1 files changed, 396 insertions, 7 deletions
diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-lib.c b/drivers/net/wireless/iwlwifi/iwl-agn-lib.c
index c465c8590833..4bd0aecc7713 100644
--- a/drivers/net/wireless/iwlwifi/iwl-agn-lib.c
+++ b/drivers/net/wireless/iwlwifi/iwl-agn-lib.c
@@ -331,7 +331,7 @@ u16 iwlagn_eeprom_calib_version(struct iwl_priv *priv)
        } *hdr;
        hdr = (struct iwl_eeprom_calib_hdr *)iwl_eeprom_query_addr(priv,
-                                                        EEPROM_5000_CALIB_ALL);
+                                                        EEPROM_CALIB_ALL);
        return hdr->version;
 }
@@ -348,22 +348,22 @@ static u32 eeprom_indirect_address(const struct iwl_priv *priv, u32 address)
        switch (address & INDIRECT_TYPE_MSK) {
        case INDIRECT_HOST:
-                offset = iwl_eeprom_query16(priv, EEPROM_5000_LINK_HOST);
+                offset = iwl_eeprom_query16(priv, EEPROM_LINK_HOST);
                break;
        case INDIRECT_GENERAL:
-                offset = iwl_eeprom_query16(priv, EEPROM_5000_LINK_GENERAL);
+                offset = iwl_eeprom_query16(priv, EEPROM_LINK_GENERAL);
                break;
        case INDIRECT_REGULATORY:
-                offset = iwl_eeprom_query16(priv, EEPROM_5000_LINK_REGULATORY);
+                offset = iwl_eeprom_query16(priv, EEPROM_LINK_REGULATORY);
                break;
        case INDIRECT_CALIBRATION:
-                offset = iwl_eeprom_query16(priv, EEPROM_5000_LINK_CALIBRATION);
+                offset = iwl_eeprom_query16(priv, EEPROM_LINK_CALIBRATION);
                break;
        case INDIRECT_PROCESS_ADJST:
-                offset = iwl_eeprom_query16(priv, EEPROM_5000_LINK_PROCESS_ADJST);
+                offset = iwl_eeprom_query16(priv, EEPROM_LINK_PROCESS_ADJST);
                break;
        case INDIRECT_OTHERS:
-                offset = iwl_eeprom_query16(priv, EEPROM_5000_LINK_OTHERS);
+                offset = iwl_eeprom_query16(priv, EEPROM_LINK_OTHERS);
                break;
        default:
                IWL_ERR(priv, "illegal indirect type: 0x%X\n",
@@ -1111,3 +1111,392 @@ void iwlagn_rx_reply_rx_phy(struct iwl_priv *priv,
        memcpy(&priv->_agn.last_phy_res, pkt->u.raw,
               sizeof(struct iwl_rx_phy_res));
 }
+static int iwl_get_single_channel_for_scan(struct iwl_priv *priv,
+                                     enum ieee80211_band band,
+                                     struct iwl_scan_channel *scan_ch)
+{
+        const struct ieee80211_supported_band *sband;
+        const struct iwl_channel_info *ch_info;
+        u16 passive_dwell = 0;
+        u16 active_dwell = 0;
+        int i, added = 0;
+        u16 channel = 0;
+        sband = iwl_get_hw_mode(priv, band);
+        if (!sband) {
+                IWL_ERR(priv, "invalid band\n");
+                return added;
+        }
+        active_dwell = iwl_get_active_dwell_time(priv, band, 0);
+        passive_dwell = iwl_get_passive_dwell_time(priv, band);
+        if (passive_dwell <= active_dwell)
+                passive_dwell = active_dwell + 1;
+        /* only scan single channel, good enough to reset the RF */
+        /* pick the first valid not in-use channel */
+        if (band == IEEE80211_BAND_5GHZ) {
+                for (i = 14; i < priv->channel_count; i++) {
+                        if (priv->channel_info[i].channel !=
+                            le16_to_cpu(priv->staging_rxon.channel)) {
+                                channel = priv->channel_info[i].channel;
+                                ch_info = iwl_get_channel_info(priv,
+                                        band, channel);
+                                if (is_channel_valid(ch_info))
+                                        break;
+                        }
+                }
+        } else {
+                for (i = 0; i < 14; i++) {
+                        if (priv->channel_info[i].channel !=
+                            le16_to_cpu(priv->staging_rxon.channel)) {
+                                        channel =
+                                                priv->channel_info[i].channel;
+                                        ch_info = iwl_get_channel_info(priv,
+                                                band, channel);
+                                        if (is_channel_valid(ch_info))
+                                                break;
+                        }
+                }
+        }
+        if (channel) {
+                scan_ch->channel = cpu_to_le16(channel);
+                scan_ch->type = SCAN_CHANNEL_TYPE_PASSIVE;
+                scan_ch->active_dwell = cpu_to_le16(active_dwell);
+                scan_ch->passive_dwell = cpu_to_le16(passive_dwell);
