err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
514 if (err < 0)
515 return err;
516
517 BT_DBG("RPA %pMR", rpa);
518
519 return 0;
520}
521
251static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data) 522static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
252{ 523{
253 struct l2cap_chan *chan = conn->smp; 524 struct l2cap_chan *chan = conn->smp;
@@ -282,17 +553,22 @@ static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
282 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT); 553 schedule_delayed_work(&smp->security_timer, SMP_TIMEOUT);
283} 554}
284 555
285static __u8 authreq_to_seclevel(__u8 authreq) 556static u8 authreq_to_seclevel(u8 authreq)
286{ 557{
287 if (authreq & SMP_AUTH_MITM) 558 if (authreq & SMP_AUTH_MITM) {
288 return BT_SECURITY_HIGH; 559 if (authreq & SMP_AUTH_SC)
289 else 560 return BT_SECURITY_FIPS;
561 else
562 return BT_SECURITY_HIGH;
563 } else {
290 return BT_SECURITY_MEDIUM; 564 return BT_SECURITY_MEDIUM;
565 }
291} 566}
292 567
293static __u8 seclevel_to_authreq(__u8 sec_level) 568static __u8 seclevel_to_authreq(__u8 sec_level)
294{ 569{
295 switch (sec_level) { 570 switch (sec_level) {
571 case BT_SECURITY_FIPS:
296 case BT_SECURITY_HIGH: 572 case BT_SECURITY_HIGH:
297 return SMP_AUTH_MITM | SMP_AUTH_BONDING; 573 return SMP_AUTH_MITM | SMP_AUTH_BONDING;
298 case BT_SECURITY_MEDIUM: 574 case BT_SECURITY_MEDIUM:
@@ -310,7 +586,7 @@ static void build_pairing_cmd(struct l2cap_conn *conn,
310 struct smp_chan *smp = chan->data; 586 struct smp_chan *smp = chan->data;
311 struct hci_conn *hcon = conn->hcon; 587 struct hci_conn *hcon = conn->hcon;
312 struct hci_dev *hdev = hcon->hdev; 588 struct hci_dev *hdev = hcon->hdev;
313 u8 local_dist = 0, remote_dist = 0; 589 u8 local_dist = 0, remote_dist = 0, oob_flag = SMP_OOB_NOT_PRESENT;
314 590
315 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) { 591 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
316 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN; 592 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
@@ -326,24 +602,52 @@ static void build_pairing_cmd(struct l2cap_conn *conn,
326 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) 602 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
327 local_dist |= SMP_DIST_ID_KEY; 603 local_dist |= SMP_DIST_ID_KEY;
328 604
605 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
606 (authreq & SMP_AUTH_SC)) {
607 struct oob_data *oob_data;
608 u8 bdaddr_type;
609
610 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
611 local_dist |= SMP_DIST_LINK_KEY;
612 remote_dist |= SMP_DIST_LINK_KEY;
613 }
614
615 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
616 bdaddr_type = BDADDR_LE_PUBLIC;
617 else
618 bdaddr_type = BDADDR_LE_RANDOM;
619
620 oob_data = hci_find_remote_oob_data(hdev, &hcon->dst,
621 bdaddr_type);
622 if (oob_data) {
623 set_bit(SMP_FLAG_OOB, &smp->flags);
624 oob_flag = SMP_OOB_PRESENT;
625 memcpy(smp->rr, oob_data->rand256, 16);
626 memcpy(smp->pcnf, oob_data->hash256, 16);
627 }
628
629 } else {
630 authreq &= ~SMP_AUTH_SC;
631 }
632
329 if (rsp == NULL) { 633 if (rsp == NULL) {
330 req->io_capability = conn->hcon->io_capability; 634 req->io_capability = conn->hcon->io_capability;
331 req->oob_flag = SMP_OOB_NOT_PRESENT; 635 req->oob_flag = oob_flag;
332 req->max_key_size = SMP_MAX_ENC_KEY_SIZE; 636 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
333 req->init_key_dist = local_dist; 637 req->init_key_dist = local_dist;
334 req->resp_key_dist = remote_dist; 638 req->resp_key_dist = remote_dist;
335 req->auth_req = (authreq & AUTH_REQ_MASK); 639 req->auth_req = (authreq & AUTH_REQ_MASK(hdev));
336 640
337 smp->remote_key_dist = remote_dist; 641 smp->remote_key_dist = remote_dist;
338 return; 642 return;
339 } 643 }
340 644
341 rsp->io_capability = conn->hcon->io_capability; 645 rsp->io_capability = conn->hcon->io_capability;
342 rsp->oob_flag = SMP_OOB_NOT_PRESENT; 646 rsp->oob_flag = oob_flag;
343 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE; 647 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
344 rsp->init_key_dist = req->init_key_dist & remote_dist; 648 rsp->init_key_dist = req->init_key_dist & remote_dist;
345 rsp->resp_key_dist = req->resp_key_dist & local_dist; 649 rsp->resp_key_dist = req->resp_key_dist & local_dist;
346 rsp->auth_req = (authreq & AUTH_REQ_MASK); 650 rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
347 651
348 smp->remote_key_dist = rsp->init_key_dist; 652 smp->remote_key_dist = rsp->init_key_dist;
349} 653}
@@ -366,6 +670,7 @@ static void smp_chan_destroy(struct l2cap_conn *conn)
366{ 670{
367 struct l2cap_chan *chan = conn->smp; 671 struct l2cap_chan *chan = conn->smp;
368 struct smp_chan *smp = chan->data; 672 struct smp_chan *smp = chan->data;
673 struct hci_conn *hcon = conn->hcon;
369 bool complete; 674 bool complete;
370 675
371 BUG_ON(!smp); 676 BUG_ON(!smp);
@@ -373,12 +678,24 @@ static void smp_chan_destroy(struct l2cap_conn *conn)
373 cancel_delayed_work_sync(&smp->security_timer); 678 cancel_delayed_work_sync(&smp->security_timer);
374 679
375 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags); 680 complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
376 mgmt_smp_complete(conn->hcon, complete); 681 mgmt_smp_complete(hcon, complete);
377 682
378 kfree(smp->csrk); 683 kfree(smp->csrk);
379 kfree(smp->slave_csrk); 684 kfree(smp->slave_csrk);
685 kfree(smp->link_key);
380 686
381 crypto_free_blkcipher(smp->tfm_aes); 687 crypto_free_blkcipher(smp->tfm_aes);
688 crypto_free_hash(smp->tfm_cmac);
689
690 /* Ensure that we don't leave any debug key around if debug key
691 * support hasn't been explicitly enabled.
692 */
693 if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG &&
694 !test_bit(HCI_KEEP_DEBUG_KEYS, &hcon->hdev->dev_flags)) {
695 list_del_rcu(&smp->ltk->list);
696 kfree_rcu(smp->ltk, rcu);
697 smp->ltk = NULL;
698 }
382 699
383 /* If pairing failed clean up any keys we might have */ 700 /* If pairing failed clean up any keys we might have */
384 if (!complete) { 701 if (!complete) {
@@ -400,7 +717,7 @@ static void smp_chan_destroy(struct l2cap_conn *conn)
400 717
401 chan->data = NULL; 718 chan->data = NULL;
402 kfree(smp); 719 kfree(smp);
403 hci_conn_drop(conn->hcon); 720 hci_conn_drop(hcon);
404} 721}
405 722
406static void smp_failure(struct l2cap_conn *conn, u8 reason) 723static void smp_failure(struct l2cap_conn *conn, u8 reason)
@@ -424,6 +741,7 @@ static void smp_failure(struct l2cap_conn *conn, u8 reason)
424#define REQ_PASSKEY 0x02 741#define REQ_PASSKEY 0x02
425#define CFM_PASSKEY 0x03 742#define CFM_PASSKEY 0x03
426#define REQ_OOB 0x04 743#define REQ_OOB 0x04
744#define DSP_PASSKEY 0x05
427#define OVERLAP 0xFF 745#define OVERLAP 0xFF
428 746
429static const u8 gen_method[5][5] = { 747static const u8 gen_method[5][5] = {
@@ -434,6 +752,14 @@ static const u8 gen_method[5][5] = {
434 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP }, 752 { CFM_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, OVERLAP },
435}; 753};
436 754
755static const u8 sc_method[5][5] = {
756 { JUST_WORKS, JUST_CFM, REQ_PASSKEY, JUST_WORKS, REQ_PASSKEY },
757 { JUST_WORKS, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
758 { DSP_PASSKEY, DSP_PASSKEY, REQ_PASSKEY, JUST_WORKS, DSP_PASSKEY },
759 { JUST_WORKS, JUST_CFM, JUST_WORKS, JUST_WORKS, JUST_CFM },
760 { DSP_PASSKEY, CFM_PASSKEY, REQ_PASSKEY, JUST_WORKS, CFM_PASSKEY },
761};
762
437static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io) 763static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
438{ 764{
439 /* If either side has unknown io_caps, use JUST_CFM (which gets 765 /* If either side has unknown io_caps, use JUST_CFM (which gets
@@ -443,6 +769,9 @@ static u8 get_auth_method(struct smp_chan *smp, u8 local_io, u8 remote_io)
443 remote_io > SMP_IO_KEYBOARD_DISPLAY) 769 remote_io > SMP_IO_KEYBOARD_DISPLAY)
444 return JUST_CFM; 770 return JUST_CFM;
445 771
772 if (test_bit(SMP_FLAG_SC, &smp->flags))
773 return sc_method[remote_io][local_io];
774
446 return gen_method[remote_io][local_io]; 775 return gen_method[remote_io][local_io];
447} 776}
448 777
@@ -452,7 +781,6 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
452 struct hci_conn *hcon = conn->hcon; 781 struct hci_conn *hcon = conn->hcon;
453 struct l2cap_chan *chan = conn->smp; 782 struct l2cap_chan *chan = conn->smp;
454 struct smp_chan *smp = chan->data; 783 struct smp_chan *smp = chan->data;
455 u8 method;
456 u32 passkey = 0; 784 u32 passkey = 0;
457 int ret = 0; 785 int ret = 0;
458 786
@@ -469,26 +797,28 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
469 * table. 797 * table.
470 */ 798 */
471 if (!(auth & SMP_AUTH_MITM)) 799 if (!(auth & SMP_AUTH_MITM))
472 method = JUST_CFM; 800 smp->method = JUST_CFM;
473 else 801 else
474 method = get_auth_method(smp, local_io, remote_io); 802 smp->method = get_auth_method(smp, local_io, remote_io);
475 803
476 /* Don't confirm locally initiated pairing attempts */ 804 /* Don't confirm locally initiated pairing attempts */
477 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags)) 805 if (smp->method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
478 method = JUST_WORKS; 806 &smp->flags))
807 smp->method = JUST_WORKS;
479 808
480 /* Don't bother user space with no IO capabilities */ 809 /* Don't bother user space with no IO capabilities */
481 if (method == JUST_CFM && hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT) 810 if (smp->method == JUST_CFM &&
482 method = JUST_WORKS; 811 hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
812 smp->method = JUST_WORKS;
483 813
484 /* If Just Works, Continue with Zero TK */ 814 /* If Just Works, Continue with Zero TK */
485 if (method == JUST_WORKS) { 815 if (smp->method == JUST_WORKS) {
486 set_bit(SMP_FLAG_TK_VALID, &smp->flags); 816 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
487 return 0; 817 return 0;
488 } 818 }
489 819
490 /* Not Just Works/Confirm results in MITM Authentication */ 820 /* Not Just Works/Confirm results in MITM Authentication */
491 if (method != JUST_CFM) { 821 if (smp->method != JUST_CFM) {
492 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags); 822 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
493 if (hcon->pending_sec_level < BT_SECURITY_HIGH) 823 if (hcon->pending_sec_level < BT_SECURITY_HIGH)
494 hcon->pending_sec_level = BT_SECURITY_HIGH; 824 hcon->pending_sec_level = BT_SECURITY_HIGH;
@@ -497,15 +827,15 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
497 /* If both devices have Keyoard-Display I/O, the master 827 /* If both devices have Keyoard-Display I/O, the master
498 * Confirms and the slave Enters the passkey. 828 * Confirms and the slave Enters the passkey.
499 */ 829 */
500 if (method == OVERLAP) { 830 if (smp->method == OVERLAP) {
501 if (hcon->role == HCI_ROLE_MASTER) 831 if (hcon->role == HCI_ROLE_MASTER)
502 method = CFM_PASSKEY; 832 smp->method = CFM_PASSKEY;
503 else 833 else
504 method = REQ_PASSKEY; 834 smp->method = REQ_PASSKEY;
505 } 835 }
506 836
507 /* Generate random passkey. */ 837 /* Generate random passkey. */
508 if (method == CFM_PASSKEY) { 838 if (smp->method == CFM_PASSKEY) {
509 memset(smp->tk, 0, sizeof(smp->tk)); 839 memset(smp->tk, 0, sizeof(smp->tk));
510 get_random_bytes(&passkey, sizeof(passkey)); 840 get_random_bytes(&passkey, sizeof(passkey));
511 passkey %= 1000000; 841 passkey %= 1000000;
@@ -514,10 +844,10 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
514 set_bit(SMP_FLAG_TK_VALID, &smp->flags); 844 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
515 } 845 }
516 846
517 if (method == REQ_PASSKEY) 847 if (smp->method == REQ_PASSKEY)
518 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst, 848 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
519 hcon->type, hcon->dst_type); 849 hcon->type, hcon->dst_type);
520 else if (method == JUST_CFM) 850 else if (smp->method == JUST_CFM)
521 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, 851 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
522 hcon->type, hcon->dst_type, 852 hcon->type, hcon->dst_type,
523 passkey, 1); 853 passkey, 1);
@@ -638,11 +968,13 @@ static void smp_notify_keys(struct l2cap_conn *conn)
638 mgmt_new_irk(hdev, smp->remote_irk); 968 mgmt_new_irk(hdev, smp->remote_irk);
639 /* Now that user space can be considered to know the 969 /* Now that user space can be considered to know the
640 * identity address track the connection based on it 970 * identity address track the connection based on it
641 * from now on. 971 * from now on (assuming this is an LE link).
642 */ 972 */
643 bacpy(&hcon->dst, &smp->remote_irk->bdaddr); 973 if (hcon->type == LE_LINK) {
644 hcon->dst_type = smp->remote_irk->addr_type; 974 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
645 queue_work(hdev->workqueue, &conn->id_addr_update_work); 975 hcon->dst_type = smp->remote_irk->addr_type;
976 queue_work(hdev->workqueue, &conn->id_addr_update_work);
977 }
646 978
647 /* When receiving an indentity resolving key for 979 /* When receiving an indentity resolving key for
648 * a remote device that does not use a resolvable 980 * a remote device that does not use a resolvable
@@ -661,10 +993,20 @@ static void smp_notify_keys(struct l2cap_conn *conn)
661 } 993 }
662 } 994 }
663 995
664 /* The LTKs and CSRKs should be persistent only if both sides 996 if (hcon->type == ACL_LINK) {
665 * had the bonding bit set in their authentication requests. 997 if (hcon->key_type == HCI_LK_DEBUG_COMBINATION)
666 */ 998 persistent = false;
667 persistent = !!((req->auth_req & rsp->auth_req) & SMP_AUTH_BONDING); 999 else
1000 persistent = !test_bit(HCI_CONN_FLUSH_KEY,
1001 &hcon->flags);
1002 } else {
1003 /* The LTKs and CSRKs should be persistent only if both sides
1004 * had the bonding bit set in their authentication requests.
1005 */
1006 persistent = !!((req->auth_req & rsp->auth_req) &
1007 SMP_AUTH_BONDING);
1008 }
1009
668 1010
669 if (smp->csrk) { 1011 if (smp->csrk) {
670 smp->csrk->bdaddr_type = hcon->dst_type; 1012 smp->csrk->bdaddr_type = hcon->dst_type;
@@ -689,6 +1031,81 @@ static void smp_notify_keys(struct l2cap_conn *conn)
689 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst); 1031 bacpy(&smp->slave_ltk->bdaddr, &hcon->dst);
690 mgmt_new_ltk(hdev, smp->slave_ltk, persistent); 1032 mgmt_new_ltk(hdev, smp->slave_ltk, persistent);
691 } 1033 }
1034
1035 if (smp->link_key) {
1036 struct link_key *key;
1037 u8 type;
1038
1039 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1040 type = HCI_LK_DEBUG_COMBINATION;
1041 else if (hcon->sec_level == BT_SECURITY_FIPS)
1042 type = HCI_LK_AUTH_COMBINATION_P256;
1043 else
1044 type = HCI_LK_UNAUTH_COMBINATION_P256;
1045
1046 key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst,
1047 smp->link_key, type, 0, &persistent);
1048 if (key) {
1049 mgmt_new_link_key(hdev, key, persistent);
1050
1051 /* Don't keep debug keys around if the relevant
1052 * flag is not set.
1053 */
1054 if (!test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags) &&
1055 key->type == HCI_LK_DEBUG_COMBINATION) {
1056 list_del_rcu(&key->list);
1057 kfree_rcu(key, rcu);
1058 }
1059 }
1060 }
1061}
1062
1063static void sc_add_ltk(struct smp_chan *smp)
1064{
1065 struct hci_conn *hcon = smp->conn->hcon;
1066 u8 key_type, auth;
1067
1068 if (test_bit(SMP_FLAG_DEBUG_KEY, &smp->flags))
1069 key_type = SMP_LTK_P256_DEBUG;
1070 else
1071 key_type = SMP_LTK_P256;
1072
1073 if (hcon->pending_sec_level == BT_SECURITY_FIPS)
1074 auth = 1;
1075 else
1076 auth = 0;
1077
1078 memset(smp->tk + smp->enc_key_size, 0,
1079 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
1080
1081 smp->ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1082 key_type, auth, smp->tk, smp->enc_key_size,
1083 0, 0);
1084}
1085
1086static void sc_generate_link_key(struct smp_chan *smp)
1087{
1088 /* These constants are as specified in the core specification.
1089 * In ASCII they spell out to 'tmp1' and 'lebr'.
1090 */
1091 const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1092 const u8 lebr[4] = { 0x72, 0x62, 0x65, 0x6c };
1093
1094 smp->link_key = kzalloc(16, GFP_KERNEL);
1095 if (!smp->link_key)
1096 return;
1097
1098 if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
1099 kfree(smp->link_key);
1100 smp->link_key = NULL;
1101 return;
1102 }
1103
1104 if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
1105 kfree(smp->link_key);
1106 smp->link_key = NULL;
1107 return;
1108 }
692} 1109}
693 1110
694static void smp_allow_key_dist(struct smp_chan *smp) 1111static void smp_allow_key_dist(struct smp_chan *smp)
@@ -705,6 +1122,35 @@ static void smp_allow_key_dist(struct smp_chan *smp)
705 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO); 1122 SMP_ALLOW_CMD(smp, SMP_CMD_SIGN_INFO);
706} 1123}
707 1124
1125static void sc_generate_ltk(struct smp_chan *smp)
1126{
1127 /* These constants are as specified in the core specification.
1128 * In ASCII they spell out to 'tmp2' and 'brle'.
1129 */
1130 const u8 tmp2[4] = { 0x32, 0x70, 0x6d, 0x74 };
1131 const u8 brle[4] = { 0x65, 0x6c, 0x72, 0x62 };
1132 struct hci_conn *hcon = smp->conn->hcon;
1133 struct hci_dev *hdev = hcon->hdev;
1134 struct link_key *key;
1135
1136 key = hci_find_link_key(hdev, &hcon->dst);
1137 if (!key) {
1138 BT_ERR("%s No Link Key found to generate LTK", hdev->name);
1139 return;
1140 }
1141
1142 if (key->type == HCI_LK_DEBUG_COMBINATION)
1143 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1144
1145 if (smp_h6(smp->tfm_cmac, key->val, tmp2, smp->tk))
1146 return;
1147
1148 if (smp_h6(smp->tfm_cmac, smp->tk, brle, smp->tk))
1149 return;
1150
1151 sc_add_ltk(smp);
1152}
1153
708static void smp_distribute_keys(struct smp_chan *smp) 1154static void smp_distribute_keys(struct smp_chan *smp)
709{ 1155{
710 struct smp_cmd_pairing *req, *rsp; 1156 struct smp_cmd_pairing *req, *rsp;
@@ -733,6 +1179,16 @@ static void smp_distribute_keys(struct smp_chan *smp)
733 *keydist &= req->resp_key_dist; 1179 *keydist &= req->resp_key_dist;
734 } 1180 }
735 1181
1182 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1183 if (hcon->type == LE_LINK && (*keydist & SMP_DIST_LINK_KEY))
1184 sc_generate_link_key(smp);
1185 if (hcon->type == ACL_LINK && (*keydist & SMP_DIST_ENC_KEY))
1186 sc_generate_ltk(smp);
1187
1188 /* Clear the keys which are generated but not distributed */
1189 *keydist &= ~SMP_SC_NO_DIST;
1190 }
1191
736 BT_DBG("keydist 0x%x", *keydist); 1192 BT_DBG("keydist 0x%x", *keydist);
737 1193
738 if (*keydist & SMP_DIST_ENC_KEY) { 1194 if (*keydist & SMP_DIST_ENC_KEY) {
@@ -844,6 +1300,14 @@ static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
844 return NULL; 1300 return NULL;
845 } 1301 }
846 1302
1303 smp->tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
1304 if (IS_ERR(smp->tfm_cmac)) {
1305 BT_ERR("Unable to create CMAC crypto context");
1306 crypto_free_blkcipher(smp->tfm_aes);
1307 kfree(smp);
1308 return NULL;
1309 }
1310
847 smp->conn = conn; 1311 smp->conn = conn;
848 chan->data = smp; 1312 chan->data = smp;
849 1313
@@ -856,6 +1320,213 @@ static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
856 return smp; 1320 return smp;
857} 1321}
858 1322
1323static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
1324{
1325 struct hci_conn *hcon = smp->conn->hcon;
1326 u8 *na, *nb, a[7], b[7];
1327
1328 if (hcon->out) {
1329 na = smp->prnd;
1330 nb = smp->rrnd;
1331 } else {
1332 na = smp->rrnd;
1333 nb = smp->prnd;
1334 }
1335
1336 memcpy(a, &hcon->init_addr, 6);
1337 memcpy(b, &hcon->resp_addr, 6);
1338 a[6] = hcon->init_addr_type;
1339 b[6] = hcon->resp_addr_type;
1340
1341 return smp_f5(smp->tfm_cmac, smp->dhkey, na, nb, a, b, mackey, ltk);
1342}
1343
1344static void sc_dhkey_check(struct smp_chan *smp)
1345{
1346 struct hci_conn *hcon = smp->conn->hcon;
1347 struct smp_cmd_dhkey_check check;
1348 u8 a[7], b[7], *local_addr, *remote_addr;
1349 u8 io_cap[3], r[16];
1350
1351 memcpy(a, &hcon->init_addr, 6);
1352 memcpy(b, &hcon->resp_addr, 6);
1353 a[6] = hcon->init_addr_type;
1354 b[6] = hcon->resp_addr_type;
1355
1356 if (hcon->out) {
1357 local_addr = a;
1358 remote_addr = b;
1359 memcpy(io_cap, &smp->preq[1], 3);
1360 } else {
1361 local_addr = b;
1362 remote_addr = a;
1363 memcpy(io_cap, &smp->prsp[1], 3);
1364 }
1365
1366 memset(r, 0, sizeof(r));
1367
1368 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1369 put_unaligned_le32(hcon->passkey_notify, r);
1370
1371 if (smp->method == REQ_OOB)
1372 memcpy(r, smp->rr, 16);
1373
1374 smp_f6(smp->tfm_cmac, smp->mackey, smp->prnd, smp->rrnd, r, io_cap,
1375 local_addr, remote_addr, check.e);
1376
1377 smp_send_cmd(smp->conn, SMP_CMD_DHKEY_CHECK, sizeof(check), &check);
1378}
1379
1380static u8 sc_passkey_send_confirm(struct smp_chan *smp)
1381{
1382 struct l2cap_conn *conn = smp->conn;
1383 struct hci_conn *hcon = conn->hcon;
1384 struct smp_cmd_pairing_confirm cfm;
1385 u8 r;
1386
1387 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1388 r |= 0x80;
1389
1390 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1391
1392 if (smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd, r,
1393 cfm.confirm_val))
1394 return SMP_UNSPECIFIED;
1395
1396 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
1397
1398 return 0;
1399}
1400
1401static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
1402{
1403 struct l2cap_conn *conn = smp->conn;
1404 struct hci_conn *hcon = conn->hcon;
1405 struct hci_dev *hdev = hcon->hdev;
1406 u8 cfm[16], r;
1407
1408 /* Ignore the PDU if we've already done 20 rounds (0 - 19) */
1409 if (smp->passkey_round >= 20)
1410 return 0;
1411
1412 switch (smp_op) {
1413 case SMP_CMD_PAIRING_RANDOM:
1414 r = ((hcon->passkey_notify >> smp->passkey_round) & 0x01);
1415 r |= 0x80;
1416
1417 if (smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1418 smp->rrnd, r, cfm))
1419 return SMP_UNSPECIFIED;
1420
1421 if (memcmp(smp->pcnf, cfm, 16))
1422 return SMP_CONFIRM_FAILED;
1423
1424 smp->passkey_round++;
1425
1426 if (smp->passkey_round == 20) {
1427 /* Generate MacKey and LTK */
1428 if (sc_mackey_and_ltk(smp, smp->mackey, smp->tk))
1429 return SMP_UNSPECIFIED;
1430 }
1431
1432 /* The round is only complete when the initiator
1433 * receives pairing random.
