1 // SPDX-License-Identifier: BSD-3-Clause-Clear
2 /*
3 * Copyright (C) 2022 MediaTek Inc.
4 */
5
6 #include <linux/etherdevice.h>
7 #include <linux/timekeeping.h>
8 #include "coredump.h"
9 #include "mt7996.h"
10 #include "../dma.h"
11 #include "mac.h"
12 #include "mcu.h"
13 #if defined(__FreeBSD__)
14 #include <linux/cache.h>
15 #include <linux/delay.h>
16 #endif
17
18 #define to_rssi(field, rcpi) ((FIELD_GET(field, rcpi) - 220) / 2)
19
20 static const struct mt7996_dfs_radar_spec etsi_radar_specs = {
21 .pulse_th = { 110, -10, -80, 40, 5200, 128, 5200 },
22 .radar_pattern = {
23 [5] = { 1, 0, 6, 32, 28, 0, 990, 5010, 17, 1, 1 },
24 [6] = { 1, 0, 9, 32, 28, 0, 615, 5010, 27, 1, 1 },
25 [7] = { 1, 0, 15, 32, 28, 0, 240, 445, 27, 1, 1 },
26 [8] = { 1, 0, 12, 32, 28, 0, 240, 510, 42, 1, 1 },
27 [9] = { 1, 1, 0, 0, 0, 0, 2490, 3343, 14, 0, 0, 12, 32, 28, { }, 126 },
28 [10] = { 1, 1, 0, 0, 0, 0, 2490, 3343, 14, 0, 0, 15, 32, 24, { }, 126 },
29 [11] = { 1, 1, 0, 0, 0, 0, 823, 2510, 14, 0, 0, 18, 32, 28, { }, 54 },
30 [12] = { 1, 1, 0, 0, 0, 0, 823, 2510, 14, 0, 0, 27, 32, 24, { }, 54 },
31 },
32 };
33
34 static const struct mt7996_dfs_radar_spec fcc_radar_specs = {
35 .pulse_th = { 110, -10, -80, 40, 5200, 128, 5200 },
36 .radar_pattern = {
37 [0] = { 1, 0, 8, 32, 28, 0, 508, 3076, 13, 1, 1 },
38 [1] = { 1, 0, 12, 32, 28, 0, 140, 240, 17, 1, 1 },
39 [2] = { 1, 0, 8, 32, 28, 0, 190, 510, 22, 1, 1 },
40 [3] = { 1, 0, 6, 32, 28, 0, 190, 510, 32, 1, 1 },
41 [4] = { 1, 0, 9, 255, 28, 0, 323, 343, 13, 1, 32 },
42 },
43 };
44
45 static const struct mt7996_dfs_radar_spec jp_radar_specs = {
46 .pulse_th = { 110, -10, -80, 40, 5200, 128, 5200 },
47 .radar_pattern = {
48 [0] = { 1, 0, 8, 32, 28, 0, 508, 3076, 13, 1, 1 },
49 [1] = { 1, 0, 12, 32, 28, 0, 140, 240, 17, 1, 1 },
50 [2] = { 1, 0, 8, 32, 28, 0, 190, 510, 22, 1, 1 },
51 [3] = { 1, 0, 6, 32, 28, 0, 190, 510, 32, 1, 1 },
52 [4] = { 1, 0, 9, 255, 28, 0, 323, 343, 13, 1, 32 },
53 [13] = { 1, 0, 7, 32, 28, 0, 3836, 3856, 14, 1, 1 },
54 [14] = { 1, 0, 6, 32, 28, 0, 615, 5010, 110, 1, 1 },
55 [15] = { 1, 1, 0, 0, 0, 0, 15, 5010, 110, 0, 0, 12, 32, 28 },
56 },
57 };
58
mt7996_rx_get_wcid(struct mt7996_dev * dev,u16 idx,u8 band_idx)59 static struct mt76_wcid *mt7996_rx_get_wcid(struct mt7996_dev *dev,
60 u16 idx, u8 band_idx)
61 {
62 struct mt7996_sta_link *msta_link;
63 struct mt7996_sta *msta;
64 struct mt7996_vif *mvif;
65 struct mt76_wcid *wcid;
66 int i;
67
68 wcid = mt76_wcid_ptr(dev, idx);
69 if (!wcid || !wcid->sta)
70 return NULL;
71
72 if (!mt7996_band_valid(dev, band_idx))
73 return NULL;
74
75 if (wcid->phy_idx == band_idx)
76 return wcid;
77
78 msta_link = container_of(wcid, struct mt7996_sta_link, wcid);
79 msta = msta_link->sta;
80 if (!msta || !msta->vif)
81 return NULL;
82
83 mvif = msta->vif;
84 for (i = 0; i < ARRAY_SIZE(mvif->mt76.link); i++) {
85 struct mt76_vif_link *mlink;
86
87 mlink = rcu_dereference(mvif->mt76.link[i]);
88 if (!mlink)
89 continue;
90
91 if (mlink->band_idx != band_idx)
92 continue;
93
94 msta_link = rcu_dereference(msta->link[i]);
95 break;
96 }
97
98 return &msta_link->wcid;
99 }
100
mt7996_mac_wtbl_update(struct mt7996_dev * dev,int idx,u32 mask)101 bool mt7996_mac_wtbl_update(struct mt7996_dev *dev, int idx, u32 mask)
102 {
103 mt76_rmw(dev, MT_WTBL_UPDATE, MT_WTBL_UPDATE_WLAN_IDX,
104 FIELD_PREP(MT_WTBL_UPDATE_WLAN_IDX, idx) | mask);
105
106 return mt76_poll(dev, MT_WTBL_UPDATE, MT_WTBL_UPDATE_BUSY,
107 0, 5000);
108 }
109
mt7996_mac_wtbl_lmac_addr(struct mt7996_dev * dev,u16 wcid,u8 dw)110 u32 mt7996_mac_wtbl_lmac_addr(struct mt7996_dev *dev, u16 wcid, u8 dw)
111 {
112 mt76_wr(dev, MT_WTBLON_TOP_WDUCR,
113 FIELD_PREP(MT_WTBLON_TOP_WDUCR_GROUP, (wcid >> 7)));
114
115 return MT_WTBL_LMAC_OFFS(wcid, dw);
116 }
117
mt7996_mac_sta_poll(struct mt7996_dev * dev)118 static void mt7996_mac_sta_poll(struct mt7996_dev *dev)
119 {
120 static const u8 ac_to_tid[] = {
121 [IEEE80211_AC_BE] = 0,
122 [IEEE80211_AC_BK] = 1,
123 [IEEE80211_AC_VI] = 4,
124 [IEEE80211_AC_VO] = 6
125 };
126 struct mt7996_sta_link *msta_link;
127 struct mt76_vif_link *mlink;
128 struct ieee80211_sta *sta;
129 struct mt7996_sta *msta;
130 u32 tx_time[IEEE80211_NUM_ACS], rx_time[IEEE80211_NUM_ACS];
131 LIST_HEAD(sta_poll_list);
132 struct mt76_wcid *wcid;
133 int i;
134
135 spin_lock_bh(&dev->mt76.sta_poll_lock);
136 list_splice_init(&dev->mt76.sta_poll_list, &sta_poll_list);
137 spin_unlock_bh(&dev->mt76.sta_poll_lock);
138
139 rcu_read_lock();
140
141 while (true) {
142 bool clear = false;
143 u32 addr, val;
144 u16 idx;
145 s8 rssi[4];
146
147 spin_lock_bh(&dev->mt76.sta_poll_lock);
148 if (list_empty(&sta_poll_list)) {
149 spin_unlock_bh(&dev->mt76.sta_poll_lock);
150 break;
151 }
152 msta_link = list_first_entry(&sta_poll_list,
153 struct mt7996_sta_link,
154 wcid.poll_list);
155 msta = msta_link->sta;
156 wcid = &msta_link->wcid;
157 list_del_init(&wcid->poll_list);
158 spin_unlock_bh(&dev->mt76.sta_poll_lock);
159
160 idx = wcid->idx;
161
162 /* refresh peer's airtime reporting */
163 addr = mt7996_mac_wtbl_lmac_addr(dev, idx, 20);
164
165 for (i = 0; i < IEEE80211_NUM_ACS; i++) {
166 u32 tx_last = msta_link->airtime_ac[i];
167 u32 rx_last = msta_link->airtime_ac[i + 4];
168
169 msta_link->airtime_ac[i] = mt76_rr(dev, addr);
170 msta_link->airtime_ac[i + 4] = mt76_rr(dev, addr + 4);
171
172 tx_time[i] = msta_link->airtime_ac[i] - tx_last;
173 rx_time[i] = msta_link->airtime_ac[i + 4] - rx_last;
174
175 if ((tx_last | rx_last) & BIT(30))
176 clear = true;
177
178 addr += 8;
179 }
180
181 if (clear) {
182 mt7996_mac_wtbl_update(dev, idx,
183 MT_WTBL_UPDATE_ADM_COUNT_CLEAR);
184 memset(msta_link->airtime_ac, 0,
185 sizeof(msta_link->airtime_ac));
186 }
187
188 if (!wcid->sta)
189 continue;
190
191 sta = container_of((void *)msta, struct ieee80211_sta,
192 drv_priv);
193 for (i = 0; i < IEEE80211_NUM_ACS; i++) {
194 u8 q = mt76_connac_lmac_mapping(i);
195 u32 tx_cur = tx_time[q];
196 u32 rx_cur = rx_time[q];
197 u8 tid = ac_to_tid[i];
198
199 if (!tx_cur && !rx_cur)
200 continue;
201
202 ieee80211_sta_register_airtime(sta, tid, tx_cur, rx_cur);
203 }
204
205 /* get signal strength of resp frames (CTS/BA/ACK) */
206 addr = mt7996_mac_wtbl_lmac_addr(dev, idx, 34);
207 val = mt76_rr(dev, addr);
208
209 rssi[0] = to_rssi(GENMASK(7, 0), val);
210 rssi[1] = to_rssi(GENMASK(15, 8), val);
211 rssi[2] = to_rssi(GENMASK(23, 16), val);
212 rssi[3] = to_rssi(GENMASK(31, 14), val);
213
214 mlink = rcu_dereference(msta->vif->mt76.link[wcid->link_id]);
215 if (mlink) {
216 struct mt76_phy *mphy = mt76_vif_link_phy(mlink);
217
218 if (mphy)
219 msta_link->ack_signal =
220 mt76_rx_signal(mphy->antenna_mask,
221 rssi);
222 }
223
224 ewma_avg_signal_add(&msta_link->avg_ack_signal,
225 -msta_link->ack_signal);
226 }
227
228 rcu_read_unlock();
229 }
230
231 /* The HW does not translate the mac header to 802.3 for mesh point */
mt7996_reverse_frag0_hdr_trans(struct sk_buff * skb,u16 hdr_gap)232 static int mt7996_reverse_frag0_hdr_trans(struct sk_buff *skb, u16 hdr_gap)
233 {
234 struct mt76_rx_status *status = (struct mt76_rx_status *)skb->cb;
235 struct ethhdr *eth_hdr = (struct ethhdr *)(skb->data + hdr_gap);
