linux/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
<<
>>
Prefs
   1// SPDX-License-Identifier: ISC
   2/* Copyright (C) 2020 MediaTek Inc. */
   3
   4#include <linux/firmware.h>
   5#include <linux/fs.h>
   6#include "mt7915.h"
   7#include "mcu.h"
   8#include "mac.h"
   9#include "eeprom.h"
  10
  11struct mt7915_patch_hdr {
  12        char build_date[16];
  13        char platform[4];
  14        __be32 hw_sw_ver;
  15        __be32 patch_ver;
  16        __be16 checksum;
  17        u16 reserved;
  18        struct {
  19                __be32 patch_ver;
  20                __be32 subsys;
  21                __be32 feature;
  22                __be32 n_region;
  23                __be32 crc;
  24                u32 reserved[11];
  25        } desc;
  26} __packed;
  27
  28struct mt7915_patch_sec {
  29        __be32 type;
  30        __be32 offs;
  31        __be32 size;
  32        union {
  33                __be32 spec[13];
  34                struct {
  35                        __be32 addr;
  36                        __be32 len;
  37                        __be32 sec_key_idx;
  38                        __be32 align_len;
  39                        u32 reserved[9];
  40                } info;
  41        };
  42} __packed;
  43
  44struct mt7915_fw_trailer {
  45        u8 chip_id;
  46        u8 eco_code;
  47        u8 n_region;
  48        u8 format_ver;
  49        u8 format_flag;
  50        u8 reserved[2];
  51        char fw_ver[10];
  52        char build_date[15];
  53        u32 crc;
  54} __packed;
  55
  56struct mt7915_fw_region {
  57        __le32 decomp_crc;
  58        __le32 decomp_len;
  59        __le32 decomp_blk_sz;
  60        u8 reserved[4];
  61        __le32 addr;
  62        __le32 len;
  63        u8 feature_set;
  64        u8 reserved1[15];
  65} __packed;
  66
  67#define MCU_PATCH_ADDRESS               0x200000
  68
  69#define FW_FEATURE_SET_ENCRYPT          BIT(0)
  70#define FW_FEATURE_SET_KEY_IDX          GENMASK(2, 1)
  71#define FW_FEATURE_OVERRIDE_ADDR        BIT(5)
  72
  73#define DL_MODE_ENCRYPT                 BIT(0)
  74#define DL_MODE_KEY_IDX                 GENMASK(2, 1)
  75#define DL_MODE_RESET_SEC_IV            BIT(3)
  76#define DL_MODE_WORKING_PDA_CR4         BIT(4)
  77#define DL_MODE_NEED_RSP                BIT(31)
  78
  79#define FW_START_OVERRIDE               BIT(0)
  80#define FW_START_WORKING_PDA_CR4        BIT(2)
  81
  82#define PATCH_SEC_TYPE_MASK             GENMASK(15, 0)
  83#define PATCH_SEC_TYPE_INFO             0x2
  84
  85#define to_wcid_lo(id)                  FIELD_GET(GENMASK(7, 0), (u16)id)
  86#define to_wcid_hi(id)                  FIELD_GET(GENMASK(9, 8), (u16)id)
  87
  88#define HE_PHY(p, c)                    u8_get_bits(c, IEEE80211_HE_PHY_##p)
  89#define HE_MAC(m, c)                    u8_get_bits(c, IEEE80211_HE_MAC_##m)
  90
  91static enum mcu_cipher_type
  92mt7915_mcu_get_cipher(int cipher)
  93{
  94        switch (cipher) {
  95        case WLAN_CIPHER_SUITE_WEP40:
  96                return MCU_CIPHER_WEP40;
  97        case WLAN_CIPHER_SUITE_WEP104:
  98                return MCU_CIPHER_WEP104;
  99        case WLAN_CIPHER_SUITE_TKIP:
 100                return MCU_CIPHER_TKIP;
 101        case WLAN_CIPHER_SUITE_AES_CMAC:
 102                return MCU_CIPHER_BIP_CMAC_128;
 103        case WLAN_CIPHER_SUITE_CCMP:
 104                return MCU_CIPHER_AES_CCMP;
 105        case WLAN_CIPHER_SUITE_CCMP_256:
 106                return MCU_CIPHER_CCMP_256;
 107        case WLAN_CIPHER_SUITE_GCMP:
 108                return MCU_CIPHER_GCMP;
 109        case WLAN_CIPHER_SUITE_GCMP_256:
 110                return MCU_CIPHER_GCMP_256;
 111        case WLAN_CIPHER_SUITE_SMS4:
 112                return MCU_CIPHER_WAPI;
 113        default:
 114                return MCU_CIPHER_NONE;
 115        }
 116}
 117
 118static u8 mt7915_mcu_chan_bw(struct cfg80211_chan_def *chandef)
 119{
 120        static const u8 width_to_bw[] = {
 121                [NL80211_CHAN_WIDTH_40] = CMD_CBW_40MHZ,
 122                [NL80211_CHAN_WIDTH_80] = CMD_CBW_80MHZ,
 123                [NL80211_CHAN_WIDTH_80P80] = CMD_CBW_8080MHZ,
 124                [NL80211_CHAN_WIDTH_160] = CMD_CBW_160MHZ,
 125                [NL80211_CHAN_WIDTH_5] = CMD_CBW_5MHZ,
 126                [NL80211_CHAN_WIDTH_10] = CMD_CBW_10MHZ,
 127                [NL80211_CHAN_WIDTH_20] = CMD_CBW_20MHZ,
 128                [NL80211_CHAN_WIDTH_20_NOHT] = CMD_CBW_20MHZ,
 129        };
 130
 131        if (chandef->width >= ARRAY_SIZE(width_to_bw))
 132                return 0;
 133
 134        return width_to_bw[chandef->width];
 135}
 136
 137static const struct ieee80211_sta_he_cap *
 138mt7915_get_he_phy_cap(struct mt7915_phy *phy, struct ieee80211_vif *vif)
 139{
 140        struct ieee80211_supported_band *sband;
 141        enum nl80211_band band;
 142
 143        band = phy->mt76->chandef.chan->band;
 144        sband = phy->mt76->hw->wiphy->bands[band];
 145
 146        return ieee80211_get_he_iftype_cap(sband, vif->type);
 147}
 148
 149static u8
 150mt7915_get_phy_mode(struct ieee80211_vif *vif, struct ieee80211_sta *sta)
 151{
 152        struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
 153        enum nl80211_band band = mvif->phy->mt76->chandef.chan->band;
 154        struct ieee80211_sta_ht_cap *ht_cap;
 155        struct ieee80211_sta_vht_cap *vht_cap;
 156        const struct ieee80211_sta_he_cap *he_cap;
 157        u8 mode = 0;
 158
 159        if (sta) {
 160                ht_cap = &sta->ht_cap;
 161                vht_cap = &sta->vht_cap;
 162                he_cap = &sta->he_cap;
 163        } else {
 164                struct ieee80211_supported_band *sband;
 165
 166                sband = mvif->phy->mt76->hw->wiphy->bands[band];
 167
 168                ht_cap = &sband->ht_cap;
 169                vht_cap = &sband->vht_cap;
 170                he_cap = ieee80211_get_he_iftype_cap(sband, vif->type);
 171        }
 172
 173        if (band == NL80211_BAND_2GHZ) {
 174                mode |= PHY_MODE_B | PHY_MODE_G;
 175
 176                if (ht_cap->ht_supported)
 177                        mode |= PHY_MODE_GN;
 178
 179                if (he_cap->has_he)
 180                        mode |= PHY_MODE_AX_24G;
 181        } else if (band == NL80211_BAND_5GHZ) {
 182                mode |= PHY_MODE_A;
 183
 184                if (ht_cap->ht_supported)
 185                        mode |= PHY_MODE_AN;
 186
 187                if (vht_cap->vht_supported)
 188                        mode |= PHY_MODE_AC;
 189
 190                if (he_cap->has_he)
 191                        mode |= PHY_MODE_AX_5G;
 192        }
 193
 194        return mode;
 195}
 196
 197static u8
 198mt7915_mcu_get_sta_nss(u16 mcs_map)
 199{
 200        u8 nss;
 201
 202        for (nss = 8; nss > 0; nss--) {
 203                u8 nss_mcs = (mcs_map >> (2 * (nss - 1))) & 3;
 204
 205                if (nss_mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED)
 206                        break;
 207        }
 208
 209        return nss - 1;
 210}
 211
 212static void
 213mt7915_mcu_set_sta_he_mcs(struct ieee80211_sta *sta, __le16 *he_mcs,
 214                          const u16 *mask)
 215{
 216        struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
 217        struct cfg80211_chan_def *chandef = &msta->vif->phy->mt76->chandef;
 218        int nss, max_nss = sta->rx_nss > 3 ? 4 : sta->rx_nss;
 219        u16 mcs_map;
 220
 221        switch (chandef->width) {
 222        case NL80211_CHAN_WIDTH_80P80:
 223                mcs_map = le16_to_cpu(sta->he_cap.he_mcs_nss_supp.rx_mcs_80p80);
 224                break;
 225        case NL80211_CHAN_WIDTH_160:
 226                mcs_map = le16_to_cpu(sta->he_cap.he_mcs_nss_supp.rx_mcs_160);
 227                break;
 228        default:
 229                mcs_map = le16_to_cpu(sta->he_cap.he_mcs_nss_supp.rx_mcs_80);
 230                break;
 231        }
 232
 233        for (nss = 0; nss < max_nss; nss++) {
 234                int mcs;
 235
 236                switch ((mcs_map >> (2 * nss)) & 0x3) {
 237                case IEEE80211_HE_MCS_SUPPORT_0_11:
 238                        mcs = GENMASK(11, 0);
 239                        break;
 240                case IEEE80211_HE_MCS_SUPPORT_0_9:
 241                        mcs = GENMASK(9, 0);
 242                        break;
 243                case IEEE80211_HE_MCS_SUPPORT_0_7:
 244                        mcs = GENMASK(7, 0);
 245                        break;
 246                default:
 247                        mcs = 0;
 248                }
 249
 250                mcs = mcs ? fls(mcs & mask[nss]) - 1 : -1;
 251
 252                switch (mcs) {
 253                case 0 ... 7:
 254                        mcs = IEEE80211_HE_MCS_SUPPORT_0_7;
 255                        break;
 256                case 8 ... 9:
 257                        mcs = IEEE80211_HE_MCS_SUPPORT_0_9;
 258                        break;
 259                case 10 ... 11:
 260                        mcs = IEEE80211_HE_MCS_SUPPORT_0_11;
 261                        break;
 262                default:
 263                        mcs = IEEE80211_HE_MCS_NOT_SUPPORTED;
 264                        break;
 265                }
 266                mcs_map &= ~(0x3 << (nss * 2));
 267                mcs_map |= mcs << (nss * 2);
 268
 269                /* only support 2ss on 160MHz */
 270                if (nss > 1 && (sta->bandwidth == IEEE80211_STA_RX_BW_160))
 271                        break;
 272        }
 273
 274        *he_mcs = cpu_to_le16(mcs_map);
 275}
 276
 277static void
 278mt7915_mcu_set_sta_vht_mcs(struct ieee80211_sta *sta, __le16 *vht_mcs,
 279                           const u16 *mask)
 280{
 281        u16 mcs_map = le16_to_cpu(sta->vht_cap.vht_mcs.rx_mcs_map);
 282        int nss, max_nss = sta->rx_nss > 3 ? 4 : sta->rx_nss;
 283        u16 mcs;
 284
 285        for (nss = 0; nss < max_nss; nss++, mcs_map >>= 2) {
 286                switch (mcs_map & 0x3) {
 287                case IEEE80211_VHT_MCS_SUPPORT_0_9:
 288                        mcs = GENMASK(9, 0);
 289                        break;
 290                case IEEE80211_VHT_MCS_SUPPORT_0_8:
 291                        mcs = GENMASK(8, 0);
 292                        break;
 293                case IEEE80211_VHT_MCS_SUPPORT_0_7:
 294                        mcs = GENMASK(7, 0);
 295                        break;
 296                default:
 297                        mcs = 0;
 298                }
 299
 300                vht_mcs[nss] = cpu_to_le16(mcs & mask[nss]);
 301
 302                /* only support 2ss on 160MHz */
 303                if (nss > 1 && (sta->bandwidth == IEEE80211_STA_RX_BW_160))
 304                        break;
 305        }
 306}
 307
 308static void
 309mt7915_mcu_set_sta_ht_mcs(struct ieee80211_sta *sta, u8 *ht_mcs,
 310                          const u8 *mask)
 311{
 312        int nss, max_nss = sta->rx_nss > 3 ? 4 : sta->rx_nss;
 313
 314        for (nss = 0; nss < max_nss; nss++)
 315                ht_mcs[nss] = sta->ht_cap.mcs.rx_mask[nss] & mask[nss];
 316}
 317
 318static int
 319mt7915_mcu_parse_response(struct mt76_dev *mdev, int cmd,
 320                          struct sk_buff *skb, int seq)
 321{
 322        struct mt7915_mcu_rxd *rxd;
 323        int ret = 0;
 324
 325        if (!skb) {
 326                dev_err(mdev->dev, "Message %08x (seq %d) timeout\n",
 327                        cmd, seq);
 328                return -ETIMEDOUT;
 329        }
 330
 331        rxd = (struct mt7915_mcu_rxd *)skb->data;
 332        if (seq != rxd->seq)
 333                return -EAGAIN;
 334
 335        if (cmd == MCU_CMD(PATCH_SEM_CONTROL)) {
 336                skb_pull(skb, sizeof(*rxd) - 4);
 337                ret = *skb->data;
 338        } else if (cmd == MCU_EXT_CMD(THERMAL_CTRL)) {
 339                skb_pull(skb, sizeof(*rxd) + 4);
 340                ret = le32_to_cpu(*(__le32 *)skb->data);
 341        } else {
 342                skb_pull(skb, sizeof(struct mt7915_mcu_rxd));
 343        }
 344
 345        return ret;
 346}
 347
 348static int
 349mt7915_mcu_send_message(struct mt76_dev *mdev, struct sk_buff *skb,
 350                        int cmd, int *wait_seq)
 351{
 352        struct mt7915_dev *dev = container_of(mdev, struct mt7915_dev, mt76);
 353        struct mt7915_mcu_txd *mcu_txd;
 354        enum mt76_mcuq_id qid;
 355        __le32 *txd;
 356        u32 val;
 357        u8 seq;
 358
 359        /* TODO: make dynamic based on msg type */
 360        mdev->mcu.timeout = 20 * HZ;
 361
 362        seq = ++dev->mt76.mcu.msg_seq & 0xf;
 363        if (!seq)
 364                seq = ++dev->mt76.mcu.msg_seq & 0xf;
 365
 366        if (cmd == MCU_CMD(FW_SCATTER)) {
 367                qid = MT_MCUQ_FWDL;
 368                goto exit;
 369        }
 370
 371        mcu_txd = (struct mt7915_mcu_txd *)skb_push(skb, sizeof(*mcu_txd));
 372        if (test_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state))
 373                qid = MT_MCUQ_WA;
 374        else
 375                qid = MT_MCUQ_WM;
 376
 377        txd = mcu_txd->txd;
 378
 379        val = FIELD_PREP(MT_TXD0_TX_BYTES, skb->len) |
 380              FIELD_PREP(MT_TXD0_PKT_FMT, MT_TX_TYPE_CMD) |
 381              FIELD_PREP(MT_TXD0_Q_IDX, MT_TX_MCU_PORT_RX_Q0);
 382        txd[0] = cpu_to_le32(val);
 383
 384        val = MT_TXD1_LONG_FORMAT |
 385              FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_CMD);
 386        txd[1] = cpu_to_le32(val);
 387
 388        mcu_txd->len = cpu_to_le16(skb->len - sizeof(mcu_txd->txd));
 389        mcu_txd->pq_id = cpu_to_le16(MCU_PQ_ID(MT_TX_PORT_IDX_MCU,
 390                                               MT_TX_MCU_PORT_RX_Q0));
 391        mcu_txd->pkt_type = MCU_PKT_ID;
 392        mcu_txd->seq = seq;
 393
 394        mcu_txd->cid = FIELD_GET(__MCU_CMD_FIELD_ID, cmd);
 395        mcu_txd->set_query = MCU_Q_NA;
 396        mcu_txd->ext_cid = FIELD_GET(__MCU_CMD_FIELD_EXT_ID, cmd);
 397        if (mcu_txd->ext_cid) {
 398                mcu_txd->ext_cid_ack = 1;
 399
 400                /* do not use Q_SET for efuse */
 401                if (cmd & __MCU_CMD_FIELD_QUERY)
 402                        mcu_txd->set_query = MCU_Q_QUERY;
 403                else
 404                        mcu_txd->set_query = MCU_Q_SET;
 405        }
 406
 407        if (cmd & __MCU_CMD_FIELD_WA)
 408                mcu_txd->s2d_index = MCU_S2D_H2C;
 409        else
 410                mcu_txd->s2d_index = MCU_S2D_H2N;
 411
 412exit:
 413        if (wait_seq)
 414                *wait_seq = seq;
 415
 416        return mt76_tx_queue_skb_raw(dev, mdev->q_mcu[qid], skb, 0);
 417}
 418
 419static void
 420mt7915_mcu_wa_cmd(struct mt7915_dev *dev, int cmd, u32 a1, u32 a2, u32 a3)
 421{
 422        struct {
 423                __le32 args[3];
 424        } req = {
 425                .args = {
 426                        cpu_to_le32(a1),
 427                        cpu_to_le32(a2),
 428                        cpu_to_le32(a3),
 429                },
 430        };
 431
 432        mt76_mcu_send_msg(&dev->mt76, cmd, &req, sizeof(req), true);
 433}
 434
 435static void
 436mt7915_mcu_csa_finish(void *priv, u8 *mac, struct ieee80211_vif *vif)
 437{
 438        if (vif->csa_active)
 439                ieee80211_csa_finish(vif);
 440}
 441
 442static void
 443mt7915_mcu_rx_csa_notify(struct mt7915_dev *dev, struct sk_buff *skb)
 444{
 445        struct mt76_phy *mphy = &dev->mt76.phy;
 446        struct mt7915_mcu_csa_notify *c;
 447
 448        c = (struct mt7915_mcu_csa_notify *)skb->data;
 449
 450        if (c->band_idx && dev->mt76.phy2)
 451                mphy = dev->mt76.phy2;
 452
 453        ieee80211_iterate_active_interfaces_atomic(mphy->hw,
 454                        IEEE80211_IFACE_ITER_RESUME_ALL,
 455                        mt7915_mcu_csa_finish, mphy->hw);
 456}
 457
 458static void
 459mt7915_mcu_rx_thermal_notify(struct mt7915_dev *dev, struct sk_buff *skb)
 460{
 461        struct mt76_phy *mphy = &dev->mt76.phy;
 462        struct mt7915_mcu_thermal_notify *t;
 463        struct mt7915_phy *phy;
 464
 465        t = (struct mt7915_mcu_thermal_notify *)skb->data;
 466        if (t->ctrl.ctrl_id != THERMAL_PROTECT_ENABLE)
 467                return;
 468
 469        if (t->ctrl.band_idx && dev->mt76.phy2)
 470                mphy = dev->mt76.phy2;
 471
 472        phy = (struct mt7915_phy *)mphy->priv;
 473        phy->throttle_state = t->ctrl.duty.duty_cycle;
 474}
 475
 476static void
 477mt7915_mcu_rx_radar_detected(struct mt7915_dev *dev, struct sk_buff *skb)
 478{
 479        struct mt76_phy *mphy = &dev->mt76.phy;
 480        struct mt7915_mcu_rdd_report *r;
 481
 482        r = (struct mt7915_mcu_rdd_report *)skb->data;
 483
