iwl-scan.c revision c240879f3488ae0904a7ba5bdaaa54638b2d8852 
1/******************************************************************************
2 *
3 * GPL LICENSE SUMMARY
4 *
5 * Copyright(c) 2008 - 2010 Intel Corporation. All rights reserved.
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of version 2 of the GNU General Public License as
9 * published by the Free Software Foundation.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
19 * USA
20 *
21 * The full GNU General Public License is included in this distribution
22 * in the file called LICENSE.GPL.
23 *
24 * Contact Information:
25 *  Intel Linux Wireless <ilw@linux.intel.com>
26 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
27 *****************************************************************************/
28#include <linux/slab.h>
29#include <linux/types.h>
30#include <linux/etherdevice.h>
31#include <net/mac80211.h>
32
33#include "iwl-eeprom.h"
34#include "iwl-dev.h"
35#include "iwl-core.h"
36#include "iwl-sta.h"
37#include "iwl-io.h"
38#include "iwl-helpers.h"
39
40/* For active scan, listen ACTIVE_DWELL_TIME (msec) on each channel after
41 * sending probe req.  This should be set long enough to hear probe responses
42 * from more than one AP.  */
43#define IWL_ACTIVE_DWELL_TIME_24    (30)       /* all times in msec */
44#define IWL_ACTIVE_DWELL_TIME_52    (20)
45
46#define IWL_ACTIVE_DWELL_FACTOR_24GHZ (3)
47#define IWL_ACTIVE_DWELL_FACTOR_52GHZ (2)
48
49/* For passive scan, listen PASSIVE_DWELL_TIME (msec) on each channel.
50 * Must be set longer than active dwell time.
51 * For the most reliable scan, set > AP beacon interval (typically 100msec). */
52#define IWL_PASSIVE_DWELL_TIME_24   (20)       /* all times in msec */
53#define IWL_PASSIVE_DWELL_TIME_52   (10)
54#define IWL_PASSIVE_DWELL_BASE      (100)
55#define IWL_CHANNEL_TUNE_TIME       5
56
57
58
59/**
60 * iwl_scan_cancel - Cancel any currently executing HW scan
61 *
62 * NOTE: priv->mutex is not required before calling this function
63 */
64int iwl_scan_cancel(struct iwl_priv *priv)
65{
66	if (!test_bit(STATUS_SCAN_HW, &priv->status)) {
67		clear_bit(STATUS_SCANNING, &priv->status);
68		return 0;
69	}
70
71	if (test_bit(STATUS_SCANNING, &priv->status)) {
72		if (!test_and_set_bit(STATUS_SCAN_ABORTING, &priv->status)) {
73			IWL_DEBUG_SCAN(priv, "Queuing scan abort.\n");
74			queue_work(priv->workqueue, &priv->abort_scan);
75
76		} else
77			IWL_DEBUG_SCAN(priv, "Scan abort already in progress.\n");
78
79		return test_bit(STATUS_SCANNING, &priv->status);
80	}
81
82	return 0;
83}
84EXPORT_SYMBOL(iwl_scan_cancel);
85/**
86 * iwl_scan_cancel_timeout - Cancel any currently executing HW scan
87 * @ms: amount of time to wait (in milliseconds) for scan to abort
88 *
89 * NOTE: priv->mutex must be held before calling this function
90 */
91int iwl_scan_cancel_timeout(struct iwl_priv *priv, unsigned long ms)
92{
93	unsigned long now = jiffies;
94	int ret;
95
96	ret = iwl_scan_cancel(priv);
97	if (ret && ms) {
98		mutex_unlock(&priv->mutex);
99		while (!time_after(jiffies, now + msecs_to_jiffies(ms)) &&
100				test_bit(STATUS_SCANNING, &priv->status))
101			msleep(1);
102		mutex_lock(&priv->mutex);
103
104		return test_bit(STATUS_SCANNING, &priv->status);
105	}
106
107	return ret;
108}
109EXPORT_SYMBOL(iwl_scan_cancel_timeout);
110
111static int iwl_send_scan_abort(struct iwl_priv *priv)
112{
113	int ret = 0;
114	struct iwl_rx_packet *pkt;