236 struct mt7996_sta_link *msta_link = (void *)status->wcid;
237 struct mt7996_sta *msta = msta_link->sta;
238 struct ieee80211_bss_conf *link_conf;
239 __le32 *rxd = (__le32 *)skb->data;
240 struct ieee80211_sta *sta;
241 struct ieee80211_vif *vif;
242 struct ieee80211_hdr hdr;
243 u16 frame_control;
244
245 if (le32_get_bits(rxd[3], MT_RXD3_NORMAL_ADDR_TYPE) !=
246 MT_RXD3_NORMAL_U2M)
247 return -EINVAL;
248
249 if (!(le32_to_cpu(rxd[1]) & MT_RXD1_NORMAL_GROUP_4))
250 return -EINVAL;
251
252 if (!msta || !msta->vif)
253 return -EINVAL;
254
255 sta = wcid_to_sta(status->wcid);
256 vif = container_of((void *)msta->vif, struct ieee80211_vif, drv_priv);
257 link_conf = rcu_dereference(vif->link_conf[msta_link->wcid.link_id]);
258 if (!link_conf)
259 return -EINVAL;
260
261 /* store the info from RXD and ethhdr to avoid being overridden */
262 frame_control = le32_get_bits(rxd[8], MT_RXD8_FRAME_CONTROL);
263 hdr.frame_control = cpu_to_le16(frame_control);
264 hdr.seq_ctrl = cpu_to_le16(le32_get_bits(rxd[10], MT_RXD10_SEQ_CTRL));
265 hdr.duration_id = 0;
266
267 ether_addr_copy(hdr.addr1, vif->addr);
268 ether_addr_copy(hdr.addr2, sta->addr);
269 switch (frame_control & (IEEE80211_FCTL_TODS |
270 IEEE80211_FCTL_FROMDS)) {
271 case 0:
272 ether_addr_copy(hdr.addr3, link_conf->bssid);
273 break;
274 case IEEE80211_FCTL_FROMDS:
275 ether_addr_copy(hdr.addr3, eth_hdr->h_source);
276 break;
277 case IEEE80211_FCTL_TODS:
278 ether_addr_copy(hdr.addr3, eth_hdr->h_dest);
279 break;
280 case IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS:
281 ether_addr_copy(hdr.addr3, eth_hdr->h_dest);
282 ether_addr_copy(hdr.addr4, eth_hdr->h_source);
283 break;
284 default:
285 return -EINVAL;
286 }
287
288 skb_pull(skb, hdr_gap + sizeof(struct ethhdr) - 2);
289 if (eth_hdr->h_proto == cpu_to_be16(ETH_P_AARP) ||
290 eth_hdr->h_proto == cpu_to_be16(ETH_P_IPX))
291 ether_addr_copy(skb_push(skb, ETH_ALEN), bridge_tunnel_header);
292 else if (be16_to_cpu(eth_hdr->h_proto) >= ETH_P_802_3_MIN)
293 ether_addr_copy(skb_push(skb, ETH_ALEN), rfc1042_header);
294 else
295 skb_pull(skb, 2);
296
297 if (ieee80211_has_order(hdr.frame_control))
298 memcpy(skb_push(skb, IEEE80211_HT_CTL_LEN), &rxd[11],
299 IEEE80211_HT_CTL_LEN);
300 if (ieee80211_is_data_qos(hdr.frame_control)) {
301 __le16 qos_ctrl;
302
303 qos_ctrl = cpu_to_le16(le32_get_bits(rxd[10], MT_RXD10_QOS_CTL));
304 memcpy(skb_push(skb, IEEE80211_QOS_CTL_LEN), &qos_ctrl,
305 IEEE80211_QOS_CTL_LEN);
306 }
307
308 if (ieee80211_has_a4(hdr.frame_control))
309 memcpy(skb_push(skb, sizeof(hdr)), &hdr, sizeof(hdr));
310 else
311 memcpy(skb_push(skb, sizeof(hdr) - 6), &hdr, sizeof(hdr) - 6);
312
313 return 0;
314 }
315
316 static int
mt7996_mac_fill_rx_rate(struct mt7996_dev * dev,struct mt76_rx_status * status,struct ieee80211_supported_band * sband,__le32 * rxv,u8 * mode)317 mt7996_mac_fill_rx_rate(struct mt7996_dev *dev,
318 struct mt76_rx_status *status,
319 struct ieee80211_supported_band *sband,
320 __le32 *rxv, u8 *mode)
321 {
322 u32 v0, v2;
323 u8 stbc, gi, bw, dcm, nss;
324 int i, idx;
325 bool cck = false;
326
327 v0 = le32_to_cpu(rxv[0]);
328 v2 = le32_to_cpu(rxv[2]);
329
330 idx = FIELD_GET(MT_PRXV_TX_RATE, v0);
331 i = idx;
332 nss = FIELD_GET(MT_PRXV_NSTS, v0) + 1;
333
334 stbc = FIELD_GET(MT_PRXV_HT_STBC, v2);
335 gi = FIELD_GET(MT_PRXV_HT_SHORT_GI, v2);
336 *mode = FIELD_GET(MT_PRXV_TX_MODE, v2);
337 dcm = FIELD_GET(MT_PRXV_DCM, v2);
338 bw = FIELD_GET(MT_PRXV_FRAME_MODE, v2);
339
340 switch (*mode) {
341 case MT_PHY_TYPE_CCK:
342 cck = true;
343 fallthrough;
344 case MT_PHY_TYPE_OFDM:
345 i = mt76_get_rate(&dev->mt76, sband, i, cck);
346 break;
347 case MT_PHY_TYPE_HT_GF:
348 case MT_PHY_TYPE_HT:
349 status->encoding = RX_ENC_HT;
350 if (gi)
351 status->enc_flags |= RX_ENC_FLAG_SHORT_GI;
352 if (i > 31)
353 return -EINVAL;
354 break;
355 case MT_PHY_TYPE_VHT:
356 status->nss = nss;
357 status->encoding = RX_ENC_VHT;
358 if (gi)
359 status->enc_flags |= RX_ENC_FLAG_SHORT_GI;
360 if (i > 11)
361 return -EINVAL;
362 break;
363 case MT_PHY_TYPE_HE_MU:
364 case MT_PHY_TYPE_HE_SU:
365 case MT_PHY_TYPE_HE_EXT_SU:
366 case MT_PHY_TYPE_HE_TB:
367 status->nss = nss;
368 status->encoding = RX_ENC_HE;
369 i &= GENMASK(3, 0);
370
371 if (gi <= NL80211_RATE_INFO_HE_GI_3_2)
372 status->he_gi = gi;
373
374 status->he_dcm = dcm;
375 break;
376 case MT_PHY_TYPE_EHT_SU:
377 case MT_PHY_TYPE_EHT_TRIG:
378 case MT_PHY_TYPE_EHT_MU:
379 status->nss = nss;
380 status->encoding = RX_ENC_EHT;
381 i &= GENMASK(3, 0);
382
383 if (gi <= NL80211_RATE_INFO_EHT_GI_3_2)
384 status->eht.gi = gi;
385 break;
386 default:
387 return -EINVAL;
388 }
389 status->rate_idx = i;
390
391 switch (bw) {
392 case IEEE80211_STA_RX_BW_20:
393 break;
394 case IEEE80211_STA_RX_BW_40:
395 if (*mode & MT_PHY_TYPE_HE_EXT_SU &&
396 (idx & MT_PRXV_TX_ER_SU_106T)) {
397 status->bw = RATE_INFO_BW_HE_RU;
398 status->he_ru =
399 NL80211_RATE_INFO_HE_RU_ALLOC_106;
400 } else {
401 status->bw = RATE_INFO_BW_40;
402 }
403 break;
404 case IEEE80211_STA_RX_BW_80:
405 status->bw = RATE_INFO_BW_80;
406 break;
407 case IEEE80211_STA_RX_BW_160:
408 status->bw = RATE_INFO_BW_160;
409 break;
410 /* rxv reports bw 320-1 and 320-2 separately */
411 case IEEE80211_STA_RX_BW_320:
412 case IEEE80211_STA_RX_BW_320 + 1:
413 status->bw = RATE_INFO_BW_320;
414 break;
415 default:
416 return -EINVAL;
417 }
418
419 status->enc_flags |= RX_ENC_FLAG_STBC_MASK * stbc;
420 if (*mode < MT_PHY_TYPE_HE_SU && gi)
421 status->enc_flags |= RX_ENC_FLAG_SHORT_GI;
422
423 return 0;
424 }
425
426 static void
mt7996_wed_check_ppe(struct mt7996_dev * dev,struct mt76_queue * q,struct mt7996_sta * msta,struct sk_buff * skb,u32 info)427 mt7996_wed_check_ppe(struct mt7996_dev *dev, struct mt76_queue *q,
428 struct mt7996_sta *msta, struct sk_buff *skb,
429 u32 info)
430 {
431 struct ieee80211_vif *vif;
432 struct wireless_dev *wdev;
433
434 if (!msta || !msta->vif)
435 return;
436
437 if (!mt76_queue_is_wed_rx(q))
438 return;
439
440 if (!(info & MT_DMA_INFO_PPE_VLD))
441 return;
442
443 vif = container_of((void *)msta->vif, struct ieee80211_vif,
444 drv_priv);
445 wdev = ieee80211_vif_to_wdev(vif);
446 skb->dev = wdev->netdev;
447
448 mtk_wed_device_ppe_check(&dev->mt76.mmio.wed, skb,
449 FIELD_GET(MT_DMA_PPE_CPU_REASON, info),
450 FIELD_GET(MT_DMA_PPE_ENTRY, info));
451 }
452
453 static int
mt7996_mac_fill_rx(struct mt7996_dev * dev,enum mt76_rxq_id q,struct sk_buff * skb,u32 * info)454 mt7996_mac_fill_rx(struct mt7996_dev *dev, enum mt76_rxq_id q,
455 struct sk_buff *skb, u32 *info)
456 {
457 struct mt76_rx_status *status = (struct mt76_rx_status *)skb->cb;
458 struct mt76_phy *mphy = &dev->mt76.phy;
459 struct mt7996_phy *phy = &dev->phy;
460 struct ieee80211_supported_band *sband;
461 __le32 *rxd = (__le32 *)skb->data;
462 __le32 *rxv = NULL;
463 u32 rxd0 = le32_to_cpu(rxd[0]);
464 u32 rxd1 = le32_to_cpu(rxd[1]);
465 u32 rxd2 = le32_to_cpu(rxd[2]);
466 u32 rxd3 = le32_to_cpu(rxd[3]);
467 u32 rxd4 = le32_to_cpu(rxd[4]);
468 u32 csum_mask = MT_RXD3_NORMAL_IP_SUM | MT_RXD3_NORMAL_UDP_TCP_SUM;
469 u32 csum_status = *(u32 *)skb->cb;
470 u32 mesh_mask = MT_RXD0_MESH | MT_RXD0_MHCP;