 484        if (r->band_idx && dev->mt76.phy2)
 485                mphy = dev->mt76.phy2;
 486
 487        ieee80211_radar_detected(mphy->hw);
 488        dev->hw_pattern++;
 489}
 490
 491static int
 492mt7915_mcu_tx_rate_parse(struct mt76_phy *mphy, struct mt7915_mcu_ra_info *ra,
 493                         struct rate_info *rate, u16 r)
 494{
 495        struct ieee80211_supported_band *sband;
 496        u16 ru_idx = le16_to_cpu(ra->ru_idx);
 497        bool cck = false;
 498
 499        rate->mcs = FIELD_GET(MT_RA_RATE_MCS, r);
 500        rate->nss = FIELD_GET(MT_RA_RATE_NSS, r) + 1;
 501
 502        switch (FIELD_GET(MT_RA_RATE_TX_MODE, r)) {
 503        case MT_PHY_TYPE_CCK:
 504                cck = true;
 505                fallthrough;
 506        case MT_PHY_TYPE_OFDM:
 507                if (mphy->chandef.chan->band == NL80211_BAND_5GHZ)
 508                        sband = &mphy->sband_5g.sband;
 509                else
 510                        sband = &mphy->sband_2g.sband;
 511
 512                rate->mcs = mt76_get_rate(mphy->dev, sband, rate->mcs, cck);
 513                rate->legacy = sband->bitrates[rate->mcs].bitrate;
 514                break;
 515        case MT_PHY_TYPE_HT:
 516        case MT_PHY_TYPE_HT_GF:
 517                rate->mcs += (rate->nss - 1) * 8;
 518                if (rate->mcs > 31)
 519                        return -EINVAL;
 520
 521                rate->flags = RATE_INFO_FLAGS_MCS;
 522                if (ra->gi)
 523                        rate->flags |= RATE_INFO_FLAGS_SHORT_GI;
 524                break;
 525        case MT_PHY_TYPE_VHT:
 526                if (rate->mcs > 9)
 527                        return -EINVAL;
 528
 529                rate->flags = RATE_INFO_FLAGS_VHT_MCS;
 530                if (ra->gi)
 531                        rate->flags |= RATE_INFO_FLAGS_SHORT_GI;
 532                break;
 533        case MT_PHY_TYPE_HE_SU:
 534        case MT_PHY_TYPE_HE_EXT_SU:
 535        case MT_PHY_TYPE_HE_TB:
 536        case MT_PHY_TYPE_HE_MU:
 537                if (ra->gi > NL80211_RATE_INFO_HE_GI_3_2 || rate->mcs > 11)
 538                        return -EINVAL;
 539
 540                rate->he_gi = ra->gi;
 541                rate->he_dcm = FIELD_GET(MT_RA_RATE_DCM_EN, r);
 542                rate->flags = RATE_INFO_FLAGS_HE_MCS;
 543                break;
 544        default:
 545                return -EINVAL;
 546        }
 547
 548        if (ru_idx) {
 549                switch (ru_idx) {
 550                case 1 ... 2:
 551                        rate->he_ru_alloc = NL80211_RATE_INFO_HE_RU_ALLOC_996;
 552                        break;
 553                case 3 ... 6:
 554                        rate->he_ru_alloc = NL80211_RATE_INFO_HE_RU_ALLOC_484;
 555                        break;
 556                case 7 ... 14:
 557                        rate->he_ru_alloc = NL80211_RATE_INFO_HE_RU_ALLOC_242;
 558                        break;
 559                default:
 560                        rate->he_ru_alloc = NL80211_RATE_INFO_HE_RU_ALLOC_106;
 561                        break;
 562                }
 563                rate->bw = RATE_INFO_BW_HE_RU;
 564        } else {
 565                u8 bw = mt7915_mcu_chan_bw(&mphy->chandef) -
 566                        FIELD_GET(MT_RA_RATE_BW, r);
 567
 568                switch (bw) {
 569                case IEEE80211_STA_RX_BW_160:
 570                        rate->bw = RATE_INFO_BW_160;
 571                        break;
 572                case IEEE80211_STA_RX_BW_80:
 573                        rate->bw = RATE_INFO_BW_80;
 574                        break;
 575                case IEEE80211_STA_RX_BW_40:
 576                        rate->bw = RATE_INFO_BW_40;
 577                        break;
 578                default:
 579                        rate->bw = RATE_INFO_BW_20;
 580                        break;
 581                }
 582        }
 583
 584        return 0;
 585}
 586
 587static void
 588mt7915_mcu_tx_rate_report(struct mt7915_dev *dev, struct sk_buff *skb)
 589{
 590        struct mt7915_mcu_ra_info *ra = (struct mt7915_mcu_ra_info *)skb->data;
 591        struct rate_info rate = {}, prob_rate = {};
 592        u16 probe = le16_to_cpu(ra->prob_up_rate);
 593        u16 attempts = le16_to_cpu(ra->attempts);
 594        u16 curr = le16_to_cpu(ra->curr_rate);
 595        u16 wcidx = le16_to_cpu(ra->wlan_idx);
 596        struct ieee80211_tx_status status = {};
 597        struct mt76_phy *mphy = &dev->mphy;
 598        struct mt7915_sta_stats *stats;
 599        struct mt7915_sta *msta;
 600        struct mt76_wcid *wcid;
 601
 602        if (wcidx >= MT76_N_WCIDS)
 603                return;
 604
 605        wcid = rcu_dereference(dev->mt76.wcid[wcidx]);
 606        if (!wcid)
 607                return;
 608
 609        msta = container_of(wcid, struct mt7915_sta, wcid);
 610        stats = &msta->stats;
 611
 612        if (msta->wcid.ext_phy && dev->mt76.phy2)
 613                mphy = dev->mt76.phy2;
 614
 615        /* current rate */
 616        if (!mt7915_mcu_tx_rate_parse(mphy, ra, &rate, curr))
 617                stats->tx_rate = rate;
 618
 619        /* probing rate */
 620        if (!mt7915_mcu_tx_rate_parse(mphy, ra, &prob_rate, probe))
 621                stats->prob_rate = prob_rate;
 622
 623        if (attempts) {
 624                u16 success = le16_to_cpu(ra->success);
 625
 626                stats->per = 1000 * (attempts - success) / attempts;
 627        }
 628
 629        status.sta = wcid_to_sta(wcid);
 630        if (!status.sta)
 631                return;
 632
 633        status.rate = &stats->tx_rate;
 634        ieee80211_tx_status_ext(mphy->hw, &status);
 635}
 636
 637static void
 638mt7915_mcu_rx_log_message(struct mt7915_dev *dev, struct sk_buff *skb)
 639{
 640        struct mt7915_mcu_rxd *rxd = (struct mt7915_mcu_rxd *)skb->data;
 641        const char *data = (char *)&rxd[1];
 642        const char *type;
 643
 644        switch (rxd->s2d_index) {
 645        case 0:
 646                type = "WM";
 647                break;
 648        case 2:
 649                type = "WA";
 650                break;
 651        default:
 652                type = "unknown";
 653                break;
 654        }
 655
 656        wiphy_info(mt76_hw(dev)->wiphy, "%s: %.*s", type,
 657                   (int)(skb->len - sizeof(*rxd)), data);
 658}
 659
 660static void
 661mt7915_mcu_rx_ext_event(struct mt7915_dev *dev, struct sk_buff *skb)
 662{
 663        struct mt7915_mcu_rxd *rxd = (struct mt7915_mcu_rxd *)skb->data;
 664
 665        switch (rxd->ext_eid) {
 666        case MCU_EXT_EVENT_THERMAL_PROTECT:
 667                mt7915_mcu_rx_thermal_notify(dev, skb);
 668                break;
 669        case MCU_EXT_EVENT_RDD_REPORT:
 670                mt7915_mcu_rx_radar_detected(dev, skb);
 671                break;
 672        case MCU_EXT_EVENT_CSA_NOTIFY:
 673                mt7915_mcu_rx_csa_notify(dev, skb);
 674                break;
 675        case MCU_EXT_EVENT_RATE_REPORT:
 676                mt7915_mcu_tx_rate_report(dev, skb);
 677                break;
 678        case MCU_EXT_EVENT_FW_LOG_2_HOST:
 679                mt7915_mcu_rx_log_message(dev, skb);
 680                break;
 681        default:
 682                break;
 683        }
 684}
 685
 686static void
 687mt7915_mcu_rx_unsolicited_event(struct mt7915_dev *dev, struct sk_buff *skb)
 688{
 689        struct mt7915_mcu_rxd *rxd = (struct mt7915_mcu_rxd *)skb->data;
 690
 691        switch (rxd->eid) {
 692        case MCU_EVENT_EXT:
 693                mt7915_mcu_rx_ext_event(dev, skb);
 694                break;
 695        default:
 696                break;
 697        }
 698        dev_kfree_skb(skb);
 699}
 700
 701void mt7915_mcu_rx_event(struct mt7915_dev *dev, struct sk_buff *skb)
 702{
 703        struct mt7915_mcu_rxd *rxd = (struct mt7915_mcu_rxd *)skb->data;
 704
 705        if (rxd->ext_eid == MCU_EXT_EVENT_THERMAL_PROTECT ||
 706            rxd->ext_eid == MCU_EXT_EVENT_FW_LOG_2_HOST ||
 707            rxd->ext_eid == MCU_EXT_EVENT_ASSERT_DUMP ||
 708            rxd->ext_eid == MCU_EXT_EVENT_PS_SYNC ||
 709            rxd->ext_eid == MCU_EXT_EVENT_RATE_REPORT ||
 710            !rxd->seq)
 711                mt7915_mcu_rx_unsolicited_event(dev, skb);
 712        else
 713                mt76_mcu_rx_event(&dev->mt76, skb);
 714}
 715
 716static struct sk_buff *
 717mt7915_mcu_alloc_sta_req(struct mt7915_dev *dev, struct mt7915_vif *mvif,
 718                         struct mt7915_sta *msta, int len)
 719{
 720        struct sta_req_hdr hdr = {
 721                .bss_idx = mvif->idx,
 722                .wlan_idx_lo = msta ? to_wcid_lo(msta->wcid.idx) : 0,
 723                .wlan_idx_hi = msta ? to_wcid_hi(msta->wcid.idx) : 0,
 724                .muar_idx = msta ? mvif->omac_idx : 0,
 725                .is_tlv_append = 1,
 726        };
 727        struct sk_buff *skb;
 728
 729        skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, len);
 730        if (!skb)
 731                return ERR_PTR(-ENOMEM);
 732
 733        skb_put_data(skb, &hdr, sizeof(hdr));
 734
 735        return skb;
 736}
 737
 738static struct wtbl_req_hdr *
 739mt7915_mcu_alloc_wtbl_req(struct mt7915_dev *dev, struct mt7915_sta *msta,
 740                          int cmd, void *sta_wtbl, struct sk_buff **skb)
 741{
 742        struct tlv *sta_hdr = sta_wtbl;
 743        struct wtbl_req_hdr hdr = {
 744                .wlan_idx_lo = to_wcid_lo(msta->wcid.idx),
 745                .wlan_idx_hi = to_wcid_hi(msta->wcid.idx),
 746                .operation = cmd,
 747        };
 748        struct sk_buff *nskb = *skb;
 749
 750        if (!nskb) {
 751                nskb = mt76_mcu_msg_alloc(&dev->mt76, NULL,
 752                                          MT7915_WTBL_UPDATE_MAX_SIZE);
 753                if (!nskb)
 754                        return ERR_PTR(-ENOMEM);
 755
 756                *skb = nskb;
 757        }
 758
 759        if (sta_hdr)
 760                sta_hdr->len = cpu_to_le16(sizeof(hdr));
 761
 762        return skb_put_data(nskb, &hdr, sizeof(hdr));
 763}
 764
 765static struct tlv *
 766mt7915_mcu_add_nested_tlv(struct sk_buff *skb, int tag, int len,
 767                          void *sta_ntlv, void *sta_wtbl)
 768{
 769        struct sta_ntlv_hdr *ntlv_hdr = sta_ntlv;
 770        struct tlv *sta_hdr = sta_wtbl;
 771        struct tlv *ptlv, tlv = {
 772                .tag = cpu_to_le16(tag),
 773                .len = cpu_to_le16(len),
 774        };
 775        u16 ntlv;
 776
 777        ptlv = skb_put(skb, len);
 778        memcpy(ptlv, &tlv, sizeof(tlv));
 779
 780        ntlv = le16_to_cpu(ntlv_hdr->tlv_num);
 781        ntlv_hdr->tlv_num = cpu_to_le16(ntlv + 1);
 782
 783        if (sta_hdr) {
 784                u16 size = le16_to_cpu(sta_hdr->len);
 785
 786                sta_hdr->len = cpu_to_le16(size + len);
 787        }
 788
 789        return ptlv;
 790}
 791
 792static struct tlv *
 793mt7915_mcu_add_tlv(struct sk_buff *skb, int tag, int len)
 794{
 795        return mt7915_mcu_add_nested_tlv(skb, tag, len, skb->data, NULL);
 796}
 797
 798static struct tlv *
 799mt7915_mcu_add_nested_subtlv(struct sk_buff *skb, int sub_tag, int sub_len,
 800                             __le16 *sub_ntlv, __le16 *len)
 801{
 802        struct tlv *ptlv, tlv = {
 803                .tag = cpu_to_le16(sub_tag),
 804                .len = cpu_to_le16(sub_len),
 805        };
 806
 807        ptlv = skb_put(skb, sub_len);
 808        memcpy(ptlv, &tlv, sizeof(tlv));
 809
 810        le16_add_cpu(sub_ntlv, 1);
 811        le16_add_cpu(len, sub_len);
 812
 813        return ptlv;
 814}
 815
 816/** bss info **/
 817static int
 818mt7915_mcu_bss_basic_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
 819                         struct mt7915_phy *phy, bool enable)
 820{
 821        struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
 822        struct bss_info_basic *bss;
 823        u16 wlan_idx = mvif->sta.wcid.idx;
 824        u32 type = NETWORK_INFRA;
 825        struct tlv *tlv;
 826
 827        tlv = mt7915_mcu_add_tlv(skb, BSS_INFO_BASIC, sizeof(*bss));
 828
 829        switch (vif->type) {
 830        case NL80211_IFTYPE_MESH_POINT:
 831        case NL80211_IFTYPE_AP:
 832        case NL80211_IFTYPE_MONITOR:
 833                break;
 834        case NL80211_IFTYPE_STATION:
 835                /* TODO: enable BSS_INFO_UAPSD & BSS_INFO_PM */
 836                if (enable) {
 837                        struct ieee80211_sta *sta;
 838                        struct mt7915_sta *msta;
 839
 840                        rcu_read_lock();
 841                        sta = ieee80211_find_sta(vif, vif->bss_conf.bssid);
 842                        if (!sta) {
 843                                rcu_read_unlock();
 844                                return -EINVAL;
 845                        }
 846
 847                        msta = (struct mt7915_sta *)sta->drv_priv;
 848                        wlan_idx = msta->wcid.idx;
 849                        rcu_read_unlock();
 850                }
 851                break;
 852        case NL80211_IFTYPE_ADHOC:
 853                type = NETWORK_IBSS;
 854                break;
 855        default:
 856                WARN_ON(1);
 857                break;
 858        }
 859
 860        bss = (struct bss_info_basic *)tlv;
 861        bss->network_type = cpu_to_le32(type);
 862        bss->bmc_wcid_lo = to_wcid_lo(wlan_idx);
 863        bss->bmc_wcid_hi = to_wcid_hi(wlan_idx);
 864        bss->wmm_idx = mvif->wmm_idx;
 865        bss->active = enable;
 866
 867        if (vif->type != NL80211_IFTYPE_MONITOR) {
 868                memcpy(bss->bssid, vif->bss_conf.bssid, ETH_ALEN);
 869                bss->bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int);
 870                bss->dtim_period = vif->bss_conf.dtim_period;
 871                bss->phy_mode = mt7915_get_phy_mode(vif, NULL);
 872        } else {
 873                memcpy(bss->bssid, phy->mt76->macaddr, ETH_ALEN);
 874        }
 875
 876        return 0;
 877}
 878
 879static void
 880mt7915_mcu_bss_omac_tlv(struct sk_buff *skb, struct ieee80211_vif *vif)
 881{
 882        struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
 883        struct bss_info_omac *omac;
 884        struct tlv *tlv;
 885        u32 type = 0;
 886        u8 idx;
 887
 888        tlv = mt7915_mcu_add_tlv(skb, BSS_INFO_OMAC, sizeof(*omac));
 889
 890        switch (vif->type) {
 891        case NL80211_IFTYPE_MONITOR:
 892        case NL80211_IFTYPE_MESH_POINT:
 893        case NL80211_IFTYPE_AP:
 894                type = CONNECTION_INFRA_AP;
 895                break;
 896        case NL80211_IFTYPE_STATION:
 897                type = CONNECTION_INFRA_STA;
 898                break;
 899        case NL80211_IFTYPE_ADHOC:
 900                type = CONNECTION_IBSS_ADHOC;
 901                break;
 902        default:
 903                WARN_ON(1);
 904                break;
 905        }
 906
 907        omac = (struct bss_info_omac *)tlv;
 908        idx = mvif->omac_idx > EXT_BSSID_START ? HW_BSSID_0 : mvif->omac_idx;
 909        omac->conn_type = cpu_to_le32(type);
 910        omac->omac_idx = mvif->omac_idx;
 911        omac->band_idx = mvif->band_idx;
 912        omac->hw_bss_idx = idx;
 913}
 914
 915struct mt7915_he_obss_narrow_bw_ru_data {
 916        bool tolerated;
 917};
 918
 919static void mt7915_check_he_obss_narrow_bw_ru_iter(struct wiphy *wiphy,
 920                                                   struct cfg80211_bss *bss,
 921                                                   void *_data)
 922{
 923        struct mt7915_he_obss_narrow_bw_ru_data *data = _data;
 924        const struct element *elem;
 925
 926        elem = ieee80211_bss_get_elem(bss, WLAN_EID_EXT_CAPABILITY);
 927
 928        if (!elem || elem->datalen < 10 ||
 929            !(elem->data[10] &
 930              WLAN_EXT_CAPA10_OBSS_NARROW_BW_RU_TOLERANCE_SUPPORT))
 931                data->tolerated = false;
 932}
 933
 934static bool mt7915_check_he_obss_narrow_bw_ru(struct ieee80211_hw *hw,
 935                                              struct ieee80211_vif *vif)
 936{
 937        struct mt7915_he_obss_narrow_bw_ru_data iter_data = {
 938                .tolerated = true,
 939        };
 940
 941        if (!(vif->bss_conf.chandef.chan->flags & IEEE80211_CHAN_RADAR))
 942                return false;
 943
 944        cfg80211_bss_iter(hw->wiphy, &vif->bss_conf.chandef,
 945                          mt7915_check_he_obss_narrow_bw_ru_iter,
 946                          &iter_data);
 947
 948        /*
 949         * If there is at least one AP on radar channel that cannot
 950         * tolerate 26-tone RU UL OFDMA transmissions using HE TB PPDU.
