The channel scan list must be updated before triggering a hardware scan
so that firmware takes into account the regulatory info for each single
channel such as active/passive config, power, DFS, etc... Without this
the firmware uses its own internal default channel configuration, which
is not aligned with mac80211 regulatory rules, and misses several
channels (e.g. 144).
Fixes: 2f3bef4b24 ("wcn36xx: Add hardware scan offload support")
Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1635175328-25642-1-git-send-email-loic.poulain@linaro.org
WCNSS RX DMA transfer support is limited to 3872 bytes, which is
enough for simple MPDUs (single MSDU), but not enough for cases
with A-MSDU (depending on max AMSDU size or max MPDU size).
In that case the MPDU is spread over multiple transfers, with the
first transfer containing the MPDU header and (at least) the first
A-MSDU subframe and additional transfer(s) containing the following
A-MSDUs. This can be handled with a series of flags to tagging the
first and last A-MSDU transfers.
In that case we have to bufferize and re-linearize the A-MSDU buffers
into a proper MPDU skb before forwarding to mac80211 (in the same way
as it is done in ath10k).
This change also includes sanity check of the buffer descriptor to
prevent skb overflow.
Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1634557705-11120-1-git-send-email-loic.poulain@linaro.org
Idle Mode Power Save (IMPS) is a power saving mechanism which when called
by wcn36xx will cause the radio hardware to enter power collapse.
This particular call maps nicely to a simple conjunction/disjunction around
IEEE80211_CONF_CHANGE_IDLE and IEEE80211_CONF_IDLE.
Here we enter idle when we are not associated with an AP. The kernel will
incrementally toggle idle on/off in the process of trying to establish a
connection, thus saving power until we are connected to the AP again, at
which point we give way to BMPS if power_save is on.
We've validated that with IMPS an apq8039 device which has the wcn36xx
module loaded but, has not authenticated with an AP will get to VMIN on
suspend and will not without IMPS.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Benjamin Li <benl@squareup.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210909153320.2624649-1-bryan.odonoghue@linaro.org
The WLAN NV firmware blob differs between platforms, and possibly
devices, so add support in the wcn36xx driver for reading the path of
this file from DT in order to allow these files to live in a generic
file system (or linux-firmware).
For some reason the parent (wcnss_ctrl) also needs to upload this blob,
so rather than specifying the same information in both nodes wcn36xx
reads the string from the parent's of_node.
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Aníbal Limón <anibal.limon@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210824171225.686683-1-bjorn.andersson@linaro.org
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memset(), avoid intentionally writing across
neighboring array fields.
Instead of writing past the end of the header to reach the rest of
the body, replace the redundant function with existing macro to wipe
struct contents and set field values. Additionally adjusts macro to add
missing parens.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210617171058.3410494-1-keescook@chromium.org
This commit is the corresponding resume() path request to the firmware when
resuming. Unlike the suspend() version which is a unidirectional
indication, the resume version is a standard request/response.
Once the resume() request completes ipv4 ARP, ipv6 NS and GTK rekey offload
stop working and can subsequently be rolled back.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Benjamin Li <benl@squareup.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210605011140.2004643-12-bryan.odonoghue@linaro.org
Having enabled GTK rekey in suspend, we need to extract the replay counter
from the firmware on resume and perform a ieee80211_gtk_rekey_notify() so
that the STA remains verified from the perspective of the AP.
In order to enable the SMD command and response we need to pack the
existing command/response structures. Given these structures are currently
unused, there's no need to backport this as a fix.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Benjamin Li <benl@squareup.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210605011140.2004643-10-bryan.odonoghue@linaro.org
This commit updates the BMPS exit path to be consistent with downstream in
terms of exiting BMPS mode. Downstream sets the flag to send a NULL data
frame to the host on exiting BMPS.
This will tell the AP to send any queued frames to the STA immediately.
Verified the relevant bit toggle in wireshark.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201120021403.2646574-2-bryan.odonoghue@linaro.org
The firmware parameter LINK_FAIL_TX_CNT maps to the prima configuration
file parameter gLinkFailTxCnt and is described as:
quote: " If within gLinkFailTimeout period(values is mentioned in msec) if
FW doesn't receive acks for gLinkFailTxCnt number of packets, then
link will be disconnected."
The downstream description sets a minimum value of 1000 a maximum value of
60000 and a default value of 6000, however it appears that unless we
actually set this value deliberately firmware defaults it to 0.
Setting this value to non-zero results in the firmware doing link
monitoring. The working example from downstream paradoxically sets the
value to 200, here we opt to set the value to the minimum stipulated in the
configuration file 1000.
In conjunction with ieee80211_hw_set(wcn->hw, CONNECTION_MONITOR); this
change effects offload of link monitoring to the firmware.