115	struct iwl_host_cmd cmd = {
116		.id = REPLY_SCAN_ABORT_CMD,
117		.flags = CMD_WANT_SKB,
118	};
119
120	/* If there isn't a scan actively going on in the hardware
121	 * then we are in between scan bands and not actually
122	 * actively scanning, so don't send the abort command */
123	if (!test_bit(STATUS_SCAN_HW, &priv->status)) {
124		clear_bit(STATUS_SCAN_ABORTING, &priv->status);
125		return 0;
126	}
127
128	ret = iwl_send_cmd_sync(priv, &cmd);
129	if (ret) {
130		clear_bit(STATUS_SCAN_ABORTING, &priv->status);
131		return ret;
132	}
133
134	pkt = (struct iwl_rx_packet *)cmd.reply_page;
135	if (pkt->u.status != CAN_ABORT_STATUS) {
136		/* The scan abort will return 1 for success or
137		 * 2 for "failure".  A failure condition can be
138		 * due to simply not being in an active scan which
139		 * can occur if we send the scan abort before we
140		 * the microcode has notified us that a scan is
141		 * completed. */
142		IWL_DEBUG_INFO(priv, "SCAN_ABORT returned %d.\n", pkt->u.status);
143		clear_bit(STATUS_SCAN_ABORTING, &priv->status);
144		clear_bit(STATUS_SCAN_HW, &priv->status);
145	}
146
147	iwl_free_pages(priv, cmd.reply_page);
148
149	return ret;
150}
151
152/* Service response to REPLY_SCAN_CMD (0x80) */
153static void iwl_rx_reply_scan(struct iwl_priv *priv,
154			      struct iwl_rx_mem_buffer *rxb)
155{
156#ifdef CONFIG_IWLWIFI_DEBUG
157	struct iwl_rx_packet *pkt = rxb_addr(rxb);
158	struct iwl_scanreq_notification *notif =
159	    (struct iwl_scanreq_notification *)pkt->u.raw;
160
161	IWL_DEBUG_RX(priv, "Scan request status = 0x%x\n", notif->status);
162#endif
163}
164
165/* Service SCAN_START_NOTIFICATION (0x82) */
166static void iwl_rx_scan_start_notif(struct iwl_priv *priv,
167				    struct iwl_rx_mem_buffer *rxb)
168{
169	struct iwl_rx_packet *pkt = rxb_addr(rxb);
170	struct iwl_scanstart_notification *notif =
171	    (struct iwl_scanstart_notification *)pkt->u.raw;
172	priv->scan_start_tsf = le32_to_cpu(notif->tsf_low);
173	IWL_DEBUG_SCAN(priv, "Scan start: "
174		       "%d [802.11%s] "
175		       "(TSF: 0x%08X:%08X) - %d (beacon timer %u)\n",
176		       notif->channel,
177		       notif->band ? "bg" : "a",
178		       le32_to_cpu(notif->tsf_high),
179		       le32_to_cpu(notif->tsf_low),
180		       notif->status, notif->beacon_timer);
181}
182
183/* Service SCAN_RESULTS_NOTIFICATION (0x83) */
184static void iwl_rx_scan_results_notif(struct iwl_priv *priv,
185				      struct iwl_rx_mem_buffer *rxb)
186{
187#ifdef CONFIG_IWLWIFI_DEBUG
188	struct iwl_rx_packet *pkt = rxb_addr(rxb);
189	struct iwl_scanresults_notification *notif =
190	    (struct iwl_scanresults_notification *)pkt->u.raw;
191
192	IWL_DEBUG_SCAN(priv, "Scan ch.res: "
193		       "%d [802.11%s] "
194		       "(TSF: 0x%08X:%08X) - %d "
195		       "elapsed=%lu usec\n",
196		       notif->channel,
197		       notif->band ? "bg" : "a",
198		       le32_to_cpu(notif->tsf_high),
199		       le32_to_cpu(notif->tsf_low),
200		       le32_to_cpu(notif->statistics[0]),
201		       le32_to_cpu(notif->tsf_low) - priv->scan_start_tsf);
202#endif
203}
204
205/* Service SCAN_COMPLETE_NOTIFICATION (0x84) */
206static void iwl_rx_scan_complete_notif(struct iwl_priv *priv,
207				       struct iwl_rx_mem_buffer *rxb)
208{
209#ifdef CONFIG_IWLWIFI_DEBUG
210	struct iwl_rx_packet *pkt = rxb_addr(rxb);
211	struct iwl_scancomplete_notification *scan_notif = (void *)pkt->u.raw;
212
213	IWL_DEBUG_SCAN(priv, "Scan complete: %d channels (TSF 0x%08X:%08X) - %d\n",
