1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
3 * Copyright (C) 2015-2017 Intel Deutschland GmbH
4 * Copyright (C) 2018-2021 Intel Corporation
6 #include <net/cfg80211.h>
7 #include <linux/etherdevice.h>
11 struct iwl_mvm_pasn_sta {
12 struct list_head list;
13 struct iwl_mvm_int_sta int_sta;
17 struct iwl_mvm_pasn_hltk_data {
23 static int iwl_mvm_ftm_responder_set_bw_v1(struct cfg80211_chan_def *chandef,
24 u8 *bw, u8 *ctrl_ch_position)
26 switch (chandef->width) {
27 case NL80211_CHAN_WIDTH_20_NOHT:
28 *bw = IWL_TOF_BW_20_LEGACY;
30 case NL80211_CHAN_WIDTH_20:
31 *bw = IWL_TOF_BW_20_HT;
33 case NL80211_CHAN_WIDTH_40:
35 *ctrl_ch_position = iwl_mvm_get_ctrl_pos(chandef);
37 case NL80211_CHAN_WIDTH_80:
39 *ctrl_ch_position = iwl_mvm_get_ctrl_pos(chandef);
48 static int iwl_mvm_ftm_responder_set_bw_v2(struct cfg80211_chan_def *chandef,
49 u8 *format_bw, u8 *ctrl_ch_position,
52 switch (chandef->width) {
53 case NL80211_CHAN_WIDTH_20_NOHT:
54 *format_bw = IWL_LOCATION_FRAME_FORMAT_LEGACY;
55 *format_bw |= IWL_LOCATION_BW_20MHZ << LOCATION_BW_POS;
57 case NL80211_CHAN_WIDTH_20:
58 *format_bw = IWL_LOCATION_FRAME_FORMAT_HT;
59 *format_bw |= IWL_LOCATION_BW_20MHZ << LOCATION_BW_POS;
61 case NL80211_CHAN_WIDTH_40:
62 *format_bw = IWL_LOCATION_FRAME_FORMAT_HT;
63 *format_bw |= IWL_LOCATION_BW_40MHZ << LOCATION_BW_POS;
64 *ctrl_ch_position = iwl_mvm_get_ctrl_pos(chandef);
66 case NL80211_CHAN_WIDTH_80:
67 *format_bw = IWL_LOCATION_FRAME_FORMAT_VHT;
68 *format_bw |= IWL_LOCATION_BW_80MHZ << LOCATION_BW_POS;
69 *ctrl_ch_position = iwl_mvm_get_ctrl_pos(chandef);
71 case NL80211_CHAN_WIDTH_160:
73 *format_bw = IWL_LOCATION_FRAME_FORMAT_HE;
74 *format_bw |= IWL_LOCATION_BW_160MHZ << LOCATION_BW_POS;
75 *ctrl_ch_position = iwl_mvm_get_ctrl_pos(chandef);
87 iwl_mvm_ftm_responder_set_ndp(struct iwl_mvm *mvm,
88 struct iwl_tof_responder_config_cmd_v9 *cmd)
90 /* Up to 2 R2I STS are allowed on the responder */
91 u32 r2i_max_sts = IWL_MVM_FTM_R2I_MAX_STS < 2 ?