1434 */
1435 if (!hcon->out) {
1436 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1437 sizeof(smp->prnd), smp->prnd);
1438 if (smp->passkey_round == 20)
1439 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1440 else
1441 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1442 return 0;
1443 }
1444
1445 /* Start the next round */
1446 if (smp->passkey_round != 20)
1447 return sc_passkey_round(smp, 0);
1448
1449 /* Passkey rounds are complete - start DHKey Check */
1450 sc_dhkey_check(smp);
1451 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1452
1453 break;
1454
1455 case SMP_CMD_PAIRING_CONFIRM:
1456 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
1457 set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
1458 return 0;
1459 }
1460
1461 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1462
1463 if (hcon->out) {
1464 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1465 sizeof(smp->prnd), smp->prnd);
1466 return 0;
1467 }
1468
1469 return sc_passkey_send_confirm(smp);
1470
1471 case SMP_CMD_PUBLIC_KEY:
1472 default:
1473 /* Initiating device starts the round */
1474 if (!hcon->out)
1475 return 0;
1476
1477 BT_DBG("%s Starting passkey round %u", hdev->name,
1478 smp->passkey_round + 1);
1479
1480 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1481
1482 return sc_passkey_send_confirm(smp);
1483 }
1484
1485 return 0;
1486}
1487
1488static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
1489{
1490 struct l2cap_conn *conn = smp->conn;
1491 struct hci_conn *hcon = conn->hcon;
1492 u8 smp_op;
1493
1494 clear_bit(SMP_FLAG_WAIT_USER, &smp->flags);
1495
1496 switch (mgmt_op) {
1497 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
1498 smp_failure(smp->conn, SMP_PASSKEY_ENTRY_FAILED);
1499 return 0;
1500 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1501 smp_failure(smp->conn, SMP_NUMERIC_COMP_FAILED);
1502 return 0;
1503 case MGMT_OP_USER_PASSKEY_REPLY:
1504 hcon->passkey_notify = le32_to_cpu(passkey);
1505 smp->passkey_round = 0;
1506
1507 if (test_and_clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags))
1508 smp_op = SMP_CMD_PAIRING_CONFIRM;
1509 else
1510 smp_op = 0;
1511
1512 if (sc_passkey_round(smp, smp_op))
1513 return -EIO;
1514
1515 return 0;
1516 }
1517
1518 /* Initiator sends DHKey check first */
1519 if (hcon->out) {
1520 sc_dhkey_check(smp);
1521 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1522 } else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
1523 sc_dhkey_check(smp);
1524 sc_add_ltk(smp);
1525 }
1526
1527 return 0;
1528}
1529
859int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey) 1530int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
860{ 1531{
861 struct l2cap_conn *conn = hcon->l2cap_data; 1532 struct l2cap_conn *conn = hcon->l2cap_data;
@@ -881,6 +1552,11 @@ int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
881 1552
882 smp = chan->data; 1553 smp = chan->data;
883 1554
1555 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1556 err = sc_user_reply(smp, mgmt_op, passkey);
1557 goto unlock;
1558 }
1559
884 switch (mgmt_op) { 1560 switch (mgmt_op) {
885 case MGMT_OP_USER_PASSKEY_REPLY: 1561 case MGMT_OP_USER_PASSKEY_REPLY:
886 value = le32_to_cpu(passkey); 1562 value = le32_to_cpu(passkey);
@@ -916,6 +1592,46 @@ unlock:
916 return err; 1592 return err;
917} 1593}
918 1594
1595static void build_bredr_pairing_cmd(struct smp_chan *smp,
1596 struct smp_cmd_pairing *req,
1597 struct smp_cmd_pairing *rsp)
1598{
1599 struct l2cap_conn *conn = smp->conn;
1600 struct hci_dev *hdev = conn->hcon->hdev;
1601 u8 local_dist = 0, remote_dist = 0;
1602
1603 if (test_bit(HCI_BONDABLE, &hdev->dev_flags)) {
1604 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1605 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
1606 }
1607
1608 if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
1609 remote_dist |= SMP_DIST_ID_KEY;
1610
1611 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
1612 local_dist |= SMP_DIST_ID_KEY;
1613
1614 if (!rsp) {
1615 memset(req, 0, sizeof(*req));
1616
1617 req->init_key_dist = local_dist;
1618 req->resp_key_dist = remote_dist;
1619 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
1620
1621 smp->remote_key_dist = remote_dist;
1622
1623 return;
1624 }
1625
1626 memset(rsp, 0, sizeof(*rsp));
1627
1628 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
1629 rsp->init_key_dist = req->init_key_dist & remote_dist;
1630 rsp->resp_key_dist = req->resp_key_dist & local_dist;
1631
1632 smp->remote_key_dist = rsp->init_key_dist;
1633}
1634
919static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb) 1635static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
920{ 1636{
921 struct smp_cmd_pairing rsp, *req = (void *) skb->data; 1637 struct smp_cmd_pairing rsp, *req = (void *) skb->data;
@@ -942,16 +1658,49 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
942 return SMP_UNSPECIFIED; 1658 return SMP_UNSPECIFIED;
943 1659
944 /* We didn't start the pairing, so match remote */ 1660 /* We didn't start the pairing, so match remote */
945 auth = req->auth_req & AUTH_REQ_MASK; 1661 auth = req->auth_req & AUTH_REQ_MASK(hdev);
946 1662
947 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) && 1663 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
948 (auth & SMP_AUTH_BONDING)) 1664 (auth & SMP_AUTH_BONDING))
949 return SMP_PAIRING_NOTSUPP; 1665 return SMP_PAIRING_NOTSUPP;
950 1666
1667 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
1668 return SMP_AUTH_REQUIREMENTS;
1669
951 smp->preq[0] = SMP_CMD_PAIRING_REQ; 1670 smp->preq[0] = SMP_CMD_PAIRING_REQ;
952 memcpy(&smp->preq[1], req, sizeof(*req)); 1671 memcpy(&smp->preq[1], req, sizeof(*req));
953 skb_pull(skb, sizeof(*req)); 1672 skb_pull(skb, sizeof(*req));
954 1673
1674 /* SMP over BR/EDR requires special treatment */
1675 if (conn->hcon->type == ACL_LINK) {
1676 /* We must have a BR/EDR SC link */
1677 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags))
1678 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1679
1680 set_bit(SMP_FLAG_SC, &smp->flags);
1681
1682 build_bredr_pairing_cmd(smp, req, &rsp);
1683
1684 key_size = min(req->max_key_size, rsp.max_key_size);
1685 if (check_enc_key_size(conn, key_size))
1686 return SMP_ENC_KEY_SIZE;
1687
1688 /* Clear bits which are generated but not distributed */
1689 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1690
1691 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1692 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
1693 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
1694
1695 smp_distribute_keys(smp);
1696 return 0;
1697 }
1698
1699 build_pairing_cmd(conn, req, &rsp, auth);
1700
1701 if (rsp.auth_req & SMP_AUTH_SC)
1702 set_bit(SMP_FLAG_SC, &smp->flags);
1703
955 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT) 1704 if (conn->hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
956 sec_level = BT_SECURITY_MEDIUM; 1705 sec_level = BT_SECURITY_MEDIUM;
957 else 1706 else
@@ -970,8 +1719,6 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
970 return SMP_AUTH_REQUIREMENTS; 1719 return SMP_AUTH_REQUIREMENTS;
971 } 1720 }
972 1721
973 build_pairing_cmd(conn, req, &rsp, auth);
974
975 key_size = min(req->max_key_size, rsp.max_key_size); 1722 key_size = min(req->max_key_size, rsp.max_key_size);
976 if (check_enc_key_size(conn, key_size)) 1723 if (check_enc_key_size(conn, key_size))
977 return SMP_ENC_KEY_SIZE; 1724 return SMP_ENC_KEY_SIZE;
@@ -982,7 +1729,18 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
982 memcpy(&smp->prsp[1], &rsp, sizeof(rsp)); 1729 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
983 1730
984 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp); 1731 smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp);
985 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM); 1732
1733 clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
1734
1735 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1736 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1737 /* Clear bits which are generated but not distributed */
1738 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1739 /* Wait for Public Key from Initiating Device */
1740 return 0;
1741 } else {
1742 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
1743 }
986 1744
987 /* Request setup of TK */ 1745 /* Request setup of TK */
988 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability); 1746 ret = tk_request(conn, 0, auth, rsp.io_capability, req->io_capability);
@@ -992,11 +1750,46 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
992 return 0; 1750 return 0;
993} 1751}
994 1752
1753static u8 sc_send_public_key(struct smp_chan *smp)
1754{
1755 struct hci_dev *hdev = smp->conn->hcon->hdev;
1756
1757 BT_DBG("");
1758
1759 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags)) {
1760 BT_DBG("Using debug keys");
1761 memcpy(smp->local_pk, debug_pk, 64);
1762 memcpy(smp->local_sk, debug_sk, 32);
1763 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
1764 } else {
1765 while (true) {
1766 /* Generate local key pair for Secure Connections */
1767 if (!ecc_make_key(smp->local_pk, smp->local_sk))
1768 return SMP_UNSPECIFIED;
1769
1770 /* This is unlikely, but we need to check that
1771 * we didn't accidentially generate a debug key.
1772 */
1773 if (memcmp(smp->local_sk, debug_sk, 32))
1774 break;
1775 }
1776 }
1777
1778 SMP_DBG("Local Public Key X: %32phN", smp->local_pk);
1779 SMP_DBG("Local Public Key Y: %32phN", &smp->local_pk[32]);
1780 SMP_DBG("Local Private Key: %32phN", smp->local_sk);
1781
1782 smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk);
1783
1784 return 0;
1785}
1786
995static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb) 1787static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
996{ 1788{
997 struct smp_cmd_pairing *req, *rsp = (void *) skb->data; 1789 struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
998 struct l2cap_chan *chan = conn->smp; 1790 struct l2cap_chan *chan = conn->smp;
999 struct smp_chan *smp = chan->data; 1791 struct smp_chan *smp = chan->data;
1792 struct hci_dev *hdev = conn->hcon->hdev;
1000 u8 key_size, auth; 1793 u8 key_size, auth;
1001 int ret; 1794 int ret;
1002 1795
@@ -1016,7 +1809,31 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
1016 if (check_enc_key_size(conn, key_size)) 1809 if (check_enc_key_size(conn, key_size))
1017 return SMP_ENC_KEY_SIZE; 1810 return SMP_ENC_KEY_SIZE;
1018 1811
1019 auth = rsp->auth_req & AUTH_REQ_MASK; 1812 auth = rsp->auth_req & AUTH_REQ_MASK(hdev);
1813
1814 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
1815 return SMP_AUTH_REQUIREMENTS;
1816
1817 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1818 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1819
1820 /* Update remote key distribution in case the remote cleared
1821 * some bits that we had enabled in our request.
1822 */
1823 smp->remote_key_dist &= rsp->resp_key_dist;
1824
1825 /* For BR/EDR this means we're done and can start phase 3 */
1826 if (conn->hcon->type == ACL_LINK) {
1827 /* Clear bits which are generated but not distributed */
1828 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1829 smp_distribute_keys(smp);
1830 return 0;
1831 }
1832
1833 if ((req->auth_req & SMP_AUTH_SC) && (auth & SMP_AUTH_SC))
1834 set_bit(SMP_FLAG_SC, &smp->flags);
1835 else if (conn->hcon->pending_sec_level > BT_SECURITY_HIGH)
1836 conn->hcon->pending_sec_level = BT_SECURITY_HIGH;
1020 1837
1021 /* If we need MITM check that it can be achieved */ 1838 /* If we need MITM check that it can be achieved */
1022 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) { 1839 if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
@@ -1030,14 +1847,18 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
1030 1847
1031 get_random_bytes(smp->prnd, sizeof(smp->prnd)); 1848 get_random_bytes(smp->prnd, sizeof(smp->prnd));
1032 1849
1033 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
1034 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
1035
1036 /* Update remote key distribution in case the remote cleared 1850 /* Update remote key distribution in case the remote cleared
1037 * some bits that we had enabled in our request. 1851 * some bits that we had enabled in our request.
1038 */ 1852 */
1039 smp->remote_key_dist &= rsp->resp_key_dist; 1853 smp->remote_key_dist &= rsp->resp_key_dist;
1040 1854
1855 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
1856 /* Clear bits which are generated but not distributed */
1857 smp->remote_key_dist &= ~SMP_SC_NO_DIST;
1858 SMP_ALLOW_CMD(smp, SMP_CMD_PUBLIC_KEY);
1859 return sc_send_public_key(smp);
1860 }
1861
1041 auth |= req->auth_req; 1862 auth |= req->auth_req;
1042 1863
1043 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability); 1864 ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
@@ -1053,6 +1874,28 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
1053 return 0; 1874 return 0;
1054} 1875}
1055 1876
1877static u8 sc_check_confirm(struct smp_chan *smp)
1878{
1879 struct l2cap_conn *conn = smp->conn;
1880
1881 BT_DBG("");
1882
1883 /* Public Key exchange must happen before any other steps */
1884 if (!test_bit(SMP_FLAG_REMOTE_PK, &smp->flags))
1885 return SMP_UNSPECIFIED;
1886
1887 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1888 return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
1889
1890 if (conn->hcon->out) {
1891 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1892 smp->prnd);
1893 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
1894 }
1895
1896 return 0;
1897}
1898
1056static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb) 1899static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
1057{ 1900{
1058 struct l2cap_chan *chan = conn->smp; 1901 struct l2cap_chan *chan = conn->smp;
@@ -1066,6 +1909,9 @@ static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
1066 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf)); 1909 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
1067 skb_pull(skb, sizeof(smp->pcnf)); 1910 skb_pull(skb, sizeof(smp->pcnf));
1068 1911
1912 if (test_bit(SMP_FLAG_SC, &smp->flags))
1913 return sc_check_confirm(smp);
1914
1069 if (conn->hcon->out) { 1915 if (conn->hcon->out) {
1070 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), 1916 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1071 smp->prnd); 1917 smp->prnd);
@@ -1085,6 +1931,10 @@ static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
1085{ 1931{
1086 struct l2cap_chan *chan = conn->smp; 1932 struct l2cap_chan *chan = conn->smp;
1087 struct smp_chan *smp = chan->data; 1933 struct smp_chan *smp = chan->data;
1934 struct hci_conn *hcon = conn->hcon;
1935 u8 *pkax, *pkbx, *na, *nb;
1936 u32 passkey;
1937 int err;
1088 1938
1089 BT_DBG("conn %p", conn); 1939 BT_DBG("conn %p", conn);
1090 1940
@@ -1094,7 +1944,75 @@ static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
1094 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd)); 1944 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
1095 skb_pull(skb, sizeof(smp->rrnd)); 1945 skb_pull(skb, sizeof(smp->rrnd));
1096 1946
1097 return smp_random(smp); 1947 if (!test_bit(SMP_FLAG_SC, &smp->flags))
1948 return smp_random(smp);
1949
1950 if (hcon->out) {
1951 pkax = smp->local_pk;
1952 pkbx = smp->remote_pk;
1953 na = smp->prnd;
1954 nb = smp->rrnd;
1955 } else {
1956 pkax = smp->remote_pk;
1957 pkbx = smp->local_pk;
1958 na = smp->rrnd;
1959 nb = smp->prnd;
1960 }
1961
1962 if (smp->method == REQ_OOB) {
1963 if (!hcon->out)
1964 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
1965 sizeof(smp->prnd), smp->prnd);
1966 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1967 goto mackey_and_ltk;
1968 }
1969
1970 /* Passkey entry has special treatment */
1971 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
1972 return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
1973
1974 if (hcon->out) {
1975 u8 cfm[16];
1976
1977 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
1978 smp->rrnd, 0, cfm);
1979 if (err)
1980 return SMP_UNSPECIFIED;
1981
1982 if (memcmp(smp->pcnf, cfm, 16))
1983 return SMP_CONFIRM_FAILED;
1984 } else {
1985 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
1986 smp->prnd);
1987 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
1988 }
1989
1990mackey_and_ltk:
1991 /* Generate MacKey and LTK */
1992 err = sc_mackey_and_ltk(smp, smp->mackey, smp->tk);
1993 if (err)
1994 return SMP_UNSPECIFIED;
1995
1996 if (smp->method == JUST_WORKS || smp->method == REQ_OOB) {
1997 if (hcon->out) {
1998 sc_dhkey_check(smp);
1999 SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2000 }
2001 return 0;
2002 }
2003
2004 err = smp_g2(smp->tfm_cmac, pkax, pkbx, na, nb, &passkey);
2005 if (err)
2006 return SMP_UNSPECIFIED;
2007
2008 err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2009 hcon->dst_type, passkey, 0);
2010 if (err)
2011 return SMP_UNSPECIFIED;
2012
2013 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2014
2015 return 0;
1098} 2016}
1099 2017
1100static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level) 2018static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
@@ -1102,8 +2020,7 @@ static bool smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
1102 struct smp_ltk *key; 2020 struct smp_ltk *key;
1103 struct hci_conn *hcon = conn->hcon; 2021 struct hci_conn *hcon = conn->hcon;
1104 2022
1105 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type, 2023 key = hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role);
1106 hcon->role);
1107 if (!key) 2024 if (!key)
1108 return false; 2025 return false;
1109 2026
@@ -1136,8 +2053,7 @@ bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
1136 */ 2053 */
1137 if (key_pref == SMP_USE_LTK && 2054 if (key_pref == SMP_USE_LTK &&
1138 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) && 2055 test_bit(HCI_CONN_STK_ENCRYPT, &hcon->flags) &&
1139 hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type, 2056 hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, hcon->role))
1140 hcon->role))
1141 return false; 2057 return false;
1142 2058
1143 if (hcon->sec_level >= sec_level) 2059 if (hcon->sec_level >= sec_level)
@@ -1151,6 +2067,7 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
1151 struct smp_cmd_security_req *rp = (void *) skb->data; 2067 struct smp_cmd_security_req *rp = (void *) skb->data;
1152 struct smp_cmd_pairing cp; 2068 struct smp_cmd_pairing cp;
1153 struct hci_conn *hcon = conn->hcon; 2069 struct hci_conn *hcon = conn->hcon;
2070 struct hci_dev *hdev = hcon->hdev;
1154 struct smp_chan *smp; 2071 struct smp_chan *smp;
1155 u8 sec_level, auth; 2072 u8 sec_level, auth;
1156 2073
@@ -1162,7 +2079,10 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
1162 if (hcon->role != HCI_ROLE_MASTER) 2079 if (hcon->role != HCI_ROLE_MASTER)
1163 return SMP_CMD_NOTSUPP; 2080 return SMP_CMD_NOTSUPP;
1164 2081
1165 auth = rp->auth_req & AUTH_REQ_MASK; 2082 auth = rp->auth_req & AUTH_REQ_MASK(hdev);
2083
2084 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && !(auth & SMP_AUTH_SC))
2085 return SMP_AUTH_REQUIREMENTS;
1166 2086
1167 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT) 2087 if (hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
1168 sec_level = BT_SECURITY_MEDIUM; 2088 sec_level = BT_SECURITY_MEDIUM;
@@ -1245,6 +2165,9 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
1245 2165
1246 authreq = seclevel_to_authreq(sec_level); 2166 authreq = seclevel_to_authreq(sec_level);
1247 2167
2168 if (test_bit(HCI_SC_ENABLED, &hcon->hdev->dev_flags))
2169 authreq |= SMP_AUTH_SC;
2170
1248 /* Require MITM if IO Capability allows or the security level 2171 /* Require MITM if IO Capability allows or the security level
1249 * requires it. 2172 * requires it.
1250 */ 2173 */
@@ -1432,6 +2355,234 @@ static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
1432 return 0; 2355 return 0;
1433} 2356}
1434 2357
2358static u8 sc_select_method(struct smp_chan *smp)
2359{
2360 struct l2cap_conn *conn = smp->conn;
2361 struct hci_conn *hcon = conn->hcon;
2362 struct smp_cmd_pairing *local, *remote;
2363 u8 local_mitm, remote_mitm, local_io, remote_io, method;
2364
2365 if (test_bit(SMP_FLAG_OOB, &smp->flags))
2366 return REQ_OOB;
2367
2368 /* The preq/prsp contain the raw Pairing Request/Response PDUs
2369 * which are needed as inputs to some crypto functions. To get
2370 * the "struct smp_cmd_pairing" from them we need to skip the
2371 * first byte which contains the opcode.
2372 */
2373 if (hcon->out) {
2374 local = (void *) &smp->preq[1];
2375 remote = (void *) &smp->prsp[1];
2376 } else {
2377 local = (void *) &smp->prsp[1];
2378 remote = (void *) &smp->preq[1];
2379 }
2380
2381 local_io = local->io_capability;
2382 remote_io = remote->io_capability;
2383
2384 local_mitm = (local->auth_req & SMP_AUTH_MITM);
2385 remote_mitm = (remote->auth_req & SMP_AUTH_MITM);
2386
2387 /* If either side wants MITM, look up the method from the table,
2388 * otherwise use JUST WORKS.
2389 */
2390 if (local_mitm || remote_mitm)
2391 method = get_auth_method(smp, local_io, remote_io);
2392 else
2393 method = JUST_WORKS;
2394
2395 /* Don't confirm locally initiated pairing attempts */
2396 if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
2397 method = JUST_WORKS;
2398
2399 return method;
2400}
2401
2402static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
2403{
2404 struct smp_cmd_public_key *key = (void *) skb->data;
2405 struct hci_conn *hcon = conn->hcon;
2406 struct l2cap_chan *chan = conn->smp;
2407 struct smp_chan *smp = chan->data;
2408 struct hci_dev *hdev = hcon->hdev;
2409 struct smp_cmd_pairing_confirm cfm;
2410 int err;
2411
2412 BT_DBG("conn %p", conn);
2413
2414 if (skb->len < sizeof(*key))
2415 return SMP_INVALID_PARAMS;
2416
2417 memcpy(smp->remote_pk, key, 64);
2418
2419 /* Non-initiating device sends its public key after receiving
2420 * the key from the initiating device.
2421 */
2422 if (!hcon->out) {
2423 err = sc_send_public_key(smp);
2424 if (err)
2425 return err;
2426 }
2427
2428 SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk);
2429 SMP_DBG("Remote Public Key Y: %32phN", &smp->remote_pk[32]);
2430
2431 if (!ecdh_shared_secret(smp->remote_pk, smp->local_sk, smp->dhkey))
2432 return SMP_UNSPECIFIED;
2433
2434 SMP_DBG("DHKey %32phN", smp->dhkey);
2435
2436 set_bit(SMP_FLAG_REMOTE_PK, &smp->flags);
2437
2438 smp->method = sc_select_method(smp);
2439
2440 BT_DBG("%s selected method 0x%02x", hdev->name, smp->method);
2441
2442 /* JUST_WORKS and JUST_CFM result in an unauthenticated key */
2443 if (smp->method == JUST_WORKS || smp->method == JUST_CFM)
2444 hcon->pending_sec_level = BT_SECURITY_MEDIUM;
2445 else
2446 hcon->pending_sec_level = BT_SECURITY_FIPS;
2447
2448 if (!memcmp(debug_pk, smp->remote_pk, 64))
2449 set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
2450
2451 if (smp->method == DSP_PASSKEY) {
2452 get_random_bytes(&hcon->passkey_notify,
2453 sizeof(hcon->passkey_notify));
2454 hcon->passkey_notify %= 1000000;
2455 hcon->passkey_entered = 0;
2456 smp->passkey_round = 0;
2457 if (mgmt_user_passkey_notify(hdev, &hcon->dst, hcon->type,
2458 hcon->dst_type,
2459 hcon->passkey_notify,
2460 hcon->passkey_entered))
2461 return SMP_UNSPECIFIED;
2462 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2463 return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
2464 }
2465
2466 if (smp->method == REQ_OOB) {
2467 err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
2468 smp->rr, 0, cfm.confirm_val);
2469 if (err)
2470 return SMP_UNSPECIFIED;
2471
2472 if (memcmp(cfm.confirm_val, smp->pcnf, 16))
2473 return SMP_CONFIRM_FAILED;
2474
2475 if (hcon->out)
2476 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
2477 sizeof(smp->prnd), smp->prnd);
2478
2479 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2480
2481 return 0;
2482 }
2483
2484 if (hcon->out)
2485 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2486
2487 if (smp->method == REQ_PASSKEY) {
2488 if (mgmt_user_passkey_request(hdev, &hcon->dst, hcon->type,
2489 hcon->dst_type))
2490 return SMP_UNSPECIFIED;
2491 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
2492 set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
2493 return 0;
2494 }
2495
2496 /* The Initiating device waits for the non-initiating device to
2497 * send the confirm value.