214		       scan_notif->scanned_channels,
215		       scan_notif->tsf_low,
216		       scan_notif->tsf_high, scan_notif->status);
217#endif
218
219	/* The HW is no longer scanning */
220	clear_bit(STATUS_SCAN_HW, &priv->status);
221
222	IWL_DEBUG_INFO(priv, "Scan on %sGHz took %dms\n",
223		       (priv->scan_band == IEEE80211_BAND_2GHZ) ? "2.4" : "5.2",
224		       jiffies_to_msecs(elapsed_jiffies
225					(priv->scan_start, jiffies)));
226
227	/*
228	 * If a request to abort was given, or the scan did not succeed
229	 * then we reset the scan state machine and terminate,
230	 * re-queuing another scan if one has been requested
231	 */
232	if (test_and_clear_bit(STATUS_SCAN_ABORTING, &priv->status))
233		IWL_DEBUG_INFO(priv, "Aborted scan completed.\n");
234
235	IWL_DEBUG_INFO(priv, "Setting scan to off\n");
236
237	clear_bit(STATUS_SCANNING, &priv->status);
238
239	queue_work(priv->workqueue, &priv->scan_completed);
240}
241
242void iwl_setup_rx_scan_handlers(struct iwl_priv *priv)
243{
244	/* scan handlers */
245	priv->rx_handlers[REPLY_SCAN_CMD] = iwl_rx_reply_scan;
246	priv->rx_handlers[SCAN_START_NOTIFICATION] = iwl_rx_scan_start_notif;
247	priv->rx_handlers[SCAN_RESULTS_NOTIFICATION] =
248					iwl_rx_scan_results_notif;
249	priv->rx_handlers[SCAN_COMPLETE_NOTIFICATION] =
250					iwl_rx_scan_complete_notif;
251}
252EXPORT_SYMBOL(iwl_setup_rx_scan_handlers);
253
254inline u16 iwl_get_active_dwell_time(struct iwl_priv *priv,
255				     enum ieee80211_band band,
256				     u8 n_probes)
257{
258	if (band == IEEE80211_BAND_5GHZ)
259		return IWL_ACTIVE_DWELL_TIME_52 +
260			IWL_ACTIVE_DWELL_FACTOR_52GHZ * (n_probes + 1);
261	else
262		return IWL_ACTIVE_DWELL_TIME_24 +
263			IWL_ACTIVE_DWELL_FACTOR_24GHZ * (n_probes + 1);
264}
265EXPORT_SYMBOL(iwl_get_active_dwell_time);
266
267u16 iwl_get_passive_dwell_time(struct iwl_priv *priv,
268			       enum ieee80211_band band,
269			       struct ieee80211_vif *vif)
270{
271	u16 passive = (band == IEEE80211_BAND_2GHZ) ?
272	    IWL_PASSIVE_DWELL_BASE + IWL_PASSIVE_DWELL_TIME_24 :
273	    IWL_PASSIVE_DWELL_BASE + IWL_PASSIVE_DWELL_TIME_52;
274
275	if (iwl_is_associated(priv)) {
276		/* If we're associated, we clamp the maximum passive
277		 * dwell time to be 98% of the beacon interval (minus
278		 * 2 * channel tune time) */
279		passive = vif ? vif->bss_conf.beacon_int : 0;
280		if ((passive > IWL_PASSIVE_DWELL_BASE) || !passive)
281			passive = IWL_PASSIVE_DWELL_BASE;
282		passive = (passive * 98) / 100 - IWL_CHANNEL_TUNE_TIME * 2;
283	}
284
285	return passive;
286}
287EXPORT_SYMBOL(iwl_get_passive_dwell_time);
288
289void iwl_init_scan_params(struct iwl_priv *priv)
290{
291	u8 ant_idx = fls(priv->hw_params.valid_tx_ant) - 1;
292	if (!priv->scan_tx_ant[IEEE80211_BAND_5GHZ])
293		priv->scan_tx_ant[IEEE80211_BAND_5GHZ] = ant_idx;
294	if (!priv->scan_tx_ant[IEEE80211_BAND_2GHZ])
295		priv->scan_tx_ant[IEEE80211_BAND_2GHZ] = ant_idx;
296}
297EXPORT_SYMBOL(iwl_init_scan_params);
298
299static int iwl_scan_initiate(struct iwl_priv *priv, struct ieee80211_vif *vif)
300{
301	lockdep_assert_held(&priv->mutex);
302
303	IWL_DEBUG_INFO(priv, "Starting scan...\n");
304	set_bit(STATUS_SCANNING, &priv->status);
305	priv->is_internal_short_scan = false;
306	priv->scan_start = jiffies;
307
308	if (WARN_ON(!priv->cfg->ops->utils->request_scan))
309		return -EOPNOTSUPP;
310
311	priv->cfg->ops->utils->request_scan(priv, vif);