471 bool is_mesh = (rxd0 & mesh_mask) == mesh_mask;
472 bool unicast, insert_ccmp_hdr = false;
473 u8 remove_pad, amsdu_info, band_idx;
474 u8 mode = 0, qos_ctl = 0;
475 bool hdr_trans;
476 u16 hdr_gap;
477 u16 seq_ctrl = 0;
478 __le16 fc = 0;
479 int idx;
480 u8 hw_aggr = false;
481 struct mt7996_sta *msta = NULL;
482
483 hw_aggr = status->aggr;
484 memset(status, 0, sizeof(*status));
485
486 band_idx = FIELD_GET(MT_RXD1_NORMAL_BAND_IDX, rxd1);
487 mphy = dev->mt76.phys[band_idx];
488 phy = mphy->priv;
489 status->phy_idx = mphy->band_idx;
490
491 if (!test_bit(MT76_STATE_RUNNING, &mphy->state))
492 return -EINVAL;
493
494 if (rxd2 & MT_RXD2_NORMAL_AMSDU_ERR)
495 return -EINVAL;
496
497 hdr_trans = rxd2 & MT_RXD2_NORMAL_HDR_TRANS;
498 if (hdr_trans && (rxd1 & MT_RXD1_NORMAL_CM))
499 return -EINVAL;
500
501 /* ICV error or CCMP/BIP/WPI MIC error */
502 if (rxd1 & MT_RXD1_NORMAL_ICV_ERR)
503 status->flag |= RX_FLAG_ONLY_MONITOR;
504
505 unicast = FIELD_GET(MT_RXD3_NORMAL_ADDR_TYPE, rxd3) == MT_RXD3_NORMAL_U2M;
506 idx = FIELD_GET(MT_RXD1_NORMAL_WLAN_IDX, rxd1);
507 status->wcid = mt7996_rx_get_wcid(dev, idx, band_idx);
508
509 if (status->wcid) {
510 struct mt7996_sta_link *msta_link;
511
512 msta_link = container_of(status->wcid, struct mt7996_sta_link,
513 wcid);
514 msta = msta_link->sta;
515 mt76_wcid_add_poll(&dev->mt76, &msta_link->wcid);
516 }
517
518 status->freq = mphy->chandef.chan->center_freq;
519 status->band = mphy->chandef.chan->band;
520 if (status->band == NL80211_BAND_5GHZ)
521 sband = &mphy->sband_5g.sband;
522 else if (status->band == NL80211_BAND_6GHZ)
523 sband = &mphy->sband_6g.sband;
524 else
525 sband = &mphy->sband_2g.sband;
526
527 if (!sband->channels)
528 return -EINVAL;
529
530 if ((rxd3 & csum_mask) == csum_mask &&
531 !(csum_status & (BIT(0) | BIT(2) | BIT(3))))
532 skb->ip_summed = CHECKSUM_UNNECESSARY;
533
534 if (rxd1 & MT_RXD3_NORMAL_FCS_ERR)
535 status->flag |= RX_FLAG_FAILED_FCS_CRC;
536
537 if (rxd1 & MT_RXD1_NORMAL_TKIP_MIC_ERR)
538 status->flag |= RX_FLAG_MMIC_ERROR;
539
540 if (FIELD_GET(MT_RXD2_NORMAL_SEC_MODE, rxd2) != 0 &&
541 !(rxd1 & (MT_RXD1_NORMAL_CLM | MT_RXD1_NORMAL_CM))) {
542 status->flag |= RX_FLAG_DECRYPTED;
543 status->flag |= RX_FLAG_IV_STRIPPED;
544 status->flag |= RX_FLAG_MMIC_STRIPPED | RX_FLAG_MIC_STRIPPED;
545 }
546
547 remove_pad = FIELD_GET(MT_RXD2_NORMAL_HDR_OFFSET, rxd2);
548
549 if (rxd2 & MT_RXD2_NORMAL_MAX_LEN_ERROR)
550 return -EINVAL;
551
552 rxd += 8;
553 if (rxd1 & MT_RXD1_NORMAL_GROUP_4) {
554 u32 v0 = le32_to_cpu(rxd[0]);
555 u32 v2 = le32_to_cpu(rxd[2]);
556
557 fc = cpu_to_le16(FIELD_GET(MT_RXD8_FRAME_CONTROL, v0));
558 qos_ctl = FIELD_GET(MT_RXD10_QOS_CTL, v2);
559 seq_ctrl = FIELD_GET(MT_RXD10_SEQ_CTRL, v2);
560
561 rxd += 4;
562 if ((u8 *)rxd - skb->data >= skb->len)
563 return -EINVAL;
564 }
565
566 if (rxd1 & MT_RXD1_NORMAL_GROUP_1) {
567 u8 *data = (u8 *)rxd;
568
569 if (status->flag & RX_FLAG_DECRYPTED) {
570 switch (FIELD_GET(MT_RXD2_NORMAL_SEC_MODE, rxd2)) {
571 case MT_CIPHER_AES_CCMP:
572 case MT_CIPHER_CCMP_CCX:
573 case MT_CIPHER_CCMP_256:
574 insert_ccmp_hdr =
575 FIELD_GET(MT_RXD2_NORMAL_FRAG, rxd2);
576 fallthrough;
577 case MT_CIPHER_TKIP:
578 case MT_CIPHER_TKIP_NO_MIC:
579 case MT_CIPHER_GCMP:
580 case MT_CIPHER_GCMP_256:
581 status->iv[0] = data[5];
582 status->iv[1] = data[4];
583 status->iv[2] = data[3];
584 status->iv[3] = data[2];
585 status->iv[4] = data[1];
586 status->iv[5] = data[0];
587 break;
588 default:
589 break;
590 }
591 }
592 rxd += 4;
593 if ((u8 *)rxd - skb->data >= skb->len)
594 return -EINVAL;
595 }
596
597 if (rxd1 & MT_RXD1_NORMAL_GROUP_2) {
598 status->timestamp = le32_to_cpu(rxd[0]);
599 status->flag |= RX_FLAG_MACTIME_START;
600
601 if (!(rxd2 & MT_RXD2_NORMAL_NON_AMPDU)) {
602 status->flag |= RX_FLAG_AMPDU_DETAILS;
603
604 /* all subframes of an A-MPDU have the same timestamp */
605 if (phy->rx_ampdu_ts != status->timestamp) {
606 if (!++phy->ampdu_ref)
607 phy->ampdu_ref++;
608 }
609 phy->rx_ampdu_ts = status->timestamp;
610
611 status->ampdu_ref = phy->ampdu_ref;
612 }
613
614 rxd += 4;
615 if ((u8 *)rxd - skb->data >= skb->len)
616 return -EINVAL;
617 }
618
619 /* RXD Group 3 - P-RXV */
620 if (rxd1 & MT_RXD1_NORMAL_GROUP_3) {
621 u32 v3;
622 int ret;
623
624 rxv = rxd;
625 rxd += 4;
626 if ((u8 *)rxd - skb->data >= skb->len)
627 return -EINVAL;
628
629 v3 = le32_to_cpu(rxv[3]);
630
631 status->chains = mphy->antenna_mask;
632 status->chain_signal[0] = to_rssi(MT_PRXV_RCPI0, v3);
633 status->chain_signal[1] = to_rssi(MT_PRXV_RCPI1, v3);
634 status->chain_signal[2] = to_rssi(MT_PRXV_RCPI2, v3);
635 status->chain_signal[3] = to_rssi(MT_PRXV_RCPI3, v3);
636
637 /* RXD Group 5 - C-RXV */
638 if (rxd1 & MT_RXD1_NORMAL_GROUP_5) {
639 rxd += 24;
640 if ((u8 *)rxd - skb->data >= skb->len)
641 return -EINVAL;
642 }
643
644 ret = mt7996_mac_fill_rx_rate(dev, status, sband, rxv, &mode);
645 if (ret < 0)
646 return ret;
647 }
648
649 amsdu_info = FIELD_GET(MT_RXD4_NORMAL_PAYLOAD_FORMAT, rxd4);
650 status->amsdu = !!amsdu_info;
651 if (status->amsdu) {
652 status->first_amsdu = amsdu_info == MT_RXD4_FIRST_AMSDU_FRAME;
653 status->last_amsdu = amsdu_info == MT_RXD4_LAST_AMSDU_FRAME;
654 }
655
656 /* IEEE 802.11 fragmentation can only be applied to unicast frames.
657 * Hence, drop fragments with multicast/broadcast RA.
658 * This check fixes vulnerabilities, like CVE-2020-26145.
659 */
660 if ((ieee80211_has_morefrags(fc) || seq_ctrl & IEEE80211_SCTL_FRAG) &&
661 FIELD_GET(MT_RXD3_NORMAL_ADDR_TYPE, rxd3) != MT_RXD3_NORMAL_U2M)
662 return -EINVAL;
663
664 hdr_gap = (u8 *)rxd - skb->data + 2 * remove_pad;
665 if (hdr_trans && ieee80211_has_morefrags(fc)) {
666 if (mt7996_reverse_frag0_hdr_trans(skb, hdr_gap))
667 return -EINVAL;
668 hdr_trans = false;
669 } else {
670 int pad_start = 0;
671
672 skb_pull(skb, hdr_gap);
673 if (!hdr_trans && status->amsdu && !(ieee80211_has_a4(fc) && is_mesh)) {
674 pad_start = ieee80211_get_hdrlen_from_skb(skb);
675 } else if (hdr_trans && (rxd2 & MT_RXD2_NORMAL_HDR_TRANS_ERROR)) {
676 /* When header translation failure is indicated,
677 * the hardware will insert an extra 2-byte field
678 * containing the data length after the protocol
679 * type field. This happens either when the LLC-SNAP
680 * pattern did not match, or if a VLAN header was
681 * detected.
682 */
683 pad_start = 12;
684 if (get_unaligned_be16(skb->data + pad_start) == ETH_P_8021Q)
685 pad_start += 4;
686 else
687 pad_start = 0;
688 }
689
690 if (pad_start) {
691 memmove(skb->data + 2, skb->data, pad_start);
692 skb_pull(skb, 2);
693 }
694 }
695
696 if (!hdr_trans) {
697 struct ieee80211_hdr *hdr;
698
699 if (insert_ccmp_hdr) {
700 u8 key_id = FIELD_GET(MT_RXD1_NORMAL_KEY_ID, rxd1);
701
702 mt76_insert_ccmp_hdr(skb, key_id);
703 }
704
705 hdr = mt76_skb_get_hdr(skb);
706 fc = hdr->frame_control;
707 if (ieee80211_is_data_qos(fc)) {
708 u8 *qos = ieee80211_get_qos_ctl(hdr);
709
710 seq_ctrl = le16_to_cpu(hdr->seq_ctrl);
711 qos_ctl = *qos;
712
713 /* Mesh DA/SA/Length will be stripped after hardware
714 * de-amsdu, so here needs to clear amsdu present bit
715 * to mark it as a normal mesh frame.