2498 */
2499 if (conn->hcon->out)
2500 return 0;
2501
2502 err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
2503 0, cfm.confirm_val);
2504 if (err)
2505 return SMP_UNSPECIFIED;
2506
2507 smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cfm), &cfm);
2508 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
2509
2510 return 0;
2511}
2512
2513static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
2514{
2515 struct smp_cmd_dhkey_check *check = (void *) skb->data;
2516 struct l2cap_chan *chan = conn->smp;
2517 struct hci_conn *hcon = conn->hcon;
2518 struct smp_chan *smp = chan->data;
2519 u8 a[7], b[7], *local_addr, *remote_addr;
2520 u8 io_cap[3], r[16], e[16];
2521 int err;
2522
2523 BT_DBG("conn %p", conn);
2524
2525 if (skb->len < sizeof(*check))
2526 return SMP_INVALID_PARAMS;
2527
2528 memcpy(a, &hcon->init_addr, 6);
2529 memcpy(b, &hcon->resp_addr, 6);
2530 a[6] = hcon->init_addr_type;
2531 b[6] = hcon->resp_addr_type;
2532
2533 if (hcon->out) {
2534 local_addr = a;
2535 remote_addr = b;
2536 memcpy(io_cap, &smp->prsp[1], 3);
2537 } else {
2538 local_addr = b;
2539 remote_addr = a;
2540 memcpy(io_cap, &smp->preq[1], 3);
2541 }
2542
2543 memset(r, 0, sizeof(r));
2544
2545 if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
2546 put_unaligned_le32(hcon->passkey_notify, r);
2547
2548 err = smp_f6(smp->tfm_cmac, smp->mackey, smp->rrnd, smp->prnd, r,
2549 io_cap, remote_addr, local_addr, e);
2550 if (err)
2551 return SMP_UNSPECIFIED;
2552
2553 if (memcmp(check->e, e, 16))
2554 return SMP_DHKEY_CHECK_FAILED;
2555
2556 if (!hcon->out) {
2557 if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
2558 set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
2559 return 0;
2560 }
2561
2562 /* Slave sends DHKey check as response to master */
2563 sc_dhkey_check(smp);
2564 }
2565
2566 sc_add_ltk(smp);
2567
2568 if (hcon->out) {
2569 hci_le_start_enc(hcon, 0, 0, smp->tk);
2570 hcon->enc_key_size = smp->enc_key_size;
2571 }
2572
2573 return 0;
2574}
2575
2576static int smp_cmd_keypress_notify(struct l2cap_conn *conn,
2577 struct sk_buff *skb)
2578{
2579 struct smp_cmd_keypress_notify *kp = (void *) skb->data;
2580
2581 BT_DBG("value 0x%02x", kp->value);
2582
2583 return 0;
2584}
2585
1435static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb) 2586static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
1436{ 2587{
1437 struct l2cap_conn *conn = chan->conn; 2588 struct l2cap_conn *conn = chan->conn;
@@ -1440,11 +2591,6 @@ static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
1440 __u8 code, reason; 2591 __u8 code, reason;
1441 int err = 0; 2592 int err = 0;
1442 2593
1443 if (hcon->type != LE_LINK) {
1444 kfree_skb(skb);
1445 return 0;
1446 }
1447
1448 if (skb->len < 1) 2594 if (skb->len < 1)
1449 return -EILSEQ; 2595 return -EILSEQ;
1450 2596
@@ -1516,6 +2662,18 @@ static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
1516 reason = smp_cmd_sign_info(conn, skb); 2662 reason = smp_cmd_sign_info(conn, skb);
1517 break; 2663 break;
1518 2664
2665 case SMP_CMD_PUBLIC_KEY:
2666 reason = smp_cmd_public_key(conn, skb);
2667 break;
2668
2669 case SMP_CMD_DHKEY_CHECK:
2670 reason = smp_cmd_dhkey_check(conn, skb);
2671 break;
2672
2673 case SMP_CMD_KEYPRESS_NOTIFY:
2674 reason = smp_cmd_keypress_notify(conn, skb);
2675 break;
2676
1519 default: 2677 default:
1520 BT_DBG("Unknown command code 0x%2.2x", code); 2678 BT_DBG("Unknown command code 0x%2.2x", code);
1521 reason = SMP_CMD_NOTSUPP; 2679 reason = SMP_CMD_NOTSUPP;
@@ -1551,6 +2709,74 @@ static void smp_teardown_cb(struct l2cap_chan *chan, int err)
1551 l2cap_chan_put(chan); 2709 l2cap_chan_put(chan);
1552} 2710}
1553 2711
2712static void bredr_pairing(struct l2cap_chan *chan)
2713{
2714 struct l2cap_conn *conn = chan->conn;
2715 struct hci_conn *hcon = conn->hcon;
2716 struct hci_dev *hdev = hcon->hdev;
2717 struct smp_cmd_pairing req;
2718 struct smp_chan *smp;
2719
2720 BT_DBG("chan %p", chan);
2721
2722 /* Only new pairings are interesting */
2723 if (!test_bit(HCI_CONN_NEW_LINK_KEY, &hcon->flags))
2724 return;
2725
2726 /* Don't bother if we're not encrypted */
2727 if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2728 return;
2729
2730 /* Only master may initiate SMP over BR/EDR */
2731 if (hcon->role != HCI_ROLE_MASTER)
2732 return;
2733
2734 /* Secure Connections support must be enabled */
2735 if (!test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
2736 return;
2737
2738 /* BR/EDR must use Secure Connections for SMP */
2739 if (!test_bit(HCI_CONN_AES_CCM, &hcon->flags) &&
2740 !test_bit(HCI_FORCE_LESC, &hdev->dbg_flags))
2741 return;
2742
2743 /* If our LE support is not enabled don't do anything */
2744 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
2745 return;
2746
2747 /* Don't bother if remote LE support is not enabled */
2748 if (!lmp_host_le_capable(hcon))
2749 return;
2750
2751 /* Remote must support SMP fixed chan for BR/EDR */
2752 if (!(conn->remote_fixed_chan & L2CAP_FC_SMP_BREDR))
2753 return;
2754
2755 /* Don't bother if SMP is already ongoing */
2756 if (chan->data)
2757 return;
2758
2759 smp = smp_chan_create(conn);
2760 if (!smp) {
2761 BT_ERR("%s unable to create SMP context for BR/EDR",
2762 hdev->name);
2763 return;
2764 }
2765
2766 set_bit(SMP_FLAG_SC, &smp->flags);
2767
2768 BT_DBG("%s starting SMP over BR/EDR", hdev->name);
2769
2770 /* Prepare and send the BR/EDR SMP Pairing Request */
2771 build_bredr_pairing_cmd(smp, &req, NULL);
2772
2773 smp->preq[0] = SMP_CMD_PAIRING_REQ;
2774 memcpy(&smp->preq[1], &req, sizeof(req));
2775
2776 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
2777 SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
2778}
2779
1554static void smp_resume_cb(struct l2cap_chan *chan) 2780static void smp_resume_cb(struct l2cap_chan *chan)
1555{ 2781{
1556 struct smp_chan *smp = chan->data; 2782 struct smp_chan *smp = chan->data;
@@ -1559,6 +2785,11 @@ static void smp_resume_cb(struct l2cap_chan *chan)
1559 2785
1560 BT_DBG("chan %p", chan); 2786 BT_DBG("chan %p", chan);
1561 2787
2788 if (hcon->type == ACL_LINK) {
2789 bredr_pairing(chan);
2790 return;
2791 }
2792
1562 if (!smp) 2793 if (!smp)
1563 return; 2794 return;
1564 2795
@@ -1573,11 +2804,15 @@ static void smp_resume_cb(struct l2cap_chan *chan)
1573static void smp_ready_cb(struct l2cap_chan *chan) 2804static void smp_ready_cb(struct l2cap_chan *chan)
1574{ 2805{
1575 struct l2cap_conn *conn = chan->conn; 2806 struct l2cap_conn *conn = chan->conn;
2807 struct hci_conn *hcon = conn->hcon;
1576 2808
1577 BT_DBG("chan %p", chan); 2809 BT_DBG("chan %p", chan);
1578 2810
1579 conn->smp = chan; 2811 conn->smp = chan;
1580 l2cap_chan_hold(chan); 2812 l2cap_chan_hold(chan);
2813
2814 if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
2815 bredr_pairing(chan);
1581} 2816}
1582 2817
1583static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 2818static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
@@ -1682,34 +2917,40 @@ static const struct l2cap_ops smp_root_chan_ops = {
1682 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec, 2917 .memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
1683}; 2918};
1684 2919
1685int smp_register(struct hci_dev *hdev) 2920static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
1686{ 2921{
1687 struct l2cap_chan *chan; 2922 struct l2cap_chan *chan;
1688 struct crypto_blkcipher *tfm_aes; 2923 struct crypto_blkcipher *tfm_aes;
1689 2924
1690 BT_DBG("%s", hdev->name); 2925 if (cid == L2CAP_CID_SMP_BREDR) {
2926 tfm_aes = NULL;
2927 goto create_chan;
2928 }
1691 2929
1692 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0); 2930 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0);
1693 if (IS_ERR(tfm_aes)) { 2931 if (IS_ERR(tfm_aes)) {
1694 int err = PTR_ERR(tfm_aes);
1695 BT_ERR("Unable to create crypto context"); 2932 BT_ERR("Unable to create crypto context");
1696 return err; 2933 return ERR_PTR(PTR_ERR(tfm_aes));
1697 } 2934 }
1698 2935
2936create_chan:
1699 chan = l2cap_chan_create(); 2937 chan = l2cap_chan_create();
1700 if (!chan) { 2938 if (!chan) {
1701 crypto_free_blkcipher(tfm_aes); 2939 crypto_free_blkcipher(tfm_aes);
1702 return -ENOMEM; 2940 return ERR_PTR(-ENOMEM);
1703 } 2941 }
1704 2942
1705 chan->data = tfm_aes; 2943 chan->data = tfm_aes;
1706 2944
1707 l2cap_add_scid(chan, L2CAP_CID_SMP); 2945 l2cap_add_scid(chan, cid);
1708 2946
1709 l2cap_chan_set_defaults(chan); 2947 l2cap_chan_set_defaults(chan);
1710 2948
1711 bacpy(&chan->src, &hdev->bdaddr); 2949 bacpy(&chan->src, &hdev->bdaddr);
1712 chan->src_type = BDADDR_LE_PUBLIC; 2950 if (cid == L2CAP_CID_SMP)
2951 chan->src_type = BDADDR_LE_PUBLIC;
2952 else
2953 chan->src_type = BDADDR_BREDR;
1713 chan->state = BT_LISTEN; 2954 chan->state = BT_LISTEN;
1714 chan->mode = L2CAP_MODE_BASIC; 2955 chan->mode = L2CAP_MODE_BASIC;
1715 chan->imtu = L2CAP_DEFAULT_MTU; 2956 chan->imtu = L2CAP_DEFAULT_MTU;
@@ -1718,20 +2959,14 @@ int smp_register(struct hci_dev *hdev)
1718 /* Set correct nesting level for a parent/listening channel */ 2959 /* Set correct nesting level for a parent/listening channel */
1719 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT); 2960 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
1720 2961
1721 hdev->smp_data = chan; 2962 return chan;
1722
1723 return 0;
1724} 2963}
1725 2964
1726void smp_unregister(struct hci_dev *hdev) 2965static void smp_del_chan(struct l2cap_chan *chan)
1727{ 2966{
1728 struct l2cap_chan *chan = hdev->smp_data; 2967 struct crypto_blkcipher *tfm_aes;
1729 struct crypto_blkcipher *tfm_aes;
1730
1731 if (!chan)
1732 return;
1733 2968
1734 BT_DBG("%s chan %p", hdev->name, chan); 2969 BT_DBG("chan %p", chan);
1735 2970
1736 tfm_aes = chan->data; 2971 tfm_aes = chan->data;
1737 if (tfm_aes) { 2972 if (tfm_aes) {
@@ -1739,6 +2974,52 @@ void smp_unregister(struct hci_dev *hdev)
1739 crypto_free_blkcipher(tfm_aes); 2974 crypto_free_blkcipher(tfm_aes);
1740 } 2975 }
1741 2976
1742 hdev->smp_data = NULL;
1743 l2cap_chan_put(chan); 2977 l2cap_chan_put(chan);
1744} 2978}
2979
2980int smp_register(struct hci_dev *hdev)
2981{
2982 struct l2cap_chan *chan;
2983
2984 BT_DBG("%s", hdev->name);
2985
2986 chan = smp_add_cid(hdev, L2CAP_CID_SMP);
2987 if (IS_ERR(chan))
2988 return PTR_ERR(chan);
2989
2990 hdev->smp_data = chan;
2991
2992 if (!lmp_sc_capable(hdev) &&
2993 !test_bit(HCI_FORCE_LESC, &hdev->dbg_flags))
2994 return 0;
2995
2996 chan = smp_add_cid(hdev, L2CAP_CID_SMP_BREDR);
2997 if (IS_ERR(chan)) {
2998 int err = PTR_ERR(chan);
2999 chan = hdev->smp_data;
3000 hdev->smp_data = NULL;
3001 smp_del_chan(chan);
3002 return err;
3003 }
3004
3005 hdev->smp_bredr_data = chan;
3006
3007 return 0;
3008}
3009
3010void smp_unregister(struct hci_dev *hdev)
3011{
3012 struct l2cap_chan *chan;
3013
3014 if (hdev->smp_bredr_data) {
3015 chan = hdev->smp_bredr_data;
3016 hdev->smp_bredr_data = NULL;
3017 smp_del_chan(chan);
3018 }
3019
3020 if (hdev->smp_data) {
3021 chan = hdev->smp_data;
3022 hdev->smp_data = NULL;
3023 smp_del_chan(chan);
3024 }
3025}
diff --git a/net/bluetooth/smp.h b/net/bluetooth/smp.h
index f76083b85005..3296bf42ae80 100644
--- a/net/bluetooth/smp.h
+++ b/net/bluetooth/smp.h
@@ -50,10 +50,13 @@ struct smp_cmd_pairing {
50#define SMP_DIST_ENC_KEY 0x01 50#define SMP_DIST_ENC_KEY 0x01
51#define SMP_DIST_ID_KEY 0x02 51#define SMP_DIST_ID_KEY 0x02
52#define SMP_DIST_SIGN 0x04 52#define SMP_DIST_SIGN 0x04
53#define SMP_DIST_LINK_KEY 0x08
53 54
54#define SMP_AUTH_NONE 0x00 55#define SMP_AUTH_NONE 0x00
55#define SMP_AUTH_BONDING 0x01 56#define SMP_AUTH_BONDING 0x01
56#define SMP_AUTH_MITM 0x04 57#define SMP_AUTH_MITM 0x04
58#define SMP_AUTH_SC 0x08
59#define SMP_AUTH_KEYPRESS 0x10
57 60
58#define SMP_CMD_PAIRING_CONFIRM 0x03 61#define SMP_CMD_PAIRING_CONFIRM 0x03
59struct smp_cmd_pairing_confirm { 62struct smp_cmd_pairing_confirm {
@@ -102,7 +105,23 @@ struct smp_cmd_security_req {
102 __u8 auth_req; 105 __u8 auth_req;
103} __packed; 106} __packed;
104 107
105#define SMP_CMD_MAX 0x0b 108#define SMP_CMD_PUBLIC_KEY 0x0c
109struct smp_cmd_public_key {
110 __u8 x[32];
111 __u8 y[32];
112} __packed;
113
114#define SMP_CMD_DHKEY_CHECK 0x0d
115struct smp_cmd_dhkey_check {
116 __u8 e[16];
117} __packed;
118
119#define SMP_CMD_KEYPRESS_NOTIFY 0x0e
120struct smp_cmd_keypress_notify {
121 __u8 value;
122} __packed;
123
124#define SMP_CMD_MAX 0x0e
106 125
107#define SMP_PASSKEY_ENTRY_FAILED 0x01 126#define SMP_PASSKEY_ENTRY_FAILED 0x01
108#define SMP_OOB_NOT_AVAIL 0x02 127#define SMP_OOB_NOT_AVAIL 0x02
@@ -114,6 +133,10 @@ struct smp_cmd_security_req {
114#define SMP_UNSPECIFIED 0x08 133#define SMP_UNSPECIFIED 0x08
115#define SMP_REPEATED_ATTEMPTS 0x09 134#define SMP_REPEATED_ATTEMPTS 0x09
116#define SMP_INVALID_PARAMS 0x0a 135#define SMP_INVALID_PARAMS 0x0a
136#define SMP_DHKEY_CHECK_FAILED 0x0b
137#define SMP_NUMERIC_COMP_FAILED 0x0c
138#define SMP_BREDR_PAIRING_IN_PROGRESS 0x0d
139#define SMP_CROSS_TRANSP_NOT_ALLOWED 0x0e
117 140
118#define SMP_MIN_ENC_KEY_SIZE 7 141#define SMP_MIN_ENC_KEY_SIZE 7
119#define SMP_MAX_ENC_KEY_SIZE 16 142#define SMP_MAX_ENC_KEY_SIZE 16
@@ -123,12 +146,29 @@ enum {
123 SMP_STK, 146 SMP_STK,
124 SMP_LTK, 147 SMP_LTK,
125 SMP_LTK_SLAVE, 148 SMP_LTK_SLAVE,
149 SMP_LTK_P256,
150 SMP_LTK_P256_DEBUG,
126}; 151};
127 152
153static inline bool smp_ltk_is_sc(struct smp_ltk *key)
154{
155 switch (key->type) {
156 case SMP_LTK_P256:
157 case SMP_LTK_P256_DEBUG:
158 return true;
159 }
160
161 return false;
162}
163
128static inline u8 smp_ltk_sec_level(struct smp_ltk *key) 164static inline u8 smp_ltk_sec_level(struct smp_ltk *key)
129{ 165{
130 if (key->authenticated) 166 if (key->authenticated) {
131 return BT_SECURITY_HIGH; 167 if (smp_ltk_is_sc(key))
168 return BT_SECURITY_FIPS;
169 else
170 return BT_SECURITY_HIGH;
171 }
132 172
133 return BT_SECURITY_MEDIUM; 173 return BT_SECURITY_MEDIUM;
134} 174}
@@ -145,8 +185,9 @@ bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
145int smp_conn_security(struct hci_conn *hcon, __u8 sec_level); 185int smp_conn_security(struct hci_conn *hcon, __u8 sec_level);
146int smp_user_confirm_reply(struct hci_conn *conn, u16 mgmt_op, __le32 passkey); 186int smp_user_confirm_reply(struct hci_conn *conn, u16 mgmt_op, __le32 passkey);
147 187
148bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr); 188bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
149int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa); 189 const bdaddr_t *bdaddr);
190int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa);
150 191
151int smp_register(struct hci_dev *hdev); 192int smp_register(struct hci_dev *hdev);
152void smp_unregister(struct hci_dev *hdev); 193void smp_unregister(struct hci_dev *hdev);
diff --git a/net/ieee802154/6lowpan_rtnl.c b/net/ieee802154/6lowpan_rtnl.c
index 290e14f2e92e..27eaa65e88e1 100644
--- a/net/ieee802154/6lowpan_rtnl.c
+++ b/net/ieee802154/6lowpan_rtnl.c
@@ -439,7 +439,6 @@ static void lowpan_set_lockdep_class_one(struct net_device *dev,
439 &lowpan_netdev_xmit_lock_key); 439 &lowpan_netdev_xmit_lock_key);
440} 440}
441 441
442
443static int lowpan_dev_init(struct net_device *dev) 442static int lowpan_dev_init(struct net_device *dev)
444{ 443{
445 netdev_for_each_tx_queue(dev, lowpan_set_lockdep_class_one, NULL); 444 netdev_for_each_tx_queue(dev, lowpan_set_lockdep_class_one, NULL);
@@ -597,7 +596,7 @@ static int lowpan_newlink(struct net *src_net, struct net_device *dev,
597 596
598 entry->ldev = dev; 597 entry->ldev = dev;
599 598
600 /* Set the lowpan harware address to the wpan hardware address. */ 599 /* Set the lowpan hardware address to the wpan hardware address. */
601 memcpy(dev->dev_addr, real_dev->dev_addr, IEEE802154_ADDR_LEN); 600 memcpy(dev->dev_addr, real_dev->dev_addr, IEEE802154_ADDR_LEN);
602 601
603 mutex_lock(&lowpan_dev_info(dev)->dev_list_mtx); 602 mutex_lock(&lowpan_dev_info(dev)->dev_list_mtx);
diff --git a/net/ieee802154/af_ieee802154.c b/net/ieee802154/af_ieee802154.c
index 26da1e179737..d0a1282cdf43 100644
--- a/net/ieee802154/af_ieee802154.c
+++ b/net/ieee802154/af_ieee802154.c
@@ -99,6 +99,7 @@ static int ieee802154_sock_release(struct socket *sock)
99 } 99 }
100 return 0; 100 return 0;
101} 101}
102
102static int ieee802154_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 103static int ieee802154_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
103 struct msghdr *msg, size_t len) 104 struct msghdr *msg, size_t len)
104{ 105{
@@ -231,7 +232,6 @@ static const struct proto_ops ieee802154_dgram_ops = {
231#endif 232#endif
232}; 233};
233 234
234
235/* Create a socket. Initialise the socket, blank the addresses 235/* Create a socket. Initialise the socket, blank the addresses
236 * set the state. 236 * set the state.
237 */ 237 */
@@ -320,7 +320,6 @@ drop:
320 return NET_RX_DROP; 320 return NET_RX_DROP;
321} 321}
322 322
323
324static struct packet_type ieee802154_packet_type = { 323static struct packet_type ieee802154_packet_type = {
325 .type = htons(ETH_P_IEEE802154), 324 .type = htons(ETH_P_IEEE802154),
326 .func = ieee802154_rcv, 325 .func = ieee802154_rcv,
@@ -354,6 +353,7 @@ err_dgram:
354out: 353out:
355 return rc; 354 return rc;
356} 355}
356
357static void __exit af_ieee802154_remove(void) 357static void __exit af_ieee802154_remove(void)
358{ 358{
359 dev_remove_pack(&ieee802154_packet_type); 359 dev_remove_pack(&ieee802154_packet_type);
diff --git a/net/ieee802154/dgram.c b/net/ieee802154/dgram.c
index 2c7a93e7167e..d1930b70c4aa 100644
--- a/net/ieee802154/dgram.c
+++ b/net/ieee802154/dgram.c
@@ -154,7 +154,6 @@ static int dgram_ioctl(struct sock *sk, int cmd, unsigned long arg)
154 spin_unlock_bh(&sk->sk_receive_queue.lock); 154 spin_unlock_bh(&sk->sk_receive_queue.lock);
155 return put_user(amount, (int __user *)arg); 155 return put_user(amount, (int __user *)arg);
156 } 156 }
157
158 } 157 }
159 158
160 return -ENOIOCTLCMD; 159 return -ENOIOCTLCMD;
diff --git a/net/ieee802154/netlink.c b/net/ieee802154/netlink.c
index 63ee7d66950e..fa1464762d0d 100644
--- a/net/ieee802154/netlink.c
+++ b/net/ieee802154/netlink.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * Netlink inteface for IEEE 802.15.4 stack 2 * Netlink interface for IEEE 802.15.4 stack
3 * 3 *
4 * Copyright 2007, 2008 Siemens AG 4 * Copyright 2007, 2008 Siemens AG
5 * 5 *
@@ -73,7 +73,7 @@ out:
73} 73}
74 74
75struct sk_buff *ieee802154_nl_new_reply(struct genl_info *info, 75struct sk_buff *ieee802154_nl_new_reply(struct genl_info *info,
76 int flags, u8 req) 76 int flags, u8 req)
77{ 77{
78 void *hdr; 78 void *hdr;
79 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 79 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
@@ -147,7 +147,6 @@ static const struct genl_multicast_group ieee802154_mcgrps[] = {
147 [IEEE802154_BEACON_MCGRP] = { .name = IEEE802154_MCAST_BEACON_NAME, }, 147 [IEEE802154_BEACON_MCGRP] = { .name = IEEE802154_MCAST_BEACON_NAME, },
148}; 148};
149 149
150
151int __init ieee802154_nl_init(void) 150int __init ieee802154_nl_init(void)
152{ 151{
153 return genl_register_family_with_ops_groups(&nl802154_family, 152 return genl_register_family_with_ops_groups(&nl802154_family,
diff --git a/net/ieee802154/nl-mac.c b/net/ieee802154/nl-mac.c
index fe77f0c770b8..cd919493c976 100644
--- a/net/ieee802154/nl-mac.c
+++ b/net/ieee802154/nl-mac.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * Netlink inteface for IEEE 802.15.4 stack 2 * Netlink interface for IEEE 802.15.4 stack
3 * 3 *
4 * Copyright 2007, 2008 Siemens AG 4 * Copyright 2007, 2008 Siemens AG
5 * 5 *
@@ -346,7 +346,6 @@ int ieee802154_start_req(struct sk_buff *skb, struct genl_info *info)
346 else 346 else
347 page = 0; 347 page = 0;
348 348
349
350 if (addr.short_addr == cpu_to_le16(IEEE802154_ADDR_BROADCAST)) { 349 if (addr.short_addr == cpu_to_le16(IEEE802154_ADDR_BROADCAST)) {
351 ieee802154_nl_start_confirm(dev, IEEE802154_NO_SHORT_ADDRESS); 350 ieee802154_nl_start_confirm(dev, IEEE802154_NO_SHORT_ADDRESS);
352 dev_put(dev); 351 dev_put(dev);
@@ -397,7 +396,6 @@ int ieee802154_scan_req(struct sk_buff *skb, struct genl_info *info)
397 else 396 else
398 page = 0; 397 page = 0;
399 398
400
401 ret = ieee802154_mlme_ops(dev)->scan_req(dev, type, channels, 399 ret = ieee802154_mlme_ops(dev)->scan_req(dev, type, channels,
402 page, duration); 400 page, duration);
403 401
@@ -548,8 +546,6 @@ out:
548 return rc; 546 return rc;
549} 547}
550 548
551
552
553static int 549static int
554ieee802154_llsec_parse_key_id(struct genl_info *info, 550ieee802154_llsec_parse_key_id(struct genl_info *info,
555 struct ieee802154_llsec_key_id *desc) 551 struct ieee802154_llsec_key_id *desc)
@@ -765,8 +761,6 @@ out:
765 return rc; 761 return rc;
766} 762}
767 763
768
769
770struct llsec_dump_data { 764struct llsec_dump_data {
771 struct sk_buff *skb; 765 struct sk_buff *skb;
772 int s_idx, s_idx2; 766 int s_idx, s_idx2;
@@ -843,8 +837,6 @@ ieee802154_nl_llsec_change(struct sk_buff *skb, struct genl_info *info,
843 return rc; 837 return rc;
844} 838}
845 839
846
847
848static int 840static int
849ieee802154_llsec_parse_key(struct genl_info *info, 841ieee802154_llsec_parse_key(struct genl_info *info,
850 struct ieee802154_llsec_key *key) 842 struct ieee802154_llsec_key *key)
@@ -989,8 +981,6 @@ int ieee802154_llsec_dump_keys(struct sk_buff *skb, struct netlink_callback *cb)
989 return ieee802154_llsec_dump_table(skb, cb, llsec_iter_keys); 981 return ieee802154_llsec_dump_table(skb, cb, llsec_iter_keys);
990} 982}
991 983
992
993
994static int 984static int
995llsec_parse_dev(struct genl_info *info, 985llsec_parse_dev(struct genl_info *info,
996 struct ieee802154_llsec_device *dev) 986 struct ieee802154_llsec_device *dev)
@@ -1121,8 +1111,6 @@ int ieee802154_llsec_dump_devs(struct sk_buff *skb, struct netlink_callback *cb)
1121 return ieee802154_llsec_dump_table(skb, cb, llsec_iter_devs); 1111 return ieee802154_llsec_dump_table(skb, cb, llsec_iter_devs);
1122} 1112}
1123 1113
1124
1125
1126static int llsec_add_devkey(struct net_device *dev, struct genl_info *info) 1114static int llsec_add_devkey(struct net_device *dev, struct genl_info *info)
1127{ 1115{
1128 struct ieee802154_mlme_ops *ops = ieee802154_mlme_ops(dev); 1116 struct ieee802154_mlme_ops *ops = ieee802154_mlme_ops(dev);
@@ -1237,8 +1225,6 @@ int ieee802154_llsec_dump_devkeys(struct sk_buff *skb,
1237 return ieee802154_llsec_dump_table(skb, cb, llsec_iter_devkeys); 1225 return ieee802154_llsec_dump_table(skb, cb, llsec_iter_devkeys);
1238} 1226}
1239 1227
1240
1241
1242static int 1228static int
1243llsec_parse_seclevel(struct genl_info *info, 1229llsec_parse_seclevel(struct genl_info *info,
1244 struct ieee802154_llsec_seclevel *sl) 1230 struct ieee802154_llsec_seclevel *sl)
diff --git a/net/ieee802154/nl-phy.c b/net/ieee802154/nl-phy.c
index 80a946dddd90..7baf98b14611 100644
--- a/net/ieee802154/nl-phy.c
+++ b/net/ieee802154/nl-phy.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * Netlink inteface for IEEE 802.15.4 stack 2 * Netlink interface for IEEE 802.15.4 stack
3 * 3 *
4 * Copyright 2007, 2008 Siemens AG 4 * Copyright 2007, 2008 Siemens AG
5 * 5 *
@@ -94,7 +94,6 @@ int ieee802154_list_phy(struct sk_buff *skb, struct genl_info *info)
94 if (name[nla_len(info->attrs[IEEE802154_ATTR_PHY_NAME]) - 1] != '\0') 94 if (name[nla_len(info->attrs[IEEE802154_ATTR_PHY_NAME]) - 1] != '\0')
95 return -EINVAL; /* phy name should be null-terminated */ 95 return -EINVAL; /* phy name should be null-terminated */
96 96
97
98 phy = wpan_phy_find(name); 97 phy = wpan_phy_find(name);
99 if (!phy) 98 if (!phy)
100 return -ENODEV; 99 return -ENODEV;
diff --git a/net/ieee802154/raw.c b/net/ieee802154/raw.c
index 61e9d2972947..1674b115c891 100644
--- a/net/ieee802154/raw.c
+++ b/net/ieee802154/raw.c
@@ -221,7 +221,6 @@ static int raw_rcv_skb(struct sock *sk, struct sk_buff *skb)
221 return NET_RX_SUCCESS; 221 return NET_RX_SUCCESS;
222} 222}
223 223
224
225void ieee802154_raw_deliver(struct net_device *dev, struct sk_buff *skb) 224void ieee802154_raw_deliver(struct net_device *dev, struct sk_buff *skb)
226{ 225{
227 struct sock *sk; 226 struct sock *sk;
diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c
index c7c514220298..5d6dae9e4aac 100644
--- a/net/mac80211/chan.c
+++ b/net/mac80211/chan.c
@@ -932,6 +932,21 @@ ieee80211_vif_chanctx_reservation_complete(struct ieee80211_sub_if_data *sdata)
932 } 932 }
933} 933}
934 934
935static void
936ieee80211_vif_update_chandef(struct ieee80211_sub_if_data *sdata,
937 const struct cfg80211_chan_def *chandef)
938{
939 struct ieee80211_sub_if_data *vlan;
940
941 sdata->vif.bss_conf.chandef = *chandef;
942
943 if (sdata->vif.type != NL80211_IFTYPE_AP)
944 return;
945
946 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
947 vlan->vif.bss_conf.chandef = *chandef;
948}
949
935static int 950static int
936ieee80211_vif_use_reserved_reassign(struct ieee80211_sub_if_data *sdata) 951ieee80211_vif_use_reserved_reassign(struct ieee80211_sub_if_data *sdata)
937{ 952{
@@ -994,7 +1009,7 @@ ieee80211_vif_use_reserved_reassign(struct ieee80211_sub_if_data *sdata)
994 if (sdata->vif.bss_conf.chandef.width != sdata->reserved_chandef.width) 1009 if (sdata->vif.bss_conf.chandef.width != sdata->reserved_chandef.width)
995 changed = BSS_CHANGED_BANDWIDTH; 1010 changed = BSS_CHANGED_BANDWIDTH;
996 1011
997 sdata->vif.bss_conf.chandef = sdata->reserved_chandef; 1012 ieee80211_vif_update_chandef(sdata, &sdata->reserved_chandef);
998 1013
999 if (changed) 1014 if (changed)
1000 ieee80211_bss_info_change_notify(sdata, changed); 1015 ieee80211_bss_info_change_notify(sdata, changed);
@@ -1336,7 +1351,7 @@ static int ieee80211_vif_use_reserved_switch(struct ieee80211_local *local)
1336 sdata->reserved_chandef.width) 1351 sdata->reserved_chandef.width)
1337 changed = BSS_CHANGED_BANDWIDTH; 1352 changed = BSS_CHANGED_BANDWIDTH;
1338 1353
1339 sdata->vif.bss_conf.chandef = sdata->reserved_chandef; 1354 ieee80211_vif_update_chandef(sdata, &sdata->reserved_chandef);
1340 if (changed) 1355 if (changed)
1341 ieee80211_bss_info_change_notify(sdata, 1356 ieee80211_bss_info_change_notify(sdata,
1342 changed); 1357 changed);
@@ -1507,7 +1522,7 @@ int ieee80211_vif_use_channel(struct ieee80211_sub_if_data *sdata,
1507 goto out; 1522 goto out;
1508 } 1523 }
1509 1524
1510 sdata->vif.bss_conf.chandef = *chandef; 1525 ieee80211_vif_update_chandef(sdata, chandef);
1511 1526
1512 ret = ieee80211_assign_vif_chanctx(sdata, ctx); 1527 ret = ieee80211_assign_vif_chanctx(sdata, ctx);
1513 if (ret) { 1528 if (ret) {
@@ -1649,7 +1664,7 @@ int ieee80211_vif_change_bandwidth(struct ieee80211_sub_if_data *sdata,
1649 break; 1664 break;
1650 } 1665 }
1651 1666
1652 sdata->vif.bss_conf.chandef = *chandef; 1667 ieee80211_vif_update_chandef(sdata, chandef);
1653 1668
1654 ieee80211_recalc_chanctx_chantype(local, ctx); 1669 ieee80211_recalc_chanctx_chantype(local, ctx);
1655 1670
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 538fe4ef5c85..417355390873 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -520,6 +520,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
520 sdata->vif.cab_queue = master->vif.cab_queue; 520 sdata->vif.cab_queue = master->vif.cab_queue;
521 memcpy(sdata->vif.hw_queue, master->vif.hw_queue, 521 memcpy(sdata->vif.hw_queue, master->vif.hw_queue,
522 sizeof(sdata->vif.hw_queue)); 522 sizeof(sdata->vif.hw_queue));
523 sdata->vif.bss_conf.chandef = master->vif.bss_conf.chandef;
523 break; 524 break;
524 } 525 }
525 case NL80211_IFTYPE_AP: 526 case NL80211_IFTYPE_AP:
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index ba06cd003375..75a9bf50207e 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -552,13 +552,17 @@ static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
552 cap = vht_cap.cap; 552 cap = vht_cap.cap;
553 553
554 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) { 554 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) {
555 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ; 555 u32 bw = cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
556 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 556
557 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
558 if (bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ ||
559 bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ)
560 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
557 } 561 }
558 562
559 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) { 563 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) {
560 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160; 564 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160;
561 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 565 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
562 } 566 }
563 567
564 /* 568 /*
@@ -2263,9 +2267,7 @@ static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
2263 "detected beacon loss from AP (missed %d beacons) - probing\n", 2267 "detected beacon loss from AP (missed %d beacons) - probing\n",
2264 beacon_loss_count); 2268 beacon_loss_count);
2265 2269
2266 ieee80211_cqm_rssi_notify(&sdata->vif, 2270 ieee80211_cqm_beacon_loss_notify(&sdata->vif, GFP_KERNEL);
2267 NL80211_CQM_RSSI_BEACON_LOSS_EVENT,
2268 GFP_KERNEL);
2269 } 2271 }
2270 2272
2271 /* 2273 /*
@@ -4898,3 +4900,13 @@ void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
4898 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp); 4900 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp);
4899} 4901}
4900EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 4902EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
4903
4904void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp)
4905{
4906 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4907
4908 trace_api_cqm_beacon_loss_notify(sdata->local, sdata);
4909
4910 cfg80211_cqm_beacon_loss_notify(sdata->dev, gfp);
4911}
4912EXPORT_SYMBOL(ieee80211_cqm_beacon_loss_notify);
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index 08ab7d6d1517..d53355b011f5 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -446,7 +446,8 @@ static void rate_fixup_ratelist(struct ieee80211_vif *vif,
446 * 446 *
447 * XXX: Should this check all retry rates? 447 * XXX: Should this check all retry rates?
