wifi: mt76: support upgrading passive scans to active

On channels with NO_IR or RADAR flags, wait for beacon before sending
probe requests. Allows active scanning and WPS on restricted channels
if another AP is already present.

Fixes: c56d6edebc1f ("wifi: mt76: mt7996: use emulated hardware scan support")
Tested-by: Piotr Kubik <piotr.kubik@adtran.com>
Signed-off-by: Chad Monroe <chad@monroe.io>
Link: https://patch.msgid.link/20251118102723.47997-2-nbd@nbd.name
Link: https://patch.msgid.link/20260309060730.87840-2-nbd@nbd.name
Signed-off-by: Felix Fietkau <nbd@nbd.name>

diff --git a/drivers/net/wireless/mediatek/mt76/mac80211.c b/drivers/net/wireless/mediatek/mt76/mac80211.c
index d0c522909e980aeb3244a06ceb6ee9d3b46e2c5d..3c539c263238cc602767221a3a9ed13aeedddade 100644 (file)
--- a/drivers/net/wireless/mediatek/mt76/mac80211.c
+++ b/drivers/net/wireless/mediatek/mt76/mac80211.c
@@ -726,6 +726,7 @@ mt76_alloc_device(struct device *pdev, unsigned int size,
        INIT_LIST_HEAD(&dev->rxwi_cache);
        dev->token_size = dev->drv->token_size;
        INIT_DELAYED_WORK(&dev->scan_work, mt76_scan_work);
+       spin_lock_init(&dev->scan_lock);
 
        for (i = 0; i < ARRAY_SIZE(dev->q_rx); i++)
                skb_queue_head_init(&dev->rx_skb[i]);

diff --git a/drivers/net/wireless/mediatek/mt76/mt76.h b/drivers/net/wireless/mediatek/mt76/mt76.h
index 23a1832812a2c6ce873b4ccf14873c4af76cbc91..ffeb4b4c425be58b620517da1c8c7de13e15bbce 100644 (file)
--- a/drivers/net/wireless/mediatek/mt76/mt76.h
+++ b/drivers/net/wireless/mediatek/mt76/mt76.h
@@ -1003,6 +1003,7 @@ struct mt76_dev {
        u32 rxfilter;
 
        struct delayed_work scan_work;
+       spinlock_t scan_lock;
        struct {
                struct cfg80211_scan_request *req;
                struct ieee80211_channel *chan;
@@ -1010,6 +1011,8 @@ struct mt76_dev {
                struct mt76_vif_link *mlink;
                struct mt76_phy *phy;
                int chan_idx;
+               bool beacon_wait;
+               bool beacon_received;
        } scan;
 
 #ifdef CONFIG_NL80211_TESTMODE
@@ -1597,6 +1600,7 @@ int mt76_get_rate(struct mt76_dev *dev,
 int mt76_hw_scan(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
                 struct ieee80211_scan_request *hw_req);
 void mt76_cancel_hw_scan(struct ieee80211_hw *hw, struct ieee80211_vif *vif);
+void mt76_scan_rx_beacon(struct mt76_dev *dev, struct ieee80211_channel *chan);
 void mt76_sw_scan(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
                  const u8 *mac);
 void mt76_sw_scan_complete(struct ieee80211_hw *hw,

diff --git a/drivers/net/wireless/mediatek/mt76/mt7996/mac.c b/drivers/net/wireless/mediatek/mt76/mt7996/mac.c
index be70c0f4fc3038a2a2cc1722a77191fc3f2acda3..f5537eba9c6b86dd055610881a0aefb8c1e256e3 100644 (file)
--- a/drivers/net/wireless/mediatek/mt76/mt7996/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7996/mac.c
@@ -515,6 +515,9 @@ mt7996_mac_fill_rx(struct mt7996_dev *dev, enum mt76_rxq_id q,
                qos_ctl = FIELD_GET(MT_RXD10_QOS_CTL, v2);
                seq_ctrl = FIELD_GET(MT_RXD10_SEQ_CTRL, v2);
 
+               if (ieee80211_is_beacon(fc))
+                       mt76_scan_rx_beacon(&dev->mt76, mphy->chandef.chan);
+
                rxd += 4;
                if ((u8 *)rxd - skb->data >= skb->len)
                        return -EINVAL;

diff --git a/drivers/net/wireless/mediatek/mt76/scan.c b/drivers/net/wireless/mediatek/mt76/scan.c
index 89f16c23e352fc5b90692a3dc4dbd394be864f24..2b5f30cef79517080c65ff290b99395a8e5060c4 100644 (file)
--- a/drivers/net/wireless/mediatek/mt76/scan.c
+++ b/drivers/net/wireless/mediatek/mt76/scan.c
@@ -27,6 +27,10 @@ static void mt76_scan_complete(struct mt76_dev *dev, bool abort)
 
 void mt76_abort_scan(struct mt76_dev *dev)
 {
+       spin_lock_bh(&dev->scan_lock);
+       dev->scan.beacon_wait = false;
+       spin_unlock_bh(&dev->scan_lock);
+
        cancel_delayed_work_sync(&dev->scan_work);
        mt76_scan_complete(dev, true);
 }
@@ -79,6 +83,28 @@ out:
        rcu_read_unlock();
 }
 
+void mt76_scan_rx_beacon(struct mt76_dev *dev, struct ieee80211_channel *chan)
+{
+       struct mt76_phy *phy;
+
+       spin_lock(&dev->scan_lock);
+
+       if (!dev->scan.beacon_wait || dev->scan.beacon_received ||
+           dev->scan.chan != chan)
+               goto out;
+
+       phy = dev->scan.phy;
+       if (!phy)
+               goto out;
+
+       dev->scan.beacon_received = true;
+       ieee80211_queue_delayed_work(phy->hw, &dev->scan_work, 0);
+
+out:
+       spin_unlock(&dev->scan_lock);
+}
+EXPORT_SYMBOL_GPL(mt76_scan_rx_beacon);
+
 void mt76_scan_work(struct work_struct *work)
 {
        struct mt76_dev *dev = container_of(work, struct mt76_dev,
@@ -87,9 +113,20 @@ void mt76_scan_work(struct work_struct *work)
        struct cfg80211_chan_def chandef = {};
        struct mt76_phy *phy = dev->scan.phy;
        int duration = HZ / 9; /* ~110 ms */
-       bool offchannel = true;
+       bool beacon_rx, offchannel = true;
        int i;
 
+       if (!phy || !req)
+               return;
+
+       spin_lock_bh(&dev->scan_lock);
+       beacon_rx = dev->scan.beacon_wait && dev->scan.beacon_received;
+       dev->scan.beacon_wait = false;
+       spin_unlock_bh(&dev->scan_lock);
+
+       if (beacon_rx)
+               goto probe;
+
        if (dev->scan.chan_idx >= req->n_channels) {
                mt76_scan_complete(dev, false);
                return;
@@ -110,10 +147,18 @@ void mt76_scan_work(struct work_struct *work)
 
        mt76_set_channel(phy, &chandef, offchannel);
 
-       if (!req->n_ssids ||
-           chandef.chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR))
+       if (!req->n_ssids)
                goto out;
 
+       if (chandef.chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR)) {
+               spin_lock_bh(&dev->scan_lock);
+               dev->scan.beacon_received = false;
+               dev->scan.beacon_wait = true;
+               spin_unlock_bh(&dev->scan_lock);
+               goto out;
+       }
+
+probe:
        if (phy->offchannel)
                duration = HZ / 16; /* ~60 ms */
        local_bh_disable();