 951         */
 952        return !iter_data.tolerated;
 953}
 954
 955static void
 956mt7915_mcu_bss_rfch_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
 957                        struct mt7915_phy *phy)
 958{
 959        struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
 960        struct bss_info_rf_ch *ch;
 961        struct tlv *tlv;
 962        int freq1 = chandef->center_freq1;
 963
 964        tlv = mt7915_mcu_add_tlv(skb, BSS_INFO_RF_CH, sizeof(*ch));
 965
 966        ch = (struct bss_info_rf_ch *)tlv;
 967        ch->pri_ch = chandef->chan->hw_value;
 968        ch->center_ch0 = ieee80211_frequency_to_channel(freq1);
 969        ch->bw = mt7915_mcu_chan_bw(chandef);
 970
 971        if (chandef->width == NL80211_CHAN_WIDTH_80P80) {
 972                int freq2 = chandef->center_freq2;
 973
 974                ch->center_ch1 = ieee80211_frequency_to_channel(freq2);
 975        }
 976
 977        if (vif->bss_conf.he_support && vif->type == NL80211_IFTYPE_STATION) {
 978                struct mt7915_dev *dev = phy->dev;
 979                struct mt76_phy *mphy = &dev->mt76.phy;
 980                bool ext_phy = phy != &dev->phy;
 981
 982                if (ext_phy && dev->mt76.phy2)
 983                        mphy = dev->mt76.phy2;
 984
 985                ch->he_ru26_block =
 986                        mt7915_check_he_obss_narrow_bw_ru(mphy->hw, vif);
 987                ch->he_all_disable = false;
 988        } else {
 989                ch->he_all_disable = true;
 990        }
 991}
 992
 993static void
 994mt7915_mcu_bss_ra_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
 995                      struct mt7915_phy *phy)
 996{
 997        int max_nss = hweight8(phy->mt76->chainmask);
 998        struct bss_info_ra *ra;
 999        struct tlv *tlv;
1000
1001        tlv = mt7915_mcu_add_tlv(skb, BSS_INFO_RA, sizeof(*ra));
1002
1003        ra = (struct bss_info_ra *)tlv;
1004        ra->op_mode = vif->type == NL80211_IFTYPE_AP;
1005        ra->adhoc_en = vif->type == NL80211_IFTYPE_ADHOC;
1006        ra->short_preamble = true;
1007        ra->tx_streams = max_nss;
1008        ra->rx_streams = max_nss;
1009        ra->algo = 4;
1010        ra->train_up_rule = 2;
1011        ra->train_up_high_thres = 110;
1012        ra->train_up_rule_rssi = -70;
1013        ra->low_traffic_thres = 2;
1014        ra->phy_cap = cpu_to_le32(0xfdf);
1015        ra->interval = cpu_to_le32(500);
1016        ra->fast_interval = cpu_to_le32(100);
1017}
1018
1019static void
1020mt7915_mcu_bss_he_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
1021                      struct mt7915_phy *phy)
1022{
1023#define DEFAULT_HE_PE_DURATION          4
1024#define DEFAULT_HE_DURATION_RTS_THRES   1023
1025        const struct ieee80211_sta_he_cap *cap;
1026        struct bss_info_he *he;
1027        struct tlv *tlv;
1028
1029        cap = mt7915_get_he_phy_cap(phy, vif);
1030
1031        tlv = mt7915_mcu_add_tlv(skb, BSS_INFO_HE_BASIC, sizeof(*he));
1032
1033        he = (struct bss_info_he *)tlv;
1034        he->he_pe_duration = vif->bss_conf.htc_trig_based_pkt_ext;
1035        if (!he->he_pe_duration)
1036                he->he_pe_duration = DEFAULT_HE_PE_DURATION;
1037
1038        he->he_rts_thres = cpu_to_le16(vif->bss_conf.frame_time_rts_th);
1039        if (!he->he_rts_thres)
1040                he->he_rts_thres = cpu_to_le16(DEFAULT_HE_DURATION_RTS_THRES);
1041
1042        he->max_nss_mcs[CMD_HE_MCS_BW80] = cap->he_mcs_nss_supp.tx_mcs_80;
1043        he->max_nss_mcs[CMD_HE_MCS_BW160] = cap->he_mcs_nss_supp.tx_mcs_160;
1044        he->max_nss_mcs[CMD_HE_MCS_BW8080] = cap->he_mcs_nss_supp.tx_mcs_80p80;
1045}
1046
1047static void
1048mt7915_mcu_bss_hw_amsdu_tlv(struct sk_buff *skb)
1049{
1050#define TXD_CMP_MAP1            GENMASK(15, 0)
1051#define TXD_CMP_MAP2            (GENMASK(31, 0) & ~BIT(23))
1052        struct bss_info_hw_amsdu *amsdu;
1053        struct tlv *tlv;
1054
1055        tlv = mt7915_mcu_add_tlv(skb, BSS_INFO_HW_AMSDU, sizeof(*amsdu));
1056
1057        amsdu = (struct bss_info_hw_amsdu *)tlv;
1058        amsdu->cmp_bitmap_0 = cpu_to_le32(TXD_CMP_MAP1);
1059        amsdu->cmp_bitmap_1 = cpu_to_le32(TXD_CMP_MAP2);
1060        amsdu->trig_thres = cpu_to_le16(2);
1061        amsdu->enable = true;
1062}
1063
1064static void
1065mt7915_mcu_bss_ext_tlv(struct sk_buff *skb, struct mt7915_vif *mvif)
1066{
1067/* SIFS 20us + 512 byte beacon tranmitted by 1Mbps (3906us) */
1068#define BCN_TX_ESTIMATE_TIME    (4096 + 20)
1069        struct bss_info_ext_bss *ext;
1070        int ext_bss_idx, tsf_offset;
1071        struct tlv *tlv;
1072
1073        ext_bss_idx = mvif->omac_idx - EXT_BSSID_START;
1074        if (ext_bss_idx < 0)
1075                return;
1076
1077        tlv = mt7915_mcu_add_tlv(skb, BSS_INFO_EXT_BSS, sizeof(*ext));
1078
1079        ext = (struct bss_info_ext_bss *)tlv;
1080        tsf_offset = ext_bss_idx * BCN_TX_ESTIMATE_TIME;
1081        ext->mbss_tsf_offset = cpu_to_le32(tsf_offset);
1082}
1083
1084static void
1085mt7915_mcu_bss_bmc_tlv(struct sk_buff *skb, struct mt7915_phy *phy)
1086{
1087        struct bss_info_bmc_rate *bmc;
1088        struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
1089        enum nl80211_band band = chandef->chan->band;
1090        struct tlv *tlv;
1091
1092        tlv = mt7915_mcu_add_tlv(skb, BSS_INFO_BMC_RATE, sizeof(*bmc));
1093
1094        bmc = (struct bss_info_bmc_rate *)tlv;
1095        if (band == NL80211_BAND_2GHZ) {
1096                bmc->short_preamble = true;
1097        } else {
1098                bmc->bc_trans = cpu_to_le16(0x2000);
1099                bmc->mc_trans = cpu_to_le16(0x2080);
1100        }
1101}
1102
1103static int
1104mt7915_mcu_muar_config(struct mt7915_phy *phy, struct ieee80211_vif *vif,
1105                       bool bssid, bool enable)
1106{
1107        struct mt7915_dev *dev = phy->dev;
1108        struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1109        u32 idx = mvif->omac_idx - REPEATER_BSSID_START;
1110        u32 mask = phy->omac_mask >> 32 & ~BIT(idx);
1111        const u8 *addr = vif->addr;
1112        struct {
1113                u8 mode;
1114                u8 force_clear;
1115                u8 clear_bitmap[8];
1116                u8 entry_count;
1117                u8 write;
1118                u8 band;
1119
1120                u8 index;
1121                u8 bssid;
1122                u8 addr[ETH_ALEN];
1123        } __packed req = {
1124                .mode = !!mask || enable,
1125                .entry_count = 1,
1126                .write = 1,
1127                .band = phy != &dev->phy,
1128                .index = idx * 2 + bssid,
1129        };
1130
1131        if (bssid)
1132                addr = vif->bss_conf.bssid;
1133
1134        if (enable)
1135                ether_addr_copy(req.addr, addr);
1136
1137        return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MUAR_UPDATE), &req,
1138                                 sizeof(req), true);
1139}
1140
1141int mt7915_mcu_add_bss_info(struct mt7915_phy *phy,
1142                            struct ieee80211_vif *vif, int enable)
1143{
1144        struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1145        struct sk_buff *skb;
1146
1147        if (mvif->omac_idx >= REPEATER_BSSID_START) {
1148                mt7915_mcu_muar_config(phy, vif, false, enable);
1149                mt7915_mcu_muar_config(phy, vif, true, enable);
1150        }
1151
1152        skb = mt7915_mcu_alloc_sta_req(phy->dev, mvif, NULL,
1153                                       MT7915_BSS_UPDATE_MAX_SIZE);
1154        if (IS_ERR(skb))
1155                return PTR_ERR(skb);
1156
1157        /* bss_omac must be first */
1158        if (enable)
1159                mt7915_mcu_bss_omac_tlv(skb, vif);
1160
1161        mt7915_mcu_bss_basic_tlv(skb, vif, phy, enable);
1162
1163        if (vif->type == NL80211_IFTYPE_MONITOR)
1164                goto out;
1165
1166        if (enable) {
1167                mt7915_mcu_bss_rfch_tlv(skb, vif, phy);
1168                mt7915_mcu_bss_bmc_tlv(skb, phy);
1169                mt7915_mcu_bss_ra_tlv(skb, vif, phy);
1170                mt7915_mcu_bss_hw_amsdu_tlv(skb);
1171
1172                if (vif->bss_conf.he_support)
1173                        mt7915_mcu_bss_he_tlv(skb, vif, phy);
1174
1175                if (mvif->omac_idx >= EXT_BSSID_START &&
1176                    mvif->omac_idx < REPEATER_BSSID_START)
1177                        mt7915_mcu_bss_ext_tlv(skb, mvif);
1178        }
1179out:
1180        return mt76_mcu_skb_send_msg(&phy->dev->mt76, skb,
1181                                     MCU_EXT_CMD(BSS_INFO_UPDATE), true);
1182}
1183
1184/** starec & wtbl **/
1185static int
1186mt7915_mcu_sta_key_tlv(struct mt7915_sta *msta, struct sk_buff *skb,
1187                       struct ieee80211_key_conf *key, enum set_key_cmd cmd)
1188{
1189        struct mt7915_sta_key_conf *bip = &msta->bip;
1190        struct sta_rec_sec *sec;
1191        struct tlv *tlv;
1192        u32 len = sizeof(*sec);
1193
1194        tlv = mt7915_mcu_add_tlv(skb, STA_REC_KEY_V2, sizeof(*sec));
1195
1196        sec = (struct sta_rec_sec *)tlv;
1197        sec->add = cmd;
1198
1199        if (cmd == SET_KEY) {
1200                struct sec_key *sec_key;
1201                u8 cipher;
1202
1203                cipher = mt7915_mcu_get_cipher(key->cipher);
1204                if (cipher == MT_CIPHER_NONE)
1205                        return -EOPNOTSUPP;
1206
1207                sec_key = &sec->key[0];
1208                sec_key->cipher_len = sizeof(*sec_key);
1209
1210                if (cipher == MCU_CIPHER_BIP_CMAC_128) {
1211                        sec_key->cipher_id = MCU_CIPHER_AES_CCMP;
1212                        sec_key->key_id = bip->keyidx;
1213                        sec_key->key_len = 16;
1214                        memcpy(sec_key->key, bip->key, 16);
1215
1216                        sec_key = &sec->key[1];
1217                        sec_key->cipher_id = MCU_CIPHER_BIP_CMAC_128;
1218                        sec_key->cipher_len = sizeof(*sec_key);
1219                        sec_key->key_len = 16;
1220                        memcpy(sec_key->key, key->key, 16);
1221
1222                        sec->n_cipher = 2;
1223                } else {
1224                        sec_key->cipher_id = cipher;
1225                        sec_key->key_id = key->keyidx;
1226                        sec_key->key_len = key->keylen;
1227                        memcpy(sec_key->key, key->key, key->keylen);
1228
1229                        if (cipher == MCU_CIPHER_TKIP) {
1230                                /* Rx/Tx MIC keys are swapped */
1231                                memcpy(sec_key->key + 16, key->key + 24, 8);
1232                                memcpy(sec_key->key + 24, key->key + 16, 8);
1233                        }
1234
1235                        /* store key_conf for BIP batch update */
1236                        if (cipher == MCU_CIPHER_AES_CCMP) {
1237                                memcpy(bip->key, key->key, key->keylen);
1238                                bip->keyidx = key->keyidx;
1239                        }
1240
1241                        len -= sizeof(*sec_key);
1242                        sec->n_cipher = 1;
1243                }
1244        } else {
1245                len -= sizeof(sec->key);
1246                sec->n_cipher = 0;
1247        }
1248        sec->len = cpu_to_le16(len);
1249
1250        return 0;
1251}
1252
1253int mt7915_mcu_add_key(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1254                       struct mt7915_sta *msta, struct ieee80211_key_conf *key,
1255                       enum set_key_cmd cmd)
1256{
1257        struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1258        struct sk_buff *skb;
1259        int len = sizeof(struct sta_req_hdr) + sizeof(struct sta_rec_sec);
1260        int ret;
1261
1262        skb = mt7915_mcu_alloc_sta_req(dev, mvif, msta, len);
1263        if (IS_ERR(skb))
1264                return PTR_ERR(skb);
1265
1266        ret = mt7915_mcu_sta_key_tlv(msta, skb, key, cmd);
1267        if (ret)
1268                return ret;
1269
1270        return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1271                                     MCU_EXT_CMD(STA_REC_UPDATE), true);
1272}
1273
1274static void
1275mt7915_mcu_sta_ba_tlv(struct sk_buff *skb,
1276                      struct ieee80211_ampdu_params *params,
1277                      bool enable, bool tx)
1278{
1279        struct sta_rec_ba *ba;
1280        struct tlv *tlv;
1281
1282        tlv = mt7915_mcu_add_tlv(skb, STA_REC_BA, sizeof(*ba));
1283
1284        ba = (struct sta_rec_ba *)tlv;
1285        ba->ba_type = tx ? MT_BA_TYPE_ORIGINATOR : MT_BA_TYPE_RECIPIENT;
1286        ba->winsize = cpu_to_le16(params->buf_size);
1287        ba->ssn = cpu_to_le16(params->ssn);
1288        ba->ba_en = enable << params->tid;
1289        ba->amsdu = params->amsdu;
1290        ba->tid = params->tid;
1291}
1292
1293static void
1294mt7915_mcu_wtbl_ba_tlv(struct sk_buff *skb,
1295                       struct ieee80211_ampdu_params *params,
1296                       bool enable, bool tx, void *sta_wtbl,
1297                       void *wtbl_tlv)
1298{
1299        struct wtbl_ba *ba;
1300        struct tlv *tlv;
1301
1302        tlv = mt7915_mcu_add_nested_tlv(skb, WTBL_BA, sizeof(*ba),
1303                                        wtbl_tlv, sta_wtbl);
1304
1305        ba = (struct wtbl_ba *)tlv;
1306        ba->tid = params->tid;
1307
1308        if (tx) {
1309                ba->ba_type = MT_BA_TYPE_ORIGINATOR;
1310                ba->sn = enable ? cpu_to_le16(params->ssn) : 0;
1311                ba->ba_en = enable;
1312        } else {
1313                memcpy(ba->peer_addr, params->sta->addr, ETH_ALEN);
1314                ba->ba_type = MT_BA_TYPE_RECIPIENT;
1315                ba->rst_ba_tid = params->tid;
1316                ba->rst_ba_sel = RST_BA_MAC_TID_MATCH;
1317                ba->rst_ba_sb = 1;
1318        }
1319
1320        if (enable && tx)
1321                ba->ba_winsize = cpu_to_le16(params->buf_size);
1322}
1323
1324static int
1325mt7915_mcu_sta_ba(struct mt7915_dev *dev,
1326                  struct ieee80211_ampdu_params *params,
1327                  bool enable, bool tx)
1328{
1329        struct mt7915_sta *msta = (struct mt7915_sta *)params->sta->drv_priv;
1330        struct mt7915_vif *mvif = msta->vif;
1331        struct wtbl_req_hdr *wtbl_hdr;
1332        struct tlv *sta_wtbl;
1333        struct sk_buff *skb;
1334        int ret;
1335
1336        if (enable && tx && !params->amsdu)
1337                msta->wcid.amsdu = false;
1338
1339        skb = mt7915_mcu_alloc_sta_req(dev, mvif, msta,
1340                                       MT7915_STA_UPDATE_MAX_SIZE);
1341        if (IS_ERR(skb))
1342                return PTR_ERR(skb);
1343
1344        sta_wtbl = mt7915_mcu_add_tlv(skb, STA_REC_WTBL, sizeof(struct tlv));
1345
1346        wtbl_hdr = mt7915_mcu_alloc_wtbl_req(dev, msta, WTBL_SET, sta_wtbl,
1347                                             &skb);
1348        if (IS_ERR(wtbl_hdr))
1349                return PTR_ERR(wtbl_hdr);
1350
1351        mt7915_mcu_wtbl_ba_tlv(skb, params, enable, tx, sta_wtbl, wtbl_hdr);
1352
1353        ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
1354                                    MCU_EXT_CMD(STA_REC_UPDATE), true);
1355        if (ret)
1356                return ret;
1357
1358        skb = mt7915_mcu_alloc_sta_req(dev, mvif, msta,
1359                                       MT7915_STA_UPDATE_MAX_SIZE);
1360        if (IS_ERR(skb))
1361                return PTR_ERR(skb);
1362
1363        mt7915_mcu_sta_ba_tlv(skb, params, enable, tx);
1364
1365        return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1366                                     MCU_EXT_CMD(STA_REC_UPDATE), true);
1367}
1368
1369int mt7915_mcu_add_tx_ba(struct mt7915_dev *dev,
1370                         struct ieee80211_ampdu_params *params,
1371                         bool enable)
1372{
1373        return mt7915_mcu_sta_ba(dev, params, enable, true);
1374}
1375
1376int mt7915_mcu_add_rx_ba(struct mt7915_dev *dev,
1377                         struct ieee80211_ampdu_params *params,
1378                         bool enable)
1379{
1380        return mt7915_mcu_sta_ba(dev, params, enable, false);
1381}
1382
1383static void
1384mt7915_mcu_wtbl_generic_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
1385                            struct ieee80211_sta *sta, void *sta_wtbl,
1386                            void *wtbl_tlv)
1387{
1388        struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1389        struct wtbl_generic *generic;
1390        struct wtbl_rx *rx;
1391        struct tlv *tlv;
1392
1393        tlv = mt7915_mcu_add_nested_tlv(skb, WTBL_GENERIC, sizeof(*generic),
1394                                        wtbl_tlv, sta_wtbl);
1395
1396        generic = (struct wtbl_generic *)tlv;
1397
1398        if (sta) {
1399                memcpy(generic->peer_addr, sta->addr, ETH_ALEN);
1400                generic->partial_aid = cpu_to_le16(sta->aid);
1401                generic->muar_idx = mvif->omac_idx;
1402                generic->qos = sta->wme;
1403        } else {
1404                /* use BSSID in station mode */
1405                if (vif->type == NL80211_IFTYPE_STATION)
1406                        memcpy(generic->peer_addr, vif->bss_conf.bssid,
1407                               ETH_ALEN);
1408                else
1409                        eth_broadcast_addr(generic->peer_addr);
1410
1411                generic->muar_idx = 0xe;
1412        }
1413
1414        tlv = mt7915_mcu_add_nested_tlv(skb, WTBL_RX, sizeof(*rx),
1415                                        wtbl_tlv, sta_wtbl);
1416
1417        rx = (struct wtbl_rx *)tlv;
1418        rx->rca1 = sta ? vif->type != NL80211_IFTYPE_AP : 1;
1419        rx->rca2 = 1;
1420        rx->rv = 1;
1421}
1422
1423static void
1424mt7915_mcu_sta_basic_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
1425                         struct ieee80211_sta *sta, bool enable)
1426{