448 */ 448 */
449 if (!(rates[0].flags & IEEE80211_TX_RC_MCS)) { 449 if (!(rates[0].flags &
450 (IEEE80211_TX_RC_MCS | IEEE80211_TX_RC_VHT_MCS))) {
450 u32 basic_rates = vif->bss_conf.basic_rates; 451 u32 basic_rates = vif->bss_conf.basic_rates;
451 s8 baserate = basic_rates ? ffs(basic_rates) - 1 : 0; 452 s8 baserate = basic_rates ? ffs(basic_rates) - 1 : 0;
452 453
diff --git a/net/mac80211/rate.h b/net/mac80211/rate.h
index 18babe302832..38652f09feaf 100644
--- a/net/mac80211/rate.h
+++ b/net/mac80211/rate.h
@@ -37,13 +37,35 @@ static inline void rate_control_tx_status(struct ieee80211_local *local,
37 struct rate_control_ref *ref = local->rate_ctrl; 37 struct rate_control_ref *ref = local->rate_ctrl;
38 struct ieee80211_sta *ista = &sta->sta; 38 struct ieee80211_sta *ista = &sta->sta;
39 void *priv_sta = sta->rate_ctrl_priv; 39 void *priv_sta = sta->rate_ctrl_priv;
40 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
40 41
41 if (!ref || !test_sta_flag(sta, WLAN_STA_RATE_CONTROL)) 42 if (!ref || !test_sta_flag(sta, WLAN_STA_RATE_CONTROL))
42 return; 43 return;
43 44
44 ref->ops->tx_status(ref->priv, sband, ista, priv_sta, skb); 45 if (ref->ops->tx_status)
46 ref->ops->tx_status(ref->priv, sband, ista, priv_sta, skb);
47 else
48 ref->ops->tx_status_noskb(ref->priv, sband, ista, priv_sta, info);
45} 49}
46 50
51static inline void
52rate_control_tx_status_noskb(struct ieee80211_local *local,
53 struct ieee80211_supported_band *sband,
54 struct sta_info *sta,
55 struct ieee80211_tx_info *info)
56{
57 struct rate_control_ref *ref = local->rate_ctrl;
58 struct ieee80211_sta *ista = &sta->sta;
59 void *priv_sta = sta->rate_ctrl_priv;
60
61 if (!ref || !test_sta_flag(sta, WLAN_STA_RATE_CONTROL))
62 return;
63
64 if (WARN_ON_ONCE(!ref->ops->tx_status_noskb))
65 return;
66
67 ref->ops->tx_status_noskb(ref->priv, sband, ista, priv_sta, info);
68}
47 69
48static inline void rate_control_rate_init(struct sta_info *sta) 70static inline void rate_control_rate_init(struct sta_info *sta)
49{ 71{
diff --git a/net/mac80211/rc80211_minstrel.c b/net/mac80211/rc80211_minstrel.c
index c2b91bf47f6d..d51f6b1c549b 100644
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -223,11 +223,10 @@ minstrel_update_stats(struct minstrel_priv *mp, struct minstrel_sta_info *mi)
223static void 223static void
224minstrel_tx_status(void *priv, struct ieee80211_supported_band *sband, 224minstrel_tx_status(void *priv, struct ieee80211_supported_band *sband,
225 struct ieee80211_sta *sta, void *priv_sta, 225 struct ieee80211_sta *sta, void *priv_sta,
226 struct sk_buff *skb) 226 struct ieee80211_tx_info *info)
227{ 227{
228 struct minstrel_priv *mp = priv; 228 struct minstrel_priv *mp = priv;
229 struct minstrel_sta_info *mi = priv_sta; 229 struct minstrel_sta_info *mi = priv_sta;
230 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
231 struct ieee80211_tx_rate *ar = info->status.rates; 230 struct ieee80211_tx_rate *ar = info->status.rates;
232 int i, ndx; 231 int i, ndx;
233 int success; 232 int success;
@@ -674,7 +673,7 @@ static u32 minstrel_get_expected_throughput(void *priv_sta)
674 673
675const struct rate_control_ops mac80211_minstrel = { 674const struct rate_control_ops mac80211_minstrel = {
676 .name = "minstrel", 675 .name = "minstrel",
677 .tx_status = minstrel_tx_status, 676 .tx_status_noskb = minstrel_tx_status,
678 .get_rate = minstrel_get_rate, 677 .get_rate = minstrel_get_rate,
679 .rate_init = minstrel_rate_init, 678 .rate_init = minstrel_rate_init,
680 .alloc = minstrel_alloc, 679 .alloc = minstrel_alloc,
diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c
index d013429af7ce..80452cfd2dc5 100644
--- a/net/mac80211/rc80211_minstrel_ht.c
+++ b/net/mac80211/rc80211_minstrel_ht.c
@@ -706,11 +706,10 @@ minstrel_aggr_check(struct ieee80211_sta *pubsta, struct sk_buff *skb)
706static void 706static void
707minstrel_ht_tx_status(void *priv, struct ieee80211_supported_band *sband, 707minstrel_ht_tx_status(void *priv, struct ieee80211_supported_band *sband,
708 struct ieee80211_sta *sta, void *priv_sta, 708 struct ieee80211_sta *sta, void *priv_sta,
709 struct sk_buff *skb) 709 struct ieee80211_tx_info *info)
710{ 710{
711 struct minstrel_ht_sta_priv *msp = priv_sta; 711 struct minstrel_ht_sta_priv *msp = priv_sta;
712 struct minstrel_ht_sta *mi = &msp->ht; 712 struct minstrel_ht_sta *mi = &msp->ht;
713 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
714 struct ieee80211_tx_rate *ar = info->status.rates; 713 struct ieee80211_tx_rate *ar = info->status.rates;
715 struct minstrel_rate_stats *rate, *rate2; 714 struct minstrel_rate_stats *rate, *rate2;
716 struct minstrel_priv *mp = priv; 715 struct minstrel_priv *mp = priv;
@@ -718,7 +717,8 @@ minstrel_ht_tx_status(void *priv, struct ieee80211_supported_band *sband,
718 int i; 717 int i;
719 718
720 if (!msp->is_ht) 719 if (!msp->is_ht)
721 return mac80211_minstrel.tx_status(priv, sband, sta, &msp->legacy, skb); 720 return mac80211_minstrel.tx_status_noskb(priv, sband, sta,
721 &msp->legacy, info);
722 722
723 /* This packet was aggregated but doesn't carry status info */ 723 /* This packet was aggregated but doesn't carry status info */
724 if ((info->flags & IEEE80211_TX_CTL_AMPDU) && 724 if ((info->flags & IEEE80211_TX_CTL_AMPDU) &&
@@ -779,9 +779,6 @@ minstrel_ht_tx_status(void *priv, struct ieee80211_supported_band *sband,
779 if (time_after(jiffies, mi->stats_update + (mp->update_interval / 2 * HZ) / 1000)) { 779 if (time_after(jiffies, mi->stats_update + (mp->update_interval / 2 * HZ) / 1000)) {
780 update = true; 780 update = true;
781 minstrel_ht_update_stats(mp, mi); 781 minstrel_ht_update_stats(mp, mi);
782 if (!(info->flags & IEEE80211_TX_CTL_AMPDU) &&
783 mi->max_prob_rate / MCS_GROUP_RATES != MINSTREL_CCK_GROUP)
784 minstrel_aggr_check(sta, skb);
785 } 782 }
786 783
787 if (update) 784 if (update)
@@ -1023,6 +1020,10 @@ minstrel_ht_get_rate(void *priv, struct ieee80211_sta *sta, void *priv_sta,
1023 if (!msp->is_ht) 1020 if (!msp->is_ht)
1024 return mac80211_minstrel.get_rate(priv, sta, &msp->legacy, txrc); 1021 return mac80211_minstrel.get_rate(priv, sta, &msp->legacy, txrc);
1025 1022
1023 if (!(info->flags & IEEE80211_TX_CTL_AMPDU) &&
1024 mi->max_prob_rate / MCS_GROUP_RATES != MINSTREL_CCK_GROUP)
1025 minstrel_aggr_check(sta, txrc->skb);
1026
1026 info->flags |= mi->tx_flags; 1027 info->flags |= mi->tx_flags;
1027 minstrel_ht_check_cck_shortpreamble(mp, mi, txrc->short_preamble); 1028 minstrel_ht_check_cck_shortpreamble(mp, mi, txrc->short_preamble);
1028 1029
@@ -1339,7 +1340,7 @@ static u32 minstrel_ht_get_expected_throughput(void *priv_sta)
1339 1340
1340static const struct rate_control_ops mac80211_minstrel_ht = { 1341static const struct rate_control_ops mac80211_minstrel_ht = {
1341 .name = "minstrel_ht", 1342 .name = "minstrel_ht",
1342 .tx_status = minstrel_ht_tx_status, 1343 .tx_status_noskb = minstrel_ht_tx_status,
1343 .get_rate = minstrel_ht_get_rate, 1344 .get_rate = minstrel_ht_get_rate,
1344 .rate_init = minstrel_ht_rate_init, 1345 .rate_init = minstrel_ht_rate_init,
1345 .rate_update = minstrel_ht_rate_update, 1346 .rate_update = minstrel_ht_rate_update,
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index 71de2d3866cc..bb146f377ee4 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -592,10 +592,9 @@ static void ieee80211_tx_latency_end_msrmnt(struct ieee80211_local *local,
592#define STA_LOST_TDLS_PKT_THRESHOLD 10 592#define STA_LOST_TDLS_PKT_THRESHOLD 10
593#define STA_LOST_TDLS_PKT_TIME (10*HZ) /* 10secs since last ACK */ 593#define STA_LOST_TDLS_PKT_TIME (10*HZ) /* 10secs since last ACK */
594 594
595static void ieee80211_lost_packet(struct sta_info *sta, struct sk_buff *skb) 595static void ieee80211_lost_packet(struct sta_info *sta,
596 struct ieee80211_tx_info *info)
596{ 597{
597 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
598
599 /* This packet was aggregated but doesn't carry status info */ 598 /* This packet was aggregated but doesn't carry status info */
600 if ((info->flags & IEEE80211_TX_CTL_AMPDU) && 599 if ((info->flags & IEEE80211_TX_CTL_AMPDU) &&
601 !(info->flags & IEEE80211_TX_STAT_AMPDU)) 600 !(info->flags & IEEE80211_TX_STAT_AMPDU))
@@ -622,24 +621,13 @@ static void ieee80211_lost_packet(struct sta_info *sta, struct sk_buff *skb)
622 sta->lost_packets = 0; 621 sta->lost_packets = 0;
623} 622}
624 623
625void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb) 624static int ieee80211_tx_get_rates(struct ieee80211_hw *hw,
625 struct ieee80211_tx_info *info,
626 int *retry_count)
626{ 627{
627 struct sk_buff *skb2;
628 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
629 struct ieee80211_local *local = hw_to_local(hw);
630 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
631 __le16 fc;
632 struct ieee80211_supported_band *sband;
633 struct ieee80211_sub_if_data *sdata;
634 struct net_device *prev_dev = NULL;
635 struct sta_info *sta, *tmp;
636 int retry_count = -1, i;
637 int rates_idx = -1; 628 int rates_idx = -1;
638 bool send_to_cooked; 629 int count = -1;
639 bool acked; 630 int i;
640 struct ieee80211_bar *bar;
641 int rtap_len;
642 int shift = 0;
643 631
644 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) { 632 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
645 if ((info->flags & IEEE80211_TX_CTL_AMPDU) && 633 if ((info->flags & IEEE80211_TX_CTL_AMPDU) &&
@@ -657,12 +645,91 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
657 break; 645 break;
658 } 646 }
659 647
660 retry_count += info->status.rates[i].count; 648 count += info->status.rates[i].count;
661 } 649 }
662 rates_idx = i - 1; 650 rates_idx = i - 1;
663 651
664 if (retry_count < 0) 652 if (count < 0)
665 retry_count = 0; 653 count = 0;
654
655 *retry_count = count;
656 return rates_idx;
657}
658
659void ieee80211_tx_status_noskb(struct ieee80211_hw *hw,
660 struct ieee80211_sta *pubsta,
661 struct ieee80211_tx_info *info)
662{
663 struct ieee80211_local *local = hw_to_local(hw);
664 struct ieee80211_supported_band *sband;
665 int retry_count;
666 int rates_idx;
667 bool acked;
668
669 rates_idx = ieee80211_tx_get_rates(hw, info, &retry_count);
670
671 sband = hw->wiphy->bands[info->band];
672
673 acked = !!(info->flags & IEEE80211_TX_STAT_ACK);
674 if (pubsta) {
675 struct sta_info *sta;
676
677 sta = container_of(pubsta, struct sta_info, sta);
678
679 if (!acked)
680 sta->tx_retry_failed++;
681 sta->tx_retry_count += retry_count;
682
683 if (acked) {
684 sta->last_rx = jiffies;
685
686 if (sta->lost_packets)
687 sta->lost_packets = 0;
688
689 /* Track when last TDLS packet was ACKed */
690 if (test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH))
691 sta->last_tdls_pkt_time = jiffies;
692 } else {
693 ieee80211_lost_packet(sta, info);
694 }
695
696 rate_control_tx_status_noskb(local, sband, sta, info);
697 }
698
699 if (acked) {
700 local->dot11TransmittedFrameCount++;
701 if (!pubsta)
702 local->dot11MulticastTransmittedFrameCount++;
703 if (retry_count > 0)
704 local->dot11RetryCount++;
705 if (retry_count > 1)
706 local->dot11MultipleRetryCount++;
707 } else {
708 local->dot11FailedCount++;
709 }
710}
711EXPORT_SYMBOL(ieee80211_tx_status_noskb);
712
713void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
714{
715 struct sk_buff *skb2;
716 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
717 struct ieee80211_local *local = hw_to_local(hw);
718 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
719 __le16 fc;
720 struct ieee80211_supported_band *sband;
721 struct ieee80211_sub_if_data *sdata;
722 struct net_device *prev_dev = NULL;
723 struct sta_info *sta, *tmp;
724 int retry_count;
725 int rates_idx;
726 bool send_to_cooked;
727 bool acked;
728 struct ieee80211_bar *bar;
729 int rtap_len;
730 int shift = 0;
731
732 rates_idx = ieee80211_tx_get_rates(hw, info, &retry_count);
666 733
667 rcu_read_lock(); 734 rcu_read_lock();
668 735
@@ -767,7 +834,7 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
767 if (test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH)) 834 if (test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH))
768 sta->last_tdls_pkt_time = jiffies; 835 sta->last_tdls_pkt_time = jiffies;
769 } else { 836 } else {
770 ieee80211_lost_packet(sta, skb); 837 ieee80211_lost_packet(sta, info);
771 } 838 }
772 } 839 }
773 840
diff --git a/net/mac80211/trace.h b/net/mac80211/trace.h
index 85ccfbe863db..8e461a02c6a8 100644
--- a/net/mac80211/trace.h
+++ b/net/mac80211/trace.h
@@ -1829,6 +1829,12 @@ TRACE_EVENT(api_cqm_rssi_notify,
1829 ) 1829 )
1830); 1830);
1831 1831
1832DEFINE_EVENT(local_sdata_evt, api_cqm_beacon_loss_notify,
1833 TP_PROTO(struct ieee80211_local *local,
1834 struct ieee80211_sub_if_data *sdata),
1835 TP_ARGS(local, sdata)
1836);
1837
1832TRACE_EVENT(api_scan_completed, 1838TRACE_EVENT(api_scan_completed,
1833 TP_PROTO(struct ieee80211_local *local, bool aborted), 1839 TP_PROTO(struct ieee80211_local *local, bool aborted),
1834 1840
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 66ddbbeccd20..058686a721a1 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -60,7 +60,7 @@ static __le16 ieee80211_duration(struct ieee80211_tx_data *tx,
60 rcu_read_unlock(); 60 rcu_read_unlock();
61 61
62 /* assume HW handles this */ 62 /* assume HW handles this */
63 if (tx->rate.flags & IEEE80211_TX_RC_MCS) 63 if (tx->rate.flags & (IEEE80211_TX_RC_MCS | IEEE80211_TX_RC_VHT_MCS))
64 return 0; 64 return 0;
65 65
66 /* uh huh? */ 66 /* uh huh? */
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index bb9664cb8831..974ebe70f5b0 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -1339,6 +1339,7 @@ static int ieee80211_build_preq_ies_band(struct ieee80211_local *local,
1339 int ext_rates_len; 1339 int ext_rates_len;
1340 int shift; 1340 int shift;
1341 u32 rate_flags; 1341 u32 rate_flags;
1342 bool have_80mhz = false;
1342 1343
1343 *offset = 0; 1344 *offset = 0;
1344 1345
@@ -1467,7 +1468,15 @@ static int ieee80211_build_preq_ies_band(struct ieee80211_local *local,
1467 *offset = noffset; 1468 *offset = noffset;
1468 } 1469 }
1469 1470
1470 if (sband->vht_cap.vht_supported) { 1471 /* Check if any channel in this sband supports at least 80 MHz */
1472 for (i = 0; i < sband->n_channels; i++) {
1473 if (!(sband->channels[i].flags & IEEE80211_CHAN_NO_80MHZ)) {
1474 have_80mhz = true;
1475 break;
1476 }
1477 }
1478
1479 if (sband->vht_cap.vht_supported && have_80mhz) {
1471 if (end - pos < 2 + sizeof(struct ieee80211_vht_cap)) 1480 if (end - pos < 2 + sizeof(struct ieee80211_vht_cap))
1472 goto out_err; 1481 goto out_err;
1473 pos = ieee80211_ie_build_vht_cap(pos, &sband->vht_cap, 1482 pos = ieee80211_ie_build_vht_cap(pos, &sband->vht_cap,
diff --git a/net/mac802154/iface.c b/net/mac802154/iface.c
index 38dfc72d24b6..9ae893057dd7 100644
--- a/net/mac802154/iface.c
+++ b/net/mac802154/iface.c
@@ -510,11 +510,9 @@ ieee802154_if_add(struct ieee802154_local *local, const char *name,
510 if (ret) 510 if (ret)
511 goto err; 511 goto err;
512 512
513 if (ndev) { 513 ret = register_netdevice(ndev);
514 ret = register_netdevice(ndev); 514 if (ret < 0)
515 if (ret < 0) 515 goto err;
516 goto err;
517 }
518 516
519 mutex_lock(&local->iflist_mtx); 517 mutex_lock(&local->iflist_mtx);
520 list_add_tail_rcu(&sdata->list, &local->interfaces); 518 list_add_tail_rcu(&sdata->list, &local->interfaces);
diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c
index fa0d5237c2e0..dcf73958133a 100644
--- a/net/mac802154/llsec.c
+++ b/net/mac802154/llsec.c
@@ -75,8 +75,6 @@ void mac802154_llsec_destroy(struct mac802154_llsec *sec)
75 } 75 }
76} 76}
77 77
78
79
80int mac802154_llsec_get_params(struct mac802154_llsec *sec, 78int mac802154_llsec_get_params(struct mac802154_llsec *sec,
81 struct ieee802154_llsec_params *params) 79 struct ieee802154_llsec_params *params)
82{ 80{
@@ -117,8 +115,6 @@ int mac802154_llsec_set_params(struct mac802154_llsec *sec,
117 return 0; 115 return 0;
118} 116}
119 117
120
121
122static struct mac802154_llsec_key* 118static struct mac802154_llsec_key*
123llsec_key_alloc(const struct ieee802154_llsec_key *template) 119llsec_key_alloc(const struct ieee802154_llsec_key *template)
124{ 120{
@@ -294,8 +290,6 @@ int mac802154_llsec_key_del(struct mac802154_llsec *sec,
294 return -ENOENT; 290 return -ENOENT;
295} 291}
296 292
297
298
299static bool llsec_dev_use_shortaddr(__le16 short_addr) 293static bool llsec_dev_use_shortaddr(__le16 short_addr)
300{ 294{
301 return short_addr != cpu_to_le16(IEEE802154_ADDR_UNDEF) && 295 return short_addr != cpu_to_le16(IEEE802154_ADDR_UNDEF) &&
@@ -304,12 +298,12 @@ static bool llsec_dev_use_shortaddr(__le16 short_addr)
304 298
305static u32 llsec_dev_hash_short(__le16 short_addr, __le16 pan_id) 299static u32 llsec_dev_hash_short(__le16 short_addr, __le16 pan_id)
306{ 300{
307 return ((__force u16) short_addr) << 16 | (__force u16) pan_id; 301 return ((__force u16)short_addr) << 16 | (__force u16)pan_id;
308} 302}
309 303
310static u64 llsec_dev_hash_long(__le64 hwaddr) 304static u64 llsec_dev_hash_long(__le64 hwaddr)
311{ 305{
312 return (__force u64) hwaddr; 306 return (__force u64)hwaddr;
313} 307}
314 308
315static struct mac802154_llsec_device* 309static struct mac802154_llsec_device*
@@ -411,8 +405,6 @@ int mac802154_llsec_dev_del(struct mac802154_llsec *sec, __le64 device_addr)
411 return 0; 405 return 0;
412} 406}
413 407
414
415
416static struct mac802154_llsec_device_key* 408static struct mac802154_llsec_device_key*
417llsec_devkey_find(struct mac802154_llsec_device *dev, 409llsec_devkey_find(struct mac802154_llsec_device *dev,
418 const struct ieee802154_llsec_key_id *key) 410 const struct ieee802154_llsec_key_id *key)
@@ -475,8 +467,6 @@ int mac802154_llsec_devkey_del(struct mac802154_llsec *sec,
475 return 0; 467 return 0;
476} 468}
477 469
478
479
480static struct mac802154_llsec_seclevel* 470static struct mac802154_llsec_seclevel*
481llsec_find_seclevel(const struct mac802154_llsec *sec, 471llsec_find_seclevel(const struct mac802154_llsec *sec,
482 const struct ieee802154_llsec_seclevel *sl) 472 const struct ieee802154_llsec_seclevel *sl)
@@ -532,8 +522,6 @@ int mac802154_llsec_seclevel_del(struct mac802154_llsec *sec,
532 return 0; 522 return 0;
533} 523}
534 524
535
536
537static int llsec_recover_addr(struct mac802154_llsec *sec, 525static int llsec_recover_addr(struct mac802154_llsec *sec,
538 struct ieee802154_addr *addr) 526 struct ieee802154_addr *addr)
539{ 527{
@@ -609,7 +597,6 @@ found:
609 return llsec_key_get(key); 597 return llsec_key_get(key);
610} 598}
611 599
612
613static void llsec_geniv(u8 iv[16], __le64 addr, 600static void llsec_geniv(u8 iv[16], __le64 addr,
614 const struct ieee802154_sechdr *sec) 601 const struct ieee802154_sechdr *sec)
615{ 602{
@@ -786,8 +773,6 @@ fail:
786 return rc; 773 return rc;
787} 774}
788 775
789
790
791static struct mac802154_llsec_device* 776static struct mac802154_llsec_device*
792llsec_lookup_dev(struct mac802154_llsec *sec, 777llsec_lookup_dev(struct mac802154_llsec *sec,
793 const struct ieee802154_addr *addr) 778 const struct ieee802154_addr *addr)
diff --git a/net/mac802154/mib.c b/net/mac802154/mib.c
index 3596b29ead6b..5cf019a57fd7 100644
--- a/net/mac802154/mib.c
+++ b/net/mac802154/mib.c
@@ -104,7 +104,6 @@ void mac802154_dev_set_page_channel(struct net_device *dev, u8 page, u8 chan)
104 } 104 }
105} 105}
106 106
107
108int mac802154_get_params(struct net_device *dev, 107int mac802154_get_params(struct net_device *dev,
109 struct ieee802154_llsec_params *params) 108 struct ieee802154_llsec_params *params)
110{ 109{
@@ -136,7 +135,6 @@ int mac802154_set_params(struct net_device *dev,
136 return res; 135 return res;
137} 136}
138 137
139
140int mac802154_add_key(struct net_device *dev, 138int mac802154_add_key(struct net_device *dev,
141 const struct ieee802154_llsec_key_id *id, 139 const struct ieee802154_llsec_key_id *id,
142 const struct ieee802154_llsec_key *key) 140 const struct ieee802154_llsec_key *key)
@@ -168,7 +166,6 @@ int mac802154_del_key(struct net_device *dev,
168 return res; 166 return res;
169} 167}
170 168
171
172int mac802154_add_dev(struct net_device *dev, 169int mac802154_add_dev(struct net_device *dev,
173 const struct ieee802154_llsec_device *llsec_dev) 170 const struct ieee802154_llsec_device *llsec_dev)
174{ 171{
@@ -198,7 +195,6 @@ int mac802154_del_dev(struct net_device *dev, __le64 dev_addr)
198 return res; 195 return res;
199} 196}
200 197
201
202int mac802154_add_devkey(struct net_device *dev, 198int mac802154_add_devkey(struct net_device *dev,
203 __le64 device_addr, 199 __le64 device_addr,
204 const struct ieee802154_llsec_device_key *key) 200 const struct ieee802154_llsec_device_key *key)
@@ -231,7 +227,6 @@ int mac802154_del_devkey(struct net_device *dev,
231 return res; 227 return res;
232} 228}
233 229
234
235int mac802154_add_seclevel(struct net_device *dev, 230int mac802154_add_seclevel(struct net_device *dev,
236 const struct ieee802154_llsec_seclevel *sl) 231 const struct ieee802154_llsec_seclevel *sl)
237{ 232{
@@ -262,7 +257,6 @@ int mac802154_del_seclevel(struct net_device *dev,
262 return res; 257 return res;
263} 258}
264 259
265
266void mac802154_lock_table(struct net_device *dev) 260void mac802154_lock_table(struct net_device *dev)
267{ 261{
268 struct ieee802154_sub_if_data *sdata = IEEE802154_DEV_TO_SUB_IF(dev); 262 struct ieee802154_sub_if_data *sdata = IEEE802154_DEV_TO_SUB_IF(dev);
diff --git a/net/mac802154/rx.c b/net/mac802154/rx.c
index 041dbd5958d4..c0d67b2b4132 100644
--- a/net/mac802154/rx.c
+++ b/net/mac802154/rx.c
@@ -85,8 +85,7 @@ ieee802154_subif_frame(struct ieee802154_sub_if_data *sdata,
85 default: 85 default:
86 spin_unlock_bh(&sdata->mib_lock); 86 spin_unlock_bh(&sdata->mib_lock);
87 pr_debug("invalid dest mode\n"); 87 pr_debug("invalid dest mode\n");
88 kfree_skb(skb); 88 goto fail;
89 return NET_RX_DROP;
90 } 89 }
91 90
92 spin_unlock_bh(&sdata->mib_lock); 91 spin_unlock_bh(&sdata->mib_lock);
diff --git a/net/nfc/digital_dep.c b/net/nfc/digital_dep.c
index b60aa35c074f..f72be7433df3 100644
--- a/net/nfc/digital_dep.c
+++ b/net/nfc/digital_dep.c
@@ -17,6 +17,9 @@
17 17
18#include "digital.h" 18#include "digital.h"
19 19
20#define DIGITAL_NFC_DEP_N_RETRY_NACK 2
21#define DIGITAL_NFC_DEP_N_RETRY_ATN 2
22
20#define DIGITAL_NFC_DEP_FRAME_DIR_OUT 0xD4 23#define DIGITAL_NFC_DEP_FRAME_DIR_OUT 0xD4
21#define DIGITAL_NFC_DEP_FRAME_DIR_IN 0xD5 24#define DIGITAL_NFC_DEP_FRAME_DIR_IN 0xD5
22 25
@@ -32,20 +35,32 @@
32#define DIGITAL_ATR_REQ_MIN_SIZE 16 35#define DIGITAL_ATR_REQ_MIN_SIZE 16
33#define DIGITAL_ATR_REQ_MAX_SIZE 64 36#define DIGITAL_ATR_REQ_MAX_SIZE 64
34 37
35#define DIGITAL_LR_BITS_PAYLOAD_SIZE_254B 0x30 38#define DIGITAL_DID_MAX 14
36#define DIGITAL_FSL_BITS_PAYLOAD_SIZE_254B \ 39
37 (DIGITAL_LR_BITS_PAYLOAD_SIZE_254B >> 4) 40#define DIGITAL_PAYLOAD_SIZE_MAX 254
41#define DIGITAL_PAYLOAD_BITS_TO_PP(s) (((s) & 0x3) << 4)
42#define DIGITAL_PAYLOAD_PP_TO_BITS(s) (((s) >> 4) & 0x3)
43#define DIGITAL_PAYLOAD_BITS_TO_FSL(s) ((s) & 0x3)
44#define DIGITAL_PAYLOAD_FSL_TO_BITS(s) ((s) & 0x3)
45
38#define DIGITAL_GB_BIT 0x02 46#define DIGITAL_GB_BIT 0x02
39 47
48#define DIGITAL_NFC_DEP_REQ_RES_HEADROOM 2 /* SoD: [SB (NFC-A)] + LEN */
49#define DIGITAL_NFC_DEP_REQ_RES_TAILROOM 2 /* EoD: 2-byte CRC */
50
40#define DIGITAL_NFC_DEP_PFB_TYPE(pfb) ((pfb) & 0xE0) 51#define DIGITAL_NFC_DEP_PFB_TYPE(pfb) ((pfb) & 0xE0)
41 52
42#define DIGITAL_NFC_DEP_PFB_TIMEOUT_BIT 0x10 53#define DIGITAL_NFC_DEP_PFB_TIMEOUT_BIT 0x10
54#define DIGITAL_NFC_DEP_PFB_MI_BIT 0x10
55#define DIGITAL_NFC_DEP_PFB_NACK_BIT 0x10
56#define DIGITAL_NFC_DEP_PFB_DID_BIT 0x04
43 57
44#define DIGITAL_NFC_DEP_PFB_IS_TIMEOUT(pfb) \ 58#define DIGITAL_NFC_DEP_PFB_IS_TIMEOUT(pfb) \
45 ((pfb) & DIGITAL_NFC_DEP_PFB_TIMEOUT_BIT) 59 ((pfb) & DIGITAL_NFC_DEP_PFB_TIMEOUT_BIT)
46#define DIGITAL_NFC_DEP_MI_BIT_SET(pfb) ((pfb) & 0x10) 60#define DIGITAL_NFC_DEP_MI_BIT_SET(pfb) ((pfb) & DIGITAL_NFC_DEP_PFB_MI_BIT)
61#define DIGITAL_NFC_DEP_NACK_BIT_SET(pfb) ((pfb) & DIGITAL_NFC_DEP_PFB_NACK_BIT)
47#define DIGITAL_NFC_DEP_NAD_BIT_SET(pfb) ((pfb) & 0x08) 62#define DIGITAL_NFC_DEP_NAD_BIT_SET(pfb) ((pfb) & 0x08)
48#define DIGITAL_NFC_DEP_DID_BIT_SET(pfb) ((pfb) & 0x04) 63#define DIGITAL_NFC_DEP_DID_BIT_SET(pfb) ((pfb) & DIGITAL_NFC_DEP_PFB_DID_BIT)
49#define DIGITAL_NFC_DEP_PFB_PNI(pfb) ((pfb) & 0x03) 64#define DIGITAL_NFC_DEP_PFB_PNI(pfb) ((pfb) & 0x03)
50 65
51#define DIGITAL_NFC_DEP_PFB_I_PDU 0x00 66#define DIGITAL_NFC_DEP_PFB_I_PDU 0x00
@@ -97,6 +112,34 @@ struct digital_dep_req_res {
97 112
98static void digital_in_recv_dep_res(struct nfc_digital_dev *ddev, void *arg, 113static void digital_in_recv_dep_res(struct nfc_digital_dev *ddev, void *arg,