716 */
717 if (ieee80211_has_a4(fc) && is_mesh && status->amsdu)
718 *qos &= ~IEEE80211_QOS_CTL_A_MSDU_PRESENT;
719 }
720 skb_set_mac_header(skb, (unsigned char *)hdr - skb->data);
721 } else {
722 status->flag |= RX_FLAG_8023;
723 mt7996_wed_check_ppe(dev, &dev->mt76.q_rx[q], msta, skb,
724 *info);
725 mt76_npu_check_ppe(&dev->mt76, skb, *info);
726 }
727
728 if (rxv && !(status->flag & RX_FLAG_8023)) {
729 switch (status->encoding) {
730 case RX_ENC_EHT:
731 mt76_connac3_mac_decode_eht_radiotap(skb, rxv, mode);
732 break;
733 case RX_ENC_HE:
734 mt76_connac3_mac_decode_he_radiotap(skb, rxv, mode);
735 break;
736 default:
737 break;
738 }
739 }
740
741 if (!status->wcid || !ieee80211_is_data_qos(fc) || hw_aggr)
742 return 0;
743
744 status->aggr = unicast &&
745 !ieee80211_is_qos_nullfunc(fc);
746 status->qos_ctl = qos_ctl;
747 status->seqno = IEEE80211_SEQ_TO_SN(seq_ctrl);
748
749 return 0;
750 }
751
752 static void
mt7996_mac_write_txwi_8023(struct mt7996_dev * dev,__le32 * txwi,struct sk_buff * skb,struct mt76_wcid * wcid)753 mt7996_mac_write_txwi_8023(struct mt7996_dev *dev, __le32 *txwi,
754 struct sk_buff *skb, struct mt76_wcid *wcid)
755 {
756 u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
757 u8 fc_type, fc_stype;
758 u16 ethertype;
759 bool wmm = false;
760 u32 val;
761
762 if (wcid->sta) {
763 struct ieee80211_sta *sta = wcid_to_sta(wcid);
764
765 wmm = sta->wme;
766 }
767
768 val = FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_802_3) |
769 FIELD_PREP(MT_TXD1_TID, tid);
770
771 ethertype = get_unaligned_be16(&skb->data[12]);
772 if (ethertype >= ETH_P_802_3_MIN)
773 val |= MT_TXD1_ETH_802_3;
774
775 txwi[1] |= cpu_to_le32(val);
776
777 fc_type = IEEE80211_FTYPE_DATA >> 2;
778 fc_stype = wmm ? IEEE80211_STYPE_QOS_DATA >> 4 : 0;
779
780 val = FIELD_PREP(MT_TXD2_FRAME_TYPE, fc_type) |
781 FIELD_PREP(MT_TXD2_SUB_TYPE, fc_stype);
782
783 txwi[2] |= cpu_to_le32(val);
784
785 if (wcid->amsdu)
786 txwi[3] |= cpu_to_le32(MT_TXD3_HW_AMSDU);
787 }
788
789 static void
mt7996_mac_write_txwi_80211(struct mt7996_dev * dev,__le32 * txwi,struct sk_buff * skb,struct ieee80211_key_conf * key,struct mt76_wcid * wcid)790 mt7996_mac_write_txwi_80211(struct mt7996_dev *dev, __le32 *txwi,
791 struct sk_buff *skb,
792 struct ieee80211_key_conf *key,
793 struct mt76_wcid *wcid)
794 {
795 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
796 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
797 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
798 bool multicast = is_multicast_ether_addr(hdr->addr1);
799 u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
800 __le16 fc = hdr->frame_control, sc = hdr->seq_ctrl;
801 u16 seqno = le16_to_cpu(sc);
802 bool hw_bigtk = false;
803 u8 fc_type, fc_stype;
804 u32 val;
805
806 if (ieee80211_is_action(fc) &&
807 skb->len >= IEEE80211_MIN_ACTION_SIZE + 1 &&
808 mgmt->u.action.category == WLAN_CATEGORY_BACK &&
809 mgmt->u.action.u.addba_req.action_code == WLAN_ACTION_ADDBA_REQ) {
810 if (is_mt7990(&dev->mt76))
811 txwi[6] |= cpu_to_le32(FIELD_PREP(MT_TXD6_TID_ADDBA, tid));
812 else
813 txwi[7] |= cpu_to_le32(MT_TXD7_MAC_TXD);
814
815 tid = MT_TX_ADDBA;
816 } else if (ieee80211_is_mgmt(hdr->frame_control)) {
817 tid = MT_TX_NORMAL;
818 }
819
820 val = FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_802_11) |
821 FIELD_PREP(MT_TXD1_HDR_INFO,
822 ieee80211_get_hdrlen_from_skb(skb) / 2) |
823 FIELD_PREP(MT_TXD1_TID, tid);
824
825 if (!ieee80211_is_data(fc) || multicast ||
826 info->flags & IEEE80211_TX_CTL_USE_MINRATE)
827 val |= MT_TXD1_FIXED_RATE;
828
829 if (is_mt7990(&dev->mt76) && ieee80211_is_beacon(fc) &&
830 (wcid->hw_key_idx2 == 6 || wcid->hw_key_idx2 == 7))
831 hw_bigtk = true;
832
833 if ((key && multicast && ieee80211_is_robust_mgmt_frame(skb)) || hw_bigtk) {
834 val |= MT_TXD1_BIP;
835 txwi[3] &= ~cpu_to_le32(MT_TXD3_PROTECT_FRAME);
836 }
837
838 txwi[1] |= cpu_to_le32(val);
839
840 fc_type = (le16_to_cpu(fc) & IEEE80211_FCTL_FTYPE) >> 2;
841 fc_stype = (le16_to_cpu(fc) & IEEE80211_FCTL_STYPE) >> 4;
842
843 val = FIELD_PREP(MT_TXD2_FRAME_TYPE, fc_type) |
844 FIELD_PREP(MT_TXD2_SUB_TYPE, fc_stype);
845
846 if (ieee80211_has_morefrags(fc) && ieee80211_is_first_frag(sc))
847 val |= FIELD_PREP(MT_TXD2_FRAG, MT_TX_FRAG_FIRST);
848 else if (ieee80211_has_morefrags(fc) && !ieee80211_is_first_frag(sc))
849 val |= FIELD_PREP(MT_TXD2_FRAG, MT_TX_FRAG_MID);
850 else if (!ieee80211_has_morefrags(fc) && !ieee80211_is_first_frag(sc))
851 val |= FIELD_PREP(MT_TXD2_FRAG, MT_TX_FRAG_LAST);
852 else
853 val |= FIELD_PREP(MT_TXD2_FRAG, MT_TX_FRAG_NONE);
854
855 txwi[2] |= cpu_to_le32(val);
856
857 txwi[3] |= cpu_to_le32(FIELD_PREP(MT_TXD3_BCM, multicast));
858 if (ieee80211_is_beacon(fc)) {
859 txwi[3] &= ~cpu_to_le32(MT_TXD3_SW_POWER_MGMT);
860 txwi[3] |= cpu_to_le32(MT_TXD3_REM_TX_COUNT);
861 }
862
863 if (multicast && ieee80211_vif_is_mld(info->control.vif)) {
864 val = MT_TXD3_SN_VALID |
865 FIELD_PREP(MT_TXD3_SEQ, IEEE80211_SEQ_TO_SN(seqno));
866 txwi[3] |= cpu_to_le32(val);
867 }
868
869 if (info->flags & IEEE80211_TX_CTL_INJECTED) {
870 if (ieee80211_is_back_req(hdr->frame_control)) {
871 struct ieee80211_bar *bar;
872
873 bar = (struct ieee80211_bar *)skb->data;
874 seqno = le16_to_cpu(bar->start_seq_num);
875 }
876
877 val = MT_TXD3_SN_VALID |
878 FIELD_PREP(MT_TXD3_SEQ, IEEE80211_SEQ_TO_SN(seqno));
879 txwi[3] |= cpu_to_le32(val);
880 txwi[3] &= ~cpu_to_le32(MT_TXD3_HW_AMSDU);
881 }
882
883 if (ieee80211_vif_is_mld(info->control.vif) &&
884 (multicast || unlikely(skb->protocol == cpu_to_be16(ETH_P_PAE))))
885 txwi[5] |= cpu_to_le32(MT_TXD5_FL);
886
887 if (ieee80211_is_nullfunc(fc) && ieee80211_has_a4(fc) &&
888 ieee80211_vif_is_mld(info->control.vif)) {
889 txwi[5] |= cpu_to_le32(MT_TXD5_FL);
890 txwi[6] |= cpu_to_le32(MT_TXD6_DIS_MAT);
891 }
892
893 if (!wcid->sta && ieee80211_is_mgmt(fc))
894 txwi[6] |= cpu_to_le32(MT_TXD6_DIS_MAT);
895 }
896
mt7996_mac_write_txwi(struct mt7996_dev * dev,__le32 * txwi,struct sk_buff * skb,struct mt76_wcid * wcid,struct ieee80211_key_conf * key,int pid,enum mt76_txq_id qid,u32 changed)897 void mt7996_mac_write_txwi(struct mt7996_dev *dev, __le32 *txwi,
898 struct sk_buff *skb, struct mt76_wcid *wcid,
899 struct ieee80211_key_conf *key, int pid,
900 enum mt76_txq_id qid, u32 changed)
901 {
902 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
903 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
904 struct ieee80211_vif *vif = info->control.vif;
905 u8 band_idx = (info->hw_queue & MT_TX_HW_QUEUE_PHY) >> 2;
906 u8 p_fmt, q_idx, omac_idx = 0, wmm_idx = 0;
907 bool is_8023 = info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP;
908 struct mt76_vif_link *mlink = NULL;
909 struct mt7996_vif *mvif;
910 unsigned int link_id;
911 u16 tx_count = 15;
912 u32 val;
913 bool inband_disc = !!(changed & (BSS_CHANGED_UNSOL_BCAST_PROBE_RESP |
914 BSS_CHANGED_FILS_DISCOVERY));
915 bool beacon = !!(changed & (BSS_CHANGED_BEACON |
916 BSS_CHANGED_BEACON_ENABLED)) && (!inband_disc);
917
918 if (wcid != &dev->mt76.global_wcid)
919 link_id = wcid->link_id;
920 else
921 link_id = u32_get_bits(info->control.flags,
922 IEEE80211_TX_CTRL_MLO_LINK);
923
924 mvif = vif ? (struct mt7996_vif *)vif->drv_priv : NULL;
925 if (mvif) {
926 if (wcid->offchannel)
927 mlink = rcu_dereference(mvif->mt76.offchannel_link);
928 if (!mlink)
929 mlink = rcu_dereference(mvif->mt76.link[link_id]);
930 }
931
932 if (mlink) {
933 omac_idx = mlink->omac_idx;
934 wmm_idx = mlink->wmm_idx;
935 band_idx = mlink->band_idx;
936 }
937
938 if (inband_disc) {
939 p_fmt = MT_TX_TYPE_FW;
940 q_idx = MT_LMAC_ALTX0;
941 } else if (beacon) {
942 p_fmt = MT_TX_TYPE_FW;
943 q_idx = MT_LMAC_BCN0;
944 } else if (qid >= MT_TXQ_PSD) {
945 p_fmt = MT_TX_TYPE_CT;
946 q_idx = MT_LMAC_ALTX0;
947 } else {
948 p_fmt = MT_TX_TYPE_CT;
949 q_idx = wmm_idx * MT7996_MAX_WMM_SETS +
950 mt76_connac_lmac_mapping(skb_get_queue_mapping(skb));
951 }
952
953 val = FIELD_PREP(MT_TXD0_TX_BYTES, skb->len + MT_TXD_SIZE) |
954 FIELD_PREP(MT_TXD0_PKT_FMT, p_fmt) |
955 FIELD_PREP(MT_TXD0_Q_IDX, q_idx);
956 txwi[0] = cpu_to_le32(val);
957
958 val = FIELD_PREP(MT_TXD1_WLAN_IDX, wcid->idx) |
959 FIELD_PREP(MT_TXD1_OWN_MAC, omac_idx);
960
961 if (band_idx)
962 val |= FIELD_PREP(MT_TXD1_TGID, band_idx);
963
964 txwi[1] = cpu_to_le32(val);
965 txwi[2] = 0;
966
967 val = MT_TXD3_SW_POWER_MGMT |
968 FIELD_PREP(MT_TXD3_REM_TX_COUNT, tx_count);
969 if (key)
970 val |= MT_TXD3_PROTECT_FRAME;
971 if (info->flags & IEEE80211_TX_CTL_NO_ACK)
972 val |= MT_TXD3_NO_ACK;
973
974 txwi[3] = cpu_to_le32(val);
975 txwi[4] = 0;
976
977 val = FIELD_PREP(MT_TXD5_PID, pid);
978 if (pid >= MT_PACKET_ID_FIRST)
979 val |= MT_TXD5_TX_STATUS_HOST;
980 txwi[5] = cpu_to_le32(val);
981
982 val = MT_TXD6_DAS | MT_TXD6_VTA;
983 if ((q_idx >= MT_LMAC_ALTX0 && q_idx <= MT_LMAC_BCN0) ||
984 skb->protocol == cpu_to_be16(ETH_P_PAE))
985 val |= MT_TXD6_DIS_MAT;
986
987 if (is_mt7996(&dev->mt76))
988 val |= FIELD_PREP(MT_TXD6_MSDU_CNT, 1);
989 else if (is_8023 || !ieee80211_is_mgmt(hdr->frame_control))
990 val |= FIELD_PREP(MT_TXD6_MSDU_CNT_V2, 1);
991
992 txwi[6] = cpu_to_le32(val);
993 txwi[7] = 0;
994
995 if (is_8023)
996 mt7996_mac_write_txwi_8023(dev, txwi, skb, wcid);
997 else
998 mt7996_mac_write_txwi_80211(dev, txwi, skb, key, wcid);