1427#define EXTRA_INFO_VER          BIT(0)
1428#define EXTRA_INFO_NEW          BIT(1)
1429        struct sta_rec_basic *basic;
1430        struct tlv *tlv;
1431
1432        tlv = mt7915_mcu_add_tlv(skb, STA_REC_BASIC, sizeof(*basic));
1433
1434        basic = (struct sta_rec_basic *)tlv;
1435        basic->extra_info = cpu_to_le16(EXTRA_INFO_VER);
1436
1437        if (enable) {
1438                basic->extra_info |= cpu_to_le16(EXTRA_INFO_NEW);
1439                basic->conn_state = CONN_STATE_PORT_SECURE;
1440        } else {
1441                basic->conn_state = CONN_STATE_DISCONNECT;
1442        }
1443
1444        if (!sta) {
1445                basic->conn_type = cpu_to_le32(CONNECTION_INFRA_BC);
1446                eth_broadcast_addr(basic->peer_addr);
1447                return;
1448        }
1449
1450        switch (vif->type) {
1451        case NL80211_IFTYPE_MESH_POINT:
1452        case NL80211_IFTYPE_AP:
1453                basic->conn_type = cpu_to_le32(CONNECTION_INFRA_STA);
1454                break;
1455        case NL80211_IFTYPE_STATION:
1456                basic->conn_type = cpu_to_le32(CONNECTION_INFRA_AP);
1457                break;
1458        case NL80211_IFTYPE_ADHOC:
1459                basic->conn_type = cpu_to_le32(CONNECTION_IBSS_ADHOC);
1460                break;
1461        default:
1462                WARN_ON(1);
1463                break;
1464        }
1465
1466        memcpy(basic->peer_addr, sta->addr, ETH_ALEN);
1467        basic->aid = cpu_to_le16(sta->aid);
1468        basic->qos = sta->wme;
1469}
1470
1471static void
1472mt7915_mcu_sta_he_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1473{
1474        struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
1475        struct ieee80211_sta_he_cap *he_cap = &sta->he_cap;
1476        struct ieee80211_he_cap_elem *elem = &he_cap->he_cap_elem;
1477        enum nl80211_band band = msta->vif->phy->mt76->chandef.chan->band;
1478        const u16 *mcs_mask = msta->vif->bitrate_mask.control[band].he_mcs;
1479        struct sta_rec_he *he;
1480        struct tlv *tlv;
1481        u32 cap = 0;
1482
1483        tlv = mt7915_mcu_add_tlv(skb, STA_REC_HE, sizeof(*he));
1484
1485        he = (struct sta_rec_he *)tlv;
1486
1487        if (elem->mac_cap_info[0] & IEEE80211_HE_MAC_CAP0_HTC_HE)
1488                cap |= STA_REC_HE_CAP_HTC;
1489
1490        if (elem->mac_cap_info[2] & IEEE80211_HE_MAC_CAP2_BSR)
1491                cap |= STA_REC_HE_CAP_BSR;
1492
1493        if (elem->mac_cap_info[3] & IEEE80211_HE_MAC_CAP3_OMI_CONTROL)
1494                cap |= STA_REC_HE_CAP_OM;
1495
1496        if (elem->mac_cap_info[4] & IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU)
1497                cap |= STA_REC_HE_CAP_AMSDU_IN_AMPDU;
1498
1499        if (elem->mac_cap_info[4] & IEEE80211_HE_MAC_CAP4_BQR)
1500                cap |= STA_REC_HE_CAP_BQR;
1501
1502        if (elem->phy_cap_info[0] &
1503            (IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_RU_MAPPING_IN_2G |
1504             IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_RU_MAPPING_IN_5G))
1505                cap |= STA_REC_HE_CAP_BW20_RU242_SUPPORT;
1506
1507        if (elem->phy_cap_info[1] &
1508            IEEE80211_HE_PHY_CAP1_LDPC_CODING_IN_PAYLOAD)
1509                cap |= STA_REC_HE_CAP_LDPC;
1510
1511        if (elem->phy_cap_info[1] &
1512            IEEE80211_HE_PHY_CAP1_HE_LTF_AND_GI_FOR_HE_PPDUS_0_8US)
1513                cap |= STA_REC_HE_CAP_SU_PPDU_1LTF_8US_GI;
1514
1515        if (elem->phy_cap_info[2] &
1516            IEEE80211_HE_PHY_CAP2_NDP_4x_LTF_AND_3_2US)
1517                cap |= STA_REC_HE_CAP_NDP_4LTF_3DOT2MS_GI;
1518
1519        if (elem->phy_cap_info[2] &
1520            IEEE80211_HE_PHY_CAP2_STBC_TX_UNDER_80MHZ)
1521                cap |= STA_REC_HE_CAP_LE_EQ_80M_TX_STBC;
1522
1523        if (elem->phy_cap_info[2] &
1524            IEEE80211_HE_PHY_CAP2_STBC_RX_UNDER_80MHZ)
1525                cap |= STA_REC_HE_CAP_LE_EQ_80M_RX_STBC;
1526
1527        if (elem->phy_cap_info[6] &
1528            IEEE80211_HE_PHY_CAP6_PARTIAL_BW_EXT_RANGE)
1529                cap |= STA_REC_HE_CAP_PARTIAL_BW_EXT_RANGE;
1530
1531        if (elem->phy_cap_info[7] &
1532            IEEE80211_HE_PHY_CAP7_HE_SU_MU_PPDU_4XLTF_AND_08_US_GI)
1533                cap |= STA_REC_HE_CAP_SU_MU_PPDU_4LTF_8US_GI;
1534
1535        if (elem->phy_cap_info[7] &
1536            IEEE80211_HE_PHY_CAP7_STBC_TX_ABOVE_80MHZ)
1537                cap |= STA_REC_HE_CAP_GT_80M_TX_STBC;
1538
1539        if (elem->phy_cap_info[7] &
1540            IEEE80211_HE_PHY_CAP7_STBC_RX_ABOVE_80MHZ)
1541                cap |= STA_REC_HE_CAP_GT_80M_RX_STBC;
1542
1543        if (elem->phy_cap_info[8] &
1544            IEEE80211_HE_PHY_CAP8_HE_ER_SU_PPDU_4XLTF_AND_08_US_GI)
1545                cap |= STA_REC_HE_CAP_ER_SU_PPDU_4LTF_8US_GI;
1546
1547        if (elem->phy_cap_info[8] &
1548            IEEE80211_HE_PHY_CAP8_HE_ER_SU_1XLTF_AND_08_US_GI)
1549                cap |= STA_REC_HE_CAP_ER_SU_PPDU_1LTF_8US_GI;
1550
1551        if (elem->phy_cap_info[9] &
1552            IEEE80211_HE_PHY_CAP9_NON_TRIGGERED_CQI_FEEDBACK)
1553                cap |= STA_REC_HE_CAP_TRIG_CQI_FK;
1554
1555        if (elem->phy_cap_info[9] &
1556            IEEE80211_HE_PHY_CAP9_TX_1024_QAM_LESS_THAN_242_TONE_RU)
1557                cap |= STA_REC_HE_CAP_TX_1024QAM_UNDER_RU242;
1558
1559        if (elem->phy_cap_info[9] &
1560            IEEE80211_HE_PHY_CAP9_RX_1024_QAM_LESS_THAN_242_TONE_RU)
1561                cap |= STA_REC_HE_CAP_RX_1024QAM_UNDER_RU242;
1562
1563        he->he_cap = cpu_to_le32(cap);
1564
1565        switch (sta->bandwidth) {
1566        case IEEE80211_STA_RX_BW_160:
1567                if (elem->phy_cap_info[0] &
1568                    IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G)
1569                        mt7915_mcu_set_sta_he_mcs(sta,
1570                                                  &he->max_nss_mcs[CMD_HE_MCS_BW8080],
1571                                                  mcs_mask);
1572
1573                mt7915_mcu_set_sta_he_mcs(sta,
1574                                          &he->max_nss_mcs[CMD_HE_MCS_BW160],
1575                                          mcs_mask);
1576                fallthrough;
1577        default:
1578                mt7915_mcu_set_sta_he_mcs(sta,
1579                                          &he->max_nss_mcs[CMD_HE_MCS_BW80],
1580                                          mcs_mask);
1581                break;
1582        }
1583
1584        he->t_frame_dur =
1585                HE_MAC(CAP1_TF_MAC_PAD_DUR_MASK, elem->mac_cap_info[1]);
1586        he->max_ampdu_exp =
1587                HE_MAC(CAP3_MAX_AMPDU_LEN_EXP_MASK, elem->mac_cap_info[3]);
1588
1589        he->bw_set =
1590                HE_PHY(CAP0_CHANNEL_WIDTH_SET_MASK, elem->phy_cap_info[0]);
1591        he->device_class =
1592                HE_PHY(CAP1_DEVICE_CLASS_A, elem->phy_cap_info[1]);
1593        he->punc_pream_rx =
1594                HE_PHY(CAP1_PREAMBLE_PUNC_RX_MASK, elem->phy_cap_info[1]);
1595
1596        he->dcm_tx_mode =
1597                HE_PHY(CAP3_DCM_MAX_CONST_TX_MASK, elem->phy_cap_info[3]);
1598        he->dcm_tx_max_nss =
1599                HE_PHY(CAP3_DCM_MAX_TX_NSS_2, elem->phy_cap_info[3]);
1600        he->dcm_rx_mode =
1601                HE_PHY(CAP3_DCM_MAX_CONST_RX_MASK, elem->phy_cap_info[3]);
1602        he->dcm_rx_max_nss =
1603                HE_PHY(CAP3_DCM_MAX_RX_NSS_2, elem->phy_cap_info[3]);
1604        he->dcm_rx_max_nss =
1605                HE_PHY(CAP8_DCM_MAX_RU_MASK, elem->phy_cap_info[8]);
1606
1607        he->pkt_ext = 2;
1608}
1609
1610static void
1611mt7915_mcu_sta_uapsd_tlv(struct sk_buff *skb, struct ieee80211_sta *sta,
1612                     struct ieee80211_vif *vif)
1613{
1614        struct sta_rec_uapsd *uapsd;
1615        struct tlv *tlv;
1616
1617        if (vif->type != NL80211_IFTYPE_AP || !sta->wme)
1618                return;
1619
1620        tlv = mt7915_mcu_add_tlv(skb, STA_REC_APPS, sizeof(*uapsd));
1621        uapsd = (struct sta_rec_uapsd *)tlv;
1622
1623        if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) {
1624                uapsd->dac_map |= BIT(3);
1625                uapsd->tac_map |= BIT(3);
1626        }
1627        if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) {
1628                uapsd->dac_map |= BIT(2);
1629                uapsd->tac_map |= BIT(2);
1630        }
1631        if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) {
1632                uapsd->dac_map |= BIT(1);
1633                uapsd->tac_map |= BIT(1);
1634        }
1635        if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) {
1636                uapsd->dac_map |= BIT(0);
1637                uapsd->tac_map |= BIT(0);
1638        }
1639        uapsd->max_sp = sta->max_sp;
1640}
1641
1642static void
1643mt7915_mcu_sta_muru_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1644{
1645        struct ieee80211_sta_he_cap *he_cap = &sta->he_cap;
1646        struct ieee80211_he_cap_elem *elem = &he_cap->he_cap_elem;
1647        struct sta_rec_muru *muru;
1648        struct tlv *tlv;
1649
1650        tlv = mt7915_mcu_add_tlv(skb, STA_REC_MURU, sizeof(*muru));
1651
1652        muru = (struct sta_rec_muru *)tlv;
1653        muru->cfg.ofdma_dl_en = true;
1654        muru->cfg.mimo_dl_en = true;
1655
1656        muru->ofdma_dl.punc_pream_rx =
1657                HE_PHY(CAP1_PREAMBLE_PUNC_RX_MASK, elem->phy_cap_info[1]);
1658        muru->ofdma_dl.he_20m_in_40m_2g =
1659                HE_PHY(CAP8_20MHZ_IN_40MHZ_HE_PPDU_IN_2G, elem->phy_cap_info[8]);
1660        muru->ofdma_dl.he_20m_in_160m =
1661                HE_PHY(CAP8_20MHZ_IN_160MHZ_HE_PPDU, elem->phy_cap_info[8]);
1662        muru->ofdma_dl.he_80m_in_160m =
1663                HE_PHY(CAP8_80MHZ_IN_160MHZ_HE_PPDU, elem->phy_cap_info[8]);
1664        muru->ofdma_dl.lt16_sigb = 0;
1665        muru->ofdma_dl.rx_su_comp_sigb = 0;
1666        muru->ofdma_dl.rx_su_non_comp_sigb = 0;
1667
1668        muru->ofdma_ul.t_frame_dur =
1669                HE_MAC(CAP1_TF_MAC_PAD_DUR_MASK, elem->mac_cap_info[1]);
1670        muru->ofdma_ul.mu_cascading =
1671                HE_MAC(CAP2_MU_CASCADING, elem->mac_cap_info[2]);
1672        muru->ofdma_ul.uo_ra =
1673                HE_MAC(CAP3_OFDMA_RA, elem->mac_cap_info[3]);
1674        muru->ofdma_ul.he_2x996_tone = 0;
1675        muru->ofdma_ul.rx_t_frame_11ac = 0;
1676
1677        muru->mimo_dl.vht_mu_bfee =
1678                !!(sta->vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
1679        muru->mimo_dl.partial_bw_dl_mimo =
1680                HE_PHY(CAP6_PARTIAL_BANDWIDTH_DL_MUMIMO, elem->phy_cap_info[6]);
1681
1682        muru->mimo_ul.full_ul_mimo =
1683                HE_PHY(CAP2_UL_MU_FULL_MU_MIMO, elem->phy_cap_info[2]);
1684        muru->mimo_ul.partial_ul_mimo =
1685                HE_PHY(CAP2_UL_MU_PARTIAL_MU_MIMO, elem->phy_cap_info[2]);
1686}
1687
1688static void
1689mt7915_mcu_sta_vht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1690{
1691        struct sta_rec_vht *vht;
1692        struct tlv *tlv;
1693
1694        tlv = mt7915_mcu_add_tlv(skb, STA_REC_VHT, sizeof(*vht));
1695
1696        vht = (struct sta_rec_vht *)tlv;
1697        vht->vht_cap = cpu_to_le32(sta->vht_cap.cap);
1698        vht->vht_rx_mcs_map = sta->vht_cap.vht_mcs.rx_mcs_map;
1699        vht->vht_tx_mcs_map = sta->vht_cap.vht_mcs.tx_mcs_map;
1700}
1701
1702static void
1703mt7915_mcu_sta_amsdu_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1704{
1705        struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
1706        struct sta_rec_amsdu *amsdu;
1707        struct tlv *tlv;
1708
1709        if (!sta->max_amsdu_len)
1710            return;
1711
1712        tlv = mt7915_mcu_add_tlv(skb, STA_REC_HW_AMSDU, sizeof(*amsdu));
1713        amsdu = (struct sta_rec_amsdu *)tlv;
1714        amsdu->max_amsdu_num = 8;
1715        amsdu->amsdu_en = true;
1716        amsdu->max_mpdu_size = sta->max_amsdu_len >=
1717                               IEEE80211_MAX_MPDU_LEN_VHT_7991;
1718        msta->wcid.amsdu = true;
1719}
1720
1721static bool
1722mt7915_hw_amsdu_supported(struct ieee80211_vif *vif)
1723{
1724        switch (vif->type) {
1725        case NL80211_IFTYPE_AP:
1726        case NL80211_IFTYPE_STATION:
1727                return true;
1728        default:
1729                return false;
1730        }
1731}
1732
1733static void
1734mt7915_mcu_sta_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
1735                   struct ieee80211_sta *sta, struct ieee80211_vif *vif)
1736{
1737        struct tlv *tlv;
1738
1739        /* starec ht */
1740        if (sta->ht_cap.ht_supported) {
1741                struct sta_rec_ht *ht;
1742
1743                tlv = mt7915_mcu_add_tlv(skb, STA_REC_HT, sizeof(*ht));
1744                ht = (struct sta_rec_ht *)tlv;
1745                ht->ht_cap = cpu_to_le16(sta->ht_cap.cap);
1746
1747                if (mt7915_hw_amsdu_supported(vif))
1748                        mt7915_mcu_sta_amsdu_tlv(skb, sta);
1749        }
1750
1751        /* starec he */
1752        if (sta->he_cap.has_he)
1753                mt7915_mcu_sta_he_tlv(skb, sta);
1754
1755        /* starec uapsd */
1756        mt7915_mcu_sta_uapsd_tlv(skb, sta, vif);
1757}
1758
1759static void
1760mt7915_mcu_wtbl_smps_tlv(struct sk_buff *skb, struct ieee80211_sta *sta,
1761                         void *sta_wtbl, void *wtbl_tlv)
1762{
1763        struct wtbl_smps *smps;
1764        struct tlv *tlv;
1765
1766        tlv = mt7915_mcu_add_nested_tlv(skb, WTBL_SMPS, sizeof(*smps),
1767                                        wtbl_tlv, sta_wtbl);
1768        smps = (struct wtbl_smps *)tlv;
1769
1770        if (sta->smps_mode == IEEE80211_SMPS_DYNAMIC)
1771                smps->smps = true;
1772}
1773
1774static void
1775mt7915_mcu_wtbl_ht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta,
1776                       void *sta_wtbl, void *wtbl_tlv)
1777{
1778        struct wtbl_ht *ht = NULL;
1779        struct tlv *tlv;
1780
1781        /* wtbl ht */
1782        if (sta->ht_cap.ht_supported) {
1783                tlv = mt7915_mcu_add_nested_tlv(skb, WTBL_HT, sizeof(*ht),
1784                                                wtbl_tlv, sta_wtbl);
1785                ht = (struct wtbl_ht *)tlv;
1786                ht->ldpc = !!(sta->ht_cap.cap & IEEE80211_HT_CAP_LDPC_CODING);
1787                ht->af = sta->ht_cap.ampdu_factor;
1788                ht->mm = sta->ht_cap.ampdu_density;
1789                ht->ht = true;
1790        }
1791
1792        /* wtbl vht */
1793        if (sta->vht_cap.vht_supported) {
1794                struct wtbl_vht *vht;
1795                u8 af;
1796
1797                tlv = mt7915_mcu_add_nested_tlv(skb, WTBL_VHT, sizeof(*vht),
1798                                                wtbl_tlv, sta_wtbl);
1799                vht = (struct wtbl_vht *)tlv;
1800                vht->ldpc = !!(sta->vht_cap.cap & IEEE80211_VHT_CAP_RXLDPC);
1801                vht->vht = true;
1802
1803                af = FIELD_GET(IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK,
1804                               sta->vht_cap.cap);
1805                if (ht)
1806                        ht->af = max_t(u8, ht->af, af);
1807        }
1808
1809        mt7915_mcu_wtbl_smps_tlv(skb, sta, sta_wtbl, wtbl_tlv);
1810}
1811
1812static void
1813mt7915_mcu_wtbl_hdr_trans_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
1814                              struct ieee80211_sta *sta,
1815                              void *sta_wtbl, void *wtbl_tlv)
1816{
1817        struct mt7915_sta *msta;
1818        struct wtbl_hdr_trans *htr = NULL;
1819        struct tlv *tlv;
1820
1821        tlv = mt7915_mcu_add_nested_tlv(skb, WTBL_HDR_TRANS, sizeof(*htr),
1822                                        wtbl_tlv, sta_wtbl);
1823        htr = (struct wtbl_hdr_trans *)tlv;
1824        htr->no_rx_trans = true;
1825        if (vif->type == NL80211_IFTYPE_STATION)
1826                htr->to_ds = true;
1827        else
1828                htr->from_ds = true;
1829
1830        if (!sta)
1831                return;
1832
1833        msta = (struct mt7915_sta *)sta->drv_priv;
1834        htr->no_rx_trans = !test_bit(MT_WCID_FLAG_HDR_TRANS, &msta->wcid.flags);
1835        if (test_bit(MT_WCID_FLAG_4ADDR, &msta->wcid.flags)) {
1836                htr->to_ds = true;
1837                htr->from_ds = true;
1838        }
1839}
1840
1841int mt7915_mcu_sta_update_hdr_trans(struct mt7915_dev *dev,
1842                                    struct ieee80211_vif *vif,
1843                                    struct ieee80211_sta *sta)
1844{
1845        struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
1846        struct wtbl_req_hdr *wtbl_hdr;
1847        struct sk_buff *skb;
1848
1849        skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, MT7915_WTBL_UPDATE_MAX_SIZE);
1850        if (!skb)
1851                return -ENOMEM;
1852
1853        wtbl_hdr = mt7915_mcu_alloc_wtbl_req(dev, msta, WTBL_SET, NULL, &skb);
1854        if (IS_ERR(wtbl_hdr))
1855                return PTR_ERR(wtbl_hdr);
1856
1857        mt7915_mcu_wtbl_hdr_trans_tlv(skb, vif, sta, NULL, wtbl_hdr);
1858
1859        return mt76_mcu_skb_send_msg(&dev->mt76, skb, MCU_EXT_CMD(WTBL_UPDATE),
1860                                     true);
1861}
1862
1863int mt7915_mcu_add_smps(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1864                        struct ieee80211_sta *sta)
1865{
1866        struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1867        struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
1868        struct wtbl_req_hdr *wtbl_hdr;
1869        struct tlv *sta_wtbl;
1870        struct sk_buff *skb;
1871
1872        skb = mt7915_mcu_alloc_sta_req(dev, mvif, msta,
1873                                       MT7915_STA_UPDATE_MAX_SIZE);
1874        if (IS_ERR(skb))
1875                return PTR_ERR(skb);
1876
1877        sta_wtbl = mt7915_mcu_add_tlv(skb, STA_REC_WTBL, sizeof(struct tlv));
1878
1879        wtbl_hdr = mt7915_mcu_alloc_wtbl_req(dev, msta, WTBL_SET, sta_wtbl,
1880                                             &skb);