+                /* Set txpower levels to defaults */
+                scan_ch->dsp_atten = 110;
+                if (band == IEEE80211_BAND_5GHZ)
+                        scan_ch->tx_gain = ((1 << 5) | (3 << 3)) | 3;
+                else
+                        scan_ch->tx_gain = ((1 << 5) | (5 << 3));
+                added++;
+        } else
+                IWL_ERR(priv, "no valid channel found\n");
+        return added;
+}
+static int iwl_get_channels_for_scan(struct iwl_priv *priv,
+                                     enum ieee80211_band band,
+                                     u8 is_active, u8 n_probes,
+                                     struct iwl_scan_channel *scan_ch)
+{
+        struct ieee80211_channel *chan;
+        const struct ieee80211_supported_band *sband;
+        const struct iwl_channel_info *ch_info;
+        u16 passive_dwell = 0;
+        u16 active_dwell = 0;
+        int added, i;
+        u16 channel;
+        sband = iwl_get_hw_mode(priv, band);
+        if (!sband)
+                return 0;
+        active_dwell = iwl_get_active_dwell_time(priv, band, n_probes);
+        passive_dwell = iwl_get_passive_dwell_time(priv, band);
+        if (passive_dwell <= active_dwell)
+                passive_dwell = active_dwell + 1;
+        for (i = 0, added = 0; i < priv->scan_request->n_channels; i++) {
+                chan = priv->scan_request->channels[i];
+                if (chan->band != band)
+                        continue;
+                channel = ieee80211_frequency_to_channel(chan->center_freq);
+                scan_ch->channel = cpu_to_le16(channel);
+                ch_info = iwl_get_channel_info(priv, band, channel);
+                if (!is_channel_valid(ch_info)) {
+                        IWL_DEBUG_SCAN(priv, "Channel %d is INVALID for this band.\n",
+                                        channel);
+                        continue;
+                }
+                if (!is_active || is_channel_passive(ch_info) ||
+                    (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN))
+                        scan_ch->type = SCAN_CHANNEL_TYPE_PASSIVE;
+                else
+                        scan_ch->type = SCAN_CHANNEL_TYPE_ACTIVE;
+                if (n_probes)
+                        scan_ch->type |= IWL_SCAN_PROBE_MASK(n_probes);
+                scan_ch->active_dwell = cpu_to_le16(active_dwell);
+                scan_ch->passive_dwell = cpu_to_le16(passive_dwell);
+                /* Set txpower levels to defaults */
+                scan_ch->dsp_atten = 110;
+                /* NOTE: if we were doing 6Mb OFDM for scans we'd use
+                 * power level:
+                 * scan_ch->tx_gain = ((1 << 5) | (2 << 3)) | 3;
+                 */
+                if (band == IEEE80211_BAND_5GHZ)
+                        scan_ch->tx_gain = ((1 << 5) | (3 << 3)) | 3;
+                else
+                        scan_ch->tx_gain = ((1 << 5) | (5 << 3));
+                IWL_DEBUG_SCAN(priv, "Scanning ch=%d prob=0x%X [%s %d]\n",
+                               channel, le32_to_cpu(scan_ch->type),
+                               (scan_ch->type & SCAN_CHANNEL_TYPE_ACTIVE) ?
+                                "ACTIVE" : "PASSIVE",
+                               (scan_ch->type & SCAN_CHANNEL_TYPE_ACTIVE) ?
+                               active_dwell : passive_dwell);
+                scan_ch++;
+                added++;
+        }
+        IWL_DEBUG_SCAN(priv, "total channels to scan %d\n", added);
+        return added;
+}
+void iwlagn_request_scan(struct iwl_priv *priv)
+{
+        struct iwl_host_cmd cmd = {
+                .id = REPLY_SCAN_CMD,
+                .len = sizeof(struct iwl_scan_cmd),
+                .flags = CMD_SIZE_HUGE,
+        };
+        struct iwl_scan_cmd *scan;
+        struct ieee80211_conf *conf = NULL;
+        u32 rate_flags = 0;
+        u16 cmd_len;
+        u16 rx_chain = 0;
+        enum ieee80211_band band;
+        u8 n_probes = 0;
+        u8 rx_ant = priv->hw_params.valid_rx_ant;
+        u8 rate;
+        bool is_active = false;
+        int  chan_mod;
+        u8 active_chains;
+        conf = ieee80211_get_hw_conf(priv->hw);
+        cancel_delayed_work(&priv->scan_check);
+        if (!iwl_is_ready(priv)) {
+                IWL_WARN(priv, "request scan called when driver not ready.\n");
+                goto done;
+        }
+        /* Make sure the scan wasn't canceled before this queued work
+         * was given the chance to run... */
+        if (!test_bit(STATUS_SCANNING, &priv->status))
+                goto done;
+        /* This should never be called or scheduled if there is currently
+         * a scan active in the hardware. */
+        if (test_bit(STATUS_SCAN_HW, &priv->status)) {