312
313	return 0;
314}
315
316int iwl_mac_hw_scan(struct ieee80211_hw *hw,
317		    struct ieee80211_vif *vif,
318		    struct cfg80211_scan_request *req)
319{
320	struct iwl_priv *priv = hw->priv;
321	int ret;
322
323	IWL_DEBUG_MAC80211(priv, "enter\n");
324
325	if (req->n_channels == 0)
326		return -EINVAL;
327
328	mutex_lock(&priv->mutex);
329
330	if (!iwl_is_ready_rf(priv)) {
331		ret = -EIO;
332		IWL_DEBUG_MAC80211(priv, "leave - not ready or exit pending\n");
333		goto out_unlock;
334	}
335
336	if (test_bit(STATUS_SCANNING, &priv->status) &&
337	    !priv->is_internal_short_scan) {
338		IWL_DEBUG_SCAN(priv, "Scan already in progress.\n");
339		ret = -EAGAIN;
340		goto out_unlock;
341	}
342
343	if (test_bit(STATUS_SCAN_ABORTING, &priv->status)) {
344		IWL_DEBUG_SCAN(priv, "Scan request while abort pending\n");
345		ret = -EAGAIN;
346		goto out_unlock;
347	}
348
349	/* mac80211 will only ask for one band at a time */
350	priv->scan_band = req->channels[0]->band;
351	priv->scan_request = req;
352	priv->scan_vif = vif;
353
354	/*
355	 * If an internal scan is in progress, just set
356	 * up the scan_request as per above.
357	 */
358	if (priv->is_internal_short_scan)
359		ret = 0;
360	else
361		ret = iwl_scan_initiate(priv, vif);
362
363	IWL_DEBUG_MAC80211(priv, "leave\n");
364
365out_unlock:
366	mutex_unlock(&priv->mutex);
367
368	return ret;
369}
370EXPORT_SYMBOL(iwl_mac_hw_scan);
371
372/*
373 * internal short scan, this function should only been called while associated.
374 * It will reset and tune the radio to prevent possible RF related problem
375 */
376void iwl_internal_short_hw_scan(struct iwl_priv *priv)
377{
378	queue_work(priv->workqueue, &priv->start_internal_scan);
379}
380
381static void iwl_bg_start_internal_scan(struct work_struct *work)
382{
383	struct iwl_priv *priv =
384		container_of(work, struct iwl_priv, start_internal_scan);
385
386	mutex_lock(&priv->mutex);
387
388	if (priv->is_internal_short_scan == true) {
389		IWL_DEBUG_SCAN(priv, "Internal scan already in progress\n");
390		goto unlock;
391	}
392
393	if (!iwl_is_ready_rf(priv)) {
394		IWL_DEBUG_SCAN(priv, "not ready or exit pending\n");
395		goto unlock;
396	}
397
398	if (test_bit(STATUS_SCANNING, &priv->status)) {
399		IWL_DEBUG_SCAN(priv, "Scan already in progress.\n");
400		goto unlock;
401	}
402
403	if (test_bit(STATUS_SCAN_ABORTING, &priv->status)) {
404		IWL_DEBUG_SCAN(priv, "Scan request while abort pending\n");
405		goto unlock;
406	}
407
408	priv->scan_band = priv->band;
409
410	IWL_DEBUG_SCAN(priv, "Start internal short scan...\n");
411	set_bit(STATUS_SCANNING, &priv->status);
412	priv->is_internal_short_scan = true;
413
414	if (WARN_ON(!priv->cfg->ops->utils->request_scan))
415		goto unlock;
416
417	priv->cfg->ops->utils->request_scan(priv, NULL);
418 unlock:
419	mutex_unlock(&priv->mutex);
420}
421
422static void iwl_bg_scan_check(struct work_struct *data)
423{
424	struct iwl_priv *priv =
425	    container_of(data, struct iwl_priv, scan_check.work);
426
427	if (test_bit(STATUS_EXIT_PENDING, &priv->status))
428		return;
429
430	mutex_lock(&priv->mutex);
431	if (test_bit(STATUS_SCANNING, &priv->status) &&
432	    !test_bit(STATUS_SCAN_ABORTING, &priv->status)) {
433		IWL_DEBUG_SCAN(priv, "Scan completion watchdog (%dms)\n",
434			       jiffies_to_msecs(IWL_SCAN_CHECK_WATCHDOG));
435
436		if (!test_bit(STATUS_EXIT_PENDING, &priv->status))
437			iwl_send_scan_abort(priv);
438	}