1881        if (IS_ERR(wtbl_hdr))
1882                return PTR_ERR(wtbl_hdr);
1883
1884        mt7915_mcu_wtbl_smps_tlv(skb, sta, sta_wtbl, wtbl_hdr);
1885
1886        return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1887                                     MCU_EXT_CMD(STA_REC_UPDATE), true);
1888}
1889
1890static void
1891mt7915_mcu_sta_sounding_rate(struct sta_rec_bf *bf)
1892{
1893        bf->bf_cap = MT_EBF;
1894        bf->sounding_phy = MT_PHY_TYPE_OFDM;
1895        bf->ndp_rate = 0;                               /* mcs0 */
1896        bf->ndpa_rate = MT7915_CFEND_RATE_DEFAULT;      /* ofdm 24m */
1897        bf->rept_poll_rate = MT7915_CFEND_RATE_DEFAULT; /* ofdm 24m */
1898}
1899
1900static void
1901mt7915_mcu_sta_bfer_ht(struct ieee80211_sta *sta, struct mt7915_phy *phy,
1902                       struct sta_rec_bf *bf)
1903{
1904        struct ieee80211_mcs_info *mcs = &sta->ht_cap.mcs;
1905        u8 n = 0;
1906
1907        bf->tx_mode = MT_PHY_TYPE_HT;
1908        bf->bf_cap = MT_IBF;
1909
1910        if (mcs->tx_params & IEEE80211_HT_MCS_TX_RX_DIFF &&
1911            (mcs->tx_params & IEEE80211_HT_MCS_TX_DEFINED))
1912                n = FIELD_GET(IEEE80211_HT_MCS_TX_MAX_STREAMS_MASK,
1913                              mcs->tx_params);
1914        else if (mcs->rx_mask[3])
1915                n = 3;
1916        else if (mcs->rx_mask[2])
1917                n = 2;
1918        else if (mcs->rx_mask[1])
1919                n = 1;
1920
1921        bf->nr = hweight8(phy->mt76->chainmask) - 1;
1922        bf->nc = min_t(u8, bf->nr, n);
1923        bf->ibf_ncol = n;
1924}
1925
1926static void
1927mt7915_mcu_sta_bfer_vht(struct ieee80211_sta *sta, struct mt7915_phy *phy,
1928                        struct sta_rec_bf *bf, bool explicit)
1929{
1930        struct ieee80211_sta_vht_cap *pc = &sta->vht_cap;
1931        struct ieee80211_sta_vht_cap *vc = &phy->mt76->sband_5g.sband.vht_cap;
1932        u16 mcs_map = le16_to_cpu(pc->vht_mcs.rx_mcs_map);
1933        u8 nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
1934        u8 tx_ant = hweight8(phy->mt76->chainmask) - 1;
1935
1936        bf->tx_mode = MT_PHY_TYPE_VHT;
1937
1938        if (explicit) {
1939                u8 bfee_nr, bfer_nr;
1940
1941                mt7915_mcu_sta_sounding_rate(bf);
1942                bfee_nr = FIELD_GET(IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK,
1943                                    pc->cap);
1944                bfer_nr = FIELD_GET(IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK,
1945                                    vc->cap);
1946                bf->nr = min_t(u8, min_t(u8, bfer_nr, bfee_nr), tx_ant);
1947                bf->nc = min_t(u8, nss_mcs, bf->nr);
1948                bf->ibf_ncol = bf->nc;
1949
1950                if (sta->bandwidth == IEEE80211_STA_RX_BW_160)
1951                        bf->nr = 1;
1952        } else {
1953                bf->bf_cap = MT_IBF;
1954                bf->nr = tx_ant;
1955                bf->nc = min_t(u8, nss_mcs, bf->nr);
1956                bf->ibf_ncol = nss_mcs;
1957
1958                if (sta->bandwidth == IEEE80211_STA_RX_BW_160)
1959                        bf->ibf_nrow = 1;
1960        }
1961}
1962
1963static void
1964mt7915_mcu_sta_bfer_he(struct ieee80211_sta *sta, struct ieee80211_vif *vif,
1965                       struct mt7915_phy *phy, struct sta_rec_bf *bf)
1966{
1967        struct ieee80211_sta_he_cap *pc = &sta->he_cap;
1968        struct ieee80211_he_cap_elem *pe = &pc->he_cap_elem;
1969        const struct ieee80211_sta_he_cap *vc = mt7915_get_he_phy_cap(phy, vif);
1970        const struct ieee80211_he_cap_elem *ve = &vc->he_cap_elem;
1971        u16 mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_80);
1972        u8 nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
1973        u8 bfee_nr, bfer_nr;
1974
1975        bf->tx_mode = MT_PHY_TYPE_HE_SU;
1976        mt7915_mcu_sta_sounding_rate(bf);
1977        bf->trigger_su = HE_PHY(CAP6_TRIG_SU_BEAMFORMING_FB,
1978                                pe->phy_cap_info[6]);
1979        bf->trigger_mu = HE_PHY(CAP6_TRIG_MU_BEAMFORMING_PARTIAL_BW_FB,
1980                                pe->phy_cap_info[6]);
1981        bfer_nr = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_UNDER_80MHZ_MASK,
1982                         ve->phy_cap_info[5]);
1983        bfee_nr = HE_PHY(CAP4_BEAMFORMEE_MAX_STS_UNDER_80MHZ_MASK,
1984                         pe->phy_cap_info[4]);
1985        bf->nr = min_t(u8, bfer_nr, bfee_nr);
1986        bf->nc = min_t(u8, nss_mcs, bf->nr);
1987        bf->ibf_ncol = bf->nc;
1988
1989        if (sta->bandwidth != IEEE80211_STA_RX_BW_160)
1990                return;
1991
1992        /* go over for 160MHz and 80p80 */
1993        if (pe->phy_cap_info[0] &
1994            IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G) {
1995                mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_160);
1996                nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
1997
1998                bf->nc_bw160 = nss_mcs;
1999        }
2000
2001        if (pe->phy_cap_info[0] &
2002            IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G) {
2003                mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_80p80);
2004                nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
2005
2006                if (bf->nc_bw160)
2007                        bf->nc_bw160 = min_t(u8, bf->nc_bw160, nss_mcs);
2008                else
2009                        bf->nc_bw160 = nss_mcs;
2010        }
2011
2012        bfer_nr = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_ABOVE_80MHZ_MASK,
2013                         ve->phy_cap_info[5]);
2014        bfee_nr = HE_PHY(CAP4_BEAMFORMEE_MAX_STS_ABOVE_80MHZ_MASK,
2015                         pe->phy_cap_info[4]);
2016
2017        bf->nr_bw160 = min_t(int, bfer_nr, bfee_nr);
2018}
2019
2020static void
2021mt7915_mcu_sta_bfer_tlv(struct sk_buff *skb, struct ieee80211_sta *sta,
2022                        struct ieee80211_vif *vif, struct mt7915_phy *phy,
2023                        bool enable, bool explicit)
2024{
2025        int tx_ant = hweight8(phy->mt76->chainmask) - 1;
2026        struct sta_rec_bf *bf;
2027        struct tlv *tlv;
2028        const u8 matrix[4][4] = {
2029                {0, 0, 0, 0},
2030                {1, 1, 0, 0},   /* 2x1, 2x2, 2x3, 2x4 */
2031                {2, 4, 4, 0},   /* 3x1, 3x2, 3x3, 3x4 */
2032                {3, 5, 6, 0}    /* 4x1, 4x2, 4x3, 4x4 */
2033        };
2034
2035#define MT_BFER_FREE            cpu_to_le16(GENMASK(15, 0))
2036
2037        tlv = mt7915_mcu_add_tlv(skb, STA_REC_BF, sizeof(*bf));
2038        bf = (struct sta_rec_bf *)tlv;
2039
2040        if (!enable) {
2041                bf->pfmu = MT_BFER_FREE;
2042                return;
2043        }
2044
2045        /* he: eBF only, in accordance with spec
2046         * vht: support eBF and iBF
2047         * ht: iBF only, since mac80211 lacks of eBF support
2048         */
2049        if (sta->he_cap.has_he && explicit)
2050                mt7915_mcu_sta_bfer_he(sta, vif, phy, bf);
2051        else if (sta->vht_cap.vht_supported)
2052                mt7915_mcu_sta_bfer_vht(sta, phy, bf, explicit);
2053        else if (sta->ht_cap.ht_supported)
2054                mt7915_mcu_sta_bfer_ht(sta, phy, bf);
2055        else
2056                return;
2057
2058        bf->bw = sta->bandwidth;
2059        bf->ibf_dbw = sta->bandwidth;
2060        bf->ibf_nrow = tx_ant;
2061
2062        if (!explicit && sta->bandwidth <= IEEE80211_STA_RX_BW_40 && !bf->nc)
2063                bf->ibf_timeout = 0x48;
2064        else
2065                bf->ibf_timeout = 0x18;
2066
2067        if (explicit && bf->nr != tx_ant)
2068                bf->mem_20m = matrix[tx_ant][bf->nc];
2069        else
2070                bf->mem_20m = matrix[bf->nr][bf->nc];
2071
2072        switch (sta->bandwidth) {
2073        case IEEE80211_STA_RX_BW_160:
2074        case IEEE80211_STA_RX_BW_80:
2075                bf->mem_total = bf->mem_20m * 2;
2076                break;
2077        case IEEE80211_STA_RX_BW_40:
2078                bf->mem_total = bf->mem_20m;
2079                break;
2080        case IEEE80211_STA_RX_BW_20:
2081        default:
2082                break;
2083        }
2084}
2085
2086static void
2087mt7915_mcu_sta_bfee_tlv(struct sk_buff *skb, struct ieee80211_sta *sta,
2088                        struct mt7915_phy *phy)
2089{
2090        int tx_ant = hweight8(phy->mt76->chainmask) - 1;
2091        struct sta_rec_bfee *bfee;
2092        struct tlv *tlv;
2093        u8 nr = 0;
2094
2095        tlv = mt7915_mcu_add_tlv(skb, STA_REC_BFEE, sizeof(*bfee));
2096        bfee = (struct sta_rec_bfee *)tlv;
2097
2098        if (sta->he_cap.has_he) {
2099                struct ieee80211_he_cap_elem *pe = &sta->he_cap.he_cap_elem;
2100
2101                nr = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_UNDER_80MHZ_MASK,
2102                            pe->phy_cap_info[5]);
2103        } else if (sta->vht_cap.vht_supported) {
2104                struct ieee80211_sta_vht_cap *pc = &sta->vht_cap;
2105
2106                nr = FIELD_GET(IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK,
2107                               pc->cap);
2108        }
2109
2110        /* reply with identity matrix to avoid 2x2 BF negative gain */
2111        bfee->fb_identity_matrix = !!(nr == 1 && tx_ant == 2);
2112}
2113
2114static int
2115mt7915_mcu_add_txbf(struct mt7915_dev *dev, struct ieee80211_vif *vif,
2116                    struct ieee80211_sta *sta, bool enable)
2117{
2118        struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2119        struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
2120        struct mt7915_phy *phy;
2121        struct sk_buff *skb;
2122        int r, len;
2123        bool ebfee = 0, ebf = 0;
2124
2125        if (vif->type != NL80211_IFTYPE_STATION &&
2126            vif->type != NL80211_IFTYPE_AP)
2127                return 0;
2128
2129        phy = mvif->band_idx ? mt7915_ext_phy(dev) : &dev->phy;
2130
2131        if (sta->he_cap.has_he) {
2132                struct ieee80211_he_cap_elem *pe;
2133                const struct ieee80211_he_cap_elem *ve;
2134                const struct ieee80211_sta_he_cap *vc;
2135
2136                pe = &sta->he_cap.he_cap_elem;
2137                vc = mt7915_get_he_phy_cap(phy, vif);
2138                ve = &vc->he_cap_elem;
2139
2140                ebfee = !!(HE_PHY(CAP3_SU_BEAMFORMER, pe->phy_cap_info[3]) &&
2141                           HE_PHY(CAP4_SU_BEAMFORMEE, ve->phy_cap_info[4]));
2142                ebf = !!(HE_PHY(CAP3_SU_BEAMFORMER, ve->phy_cap_info[3]) &&
2143                         HE_PHY(CAP4_SU_BEAMFORMEE, pe->phy_cap_info[4]));
2144        } else if (sta->vht_cap.vht_supported) {
2145                struct ieee80211_sta_vht_cap *pc;
2146                struct ieee80211_sta_vht_cap *vc;
2147
2148                pc = &sta->vht_cap;
2149                vc = &phy->mt76->sband_5g.sband.vht_cap;
2150
2151                ebfee = !!((pc->cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE) &&
2152                           (vc->cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE));
2153                ebf = !!((vc->cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE) &&
2154                         (pc->cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE));
2155        }
2156
2157        /* must keep each tag independent */
2158
2159        /* starec bf */
2160        if (ebf || dev->ibf) {
2161                len = sizeof(struct sta_req_hdr) + sizeof(struct sta_rec_bf);
2162
2163                skb = mt7915_mcu_alloc_sta_req(dev, mvif, msta, len);
2164                if (IS_ERR(skb))
2165                        return PTR_ERR(skb);
2166
2167                mt7915_mcu_sta_bfer_tlv(skb, sta, vif, phy, enable, ebf);
2168
2169                r = mt76_mcu_skb_send_msg(&dev->mt76, skb,
2170                                          MCU_EXT_CMD(STA_REC_UPDATE), true);
2171                if (r)
2172                        return r;
2173        }
2174
2175        /* starec bfee */
2176        if (ebfee) {
2177                len = sizeof(struct sta_req_hdr) + sizeof(struct sta_rec_bfee);
2178
2179                skb = mt7915_mcu_alloc_sta_req(dev, mvif, msta, len);
2180                if (IS_ERR(skb))
2181                        return PTR_ERR(skb);
2182
2183                mt7915_mcu_sta_bfee_tlv(skb, sta, phy);
2184
2185                r = mt76_mcu_skb_send_msg(&dev->mt76, skb,
2186                                          MCU_EXT_CMD(STA_REC_UPDATE), true);
2187                if (r)
2188                        return r;
2189        }
2190
2191        return 0;
2192}
2193
2194static void
2195mt7915_mcu_sta_rate_ctrl_tlv(struct sk_buff *skb, struct mt7915_dev *dev,
2196                             struct ieee80211_vif *vif, struct ieee80211_sta *sta)
2197{
2198        struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2199        struct cfg80211_chan_def *chandef = &mvif->phy->mt76->chandef;
2200        struct cfg80211_bitrate_mask *mask = &mvif->bitrate_mask;
2201        enum nl80211_band band = chandef->chan->band;
2202        struct sta_rec_ra *ra;
2203        struct tlv *tlv;
2204        u32 supp_rate = sta->supp_rates[band];
2205        u32 cap = sta->wme ? STA_CAP_WMM : 0;
2206
2207        tlv = mt7915_mcu_add_tlv(skb, STA_REC_RA, sizeof(*ra));
2208        ra = (struct sta_rec_ra *)tlv;
2209
2210        ra->valid = true;
2211        ra->auto_rate = true;
2212        ra->phy_mode = mt7915_get_phy_mode(vif, sta);
2213        ra->channel = chandef->chan->hw_value;
2214        ra->bw = sta->bandwidth;
2215        ra->phy.bw = sta->bandwidth;
2216
2217        if (supp_rate) {
2218                supp_rate &= mask->control[band].legacy;
2219                ra->rate_len = hweight32(supp_rate);
2220
2221                if (band == NL80211_BAND_2GHZ) {
2222                        ra->supp_mode = MODE_CCK;
2223                        ra->supp_cck_rate = supp_rate & GENMASK(3, 0);
2224
2225                        if (ra->rate_len > 4) {
2226                                ra->supp_mode |= MODE_OFDM;
2227                                ra->supp_ofdm_rate = supp_rate >> 4;
2228                        }
2229                } else {
2230                        ra->supp_mode = MODE_OFDM;
2231                        ra->supp_ofdm_rate = supp_rate;
2232                }
2233        }
2234
2235        if (sta->ht_cap.ht_supported) {
2236                const u8 *mcs_mask = mask->control[band].ht_mcs;
2237
2238                ra->supp_mode |= MODE_HT;
2239                ra->af = sta->ht_cap.ampdu_factor;
2240                ra->ht_gf = !!(sta->ht_cap.cap & IEEE80211_HT_CAP_GRN_FLD);
2241
2242                cap |= STA_CAP_HT;
2243                if (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_20)
2244                        cap |= STA_CAP_SGI_20;
2245                if (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_40)
2246                        cap |= STA_CAP_SGI_40;
2247                if (sta->ht_cap.cap & IEEE80211_HT_CAP_TX_STBC)
2248                        cap |= STA_CAP_TX_STBC;
2249                if (sta->ht_cap.cap & IEEE80211_HT_CAP_RX_STBC)
2250                        cap |= STA_CAP_RX_STBC;
2251                if (sta->ht_cap.cap & IEEE80211_HT_CAP_LDPC_CODING)
2252                        cap |= STA_CAP_LDPC;
2253
2254                mt7915_mcu_set_sta_ht_mcs(sta, ra->ht_mcs, mcs_mask);
2255                ra->supp_ht_mcs = *(__le32 *)ra->ht_mcs;
2256        }
2257
2258        if (sta->vht_cap.vht_supported) {
2259                const u16 *mcs_mask = mask->control[band].vht_mcs;
2260                u8 af;
2261
2262                ra->supp_mode |= MODE_VHT;
2263                af = FIELD_GET(IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK,
2264                               sta->vht_cap.cap);
2265                ra->af = max_t(u8, ra->af, af);
2266
2267                cap |= STA_CAP_VHT;
2268                if (sta->vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_80)
2269                        cap |= STA_CAP_VHT_SGI_80;
2270                if (sta->vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_160)
2271                        cap |= STA_CAP_VHT_SGI_160;
2272                if (sta->vht_cap.cap & IEEE80211_VHT_CAP_TXSTBC)
2273                        cap |= STA_CAP_VHT_TX_STBC;
2274                if (sta->vht_cap.cap & IEEE80211_VHT_CAP_RXSTBC_1)
2275                        cap |= STA_CAP_VHT_RX_STBC;
2276                if (sta->vht_cap.cap & IEEE80211_VHT_CAP_RXLDPC)
2277                        cap |= STA_CAP_VHT_LDPC;
2278
2279                mt7915_mcu_set_sta_vht_mcs(sta, ra->supp_vht_mcs, mcs_mask);
2280        }
2281
2282        if (sta->he_cap.has_he) {
2283                ra->supp_mode |= MODE_HE;
2284                cap |= STA_CAP_HE;
2285        }
2286
2287        ra->sta_cap = cpu_to_le32(cap);
2288}
2289
2290int mt7915_mcu_add_rate_ctrl(struct mt7915_dev *dev, struct ieee80211_vif *vif,
2291                             struct ieee80211_sta *sta)
2292{
2293        struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2294        struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
2295        struct sk_buff *skb;
2296        int len = sizeof(struct sta_req_hdr) + sizeof(struct sta_rec_ra);
2297
2298        skb = mt7915_mcu_alloc_sta_req(dev, mvif, msta, len);
2299        if (IS_ERR(skb))
2300                return PTR_ERR(skb);
2301
2302        mt7915_mcu_sta_rate_ctrl_tlv(skb, dev, vif, sta);
2303
2304        return mt76_mcu_skb_send_msg(&dev->mt76, skb,
2305                                     MCU_EXT_CMD(STA_REC_UPDATE), true);
2306}
2307
2308int mt7915_mcu_add_he(struct mt7915_dev *dev, struct ieee80211_vif *vif,
2309                      struct ieee80211_sta *sta)
2310{
2311        struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2312        struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
2313        struct sk_buff *skb;
2314        int len;
2315
2316        if (!sta->he_cap.has_he)