+                IWL_DEBUG_INFO(priv, "Multiple concurrent scan requests in parallel. "
+                               "Ignoring second request.\n");
+                goto done;
+        }
+        if (test_bit(STATUS_EXIT_PENDING, &priv->status)) {
+                IWL_DEBUG_SCAN(priv, "Aborting scan due to device shutdown\n");
+                goto done;
+        }
+        if (test_bit(STATUS_SCAN_ABORTING, &priv->status)) {
+                IWL_DEBUG_HC(priv, "Scan request while abort pending.  Queuing.\n");
+                goto done;
+        }
+        if (iwl_is_rfkill(priv)) {
+                IWL_DEBUG_HC(priv, "Aborting scan due to RF Kill activation\n");
+                goto done;
+        }
+        if (!test_bit(STATUS_READY, &priv->status)) {
+                IWL_DEBUG_HC(priv, "Scan request while uninitialized.  Queuing.\n");
+                goto done;
+        }
+        if (!priv->scan_cmd) {
+                priv->scan_cmd = kmalloc(sizeof(struct iwl_scan_cmd) +
+                                         IWL_MAX_SCAN_SIZE, GFP_KERNEL);
+                if (!priv->scan_cmd) {
+                        IWL_DEBUG_SCAN(priv,
+                                       "fail to allocate memory for scan\n");
+                        goto done;
+                }
+        }
+        scan = priv->scan_cmd;
+        memset(scan, 0, sizeof(struct iwl_scan_cmd) + IWL_MAX_SCAN_SIZE);
+        scan->quiet_plcp_th = IWL_PLCP_QUIET_THRESH;
+        scan->quiet_time = IWL_ACTIVE_QUIET_TIME;
+        if (iwl_is_associated(priv)) {
+                u16 interval = 0;
+                u32 extra;
+                u32 suspend_time = 100;
+                u32 scan_suspend_time = 100;
+                unsigned long flags;
+                IWL_DEBUG_INFO(priv, "Scanning while associated...\n");
+                spin_lock_irqsave(&priv->lock, flags);
+                interval = priv->beacon_int;
+                spin_unlock_irqrestore(&priv->lock, flags);
+                scan->suspend_time = 0;
+                scan->max_out_time = cpu_to_le32(200 * 1024);
+                if (!interval)
+                        interval = suspend_time;
+                extra = (suspend_time / interval) << 22;
+                scan_suspend_time = (extra |
+                    ((suspend_time % interval) * 1024));
+                scan->suspend_time = cpu_to_le32(scan_suspend_time);
+                IWL_DEBUG_SCAN(priv, "suspend_time 0x%X beacon interval %d\n",
+                               scan_suspend_time, interval);
+        }
+        if (priv->is_internal_short_scan) {
+                IWL_DEBUG_SCAN(priv, "Start internal passive scan.\n");
+        } else if (priv->scan_request->n_ssids) {
+                int i, p = 0;
+                IWL_DEBUG_SCAN(priv, "Kicking off active scan\n");
+                for (i = 0; i < priv->scan_request->n_ssids; i++) {
+                        /* always does wildcard anyway */
+                        if (!priv->scan_request->ssids[i].ssid_len)
+                                continue;
+                        scan->direct_scan[p].id = WLAN_EID_SSID;
+                        scan->direct_scan[p].len =
+                                priv->scan_request->ssids[i].ssid_len;
+                        memcpy(scan->direct_scan[p].ssid,
+                               priv->scan_request->ssids[i].ssid,
+                               priv->scan_request->ssids[i].ssid_len);
+                        n_probes++;
+                        p++;
+                }
+                is_active = true;
+        } else
+                IWL_DEBUG_SCAN(priv, "Start passive scan.\n");
+        scan->tx_cmd.tx_flags = TX_CMD_FLG_SEQ_CTL_MSK;
+        scan->tx_cmd.sta_id = priv->hw_params.bcast_sta_id;
+        scan->tx_cmd.stop_time.life_time = TX_CMD_LIFE_TIME_INFINITE;
+        switch (priv->scan_band) {
+        case IEEE80211_BAND_2GHZ:
+                scan->flags = RXON_FLG_BAND_24G_MSK | RXON_FLG_AUTO_DETECT_MSK;
+                chan_mod = le32_to_cpu(priv->active_rxon.flags & RXON_FLG_CHANNEL_MODE_MSK)
+                                       >> RXON_FLG_CHANNEL_MODE_POS;
+                if (chan_mod == CHANNEL_MODE_PURE_40) {
+                        rate = IWL_RATE_6M_PLCP;
+                } else {
+                        rate = IWL_RATE_1M_PLCP;
+                        rate_flags = RATE_MCS_CCK_MSK;
+                }
+                scan->good_CRC_th = 0;
+                break;
+        case IEEE80211_BAND_5GHZ:
+                rate = IWL_RATE_6M_PLCP;
+                /*
+                 * If active scaning is requested but a certain channel
+                 * is marked passive, we can do active scanning if we
+                 * detect transmissions.