Tested with:
'CNSS-PR-2-0-1-2-c1-74-130449-3' wcn3620
'CNSS-PR-2-0-1-2-c1-00083' wcn3680
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201103121735.291324-2-bryan.odonoghue@linaro.org
This commit marks all smd.c functions that are only used inside of smd.c as
static. Previous commits added some VHT specific setup functions non-static
which is the right thing to do in terms of having granular git commits that
compile warning free. What we really want is for local not global scope on
those functions.
This patch makes the conversion from global to local scope.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200910150845.2179320-2-bryan.odonoghue@linaro.org
In order to send VHT parameters to wcn3680 we need to pass the extended V1
parameter structures to the firmware. These commands need to have the
version number set to 1.
This patch makes the conversion. The conversion consists of
1. Setting the version number for wcn3680 or leaving it at 0 otherwise
2. Setting the size of the packet header lower for wcn3620 and wcn3660
Once done all three chips can continue to use the same code to pass
parameters to their respective firmware. In the case of the wcn3680 the
passed structures will be slightly larger to accommodate communication of
VHT descriptors.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200910150822.2179261-3-bryan.odonoghue@linaro.org
In order to pass 802.11ac VHT parameters from the SoC to wcn36xx we need to
use the V1 data structures associated with BSS and STA parameters.
The means of identifying a V1 data-structure is via the SMD version field.
This patch defines a INIT_HAL_MSG_V1() which operates the same way as
INIT_HAL_MSG() with the exception that it defines VERSION1 as opposed to
VERSION0.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200910150822.2179261-2-bryan.odonoghue@linaro.org
This commit defines a firmware configuration for the wcn3680 which
represents a working downstream configuration. This configuration has been
successfully applied to the upstream driver with antecedent patches
resulting in the same or better through-put in comparison to the
downstream driver on the test hardware.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200910150747.2179122-3-bryan.odonoghue@linaro.org
This patch updates wcn36xx_smd_config_bss_v1() to update on internally
derived parameters only, specifically making use of STA v1 wrapper routines
previously added.
Once done we no longer need to pass a struct wcn36xx_hal_config_bss_req_msg
which gives us options in later patches to eliminate the kzalloc() in
wcn36xx_smd_config_bss entirely.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Loic Poulain <loic.poulain@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200910150631.2178970-5-bryan.odonoghue@linaro.org
In order to pass VHT parameters to wcn3680 we need to use a super-set of
the V1 data-structures with additional VHT parameters tacked on.
This patch adds the additional fields to the STA and BSS parameter
structures.
Since neither wcn3620 nor wcn3660 support VHT the size of the passed
message is fixed to the previous message length. Subsequent changes will
differentiate between wcn3620/wcn3660 and wcn3680 which does use the larger
message size.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200910150450.2178784-2-bryan.odonoghue@linaro.org
In order for the firmware to process extended V1 parameters with the
addtional VHT fields added we need to first enable the feature bit DOT11AC.
Once done the version number in the HAL message header will be acted upon
by the firmware.
Extended V1 parameters are a prerequisite for 802.11ac speeds since we
cannot communicate VHT parameters to the firmware absent the extended data
structures.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200829033846.2167619-11-bryan.odonoghue@linaro.org
By default, after associated to an AP, the wcn36xx bitrate adjustment
algorithm starts sending data at 1Mbps, and increases the rate slowly
(1Mbps, 2Mbps, 6Mbps...) over the further TX packets.
Starting at 1Mbps usually causes the initial throughput to be really
low and the maximum possible bitrate to be reached after about hundreed
of TX packets.
That can be improved by setting a different initial bitrate for data
packets via the ENABLE_DYNAMIC_RA_START_RATE configuration value, this
value can be a legacy or MCS rate.
This patch sets the starting bitrate value to MCS-5, which seems to be
a good compromise given it can be quickly adjusted low or up if necessary.
(and based on what I observed in the wild with some mobile devices)
Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1598345341-4505-1-git-send-email-loic.poulain@linaro.org
For software-driven scan, rely on mac80211 software scan instead
of internal driver implementation. The internal implementation
cause connection trouble since it keep the antenna busy during
the entire scan duration, moreover it's only a passive scanning
(no probe request). Therefore, let mac80211 manages sw scan.
Note: we fallback to software scan if firmware does not report
scan offload support or if we need to scan the 5Ghz band (currently
not supported by the offload scan...).
Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1598288035-19790-1-git-send-email-loic.poulain@linaro.org
Several AMPDU sessions can be started, e.g. for different TIDs.
Currently the driver does not take care of the session ID when
requesting block-ack (statically set to 0), which leads to never
block-acked packet with sessions other than 0.
Fix this by saving the session id when creating the ba session and
use it in subsequent ba operations.
This issue can be reproduced with iperf in two steps (tid 0 strem
then tid 6 stream).
1.0 iperf -s # wcn36xx side
1.1 iperf -c ${IP_ADDR} # host side
Then
2.0 iperf -s -u -S 0xC0 # wcn36xx side
2.1 iperf -c ${IP_ADDR} -u -S 0xC0 -l 2000 # host side
Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1595586052-16081-2-git-send-email-loic.poulain@linaro.org