2317                return 0;
2318
2319        len = sizeof(struct sta_req_hdr) + sizeof(struct sta_rec_he);
2320
2321        skb = mt7915_mcu_alloc_sta_req(dev, mvif, msta, len);
2322        if (IS_ERR(skb))
2323                return PTR_ERR(skb);
2324
2325        mt7915_mcu_sta_he_tlv(skb, sta);
2326
2327        return mt76_mcu_skb_send_msg(&dev->mt76, skb,
2328                                     MCU_EXT_CMD(STA_REC_UPDATE), true);
2329}
2330
2331static int
2332mt7915_mcu_add_group(struct mt7915_dev *dev, struct ieee80211_vif *vif,
2333                     struct ieee80211_sta *sta)
2334{
2335#define MT_STA_BSS_GROUP                1
2336        struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2337        struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
2338        struct {
2339                __le32 action;
2340                u8 wlan_idx_lo;
2341                u8 status;
2342                u8 wlan_idx_hi;
2343                u8 rsv0[5];
2344                __le32 val;
2345                u8 rsv1[8];
2346        } __packed req = {
2347                .action = cpu_to_le32(MT_STA_BSS_GROUP),
2348                .wlan_idx_lo = to_wcid_lo(msta->wcid.idx),
2349                .wlan_idx_hi = to_wcid_hi(msta->wcid.idx),
2350                .val = cpu_to_le32(mvif->idx % 16),
2351        };
2352
2353        return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_DRR_CTRL), &req,
2354                                 sizeof(req), true);
2355}
2356
2357static int
2358mt7915_mcu_add_mu(struct mt7915_dev *dev, struct ieee80211_vif *vif,
2359                  struct ieee80211_sta *sta)
2360{
2361        struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2362        struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
2363        struct sk_buff *skb;
2364        int ret;
2365
2366        if (!sta->vht_cap.vht_supported && !sta->he_cap.has_he)
2367                return 0;
2368
2369        ret = mt7915_mcu_add_group(dev, vif, sta);
2370        if (ret)
2371                return ret;
2372
2373        skb = mt7915_mcu_alloc_sta_req(dev, mvif, msta,
2374                                       MT7915_STA_UPDATE_MAX_SIZE);
2375        if (IS_ERR(skb))
2376                return PTR_ERR(skb);
2377
2378        /* wait until TxBF and MU ready to update stare vht */
2379
2380        /* starec muru */
2381        mt7915_mcu_sta_muru_tlv(skb, sta);
2382        /* starec vht */
2383        mt7915_mcu_sta_vht_tlv(skb, sta);
2384
2385        return mt76_mcu_skb_send_msg(&dev->mt76, skb,
2386                                     MCU_EXT_CMD(STA_REC_UPDATE), true);
2387}
2388
2389int mt7915_mcu_add_sta_adv(struct mt7915_dev *dev, struct ieee80211_vif *vif,
2390                           struct ieee80211_sta *sta, bool enable)
2391{
2392        int ret;
2393
2394        if (!sta)
2395                return 0;
2396
2397        /* must keep the order */
2398        ret = mt7915_mcu_add_txbf(dev, vif, sta, enable);
2399        if (ret || !enable)
2400                return ret;
2401
2402        ret = mt7915_mcu_add_mu(dev, vif, sta);
2403        if (ret)
2404                return ret;
2405
2406        return mt7915_mcu_add_rate_ctrl(dev, vif, sta);
2407}
2408
2409int mt7915_mcu_add_sta(struct mt7915_dev *dev, struct ieee80211_vif *vif,
2410                       struct ieee80211_sta *sta, bool enable)
2411{
2412        struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2413        struct wtbl_req_hdr *wtbl_hdr;
2414        struct mt7915_sta *msta;
2415        struct tlv *sta_wtbl;
2416        struct sk_buff *skb;
2417
2418        msta = sta ? (struct mt7915_sta *)sta->drv_priv : &mvif->sta;
2419
2420        skb = mt7915_mcu_alloc_sta_req(dev, mvif, msta,
2421                                       MT7915_STA_UPDATE_MAX_SIZE);
2422        if (IS_ERR(skb))
2423                return PTR_ERR(skb);
2424
2425        mt7915_mcu_sta_basic_tlv(skb, vif, sta, enable);
2426        if (enable && sta)
2427                mt7915_mcu_sta_tlv(dev, skb, sta, vif);
2428
2429        sta_wtbl = mt7915_mcu_add_tlv(skb, STA_REC_WTBL, sizeof(struct tlv));
2430
2431        wtbl_hdr = mt7915_mcu_alloc_wtbl_req(dev, msta, WTBL_RESET_AND_SET,
2432                                             sta_wtbl, &skb);
2433        if (IS_ERR(wtbl_hdr))
2434                return PTR_ERR(wtbl_hdr);
2435
2436        if (enable) {
2437                mt7915_mcu_wtbl_generic_tlv(skb, vif, sta, sta_wtbl, wtbl_hdr);
2438                mt7915_mcu_wtbl_hdr_trans_tlv(skb, vif, sta, sta_wtbl, wtbl_hdr);
2439                if (sta)
2440                        mt7915_mcu_wtbl_ht_tlv(skb, sta, sta_wtbl, wtbl_hdr);
2441        }
2442
2443        return mt76_mcu_skb_send_msg(&dev->mt76, skb,
2444                                     MCU_EXT_CMD(STA_REC_UPDATE), true);
2445}
2446
2447int mt7915_mcu_set_fixed_rate(struct mt7915_dev *dev,
2448                              struct ieee80211_sta *sta, u32 rate)
2449{
2450        struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
2451        struct mt7915_vif *mvif = msta->vif;
2452        struct sta_rec_ra_fixed *ra;
2453        struct sk_buff *skb;
2454        struct tlv *tlv;
2455        int len = sizeof(struct sta_req_hdr) + sizeof(*ra);
2456
2457        skb = mt7915_mcu_alloc_sta_req(dev, mvif, msta, len);
2458        if (IS_ERR(skb))
2459                return PTR_ERR(skb);
2460
2461        tlv = mt7915_mcu_add_tlv(skb, STA_REC_RA_UPDATE, sizeof(*ra));
2462        ra = (struct sta_rec_ra_fixed *)tlv;
2463
2464        if (!rate) {
2465                ra->field = cpu_to_le32(RATE_PARAM_AUTO);
2466                goto out;
2467        } else {
2468                ra->field = cpu_to_le32(RATE_PARAM_FIXED);
2469        }
2470
2471        ra->phy.type = FIELD_GET(RATE_CFG_PHY_TYPE, rate);
2472        ra->phy.bw = FIELD_GET(RATE_CFG_BW, rate);
2473        ra->phy.nss = FIELD_GET(RATE_CFG_NSS, rate);
2474        ra->phy.mcs = FIELD_GET(RATE_CFG_MCS, rate);
2475        ra->phy.stbc = FIELD_GET(RATE_CFG_STBC, rate);
2476
2477        if (ra->phy.bw)
2478                ra->phy.ldpc = 7;
2479        else
2480                ra->phy.ldpc = FIELD_GET(RATE_CFG_LDPC, rate) * 7;
2481
2482        /* HT/VHT - SGI: 1, LGI: 0; HE - SGI: 0, MGI: 1, LGI: 2 */
2483        if (ra->phy.type > MT_PHY_TYPE_VHT)
2484                ra->phy.sgi = ra->phy.mcs * 85;
2485        else
2486                ra->phy.sgi = ra->phy.mcs * 15;
2487
2488out:
2489        return mt76_mcu_skb_send_msg(&dev->mt76, skb,
2490                                     MCU_EXT_CMD(STA_REC_UPDATE), true);
2491}
2492
2493int mt7915_mcu_add_dev_info(struct mt7915_phy *phy,
2494                            struct ieee80211_vif *vif, bool enable)
2495{
2496        struct mt7915_dev *dev = phy->dev;
2497        struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2498        struct {
2499                struct req_hdr {
2500                        u8 omac_idx;
2501                        u8 dbdc_idx;
2502                        __le16 tlv_num;
2503                        u8 is_tlv_append;
2504                        u8 rsv[3];
2505                } __packed hdr;
2506                struct req_tlv {
2507                        __le16 tag;
2508                        __le16 len;
2509                        u8 active;
2510                        u8 dbdc_idx;
2511                        u8 omac_addr[ETH_ALEN];
2512                } __packed tlv;
2513        } data = {
2514                .hdr = {
2515                        .omac_idx = mvif->omac_idx,
2516                        .dbdc_idx = mvif->band_idx,
2517                        .tlv_num = cpu_to_le16(1),
2518                        .is_tlv_append = 1,
2519                },
2520                .tlv = {
2521                        .tag = cpu_to_le16(DEV_INFO_ACTIVE),
2522                        .len = cpu_to_le16(sizeof(struct req_tlv)),
2523                        .active = enable,
2524                        .dbdc_idx = mvif->band_idx,
2525                },
2526        };
2527
2528        if (mvif->omac_idx >= REPEATER_BSSID_START)
2529                return mt7915_mcu_muar_config(phy, vif, false, enable);
2530
2531        memcpy(data.tlv.omac_addr, vif->addr, ETH_ALEN);
2532        return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(DEV_INFO_UPDATE),
2533                                 &data, sizeof(data), true);
2534}
2535
2536static void
2537mt7915_mcu_beacon_csa(struct sk_buff *rskb, struct sk_buff *skb,
2538                      struct bss_info_bcn *bcn,
2539                      struct ieee80211_mutable_offsets *offs)
2540{
2541        if (offs->cntdwn_counter_offs[0]) {
2542                struct tlv *tlv;
2543                struct bss_info_bcn_csa *csa;
2544
2545                tlv = mt7915_mcu_add_nested_subtlv(rskb, BSS_INFO_BCN_CSA,
2546                                                   sizeof(*csa), &bcn->sub_ntlv,
2547                                                   &bcn->len);
2548                csa = (struct bss_info_bcn_csa *)tlv;
2549                csa->cnt = skb->data[offs->cntdwn_counter_offs[0]];
2550        }
2551}
2552
2553static void
2554mt7915_mcu_beacon_cont(struct mt7915_dev *dev, struct sk_buff *rskb,
2555                       struct sk_buff *skb, struct bss_info_bcn *bcn,
2556                       struct ieee80211_mutable_offsets *offs)
2557{
2558        struct mt76_wcid *wcid = &dev->mt76.global_wcid;
2559        struct bss_info_bcn_cont *cont;
2560        struct tlv *tlv;
2561        u8 *buf;
2562        int len = sizeof(*cont) + MT_TXD_SIZE + skb->len;
2563
2564        tlv = mt7915_mcu_add_nested_subtlv(rskb, BSS_INFO_BCN_CONTENT,
2565                                           len, &bcn->sub_ntlv, &bcn->len);
2566
2567        cont = (struct bss_info_bcn_cont *)tlv;
2568        cont->pkt_len = cpu_to_le16(MT_TXD_SIZE + skb->len);
2569        cont->tim_ofs = cpu_to_le16(offs->tim_offset);
2570
2571        if (offs->cntdwn_counter_offs[0])
2572                cont->csa_ofs = cpu_to_le16(offs->cntdwn_counter_offs[0] - 4);
2573
2574        buf = (u8 *)tlv + sizeof(*cont);
2575        mt7915_mac_write_txwi(dev, (__le32 *)buf, skb, wcid, 0, NULL,
2576                              true);
2577        memcpy(buf + MT_TXD_SIZE, skb->data, skb->len);
2578}
2579
2580int mt7915_mcu_add_beacon(struct ieee80211_hw *hw,
2581                          struct ieee80211_vif *vif, int en)
2582{
2583#define MAX_BEACON_SIZE 512
2584        struct mt7915_dev *dev = mt7915_hw_dev(hw);
2585        struct mt7915_phy *phy = mt7915_hw_phy(hw);
2586        struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2587        struct ieee80211_mutable_offsets offs;
2588        struct ieee80211_tx_info *info;
2589        struct sk_buff *skb, *rskb;
2590        struct tlv *tlv;
2591        struct bss_info_bcn *bcn;
2592        int len = MT7915_BEACON_UPDATE_SIZE + MAX_BEACON_SIZE;
2593
2594        rskb = mt7915_mcu_alloc_sta_req(dev, mvif, NULL, len);
2595        if (IS_ERR(rskb))
2596                return PTR_ERR(rskb);
2597
2598        tlv = mt7915_mcu_add_tlv(rskb, BSS_INFO_OFFLOAD, sizeof(*bcn));
2599        bcn = (struct bss_info_bcn *)tlv;
2600        bcn->enable = en;
2601
2602        if (!en)
2603                goto out;
2604
2605        skb = ieee80211_beacon_get_template(hw, vif, &offs);
2606        if (!skb)
2607                return -EINVAL;
2608
2609        if (skb->len > MAX_BEACON_SIZE - MT_TXD_SIZE) {
2610                dev_err(dev->mt76.dev, "Bcn size limit exceed\n");
2611                dev_kfree_skb(skb);
2612                return -EINVAL;
2613        }
2614
2615        if (mvif->band_idx) {
2616                info = IEEE80211_SKB_CB(skb);
2617                info->hw_queue |= MT_TX_HW_QUEUE_EXT_PHY;
2618        }
2619
2620        /* TODO: subtag - bss color count & 11v MBSSID */
2621        mt7915_mcu_beacon_csa(rskb, skb, bcn, &offs);
2622        mt7915_mcu_beacon_cont(dev, rskb, skb, bcn, &offs);
2623        dev_kfree_skb(skb);
2624
2625out:
2626        return mt76_mcu_skb_send_msg(&phy->dev->mt76, rskb,
2627                                     MCU_EXT_CMD(BSS_INFO_UPDATE), true);
2628}
2629
2630static int mt7915_mcu_start_firmware(struct mt7915_dev *dev, u32 addr,
2631                                     u32 option)
2632{
2633        struct {
2634                __le32 option;
2635                __le32 addr;
2636        } req = {
2637                .option = cpu_to_le32(option),
2638                .addr = cpu_to_le32(addr),
2639        };
2640
2641        return mt76_mcu_send_msg(&dev->mt76, MCU_CMD(FW_START_REQ), &req,
2642                                 sizeof(req), true);
2643}
2644
2645static int mt7915_mcu_restart(struct mt76_dev *dev)
2646{
2647        struct {
2648                u8 power_mode;
2649                u8 rsv[3];
2650        } req = {
2651                .power_mode = 1,
2652        };
2653
2654        return mt76_mcu_send_msg(dev, MCU_CMD(NIC_POWER_CTRL), &req,
2655                                 sizeof(req), false);
2656}
2657
2658static int mt7915_mcu_patch_sem_ctrl(struct mt7915_dev *dev, bool get)
2659{
2660        struct {
2661                __le32 op;
2662        } req = {
2663                .op = cpu_to_le32(get ? PATCH_SEM_GET : PATCH_SEM_RELEASE),
2664        };
2665
2666        return mt76_mcu_send_msg(&dev->mt76, MCU_CMD(PATCH_SEM_CONTROL), &req,
2667                                 sizeof(req), true);
2668}
2669
2670static int mt7915_mcu_start_patch(struct mt7915_dev *dev)
2671{
2672        struct {
2673                u8 check_crc;
2674                u8 reserved[3];
2675        } req = {
2676                .check_crc = 0,
2677        };
2678
2679        return mt76_mcu_send_msg(&dev->mt76, MCU_CMD(PATCH_FINISH_REQ), &req,
2680                                 sizeof(req), true);
2681}
2682
2683static int mt7915_driver_own(struct mt7915_dev *dev)
2684{
2685        mt76_wr(dev, MT_TOP_LPCR_HOST_BAND0, MT_TOP_LPCR_HOST_DRV_OWN);
2686        if (!mt76_poll_msec(dev, MT_TOP_LPCR_HOST_BAND0,
2687                            MT_TOP_LPCR_HOST_FW_OWN, 0, 500)) {
2688                dev_err(dev->mt76.dev, "Timeout for driver own\n");
2689                return -EIO;
2690        }
2691
2692        return 0;
2693}
2694
2695static int mt7915_mcu_init_download(struct mt7915_dev *dev, u32 addr,
2696                                    u32 len, u32 mode)
2697{
2698        struct {
2699                __le32 addr;
2700                __le32 len;
2701                __le32 mode;
2702        } req = {
2703                .addr = cpu_to_le32(addr),
2704                .len = cpu_to_le32(len),
2705                .mode = cpu_to_le32(mode),
2706        };
2707        int attr;
2708
2709        if (req.addr == cpu_to_le32(MCU_PATCH_ADDRESS))
2710                attr = MCU_CMD(PATCH_START_REQ);
2711        else
2712                attr = MCU_CMD(TARGET_ADDRESS_LEN_REQ);
2713
2714        return mt76_mcu_send_msg(&dev->mt76, attr, &req, sizeof(req), true);
2715}
2716
2717static int mt7915_load_patch(struct mt7915_dev *dev)
2718{
2719        const struct mt7915_patch_hdr *hdr;
2720        const struct firmware *fw = NULL;
2721        int i, ret, sem;
2722
2723        sem = mt7915_mcu_patch_sem_ctrl(dev, 1);
2724        switch (sem) {
2725        case PATCH_IS_DL:
2726                return 0;
2727        case PATCH_NOT_DL_SEM_SUCCESS:
2728                break;
2729        default:
2730                dev_err(dev->mt76.dev, "Failed to get patch semaphore\n");
2731                return -EAGAIN;
2732        }
2733
2734        ret = request_firmware(&fw, MT7915_ROM_PATCH, dev->mt76.dev);
2735        if (ret)
2736                goto out;
2737
2738        if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
2739                dev_err(dev->mt76.dev, "Invalid firmware\n");
2740                ret = -EINVAL;
2741                goto out;
2742        }
2743
2744        hdr = (const struct mt7915_patch_hdr *)(fw->data);
2745
2746        dev_info(dev->mt76.dev, "HW/SW Version: 0x%x, Build Time: %.16s\n",
2747                 be32_to_cpu(hdr->hw_sw_ver), hdr->build_date);
2748
2749        for (i = 0; i < be32_to_cpu(hdr->desc.n_region); i++) {
2750                struct mt7915_patch_sec *sec;
2751                const u8 *dl;
2752                u32 len, addr;
2753
2754                sec = (struct mt7915_patch_sec *)(fw->data + sizeof(*hdr) +
2755                                                  i * sizeof(*sec));
2756                if ((be32_to_cpu(sec->type) & PATCH_SEC_TYPE_MASK) !=
2757                    PATCH_SEC_TYPE_INFO) {
2758                        ret = -EINVAL;
2759                        goto out;
2760                }
2761
2762                addr = be32_to_cpu(sec->info.addr);
2763                len = be32_to_cpu(sec->info.len);
2764                dl = fw->data + be32_to_cpu(sec->offs);
2765
2766                ret = mt7915_mcu_init_download(dev, addr, len,
2767                                               DL_MODE_NEED_RSP);
2768                if (ret) {
2769                        dev_err(dev->mt76.dev, "Download request failed\n");
2770                        goto out;
2771                }
2772
2773                ret = mt76_mcu_send_firmware(&dev->mt76, MCU_CMD(FW_SCATTER),
2774                                             dl, len);
2775                if (ret) {
2776                        dev_err(dev->mt76.dev, "Failed to send patch\n");
2777                        goto out;
2778                }
2779        }
2780
2781        ret = mt7915_mcu_start_patch(dev);
2782        if (ret)
2783                dev_err(dev->mt76.dev, "Failed to start patch\n");
2784
2785out:
2786        sem = mt7915_mcu_patch_sem_ctrl(dev, 0);
2787        switch (sem) {
2788        case PATCH_REL_SEM_SUCCESS:
2789                break;
2790        default:
2791                ret = -EAGAIN;
2792                dev_err(dev->mt76.dev, "Failed to release patch semaphore\n");
2793                goto out;
2794        }
2795        release_firmware(fw);
2796
2797        return ret;
2798}
2799
2800static u32 mt7915_mcu_gen_dl_mode(u8 feature_set, bool is_wa)
2801{
2802        u32 ret = 0;
2803
2804        ret |= (feature_set & FW_FEATURE_SET_ENCRYPT) ?