+                 */
+                scan->good_CRC_th = is_active ? IWL_GOOD_CRC_TH : 0;
+                break;
+        default:
+                IWL_WARN(priv, "Invalid scan band count\n");
+                goto done;
+        }
+        band = priv->scan_band;
+        if (priv->cfg->scan_antennas[band])
+                rx_ant = priv->cfg->scan_antennas[band];
+        priv->scan_tx_ant[band] =
+                        iwl_toggle_tx_ant(priv, priv->scan_tx_ant[band]);
+        rate_flags |= iwl_ant_idx_to_flags(priv->scan_tx_ant[band]);
+        scan->tx_cmd.rate_n_flags = iwl_hw_set_rate_n_flags(rate, rate_flags);
+        /* In power save mode use one chain, otherwise use all chains */
+        if (test_bit(STATUS_POWER_PMI, &priv->status)) {
+                /* rx_ant has been set to all valid chains previously */
+                active_chains = rx_ant &
+                                ((u8)(priv->chain_noise_data.active_chains));
+                if (!active_chains)
+                        active_chains = rx_ant;
+                IWL_DEBUG_SCAN(priv, "chain_noise_data.active_chains: %u\n",
+                                priv->chain_noise_data.active_chains);
+                rx_ant = first_antenna(active_chains);
+        }
+        /* MIMO is not used here, but value is required */
+        rx_chain |= priv->hw_params.valid_rx_ant << RXON_RX_CHAIN_VALID_POS;
+        rx_chain |= rx_ant << RXON_RX_CHAIN_FORCE_MIMO_SEL_POS;
+        rx_chain |= rx_ant << RXON_RX_CHAIN_FORCE_SEL_POS;
+        rx_chain |= 0x1 << RXON_RX_CHAIN_DRIVER_FORCE_POS;
+        scan->rx_chain = cpu_to_le16(rx_chain);
+        if (!priv->is_internal_short_scan) {
+                cmd_len = iwl_fill_probe_req(priv,
+                                        (struct ieee80211_mgmt *)scan->data,
+                                        priv->scan_request->ie,
+                                        priv->scan_request->ie_len,
+                                        IWL_MAX_SCAN_SIZE - sizeof(*scan));
+        } else {
+                cmd_len = iwl_fill_probe_req(priv,
+                                        (struct ieee80211_mgmt *)scan->data,
+                                        NULL, 0,
+                                        IWL_MAX_SCAN_SIZE - sizeof(*scan));
+        }
+        scan->tx_cmd.len = cpu_to_le16(cmd_len);
+        scan->filter_flags |= (RXON_FILTER_ACCEPT_GRP_MSK |
+                               RXON_FILTER_BCON_AWARE_MSK);
+        if (priv->is_internal_short_scan) {
+                scan->channel_count =
+                        iwl_get_single_channel_for_scan(priv, band,
+                                (void *)&scan->data[le16_to_cpu(
+                                scan->tx_cmd.len)]);
+        } else {
+                scan->channel_count =
+                        iwl_get_channels_for_scan(priv, band,
+                                is_active, n_probes,
+                                (void *)&scan->data[le16_to_cpu(
+                                scan->tx_cmd.len)]);
+        }
+        if (scan->channel_count == 0) {
+                IWL_DEBUG_SCAN(priv, "channel count %d\n", scan->channel_count);
+                goto done;
+        }
+        cmd.len += le16_to_cpu(scan->tx_cmd.len) +
+            scan->channel_count * sizeof(struct iwl_scan_channel);
+        cmd.data = scan;
+        scan->len = cpu_to_le16(cmd.len);
+        set_bit(STATUS_SCAN_HW, &priv->status);
+        if (iwl_send_cmd_sync(priv, &cmd))
+                goto done;
+        queue_delayed_work(priv->workqueue, &priv->scan_check,
+                           IWL_SCAN_CHECK_WATCHDOG);
+        return;
+ done:
+        /* Cannot perform scan. Make sure we clear scanning
+        * bits from status so next scan request can be performed.
+        * If we don't clear scanning status bit here all next scan
+        * will fail
+        */
+        clear_bit(STATUS_SCAN_HW, &priv->status);
+        clear_bit(STATUS_SCANNING, &priv->status);
+        /* inform mac80211 scan aborted */