439	mutex_unlock(&priv->mutex);
440}
441
442/**
443 * iwl_fill_probe_req - fill in all required fields and IE for probe request
444 */
445
446u16 iwl_fill_probe_req(struct iwl_priv *priv, struct ieee80211_mgmt *frame,
447		       const u8 *ta, const u8 *ies, int ie_len, int left)
448{
449	int len = 0;
450	u8 *pos = NULL;
451
452	/* Make sure there is enough space for the probe request,
453	 * two mandatory IEs and the data */
454	left -= 24;
455	if (left < 0)
456		return 0;
457
458	frame->frame_control = cpu_to_le16(IEEE80211_STYPE_PROBE_REQ);
459	memcpy(frame->da, iwl_bcast_addr, ETH_ALEN);
460	memcpy(frame->sa, ta, ETH_ALEN);
461	memcpy(frame->bssid, iwl_bcast_addr, ETH_ALEN);
462	frame->seq_ctrl = 0;
463
464	len += 24;
465
466	/* ...next IE... */
467	pos = &frame->u.probe_req.variable[0];
468
469	/* fill in our indirect SSID IE */
470	left -= 2;
471	if (left < 0)
472		return 0;
473	*pos++ = WLAN_EID_SSID;
474	*pos++ = 0;
475
476	len += 2;
477
478	if (WARN_ON(left < ie_len))
479		return len;
480
481	if (ies && ie_len) {
482		memcpy(pos, ies, ie_len);
483		len += ie_len;
484	}
485
486	return (u16)len;
487}
488EXPORT_SYMBOL(iwl_fill_probe_req);
489
490static void iwl_bg_abort_scan(struct work_struct *work)
491{
492	struct iwl_priv *priv = container_of(work, struct iwl_priv, abort_scan);
493
494	if (!test_bit(STATUS_READY, &priv->status) ||
495	    !test_bit(STATUS_GEO_CONFIGURED, &priv->status))
496		return;
497
498	cancel_delayed_work(&priv->scan_check);
499
500	mutex_lock(&priv->mutex);
501	if (test_bit(STATUS_SCAN_ABORTING, &priv->status))
502		iwl_send_scan_abort(priv);
503	mutex_unlock(&priv->mutex);
504}
505
506static void iwl_bg_scan_completed(struct work_struct *work)
507{
508	struct iwl_priv *priv =
509	    container_of(work, struct iwl_priv, scan_completed);
510	bool internal = false;
511
512	IWL_DEBUG_SCAN(priv, "SCAN complete scan\n");
513
514	cancel_delayed_work(&priv->scan_check);
515
516	mutex_lock(&priv->mutex);
517	if (priv->is_internal_short_scan) {
518		priv->is_internal_short_scan = false;
519		IWL_DEBUG_SCAN(priv, "internal short scan completed\n");
520		internal = true;
521	} else {
522		priv->scan_request = NULL;
523		priv->scan_vif = NULL;
524	}
525
526	if (test_bit(STATUS_EXIT_PENDING, &priv->status))
527		goto out;
528
529	if (internal && priv->scan_request)
530		iwl_scan_initiate(priv, priv->scan_vif);
531
532	/* Since setting the TXPOWER may have been deferred while
533	 * performing the scan, fire one off */
534	iwl_set_tx_power(priv, priv->tx_power_user_lmt, true);
535
536	/*
537	 * Since setting the RXON may have been deferred while
538	 * performing the scan, fire one off if needed
539	 */
540	if (memcmp(&priv->active_rxon,
541		   &priv->staging_rxon, sizeof(priv->staging_rxon)))
542		iwlcore_commit_rxon(priv);
543
544 out:
545	mutex_unlock(&priv->mutex);
546
547	/*
548	 * Do not hold mutex here since this will cause mac80211 to call
549	 * into driver again into functions that will attempt to take
550	 * mutex.
551	 */
552	if (!internal)
553		ieee80211_scan_completed(priv->hw, false);
554}
555
556void iwl_setup_scan_deferred_work(struct iwl_priv *priv)
557{
558	INIT_WORK(&priv->scan_completed, iwl_bg_scan_completed);
559	INIT_WORK(&priv->abort_scan, iwl_bg_abort_scan);
560	INIT_WORK(&priv->start_internal_scan, iwl_bg_start_internal_scan);
561	INIT_DELAYED_WORK(&priv->scan_check, iwl_bg_scan_check);
562}
563EXPORT_SYMBOL(iwl_setup_scan_deferred_work);
564
565