2805               (DL_MODE_ENCRYPT | DL_MODE_RESET_SEC_IV) : 0;
2806        ret |= FIELD_PREP(DL_MODE_KEY_IDX,
2807                          FIELD_GET(FW_FEATURE_SET_KEY_IDX, feature_set));
2808        ret |= DL_MODE_NEED_RSP;
2809        ret |= is_wa ? DL_MODE_WORKING_PDA_CR4 : 0;
2810
2811        return ret;
2812}
2813
2814static int
2815mt7915_mcu_send_ram_firmware(struct mt7915_dev *dev,
2816                             const struct mt7915_fw_trailer *hdr,
2817                             const u8 *data, bool is_wa)
2818{
2819        int i, offset = 0;
2820        u32 override = 0, option = 0;
2821
2822        for (i = 0; i < hdr->n_region; i++) {
2823                const struct mt7915_fw_region *region;
2824                int err;
2825                u32 len, addr, mode;
2826
2827                region = (const struct mt7915_fw_region *)((const u8 *)hdr -
2828                         (hdr->n_region - i) * sizeof(*region));
2829                mode = mt7915_mcu_gen_dl_mode(region->feature_set, is_wa);
2830                len = le32_to_cpu(region->len);
2831                addr = le32_to_cpu(region->addr);
2832
2833                if (region->feature_set & FW_FEATURE_OVERRIDE_ADDR)
2834                        override = addr;
2835
2836                err = mt7915_mcu_init_download(dev, addr, len, mode);
2837                if (err) {
2838                        dev_err(dev->mt76.dev, "Download request failed\n");
2839                        return err;
2840                }
2841
2842                err = mt76_mcu_send_firmware(&dev->mt76, MCU_CMD(FW_SCATTER),
2843                                             data + offset, len);
2844                if (err) {
2845                        dev_err(dev->mt76.dev, "Failed to send firmware.\n");
2846                        return err;
2847                }
2848
2849                offset += len;
2850        }
2851
2852        if (override)
2853                option |= FW_START_OVERRIDE;
2854
2855        if (is_wa)
2856                option |= FW_START_WORKING_PDA_CR4;
2857
2858        return mt7915_mcu_start_firmware(dev, override, option);
2859}
2860
2861static int mt7915_load_ram(struct mt7915_dev *dev)
2862{
2863        const struct mt7915_fw_trailer *hdr;
2864        const struct firmware *fw;
2865        int ret;
2866
2867        ret = request_firmware(&fw, MT7915_FIRMWARE_WM, dev->mt76.dev);
2868        if (ret)
2869                return ret;
2870
2871        if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
2872                dev_err(dev->mt76.dev, "Invalid firmware\n");
2873                ret = -EINVAL;
2874                goto out;
2875        }
2876
2877        hdr = (const struct mt7915_fw_trailer *)(fw->data + fw->size -
2878                                        sizeof(*hdr));
2879
2880        dev_info(dev->mt76.dev, "WM Firmware Version: %.10s, Build Time: %.15s\n",
2881                 hdr->fw_ver, hdr->build_date);
2882
2883        ret = mt7915_mcu_send_ram_firmware(dev, hdr, fw->data, false);
2884        if (ret) {
2885                dev_err(dev->mt76.dev, "Failed to start WM firmware\n");
2886                goto out;
2887        }
2888
2889        release_firmware(fw);
2890
2891        ret = request_firmware(&fw, MT7915_FIRMWARE_WA, dev->mt76.dev);
2892        if (ret)
2893                return ret;
2894
2895        if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
2896                dev_err(dev->mt76.dev, "Invalid firmware\n");
2897                ret = -EINVAL;
2898                goto out;
2899        }
2900
2901        hdr = (const struct mt7915_fw_trailer *)(fw->data + fw->size -
2902                                        sizeof(*hdr));
2903
2904        dev_info(dev->mt76.dev, "WA Firmware Version: %.10s, Build Time: %.15s\n",
2905                 hdr->fw_ver, hdr->build_date);
2906
2907        ret = mt7915_mcu_send_ram_firmware(dev, hdr, fw->data, true);
2908        if (ret) {
2909                dev_err(dev->mt76.dev, "Failed to start WA firmware\n");
2910                goto out;
2911        }
2912
2913        snprintf(dev->mt76.hw->wiphy->fw_version,
2914                 sizeof(dev->mt76.hw->wiphy->fw_version),
2915                 "%.10s-%.15s", hdr->fw_ver, hdr->build_date);
2916
2917out:
2918        release_firmware(fw);
2919
2920        return ret;
2921}
2922
2923static int mt7915_load_firmware(struct mt7915_dev *dev)
2924{
2925        int ret;
2926
2927        ret = mt7915_load_patch(dev);
2928        if (ret)
2929                return ret;
2930
2931        ret = mt7915_load_ram(dev);
2932        if (ret)
2933                return ret;
2934
2935        if (!mt76_poll_msec(dev, MT_TOP_MISC, MT_TOP_MISC_FW_STATE,
2936                            FIELD_PREP(MT_TOP_MISC_FW_STATE,
2937                                       FW_STATE_WACPU_RDY), 1000)) {
2938                dev_err(dev->mt76.dev, "Timeout for initializing firmware\n");
2939                return -EIO;
2940        }
2941
2942        mt76_queue_tx_cleanup(dev, dev->mt76.q_mcu[MT_MCUQ_FWDL], false);
2943
2944        dev_dbg(dev->mt76.dev, "Firmware init done\n");
2945
2946        return 0;
2947}
2948
2949int mt7915_mcu_fw_log_2_host(struct mt7915_dev *dev, u8 ctrl)
2950{
2951        struct {
2952                u8 ctrl_val;
2953                u8 pad[3];
2954        } data = {
2955                .ctrl_val = ctrl
2956        };
2957
2958        return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(FW_LOG_2_HOST), &data,
2959                                 sizeof(data), true);
2960}
2961
2962int mt7915_mcu_fw_dbg_ctrl(struct mt7915_dev *dev, u32 module, u8 level)
2963{
2964        struct {
2965                u8 ver;
2966                u8 pad;
2967                __le16 len;
2968                u8 level;
2969                u8 rsv[3];
2970                __le32 module_idx;
2971        } data = {
2972                .module_idx = cpu_to_le32(module),
2973                .level = level,
2974        };
2975
2976        return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(FW_DBG_CTRL), &data,
2977                                 sizeof(data), false);
2978}
2979
2980static int mt7915_mcu_set_mwds(struct mt7915_dev *dev, bool enabled)
2981{
2982        struct {
2983                u8 enable;
2984                u8 _rsv[3];
2985        } __packed req = {
2986                .enable = enabled
2987        };
2988
2989        return mt76_mcu_send_msg(&dev->mt76, MCU_WA_EXT_CMD(MWDS_SUPPORT), &req,
2990                                 sizeof(req), false);
2991}
2992
2993int mt7915_mcu_init(struct mt7915_dev *dev)
2994{
2995        static const struct mt76_mcu_ops mt7915_mcu_ops = {
2996                .headroom = sizeof(struct mt7915_mcu_txd),
2997                .mcu_skb_send_msg = mt7915_mcu_send_message,
2998                .mcu_parse_response = mt7915_mcu_parse_response,
2999                .mcu_restart = mt7915_mcu_restart,
3000        };
3001        int ret;
3002
3003        dev->mt76.mcu_ops = &mt7915_mcu_ops;
3004
3005        ret = mt7915_driver_own(dev);
3006        if (ret)
3007                return ret;
3008
3009        ret = mt7915_load_firmware(dev);
3010        if (ret)
3011                return ret;
3012
3013        set_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state);
3014        mt7915_mcu_fw_log_2_host(dev, 0);
3015        mt7915_mcu_set_mwds(dev, 1);
3016        mt7915_mcu_wa_cmd(dev, MCU_WA_PARAM_CMD(SET), MCU_WA_PARAM_RED, 0, 0);
3017
3018        return 0;
3019}
3020
3021void mt7915_mcu_exit(struct mt7915_dev *dev)
3022{
3023        __mt76_mcu_restart(&dev->mt76);
3024        if (!mt76_poll_msec(dev, MT_TOP_MISC, MT_TOP_MISC_FW_STATE,
3025                            FIELD_PREP(MT_TOP_MISC_FW_STATE,
3026                                       FW_STATE_FW_DOWNLOAD), 1000)) {
3027                dev_err(dev->mt76.dev, "Failed to exit mcu\n");
3028                return;
3029        }
3030
3031        mt76_wr(dev, MT_TOP_LPCR_HOST_BAND0, MT_TOP_LPCR_HOST_FW_OWN);
3032        skb_queue_purge(&dev->mt76.mcu.res_q);
3033}
3034
3035static int
3036mt7915_mcu_set_rx_hdr_trans_blacklist(struct mt7915_dev *dev, int band)
3037{
3038        struct {
3039                u8 operation;
3040                u8 count;
3041                u8 _rsv[2];
3042                u8 index;
3043                u8 enable;
3044                __le16 etype;
3045        } req = {
3046                .operation = 1,
3047                .count = 1,
3048                .enable = 1,
3049                .etype = cpu_to_le16(ETH_P_PAE),
3050        };
3051
3052        return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RX_HDR_TRANS),
3053                                 &req, sizeof(req), false);
3054}
3055
3056int mt7915_mcu_set_mac(struct mt7915_dev *dev, int band,
3057                       bool enable, bool hdr_trans)
3058{
3059        struct {
3060                u8 operation;
3061                u8 enable;
3062                u8 check_bssid;
3063                u8 insert_vlan;
3064                u8 remove_vlan;
3065                u8 tid;
3066                u8 mode;
3067                u8 rsv;
3068        } __packed req_trans = {
3069                .enable = hdr_trans,
3070        };
3071        struct {
3072                u8 enable;
3073                u8 band;
3074                u8 rsv[2];
3075        } __packed req_mac = {
3076                .enable = enable,
3077                .band = band,
3078        };
3079        int ret;
3080
3081        ret = mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RX_HDR_TRANS),
3082                                &req_trans, sizeof(req_trans), false);
3083        if (ret)
3084                return ret;
3085
3086        if (hdr_trans)
3087                mt7915_mcu_set_rx_hdr_trans_blacklist(dev, band);
3088
3089        return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MAC_INIT_CTRL),
3090                                 &req_mac, sizeof(req_mac), true);
3091}
3092
3093int mt7915_mcu_set_scs(struct mt7915_dev *dev, u8 band, bool enable)
3094{
3095        struct {
3096                __le32 cmd;
3097                u8 band;
3098                u8 enable;
3099        } __packed req = {
3100                .cmd = cpu_to_le32(SCS_ENABLE),
3101                .band = band,
3102                .enable = enable + 1,
3103        };
3104
3105        return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SCS_CTRL), &req,
3106                                 sizeof(req), false);
3107}
3108
3109int mt7915_mcu_set_rts_thresh(struct mt7915_phy *phy, u32 val)
3110{
3111        struct mt7915_dev *dev = phy->dev;
3112        struct {
3113                u8 prot_idx;
3114                u8 band;
3115                u8 rsv[2];
3116                __le32 len_thresh;
3117                __le32 pkt_thresh;
3118        } __packed req = {
3119                .prot_idx = 1,
3120                .band = phy != &dev->phy,
3121                .len_thresh = cpu_to_le32(val),
3122                .pkt_thresh = cpu_to_le32(0x2),
3123        };
3124
3125        return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(PROTECT_CTRL), &req,
3126                                 sizeof(req), true);
3127}
3128
3129int mt7915_mcu_update_edca(struct mt7915_dev *dev, void *param)
3130{
3131        struct mt7915_mcu_tx *req = (struct mt7915_mcu_tx *)param;
3132        u8 num = req->total;
3133        size_t len = sizeof(*req) -
3134                     (IEEE80211_NUM_ACS - num) * sizeof(struct edca);
3135
3136        return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(EDCA_UPDATE), req,
3137                                 len, true);
3138}
3139
3140int mt7915_mcu_set_tx(struct mt7915_dev *dev, struct ieee80211_vif *vif)
3141{
3142#define TX_CMD_MODE             1
3143        struct mt7915_mcu_tx req = {
3144                .valid = true,
3145                .mode = TX_CMD_MODE,
3146                .total = IEEE80211_NUM_ACS,
3147        };
3148        struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
3149        int ac;
3150
3151        for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
3152                struct ieee80211_tx_queue_params *q = &mvif->queue_params[ac];
3153                struct edca *e = &req.edca[ac];
3154
3155                e->set = WMM_PARAM_SET;
3156                e->queue = ac + mvif->wmm_idx * MT7915_MAX_WMM_SETS;
3157                e->aifs = q->aifs;
3158                e->txop = cpu_to_le16(q->txop);
3159
3160                if (q->cw_min)
3161                        e->cw_min = fls(q->cw_min);
3162                else
3163                        e->cw_min = 5;
3164
3165                if (q->cw_max)
3166                        e->cw_max = cpu_to_le16(fls(q->cw_max));
3167                else
3168                        e->cw_max = cpu_to_le16(10);
3169        }
3170
3171        return mt7915_mcu_update_edca(dev, &req);
3172}
3173
3174int mt7915_mcu_set_pm(struct mt7915_dev *dev, int band, int enter)
3175{
3176#define ENTER_PM_STATE          1
3177#define EXIT_PM_STATE           2
3178        struct {
3179                u8 pm_number;
3180                u8 pm_state;
3181                u8 bssid[ETH_ALEN];
3182                u8 dtim_period;
3183                u8 wlan_idx_lo;
3184                __le16 bcn_interval;
3185                __le32 aid;
3186                __le32 rx_filter;
3187                u8 band_idx;
3188                u8 wlan_idx_hi;
3189                u8 rsv[2];
3190                __le32 feature;
3191                u8 omac_idx;
3192                u8 wmm_idx;
3193                u8 bcn_loss_cnt;
3194                u8 bcn_sp_duration;
3195        } __packed req = {
3196                .pm_number = 5,
3197                .pm_state = (enter) ? ENTER_PM_STATE : EXIT_PM_STATE,
3198                .band_idx = band,
3199        };
3200
3201        return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(PM_STATE_CTRL), &req,
3202                                 sizeof(req), true);
3203}
3204
3205int mt7915_mcu_rdd_cmd(struct mt7915_dev *dev,
3206                       enum mt7915_rdd_cmd cmd, u8 index,
3207                       u8 rx_sel, u8 val)
3208{
3209        struct {
3210                u8 ctrl;
3211                u8 rdd_idx;
3212                u8 rdd_rx_sel;
3213                u8 val;
3214                u8 rsv[4];
3215        } __packed req = {
3216                .ctrl = cmd,
3217                .rdd_idx = index,
3218                .rdd_rx_sel = rx_sel,
3219                .val = val,
3220        };
3221
3222        return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_RDD_CTRL), &req,
3223                                 sizeof(req), true);
3224}
3225
3226int mt7915_mcu_set_fcc5_lpn(struct mt7915_dev *dev, int val)
3227{
3228        struct {
3229                __le32 tag;
3230                __le16 min_lpn;
3231                u8 rsv[2];
3232        } __packed req = {
3233                .tag = cpu_to_le32(0x1),
3234                .min_lpn = cpu_to_le16(val),
3235        };
3236
3237        return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_RDD_TH), &req,
3238                                 sizeof(req), true);
3239}
3240
3241int mt7915_mcu_set_pulse_th(struct mt7915_dev *dev,
3242                            const struct mt7915_dfs_pulse *pulse)
3243{
3244        struct {
3245                __le32 tag;
3246
3247                __le32 max_width;               /* us */
3248                __le32 max_pwr;                 /* dbm */
3249                __le32 min_pwr;                 /* dbm */
3250                __le32 min_stgr_pri;            /* us */
3251                __le32 max_stgr_pri;            /* us */
3252                __le32 min_cr_pri;              /* us */
3253                __le32 max_cr_pri;              /* us */
3254        } __packed req = {
3255                .tag = cpu_to_le32(0x3),
3256
3257#define __req_field(field) .field = cpu_to_le32(pulse->field)
3258                __req_field(max_width),
3259                __req_field(max_pwr),
3260                __req_field(min_pwr),
3261                __req_field(min_stgr_pri),
3262                __req_field(max_stgr_pri),
3263                __req_field(min_cr_pri),
3264                __req_field(max_cr_pri),
3265#undef __req_field
3266        };
3267
3268        return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_RDD_TH), &req,
3269                                 sizeof(req), true);
3270}
3271
3272int mt7915_mcu_set_radar_th(struct mt7915_dev *dev, int index,
3273                            const struct mt7915_dfs_pattern *pattern)
3274{
3275        struct {
3276                __le32 tag;
3277                __le16 radar_type;
3278
3279                u8 enb;
3280                u8 stgr;
3281                u8 min_crpn;
3282                u8 max_crpn;
3283                u8 min_crpr;
3284                u8 min_pw;
3285                __le32 min_pri;
3286                __le32 max_pri;
3287                u8 max_pw;
3288                u8 min_crbn;
3289                u8 max_crbn;
3290                u8 min_stgpn;
3291                u8 max_stgpn;
3292                u8 min_stgpr;
3293                u8 rsv[2];
3294                __le32 min_stgpr_diff;
3295        } __packed req = {
3296                .tag = cpu_to_le32(0x2),
3297                .radar_type = cpu_to_le16(index),
3298
3299#define __req_field_u8(field) .field = pattern->field
3300#define __req_field_u32(field) .field = cpu_to_le32(pattern->field)
3301                __req_field_u8(enb),
3302                __req_field_u8(stgr),
3303                __req_field_u8(min_crpn),
3304                __req_field_u8(max_crpn),