+        queue_work(priv->workqueue, &priv->scan_completed);
+}

diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-lib.c b/drivers/net/wireless/iwlwifi/iwl-agn-lib.c index c465c8590833..4bd0aecc7713 100644 --- a/drivers/net/wireless/iwlwifi/iwl-agn-lib.c +++ b/drivers/net/wireless/iwlwifi/iwl-agn-lib.c
@@ -331,7 +331,7 @@ u16 iwlagn_eeprom_calib_version(struct iwl_priv *priv)
331	} *hdr;	331	} *hdr;
332		332
333	hdr = (struct iwl_eeprom_calib_hdr *)iwl_eeprom_query_addr(priv,	333	hdr = (struct iwl_eeprom_calib_hdr *)iwl_eeprom_query_addr(priv,
334	EEPROM_5000_CALIB_ALL);	334	EEPROM_CALIB_ALL);
335	return hdr->version;	335	return hdr->version;
336		336
337	}	337	}
@@ -348,22 +348,22 @@ static u32 eeprom_indirect_address(const struct iwl_priv *priv, u32 address)
348		348
349	switch (address & INDIRECT_TYPE_MSK) {	349	switch (address & INDIRECT_TYPE_MSK) {
350	case INDIRECT_HOST:	350	case INDIRECT_HOST:
351	offset = iwl_eeprom_query16(priv, EEPROM_5000_LINK_HOST);	351	offset = iwl_eeprom_query16(priv, EEPROM_LINK_HOST);
352	break;	352	break;
353	case INDIRECT_GENERAL:	353	case INDIRECT_GENERAL:
354	offset = iwl_eeprom_query16(priv, EEPROM_5000_LINK_GENERAL);	354	offset = iwl_eeprom_query16(priv, EEPROM_LINK_GENERAL);
355	break;	355	break;
356	case INDIRECT_REGULATORY:	356	case INDIRECT_REGULATORY:
357	offset = iwl_eeprom_query16(priv, EEPROM_5000_LINK_REGULATORY);	357	offset = iwl_eeprom_query16(priv, EEPROM_LINK_REGULATORY);
358	break;	358	break;
359	case INDIRECT_CALIBRATION:	359	case INDIRECT_CALIBRATION:
360	offset = iwl_eeprom_query16(priv, EEPROM_5000_LINK_CALIBRATION);	360	offset = iwl_eeprom_query16(priv, EEPROM_LINK_CALIBRATION);
361	break;	361	break;
362	case INDIRECT_PROCESS_ADJST:	362	case INDIRECT_PROCESS_ADJST:
363	offset = iwl_eeprom_query16(priv, EEPROM_5000_LINK_PROCESS_ADJST);	363	offset = iwl_eeprom_query16(priv, EEPROM_LINK_PROCESS_ADJST);
364	break;	364	break;
365	case INDIRECT_OTHERS:	365	case INDIRECT_OTHERS:
366	offset = iwl_eeprom_query16(priv, EEPROM_5000_LINK_OTHERS);	366	offset = iwl_eeprom_query16(priv, EEPROM_LINK_OTHERS);
367	break;	367	break;
368	default:	368	default:
369	IWL_ERR(priv, "illegal indirect type: 0x%X\n",	369	IWL_ERR(priv, "illegal indirect type: 0x%X\n",
@@ -1111,3 +1111,392 @@ void iwlagn_rx_reply_rx_phy(struct iwl_priv *priv,
1111	memcpy(&priv->_agn.last_phy_res, pkt->u.raw,	1111	memcpy(&priv->_agn.last_phy_res, pkt->u.raw,
1112	sizeof(struct iwl_rx_phy_res));	1112	sizeof(struct iwl_rx_phy_res));
1113	}	1113	}
		1114
		1115	static int iwl_get_single_channel_for_scan(struct iwl_priv *priv,
		1116	enum ieee80211_band band,
		1117	struct iwl_scan_channel *scan_ch)
		1118	{
		1119	const struct ieee80211_supported_band *sband;
		1120	const struct iwl_channel_info *ch_info;
		1121	u16 passive_dwell = 0;
		1122	u16 active_dwell = 0;
		1123	int i, added = 0;
		1124	u16 channel = 0;
		1125
		1126	sband = iwl_get_hw_mode(priv, band);
		1127	if (!sband) {
		1128	IWL_ERR(priv, "invalid band\n");
		1129	return added;
		1130	}
		1131
		1132	active_dwell = iwl_get_active_dwell_time(priv, band, 0);
		1133	passive_dwell = iwl_get_passive_dwell_time(priv, band);
		1134
		1135	if (passive_dwell <= active_dwell)
		1136	passive_dwell = active_dwell + 1;
		1137
		1138	/* only scan single channel, good enough to reset the RF */
		1139	/* pick the first valid not in-use channel */
		1140	if (band == IEEE80211_BAND_5GHZ) {
		1141	for (i = 14; i < priv->channel_count; i++) {
		1142	if (priv->channel_info[i].channel !=
		1143	le16_to_cpu(priv->staging_rxon.channel)) {
		1144	channel = priv->channel_info[i].channel;
		1145	ch_info = iwl_get_channel_info(priv,
		1146	band, channel);
		1147	if (is_channel_valid(ch_info))
		1148	break;
		1149	}
		1150	}
		1151	} else {
		1152	for (i = 0; i < 14; i++) {
		1153	if (priv->channel_info[i].channel !=
		1154	le16_to_cpu(priv->staging_rxon.channel)) {
		1155	channel =
		1156	priv->channel_info[i].channel;
		1157	ch_info = iwl_get_channel_info(priv,
		1158	band, channel);
		1159	if (is_channel_valid(ch_info))
		1160	break;
		1161	}
		1162	}
		1163	}