999
1000 if (txwi[1] & cpu_to_le32(MT_TXD1_FIXED_RATE)) {
1001 bool mcast = ieee80211_is_data(hdr->frame_control) &&
1002 is_multicast_ether_addr(hdr->addr1);
1003 u8 idx = MT7996_BASIC_RATES_TBL;
1004
1005 if (mlink) {
1006 if (mcast && mlink->mcast_rates_idx)
1007 idx = mlink->mcast_rates_idx;
1008 else if (beacon && mlink->beacon_rates_idx)
1009 idx = mlink->beacon_rates_idx;
1010 else
1011 idx = mlink->basic_rates_idx;
1012 }
1013
1014 val = FIELD_PREP(MT_TXD6_TX_RATE, idx) | MT_TXD6_FIXED_BW;
1015 if (mcast)
1016 val |= MT_TXD6_DIS_MAT;
1017 txwi[6] |= cpu_to_le32(val);
1018 txwi[3] |= cpu_to_le32(MT_TXD3_BA_DISABLE);
1019 }
1020 }
1021
1022 static bool
mt7996_tx_use_mgmt(struct mt7996_dev * dev,struct sk_buff * skb)1023 mt7996_tx_use_mgmt(struct mt7996_dev *dev, struct sk_buff *skb)
1024 {
1025 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1026
1027 if (ieee80211_is_mgmt(hdr->frame_control))
1028 return true;
1029
1030 /* for SDO to bypass specific data frame */
1031 if (!mt7996_has_wa(dev)) {
1032 if (unlikely(skb->protocol == cpu_to_be16(ETH_P_PAE)))
1033 return true;
1034
1035 if (ieee80211_has_a4(hdr->frame_control) &&
1036 !ieee80211_is_data_present(hdr->frame_control))
1037 return true;
1038 }
1039
1040 return false;
1041 }
1042
mt7996_tx_prepare_skb(struct mt76_dev * mdev,void * txwi_ptr,enum mt76_txq_id qid,struct mt76_wcid * wcid,struct ieee80211_sta * sta,struct mt76_tx_info * tx_info)1043 int mt7996_tx_prepare_skb(struct mt76_dev *mdev, void *txwi_ptr,
1044 enum mt76_txq_id qid, struct mt76_wcid *wcid,
1045 struct ieee80211_sta *sta,
1046 struct mt76_tx_info *tx_info)
1047 {
1048 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx_info->skb->data;
1049 struct mt7996_dev *dev = container_of(mdev, struct mt7996_dev, mt76);
1050 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx_info->skb);
1051 struct ieee80211_key_conf *key = info->control.hw_key;
1052 struct ieee80211_vif *vif = info->control.vif;
1053 struct mt7996_vif *mvif = vif ? (struct mt7996_vif *)vif->drv_priv : NULL;
1054 struct mt7996_sta *msta = sta ? (struct mt7996_sta *)sta->drv_priv : NULL;
1055 struct mt76_vif_link *mlink = NULL;
1056 struct mt76_txwi_cache *t;
1057 int id, i, pid, nbuf = tx_info->nbuf - 1;
1058 bool is_8023 = info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP;
1059 __le32 *ptr = (__le32 *)txwi_ptr;
1060 u8 *txwi = (u8 *)txwi_ptr;
1061 u8 link_id;
1062
1063 if (unlikely(tx_info->skb->len <= ETH_HLEN))
1064 return -EINVAL;
1065
1066 if (!wcid)
1067 wcid = &dev->mt76.global_wcid;
1068
1069 if ((is_8023 || ieee80211_is_data_qos(hdr->frame_control)) && sta->mlo &&
1070 likely(tx_info->skb->protocol != cpu_to_be16(ETH_P_PAE))) {
1071 u8 tid = tx_info->skb->priority & IEEE80211_QOS_CTL_TID_MASK;
1072
1073 link_id = (tid % 2) ? msta->seclink_id : msta->deflink_id;
1074 } else {
1075 link_id = u32_get_bits(info->control.flags,
1076 IEEE80211_TX_CTRL_MLO_LINK);
1077 }
1078
1079 if (link_id != wcid->link_id && link_id != IEEE80211_LINK_UNSPECIFIED) {
1080 if (msta) {
1081 struct mt7996_sta_link *msta_link =
1082 rcu_dereference(msta->link[link_id]);
1083
1084 if (msta_link)
1085 wcid = &msta_link->wcid;
1086 } else if (mvif) {
1087 mlink = rcu_dereference(mvif->mt76.link[link_id]);
1088 if (mlink && mlink->wcid)
1089 wcid = mlink->wcid;
1090 }
1091 }
1092
1093 t = (struct mt76_txwi_cache *)(txwi + mdev->drv->txwi_size);
1094 t->skb = tx_info->skb;
1095
1096 id = mt76_token_consume(mdev, &t);
1097 if (id < 0)
1098 return id;
1099
1100 /* Since the rules of HW MLD address translation are not fully
1101 * compatible with 802.11 EAPOL frame, we do the translation by
1102 * software
1103 */
1104 if (tx_info->skb->protocol == cpu_to_be16(ETH_P_PAE) && sta->mlo) {
1105 struct ieee80211_hdr *hdr = (void *)tx_info->skb->data;
1106 struct ieee80211_bss_conf *link_conf;
1107 struct ieee80211_link_sta *link_sta;
1108
1109 link_conf = rcu_dereference(vif->link_conf[wcid->link_id]);
1110 if (!link_conf)
1111 return -EINVAL;
1112
1113 link_sta = rcu_dereference(sta->link[wcid->link_id]);
1114 if (!link_sta)
1115 return -EINVAL;
1116
1117 dma_sync_single_for_cpu(mdev->dma_dev, tx_info->buf[1].addr,
1118 tx_info->buf[1].len, DMA_TO_DEVICE);
1119
1120 memcpy(hdr->addr1, link_sta->addr, ETH_ALEN);
1121 memcpy(hdr->addr2, link_conf->addr, ETH_ALEN);
1122 if (ieee80211_has_a4(hdr->frame_control)) {
1123 memcpy(hdr->addr3, sta->addr, ETH_ALEN);
1124 memcpy(hdr->addr4, vif->addr, ETH_ALEN);
1125 } else if (ieee80211_has_tods(hdr->frame_control)) {
1126 memcpy(hdr->addr3, sta->addr, ETH_ALEN);
1127 } else if (ieee80211_has_fromds(hdr->frame_control)) {
1128 memcpy(hdr->addr3, vif->addr, ETH_ALEN);
1129 }
1130
1131 dma_sync_single_for_device(mdev->dma_dev, tx_info->buf[1].addr,
1132 tx_info->buf[1].len, DMA_TO_DEVICE);
1133 }
1134
1135 pid = mt76_tx_status_skb_add(mdev, wcid, tx_info->skb);
1136 memset(txwi_ptr, 0, MT_TXD_SIZE);
1137 /* Transmit non qos data by 802.11 header and need to fill txd by host*/
1138 if (!is_8023 || pid >= MT_PACKET_ID_FIRST)
1139 mt7996_mac_write_txwi(dev, txwi_ptr, tx_info->skb, wcid, key,
1140 pid, qid, 0);
1141
1142 /* MT7996 and MT7992 require driver to provide the MAC TXP for AddBA
1143 * req
1144 */
1145 if (le32_to_cpu(ptr[7]) & MT_TXD7_MAC_TXD) {
1146 u32 val;
1147
1148 ptr = (__le32 *)(txwi + MT_TXD_SIZE);
1149 memset((void *)ptr, 0, sizeof(struct mt76_connac_fw_txp));
1150
1151 val = FIELD_PREP(MT_TXP0_TOKEN_ID0, id) |
1152 MT_TXP0_TOKEN_ID0_VALID_MASK;
1153 ptr[0] = cpu_to_le32(val);
1154
1155 val = FIELD_PREP(MT_TXP1_TID_ADDBA,
1156 tx_info->skb->priority &
1157 IEEE80211_QOS_CTL_TID_MASK);
1158 ptr[1] = cpu_to_le32(val);
1159 ptr[2] = cpu_to_le32(tx_info->buf[1].addr & 0xFFFFFFFF);
1160
1161 val = FIELD_PREP(MT_TXP_BUF_LEN, tx_info->buf[1].len) |
1162 MT_TXP3_ML0_MASK;
1163 #ifdef CONFIG_ARCH_DMA_ADDR_T_64BIT
1164 val |= FIELD_PREP(MT_TXP3_DMA_ADDR_H,
1165 tx_info->buf[1].addr >> 32);
1166 #endif
1167 ptr[3] = cpu_to_le32(val);
1168 } else {
1169 struct mt76_connac_txp_common *txp;
1170
1171 txp = (struct mt76_connac_txp_common *)(txwi + MT_TXD_SIZE);
1172 for (i = 0; i < nbuf; i++) {
1173 u16 len;
1174
1175 len = FIELD_PREP(MT_TXP_BUF_LEN, tx_info->buf[i + 1].len);
1176 #ifdef CONFIG_ARCH_DMA_ADDR_T_64BIT
1177 len |= FIELD_PREP(MT_TXP_DMA_ADDR_H,
1178 tx_info->buf[i + 1].addr >> 32);
1179 #endif
1180
1181 txp->fw.buf[i] = cpu_to_le32(tx_info->buf[i + 1].addr);
1182 txp->fw.len[i] = cpu_to_le16(len);
1183 }
1184 txp->fw.nbuf = nbuf;
1185
1186 txp->fw.flags = cpu_to_le16(MT_CT_INFO_FROM_HOST);
1187
1188 if (!is_8023 || pid >= MT_PACKET_ID_FIRST)
1189 txp->fw.flags |= cpu_to_le16(MT_CT_INFO_APPLY_TXD);
1190
1191 if (!key)
1192 txp->fw.flags |= cpu_to_le16(MT_CT_INFO_NONE_CIPHER_FRAME);
1193
1194 if (!is_8023 && mt7996_tx_use_mgmt(dev, tx_info->skb))
1195 txp->fw.flags |= cpu_to_le16(MT_CT_INFO_MGMT_FRAME);
1196
1197 if (mvif) {
1198 if (wcid->offchannel)
1199 mlink = rcu_dereference(mvif->mt76.offchannel_link);
1200 if (!mlink)
1201 mlink = rcu_dereference(mvif->mt76.link[wcid->link_id]);
1202
1203 txp->fw.bss_idx = mlink ? mlink->idx : mvif->deflink.mt76.idx;
1204 }
1205
1206 txp->fw.token = cpu_to_le16(id);
1207 txp->fw.rept_wds_wcid = cpu_to_le16(sta ? wcid->idx : 0xfff);
1208 }
1209
1210 tx_info->skb = NULL;
1211
1212 /* pass partial skb header to fw */
1213 tx_info->buf[1].len = MT_CT_PARSE_LEN;
1214 tx_info->buf[1].skip_unmap = true;
1215 tx_info->nbuf = MT_CT_DMA_BUF_NUM;
1216
1217 return 0;
1218 }
1219
mt7996_wed_init_buf(void * ptr,dma_addr_t phys,int token_id)1220 u32 mt7996_wed_init_buf(void *ptr, dma_addr_t phys, int token_id)
1221 {
1222 #if defined(__linux__)
1223 struct mt76_connac_fw_txp *txp = ptr + MT_TXD_SIZE;
1224 #elif defined(__FreeBSD__)
1225 struct mt76_connac_fw_txp *txp = (void *)((u8 *)ptr + MT_TXD_SIZE);
1226 #endif
1227 __le32 *txwi = ptr;
1228 u32 val;
1229
1230 memset(ptr, 0, MT_TXD_SIZE + sizeof(*txp));
1231
1232 val = FIELD_PREP(MT_TXD0_TX_BYTES, MT_TXD_SIZE) |
1233 FIELD_PREP(MT_TXD0_PKT_FMT, MT_TX_TYPE_CT);
1234 txwi[0] = cpu_to_le32(val);
1235
1236 val = BIT(31) |
1237 FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_802_3);
1238 txwi[1] = cpu_to_le32(val);
1239
1240 txp->token = cpu_to_le16(token_id);
1241 txp->nbuf = 1;
1242 txp->buf[0] = cpu_to_le32(phys + MT_TXD_SIZE + sizeof(*txp));
1243
1244 return MT_TXD_SIZE + sizeof(*txp);
1245 }
1246
1247 static void
mt7996_tx_check_aggr(struct ieee80211_link_sta * link_sta,struct mt76_wcid * wcid,struct sk_buff * skb)1248 mt7996_tx_check_aggr(struct ieee80211_link_sta *link_sta,
1249 struct mt76_wcid *wcid, struct sk_buff *skb)
1250 {
1251 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1252 bool is_8023 = info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP;
1253 u16 fc, tid;
1254
1255 if (!(link_sta->ht_cap.ht_supported || link_sta->he_cap.has_he))
1256 return;
1257
1258 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
1259 if (tid >= 6) /* skip VO queue */
1260 return;
1261
1262 if (is_8023) {
1263 fc = IEEE80211_FTYPE_DATA |
1264 (link_sta->sta->wme ? IEEE80211_STYPE_QOS_DATA
1265 : IEEE80211_STYPE_DATA);
1266 } else {
1267 /* No need to get precise TID for Action/Management Frame,
1268 * since it will not meet the following Frame Control
1269 * condition anyway.