92 IWL_MVM_FTM_R2I_MAX_STS : 1;
94 cmd->r2i_ndp_params = IWL_MVM_FTM_R2I_MAX_REP |
95 (r2i_max_sts << IWL_RESPONDER_STS_POS) |
96 (IWL_MVM_FTM_R2I_MAX_TOTAL_LTF << IWL_RESPONDER_TOTAL_LTF_POS);
97 cmd->i2r_ndp_params = IWL_MVM_FTM_I2R_MAX_REP |
98 (IWL_MVM_FTM_I2R_MAX_STS << IWL_RESPONDER_STS_POS) |
99 (IWL_MVM_FTM_I2R_MAX_TOTAL_LTF << IWL_RESPONDER_TOTAL_LTF_POS);
100 cmd->cmd_valid_fields |=
101 cpu_to_le32(IWL_TOF_RESPONDER_CMD_VALID_NDP_PARAMS);
105 iwl_mvm_ftm_responder_cmd(struct iwl_mvm *mvm,
106 struct ieee80211_vif *vif,
107 struct cfg80211_chan_def *chandef)
109 u32 cmd_id = WIDE_ID(LOCATION_GROUP, TOF_RESPONDER_CONFIG_CMD);
110 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
112 * The command structure is the same for versions 6, 7 and 8 (only the
113 * field interpretation is different), so the same struct can be use
116 struct iwl_tof_responder_config_cmd_v9 cmd = {
117 .channel_num = chandef->chan->hw_value,
119 cpu_to_le32(IWL_TOF_RESPONDER_CMD_VALID_CHAN_INFO |
120 IWL_TOF_RESPONDER_CMD_VALID_BSSID |
121 IWL_TOF_RESPONDER_CMD_VALID_STA_ID),
122 .sta_id = mvmvif->bcast_sta.sta_id,
124 u8 cmd_ver = iwl_fw_lookup_cmd_ver(mvm->fw, cmd_id, 6);
128 lockdep_assert_held(&mvm->mutex);
130 /* Use a default of bss_color=1 for now */
132 cmd.cmd_valid_fields |=
133 cpu_to_le32(IWL_TOF_RESPONDER_CMD_VALID_BSS_COLOR |
134 IWL_TOF_RESPONDER_CMD_VALID_MIN_MAX_TIME_BETWEEN_MSR);
136 cmd.min_time_between_msr =
137 cpu_to_le16(IWL_MVM_FTM_NON_TB_MIN_TIME_BETWEEN_MSR);
138 cmd.max_time_between_msr =
139 cpu_to_le16(IWL_MVM_FTM_NON_TB_MAX_TIME_BETWEEN_MSR);
140 cmd_size = sizeof(struct iwl_tof_responder_config_cmd_v9);
142 /* All versions up to version 8 have the same size */
143 cmd_size = sizeof(struct iwl_tof_responder_config_cmd_v8);
147 iwl_mvm_ftm_responder_set_ndp(mvm, &cmd);
150 err = iwl_mvm_ftm_responder_set_bw_v2(chandef, &cmd.format_bw,
151 &cmd.ctrl_ch_position,
154 err = iwl_mvm_ftm_responder_set_bw_v1(chandef, &cmd.format_bw,
155 &cmd.ctrl_ch_position);
158 IWL_ERR(mvm, "Failed to set responder bandwidth\n");
162 memcpy(cmd.bssid, vif->addr, ETH_ALEN);
164 return iwl_mvm_send_cmd_pdu(mvm, cmd_id, 0, cmd_size, &cmd);
168 iwl_mvm_ftm_responder_dyn_cfg_v2(struct iwl_mvm *mvm,
169 struct ieee80211_vif *vif,
170 struct ieee80211_ftm_responder_params *params)
172 struct iwl_tof_responder_dyn_config_cmd_v2 cmd = {
173 .lci_len = cpu_to_le32(params->lci_len + 2),
174 .civic_len = cpu_to_le32(params->civicloc_len + 2),
176 u8 data[IWL_LCI_CIVIC_IE_MAX_SIZE] = {0};
177 struct iwl_host_cmd hcmd = {
178 .id = WIDE_ID(LOCATION_GROUP, TOF_RESPONDER_DYN_CONFIG_CMD),
180 .len[0] = sizeof(cmd),
182 /* .len[1] set later */
183 /* may not be able to DMA from stack */
184 .dataflags[1] = IWL_HCMD_DFL_DUP,
186 u32 aligned_lci_len = ALIGN(params->lci_len + 2, 4);
187 u32 aligned_civicloc_len = ALIGN(params->civicloc_len + 2, 4);
190 lockdep_assert_held(&mvm->mutex);
192 if (aligned_lci_len + aligned_civicloc_len > sizeof(data)) {
193 IWL_ERR(mvm, "LCI/civicloc data too big (%zd + %zd)\n",
194 params->lci_len, params->civicloc_len);
198 pos[0] = WLAN_EID_MEASURE_REPORT;
199 pos[1] = params->lci_len;
200 memcpy(pos + 2, params->lci, params->lci_len);