		1164	if (channel) {
		1165	scan_ch->channel = cpu_to_le16(channel);
		1166	scan_ch->type = SCAN_CHANNEL_TYPE_PASSIVE;
		1167	scan_ch->active_dwell = cpu_to_le16(active_dwell);
		1168	scan_ch->passive_dwell = cpu_to_le16(passive_dwell);
		1169	/* Set txpower levels to defaults */
		1170	scan_ch->dsp_atten = 110;
		1171	if (band == IEEE80211_BAND_5GHZ)
		1172	scan_ch->tx_gain = ((1 << 5) \| (3 << 3)) \| 3;
		1173	else
		1174	scan_ch->tx_gain = ((1 << 5) \| (5 << 3));
		1175	added++;
		1176	} else
		1177	IWL_ERR(priv, "no valid channel found\n");
		1178	return added;
		1179	}
		1180
		1181	static int iwl_get_channels_for_scan(struct iwl_priv *priv,
		1182	enum ieee80211_band band,
		1183	u8 is_active, u8 n_probes,
		1184	struct iwl_scan_channel *scan_ch)
		1185	{
		1186	struct ieee80211_channel *chan;
		1187	const struct ieee80211_supported_band *sband;
		1188	const struct iwl_channel_info *ch_info;
		1189	u16 passive_dwell = 0;
		1190	u16 active_dwell = 0;
		1191	int added, i;
		1192	u16 channel;
		1193
		1194	sband = iwl_get_hw_mode(priv, band);
		1195	if (!sband)
		1196	return 0;
		1197
		1198	active_dwell = iwl_get_active_dwell_time(priv, band, n_probes);
		1199	passive_dwell = iwl_get_passive_dwell_time(priv, band);
		1200
		1201	if (passive_dwell <= active_dwell)
		1202	passive_dwell = active_dwell + 1;
		1203
		1204	for (i = 0, added = 0; i < priv->scan_request->n_channels; i++) {
		1205	chan = priv->scan_request->channels[i];
		1206
		1207	if (chan->band != band)
		1208	continue;
		1209
		1210	channel = ieee80211_frequency_to_channel(chan->center_freq);
		1211	scan_ch->channel = cpu_to_le16(channel);
		1212
		1213	ch_info = iwl_get_channel_info(priv, band, channel);
		1214	if (!is_channel_valid(ch_info)) {
		1215	IWL_DEBUG_SCAN(priv, "Channel %d is INVALID for this band.\n",
		1216	channel);
		1217	continue;
		1218	}
		1219
		1220	if (!is_active \|\| is_channel_passive(ch_info) \|\|
		1221	(chan->flags & IEEE80211_CHAN_PASSIVE_SCAN))
		1222	scan_ch->type = SCAN_CHANNEL_TYPE_PASSIVE;
		1223	else
		1224	scan_ch->type = SCAN_CHANNEL_TYPE_ACTIVE;
		1225
		1226	if (n_probes)
		1227	scan_ch->type \|= IWL_SCAN_PROBE_MASK(n_probes);
		1228
		1229	scan_ch->active_dwell = cpu_to_le16(active_dwell);
		1230	scan_ch->passive_dwell = cpu_to_le16(passive_dwell);
		1231
		1232	/* Set txpower levels to defaults */
		1233	scan_ch->dsp_atten = 110;
		1234
		1235	/* NOTE: if we were doing 6Mb OFDM for scans we'd use
		1236	* power level:
		1237	* scan_ch->tx_gain = ((1 << 5) \| (2 << 3)) \| 3;
		1238	*/
		1239	if (band == IEEE80211_BAND_5GHZ)
		1240	scan_ch->tx_gain = ((1 << 5) \| (3 << 3)) \| 3;
		1241	else
		1242	scan_ch->tx_gain = ((1 << 5) \| (5 << 3));
		1243
		1244	IWL_DEBUG_SCAN(priv, "Scanning ch=%d prob=0x%X [%s %d]\n",
		1245	channel, le32_to_cpu(scan_ch->type),
		1246	(scan_ch->type & SCAN_CHANNEL_TYPE_ACTIVE) ?
		1247	"ACTIVE" : "PASSIVE",
		1248	(scan_ch->type & SCAN_CHANNEL_TYPE_ACTIVE) ?
		1249	active_dwell : passive_dwell);
		1250
		1251	scan_ch++;
		1252	added++;
		1253	}
		1254
		1255	IWL_DEBUG_SCAN(priv, "total channels to scan %d\n", added);
		1256	return added;
		1257	}
		1258
		1259	void iwlagn_request_scan(struct iwl_priv *priv)
		1260	{
		1261	struct iwl_host_cmd cmd = {
		1262	.id = REPLY_SCAN_CMD,
		1263	.len = sizeof(struct iwl_scan_cmd),
		1264	.flags = CMD_SIZE_HUGE,
		1265	};
		1266	struct iwl_scan_cmd *scan;
		1267	struct ieee80211_conf *conf = NULL;
		1268	u32 rate_flags = 0;
		1269	u16 cmd_len;
		1270	u16 rx_chain = 0;
		1271	enum ieee80211_band band;
		1272	u8 n_probes = 0;
		1273	u8 rx_ant = priv->hw_params.valid_rx_ant;
		1274	u8 rate;
		1275	bool is_active = false;
		1276	int chan_mod;
		1277	u8 active_chains;
		1278
		1279	conf = ieee80211_get_hw_conf(priv->hw);
		1280
		1281	cancel_delayed_work(&priv->scan_check);
		1282
		1283	if (!iwl_is_ready(priv)) {
		1284	IWL_WARN(priv, "request scan called when driver not ready.\n");
		1285	goto done;
		1286	}
		1287
		1288	/* Make sure the scan wasn't canceled before this queued work
		1289	* was given the chance to run... */