1270 */
1271
1272 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1273
1274 fc = le16_to_cpu(hdr->frame_control) &
1275 (IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE);
1276 }
1277
1278 if (unlikely(fc != (IEEE80211_FTYPE_DATA | IEEE80211_STYPE_QOS_DATA)))
1279 return;
1280
1281 if (!test_and_set_bit(tid, &wcid->ampdu_state))
1282 ieee80211_start_tx_ba_session(link_sta->sta, tid, 0);
1283 }
1284
1285 static void
mt7996_txwi_free(struct mt7996_dev * dev,struct mt76_txwi_cache * t,struct ieee80211_link_sta * link_sta,struct mt76_wcid * wcid,struct list_head * free_list)1286 mt7996_txwi_free(struct mt7996_dev *dev, struct mt76_txwi_cache *t,
1287 struct ieee80211_link_sta *link_sta,
1288 struct mt76_wcid *wcid, struct list_head *free_list)
1289 {
1290 struct mt76_dev *mdev = &dev->mt76;
1291 __le32 *txwi;
1292 u16 wcid_idx;
1293
1294 mt76_connac_txp_skb_unmap(mdev, t);
1295 if (!t->skb)
1296 goto out;
1297
1298 txwi = (__le32 *)mt76_get_txwi_ptr(mdev, t);
1299 if (link_sta) {
1300 wcid_idx = wcid->idx;
1301 if (likely(t->skb->protocol != cpu_to_be16(ETH_P_PAE))) {
1302 struct mt7996_sta *msta;
1303
1304 /* AMPDU state is stored in the primary link */
1305 msta = (void *)link_sta->sta->drv_priv;
1306 mt7996_tx_check_aggr(link_sta, &msta->deflink.wcid,
1307 t->skb);
1308 }
1309 } else {
1310 wcid_idx = le32_get_bits(txwi[9], MT_TXD9_WLAN_IDX);
1311 }
1312
1313 __mt76_tx_complete_skb(mdev, wcid_idx, t->skb, free_list);
1314
1315 out:
1316 t->skb = NULL;
1317 mt76_put_txwi(mdev, t);
1318 }
1319
1320 static void
mt7996_mac_tx_free(struct mt7996_dev * dev,void * data,int len)1321 mt7996_mac_tx_free(struct mt7996_dev *dev, void *data, int len)
1322 {
1323 __le32 *tx_free = (__le32 *)data, *cur_info;
1324 struct mt76_dev *mdev = &dev->mt76;
1325 struct mt76_phy *phy2 = mdev->phys[MT_BAND1];
1326 struct mt76_phy *phy3 = mdev->phys[MT_BAND2];
1327 struct ieee80211_link_sta *link_sta = NULL;
1328 struct mt76_txwi_cache *txwi;
1329 struct mt76_wcid *wcid = NULL;
1330 LIST_HEAD(free_list);
1331 struct sk_buff *skb, *tmp;
1332 #if defined(__linux__)
1333 void *end = data + len;
1334 #elif defined(__FreeBSD__)
1335 void *end = (u8 *)data + len;
1336 #endif
1337 bool wake = false;
1338 u16 total, count = 0;
1339 u8 ver;
1340
1341 /* clean DMA queues and unmap buffers first */
1342 mt76_queue_tx_cleanup(dev, dev->mphy.q_tx[MT_TXQ_PSD], false);
1343 mt76_queue_tx_cleanup(dev, dev->mphy.q_tx[MT_TXQ_BE], false);
1344 if (phy2) {
1345 mt76_queue_tx_cleanup(dev, phy2->q_tx[MT_TXQ_PSD], false);
1346 mt76_queue_tx_cleanup(dev, phy2->q_tx[MT_TXQ_BE], false);
1347 }
1348 if (phy3) {
1349 mt76_queue_tx_cleanup(dev, phy3->q_tx[MT_TXQ_PSD], false);
1350 mt76_queue_tx_cleanup(dev, phy3->q_tx[MT_TXQ_BE], false);
1351 }
1352
1353 ver = le32_get_bits(tx_free[1], MT_TXFREE1_VER);
1354 if (WARN_ON_ONCE(ver < 5))
1355 return;
1356
1357 total = le32_get_bits(tx_free[0], MT_TXFREE0_MSDU_CNT);
1358 for (cur_info = &tx_free[2]; count < total; cur_info++) {
1359 u32 msdu, info;
1360 u8 i;
1361
1362 if (WARN_ON_ONCE((void *)cur_info >= end))
1363 return;
1364 /* 1'b1: new wcid pair.
1365 * 1'b0: msdu_id with the same 'wcid pair' as above.
1366 */
1367 info = le32_to_cpu(*cur_info);
1368 if (info & MT_TXFREE_INFO_PAIR) {
1369 struct ieee80211_sta *sta;
1370 unsigned long valid_links;
1371 struct mt7996_sta *msta;
1372 unsigned int id;
1373 u16 idx;
1374
1375 idx = FIELD_GET(MT_TXFREE_INFO_WLAN_ID, info);
1376 wcid = mt76_wcid_ptr(dev, idx);
1377 sta = wcid_to_sta(wcid);
1378 if (!sta) {
1379 link_sta = NULL;
1380 goto next;
1381 }
1382
1383 link_sta = rcu_dereference(sta->link[wcid->link_id]);
1384 if (!link_sta)
1385 goto next;
1386
1387 msta = (struct mt7996_sta *)sta->drv_priv;
1388 valid_links = sta->valid_links ?: BIT(0);
1389
1390 /* For MLD STA, add all link's wcid to sta_poll_list */
1391 for_each_set_bit(id, &valid_links,
1392 IEEE80211_MLD_MAX_NUM_LINKS) {
1393 struct mt7996_sta_link *msta_link;
1394
1395 msta_link = rcu_dereference(msta->link[id]);
1396 if (!msta_link)
1397 continue;
1398
1399 mt76_wcid_add_poll(&dev->mt76,
1400 &msta_link->wcid);
1401 }
1402 next:
1403 /* ver 7 has a new DW with pair = 1, skip it */
1404 if (ver == 7 && ((void *)(cur_info + 1) < end) &&
1405 (le32_to_cpu(*(cur_info + 1)) & MT_TXFREE_INFO_PAIR))
1406 cur_info++;
1407 continue;
1408 } else if (info & MT_TXFREE_INFO_HEADER) {
1409 u32 tx_retries = 0, tx_failed = 0;
1410
1411 if (!wcid)
1412 continue;
1413
1414 tx_retries =
1415 FIELD_GET(MT_TXFREE_INFO_COUNT, info) - 1;
1416 tx_failed = tx_retries +
1417 !!FIELD_GET(MT_TXFREE_INFO_STAT, info);
1418
1419 wcid->stats.tx_retries += tx_retries;
1420 wcid->stats.tx_failed += tx_failed;
1421 continue;
1422 }
1423
1424 for (i = 0; i < 2; i++) {
1425 msdu = (info >> (15 * i)) & MT_TXFREE_INFO_MSDU_ID;
1426 if (msdu == MT_TXFREE_INFO_MSDU_ID)
1427 continue;
1428
1429 count++;
1430 txwi = mt76_token_release(mdev, msdu, &wake);
1431 if (!txwi)
1432 continue;
1433
1434 mt7996_txwi_free(dev, txwi, link_sta, wcid,
1435 &free_list);
1436 }
1437 }
1438
1439 mt7996_mac_sta_poll(dev);
1440
1441 if (wake)
1442 mt76_set_tx_blocked(&dev->mt76, false);
1443
1444 mt76_worker_schedule(&dev->mt76.tx_worker);
1445
1446 list_for_each_entry_safe(skb, tmp, &free_list, list) {
1447 skb_list_del_init(skb);
1448 napi_consume_skb(skb, 1);
1449 }
1450 }
1451
1452 static bool
mt7996_mac_add_txs_skb(struct mt7996_dev * dev,struct mt76_wcid * wcid,int pid,__le32 * txs_data)1453 mt7996_mac_add_txs_skb(struct mt7996_dev *dev, struct mt76_wcid *wcid,
1454 int pid, __le32 *txs_data)
1455 {
1456 struct mt76_sta_stats *stats = &wcid->stats;
1457 struct ieee80211_supported_band *sband;
1458 struct mt76_dev *mdev = &dev->mt76;
1459 struct mt76_phy *mphy;
1460 struct ieee80211_tx_info *info;
1461 struct sk_buff_head list;
1462 struct rate_info rate = {};
1463 struct sk_buff *skb = NULL;
1464 bool cck = false;
1465 u32 txrate, txs, mode, stbc;
1466
1467 txs = le32_to_cpu(txs_data[0]);
1468
1469 mt76_tx_status_lock(mdev, &list);
1470
1471 /* only report MPDU TXS */
1472 if (le32_get_bits(txs_data[0], MT_TXS0_TXS_FORMAT) == 0) {
1473 skb = mt76_tx_status_skb_get(mdev, wcid, pid, &list);
1474 if (skb) {
1475 info = IEEE80211_SKB_CB(skb);
1476 if (!(txs & MT_TXS0_ACK_ERROR_MASK))
1477 info->flags |= IEEE80211_TX_STAT_ACK;
1478
1479 info->status.ampdu_len = 1;
1480 info->status.ampdu_ack_len =
1481 !!(info->flags & IEEE80211_TX_STAT_ACK);
1482
1483 info->status.rates[0].idx = -1;
1484 }
1485 }
1486
1487 if (mtk_wed_device_active(&dev->mt76.mmio.wed) && wcid->sta) {
1488 struct ieee80211_sta *sta;
1489 u8 tid;
1490
1491 sta = wcid_to_sta(wcid);
1492 tid = FIELD_GET(MT_TXS0_TID, txs);
1493 ieee80211_refresh_tx_agg_session_timer(sta, tid);
1494 }
1495
1496 txrate = FIELD_GET(MT_TXS0_TX_RATE, txs);
1497
1498 rate.mcs = FIELD_GET(MT_TX_RATE_IDX, txrate);
1499 rate.nss = FIELD_GET(MT_TX_RATE_NSS, txrate) + 1;
1500 stbc = le32_get_bits(txs_data[3], MT_TXS3_RATE_STBC);
1501
1502 if (stbc && rate.nss > 1)
1503 rate.nss >>= 1;
1504
1505 if (rate.nss - 1 < ARRAY_SIZE(stats->tx_nss))
1506 stats->tx_nss[rate.nss - 1]++;
1507 if (rate.mcs < ARRAY_SIZE(stats->tx_mcs))
1508 stats->tx_mcs[rate.mcs]++;
1509
1510 mode = FIELD_GET(MT_TX_RATE_MODE, txrate);
1511 switch (mode) {
1512 case MT_PHY_TYPE_CCK:
1513 cck = true;
1514 fallthrough;
1515 case MT_PHY_TYPE_OFDM:
1516 mphy = mt76_dev_phy(mdev, wcid->phy_idx);
1517
1518 if (mphy->chandef.chan->band == NL80211_BAND_5GHZ)
1519 sband = &mphy->sband_5g.sband;
1520 else if (mphy->chandef.chan->band == NL80211_BAND_6GHZ)
1521 sband = &mphy->sband_6g.sband;
1522 else