99 struct sk_buff *resp); 114 struct sk_buff *resp);
115static void digital_tg_recv_dep_req(struct nfc_digital_dev *ddev, void *arg,
116 struct sk_buff *resp);
117
118static const u8 digital_payload_bits_map[4] = {
119 [0] = 64,
120 [1] = 128,
121 [2] = 192,
122 [3] = 254
123};
124
125static u8 digital_payload_bits_to_size(u8 payload_bits)
126{
127 if (payload_bits >= ARRAY_SIZE(digital_payload_bits_map))
128 return 0;
129
130 return digital_payload_bits_map[payload_bits];
131}
132
133static u8 digital_payload_size_to_bits(u8 payload_size)
134{
135 int i;
136
137 for (i = 0; i < ARRAY_SIZE(digital_payload_bits_map); i++)
138 if (digital_payload_bits_map[i] == payload_size)
139 return i;
140
141 return 0xff;
142}
100 143
101static void digital_skb_push_dep_sod(struct nfc_digital_dev *ddev, 144static void digital_skb_push_dep_sod(struct nfc_digital_dev *ddev,
102 struct sk_buff *skb) 145 struct sk_buff *skb)
@@ -129,6 +172,106 @@ static int digital_skb_pull_dep_sod(struct nfc_digital_dev *ddev,
129 return 0; 172 return 0;
130} 173}
131 174
175static struct sk_buff *
176digital_send_dep_data_prep(struct nfc_digital_dev *ddev, struct sk_buff *skb,
177 struct digital_dep_req_res *dep_req_res,
178 struct digital_data_exch *data_exch)
179{
180 struct sk_buff *new_skb;
181
182 if (skb->len > ddev->remote_payload_max) {
183 dep_req_res->pfb |= DIGITAL_NFC_DEP_PFB_MI_BIT;
184
185 new_skb = digital_skb_alloc(ddev, ddev->remote_payload_max);
186 if (!new_skb) {
187 kfree_skb(ddev->chaining_skb);
188 ddev->chaining_skb = NULL;
189
190 return ERR_PTR(-ENOMEM);
191 }
192
193 skb_reserve(new_skb, ddev->tx_headroom + NFC_HEADER_SIZE +
194 DIGITAL_NFC_DEP_REQ_RES_HEADROOM);
195 memcpy(skb_put(new_skb, ddev->remote_payload_max), skb->data,
196 ddev->remote_payload_max);
197 skb_pull(skb, ddev->remote_payload_max);
198
199 ddev->chaining_skb = skb;
200 ddev->data_exch = data_exch;
201 } else {
202 ddev->chaining_skb = NULL;
203 new_skb = skb;
204 }
205
206 return new_skb;
207}
208
209static struct sk_buff *
210digital_recv_dep_data_gather(struct nfc_digital_dev *ddev, u8 pfb,
211 struct sk_buff *resp,
212 int (*send_ack)(struct nfc_digital_dev *ddev,
213 struct digital_data_exch
214 *data_exch),
215 struct digital_data_exch *data_exch)
216{
217 struct sk_buff *new_skb;
218 int rc;
219
220 if (DIGITAL_NFC_DEP_MI_BIT_SET(pfb) && (!ddev->chaining_skb)) {
221 ddev->chaining_skb =
222 nfc_alloc_recv_skb(8 * ddev->local_payload_max,
223 GFP_KERNEL);
224 if (!ddev->chaining_skb) {
225 rc = -ENOMEM;
226 goto error;
227 }
228 }
229
230 if (ddev->chaining_skb) {
231 if (resp->len > skb_tailroom(ddev->chaining_skb)) {
232 new_skb = skb_copy_expand(ddev->chaining_skb,
233 skb_headroom(
234 ddev->chaining_skb),
235 8 * ddev->local_payload_max,
236 GFP_KERNEL);
237 if (!new_skb) {
238 rc = -ENOMEM;
239 goto error;
240 }
241
242 kfree_skb(ddev->chaining_skb);
243 ddev->chaining_skb = new_skb;
244 }
245
246 memcpy(skb_put(ddev->chaining_skb, resp->len), resp->data,
247 resp->len);
248
249 kfree_skb(resp);
250 resp = NULL;
251
252 if (DIGITAL_NFC_DEP_MI_BIT_SET(pfb)) {
253 rc = send_ack(ddev, data_exch);
254 if (rc)
255 goto error;
256
257 return NULL;
258 }
259
260 resp = ddev->chaining_skb;
261 ddev->chaining_skb = NULL;
262 }
263
264 return resp;
265
266error:
267 kfree_skb(resp);
268
269 kfree_skb(ddev->chaining_skb);
270 ddev->chaining_skb = NULL;
271
272 return ERR_PTR(rc);
273}
274
132static void digital_in_recv_psl_res(struct nfc_digital_dev *ddev, void *arg, 275static void digital_in_recv_psl_res(struct nfc_digital_dev *ddev, void *arg,
133 struct sk_buff *resp) 276 struct sk_buff *resp)
134{ 277{
@@ -198,6 +341,8 @@ static int digital_in_send_psl_req(struct nfc_digital_dev *ddev,
198{ 341{
199 struct sk_buff *skb; 342 struct sk_buff *skb;
200 struct digital_psl_req *psl_req; 343 struct digital_psl_req *psl_req;
344 int rc;
345 u8 payload_size, payload_bits;
201 346
202 skb = digital_skb_alloc(ddev, sizeof(*psl_req)); 347 skb = digital_skb_alloc(ddev, sizeof(*psl_req));
203 if (!skb) 348 if (!skb)
@@ -211,14 +356,24 @@ static int digital_in_send_psl_req(struct nfc_digital_dev *ddev,
211 psl_req->cmd = DIGITAL_CMD_PSL_REQ; 356 psl_req->cmd = DIGITAL_CMD_PSL_REQ;
212 psl_req->did = 0; 357 psl_req->did = 0;
213 psl_req->brs = (0x2 << 3) | 0x2; /* 424F both directions */ 358 psl_req->brs = (0x2 << 3) | 0x2; /* 424F both directions */
214 psl_req->fsl = DIGITAL_FSL_BITS_PAYLOAD_SIZE_254B; 359
360 payload_size = min(ddev->local_payload_max, ddev->remote_payload_max);
361 payload_bits = digital_payload_size_to_bits(payload_size);
362 psl_req->fsl = DIGITAL_PAYLOAD_BITS_TO_FSL(payload_bits);
363
364 ddev->local_payload_max = payload_size;
365 ddev->remote_payload_max = payload_size;
215 366
216 digital_skb_push_dep_sod(ddev, skb); 367 digital_skb_push_dep_sod(ddev, skb);
217 368
218 ddev->skb_add_crc(skb); 369 ddev->skb_add_crc(skb);
219 370
220 return digital_in_send_cmd(ddev, skb, 500, digital_in_recv_psl_res, 371 rc = digital_in_send_cmd(ddev, skb, 500, digital_in_recv_psl_res,
221 target); 372 target);
373 if (rc)
374 kfree_skb(skb);
375
376 return rc;
222} 377}
223 378
224static void digital_in_recv_atr_res(struct nfc_digital_dev *ddev, void *arg, 379static void digital_in_recv_atr_res(struct nfc_digital_dev *ddev, void *arg,
@@ -226,7 +381,7 @@ static void digital_in_recv_atr_res(struct nfc_digital_dev *ddev, void *arg,
226{ 381{
227 struct nfc_target *target = arg; 382 struct nfc_target *target = arg;
228 struct digital_atr_res *atr_res; 383 struct digital_atr_res *atr_res;
229 u8 gb_len; 384 u8 gb_len, payload_bits;
230 int rc; 385 int rc;
231 386
232 if (IS_ERR(resp)) { 387 if (IS_ERR(resp)) {
@@ -256,6 +411,14 @@ static void digital_in_recv_atr_res(struct nfc_digital_dev *ddev, void *arg,
256 411
257 atr_res = (struct digital_atr_res *)resp->data; 412 atr_res = (struct digital_atr_res *)resp->data;
258 413
414 payload_bits = DIGITAL_PAYLOAD_PP_TO_BITS(atr_res->pp);
415 ddev->remote_payload_max = digital_payload_bits_to_size(payload_bits);
416
417 if (!ddev->remote_payload_max) {
418 rc = -EINVAL;
419 goto exit;
420 }
421
259 rc = nfc_set_remote_general_bytes(ddev->nfc_dev, atr_res->gb, gb_len); 422 rc = nfc_set_remote_general_bytes(ddev->nfc_dev, atr_res->gb, gb_len);
260 if (rc) 423 if (rc)
261 goto exit; 424 goto exit;
@@ -286,6 +449,8 @@ int digital_in_send_atr_req(struct nfc_digital_dev *ddev,
286 struct sk_buff *skb; 449 struct sk_buff *skb;
287 struct digital_atr_req *atr_req; 450 struct digital_atr_req *atr_req;
288 uint size; 451 uint size;
452 int rc;
453 u8 payload_bits;
289 454
290 size = DIGITAL_ATR_REQ_MIN_SIZE + gb_len; 455 size = DIGITAL_ATR_REQ_MIN_SIZE + gb_len;
291 456
@@ -314,7 +479,9 @@ int digital_in_send_atr_req(struct nfc_digital_dev *ddev,
314 atr_req->bs = 0; 479 atr_req->bs = 0;
315 atr_req->br = 0; 480 atr_req->br = 0;
316 481
317 atr_req->pp = DIGITAL_LR_BITS_PAYLOAD_SIZE_254B; 482 ddev->local_payload_max = DIGITAL_PAYLOAD_SIZE_MAX;
483 payload_bits = digital_payload_size_to_bits(ddev->local_payload_max);
484 atr_req->pp = DIGITAL_PAYLOAD_BITS_TO_PP(payload_bits);
318 485
319 if (gb_len) { 486 if (gb_len) {
320 atr_req->pp |= DIGITAL_GB_BIT; 487 atr_req->pp |= DIGITAL_GB_BIT;
@@ -325,8 +492,113 @@ int digital_in_send_atr_req(struct nfc_digital_dev *ddev,
325 492
326 ddev->skb_add_crc(skb); 493 ddev->skb_add_crc(skb);
327 494
328 return digital_in_send_cmd(ddev, skb, 500, digital_in_recv_atr_res, 495 rc = digital_in_send_cmd(ddev, skb, 500, digital_in_recv_atr_res,
329 target); 496 target);
497 if (rc)
498 kfree_skb(skb);
499
500 return rc;
501}
502
503static int digital_in_send_ack(struct nfc_digital_dev *ddev,
504 struct digital_data_exch *data_exch)
505{
506 struct digital_dep_req_res *dep_req;
507 struct sk_buff *skb;
508 int rc;
509
510 skb = digital_skb_alloc(ddev, 1);
511 if (!skb)
512 return -ENOMEM;
513
514 skb_push(skb, sizeof(struct digital_dep_req_res));
515
516 dep_req = (struct digital_dep_req_res *)skb->data;
517
518 dep_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
519 dep_req->cmd = DIGITAL_CMD_DEP_REQ;
520 dep_req->pfb = DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU |
521 ddev->curr_nfc_dep_pni;
522
523 digital_skb_push_dep_sod(ddev, skb);
524
525 ddev->skb_add_crc(skb);
526
527 ddev->saved_skb = skb_get(skb);
528 ddev->saved_skb_len = skb->len;
529
530 rc = digital_in_send_cmd(ddev, skb, 1500, digital_in_recv_dep_res,
531 data_exch);
532 if (rc) {
533 kfree_skb(skb);
534 kfree_skb(ddev->saved_skb);
535 ddev->saved_skb = NULL;
536 }
537
538 return rc;
539}
540
541static int digital_in_send_nack(struct nfc_digital_dev *ddev,
542 struct digital_data_exch *data_exch)
543{
544 struct digital_dep_req_res *dep_req;
545 struct sk_buff *skb;
546 int rc;
547
548 skb = digital_skb_alloc(ddev, 1);
549 if (!skb)
550 return -ENOMEM;
551
552 skb_push(skb, sizeof(struct digital_dep_req_res));
553
554 dep_req = (struct digital_dep_req_res *)skb->data;
555
556 dep_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
557 dep_req->cmd = DIGITAL_CMD_DEP_REQ;
558 dep_req->pfb = DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU |
559 DIGITAL_NFC_DEP_PFB_NACK_BIT | ddev->curr_nfc_dep_pni;
560
561 digital_skb_push_dep_sod(ddev, skb);
562
563 ddev->skb_add_crc(skb);
564
565 rc = digital_in_send_cmd(ddev, skb, 1500, digital_in_recv_dep_res,
566 data_exch);
567 if (rc)
568 kfree_skb(skb);
569
570 return rc;
571}
572
573static int digital_in_send_atn(struct nfc_digital_dev *ddev,
574 struct digital_data_exch *data_exch)
575{
576 struct digital_dep_req_res *dep_req;
577 struct sk_buff *skb;
578 int rc;
579
580 skb = digital_skb_alloc(ddev, 1);
581 if (!skb)
582 return -ENOMEM;
583
584 skb_push(skb, sizeof(struct digital_dep_req_res));
585
586 dep_req = (struct digital_dep_req_res *)skb->data;
587
588 dep_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
589 dep_req->cmd = DIGITAL_CMD_DEP_REQ;
590 dep_req->pfb = DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU;
591
592 digital_skb_push_dep_sod(ddev, skb);
593
594 ddev->skb_add_crc(skb);
595
596 rc = digital_in_send_cmd(ddev, skb, 1500, digital_in_recv_dep_res,
597 data_exch);
598 if (rc)
599 kfree_skb(skb);
600
601 return rc;
330} 602}
331 603
332static int digital_in_send_rtox(struct nfc_digital_dev *ddev, 604static int digital_in_send_rtox(struct nfc_digital_dev *ddev,
@@ -355,12 +627,30 @@ static int digital_in_send_rtox(struct nfc_digital_dev *ddev,
355 627
356 ddev->skb_add_crc(skb); 628 ddev->skb_add_crc(skb);
357 629
630 ddev->saved_skb = skb_get(skb);
631 ddev->saved_skb_len = skb->len;
632
358 rc = digital_in_send_cmd(ddev, skb, 1500, digital_in_recv_dep_res, 633 rc = digital_in_send_cmd(ddev, skb, 1500, digital_in_recv_dep_res,
359 data_exch); 634 data_exch);
635 if (rc) {
636 kfree_skb(skb);
637 kfree_skb(ddev->saved_skb);
638 ddev->saved_skb = NULL;
639 }
360 640
361 return rc; 641 return rc;
362} 642}
363 643
644static int digital_in_send_saved_skb(struct nfc_digital_dev *ddev,
645 struct digital_data_exch *data_exch)
646{
647 skb_get(ddev->saved_skb);
648 skb_push(ddev->saved_skb, ddev->saved_skb_len);
649
650 return digital_in_send_cmd(ddev, ddev->saved_skb, 1500,
651 digital_in_recv_dep_res, data_exch);
652}
653
364static void digital_in_recv_dep_res(struct nfc_digital_dev *ddev, void *arg, 654static void digital_in_recv_dep_res(struct nfc_digital_dev *ddev, void *arg,
365 struct sk_buff *resp) 655 struct sk_buff *resp)
366{ 656{
@@ -373,25 +663,67 @@ static void digital_in_recv_dep_res(struct nfc_digital_dev *ddev, void *arg,
373 if (IS_ERR(resp)) { 663 if (IS_ERR(resp)) {
374 rc = PTR_ERR(resp); 664 rc = PTR_ERR(resp);
375 resp = NULL; 665 resp = NULL;
666
667 if (((rc != -ETIMEDOUT) || ddev->nack_count) &&
668 (ddev->nack_count++ < DIGITAL_NFC_DEP_N_RETRY_NACK)) {
669 ddev->atn_count = 0;
670
671 rc = digital_in_send_nack(ddev, data_exch);
672 if (rc)
673 goto error;
674
675 return;
676 } else if ((rc == -ETIMEDOUT) &&
677 (ddev->atn_count++ < DIGITAL_NFC_DEP_N_RETRY_ATN)) {
678 ddev->nack_count = 0;
679
680 rc = digital_in_send_atn(ddev, data_exch);
681 if (rc)
682 goto error;
683
684 return;
685 }
686
687 goto exit;
688 }
689
690 rc = digital_skb_pull_dep_sod(ddev, resp);
691 if (rc) {
692 PROTOCOL_ERR("14.4.1.2");
376 goto exit; 693 goto exit;
377 } 694 }
378 695
379 rc = ddev->skb_check_crc(resp); 696 rc = ddev->skb_check_crc(resp);
380 if (rc) { 697 if (rc) {
698 if ((resp->len >= 4) &&
699 (ddev->nack_count++ < DIGITAL_NFC_DEP_N_RETRY_NACK)) {
700 ddev->atn_count = 0;
701
702 rc = digital_in_send_nack(ddev, data_exch);
703 if (rc)
704 goto error;
705
706 kfree_skb(resp);
707
708 return;
709 }
710
381 PROTOCOL_ERR("14.4.1.6"); 711 PROTOCOL_ERR("14.4.1.6");
382 goto error; 712 goto error;
383 } 713 }
384 714
385 rc = digital_skb_pull_dep_sod(ddev, resp); 715 ddev->atn_count = 0;
386 if (rc) { 716 ddev->nack_count = 0;
387 PROTOCOL_ERR("14.4.1.2"); 717
718 if (resp->len > ddev->local_payload_max) {
719 rc = -EMSGSIZE;
388 goto exit; 720 goto exit;
389 } 721 }
390 722
723 size = sizeof(struct digital_dep_req_res);
391 dep_res = (struct digital_dep_req_res *)resp->data; 724 dep_res = (struct digital_dep_req_res *)resp->data;
392 725
393 if (resp->len < sizeof(struct digital_dep_req_res) || 726 if (resp->len < size || dep_res->dir != DIGITAL_NFC_DEP_FRAME_DIR_IN ||
394 dep_res->dir != DIGITAL_NFC_DEP_FRAME_DIR_IN ||
395 dep_res->cmd != DIGITAL_CMD_DEP_RES) { 727 dep_res->cmd != DIGITAL_CMD_DEP_RES) {
396 rc = -EIO; 728 rc = -EIO;
397 goto error; 729 goto error;
@@ -399,6 +731,24 @@ static void digital_in_recv_dep_res(struct nfc_digital_dev *ddev, void *arg,
399 731
400 pfb = dep_res->pfb; 732 pfb = dep_res->pfb;
401 733
734 if (DIGITAL_NFC_DEP_DID_BIT_SET(pfb)) {
735 PROTOCOL_ERR("14.8.2.1");
736 rc = -EIO;
737 goto error;
738 }
739
740 if (DIGITAL_NFC_DEP_NAD_BIT_SET(pfb)) {
741 rc = -EIO;
742 goto exit;
743 }
744
745 if (size > resp->len) {
746 rc = -EIO;
747 goto error;
748 }
749
750 skb_pull(resp, size);
751
402 switch (DIGITAL_NFC_DEP_PFB_TYPE(pfb)) { 752 switch (DIGITAL_NFC_DEP_PFB_TYPE(pfb)) {
403 case DIGITAL_NFC_DEP_PFB_I_PDU: 753 case DIGITAL_NFC_DEP_PFB_I_PDU:
404 if (DIGITAL_NFC_DEP_PFB_PNI(pfb) != ddev->curr_nfc_dep_pni) { 754 if (DIGITAL_NFC_DEP_PFB_PNI(pfb) != ddev->curr_nfc_dep_pni) {
@@ -409,21 +759,71 @@ static void digital_in_recv_dep_res(struct nfc_digital_dev *ddev, void *arg,
409 759
410 ddev->curr_nfc_dep_pni = 760 ddev->curr_nfc_dep_pni =
411 DIGITAL_NFC_DEP_PFB_PNI(ddev->curr_nfc_dep_pni + 1); 761 DIGITAL_NFC_DEP_PFB_PNI(ddev->curr_nfc_dep_pni + 1);
762
763 kfree_skb(ddev->saved_skb);
764 ddev->saved_skb = NULL;
765
766 resp = digital_recv_dep_data_gather(ddev, pfb, resp,
767 digital_in_send_ack,
768 data_exch);
769 if (IS_ERR(resp)) {
770 rc = PTR_ERR(resp);
771 resp = NULL;
772 goto error;
773 }
774
775 /* If resp is NULL then we're still chaining so return and
776 * wait for the next part of the PDU. Else, the PDU is
777 * complete so pass it up.
778 */
779 if (!resp)
780 return;
781
412 rc = 0; 782 rc = 0;
413 break; 783 break;
414 784
415 case DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU: 785 case DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU:
786 if (DIGITAL_NFC_DEP_PFB_PNI(pfb) != ddev->curr_nfc_dep_pni) {
787 PROTOCOL_ERR("14.12.3.3");
788 rc = -EIO;
789 goto exit;
790 }
791
792 ddev->curr_nfc_dep_pni =
793 DIGITAL_NFC_DEP_PFB_PNI(ddev->curr_nfc_dep_pni + 1);
794
795 if (ddev->chaining_skb && !DIGITAL_NFC_DEP_NACK_BIT_SET(pfb)) {
796 kfree_skb(ddev->saved_skb);
797 ddev->saved_skb = NULL;
798
799 rc = digital_in_send_dep_req(ddev, NULL,
800 ddev->chaining_skb,
801 ddev->data_exch);
802 if (rc)
803 goto error;
804
805 return;
806 }
807
416 pr_err("Received a ACK/NACK PDU\n"); 808 pr_err("Received a ACK/NACK PDU\n");
417 rc = -EIO; 809 rc = -EINVAL;
418 goto error; 810 goto exit;
419 811
420 case DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU: 812 case DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU:
421 if (!DIGITAL_NFC_DEP_PFB_IS_TIMEOUT(pfb)) { 813 if (!DIGITAL_NFC_DEP_PFB_IS_TIMEOUT(pfb)) { /* ATN */
422 rc = -EINVAL; 814 rc = digital_in_send_saved_skb(ddev, data_exch);
423 goto error; 815 if (rc) {
816 kfree_skb(ddev->saved_skb);
817 goto error;
818 }
819
820 return;
424 } 821 }
425 822
426 rc = digital_in_send_rtox(ddev, data_exch, resp->data[3]); 823 kfree_skb(ddev->saved_skb);
824 ddev->saved_skb = NULL;
825
826 rc = digital_in_send_rtox(ddev, data_exch, resp->data[0]);
427 if (rc) 827 if (rc)
428 goto error; 828 goto error;
429 829
@@ -431,30 +831,18 @@ static void digital_in_recv_dep_res(struct nfc_digital_dev *ddev, void *arg,
431 return; 831 return;
432 } 832 }
433 833
434 if (DIGITAL_NFC_DEP_MI_BIT_SET(pfb)) {
435 pr_err("MI bit set. Chained PDU not supported\n");
436 rc = -EIO;
437 goto error;
438 }
439
440 size = sizeof(struct digital_dep_req_res);
441
442 if (DIGITAL_NFC_DEP_DID_BIT_SET(pfb))
443 size++;
444
445 if (size > resp->len) {
446 rc = -EIO;
447 goto error;
448 }
449
450 skb_pull(resp, size);
451
452exit: 834exit:
453 data_exch->cb(data_exch->cb_context, resp, rc); 835 data_exch->cb(data_exch->cb_context, resp, rc);
454 836
455error: 837error:
456 kfree(data_exch); 838 kfree(data_exch);
457 839
840 kfree_skb(ddev->chaining_skb);
841 ddev->chaining_skb = NULL;
842
843 kfree_skb(ddev->saved_skb);
844 ddev->saved_skb = NULL;
845
458 if (rc) 846 if (rc)
459 kfree_skb(resp); 847 kfree_skb(resp);
460} 848}
@@ -464,20 +852,47 @@ int digital_in_send_dep_req(struct nfc_digital_dev *ddev,
464 struct digital_data_exch *data_exch) 852 struct digital_data_exch *data_exch)
465{ 853{
466 struct digital_dep_req_res *dep_req; 854 struct digital_dep_req_res *dep_req;
855 struct sk_buff *chaining_skb, *tmp_skb;
856 int rc;
467 857
468 skb_push(skb, sizeof(struct digital_dep_req_res)); 858 skb_push(skb, sizeof(struct digital_dep_req_res));
469 859
470 dep_req = (struct digital_dep_req_res *)skb->data; 860 dep_req = (struct digital_dep_req_res *)skb->data;
861
471 dep_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT; 862 dep_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
472 dep_req->cmd = DIGITAL_CMD_DEP_REQ; 863 dep_req->cmd = DIGITAL_CMD_DEP_REQ;
473 dep_req->pfb = ddev->curr_nfc_dep_pni; 864 dep_req->pfb = ddev->curr_nfc_dep_pni;
474 865
475 digital_skb_push_dep_sod(ddev, skb); 866 ddev->atn_count = 0;
867 ddev->nack_count = 0;
476 868
477 ddev->skb_add_crc(skb); 869 chaining_skb = ddev->chaining_skb;
870
871 tmp_skb = digital_send_dep_data_prep(ddev, skb, dep_req, data_exch);
872 if (IS_ERR(tmp_skb))
873 return PTR_ERR(tmp_skb);
874
875 digital_skb_push_dep_sod(ddev, tmp_skb);
876
877 ddev->skb_add_crc(tmp_skb);
478 878
479 return digital_in_send_cmd(ddev, skb, 1500, digital_in_recv_dep_res, 879 ddev->saved_skb = skb_get(tmp_skb);
480 data_exch); 880 ddev->saved_skb_len = tmp_skb->len;
881
882 rc = digital_in_send_cmd(ddev, tmp_skb, 1500, digital_in_recv_dep_res,
883 data_exch);
884 if (rc) {
885 if (tmp_skb != skb)
886 kfree_skb(tmp_skb);
887
888 kfree_skb(chaining_skb);
889 ddev->chaining_skb = NULL;
890
891 kfree_skb(ddev->saved_skb);
892 ddev->saved_skb = NULL;
893 }
894
895 return rc;
481} 896}
482 897
483static void digital_tg_set_rf_tech(struct nfc_digital_dev *ddev, u8 rf_tech) 898static void digital_tg_set_rf_tech(struct nfc_digital_dev *ddev, u8 rf_tech)
@@ -507,11 +922,106 @@ static void digital_tg_set_rf_tech(struct nfc_digital_dev *ddev, u8 rf_tech)
507 } 922 }
508} 923}
509 924
925static int digital_tg_send_ack(struct nfc_digital_dev *ddev,
926 struct digital_data_exch *data_exch)
927{
928 struct digital_dep_req_res *dep_res;
929 struct sk_buff *skb;
930 int rc;
931
932 skb = digital_skb_alloc(ddev, 1);
933 if (!skb)
934 return -ENOMEM;
935
936 skb_push(skb, sizeof(struct digital_dep_req_res));
937
938 dep_res = (struct digital_dep_req_res *)skb->data;
939
940 dep_res->dir = DIGITAL_NFC_DEP_FRAME_DIR_IN;
941 dep_res->cmd = DIGITAL_CMD_DEP_RES;
942 dep_res->pfb = DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU |
943 ddev->curr_nfc_dep_pni;
944
945 if (ddev->did) {
946 dep_res->pfb |= DIGITAL_NFC_DEP_PFB_DID_BIT;
947
948 memcpy(skb_put(skb, sizeof(ddev->did)), &ddev->did,
949 sizeof(ddev->did));
950 }
951
952 ddev->curr_nfc_dep_pni =
953 DIGITAL_NFC_DEP_PFB_PNI(ddev->curr_nfc_dep_pni + 1);
954
955 digital_skb_push_dep_sod(ddev, skb);
956
957 ddev->skb_add_crc(skb);
958
959 ddev->saved_skb = skb_get(skb);
960 ddev->saved_skb_len = skb->len;
961
962 rc = digital_tg_send_cmd(ddev, skb, 1500, digital_tg_recv_dep_req,
963 data_exch);
964 if (rc) {
965 kfree_skb(skb);
966 kfree_skb(ddev->saved_skb);
967 ddev->saved_skb = NULL;
968 }
969
970 return rc;
971}
972
973static int digital_tg_send_atn(struct nfc_digital_dev *ddev)
974{
975 struct digital_dep_req_res *dep_res;
976 struct sk_buff *skb;
977 int rc;
978
979 skb = digital_skb_alloc(ddev, 1);
980 if (!skb)
981 return -ENOMEM;
982
983 skb_push(skb, sizeof(struct digital_dep_req_res));
984
985 dep_res = (struct digital_dep_req_res *)skb->data;
986
987 dep_res->dir = DIGITAL_NFC_DEP_FRAME_DIR_IN;
988 dep_res->cmd = DIGITAL_CMD_DEP_RES;
989 dep_res->pfb = DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU;
990
991 if (ddev->did) {
992 dep_res->pfb |= DIGITAL_NFC_DEP_PFB_DID_BIT;
993
994 memcpy(skb_put(skb, sizeof(ddev->did)), &ddev->did,
995 sizeof(ddev->did));
996 }
997
998 digital_skb_push_dep_sod(ddev, skb);
999
1000 ddev->skb_add_crc(skb);
1001
1002 rc = digital_tg_send_cmd(ddev, skb, 1500, digital_tg_recv_dep_req,
1003 NULL);
1004 if (rc)
1005 kfree_skb(skb);
1006
1007 return rc;
1008}
1009
1010static int digital_tg_send_saved_skb(struct nfc_digital_dev *ddev)
1011{
1012 skb_get(ddev->saved_skb);
1013 skb_push(ddev->saved_skb, ddev->saved_skb_len);
1014
1015 return digital_tg_send_cmd(ddev, ddev->saved_skb, 1500,
1016 digital_tg_recv_dep_req, NULL);
1017}
1018
510static void digital_tg_recv_dep_req(struct nfc_digital_dev *ddev, void *arg, 1019static void digital_tg_recv_dep_req(struct nfc_digital_dev *ddev, void *arg,
511 struct sk_buff *resp) 1020 struct sk_buff *resp)
512{ 1021{
513 int rc; 1022 int rc;
514 struct digital_dep_req_res *dep_req; 1023 struct digital_dep_req_res *dep_req;
1024 u8 pfb;
515 size_t size; 1025 size_t size;
516 1026
517 if (IS_ERR(resp)) { 1027 if (IS_ERR(resp)) {
@@ -532,6 +1042,11 @@ static void digital_tg_recv_dep_req(struct nfc_digital_dev *ddev, void *arg,
532 goto exit; 1042 goto exit;
533 } 1043 }
534 1044
1045 if (resp->len > ddev->local_payload_max) {
1046 rc = -EMSGSIZE;
1047 goto exit;
1048 }
1049
535 size = sizeof(struct digital_dep_req_res); 1050 size = sizeof(struct digital_dep_req_res);
536 dep_req = (struct digital_dep_req_res *)resp->data; 1051 dep_req = (struct digital_dep_req_res *)resp->data;
537 1052
@@ -541,34 +1056,147 @@ static void digital_tg_recv_dep_req(struct nfc_digital_dev *ddev, void *arg,
541 goto exit; 1056 goto exit;
542 } 1057 }
543 1058
544 if (DIGITAL_NFC_DEP_DID_BIT_SET(dep_req->pfb)) 1059 pfb = dep_req->pfb;
545 size++;
546 1060
547 if (resp->len < size) { 1061 if (DIGITAL_NFC_DEP_DID_BIT_SET(pfb)) {
1062 if (ddev->did && (ddev->did == resp->data[3])) {
1063 size++;
1064 } else {
1065 rc = -EIO;
1066 goto exit;
1067 }
1068 } else if (ddev->did) {
548 rc = -EIO; 1069 rc = -EIO;
549 goto exit; 1070 goto exit;
550 } 1071 }
551 1072
552 switch (DIGITAL_NFC_DEP_PFB_TYPE(dep_req->pfb)) { 1073 if (DIGITAL_NFC_DEP_NAD_BIT_SET(pfb)) {
1074 rc = -EIO;
1075 goto exit;
1076 }
1077
1078 if (size > resp->len) {
1079 rc = -EIO;
1080 goto exit;
1081 }
1082
1083 skb_pull(resp, size);
1084
1085 switch (DIGITAL_NFC_DEP_PFB_TYPE(pfb)) {
553 case DIGITAL_NFC_DEP_PFB_I_PDU: 1086 case DIGITAL_NFC_DEP_PFB_I_PDU:
554 pr_debug("DIGITAL_NFC_DEP_PFB_I_PDU\n"); 1087 pr_debug("DIGITAL_NFC_DEP_PFB_I_PDU\n");
555 ddev->curr_nfc_dep_pni = DIGITAL_NFC_DEP_PFB_PNI(dep_req->pfb); 1088
1089 if ((ddev->atn_count && (DIGITAL_NFC_DEP_PFB_PNI(pfb - 1) !=
1090 ddev->curr_nfc_dep_pni)) ||
1091 (DIGITAL_NFC_DEP_PFB_PNI(pfb) != ddev->curr_nfc_dep_pni)) {
1092 PROTOCOL_ERR("14.12.3.4");
1093 rc = -EIO;
1094 goto exit;
1095 }
1096
1097 if (ddev->atn_count) {
1098 ddev->atn_count = 0;
1099
1100 rc = digital_tg_send_saved_skb(ddev);
1101 if (rc)
1102 goto exit;
1103
1104 return;
1105 }
1106
1107 kfree_skb(ddev->saved_skb);
1108 ddev->saved_skb = NULL;
1109
1110 resp = digital_recv_dep_data_gather(ddev, pfb, resp,
1111 digital_tg_send_ack, NULL);
1112 if (IS_ERR(resp)) {
1113 rc = PTR_ERR(resp);
1114 resp = NULL;
1115 goto exit;
1116 }
1117
1118 /* If resp is NULL then we're still chaining so return and
1119 * wait for the next part of the PDU. Else, the PDU is
1120 * complete so pass it up.