		1290	if (!test_bit(STATUS_SCANNING, &priv->status))
		1291	goto done;
		1292
		1293	/* This should never be called or scheduled if there is currently
		1294	* a scan active in the hardware. */
		1295	if (test_bit(STATUS_SCAN_HW, &priv->status)) {
		1296	IWL_DEBUG_INFO(priv, "Multiple concurrent scan requests in parallel. "
		1297	"Ignoring second request.\n");
		1298	goto done;
		1299	}
		1300
		1301	if (test_bit(STATUS_EXIT_PENDING, &priv->status)) {
		1302	IWL_DEBUG_SCAN(priv, "Aborting scan due to device shutdown\n");
		1303	goto done;
		1304	}
		1305
		1306	if (test_bit(STATUS_SCAN_ABORTING, &priv->status)) {
		1307	IWL_DEBUG_HC(priv, "Scan request while abort pending. Queuing.\n");
		1308	goto done;
		1309	}
		1310
		1311	if (iwl_is_rfkill(priv)) {
		1312	IWL_DEBUG_HC(priv, "Aborting scan due to RF Kill activation\n");
		1313	goto done;
		1314	}
		1315
		1316	if (!test_bit(STATUS_READY, &priv->status)) {
		1317	IWL_DEBUG_HC(priv, "Scan request while uninitialized. Queuing.\n");
		1318	goto done;
		1319	}
		1320
		1321	if (!priv->scan_cmd) {
		1322	priv->scan_cmd = kmalloc(sizeof(struct iwl_scan_cmd) +
		1323	IWL_MAX_SCAN_SIZE, GFP_KERNEL);
		1324	if (!priv->scan_cmd) {
		1325	IWL_DEBUG_SCAN(priv,
		1326	"fail to allocate memory for scan\n");
		1327	goto done;
		1328	}
		1329	}
		1330	scan = priv->scan_cmd;
		1331	memset(scan, 0, sizeof(struct iwl_scan_cmd) + IWL_MAX_SCAN_SIZE);
		1332
		1333	scan->quiet_plcp_th = IWL_PLCP_QUIET_THRESH;
		1334	scan->quiet_time = IWL_ACTIVE_QUIET_TIME;
		1335
		1336	if (iwl_is_associated(priv)) {
		1337	u16 interval = 0;
		1338	u32 extra;
		1339	u32 suspend_time = 100;
		1340	u32 scan_suspend_time = 100;
		1341	unsigned long flags;
		1342
		1343	IWL_DEBUG_INFO(priv, "Scanning while associated...\n");
		1344	spin_lock_irqsave(&priv->lock, flags);
		1345	interval = priv->beacon_int;
		1346	spin_unlock_irqrestore(&priv->lock, flags);
		1347
		1348	scan->suspend_time = 0;
		1349	scan->max_out_time = cpu_to_le32(200 * 1024);
		1350	if (!interval)
		1351	interval = suspend_time;
		1352
		1353	extra = (suspend_time / interval) << 22;
		1354	scan_suspend_time = (extra \|
		1355	((suspend_time % interval) * 1024));
		1356	scan->suspend_time = cpu_to_le32(scan_suspend_time);
		1357	IWL_DEBUG_SCAN(priv, "suspend_time 0x%X beacon interval %d\n",
		1358	scan_suspend_time, interval);
		1359	}
		1360
		1361	if (priv->is_internal_short_scan) {
		1362	IWL_DEBUG_SCAN(priv, "Start internal passive scan.\n");
		1363	} else if (priv->scan_request->n_ssids) {
		1364	int i, p = 0;
		1365	IWL_DEBUG_SCAN(priv, "Kicking off active scan\n");
		1366	for (i = 0; i < priv->scan_request->n_ssids; i++) {
		1367	/* always does wildcard anyway */
		1368	if (!priv->scan_request->ssids[i].ssid_len)
		1369	continue;
		1370	scan->direct_scan[p].id = WLAN_EID_SSID;
		1371	scan->direct_scan[p].len =
		1372	priv->scan_request->ssids[i].ssid_len;
		1373	memcpy(scan->direct_scan[p].ssid,
		1374	priv->scan_request->ssids[i].ssid,
		1375	priv->scan_request->ssids[i].ssid_len);
		1376	n_probes++;
		1377	p++;
		1378	}
		1379	is_active = true;
		1380	} else
		1381	IWL_DEBUG_SCAN(priv, "Start passive scan.\n");
		1382
		1383	scan->tx_cmd.tx_flags = TX_CMD_FLG_SEQ_CTL_MSK;
		1384	scan->tx_cmd.sta_id = priv->hw_params.bcast_sta_id;
		1385	scan->tx_cmd.stop_time.life_time = TX_CMD_LIFE_TIME_INFINITE;
		1386
		1387	switch (priv->scan_band) {
		1388	case IEEE80211_BAND_2GHZ:
		1389	scan->flags = RXON_FLG_BAND_24G_MSK \| RXON_FLG_AUTO_DETECT_MSK;
		1390	chan_mod = le32_to_cpu(priv->active_rxon.flags & RXON_FLG_CHANNEL_MODE_MSK)
		1391	>> RXON_FLG_CHANNEL_MODE_POS;
		1392	if (chan_mod == CHANNEL_MODE_PURE_40) {
		1393	rate = IWL_RATE_6M_PLCP;
		1394	} else {
		1395	rate = IWL_RATE_1M_PLCP;
		1396	rate_flags = RATE_MCS_CCK_MSK;
		1397	}
		1398	scan->good_CRC_th = 0;
		1399	break;
		1400	case IEEE80211_BAND_5GHZ:
		1401	rate = IWL_RATE_6M_PLCP;
		1402	/*
		1403	* If active scaning is requested but a certain channel
		1404	* is marked passive, we can do active scanning if we
		1405	* detect transmissions.