1523 sband = &mphy->sband_2g.sband;
1524
1525 rate.mcs = mt76_get_rate(mphy->dev, sband, rate.mcs, cck);
1526 rate.legacy = sband->bitrates[rate.mcs].bitrate;
1527 break;
1528 case MT_PHY_TYPE_HT:
1529 case MT_PHY_TYPE_HT_GF:
1530 if (rate.mcs > 31)
1531 goto out;
1532
1533 rate.flags = RATE_INFO_FLAGS_MCS;
1534 if (wcid->rate.flags & RATE_INFO_FLAGS_SHORT_GI)
1535 rate.flags |= RATE_INFO_FLAGS_SHORT_GI;
1536 break;
1537 case MT_PHY_TYPE_VHT:
1538 if (rate.mcs > 9)
1539 goto out;
1540
1541 rate.flags = RATE_INFO_FLAGS_VHT_MCS;
1542 if (wcid->rate.flags & RATE_INFO_FLAGS_SHORT_GI)
1543 rate.flags |= RATE_INFO_FLAGS_SHORT_GI;
1544 break;
1545 case MT_PHY_TYPE_HE_SU:
1546 case MT_PHY_TYPE_HE_EXT_SU:
1547 case MT_PHY_TYPE_HE_TB:
1548 case MT_PHY_TYPE_HE_MU:
1549 if (rate.mcs > 11)
1550 goto out;
1551
1552 rate.he_gi = wcid->rate.he_gi;
1553 rate.he_dcm = FIELD_GET(MT_TX_RATE_DCM, txrate);
1554 rate.flags = RATE_INFO_FLAGS_HE_MCS;
1555 break;
1556 case MT_PHY_TYPE_EHT_SU:
1557 case MT_PHY_TYPE_EHT_TRIG:
1558 case MT_PHY_TYPE_EHT_MU:
1559 if (rate.mcs > 13)
1560 goto out;
1561
1562 rate.eht_gi = wcid->rate.eht_gi;
1563 rate.flags = RATE_INFO_FLAGS_EHT_MCS;
1564 break;
1565 default:
1566 goto out;
1567 }
1568
1569 stats->tx_mode[mode]++;
1570
1571 switch (FIELD_GET(MT_TXS0_BW, txs)) {
1572 case IEEE80211_STA_RX_BW_320:
1573 rate.bw = RATE_INFO_BW_320;
1574 stats->tx_bw[4]++;
1575 break;
1576 case IEEE80211_STA_RX_BW_160:
1577 rate.bw = RATE_INFO_BW_160;
1578 stats->tx_bw[3]++;
1579 break;
1580 case IEEE80211_STA_RX_BW_80:
1581 rate.bw = RATE_INFO_BW_80;
1582 stats->tx_bw[2]++;
1583 break;
1584 case IEEE80211_STA_RX_BW_40:
1585 rate.bw = RATE_INFO_BW_40;
1586 stats->tx_bw[1]++;
1587 break;
1588 default:
1589 rate.bw = RATE_INFO_BW_20;
1590 stats->tx_bw[0]++;
1591 break;
1592 }
1593 wcid->rate = rate;
1594
1595 out:
1596 if (skb)
1597 mt76_tx_status_skb_done(mdev, skb, &list);
1598 mt76_tx_status_unlock(mdev, &list);
1599
1600 return !!skb;
1601 }
1602
mt7996_mac_add_txs(struct mt7996_dev * dev,void * data)1603 static void mt7996_mac_add_txs(struct mt7996_dev *dev, void *data)
1604 {
1605 struct mt7996_sta_link *msta_link;
1606 struct mt76_wcid *wcid;
1607 __le32 *txs_data = data;
1608 u16 wcidx;
1609 u8 pid;
1610
1611 wcidx = le32_get_bits(txs_data[2], MT_TXS2_WCID);
1612 pid = le32_get_bits(txs_data[3], MT_TXS3_PID);
1613
1614 if (pid < MT_PACKET_ID_NO_SKB)
1615 return;
1616
1617 rcu_read_lock();
1618
1619 wcid = mt76_wcid_ptr(dev, wcidx);
1620 if (!wcid)
1621 goto out;
1622
1623 mt7996_mac_add_txs_skb(dev, wcid, pid, txs_data);
1624
1625 if (!wcid->sta)
1626 goto out;
1627
1628 msta_link = container_of(wcid, struct mt7996_sta_link, wcid);
1629 mt76_wcid_add_poll(&dev->mt76, &msta_link->wcid);
1630
1631 out:
1632 rcu_read_unlock();
1633 }
1634
mt7996_rx_check(struct mt76_dev * mdev,void * data,int len)1635 bool mt7996_rx_check(struct mt76_dev *mdev, void *data, int len)
1636 {
1637 struct mt7996_dev *dev = container_of(mdev, struct mt7996_dev, mt76);
1638 __le32 *rxd = (__le32 *)data;
1639 __le32 *end = (__le32 *)&rxd[len / 4];
1640 enum rx_pkt_type type;
1641
1642 type = le32_get_bits(rxd[0], MT_RXD0_PKT_TYPE);
1643 if (type != PKT_TYPE_NORMAL) {
1644 u32 sw_type = le32_get_bits(rxd[0], MT_RXD0_SW_PKT_TYPE_MASK);
1645
1646 if (unlikely((sw_type & MT_RXD0_SW_PKT_TYPE_MAP) ==
1647 MT_RXD0_SW_PKT_TYPE_FRAME))
1648 return true;
1649 }
1650
1651 switch (type) {
1652 case PKT_TYPE_TXRX_NOTIFY:
1653 mt7996_mac_tx_free(dev, data, len);
1654 return false;
1655 case PKT_TYPE_TXS:
1656 for (rxd += MT_TXS_HDR_SIZE; rxd + MT_TXS_SIZE <= end; rxd += MT_TXS_SIZE)
1657 mt7996_mac_add_txs(dev, rxd);
1658 return false;
1659 case PKT_TYPE_RX_FW_MONITOR:
1660 #if defined(CONFIG_MT7996_DEBUGFS)
1661 mt7996_debugfs_rx_fw_monitor(dev, data, len);
1662 #endif
1663 return false;
1664 default:
1665 return true;
1666 }
1667 }
1668
mt7996_queue_rx_skb(struct mt76_dev * mdev,enum mt76_rxq_id q,struct sk_buff * skb,u32 * info)1669 void mt7996_queue_rx_skb(struct mt76_dev *mdev, enum mt76_rxq_id q,
1670 struct sk_buff *skb, u32 *info)
1671 {
1672 struct mt7996_dev *dev = container_of(mdev, struct mt7996_dev, mt76);
1673 __le32 *rxd = (__le32 *)skb->data;
1674 __le32 *end = (__le32 *)&skb->data[skb->len];
1675 enum rx_pkt_type type;
1676
1677 type = le32_get_bits(rxd[0], MT_RXD0_PKT_TYPE);
1678 if (type != PKT_TYPE_NORMAL) {
1679 u32 sw_type = le32_get_bits(rxd[0], MT_RXD0_SW_PKT_TYPE_MASK);
1680
1681 if (unlikely((sw_type & MT_RXD0_SW_PKT_TYPE_MAP) ==
1682 MT_RXD0_SW_PKT_TYPE_FRAME))
1683 type = PKT_TYPE_NORMAL;
1684 }
1685
1686 switch (type) {
1687 case PKT_TYPE_TXRX_NOTIFY:
1688 if (mtk_wed_device_active(&dev->mt76.mmio.wed_hif2) &&
1689 q == MT_RXQ_TXFREE_BAND2) {
1690 dev_kfree_skb(skb);
1691 break;
1692 }
1693
1694 mt7996_mac_tx_free(dev, skb->data, skb->len);
1695 napi_consume_skb(skb, 1);
1696 break;
1697 case PKT_TYPE_RX_EVENT:
1698 mt7996_mcu_rx_event(dev, skb);
1699 break;
1700 case PKT_TYPE_TXS:
1701 for (rxd += MT_TXS_HDR_SIZE; rxd + MT_TXS_SIZE <= end; rxd += MT_TXS_SIZE)
1702 mt7996_mac_add_txs(dev, rxd);
1703 dev_kfree_skb(skb);
1704 break;
1705 case PKT_TYPE_RX_FW_MONITOR:
1706 #if defined(CONFIG_MT7996_DEBUGFS)
1707 mt7996_debugfs_rx_fw_monitor(dev, skb->data, skb->len);
1708 #endif
1709 dev_kfree_skb(skb);
1710 break;
1711 case PKT_TYPE_NORMAL:
1712 if (!mt7996_mac_fill_rx(dev, q, skb, info)) {
1713 mt76_rx(&dev->mt76, q, skb);
1714 return;
1715 }
1716 fallthrough;
1717 default:
1718 dev_kfree_skb(skb);
1719 break;
1720 }
1721 }
1722
1723 static struct mt7996_msdu_page *
mt7996_msdu_page_get_from_cache(struct mt7996_dev * dev)1724 mt7996_msdu_page_get_from_cache(struct mt7996_dev *dev)
1725 {
1726 struct mt7996_msdu_page *p = NULL;
1727
1728 spin_lock(&dev->wed_rro.lock);
1729
1730 if (!list_empty(&dev->wed_rro.page_cache)) {
1731 p = list_first_entry(&dev->wed_rro.page_cache,
1732 struct mt7996_msdu_page, list);
1733 list_del(&p->list);
1734 }
1735
1736 spin_unlock(&dev->wed_rro.lock);
1737
1738 return p;
1739 }
1740
mt7996_msdu_page_get(struct mt7996_dev * dev)1741 static struct mt7996_msdu_page *mt7996_msdu_page_get(struct mt7996_dev *dev)
1742 {
1743 struct mt7996_msdu_page *p;
1744
1745 p = mt7996_msdu_page_get_from_cache(dev);
1746 if (!p) {
1747 p = kzalloc(L1_CACHE_ALIGN(sizeof(*p)), GFP_ATOMIC);
1748 if (p)
1749 INIT_LIST_HEAD(&p->list);
1750 }
1751
1752 return p;
1753 }
1754
mt7996_msdu_page_put_to_cache(struct mt7996_dev * dev,struct mt7996_msdu_page * p)1755 static void mt7996_msdu_page_put_to_cache(struct mt7996_dev *dev,
1756 struct mt7996_msdu_page *p)
1757 {
1758 if (p->buf) {
1759 mt76_put_page_pool_buf(p->buf, false);
1760 p->buf = NULL;
1761 }
1762
1763 spin_lock(&dev->wed_rro.lock);
1764 list_add(&p->list, &dev->wed_rro.page_cache);
1765 spin_unlock(&dev->wed_rro.lock);
1766 }
1767
mt7996_msdu_page_free_cache(struct mt7996_dev * dev)1768 static void mt7996_msdu_page_free_cache(struct mt7996_dev *dev)
1769 {
1770 while (true) {
1771 struct mt7996_msdu_page *p;
1772
1773 p = mt7996_msdu_page_get_from_cache(dev);
1774 if (!p)
1775 break;
1776
1777 if (p->buf)
1778 mt76_put_page_pool_buf(p->buf, false);
1779
1780 kfree(p);
1781 }
1782 }
1783
mt7996_msdu_page_hash_from_addr(dma_addr_t dma_addr)1784 static u32 mt7996_msdu_page_hash_from_addr(dma_addr_t dma_addr)
1785 {
1786 u32 val = 0;
1787 int i = 0;
1788
1789 while (dma_addr) {
1790 val += (u32)((dma_addr & 0xff) + i) % MT7996_RRO_MSDU_PG_HASH_SIZE;
1791 dma_addr >>= 8;
1792 i += 13;
1793 }
1794
1795 return val % MT7996_RRO_MSDU_PG_HASH_SIZE;
1796 }
1797
1798 static struct mt7996_msdu_page *