1121 */
1122 if (!resp)
1123 return;
1124
1125 rc = 0;
556 break; 1126 break;
557 case DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU: 1127 case DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU:
558 pr_err("Received a ACK/NACK PDU\n"); 1128 if (!DIGITAL_NFC_DEP_NACK_BIT_SET(pfb)) { /* ACK */
559 rc = -EINVAL; 1129 if ((ddev->atn_count &&
560 goto exit; 1130 (DIGITAL_NFC_DEP_PFB_PNI(pfb - 1) !=
1131 ddev->curr_nfc_dep_pni)) ||
1132 (DIGITAL_NFC_DEP_PFB_PNI(pfb) !=
1133 ddev->curr_nfc_dep_pni) ||
1134 !ddev->chaining_skb || !ddev->saved_skb) {
1135 rc = -EIO;
1136 goto exit;
1137 }
1138
1139 if (ddev->atn_count) {
1140 ddev->atn_count = 0;
1141
1142 rc = digital_tg_send_saved_skb(ddev);
1143 if (rc)
1144 goto exit;
1145
1146 return;
1147 }
1148
1149 kfree_skb(ddev->saved_skb);
1150 ddev->saved_skb = NULL;
1151
1152 rc = digital_tg_send_dep_res(ddev, ddev->chaining_skb);
1153 if (rc)
1154 goto exit;
1155 } else { /* NACK */
1156 if ((DIGITAL_NFC_DEP_PFB_PNI(pfb + 1) !=
1157 ddev->curr_nfc_dep_pni) ||
1158 !ddev->saved_skb) {
1159 rc = -EIO;
1160 goto exit;
1161 }
1162
1163 ddev->atn_count = 0;
1164
1165 rc = digital_tg_send_saved_skb(ddev);
1166 if (rc) {
1167 kfree_skb(ddev->saved_skb);
1168 goto exit;
1169 }
1170 }
1171
1172 return;
561 case DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU: 1173 case DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU:
562 pr_err("Received a SUPERVISOR PDU\n"); 1174 if (DIGITAL_NFC_DEP_PFB_IS_TIMEOUT(pfb)) {
563 rc = -EINVAL; 1175 rc = -EINVAL;
564 goto exit; 1176 goto exit;
565 } 1177 }
566 1178
567 skb_pull(resp, size); 1179 rc = digital_tg_send_atn(ddev);
1180 if (rc)
1181 goto exit;
1182
1183 ddev->atn_count++;
1184
1185 kfree_skb(resp);
1186 return;
1187 }
568 1188
569 rc = nfc_tm_data_received(ddev->nfc_dev, resp); 1189 rc = nfc_tm_data_received(ddev->nfc_dev, resp);
570 1190
571exit: 1191exit:
1192 kfree_skb(ddev->chaining_skb);
1193 ddev->chaining_skb = NULL;
1194
1195 ddev->atn_count = 0;
1196
1197 kfree_skb(ddev->saved_skb);
1198 ddev->saved_skb = NULL;
1199
572 if (rc) 1200 if (rc)
573 kfree_skb(resp); 1201 kfree_skb(resp);
574} 1202}
@@ -576,20 +1204,54 @@ exit:
576int digital_tg_send_dep_res(struct nfc_digital_dev *ddev, struct sk_buff *skb) 1204int digital_tg_send_dep_res(struct nfc_digital_dev *ddev, struct sk_buff *skb)
577{ 1205{
578 struct digital_dep_req_res *dep_res; 1206 struct digital_dep_req_res *dep_res;
1207 struct sk_buff *chaining_skb, *tmp_skb;
1208 int rc;
579 1209
580 skb_push(skb, sizeof(struct digital_dep_req_res)); 1210 skb_push(skb, sizeof(struct digital_dep_req_res));
1211
581 dep_res = (struct digital_dep_req_res *)skb->data; 1212 dep_res = (struct digital_dep_req_res *)skb->data;
582 1213
583 dep_res->dir = DIGITAL_NFC_DEP_FRAME_DIR_IN; 1214 dep_res->dir = DIGITAL_NFC_DEP_FRAME_DIR_IN;
584 dep_res->cmd = DIGITAL_CMD_DEP_RES; 1215 dep_res->cmd = DIGITAL_CMD_DEP_RES;
585 dep_res->pfb = ddev->curr_nfc_dep_pni; 1216 dep_res->pfb = ddev->curr_nfc_dep_pni;
586 1217
587 digital_skb_push_dep_sod(ddev, skb); 1218 if (ddev->did) {
1219 dep_res->pfb |= DIGITAL_NFC_DEP_PFB_DID_BIT;
588 1220
589 ddev->skb_add_crc(skb); 1221 memcpy(skb_put(skb, sizeof(ddev->did)), &ddev->did,
1222 sizeof(ddev->did));
1223 }
1224
1225 ddev->curr_nfc_dep_pni =
1226 DIGITAL_NFC_DEP_PFB_PNI(ddev->curr_nfc_dep_pni + 1);
1227
1228 chaining_skb = ddev->chaining_skb;
1229
1230 tmp_skb = digital_send_dep_data_prep(ddev, skb, dep_res, NULL);
1231 if (IS_ERR(tmp_skb))
1232 return PTR_ERR(tmp_skb);
1233
1234 digital_skb_push_dep_sod(ddev, tmp_skb);
1235
1236 ddev->skb_add_crc(tmp_skb);
1237
1238 ddev->saved_skb = skb_get(tmp_skb);
1239 ddev->saved_skb_len = tmp_skb->len;
1240
1241 rc = digital_tg_send_cmd(ddev, tmp_skb, 1500, digital_tg_recv_dep_req,
1242 NULL);
1243 if (rc) {
1244 if (tmp_skb != skb)
1245 kfree_skb(tmp_skb);
1246
1247 kfree_skb(chaining_skb);
1248 ddev->chaining_skb = NULL;
590 1249
591 return digital_tg_send_cmd(ddev, skb, 1500, digital_tg_recv_dep_req, 1250 kfree_skb(ddev->saved_skb);
592 NULL); 1251 ddev->saved_skb = NULL;
1252 }
1253
1254 return rc;
593} 1255}
594 1256
595static void digital_tg_send_psl_res_complete(struct nfc_digital_dev *ddev, 1257static void digital_tg_send_psl_res_complete(struct nfc_digital_dev *ddev,
@@ -632,9 +1294,10 @@ static int digital_tg_send_psl_res(struct nfc_digital_dev *ddev, u8 did,
632 1294
633 ddev->skb_add_crc(skb); 1295 ddev->skb_add_crc(skb);
634 1296
1297 ddev->curr_nfc_dep_pni = 0;
1298
635 rc = digital_tg_send_cmd(ddev, skb, 0, digital_tg_send_psl_res_complete, 1299 rc = digital_tg_send_cmd(ddev, skb, 0, digital_tg_send_psl_res_complete,
636 (void *)(unsigned long)rf_tech); 1300 (void *)(unsigned long)rf_tech);
637
638 if (rc) 1301 if (rc)
639 kfree_skb(skb); 1302 kfree_skb(skb);
640 1303
@@ -647,7 +1310,7 @@ static void digital_tg_recv_psl_req(struct nfc_digital_dev *ddev, void *arg,
647 int rc; 1310 int rc;
648 struct digital_psl_req *psl_req; 1311 struct digital_psl_req *psl_req;
649 u8 rf_tech; 1312 u8 rf_tech;
650 u8 dsi; 1313 u8 dsi, payload_size, payload_bits;
651 1314
652 if (IS_ERR(resp)) { 1315 if (IS_ERR(resp)) {
653 rc = PTR_ERR(resp); 1316 rc = PTR_ERR(resp);
@@ -692,6 +1355,18 @@ static void digital_tg_recv_psl_req(struct nfc_digital_dev *ddev, void *arg,
692 goto exit; 1355 goto exit;
693 } 1356 }
694 1357
1358 payload_bits = DIGITAL_PAYLOAD_FSL_TO_BITS(psl_req->fsl);
1359 payload_size = digital_payload_bits_to_size(payload_bits);
1360
1361 if (!payload_size || (payload_size > min(ddev->local_payload_max,
1362 ddev->remote_payload_max))) {
1363 rc = -EINVAL;
1364 goto exit;
1365 }
1366
1367 ddev->local_payload_max = payload_size;
1368 ddev->remote_payload_max = payload_size;
1369
695 rc = digital_tg_send_psl_res(ddev, psl_req->did, rf_tech); 1370 rc = digital_tg_send_psl_res(ddev, psl_req->did, rf_tech);
696 1371
697exit: 1372exit:
@@ -712,6 +1387,8 @@ static void digital_tg_send_atr_res_complete(struct nfc_digital_dev *ddev,
712 if (resp->data[0] == DIGITAL_NFC_DEP_NFCA_SOD_SB) 1387 if (resp->data[0] == DIGITAL_NFC_DEP_NFCA_SOD_SB)
713 offset++; 1388 offset++;
714 1389
1390 ddev->atn_count = 0;
1391
715 if (resp->data[offset] == DIGITAL_CMD_PSL_REQ) 1392 if (resp->data[offset] == DIGITAL_CMD_PSL_REQ)
716 digital_tg_recv_psl_req(ddev, arg, resp); 1393 digital_tg_recv_psl_req(ddev, arg, resp);
717 else 1394 else
@@ -723,7 +1400,7 @@ static int digital_tg_send_atr_res(struct nfc_digital_dev *ddev,
723{ 1400{
724 struct digital_atr_res *atr_res; 1401 struct digital_atr_res *atr_res;
725 struct sk_buff *skb; 1402 struct sk_buff *skb;
726 u8 *gb; 1403 u8 *gb, payload_bits;
727 size_t gb_len; 1404 size_t gb_len;
728 int rc; 1405 int rc;
729 1406
@@ -744,7 +1421,11 @@ static int digital_tg_send_atr_res(struct nfc_digital_dev *ddev,
744 atr_res->cmd = DIGITAL_CMD_ATR_RES; 1421 atr_res->cmd = DIGITAL_CMD_ATR_RES;
745 memcpy(atr_res->nfcid3, atr_req->nfcid3, sizeof(atr_req->nfcid3)); 1422 memcpy(atr_res->nfcid3, atr_req->nfcid3, sizeof(atr_req->nfcid3));
746 atr_res->to = 8; 1423 atr_res->to = 8;
747 atr_res->pp = DIGITAL_LR_BITS_PAYLOAD_SIZE_254B; 1424
1425 ddev->local_payload_max = DIGITAL_PAYLOAD_SIZE_MAX;
1426 payload_bits = digital_payload_size_to_bits(ddev->local_payload_max);
1427 atr_res->pp = DIGITAL_PAYLOAD_BITS_TO_PP(payload_bits);
1428
748 if (gb_len) { 1429 if (gb_len) {
749 skb_put(skb, gb_len); 1430 skb_put(skb, gb_len);
750 1431
@@ -756,12 +1437,12 @@ static int digital_tg_send_atr_res(struct nfc_digital_dev *ddev,
756 1437
757 ddev->skb_add_crc(skb); 1438 ddev->skb_add_crc(skb);
758 1439
1440 ddev->curr_nfc_dep_pni = 0;
1441
759 rc = digital_tg_send_cmd(ddev, skb, 999, 1442 rc = digital_tg_send_cmd(ddev, skb, 999,
760 digital_tg_send_atr_res_complete, NULL); 1443 digital_tg_send_atr_res_complete, NULL);
761 if (rc) { 1444 if (rc)
762 kfree_skb(skb); 1445 kfree_skb(skb);
763 return rc;
764 }
765 1446
766 return rc; 1447 return rc;
767} 1448}
@@ -772,7 +1453,7 @@ void digital_tg_recv_atr_req(struct nfc_digital_dev *ddev, void *arg,
772 int rc; 1453 int rc;
773 struct digital_atr_req *atr_req; 1454 struct digital_atr_req *atr_req;
774 size_t gb_len, min_size; 1455 size_t gb_len, min_size;
775 u8 poll_tech_count; 1456 u8 poll_tech_count, payload_bits;
776 1457
777 if (IS_ERR(resp)) { 1458 if (IS_ERR(resp)) {
778 rc = PTR_ERR(resp); 1459 rc = PTR_ERR(resp);
@@ -815,11 +1496,22 @@ void digital_tg_recv_atr_req(struct nfc_digital_dev *ddev, void *arg,
815 atr_req = (struct digital_atr_req *)resp->data; 1496 atr_req = (struct digital_atr_req *)resp->data;
816 1497
817 if (atr_req->dir != DIGITAL_NFC_DEP_FRAME_DIR_OUT || 1498 if (atr_req->dir != DIGITAL_NFC_DEP_FRAME_DIR_OUT ||
818 atr_req->cmd != DIGITAL_CMD_ATR_REQ) { 1499 atr_req->cmd != DIGITAL_CMD_ATR_REQ ||
1500 atr_req->did > DIGITAL_DID_MAX) {
819 rc = -EINVAL; 1501 rc = -EINVAL;
820 goto exit; 1502 goto exit;
821 } 1503 }
822 1504
1505 payload_bits = DIGITAL_PAYLOAD_PP_TO_BITS(atr_req->pp);
1506 ddev->remote_payload_max = digital_payload_bits_to_size(payload_bits);
1507
1508 if (!ddev->remote_payload_max) {
1509 rc = -EINVAL;
1510 goto exit;
1511 }
1512
1513 ddev->did = atr_req->did;
1514
823 rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING, 1515 rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
824 NFC_DIGITAL_FRAMING_NFC_DEP_ACTIVATED); 1516 NFC_DIGITAL_FRAMING_NFC_DEP_ACTIVATED);
825 if (rc) 1517 if (rc)
diff --git a/net/nfc/hci/command.c b/net/nfc/hci/command.c
index 677d24bb70f8..91df487aa0a9 100644
--- a/net/nfc/hci/command.c
+++ b/net/nfc/hci/command.c
@@ -345,6 +345,9 @@ int nfc_hci_connect_gate(struct nfc_hci_dev *hdev, u8 dest_host, u8 dest_gate,
345 345
346 pr_debug("\n"); 346 pr_debug("\n");
347 347
348 if (hdev->gate2pipe[dest_gate] == NFC_HCI_DO_NOT_CREATE_PIPE)
349 return 0;
350
348 if (hdev->gate2pipe[dest_gate] != NFC_HCI_INVALID_PIPE) 351 if (hdev->gate2pipe[dest_gate] != NFC_HCI_INVALID_PIPE)
349 return -EADDRINUSE; 352 return -EADDRINUSE;
350 353
diff --git a/net/nfc/hci/core.c b/net/nfc/hci/core.c
index 117708263ced..ef50e7716c4a 100644
--- a/net/nfc/hci/core.c
+++ b/net/nfc/hci/core.c
@@ -167,6 +167,48 @@ exit:
167void nfc_hci_cmd_received(struct nfc_hci_dev *hdev, u8 pipe, u8 cmd, 167void nfc_hci_cmd_received(struct nfc_hci_dev *hdev, u8 pipe, u8 cmd,
168 struct sk_buff *skb) 168 struct sk_buff *skb)
169{ 169{
170 int r = 0;
171 u8 gate = nfc_hci_pipe2gate(hdev, pipe);
172 u8 local_gate, new_pipe;
173 u8 gate_opened = 0x00;
174
175 pr_debug("from gate %x pipe %x cmd %x\n", gate, pipe, cmd);
176
177 switch (cmd) {
178 case NFC_HCI_ADM_NOTIFY_PIPE_CREATED:
179 if (skb->len != 5) {
180 r = -EPROTO;
181 break;
182 }
183
184 local_gate = skb->data[3];
185 new_pipe = skb->data[4];
186 nfc_hci_send_response(hdev, gate, NFC_HCI_ANY_OK, NULL, 0);
187
188 /* save the new created pipe and bind with local gate,
189 * the description for skb->data[3] is destination gate id
190 * but since we received this cmd from host controller, we
191 * are the destination and it is our local gate
192 */
193 hdev->gate2pipe[local_gate] = new_pipe;
194 break;
195 case NFC_HCI_ANY_OPEN_PIPE:
196 /* if the pipe is already created, we allow remote host to
197 * open it
198 */
199 if (gate != 0xff)
200 nfc_hci_send_response(hdev, gate, NFC_HCI_ANY_OK,
201 &gate_opened, 1);
202 break;
203 case NFC_HCI_ADM_NOTIFY_ALL_PIPE_CLEARED:
204 nfc_hci_send_response(hdev, gate, NFC_HCI_ANY_OK, NULL, 0);
205 break;
206 default:
207 pr_info("Discarded unknown cmd %x to gate %x\n", cmd, gate);
208 r = -EINVAL;
209 break;
210 }
211
170 kfree_skb(skb); 212 kfree_skb(skb);
171} 213}
172 214
@@ -717,6 +759,19 @@ static int hci_disable_se(struct nfc_dev *nfc_dev, u32 se_idx)
717 return 0; 759 return 0;
718} 760}
719 761
762static int hci_se_io(struct nfc_dev *nfc_dev, u32 se_idx,
763 u8 *apdu, size_t apdu_length,
764 se_io_cb_t cb, void *cb_context)
765{
766 struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
767
768 if (hdev->ops->se_io)
769 return hdev->ops->se_io(hdev, se_idx, apdu,
770 apdu_length, cb, cb_context);
771
772 return 0;
773}
774
720static void nfc_hci_failure(struct nfc_hci_dev *hdev, int err) 775static void nfc_hci_failure(struct nfc_hci_dev *hdev, int err)
721{ 776{
722 mutex_lock(&hdev->msg_tx_mutex); 777 mutex_lock(&hdev->msg_tx_mutex);
@@ -830,6 +885,7 @@ static struct nfc_ops hci_nfc_ops = {
830 .discover_se = hci_discover_se, 885 .discover_se = hci_discover_se,
831 .enable_se = hci_enable_se, 886 .enable_se = hci_enable_se,
832 .disable_se = hci_disable_se, 887 .disable_se = hci_disable_se,
888 .se_io = hci_se_io,
833}; 889};
834 890
835struct nfc_hci_dev *nfc_hci_allocate_device(struct nfc_hci_ops *ops, 891struct nfc_hci_dev *nfc_hci_allocate_device(struct nfc_hci_ops *ops,
diff --git a/net/nfc/llcp_commands.c b/net/nfc/llcp_commands.c
index c4da0c2d8a14..3621a902cb6e 100644
--- a/net/nfc/llcp_commands.c
+++ b/net/nfc/llcp_commands.c
@@ -401,7 +401,8 @@ int nfc_llcp_send_connect(struct nfc_llcp_sock *sock)
401 u8 *miux_tlv = NULL, miux_tlv_length; 401 u8 *miux_tlv = NULL, miux_tlv_length;
402 u8 *rw_tlv = NULL, rw_tlv_length, rw; 402 u8 *rw_tlv = NULL, rw_tlv_length, rw;
403 int err; 403 int err;
404 u16 size = 0, miux; 404 u16 size = 0;
405 __be16 miux;
405 406
406 pr_debug("Sending CONNECT\n"); 407 pr_debug("Sending CONNECT\n");
407 408
@@ -465,7 +466,8 @@ int nfc_llcp_send_cc(struct nfc_llcp_sock *sock)
465 u8 *miux_tlv = NULL, miux_tlv_length; 466 u8 *miux_tlv = NULL, miux_tlv_length;
466 u8 *rw_tlv = NULL, rw_tlv_length, rw; 467 u8 *rw_tlv = NULL, rw_tlv_length, rw;
467 int err; 468 int err;
468 u16 size = 0, miux; 469 u16 size = 0;
470 __be16 miux;
469 471
470 pr_debug("Sending CC\n"); 472 pr_debug("Sending CC\n");
471 473
diff --git a/net/nfc/llcp_core.c b/net/nfc/llcp_core.c
index 51e788797317..b18f07ccb504 100644
--- a/net/nfc/llcp_core.c
+++ b/net/nfc/llcp_core.c
@@ -1,5 +1,6 @@
1/* 1/*
2 * Copyright (C) 2011 Intel Corporation. All rights reserved. 2 * Copyright (C) 2011 Intel Corporation. All rights reserved.
3 * Copyright (C) 2014 Marvell International Ltd.
3 * 4 *
4 * This program is free software; you can redistribute it and/or modify 5 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by 6 * it under the terms of the GNU General Public License as published by
@@ -1511,8 +1512,10 @@ int nfc_llcp_data_received(struct nfc_dev *dev, struct sk_buff *skb)
1511 struct nfc_llcp_local *local; 1512 struct nfc_llcp_local *local;
1512 1513
1513 local = nfc_llcp_find_local(dev); 1514 local = nfc_llcp_find_local(dev);
1514 if (local == NULL) 1515 if (local == NULL) {
1516 kfree_skb(skb);
1515 return -ENODEV; 1517 return -ENODEV;
1518 }
1516 1519
1517 __nfc_llcp_recv(local, skb); 1520 __nfc_llcp_recv(local, skb);
1518 1521
diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c
index 83bc785d5855..e181e290427c 100644
--- a/net/nfc/llcp_sock.c
+++ b/net/nfc/llcp_sock.c
@@ -524,13 +524,13 @@ static int llcp_sock_getname(struct socket *sock, struct sockaddr *uaddr,
524 524
525static inline unsigned int llcp_accept_poll(struct sock *parent) 525static inline unsigned int llcp_accept_poll(struct sock *parent)
526{ 526{
527 struct nfc_llcp_sock *llcp_sock, *n, *parent_sock; 527 struct nfc_llcp_sock *llcp_sock, *parent_sock;
528 struct sock *sk; 528 struct sock *sk;
529 529
530 parent_sock = nfc_llcp_sock(parent); 530 parent_sock = nfc_llcp_sock(parent);
531 531
532 list_for_each_entry_safe(llcp_sock, n, &parent_sock->accept_queue, 532 list_for_each_entry(llcp_sock, &parent_sock->accept_queue,
533 accept_queue) { 533 accept_queue) {
534 sk = &llcp_sock->sk; 534 sk = &llcp_sock->sk;
535 535
536 if (sk->sk_state == LLCP_CONNECTED) 536 if (sk->sk_state == LLCP_CONNECTED)
diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
index 90b16cb40058..51feb5e63008 100644
--- a/net/nfc/nci/core.c
+++ b/net/nfc/nci/core.c
@@ -3,6 +3,7 @@
3 * NFC Controller (NFCC) and a Device Host (DH). 3 * NFC Controller (NFCC) and a Device Host (DH).
4 * 4 *
5 * Copyright (C) 2011 Texas Instruments, Inc. 5 * Copyright (C) 2011 Texas Instruments, Inc.
6 * Copyright (C) 2014 Marvell International Ltd.