		1406	*/
		1407	scan->good_CRC_th = is_active ? IWL_GOOD_CRC_TH : 0;
		1408	break;
		1409	default:
		1410	IWL_WARN(priv, "Invalid scan band count\n");
		1411	goto done;
		1412	}
		1413
		1414	band = priv->scan_band;
		1415
		1416	if (priv->cfg->scan_antennas[band])
		1417	rx_ant = priv->cfg->scan_antennas[band];
		1418
		1419	priv->scan_tx_ant[band] =
		1420	iwl_toggle_tx_ant(priv, priv->scan_tx_ant[band]);
		1421	rate_flags \|= iwl_ant_idx_to_flags(priv->scan_tx_ant[band]);
		1422	scan->tx_cmd.rate_n_flags = iwl_hw_set_rate_n_flags(rate, rate_flags);
		1423
		1424	/* In power save mode use one chain, otherwise use all chains */
		1425	if (test_bit(STATUS_POWER_PMI, &priv->status)) {
		1426	/* rx_ant has been set to all valid chains previously */
		1427	active_chains = rx_ant &
		1428	((u8)(priv->chain_noise_data.active_chains));
		1429	if (!active_chains)
		1430	active_chains = rx_ant;
		1431
		1432	IWL_DEBUG_SCAN(priv, "chain_noise_data.active_chains: %u\n",
		1433	priv->chain_noise_data.active_chains);
		1434
		1435	rx_ant = first_antenna(active_chains);
		1436	}
		1437	/* MIMO is not used here, but value is required */
		1438	rx_chain \|= priv->hw_params.valid_rx_ant << RXON_RX_CHAIN_VALID_POS;
		1439	rx_chain \|= rx_ant << RXON_RX_CHAIN_FORCE_MIMO_SEL_POS;
		1440	rx_chain \|= rx_ant << RXON_RX_CHAIN_FORCE_SEL_POS;
		1441	rx_chain \|= 0x1 << RXON_RX_CHAIN_DRIVER_FORCE_POS;
		1442	scan->rx_chain = cpu_to_le16(rx_chain);
		1443	if (!priv->is_internal_short_scan) {
		1444	cmd_len = iwl_fill_probe_req(priv,
		1445	(struct ieee80211_mgmt *)scan->data,
		1446	priv->scan_request->ie,
		1447	priv->scan_request->ie_len,
		1448	IWL_MAX_SCAN_SIZE - sizeof(*scan));
		1449	} else {
		1450	cmd_len = iwl_fill_probe_req(priv,
		1451	(struct ieee80211_mgmt *)scan->data,
		1452	NULL, 0,
		1453	IWL_MAX_SCAN_SIZE - sizeof(*scan));
		1454
		1455	}
		1456	scan->tx_cmd.len = cpu_to_le16(cmd_len);
		1457
		1458	scan->filter_flags \|= (RXON_FILTER_ACCEPT_GRP_MSK \|
		1459	RXON_FILTER_BCON_AWARE_MSK);
		1460
		1461	if (priv->is_internal_short_scan) {
		1462	scan->channel_count =
		1463	iwl_get_single_channel_for_scan(priv, band,
		1464	(void *)&scan->data[le16_to_cpu(
		1465	scan->tx_cmd.len)]);
		1466	} else {
		1467	scan->channel_count =
		1468	iwl_get_channels_for_scan(priv, band,
		1469	is_active, n_probes,
		1470	(void *)&scan->data[le16_to_cpu(
		1471	scan->tx_cmd.len)]);
		1472	}
		1473	if (scan->channel_count == 0) {
		1474	IWL_DEBUG_SCAN(priv, "channel count %d\n", scan->channel_count);
		1475	goto done;
		1476	}
		1477
		1478	cmd.len += le16_to_cpu(scan->tx_cmd.len) +
		1479	scan->channel_count * sizeof(struct iwl_scan_channel);
		1480	cmd.data = scan;
		1481	scan->len = cpu_to_le16(cmd.len);
		1482
		1483	set_bit(STATUS_SCAN_HW, &priv->status);
		1484	if (iwl_send_cmd_sync(priv, &cmd))
		1485	goto done;
		1486
		1487	queue_delayed_work(priv->workqueue, &priv->scan_check,
		1488	IWL_SCAN_CHECK_WATCHDOG);
		1489
		1490	return;
		1491
		1492	done:
		1493	/* Cannot perform scan. Make sure we clear scanning
		1494	* bits from status so next scan request can be performed.
		1495	* If we don't clear scanning status bit here all next scan
		1496	* will fail
		1497	*/
		1498	clear_bit(STATUS_SCAN_HW, &priv->status);
		1499	clear_bit(STATUS_SCANNING, &priv->status);
		1500	/* inform mac80211 scan aborted */
		1501	queue_work(priv->workqueue, &priv->scan_completed);
		1502	}