3305                __req_field_u8(min_crpr),
3306                __req_field_u8(min_pw),
3307                __req_field_u32(min_pri),
3308                __req_field_u32(max_pri),
3309                __req_field_u8(max_pw),
3310                __req_field_u8(min_crbn),
3311                __req_field_u8(max_crbn),
3312                __req_field_u8(min_stgpn),
3313                __req_field_u8(max_stgpn),
3314                __req_field_u8(min_stgpr),
3315                __req_field_u32(min_stgpr_diff),
3316#undef __req_field_u8
3317#undef __req_field_u32
3318        };
3319
3320        return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_RDD_TH), &req,
3321                                 sizeof(req), true);
3322}
3323
3324int mt7915_mcu_set_chan_info(struct mt7915_phy *phy, int cmd)
3325{
3326        struct mt7915_dev *dev = phy->dev;
3327        struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
3328        int freq1 = chandef->center_freq1;
3329        bool ext_phy = phy != &dev->phy;
3330        struct {
3331                u8 control_ch;
3332                u8 center_ch;
3333                u8 bw;
3334                u8 tx_streams_num;
3335                u8 rx_streams;  /* mask or num */
3336                u8 switch_reason;
3337                u8 band_idx;
3338                u8 center_ch2;  /* for 80+80 only */
3339                __le16 cac_case;
3340                u8 channel_band;
3341                u8 rsv0;
3342                __le32 outband_freq;
3343                u8 txpower_drop;
3344                u8 ap_bw;
3345                u8 ap_center_ch;
3346                u8 rsv1[57];
3347        } __packed req = {
3348                .control_ch = chandef->chan->hw_value,
3349                .center_ch = ieee80211_frequency_to_channel(freq1),
3350                .bw = mt7915_mcu_chan_bw(chandef),
3351                .tx_streams_num = hweight8(phy->mt76->antenna_mask),
3352                .rx_streams = phy->mt76->antenna_mask,
3353                .band_idx = ext_phy,
3354                .channel_band = chandef->chan->band,
3355        };
3356
3357#ifdef CONFIG_NL80211_TESTMODE
3358        if (phy->mt76->test.tx_antenna_mask &&
3359            (phy->mt76->test.state == MT76_TM_STATE_TX_FRAMES ||
3360             phy->mt76->test.state == MT76_TM_STATE_RX_FRAMES ||
3361             phy->mt76->test.state == MT76_TM_STATE_TX_CONT)) {
3362                req.tx_streams_num = fls(phy->mt76->test.tx_antenna_mask);
3363                req.rx_streams = phy->mt76->test.tx_antenna_mask;
3364
3365                if (ext_phy) {
3366                        req.tx_streams_num = 2;
3367                        req.rx_streams >>= 2;
3368                }
3369        }
3370#endif
3371
3372        if (phy->mt76->hw->conf.flags & IEEE80211_CONF_OFFCHANNEL)
3373                req.switch_reason = CH_SWITCH_SCAN_BYPASS_DPD;
3374        else if ((chandef->chan->flags & IEEE80211_CHAN_RADAR) &&
3375                 chandef->chan->dfs_state != NL80211_DFS_AVAILABLE)
3376                req.switch_reason = CH_SWITCH_DFS;
3377        else
3378                req.switch_reason = CH_SWITCH_NORMAL;
3379
3380        if (cmd == MCU_EXT_CMD(CHANNEL_SWITCH))
3381                req.rx_streams = hweight8(req.rx_streams);
3382
3383        if (chandef->width == NL80211_CHAN_WIDTH_80P80) {
3384                int freq2 = chandef->center_freq2;
3385
3386                req.center_ch2 = ieee80211_frequency_to_channel(freq2);
3387        }
3388
3389        return mt76_mcu_send_msg(&dev->mt76, cmd, &req, sizeof(req), true);
3390}
3391
3392static int mt7915_mcu_set_eeprom_flash(struct mt7915_dev *dev)
3393{
3394#define TOTAL_PAGE_MASK         GENMASK(7, 5)
3395#define PAGE_IDX_MASK           GENMASK(4, 2)
3396#define PER_PAGE_SIZE           0x400
3397        struct mt7915_mcu_eeprom req = { .buffer_mode = EE_MODE_BUFFER };
3398        u8 total = MT7915_EEPROM_SIZE / PER_PAGE_SIZE;
3399        u8 *eep = (u8 *)dev->mt76.eeprom.data;
3400        int eep_len;
3401        int i;
3402
3403        for (i = 0; i <= total; i++, eep += eep_len) {
3404                struct sk_buff *skb;
3405                int ret;
3406
3407                if (i == total)
3408                        eep_len = MT7915_EEPROM_SIZE % PER_PAGE_SIZE;
3409                else
3410                        eep_len = PER_PAGE_SIZE;
3411
3412                skb = mt76_mcu_msg_alloc(&dev->mt76, NULL,
3413                                         sizeof(req) + eep_len);
3414                if (!skb)
3415                        return -ENOMEM;
3416
3417                req.format = FIELD_PREP(TOTAL_PAGE_MASK, total) |
3418                             FIELD_PREP(PAGE_IDX_MASK, i) | EE_FORMAT_WHOLE;
3419                req.len = cpu_to_le16(eep_len);
3420
3421                skb_put_data(skb, &req, sizeof(req));
3422                skb_put_data(skb, eep, eep_len);
3423
3424                ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
3425                                            MCU_EXT_CMD(EFUSE_BUFFER_MODE), true);
3426                if (ret)
3427                        return ret;
3428        }
3429
3430        return 0;
3431}
3432
3433int mt7915_mcu_set_eeprom(struct mt7915_dev *dev)
3434{
3435        struct mt7915_mcu_eeprom req = {
3436                .buffer_mode = EE_MODE_EFUSE,
3437                .format = EE_FORMAT_WHOLE,
3438        };
3439
3440        if (dev->flash_mode)
3441                return mt7915_mcu_set_eeprom_flash(dev);
3442
3443        return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(EFUSE_BUFFER_MODE),
3444                                 &req, sizeof(req), true);
3445}
3446
3447int mt7915_mcu_get_eeprom(struct mt7915_dev *dev, u32 offset)
3448{
3449        struct mt7915_mcu_eeprom_info req = {
3450                .addr = cpu_to_le32(round_down(offset,
3451                                    MT7915_EEPROM_BLOCK_SIZE)),
3452        };
3453        struct mt7915_mcu_eeprom_info *res;
3454        struct sk_buff *skb;
3455        int ret;
3456        u8 *buf;
3457
3458        ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_QUERY(EFUSE_ACCESS), &req,
3459                                sizeof(req), true, &skb);
3460        if (ret)
3461                return ret;
3462
3463        res = (struct mt7915_mcu_eeprom_info *)skb->data;
3464        buf = dev->mt76.eeprom.data + le32_to_cpu(res->addr);
3465        memcpy(buf, res->data, MT7915_EEPROM_BLOCK_SIZE);
3466        dev_kfree_skb(skb);
3467
3468        return 0;
3469}
3470
3471static int mt7915_mcu_set_pre_cal(struct mt7915_dev *dev, u8 idx,
3472                                  u8 *data, u32 len, int cmd)
3473{
3474        struct {
3475                u8 dir;
3476                u8 valid;
3477                __le16 bitmap;
3478                s8 precal;
3479                u8 action;
3480                u8 band;
3481                u8 idx;
3482                u8 rsv[4];
3483                __le32 len;
3484        } req;
3485        struct sk_buff *skb;
3486
3487        skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, sizeof(req) + len);
3488        if (!skb)
3489                return -ENOMEM;
3490
3491        req.idx = idx;
3492        req.len = cpu_to_le32(len);
3493        skb_put_data(skb, &req, sizeof(req));
3494        skb_put_data(skb, data, len);
3495
3496        return mt76_mcu_skb_send_msg(&dev->mt76, skb, cmd, false);
3497}
3498
3499int mt7915_mcu_apply_group_cal(struct mt7915_dev *dev)
3500{
3501        u8 idx = 0, *cal = dev->cal, *eep = dev->mt76.eeprom.data;
3502        u32 total = MT_EE_CAL_GROUP_SIZE;
3503
3504        if (!(eep[MT_EE_DO_PRE_CAL] & MT_EE_WIFI_CAL_GROUP))
3505                return 0;
3506
3507        /*
3508         * Items: Rx DCOC, RSSI DCOC, Tx TSSI DCOC, Tx LPFG
3509         * Tx FDIQ, Tx DCIQ, Rx FDIQ, Rx FIIQ, ADCDCOC
3510         */
3511        while (total > 0) {
3512                int ret, len;
3513
3514                len = min_t(u32, total, MT_EE_CAL_UNIT);
3515
3516                ret = mt7915_mcu_set_pre_cal(dev, idx, cal, len,
3517                                             MCU_EXT_CMD(GROUP_PRE_CAL_INFO));
3518                if (ret)
3519                        return ret;
3520
3521                total -= len;
3522                cal += len;
3523                idx++;
3524        }
3525
3526        return 0;
3527}
3528
3529static int mt7915_find_freq_idx(const u16 *freqs, int n_freqs, u16 cur)
3530{
3531        int i;
3532
3533        for (i = 0; i < n_freqs; i++)
3534                if (cur == freqs[i])
3535                        return i;
3536
3537        return -1;
3538}
3539
3540static int mt7915_dpd_freq_idx(u16 freq, u8 bw)
3541{
3542        static const u16 freq_list[] = {
3543                5180, 5200, 5220, 5240,
3544                5260, 5280, 5300, 5320,
3545                5500, 5520, 5540, 5560,
3546                5580, 5600, 5620, 5640,
3547                5660, 5680, 5700, 5745,
3548                5765, 5785, 5805, 5825
3549        };
3550        int offset_2g = ARRAY_SIZE(freq_list);
3551        int idx;
3552
3553        if (freq < 4000) {
3554                if (freq < 2432)
3555                        return offset_2g;
3556                if (freq < 2457)
3557                        return offset_2g + 1;
3558
3559                return offset_2g + 2;
3560        }
3561
3562        if (bw == NL80211_CHAN_WIDTH_80P80 || bw == NL80211_CHAN_WIDTH_160)
3563                return -1;
3564
3565        if (bw != NL80211_CHAN_WIDTH_20) {
3566                idx = mt7915_find_freq_idx(freq_list, ARRAY_SIZE(freq_list),
3567                                           freq + 10);
3568                if (idx >= 0)
3569                        return idx;
3570
3571                idx = mt7915_find_freq_idx(freq_list, ARRAY_SIZE(freq_list),
3572                                           freq - 10);
3573                if (idx >= 0)
3574                        return idx;
3575        }
3576
3577        return mt7915_find_freq_idx(freq_list, ARRAY_SIZE(freq_list), freq);
3578}
3579
3580int mt7915_mcu_apply_tx_dpd(struct mt7915_phy *phy)
3581{
3582        struct mt7915_dev *dev = phy->dev;
3583        struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
3584        u16 total = 2, center_freq = chandef->center_freq1;
3585        u8 *cal = dev->cal, *eep = dev->mt76.eeprom.data;
3586        int idx;
3587
3588        if (!(eep[MT_EE_DO_PRE_CAL] & MT_EE_WIFI_CAL_DPD))
3589                return 0;
3590
3591        idx = mt7915_dpd_freq_idx(center_freq, chandef->width);
3592        if (idx < 0)
3593                return -EINVAL;
3594
3595        /* Items: Tx DPD, Tx Flatness */
3596        idx = idx * 2;
3597        cal += MT_EE_CAL_GROUP_SIZE;
3598
3599        while (total--) {
3600                int ret;
3601
3602                cal += (idx * MT_EE_CAL_UNIT);
3603                ret = mt7915_mcu_set_pre_cal(dev, idx, cal, MT_EE_CAL_UNIT,
3604                                             MCU_EXT_CMD(DPD_PRE_CAL_INFO));
3605                if (ret)
3606                        return ret;
3607
3608                idx++;
3609        }
3610
3611        return 0;
3612}
3613
3614int mt7915_mcu_get_chan_mib_info(struct mt7915_phy *phy, bool chan_switch)
3615{
3616        /* strict order */
3617        static const enum mt7915_chan_mib_offs offs[] = {
3618                MIB_BUSY_TIME, MIB_TX_TIME, MIB_RX_TIME, MIB_OBSS_AIRTIME
3619        };
3620        struct mt76_channel_state *state = phy->mt76->chan_state;
3621        struct mt76_channel_state *state_ts = &phy->state_ts;
3622        struct mt7915_dev *dev = phy->dev;
3623        struct mt7915_mcu_mib *res, req[4];
3624        struct sk_buff *skb;
3625        int i, ret;
3626
3627        for (i = 0; i < 4; i++) {
3628                req[i].band = cpu_to_le32(phy != &dev->phy);
3629                req[i].offs = cpu_to_le32(offs[i]);
3630        }
3631
3632        ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_CMD(GET_MIB_INFO),
3633                                        req, sizeof(req), true, &skb);
3634        if (ret)
3635                return ret;
3636
3637        res = (struct mt7915_mcu_mib *)(skb->data + 20);
3638
3639        if (chan_switch)
3640                goto out;
3641
3642#define __res_u64(s) le64_to_cpu(res[s].data)
3643        state->cc_busy += __res_u64(0) - state_ts->cc_busy;
3644        state->cc_tx += __res_u64(1) - state_ts->cc_tx;
3645        state->cc_bss_rx += __res_u64(2) - state_ts->cc_bss_rx;
3646        state->cc_rx += __res_u64(2) + __res_u64(3) - state_ts->cc_rx;
3647
3648out:
3649        state_ts->cc_busy = __res_u64(0);
3650        state_ts->cc_tx = __res_u64(1);
3651        state_ts->cc_bss_rx = __res_u64(2);
3652        state_ts->cc_rx = __res_u64(2) + __res_u64(3);
3653#undef __res_u64
3654
3655        dev_kfree_skb(skb);
3656
3657        return 0;
3658}
3659
3660int mt7915_mcu_get_temperature(struct mt7915_phy *phy)
3661{
3662        struct mt7915_dev *dev = phy->dev;
3663        struct {
3664                u8 ctrl_id;
3665                u8 action;
3666                u8 dbdc_idx;
3667                u8 rsv[5];
3668        } req = {
3669                .ctrl_id = THERMAL_SENSOR_TEMP_QUERY,
3670                .dbdc_idx = phy != &dev->phy,
3671        };
3672
3673        return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(THERMAL_CTRL), &req,
3674                                 sizeof(req), true);
3675}
3676
3677int mt7915_mcu_set_thermal_throttling(struct mt7915_phy *phy, u8 state)
3678{
3679        struct mt7915_dev *dev = phy->dev;
3680        struct {
3681                struct mt7915_mcu_thermal_ctrl ctrl;
3682
3683                __le32 trigger_temp;
3684                __le32 restore_temp;
3685                __le16 sustain_time;
3686                u8 rsv[2];
3687        } __packed req = {
3688                .ctrl = {
3689                        .band_idx = phy != &dev->phy,
3690                },
3691        };
3692        int level;
3693
3694#define TRIGGER_TEMPERATURE     122
3695#define RESTORE_TEMPERATURE     116
3696#define SUSTAIN_PERIOD          10
3697
3698        if (!state) {
3699                req.ctrl.ctrl_id = THERMAL_PROTECT_DISABLE;
3700                goto out;
3701        }
3702
3703        /* set duty cycle and level */
3704        for (level = 0; level < 4; level++) {
3705                int ret;
3706
3707                req.ctrl.ctrl_id = THERMAL_PROTECT_DUTY_CONFIG;
3708                req.ctrl.duty.duty_level = level;
3709                req.ctrl.duty.duty_cycle = state;
3710                state = state * 4 / 5;
3711
3712                ret = mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(THERMAL_PROT),
3713                                        &req, sizeof(req.ctrl), false);
3714                if (ret)
3715                        return ret;
3716        }
3717
3718        /* currently use fixed values for throttling, and would be better
3719         * to implement thermal zone for dynamic trip in the long run.
3720         */
3721
3722        /* set high-temperature trigger threshold */
3723        req.ctrl.ctrl_id = THERMAL_PROTECT_ENABLE;
3724        req.trigger_temp = cpu_to_le32(TRIGGER_TEMPERATURE);
3725        req.restore_temp = cpu_to_le32(RESTORE_TEMPERATURE);
3726        req.sustain_time = cpu_to_le16(SUSTAIN_PERIOD);
3727
3728out:
3729        req.ctrl.type.protect_type = 1;
3730        req.ctrl.type.trigger_type = 1;
3731
3732        return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(THERMAL_PROT),
3733                                 &req, sizeof(req), false);
3734}
3735
3736int mt7915_mcu_get_tx_rate(struct mt7915_dev *dev, u32 cmd, u16 wlan_idx)
3737{
3738        struct {
3739                __le32 cmd;
3740                __le16 wlan_idx;
3741                __le16 ru_idx;
3742                __le16 direction;
3743                __le16 dump_group;
3744        } req = {
3745                .cmd = cpu_to_le32(cmd),
3746                .wlan_idx = cpu_to_le16(wlan_idx),
3747                .dump_group = cpu_to_le16(1),
3748        };
3749
3750        return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RATE_CTRL), &req,
3751                                 sizeof(req), false);
3752}
3753
3754int mt7915_mcu_set_txpower_sku(struct mt7915_phy *phy)
3755{
3756        struct mt7915_dev *dev = phy->dev;
3757        struct mt76_phy *mphy = phy->mt76;
3758        struct ieee80211_hw *hw = mphy->hw;
3759        struct mt7915_sku_val {
3760                u8 format_id;
3761                u8 limit_type;
3762                u8 dbdc_idx;
3763                s8 val[MT7915_SKU_RATE_NUM];
3764        } __packed req = {
3765                .format_id = 4,
3766                .dbdc_idx = phy != &dev->phy,
3767        };
3768        struct mt76_power_limits limits_array;
3769        s8 *la = (s8 *)&limits_array;
3770        int i, idx, n_chains = hweight8(mphy->antenna_mask);
3771        int tx_power;
3772
3773        tx_power = hw->conf.power_level * 2 -
3774                   mt76_tx_power_nss_delta(n_chains);
3775
3776        tx_power = mt76_get_rate_power_limits(mphy, mphy->chandef.chan,
3777                                              &limits_array, tx_power);
3778        mphy->txpower_cur = tx_power;
3779
3780        for (i = 0, idx = 0; i < ARRAY_SIZE(mt7915_sku_group_len); i++) {
3781                u8 mcs_num, len = mt7915_sku_group_len[i];
3782                int j;
3783
3784                if (i >= SKU_HT_BW20 && i <= SKU_VHT_BW160) {
3785                        mcs_num = 10;
3786
3787                        if (i == SKU_HT_BW20 || i == SKU_VHT_BW20)
3788                                la = (