6 * 7 *
7 * Written by Ilan Elias <ilane@ti.com> 8 * Written by Ilan Elias <ilane@ti.com>
8 * 9 *
@@ -196,18 +197,24 @@ static void nci_set_config_req(struct nci_dev *ndev, unsigned long opt)
196 nci_send_cmd(ndev, NCI_OP_CORE_SET_CONFIG_CMD, (3 + param->len), &cmd); 197 nci_send_cmd(ndev, NCI_OP_CORE_SET_CONFIG_CMD, (3 + param->len), &cmd);
197} 198}
198 199
200struct nci_rf_discover_param {
201 __u32 im_protocols;
202 __u32 tm_protocols;
203};
204
199static void nci_rf_discover_req(struct nci_dev *ndev, unsigned long opt) 205static void nci_rf_discover_req(struct nci_dev *ndev, unsigned long opt)
200{ 206{
207 struct nci_rf_discover_param *param =
208 (struct nci_rf_discover_param *)opt;
201 struct nci_rf_disc_cmd cmd; 209 struct nci_rf_disc_cmd cmd;
202 __u32 protocols = opt;
203 210
204 cmd.num_disc_configs = 0; 211 cmd.num_disc_configs = 0;
205 212
206 if ((cmd.num_disc_configs < NCI_MAX_NUM_RF_CONFIGS) && 213 if ((cmd.num_disc_configs < NCI_MAX_NUM_RF_CONFIGS) &&
207 (protocols & NFC_PROTO_JEWEL_MASK || 214 (param->im_protocols & NFC_PROTO_JEWEL_MASK ||
208 protocols & NFC_PROTO_MIFARE_MASK || 215 param->im_protocols & NFC_PROTO_MIFARE_MASK ||
209 protocols & NFC_PROTO_ISO14443_MASK || 216 param->im_protocols & NFC_PROTO_ISO14443_MASK ||
210 protocols & NFC_PROTO_NFC_DEP_MASK)) { 217 param->im_protocols & NFC_PROTO_NFC_DEP_MASK)) {
211 cmd.disc_configs[cmd.num_disc_configs].rf_tech_and_mode = 218 cmd.disc_configs[cmd.num_disc_configs].rf_tech_and_mode =
212 NCI_NFC_A_PASSIVE_POLL_MODE; 219 NCI_NFC_A_PASSIVE_POLL_MODE;
213 cmd.disc_configs[cmd.num_disc_configs].frequency = 1; 220 cmd.disc_configs[cmd.num_disc_configs].frequency = 1;
@@ -215,7 +222,7 @@ static void nci_rf_discover_req(struct nci_dev *ndev, unsigned long opt)
215 } 222 }
216 223
217 if ((cmd.num_disc_configs < NCI_MAX_NUM_RF_CONFIGS) && 224 if ((cmd.num_disc_configs < NCI_MAX_NUM_RF_CONFIGS) &&
218 (protocols & NFC_PROTO_ISO14443_B_MASK)) { 225 (param->im_protocols & NFC_PROTO_ISO14443_B_MASK)) {
219 cmd.disc_configs[cmd.num_disc_configs].rf_tech_and_mode = 226 cmd.disc_configs[cmd.num_disc_configs].rf_tech_and_mode =
220 NCI_NFC_B_PASSIVE_POLL_MODE; 227 NCI_NFC_B_PASSIVE_POLL_MODE;
221 cmd.disc_configs[cmd.num_disc_configs].frequency = 1; 228 cmd.disc_configs[cmd.num_disc_configs].frequency = 1;
@@ -223,8 +230,8 @@ static void nci_rf_discover_req(struct nci_dev *ndev, unsigned long opt)
223 } 230 }
224 231
225 if ((cmd.num_disc_configs < NCI_MAX_NUM_RF_CONFIGS) && 232 if ((cmd.num_disc_configs < NCI_MAX_NUM_RF_CONFIGS) &&
226 (protocols & NFC_PROTO_FELICA_MASK || 233 (param->im_protocols & NFC_PROTO_FELICA_MASK ||
227 protocols & NFC_PROTO_NFC_DEP_MASK)) { 234 param->im_protocols & NFC_PROTO_NFC_DEP_MASK)) {
228 cmd.disc_configs[cmd.num_disc_configs].rf_tech_and_mode = 235 cmd.disc_configs[cmd.num_disc_configs].rf_tech_and_mode =
229 NCI_NFC_F_PASSIVE_POLL_MODE; 236 NCI_NFC_F_PASSIVE_POLL_MODE;
230 cmd.disc_configs[cmd.num_disc_configs].frequency = 1; 237 cmd.disc_configs[cmd.num_disc_configs].frequency = 1;
@@ -232,13 +239,25 @@ static void nci_rf_discover_req(struct nci_dev *ndev, unsigned long opt)
232 } 239 }
233 240
234 if ((cmd.num_disc_configs < NCI_MAX_NUM_RF_CONFIGS) && 241 if ((cmd.num_disc_configs < NCI_MAX_NUM_RF_CONFIGS) &&
235 (protocols & NFC_PROTO_ISO15693_MASK)) { 242 (param->im_protocols & NFC_PROTO_ISO15693_MASK)) {
236 cmd.disc_configs[cmd.num_disc_configs].rf_tech_and_mode = 243 cmd.disc_configs[cmd.num_disc_configs].rf_tech_and_mode =
237 NCI_NFC_V_PASSIVE_POLL_MODE; 244 NCI_NFC_V_PASSIVE_POLL_MODE;
238 cmd.disc_configs[cmd.num_disc_configs].frequency = 1; 245 cmd.disc_configs[cmd.num_disc_configs].frequency = 1;
239 cmd.num_disc_configs++; 246 cmd.num_disc_configs++;
240 } 247 }
241 248
249 if ((cmd.num_disc_configs < NCI_MAX_NUM_RF_CONFIGS - 1) &&
250 (param->tm_protocols & NFC_PROTO_NFC_DEP_MASK)) {
251 cmd.disc_configs[cmd.num_disc_configs].rf_tech_and_mode =
252 NCI_NFC_A_PASSIVE_LISTEN_MODE;
253 cmd.disc_configs[cmd.num_disc_configs].frequency = 1;
254 cmd.num_disc_configs++;
255 cmd.disc_configs[cmd.num_disc_configs].rf_tech_and_mode =
256 NCI_NFC_F_PASSIVE_LISTEN_MODE;
257 cmd.disc_configs[cmd.num_disc_configs].frequency = 1;
258 cmd.num_disc_configs++;
259 }
260
242 nci_send_cmd(ndev, NCI_OP_RF_DISCOVER_CMD, 261 nci_send_cmd(ndev, NCI_OP_RF_DISCOVER_CMD,
243 (1 + (cmd.num_disc_configs * sizeof(struct disc_config))), 262 (1 + (cmd.num_disc_configs * sizeof(struct disc_config))),
244 &cmd); 263 &cmd);
@@ -280,7 +299,7 @@ static void nci_rf_deactivate_req(struct nci_dev *ndev, unsigned long opt)
280{ 299{
281 struct nci_rf_deactivate_cmd cmd; 300 struct nci_rf_deactivate_cmd cmd;
282 301
283 cmd.type = NCI_DEACTIVATE_TYPE_IDLE_MODE; 302 cmd.type = opt;
284 303
285 nci_send_cmd(ndev, NCI_OP_RF_DEACTIVATE_CMD, 304 nci_send_cmd(ndev, NCI_OP_RF_DEACTIVATE_CMD,
286 sizeof(struct nci_rf_deactivate_cmd), &cmd); 305 sizeof(struct nci_rf_deactivate_cmd), &cmd);
@@ -441,6 +460,7 @@ static int nci_set_local_general_bytes(struct nfc_dev *nfc_dev)
441{ 460{
442 struct nci_dev *ndev = nfc_get_drvdata(nfc_dev); 461 struct nci_dev *ndev = nfc_get_drvdata(nfc_dev);
443 struct nci_set_config_param param; 462 struct nci_set_config_param param;
463 int rc;
444 464
445 param.val = nfc_get_local_general_bytes(nfc_dev, &param.len); 465 param.val = nfc_get_local_general_bytes(nfc_dev, &param.len);
446 if ((param.val == NULL) || (param.len == 0)) 466 if ((param.val == NULL) || (param.len == 0))
@@ -451,14 +471,45 @@ static int nci_set_local_general_bytes(struct nfc_dev *nfc_dev)
451 471
452 param.id = NCI_PN_ATR_REQ_GEN_BYTES; 472 param.id = NCI_PN_ATR_REQ_GEN_BYTES;
453 473
474 rc = nci_request(ndev, nci_set_config_req, (unsigned long)&param,
475 msecs_to_jiffies(NCI_SET_CONFIG_TIMEOUT));
476 if (rc)
477 return rc;
478
479 param.id = NCI_LN_ATR_RES_GEN_BYTES;
480
454 return nci_request(ndev, nci_set_config_req, (unsigned long)&param, 481 return nci_request(ndev, nci_set_config_req, (unsigned long)&param,
455 msecs_to_jiffies(NCI_SET_CONFIG_TIMEOUT)); 482 msecs_to_jiffies(NCI_SET_CONFIG_TIMEOUT));
456} 483}
457 484
485static int nci_set_listen_parameters(struct nfc_dev *nfc_dev)
486{
487 struct nci_dev *ndev = nfc_get_drvdata(nfc_dev);
488 int rc;
489 __u8 val;
490
491 val = NCI_LA_SEL_INFO_NFC_DEP_MASK;
492
493 rc = nci_set_config(ndev, NCI_LA_SEL_INFO, 1, &val);
494 if (rc)
495 return rc;
496
497 val = NCI_LF_PROTOCOL_TYPE_NFC_DEP_MASK;
498
499 rc = nci_set_config(ndev, NCI_LF_PROTOCOL_TYPE, 1, &val);
500 if (rc)
501 return rc;
502
503 val = NCI_LF_CON_BITR_F_212 | NCI_LF_CON_BITR_F_424;
504
505 return nci_set_config(ndev, NCI_LF_CON_BITR_F, 1, &val);
506}
507
458static int nci_start_poll(struct nfc_dev *nfc_dev, 508static int nci_start_poll(struct nfc_dev *nfc_dev,
459 __u32 im_protocols, __u32 tm_protocols) 509 __u32 im_protocols, __u32 tm_protocols)
460{ 510{
461 struct nci_dev *ndev = nfc_get_drvdata(nfc_dev); 511 struct nci_dev *ndev = nfc_get_drvdata(nfc_dev);
512 struct nci_rf_discover_param param;
462 int rc; 513 int rc;
463 514
464 if ((atomic_read(&ndev->state) == NCI_DISCOVERY) || 515 if ((atomic_read(&ndev->state) == NCI_DISCOVERY) ||
@@ -476,13 +527,14 @@ static int nci_start_poll(struct nfc_dev *nfc_dev,
476 (atomic_read(&ndev->state) == NCI_POLL_ACTIVE)) { 527 (atomic_read(&ndev->state) == NCI_POLL_ACTIVE)) {
477 pr_debug("target active or w4 select, implicitly deactivate\n"); 528 pr_debug("target active or w4 select, implicitly deactivate\n");
478 529
479 rc = nci_request(ndev, nci_rf_deactivate_req, 0, 530 rc = nci_request(ndev, nci_rf_deactivate_req,
531 NCI_DEACTIVATE_TYPE_IDLE_MODE,
480 msecs_to_jiffies(NCI_RF_DEACTIVATE_TIMEOUT)); 532 msecs_to_jiffies(NCI_RF_DEACTIVATE_TIMEOUT));
481 if (rc) 533 if (rc)
482 return -EBUSY; 534 return -EBUSY;
483 } 535 }
484 536
485 if (im_protocols & NFC_PROTO_NFC_DEP_MASK) { 537 if ((im_protocols | tm_protocols) & NFC_PROTO_NFC_DEP_MASK) {
486 rc = nci_set_local_general_bytes(nfc_dev); 538 rc = nci_set_local_general_bytes(nfc_dev);
487 if (rc) { 539 if (rc) {
488 pr_err("failed to set local general bytes\n"); 540 pr_err("failed to set local general bytes\n");
@@ -490,7 +542,15 @@ static int nci_start_poll(struct nfc_dev *nfc_dev,
490 } 542 }
491 } 543 }
492 544
493 rc = nci_request(ndev, nci_rf_discover_req, im_protocols, 545 if (tm_protocols & NFC_PROTO_NFC_DEP_MASK) {
546 rc = nci_set_listen_parameters(nfc_dev);
547 if (rc)
548 pr_err("failed to set listen parameters\n");
549 }
550
551 param.im_protocols = im_protocols;
552 param.tm_protocols = tm_protocols;
553 rc = nci_request(ndev, nci_rf_discover_req, (unsigned long)&param,
494 msecs_to_jiffies(NCI_RF_DISC_TIMEOUT)); 554 msecs_to_jiffies(NCI_RF_DISC_TIMEOUT));
495 555
496 if (!rc) 556 if (!rc)
@@ -509,7 +569,7 @@ static void nci_stop_poll(struct nfc_dev *nfc_dev)
509 return; 569 return;
510 } 570 }
511 571
512 nci_request(ndev, nci_rf_deactivate_req, 0, 572 nci_request(ndev, nci_rf_deactivate_req, NCI_DEACTIVATE_TYPE_IDLE_MODE,
513 msecs_to_jiffies(NCI_RF_DEACTIVATE_TIMEOUT)); 573 msecs_to_jiffies(NCI_RF_DEACTIVATE_TIMEOUT));
514} 574}
515 575
@@ -594,7 +654,8 @@ static void nci_deactivate_target(struct nfc_dev *nfc_dev,
594 ndev->target_active_prot = 0; 654 ndev->target_active_prot = 0;
595 655
596 if (atomic_read(&ndev->state) == NCI_POLL_ACTIVE) { 656 if (atomic_read(&ndev->state) == NCI_POLL_ACTIVE) {
597 nci_request(ndev, nci_rf_deactivate_req, 0, 657 nci_request(ndev, nci_rf_deactivate_req,
658 NCI_DEACTIVATE_TYPE_SLEEP_MODE,
598 msecs_to_jiffies(NCI_RF_DEACTIVATE_TIMEOUT)); 659 msecs_to_jiffies(NCI_RF_DEACTIVATE_TIMEOUT));
599 } 660 }
600} 661}
@@ -622,9 +683,24 @@ static int nci_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
622 683
623static int nci_dep_link_down(struct nfc_dev *nfc_dev) 684static int nci_dep_link_down(struct nfc_dev *nfc_dev)
624{ 685{
686 struct nci_dev *ndev = nfc_get_drvdata(nfc_dev);
687 int rc;
688
625 pr_debug("entry\n"); 689 pr_debug("entry\n");
626 690
627 nci_deactivate_target(nfc_dev, NULL); 691 if (nfc_dev->rf_mode == NFC_RF_INITIATOR) {
692 nci_deactivate_target(nfc_dev, NULL);
693 } else {
694 if (atomic_read(&ndev->state) == NCI_LISTEN_ACTIVE ||
695 atomic_read(&ndev->state) == NCI_DISCOVERY) {
696 nci_request(ndev, nci_rf_deactivate_req, 0,
697 msecs_to_jiffies(NCI_RF_DEACTIVATE_TIMEOUT));
698 }
699
700 rc = nfc_tm_deactivated(nfc_dev);
701 if (rc)
702 pr_err("error when signaling tm deactivation\n");
703 }
628 704
629 return 0; 705 return 0;
630} 706}
@@ -658,18 +734,58 @@ static int nci_transceive(struct nfc_dev *nfc_dev, struct nfc_target *target,
658 return rc; 734 return rc;
659} 735}
660 736
737static int nci_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
738{
739 struct nci_dev *ndev = nfc_get_drvdata(nfc_dev);
740 int rc;
741
742 rc = nci_send_data(ndev, NCI_STATIC_RF_CONN_ID, skb);
743 if (rc)
744 pr_err("unable to send data\n");
745
746 return rc;
747}
748
661static int nci_enable_se(struct nfc_dev *nfc_dev, u32 se_idx) 749static int nci_enable_se(struct nfc_dev *nfc_dev, u32 se_idx)
662{ 750{
751 struct nci_dev *ndev = nfc_get_drvdata(nfc_dev);
752
753 if (ndev->ops->enable_se)
754 return ndev->ops->enable_se(ndev, se_idx);
755
663 return 0; 756 return 0;
664} 757}
665 758
666static int nci_disable_se(struct nfc_dev *nfc_dev, u32 se_idx) 759static int nci_disable_se(struct nfc_dev *nfc_dev, u32 se_idx)
667{ 760{
761 struct nci_dev *ndev = nfc_get_drvdata(nfc_dev);
762
763 if (ndev->ops->disable_se)
764 return ndev->ops->disable_se(ndev, se_idx);
765
668 return 0; 766 return 0;
669} 767}
670 768
671static int nci_discover_se(struct nfc_dev *nfc_dev) 769static int nci_discover_se(struct nfc_dev *nfc_dev)
672{ 770{
771 struct nci_dev *ndev = nfc_get_drvdata(nfc_dev);
772
773 if (ndev->ops->discover_se)
774 return ndev->ops->discover_se(ndev);
775
776 return 0;
777}
778
779static int nci_se_io(struct nfc_dev *nfc_dev, u32 se_idx,
780 u8 *apdu, size_t apdu_length,
781 se_io_cb_t cb, void *cb_context)
782{
783 struct nci_dev *ndev = nfc_get_drvdata(nfc_dev);
784
785 if (ndev->ops->se_io)
786 return ndev->ops->se_io(ndev, se_idx, apdu,
787 apdu_length, cb, cb_context);
788
673 return 0; 789 return 0;
674} 790}
675 791
@@ -683,9 +799,11 @@ static struct nfc_ops nci_nfc_ops = {
683 .activate_target = nci_activate_target, 799 .activate_target = nci_activate_target,
684 .deactivate_target = nci_deactivate_target, 800 .deactivate_target = nci_deactivate_target,
685 .im_transceive = nci_transceive, 801 .im_transceive = nci_transceive,
802 .tm_send = nci_tm_send,
686 .enable_se = nci_enable_se, 803 .enable_se = nci_enable_se,
687 .disable_se = nci_disable_se, 804 .disable_se = nci_disable_se,
688 .discover_se = nci_discover_se, 805 .discover_se = nci_discover_se,
806 .se_io = nci_se_io,
689}; 807};
690 808
691/* ---- Interface to NCI drivers ---- */ 809/* ---- Interface to NCI drivers ---- */
diff --git a/net/nfc/nci/data.c b/net/nfc/nci/data.c
index 427ef2c7ab68..a2de2a8cb00e 100644
--- a/net/nfc/nci/data.c
+++ b/net/nfc/nci/data.c
@@ -3,6 +3,7 @@
3 * NFC Controller (NFCC) and a Device Host (DH). 3 * NFC Controller (NFCC) and a Device Host (DH).
4 * 4 *
5 * Copyright (C) 2011 Texas Instruments, Inc. 5 * Copyright (C) 2011 Texas Instruments, Inc.
6 * Copyright (C) 2014 Marvell International Ltd.
6 * 7 *
7 * Written by Ilan Elias <ilane@ti.com> 8 * Written by Ilan Elias <ilane@ti.com>
8 * 9 *
@@ -184,11 +185,16 @@ exit:
184 185
185static void nci_add_rx_data_frag(struct nci_dev *ndev, 186static void nci_add_rx_data_frag(struct nci_dev *ndev,
186 struct sk_buff *skb, 187 struct sk_buff *skb,
187 __u8 pbf) 188 __u8 pbf, __u8 status)
188{ 189{
189 int reassembly_len; 190 int reassembly_len;
190 int err = 0; 191 int err = 0;
191 192
193 if (status) {
194 err = status;
195 goto exit;
196 }
197
192 if (ndev->rx_data_reassembly) { 198 if (ndev->rx_data_reassembly) {
193 reassembly_len = ndev->rx_data_reassembly->len; 199 reassembly_len = ndev->rx_data_reassembly->len;
194 200
@@ -223,13 +229,24 @@ static void nci_add_rx_data_frag(struct nci_dev *ndev,
223 } 229 }
224 230
225exit: 231exit:
226 nci_data_exchange_complete(ndev, skb, err); 232 if (ndev->nfc_dev->rf_mode == NFC_RF_INITIATOR) {
233 nci_data_exchange_complete(ndev, skb, err);
234 } else if (ndev->nfc_dev->rf_mode == NFC_RF_TARGET) {
235 /* Data received in Target mode, forward to nfc core */
236 err = nfc_tm_data_received(ndev->nfc_dev, skb);
237 if (err)
238 pr_err("unable to handle received data\n");
239 } else {
240 pr_err("rf mode unknown\n");
241 kfree_skb(skb);
242 }
227} 243}
228 244
229/* Rx Data packet */ 245/* Rx Data packet */
230void nci_rx_data_packet(struct nci_dev *ndev, struct sk_buff *skb) 246void nci_rx_data_packet(struct nci_dev *ndev, struct sk_buff *skb)
231{ 247{
232 __u8 pbf = nci_pbf(skb->data); 248 __u8 pbf = nci_pbf(skb->data);
249 __u8 status = 0;
233 250
234 pr_debug("len %d\n", skb->len); 251 pr_debug("len %d\n", skb->len);
235 252
@@ -247,8 +264,9 @@ void nci_rx_data_packet(struct nci_dev *ndev, struct sk_buff *skb)
247 ndev->target_active_prot == NFC_PROTO_ISO15693) { 264 ndev->target_active_prot == NFC_PROTO_ISO15693) {
248 /* frame I/F => remove the status byte */ 265 /* frame I/F => remove the status byte */
249 pr_debug("frame I/F => remove the status byte\n"); 266 pr_debug("frame I/F => remove the status byte\n");
267 status = skb->data[skb->len - 1];
250 skb_trim(skb, (skb->len - 1)); 268 skb_trim(skb, (skb->len - 1));
251 } 269 }
252 270
253 nci_add_rx_data_frag(ndev, skb, pbf); 271 nci_add_rx_data_frag(ndev, skb, pbf, nci_to_errno(status));
254} 272}
diff --git a/net/nfc/nci/ntf.c b/net/nfc/nci/ntf.c
index 205b35f666db..22e453cb787d 100644
--- a/net/nfc/nci/ntf.c
+++ b/net/nfc/nci/ntf.c
@@ -103,7 +103,7 @@ static __u8 *nci_extract_rf_params_nfca_passive_poll(struct nci_dev *ndev,
103 struct rf_tech_specific_params_nfca_poll *nfca_poll, 103 struct rf_tech_specific_params_nfca_poll *nfca_poll,
104 __u8 *data) 104 __u8 *data)
105{ 105{
106 nfca_poll->sens_res = __le16_to_cpu(*((__u16 *)data)); 106 nfca_poll->sens_res = __le16_to_cpu(*((__le16 *)data));
107 data += 2; 107 data += 2;
108 108
109 nfca_poll->nfcid1_len = min_t(__u8, *data++, NFC_NFCID1_MAXSIZE); 109 nfca_poll->nfcid1_len = min_t(__u8, *data++, NFC_NFCID1_MAXSIZE);
@@ -167,7 +167,19 @@ static __u8 *nci_extract_rf_params_nfcv_passive_poll(struct nci_dev *ndev,
167 return data; 167 return data;
168} 168}
169 169
170__u32 nci_get_prop_rf_protocol(struct nci_dev *ndev, __u8 rf_protocol) 170static __u8 *nci_extract_rf_params_nfcf_passive_listen(struct nci_dev *ndev,
171 struct rf_tech_specific_params_nfcf_listen *nfcf_listen,
172 __u8 *data)
173{
174 nfcf_listen->local_nfcid2_len = min_t(__u8, *data++,
175 NFC_NFCID2_MAXSIZE);
176 memcpy(nfcf_listen->local_nfcid2, data, nfcf_listen->local_nfcid2_len);
177 data += nfcf_listen->local_nfcid2_len;
178
179 return data;
180}
181
182static __u32 nci_get_prop_rf_protocol(struct nci_dev *ndev, __u8 rf_protocol)
171{ 183{
172 if (ndev->ops->get_rfprotocol) 184 if (ndev->ops->get_rfprotocol)
173 return ndev->ops->get_rfprotocol(ndev, rf_protocol); 185 return ndev->ops->get_rfprotocol(ndev, rf_protocol);
@@ -401,17 +413,29 @@ static int nci_extract_activation_params_nfc_dep(struct nci_dev *ndev,
401 struct nci_rf_intf_activated_ntf *ntf, __u8 *data) 413 struct nci_rf_intf_activated_ntf *ntf, __u8 *data)
402{ 414{
403 struct activation_params_poll_nfc_dep *poll; 415 struct activation_params_poll_nfc_dep *poll;
416 struct activation_params_listen_nfc_dep *listen;
404 417
405 switch (ntf->activation_rf_tech_and_mode) { 418 switch (ntf->activation_rf_tech_and_mode) {
406 case NCI_NFC_A_PASSIVE_POLL_MODE: 419 case NCI_NFC_A_PASSIVE_POLL_MODE:
407 case NCI_NFC_F_PASSIVE_POLL_MODE: 420 case NCI_NFC_F_PASSIVE_POLL_MODE:
408 poll = &ntf->activation_params.poll_nfc_dep; 421 poll = &ntf->activation_params.poll_nfc_dep;
409 poll->atr_res_len = min_t(__u8, *data++, 63); 422 poll->atr_res_len = min_t(__u8, *data++,
423 NFC_ATR_RES_MAXSIZE - 2);
410 pr_debug("atr_res_len %d\n", poll->atr_res_len); 424 pr_debug("atr_res_len %d\n", poll->atr_res_len);
411 if (poll->atr_res_len > 0) 425 if (poll->atr_res_len > 0)
412 memcpy(poll->atr_res, data, poll->atr_res_len); 426 memcpy(poll->atr_res, data, poll->atr_res_len);
413 break; 427 break;
414 428
429 case NCI_NFC_A_PASSIVE_LISTEN_MODE:
430 case NCI_NFC_F_PASSIVE_LISTEN_MODE:
431 listen = &ntf->activation_params.listen_nfc_dep;
432 listen->atr_req_len = min_t(__u8, *data++,
433 NFC_ATR_REQ_MAXSIZE - 2);
434 pr_debug("atr_req_len %d\n", listen->atr_req_len);
435 if (listen->atr_req_len > 0)
436 memcpy(listen->atr_req, data, listen->atr_req_len);
437 break;
438
415 default: 439 default:
416 pr_err("unsupported activation_rf_tech_and_mode 0x%x\n", 440 pr_err("unsupported activation_rf_tech_and_mode 0x%x\n",
417 ntf->activation_rf_tech_and_mode); 441 ntf->activation_rf_tech_and_mode);
@@ -444,6 +468,48 @@ static void nci_target_auto_activated(struct nci_dev *ndev,
444 nfc_targets_found(ndev->nfc_dev, ndev->targets, ndev->n_targets); 468 nfc_targets_found(ndev->nfc_dev, ndev->targets, ndev->n_targets);
445} 469}
446 470
471static int nci_store_general_bytes_nfc_dep(struct nci_dev *ndev,
472 struct nci_rf_intf_activated_ntf *ntf)
473{
474 ndev->remote_gb_len = 0;
475
476 if (ntf->activation_params_len <= 0)
477 return NCI_STATUS_OK;
478
479 switch (ntf->activation_rf_tech_and_mode) {
480 case NCI_NFC_A_PASSIVE_POLL_MODE:
481 case NCI_NFC_F_PASSIVE_POLL_MODE:
482 ndev->remote_gb_len = min_t(__u8,
483 (ntf->activation_params.poll_nfc_dep.atr_res_len
484 - NFC_ATR_RES_GT_OFFSET),
485 NFC_ATR_RES_GB_MAXSIZE);
486 memcpy(ndev->remote_gb,
487 (ntf->activation_params.poll_nfc_dep.atr_res
488 + NFC_ATR_RES_GT_OFFSET),
489 ndev->remote_gb_len);
490 break;
491
492 case NCI_NFC_A_PASSIVE_LISTEN_MODE:
493 case NCI_NFC_F_PASSIVE_LISTEN_MODE:
494 ndev->remote_gb_len = min_t(__u8,
495 (ntf->activation_params.listen_nfc_dep.atr_req_len
496 - NFC_ATR_REQ_GT_OFFSET),
497 NFC_ATR_REQ_GB_MAXSIZE);
498 memcpy(ndev->remote_gb,
499 (ntf->activation_params.listen_nfc_dep.atr_req
500 + NFC_ATR_REQ_GT_OFFSET),
501 ndev->remote_gb_len);
502 break;
503
504 default:
505 pr_err("unsupported activation_rf_tech_and_mode 0x%x\n",
506 ntf->activation_rf_tech_and_mode);
507 return NCI_STATUS_RF_PROTOCOL_ERROR;
508 }
509
510 return NCI_STATUS_OK;
511}
512
447static void nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev, 513static void nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev,
448 struct sk_buff *skb) 514 struct sk_buff *skb)
449{ 515{
@@ -493,6 +559,16 @@ static void nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev,
493 &(ntf.rf_tech_specific_params.nfcv_poll), data); 559 &(ntf.rf_tech_specific_params.nfcv_poll), data);
494 break; 560 break;
495 561
562 case NCI_NFC_A_PASSIVE_LISTEN_MODE:
563 /* no RF technology specific parameters */
564 break;
565
566 case NCI_NFC_F_PASSIVE_LISTEN_MODE:
567 data = nci_extract_rf_params_nfcf_passive_listen(ndev,
568 &(ntf.rf_tech_specific_params.nfcf_listen),
569 data);
570 break;
571
496 default: 572 default:
497 pr_err("unsupported activation_rf_tech_and_mode 0x%x\n", 573 pr_err("unsupported activation_rf_tech_and_mode 0x%x\n",
498 ntf.activation_rf_tech_and_mode); 574 ntf.activation_rf_tech_and_mode);
@@ -546,32 +622,39 @@ exit:
546 622
547 /* store general bytes to be reported later in dep_link_up */ 623 /* store general bytes to be reported later in dep_link_up */
548 if (ntf.rf_interface == NCI_RF_INTERFACE_NFC_DEP) { 624 if (ntf.rf_interface == NCI_RF_INTERFACE_NFC_DEP) {
549 ndev->remote_gb_len = 0; 625 err = nci_store_general_bytes_nfc_dep(ndev, &ntf);
550 626 if (err != NCI_STATUS_OK)
551 if (ntf.activation_params_len > 0) { 627 pr_err("unable to store general bytes\n");
552 /* ATR_RES general bytes at offset 15 */
553 ndev->remote_gb_len = min_t(__u8,
554 (ntf.activation_params
555 .poll_nfc_dep.atr_res_len
556 - NFC_ATR_RES_GT_OFFSET),
557 NFC_MAX_GT_LEN);
558 memcpy(ndev->remote_gb,
559 (ntf.activation_params.poll_nfc_dep
560 .atr_res + NFC_ATR_RES_GT_OFFSET),
561 ndev->remote_gb_len);
562 }
563 } 628 }
564 } 629 }
565 630
566 if (atomic_read(&ndev->state) == NCI_DISCOVERY) { 631 if (!(ntf.activation_rf_tech_and_mode & NCI_RF_TECH_MODE_LISTEN_MASK)) {
567 /* A single target was found and activated automatically */ 632 /* Poll mode */
568 atomic_set(&ndev->state, NCI_POLL_ACTIVE); 633 if (atomic_read(&ndev->state) == NCI_DISCOVERY) {
569 if (err == NCI_STATUS_OK) 634 /* A single target was found and activated
570 nci_target_auto_activated(ndev, &ntf); 635 * automatically */
571 } else { /* ndev->state == NCI_W4_HOST_SELECT */ 636 atomic_set(&ndev->state, NCI_POLL_ACTIVE);
572 /* A selected target was activated, so complete the request */ 637 if (err == NCI_STATUS_OK)
573 atomic_set(&ndev->state, NCI_POLL_ACTIVE); 638 nci_target_auto_activated(ndev, &ntf);
574 nci_req_complete(ndev, err); 639 } else { /* ndev->state == NCI_W4_HOST_SELECT */
640 /* A selected target was activated, so complete the
641 * request */
642 atomic_set(&ndev->state, NCI_POLL_ACTIVE);
643 nci_req_complete(ndev, err);
644 }
645 } else {
646 /* Listen mode */
647 atomic_set(&ndev->state, NCI_LISTEN_ACTIVE);
648 if (err == NCI_STATUS_OK &&
649 ntf.rf_protocol == NCI_RF_PROTOCOL_NFC_DEP) {
650 err = nfc_tm_activated(ndev->nfc_dev,
651 NFC_PROTO_NFC_DEP_MASK,
652 NFC_COMM_PASSIVE,
653 ndev->remote_gb,