202 pos += aligned_lci_len;
203 pos[0] = WLAN_EID_MEASURE_REPORT;
204 pos[1] = params->civicloc_len;
205 memcpy(pos + 2, params->civicloc, params->civicloc_len);
207 hcmd.len[1] = aligned_lci_len + aligned_civicloc_len;
209 return iwl_mvm_send_cmd(mvm, &hcmd);
213 iwl_mvm_ftm_responder_dyn_cfg_v3(struct iwl_mvm *mvm,
214 struct ieee80211_vif *vif,
215 struct ieee80211_ftm_responder_params *params,
216 struct iwl_mvm_pasn_hltk_data *hltk_data)
218 struct iwl_tof_responder_dyn_config_cmd cmd;
219 struct iwl_host_cmd hcmd = {
220 .id = WIDE_ID(LOCATION_GROUP, TOF_RESPONDER_DYN_CONFIG_CMD),
222 .len[0] = sizeof(cmd),
223 /* may not be able to DMA from stack */
224 .dataflags[0] = IWL_HCMD_DFL_DUP,
227 lockdep_assert_held(&mvm->mutex);
232 if (params->lci_len + 2 > sizeof(cmd.lci_buf) ||
233 params->civicloc_len + 2 > sizeof(cmd.civic_buf)) {
235 "LCI/civic data too big (lci=%zd, civic=%zd)\n",
236 params->lci_len, params->civicloc_len);
240 cmd.lci_buf[0] = WLAN_EID_MEASURE_REPORT;
241 cmd.lci_buf[1] = params->lci_len;
242 memcpy(cmd.lci_buf + 2, params->lci, params->lci_len);
243 cmd.lci_len = params->lci_len + 2;
245 cmd.civic_buf[0] = WLAN_EID_MEASURE_REPORT;
246 cmd.civic_buf[1] = params->civicloc_len;
247 memcpy(cmd.civic_buf + 2, params->civicloc,
248 params->civicloc_len);
249 cmd.civic_len = params->civicloc_len + 2;
251 cmd.valid_flags |= IWL_RESPONDER_DYN_CFG_VALID_LCI |
252 IWL_RESPONDER_DYN_CFG_VALID_CIVIC;
256 if (hltk_data->cipher > IWL_LOCATION_CIPHER_GCMP_256) {
257 IWL_ERR(mvm, "invalid cipher: %u\n",
262 cmd.cipher = hltk_data->cipher;
263 memcpy(cmd.addr, hltk_data->addr, sizeof(cmd.addr));
264 memcpy(cmd.hltk_buf, hltk_data->hltk, sizeof(cmd.hltk_buf));
265 cmd.valid_flags |= IWL_RESPONDER_DYN_CFG_VALID_PASN_STA;
268 return iwl_mvm_send_cmd(mvm, &hcmd);
272 iwl_mvm_ftm_responder_dyn_cfg_cmd(struct iwl_mvm *mvm,
273 struct ieee80211_vif *vif,
274 struct ieee80211_ftm_responder_params *params)
277 u8 cmd_ver = iwl_fw_lookup_cmd_ver(mvm->fw,
278 WIDE_ID(LOCATION_GROUP, TOF_RESPONDER_DYN_CONFIG_CMD),
283 ret = iwl_mvm_ftm_responder_dyn_cfg_v2(mvm, vif,
287 ret = iwl_mvm_ftm_responder_dyn_cfg_v3(mvm, vif,
291 IWL_ERR(mvm, "Unsupported DYN_CONFIG_CMD version %u\n",
299 static void iwl_mvm_resp_del_pasn_sta(struct iwl_mvm *mvm,
300 struct ieee80211_vif *vif,
301 struct iwl_mvm_pasn_sta *sta)
303 list_del(&sta->list);
304 iwl_mvm_rm_sta_id(mvm, vif, sta->int_sta.sta_id);
305 iwl_mvm_dealloc_int_sta(mvm, &sta->int_sta);
309 #if defined(__linux__)
310 int iwl_mvm_ftm_respoder_add_pasn_sta(struct iwl_mvm *mvm,
311 struct ieee80211_vif *vif,
312 u8 *addr, u32 cipher, u8 *tk, u32 tk_len,
313 u8 *hltk, u32 hltk_len)
316 struct iwl_mvm_pasn_sta *sta = NULL;
317 struct iwl_mvm_pasn_hltk_data hltk_data = {
321 u8 cmd_ver = iwl_fw_lookup_cmd_ver(mvm->fw,
322 WIDE_ID(LOCATION_GROUP, TOF_RESPONDER_DYN_CONFIG_CMD),
325 lockdep_assert_held(&mvm->mutex);
328 IWL_ERR(mvm, "Adding PASN station not supported by FW\n");
332 hltk_data.cipher = iwl_mvm_cipher_to_location_cipher(cipher);
333 if (hltk_data.cipher == IWL_LOCATION_CIPHER_INVALID) {
334 IWL_ERR(mvm, "invalid cipher: %u\n", cipher);
339 sta = kzalloc(sizeof(*sta), GFP_KERNEL);
343 ret = iwl_mvm_add_pasn_sta(mvm, vif, &sta->int_sta, addr,
350 memcpy(sta->addr, addr, ETH_ALEN);
351 list_add_tail(&sta->list, &mvm->resp_pasn_list);
354 ret = iwl_mvm_ftm_responder_dyn_cfg_v3(mvm, vif, NULL, &hltk_data);
356 iwl_mvm_resp_del_pasn_sta(mvm, vif, sta);
361 int iwl_mvm_ftm_resp_remove_pasn_sta(struct iwl_mvm *mvm,
362 struct ieee80211_vif *vif, u8 *addr)
364 struct iwl_mvm_pasn_sta *sta, *prev;
366 lockdep_assert_held(&mvm->mutex);
368 list_for_each_entry_safe(sta, prev, &mvm->resp_pasn_list, list) {
369 if (!memcmp(sta->addr, addr, ETH_ALEN)) {
370 iwl_mvm_resp_del_pasn_sta(mvm, vif, sta);
375 IWL_ERR(mvm, "FTM: PASN station %pM not found\n", addr);
380 int iwl_mvm_ftm_start_responder(struct iwl_mvm *mvm, struct ieee80211_vif *vif)
382 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
383 struct ieee80211_ftm_responder_params *params;
384 struct ieee80211_chanctx_conf ctx, *pctx;
386 struct iwl_mvm_phy_ctxt *phy_ctxt;
389 params = vif->bss_conf.ftmr_params;
391 lockdep_assert_held(&mvm->mutex);
393 if (WARN_ON_ONCE(!vif->bss_conf.ftm_responder))
396 if (vif->p2p || vif->type != NL80211_IFTYPE_AP ||
397 !mvmvif->ap_ibss_active) {
398 IWL_ERR(mvm, "Cannot start responder, not in AP mode\n");
403 pctx = rcu_dereference(vif->chanctx_conf);
404 /* Copy the ctx to unlock the rcu and send the phy ctxt. We don't care
405 * about changes in the ctx after releasing the lock because the driver
406 * is still protected by the mutex. */
408 phy_ctxt_id = (u16 *)pctx->drv_priv;
411 phy_ctxt = &mvm->phy_ctxts[*phy_ctxt_id];
412 ret = iwl_mvm_phy_ctxt_changed(mvm, phy_ctxt, &ctx.def,
413 ctx.rx_chains_static,
414 ctx.rx_chains_dynamic);
418 ret = iwl_mvm_ftm_responder_cmd(mvm, vif, &ctx.def);
423 ret = iwl_mvm_ftm_responder_dyn_cfg_cmd(mvm, vif, params);
428 void iwl_mvm_ftm_responder_clear(struct iwl_mvm *mvm,
429 struct ieee80211_vif *vif)
431 struct iwl_mvm_pasn_sta *sta, *prev;
433 lockdep_assert_held(&mvm->mutex);
435 list_for_each_entry_safe(sta, prev, &mvm->resp_pasn_list, list)
436 iwl_mvm_resp_del_pasn_sta(mvm, vif, sta);
439 void iwl_mvm_ftm_restart_responder(struct iwl_mvm *mvm,
440 struct ieee80211_vif *vif)
442 if (!vif->bss_conf.ftm_responder)
445 iwl_mvm_ftm_responder_clear(mvm, vif);
446 iwl_mvm_ftm_start_responder(mvm, vif);
449 void iwl_mvm_ftm_responder_stats(struct iwl_mvm *mvm,
450 struct iwl_rx_cmd_buffer *rxb)
452 struct iwl_rx_packet *pkt = rxb_addr(rxb);
453 struct iwl_ftm_responder_stats *resp = (void *)pkt->data;
454 struct cfg80211_ftm_responder_stats *stats = &mvm->ftm_resp_stats;
455 u32 flags = le32_to_cpu(resp->flags);
457 if (resp->success_ftm == resp->ftm_per_burst)
458 stats->success_num++;
459 else if (resp->success_ftm >= 2)
460 stats->partial_num++;
464 if ((flags & FTM_RESP_STAT_ASAP_REQ) &&
465 (flags & FTM_RESP_STAT_ASAP_RESP))
468 if (flags & FTM_RESP_STAT_NON_ASAP_RESP)
469 stats->non_asap_num++;
471 stats->total_duration_ms += le32_to_cpu(resp->duration) / USEC_PER_MSEC;
473 if (flags & FTM_RESP_STAT_TRIGGER_UNKNOWN)
474 stats->unknown_triggers_num++;
476 if (flags & FTM_RESP_STAT_DUP)
477 stats->reschedule_requests_num++;
479 if (flags & FTM_RESP_STAT_NON_ASAP_OUT_WIN)
480 stats->out_of_window_triggers_num++;