654 ndev->remote_gb_len);
655 if (err != NCI_STATUS_OK)
656 pr_err("error when signaling tm activation\n");
657 }
575 } 658 }
576} 659}
577 660
@@ -595,8 +678,21 @@ static void nci_rf_deactivate_ntf_packet(struct nci_dev *ndev,
595 if (test_bit(NCI_DATA_EXCHANGE, &ndev->flags)) 678 if (test_bit(NCI_DATA_EXCHANGE, &ndev->flags))
596 nci_data_exchange_complete(ndev, NULL, -EIO); 679 nci_data_exchange_complete(ndev, NULL, -EIO);
597 680
598 nci_clear_target_list(ndev); 681 switch (ntf->type) {
599 atomic_set(&ndev->state, NCI_IDLE); 682 case NCI_DEACTIVATE_TYPE_IDLE_MODE:
683 nci_clear_target_list(ndev);
684 atomic_set(&ndev->state, NCI_IDLE);
685 break;
686 case NCI_DEACTIVATE_TYPE_SLEEP_MODE:
687 case NCI_DEACTIVATE_TYPE_SLEEP_AF_MODE:
688 atomic_set(&ndev->state, NCI_W4_HOST_SELECT);
689 break;
690 case NCI_DEACTIVATE_TYPE_DISCOVERY:
691 nci_clear_target_list(ndev);
692 atomic_set(&ndev->state, NCI_DISCOVERY);
693 break;
694 }
695
600 nci_req_complete(ndev, NCI_STATUS_OK); 696 nci_req_complete(ndev, NCI_STATUS_OK);
601} 697}
602 698
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
index 43cb1c17e267..44989fc8cddf 100644
--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -810,6 +810,31 @@ out:
810 return rc; 810 return rc;
811} 811}
812 812
813static int nfc_genl_activate_target(struct sk_buff *skb, struct genl_info *info)
814{
815 struct nfc_dev *dev;
816 u32 device_idx, target_idx, protocol;
817 int rc;
818
819 if (!info->attrs[NFC_ATTR_DEVICE_INDEX])
820 return -EINVAL;
821
822 device_idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);
823
824 dev = nfc_get_device(device_idx);
825 if (!dev)
826 return -ENODEV;
827
828 target_idx = nla_get_u32(info->attrs[NFC_ATTR_TARGET_INDEX]);
829 protocol = nla_get_u32(info->attrs[NFC_ATTR_PROTOCOLS]);
830
831 nfc_deactivate_target(dev, target_idx);
832 rc = nfc_activate_target(dev, target_idx, protocol);
833
834 nfc_put_device(dev);
835 return 0;
836}
837
813static int nfc_genl_dep_link_up(struct sk_buff *skb, struct genl_info *info) 838static int nfc_genl_dep_link_up(struct sk_buff *skb, struct genl_info *info)
814{ 839{
815 struct nfc_dev *dev; 840 struct nfc_dev *dev;
@@ -1285,6 +1310,51 @@ static int nfc_genl_dump_ses_done(struct netlink_callback *cb)
1285 return 0; 1310 return 0;
1286} 1311}
1287 1312
1313static int nfc_se_io(struct nfc_dev *dev, u32 se_idx,
1314 u8 *apdu, size_t apdu_length,
1315 se_io_cb_t cb, void *cb_context)
1316{
1317 struct nfc_se *se;
1318 int rc;
1319
1320 pr_debug("%s se index %d\n", dev_name(&dev->dev), se_idx);
1321
1322 device_lock(&dev->dev);
1323
1324 if (!device_is_registered(&dev->dev)) {
1325 rc = -ENODEV;
1326 goto error;
1327 }
1328
1329 if (!dev->dev_up) {
1330 rc = -ENODEV;
1331 goto error;
1332 }
1333
1334 if (!dev->ops->se_io) {
1335 rc = -EOPNOTSUPP;
1336 goto error;
1337 }
1338
1339 se = nfc_find_se(dev, se_idx);
1340 if (!se) {
1341 rc = -EINVAL;
1342 goto error;
1343 }
1344
1345 if (se->state != NFC_SE_ENABLED) {
1346 rc = -ENODEV;
1347 goto error;
1348 }
1349
1350 rc = dev->ops->se_io(dev, se_idx, apdu,
1351 apdu_length, cb, cb_context);
1352
1353error:
1354 device_unlock(&dev->dev);
1355 return rc;
1356}
1357
1288struct se_io_ctx { 1358struct se_io_ctx {
1289 u32 dev_idx; 1359 u32 dev_idx;
1290 u32 se_idx; 1360 u32 se_idx;
@@ -1367,7 +1437,7 @@ static int nfc_genl_se_io(struct sk_buff *skb, struct genl_info *info)
1367 ctx->dev_idx = dev_idx; 1437 ctx->dev_idx = dev_idx;
1368 ctx->se_idx = se_idx; 1438 ctx->se_idx = se_idx;
1369 1439
1370 return dev->ops->se_io(dev, se_idx, apdu, apdu_len, se_io_cb, ctx); 1440 return nfc_se_io(dev, se_idx, apdu, apdu_len, se_io_cb, ctx);
1371} 1441}
1372 1442
1373static const struct genl_ops nfc_genl_ops[] = { 1443static const struct genl_ops nfc_genl_ops[] = {
@@ -1455,6 +1525,11 @@ static const struct genl_ops nfc_genl_ops[] = {
1455 .doit = nfc_genl_se_io, 1525 .doit = nfc_genl_se_io,
1456 .policy = nfc_genl_policy, 1526 .policy = nfc_genl_policy,
1457 }, 1527 },
1528 {
1529 .cmd = NFC_CMD_ACTIVATE_TARGET,
1530 .doit = nfc_genl_activate_target,
1531 .policy = nfc_genl_policy,
1532 },
1458}; 1533};
1459 1534
1460 1535
diff --git a/net/wireless/Kconfig b/net/wireless/Kconfig
index 29c8675f9a11..22ba971741e5 100644
--- a/net/wireless/Kconfig
+++ b/net/wireless/Kconfig
@@ -175,7 +175,7 @@ config CFG80211_INTERNAL_REGDB
175 Most distributions have a CRDA package. So if unsure, say N. 175 Most distributions have a CRDA package. So if unsure, say N.
176 176
177config CFG80211_WEXT 177config CFG80211_WEXT
178 bool "cfg80211 wireless extensions compatibility" 178 bool
179 depends on CFG80211 179 depends on CFG80211
180 select WEXT_CORE 180 select WEXT_CORE
181 help 181 help
diff --git a/net/wireless/core.c b/net/wireless/core.c
index 4c2e501203d1..53dda7728f86 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -546,6 +546,20 @@ int wiphy_register(struct wiphy *wiphy)
546 !rdev->ops->tdls_cancel_channel_switch))) 546 !rdev->ops->tdls_cancel_channel_switch)))
547 return -EINVAL; 547 return -EINVAL;
548 548
549 /*
550 * if a wiphy has unsupported modes for regulatory channel enforcement,
551 * opt-out of enforcement checking
552 */
553 if (wiphy->interface_modes & ~(BIT(NL80211_IFTYPE_STATION) |
554 BIT(NL80211_IFTYPE_P2P_CLIENT) |
555 BIT(NL80211_IFTYPE_AP) |
556 BIT(NL80211_IFTYPE_P2P_GO) |
557 BIT(NL80211_IFTYPE_ADHOC) |
558 BIT(NL80211_IFTYPE_P2P_DEVICE) |
559 BIT(NL80211_IFTYPE_AP_VLAN) |
560 BIT(NL80211_IFTYPE_MONITOR)))
561 wiphy->regulatory_flags |= REGULATORY_IGNORE_STALE_KICKOFF;
562
549 if (WARN_ON(wiphy->coalesce && 563 if (WARN_ON(wiphy->coalesce &&
550 (!wiphy->coalesce->n_rules || 564 (!wiphy->coalesce->n_rules ||
551 !wiphy->coalesce->n_patterns) && 565 !wiphy->coalesce->n_patterns) &&
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 6e4177701d86..a17d6bc6b22c 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -2317,7 +2317,8 @@ static inline u64 wdev_id(struct wireless_dev *wdev)
2317static int nl80211_send_chandef(struct sk_buff *msg, 2317static int nl80211_send_chandef(struct sk_buff *msg,
2318 const struct cfg80211_chan_def *chandef) 2318 const struct cfg80211_chan_def *chandef)
2319{ 2319{
2320 WARN_ON(!cfg80211_chandef_valid(chandef)); 2320 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
2321 return -EINVAL;
2321 2322
2322 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, 2323 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2323 chandef->chan->center_freq)) 2324 chandef->chan->center_freq))
@@ -5421,11 +5422,11 @@ static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
5421{ 5422{
5422 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 5423 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
5423 struct nlattr *nl_reg_rule; 5424 struct nlattr *nl_reg_rule;
5424 char *alpha2 = NULL; 5425 char *alpha2;
5425 int rem_reg_rules = 0, r = 0; 5426 int rem_reg_rules, r;
5426 u32 num_rules = 0, rule_idx = 0, size_of_regd; 5427 u32 num_rules = 0, rule_idx = 0, size_of_regd;
5427 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET; 5428 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
5428 struct ieee80211_regdomain *rd = NULL; 5429 struct ieee80211_regdomain *rd;
5429 5430
5430 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 5431 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5431 return -EINVAL; 5432 return -EINVAL;
@@ -6562,8 +6563,6 @@ static int nl80211_dump_survey(struct sk_buff *skb,
6562 } 6563 }
6563 6564
6564 while (1) { 6565 while (1) {
6565 struct ieee80211_channel *chan;
6566
6567 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey); 6566 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
6568 if (res == -ENOENT) 6567 if (res == -ENOENT)
6569 break; 6568 break;
@@ -6576,9 +6575,7 @@ static int nl80211_dump_survey(struct sk_buff *skb,
6576 goto out; 6575 goto out;
6577 } 6576 }
6578 6577
6579 chan = ieee80211_get_channel(&rdev->wiphy, 6578 if (survey.channel->flags & IEEE80211_CHAN_DISABLED) {
6580 survey.channel->center_freq);
6581 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
6582 survey_idx++; 6579 survey_idx++;
6583 continue; 6580 continue;
6584 } 6581 }
@@ -11770,55 +11767,155 @@ void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
11770} 11767}
11771EXPORT_SYMBOL(cfg80211_mgmt_tx_status); 11768EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
11772 11769
11773void cfg80211_cqm_rssi_notify(struct net_device *dev, 11770static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
11774 enum nl80211_cqm_rssi_threshold_event rssi_event, 11771 const char *mac, gfp_t gfp)
11775 gfp_t gfp)
11776{ 11772{
11777 struct wireless_dev *wdev = dev->ieee80211_ptr; 11773 struct wireless_dev *wdev = dev->ieee80211_ptr;
11778 struct wiphy *wiphy = wdev->wiphy; 11774 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
11779 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 11775 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11780 struct sk_buff *msg; 11776 void **cb;
11781 struct nlattr *pinfoattr;
11782 void *hdr;
11783
11784 trace_cfg80211_cqm_rssi_notify(dev, rssi_event);
11785 11777
11786 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11787 if (!msg) 11778 if (!msg)
11788 return; 11779 return NULL;
11789 11780
11790 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 11781 cb = (void **)msg->cb;
11791 if (!hdr) { 11782
11783 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
11784 if (!cb[0]) {
11792 nlmsg_free(msg); 11785 nlmsg_free(msg);
11793 return; 11786 return NULL;
11794 } 11787 }
11795 11788
11796 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 11789 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11797 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 11790 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
11798 goto nla_put_failure; 11791 goto nla_put_failure;
11799 11792
11800 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 11793 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
11801 if (!pinfoattr)
11802 goto nla_put_failure; 11794 goto nla_put_failure;
11803 11795
11804 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 11796 cb[1] = nla_nest_start(msg, NL80211_ATTR_CQM);
11805 rssi_event)) 11797 if (!cb[1])
11806 goto nla_put_failure; 11798 goto nla_put_failure;
11807 11799
11808 nla_nest_end(msg, pinfoattr); 11800 cb[2] = rdev;
11809 11801
11810 genlmsg_end(msg, hdr); 11802 return msg;
11803 nla_put_failure:
11804 nlmsg_free(msg);
11805 return NULL;
11806}
11807
11808static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
11809{
11810 void **cb = (void **)msg->cb;
11811 struct cfg80211_registered_device *rdev = cb[2];
11812
11813 nla_nest_end(msg, cb[1]);
11814 genlmsg_end(msg, cb[0]);
11815
11816 memset(msg->cb, 0, sizeof(msg->cb));
11811 11817
11812 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 11818 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11813 NL80211_MCGRP_MLME, gfp); 11819 NL80211_MCGRP_MLME, gfp);
11820}
11821
11822void cfg80211_cqm_rssi_notify(struct net_device *dev,
11823 enum nl80211_cqm_rssi_threshold_event rssi_event,
11824 gfp_t gfp)
11825{
11826 struct sk_buff *msg;
11827
11828 trace_cfg80211_cqm_rssi_notify(dev, rssi_event);
11829
11830 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
11831 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
11832 return;
11833
11834 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
11835 if (!msg)
11836 return;
11837
11838 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
11839 rssi_event))
11840 goto nla_put_failure;
11841
11842 cfg80211_send_cqm(msg, gfp);
11843
11814 return; 11844 return;
11815 11845
11816 nla_put_failure: 11846 nla_put_failure:
11817 genlmsg_cancel(msg, hdr);
11818 nlmsg_free(msg); 11847 nlmsg_free(msg);
11819} 11848}
11820EXPORT_SYMBOL(cfg80211_cqm_rssi_notify); 11849EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
11821 11850
11851void cfg80211_cqm_txe_notify(struct net_device *dev,
11852 const u8 *peer, u32 num_packets,
11853 u32 rate, u32 intvl, gfp_t gfp)
11854{
11855 struct sk_buff *msg;
11856
11857 msg = cfg80211_prepare_cqm(dev, peer, gfp);
11858 if (!msg)
11859 return;
11860
11861 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
11862 goto nla_put_failure;
11863
11864 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
11865 goto nla_put_failure;
11866
11867 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
11868 goto nla_put_failure;
11869
11870 cfg80211_send_cqm(msg, gfp);
11871 return;
11872
11873 nla_put_failure:
11874 nlmsg_free(msg);
11875}
11876EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
11877
11878void cfg80211_cqm_pktloss_notify(struct net_device *dev,
11879 const u8 *peer, u32 num_packets, gfp_t gfp)
11880{
11881 struct sk_buff *msg;
11882
11883 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
11884
11885 msg = cfg80211_prepare_cqm(dev, peer, gfp);
11886 if (!msg)
11887 return;
11888
11889 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
11890 goto nla_put_failure;
11891
11892 cfg80211_send_cqm(msg, gfp);
11893 return;
11894
11895 nla_put_failure:
11896 nlmsg_free(msg);
11897}
11898EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
11899
11900void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
11901{
11902 struct sk_buff *msg;
11903
11904 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
11905 if (!msg)
11906 return;
11907
11908 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
11909 goto nla_put_failure;
11910
11911 cfg80211_send_cqm(msg, gfp);
11912 return;
11913
11914 nla_put_failure:
11915 nlmsg_free(msg);
11916}
11917EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
11918
11822static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev, 11919static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
11823 struct net_device *netdev, const u8 *bssid, 11920 struct net_device *netdev, const u8 *bssid,
11824 const u8 *replay_ctr, gfp_t gfp) 11921 const u8 *replay_ctr, gfp_t gfp)
@@ -12007,59 +12104,6 @@ void cfg80211_ch_switch_started_notify(struct net_device *dev,
12007} 12104}
12008EXPORT_SYMBOL(cfg80211_ch_switch_started_notify); 12105EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
12009 12106
12010void cfg80211_cqm_txe_notify(struct net_device *dev,
12011 const u8 *peer, u32 num_packets,
12012 u32 rate, u32 intvl, gfp_t gfp)
12013{
12014 struct wireless_dev *wdev = dev->ieee80211_ptr;
12015 struct wiphy *wiphy = wdev->wiphy;
12016 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12017 struct sk_buff *msg;
12018 struct nlattr *pinfoattr;
12019 void *hdr;
12020
12021 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
12022 if (!msg)
12023 return;
12024
12025 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
12026 if (!hdr) {
12027 nlmsg_free(msg);
12028 return;
12029 }
12030
12031 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12032 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12033 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
12034 goto nla_put_failure;
12035
12036 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
12037 if (!pinfoattr)
12038 goto nla_put_failure;
12039
12040 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
12041 goto nla_put_failure;
12042
12043 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
12044 goto nla_put_failure;
12045
12046 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
12047 goto nla_put_failure;
12048
12049 nla_nest_end(msg, pinfoattr);
12050
12051 genlmsg_end(msg, hdr);
12052
12053 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12054 NL80211_MCGRP_MLME, gfp);
12055 return;
12056
12057 nla_put_failure:
12058 genlmsg_cancel(msg, hdr);
12059 nlmsg_free(msg);
12060}
12061EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
12062
12063void 12107void
12064nl80211_radar_notify(struct cfg80211_registered_device *rdev, 12108nl80211_radar_notify(struct cfg80211_registered_device *rdev,
12065 const struct cfg80211_chan_def *chandef, 12109 const struct cfg80211_chan_def *chandef,
@@ -12108,54 +12152,6 @@ nl80211_radar_notify(struct cfg80211_registered_device *rdev,
12108 nlmsg_free(msg); 12152 nlmsg_free(msg);
12109} 12153}
12110 12154
12111void cfg80211_cqm_pktloss_notify(struct net_device *dev,
12112 const u8 *peer, u32 num_packets, gfp_t gfp)
12113{
12114 struct wireless_dev *wdev = dev->ieee80211_ptr;
12115 struct wiphy *wiphy = wdev->wiphy;
12116 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12117 struct sk_buff *msg;
12118 struct nlattr *pinfoattr;
12119 void *hdr;
12120
12121 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
12122
12123 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12124 if (!msg)
12125 return;
12126
12127 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
12128 if (!hdr) {
12129 nlmsg_free(msg);
12130 return;
12131 }
12132
12133 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12134 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12135 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
12136 goto nla_put_failure;
12137
12138 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
12139 if (!pinfoattr)
12140 goto nla_put_failure;
12141
12142 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
12143 goto nla_put_failure;
12144
12145 nla_nest_end(msg, pinfoattr);
12146
12147 genlmsg_end(msg, hdr);
12148
12149 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12150 NL80211_MCGRP_MLME, gfp);
12151 return;
12152
12153 nla_put_failure:
12154 genlmsg_cancel(msg, hdr);
12155 nlmsg_free(msg);
12156}
12157EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
12158
12159void cfg80211_probe_status(struct net_device *dev, const u8 *addr, 12155void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
12160 u64 cookie, bool acked, gfp_t gfp) 12156 u64 cookie, bool acked, gfp_t gfp)
12161{ 12157{
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 32d8310b0f85..47be6163381c 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -56,6 +56,7 @@
56#include <net/cfg80211.h> 56#include <net/cfg80211.h>
57#include "core.h" 57#include "core.h"
58#include "reg.h" 58#include "reg.h"
59#include "rdev-ops.h"
59#include "regdb.h" 60#include "regdb.h"
60#include "nl80211.h" 61#include "nl80211.h"
61 62
@@ -66,6 +67,12 @@
66#define REG_DBG_PRINT(args...) 67#define REG_DBG_PRINT(args...)
67#endif 68#endif
68 69
70/*
71 * Grace period we give before making sure all current interfaces reside on
72 * channels allowed by the current regulatory domain.
73 */
74#define REG_ENFORCE_GRACE_MS 60000
75
69/** 76/**
70 * enum reg_request_treatment - regulatory request treatment 77 * enum reg_request_treatment - regulatory request treatment
71 * 78 *
@@ -210,6 +217,9 @@ struct reg_beacon {
210 struct ieee80211_channel chan; 217 struct ieee80211_channel chan;
211}; 218};
212 219
220static void reg_check_chans_work(struct work_struct *work);
221static DECLARE_DELAYED_WORK(reg_check_chans, reg_check_chans_work);
222
213static void reg_todo(struct work_struct *work); 223static void reg_todo(struct work_struct *work);
214static DECLARE_WORK(reg_work, reg_todo); 224static DECLARE_WORK(reg_work, reg_todo);
215 225
@@ -1518,6 +1528,96 @@ static void reg_call_notifier(struct wiphy *wiphy,
1518 wiphy->reg_notifier(wiphy, request); 1528 wiphy->reg_notifier(wiphy, request);
1519} 1529}
1520 1530
1531static bool reg_wdev_chan_valid(struct wiphy *wiphy, struct wireless_dev *wdev)
1532{
1533 struct ieee80211_channel *ch;
1534 struct cfg80211_chan_def chandef;
1535 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
1536 bool ret = true;
1537
1538 wdev_lock(wdev);
1539
1540 if (!wdev->netdev || !netif_running(wdev->netdev))
1541 goto out;
1542
1543 switch (wdev->iftype) {
1544 case NL80211_IFTYPE_AP:
1545 case NL80211_IFTYPE_P2P_GO:
1546 if (!wdev->beacon_interval)
1547 goto out;
1548
1549 ret = cfg80211_reg_can_beacon(wiphy,
1550 &wdev->chandef, wdev->iftype);
1551 break;
1552 case NL80211_IFTYPE_STATION:
1553 case NL80211_IFTYPE_P2P_CLIENT:
1554 case NL80211_IFTYPE_ADHOC:
1555 if (!wdev->current_bss ||
1556 !wdev->current_bss->pub.channel)
1557 goto out;
1558
1559 ch = wdev->current_bss->pub.channel;
1560 if (rdev->ops->get_channel &&
1561 !rdev_get_channel(rdev, wdev, &chandef))
1562 ret = cfg80211_chandef_usable(wiphy, &chandef,
1563 IEEE80211_CHAN_DISABLED);
1564 else
1565 ret = !(ch->flags & IEEE80211_CHAN_DISABLED);
1566 break;
1567 case NL80211_IFTYPE_MONITOR:
1568 case NL80211_IFTYPE_AP_VLAN:
1569 case NL80211_IFTYPE_P2P_DEVICE:
1570 /* no enforcement required */
1571 break;
1572 default:
1573 /* others not implemented for now */
1574 WARN_ON(1);
1575 break;
1576 }
1577
1578out:
1579 wdev_unlock(wdev);
1580 return ret;
1581}
1582
1583static void reg_leave_invalid_chans(struct wiphy *wiphy)
1584{
1585 struct wireless_dev *wdev;
1586 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
1587
1588 ASSERT_RTNL();
1589
1590 list_for_each_entry(wdev, &rdev->wdev_list, list)
1591 if (!reg_wdev_chan_valid(wiphy, wdev))
1592 cfg80211_leave(rdev, wdev);
1593}
1594
1595static void reg_check_chans_work(struct work_struct *work)
1596{
1597 struct cfg80211_registered_device *rdev;
1598
1599 REG_DBG_PRINT("Verifying active interfaces after reg change\n");
1600 rtnl_lock();
1601
1602 list_for_each_entry(rdev, &cfg80211_rdev_list, list)
1603 if (!(rdev->wiphy.regulatory_flags &
1604 REGULATORY_IGNORE_STALE_KICKOFF))
1605 reg_leave_invalid_chans(&rdev->wiphy);
1606
1607 rtnl_unlock();
1608}
1609
1610static void reg_check_channels(void)
1611{
1612 /*
1613 * Give usermode a chance to do something nicer (move to another
1614 * channel, orderly disconnection), before forcing a disconnection.
1615 */
1616 mod_delayed_work(system_power_efficient_wq,
1617 &reg_check_chans,
1618 msecs_to_jiffies(REG_ENFORCE_GRACE_MS));
1619}
1620
1521static void wiphy_update_regulatory(struct wiphy *wiphy, 1621static void wiphy_update_regulatory(struct wiphy *wiphy,
1522 enum nl80211_reg_initiator initiator) 1622 enum nl80211_reg_initiator initiator)
1523{ 1623{
@@ -1557,6 +1657,8 @@ static void update_all_wiphy_regulatory(enum nl80211_reg_initiator initiator)
1557 wiphy = &rdev->wiphy; 1657 wiphy = &rdev->wiphy;
1558 wiphy_update_regulatory(wiphy, initiator); 1658 wiphy_update_regulatory(wiphy, initiator);
1559 } 1659 }
1660
1661 reg_check_channels();
1560} 1662}
1561 1663
1562static void handle_channel_custom(struct wiphy *wiphy, 1664static void handle_channel_custom(struct wiphy *wiphy,
@@ -1976,8 +2078,10 @@ static void reg_process_hint(struct regulatory_request *reg_request)
1976 2078
1977 /* This is required so that the orig_* parameters are saved */ 2079 /* This is required so that the orig_* parameters are saved */
1978 if (treatment == REG_REQ_ALREADY_SET && wiphy && 2080 if (treatment == REG_REQ_ALREADY_SET && wiphy &&
1979 wiphy->regulatory_flags & REGULATORY_STRICT_REG) 2081 wiphy->regulatory_flags & REGULATORY_STRICT_REG) {
1980 wiphy_update_regulatory(wiphy, reg_request->initiator); 2082 wiphy_update_regulatory(wiphy, reg_request->initiator);
2083 reg_check_channels();
2084 }
1981 2085
1982 return; 2086 return;
1983 2087
@@ -2858,6 +2962,7 @@ void regulatory_exit(void)
2858 2962
2859 cancel_work_sync(&reg_work); 2963 cancel_work_sync(&reg_work);
2860 cancel_delayed_work_sync(&reg_timeout); 2964 cancel_delayed_work_sync(&reg_timeout);
2965 cancel_delayed_work_sync(&reg_check_chans);
2861 2966
2862 /* Lock to suppress warnings */ 2967 /* Lock to suppress warnings */
2863 rtnl_lock(); 2968 rtnl_lock();