mt7996_rro_msdu_page_get(struct mt7996_dev * dev,dma_addr_t dma_addr)1799 mt7996_rro_msdu_page_get(struct mt7996_dev *dev, dma_addr_t dma_addr)
1800 {
1801 u32 hash = mt7996_msdu_page_hash_from_addr(dma_addr);
1802 struct mt7996_msdu_page *p, *tmp, *addr = NULL;
1803
1804 spin_lock(&dev->wed_rro.lock);
1805
1806 list_for_each_entry_safe(p, tmp, &dev->wed_rro.page_map[hash],
1807 list) {
1808 if (p->dma_addr == dma_addr) {
1809 list_del(&p->list);
1810 addr = p;
1811 break;
1812 }
1813 }
1814
1815 spin_unlock(&dev->wed_rro.lock);
1816
1817 return addr;
1818 }
1819
mt7996_rx_token_put(struct mt7996_dev * dev)1820 static void mt7996_rx_token_put(struct mt7996_dev *dev)
1821 {
1822 int i;
1823
1824 for (i = 0; i < dev->mt76.rx_token_size; i++) {
1825 struct mt76_txwi_cache *t;
1826
1827 t = mt76_rx_token_release(&dev->mt76, i);
1828 if (!t || !t->ptr)
1829 continue;
1830
1831 mt76_put_page_pool_buf(t->ptr, false);
1832 t->dma_addr = 0;
1833 t->ptr = NULL;
1834
1835 mt76_put_rxwi(&dev->mt76, t);
1836 }
1837 }
1838
mt7996_rro_msdu_page_map_free(struct mt7996_dev * dev)1839 void mt7996_rro_msdu_page_map_free(struct mt7996_dev *dev)
1840 {
1841 struct mt7996_msdu_page *p, *tmp;
1842 int i;
1843
1844 local_bh_disable();
1845
1846 for (i = 0; i < ARRAY_SIZE(dev->wed_rro.page_map); i++) {
1847 list_for_each_entry_safe(p, tmp, &dev->wed_rro.page_map[i],
1848 list) {
1849 list_del_init(&p->list);
1850 if (p->buf)
1851 mt76_put_page_pool_buf(p->buf, false);
1852 kfree(p);
1853 }
1854 }
1855 mt7996_msdu_page_free_cache(dev);
1856
1857 local_bh_enable();
1858
1859 mt7996_rx_token_put(dev);
1860 }
1861
mt7996_rro_msdu_page_add(struct mt76_dev * mdev,struct mt76_queue * q,dma_addr_t dma_addr,void * data)1862 int mt7996_rro_msdu_page_add(struct mt76_dev *mdev, struct mt76_queue *q,
1863 dma_addr_t dma_addr, void *data)
1864 {
1865 struct mt7996_dev *dev = container_of(mdev, struct mt7996_dev, mt76);
1866 struct mt7996_msdu_page_info *pinfo = data;
1867 struct mt7996_msdu_page *p;
1868 u32 hash;
1869
1870 pinfo->data |= cpu_to_le32(FIELD_PREP(MSDU_PAGE_INFO_OWNER_MASK, 1));
1871 p = mt7996_msdu_page_get(dev);
1872 if (!p)
1873 return -ENOMEM;
1874
1875 p->buf = data;
1876 p->dma_addr = dma_addr;
1877 p->q = q;
1878
1879 hash = mt7996_msdu_page_hash_from_addr(dma_addr);
1880
1881 spin_lock(&dev->wed_rro.lock);
1882 list_add_tail(&p->list, &dev->wed_rro.page_map[hash]);
1883 spin_unlock(&dev->wed_rro.lock);
1884
1885 return 0;
1886 }
1887
1888 static struct mt7996_wed_rro_addr *
mt7996_rro_addr_elem_get(struct mt7996_dev * dev,u16 session_id,u16 seq_num)1889 mt7996_rro_addr_elem_get(struct mt7996_dev *dev, u16 session_id, u16 seq_num)
1890 {
1891 u32 idx = 0;
1892 #if defined(__linux__)
1893 void *addr;
1894 #elif defined(__FreeBSD__)
1895 u8 *addr;
1896 #endif
1897
1898 if (session_id == MT7996_RRO_MAX_SESSION) {
1899 addr = dev->wed_rro.session.ptr;
1900 } else {
1901 idx = session_id / MT7996_RRO_BA_BITMAP_SESSION_SIZE;
1902 addr = dev->wed_rro.addr_elem[idx].ptr;
1903
1904 idx = session_id % MT7996_RRO_BA_BITMAP_SESSION_SIZE;
1905 idx = idx * MT7996_RRO_WINDOW_MAX_LEN;
1906 }
1907 idx += seq_num % MT7996_RRO_WINDOW_MAX_LEN;
1908
1909 return (void *)(addr + idx * sizeof(struct mt7996_wed_rro_addr));
1910 }
1911
1912 #define MT996_RRO_SN_MASK GENMASK(11, 0)
1913
mt7996_rro_rx_process(struct mt76_dev * mdev,void * data)1914 void mt7996_rro_rx_process(struct mt76_dev *mdev, void *data)
1915 {
1916 struct mt7996_dev *dev = container_of(mdev, struct mt7996_dev, mt76);
1917 struct mt76_wed_rro_ind *cmd = (struct mt76_wed_rro_ind *)data;
1918 u32 cmd_data0 = le32_to_cpu(cmd->data0);
1919 u32 cmd_data1 = le32_to_cpu(cmd->data1);
1920 u8 ind_reason = FIELD_GET(RRO_IND_DATA0_IND_REASON_MASK, cmd_data0);
1921 u16 start_seq = FIELD_GET(RRO_IND_DATA0_START_SEQ_MASK, cmd_data0);
1922 u16 seq_id = FIELD_GET(RRO_IND_DATA0_SEQ_ID_MASK, cmd_data0);
1923 u16 ind_count = FIELD_GET(RRO_IND_DATA1_IND_COUNT_MASK, cmd_data1);
1924 struct mt7996_msdu_page_info *pinfo = NULL;
1925 struct mt7996_msdu_page *p = NULL;
1926 int i, seq_num = 0;
1927
1928 for (i = 0; i < ind_count; i++) {
1929 struct mt7996_wed_rro_addr *e;
1930 struct mt76_rx_status *status;
1931 struct mt7996_rro_hif *rxd;
1932 int j, len, qid, data_len;
1933 struct mt76_txwi_cache *t;
1934 dma_addr_t dma_addr = 0;
1935 u16 rx_token_id, count;
1936 struct mt76_queue *q;
1937 struct sk_buff *skb;
1938 u32 info = 0, data;
1939 u8 signature;
1940 void *buf;
1941 bool ls;
1942
1943 seq_num = FIELD_GET(MT996_RRO_SN_MASK, start_seq + i);
1944 e = mt7996_rro_addr_elem_get(dev, seq_id, seq_num);
1945 data = le32_to_cpu(e->data);
1946 signature = FIELD_GET(WED_RRO_ADDR_SIGNATURE_MASK, data);
1947 if (signature != (seq_num / MT7996_RRO_WINDOW_MAX_LEN)) {
1948 u32 val = FIELD_PREP(WED_RRO_ADDR_SIGNATURE_MASK,
1949 0xff);
1950
1951 e->data |= cpu_to_le32(val);
1952 goto update_ack_seq_num;
1953 }
1954
1955 #ifdef CONFIG_ARCH_DMA_ADDR_T_64BIT
1956 dma_addr = FIELD_GET(WED_RRO_ADDR_HEAD_HIGH_MASK, data);
1957 dma_addr <<= 32;
1958 #endif
1959 dma_addr |= le32_to_cpu(e->head_low);
1960
1961 count = FIELD_GET(WED_RRO_ADDR_COUNT_MASK, data);
1962 for (j = 0; j < count; j++) {
1963 if (!p) {
1964 p = mt7996_rro_msdu_page_get(dev, dma_addr);
1965 if (!p)
1966 continue;
1967
1968 dma_sync_single_for_cpu(mdev->dma_dev, p->dma_addr,
1969 SKB_WITH_OVERHEAD(p->q->buf_size),
1970 page_pool_get_dma_dir(p->q->page_pool));
1971 pinfo = (struct mt7996_msdu_page_info *)p->buf;
1972 }
1973
1974 rxd = &pinfo->rxd[j % MT7996_MAX_HIF_RXD_IN_PG];
1975 len = FIELD_GET(RRO_HIF_DATA1_SDL_MASK,
1976 le32_to_cpu(rxd->data1));
1977
1978 rx_token_id = FIELD_GET(RRO_HIF_DATA4_RX_TOKEN_ID_MASK,
1979 le32_to_cpu(rxd->data4));
1980 t = mt76_rx_token_release(mdev, rx_token_id);
1981 if (!t)
1982 goto next_page;
1983
1984 qid = t->qid;
1985 buf = t->ptr;
1986 q = &mdev->q_rx[qid];
1987 dma_sync_single_for_cpu(mdev->dma_dev, t->dma_addr,
1988 SKB_WITH_OVERHEAD(q->buf_size),
1989 page_pool_get_dma_dir(q->page_pool));
1990
1991 t->dma_addr = 0;
1992 t->ptr = NULL;
1993 mt76_put_rxwi(mdev, t);
1994 if (!buf)
1995 goto next_page;
1996
1997 if (q->rx_head)
1998 data_len = q->buf_size;
1999 else
2000 data_len = SKB_WITH_OVERHEAD(q->buf_size);
2001
2002 if (data_len < len + q->buf_offset) {
2003 dev_kfree_skb(q->rx_head);
2004 mt76_put_page_pool_buf(buf, false);
2005 q->rx_head = NULL;
2006 goto next_page;
2007 }
2008
2009 ls = FIELD_GET(RRO_HIF_DATA1_LS_MASK,
2010 le32_to_cpu(rxd->data1));
2011 if (q->rx_head) {
2012 /* TODO: Take into account non-linear skb. */
2013 mt76_put_page_pool_buf(buf, false);
2014 if (ls) {
2015 dev_kfree_skb(q->rx_head);
2016 q->rx_head = NULL;
2017 }
2018 goto next_page;
2019 }
2020
2021 if (ls && !mt7996_rx_check(mdev, buf, len))
2022 goto next_page;
2023
2024 skb = build_skb(buf, q->buf_size);
2025 if (!skb)
2026 goto next_page;
2027
2028 skb_reserve(skb, q->buf_offset);
2029 skb_mark_for_recycle(skb);
2030 __skb_put(skb, len);
2031
2032 if (ind_reason == 1 || ind_reason == 2) {
2033 dev_kfree_skb(skb);
2034 goto next_page;
2035 }
2036
2037 if (!ls) {
2038 q->rx_head = skb;
2039 goto next_page;
2040 }
2041
2042 status = (struct mt76_rx_status *)skb->cb;
2043 if (seq_id != MT7996_RRO_MAX_SESSION)
2044 status->aggr = true;
2045
2046 mt7996_queue_rx_skb(mdev, qid, skb, &info);
2047 next_page:
2048 if ((j + 1) % MT7996_MAX_HIF_RXD_IN_PG == 0) {
2049 #ifdef CONFIG_ARCH_DMA_ADDR_T_64BIT
2050 dma_addr =
2051 FIELD_GET(MSDU_PAGE_INFO_PG_HIGH_MASK,
2052 le32_to_cpu(pinfo->data));
2053 dma_addr <<= 32;
2054 dma_addr |= le32_to_cpu(pinfo->pg_low);
2055 #else
2056 dma_addr = le32_to_cpu(pinfo->pg_low);
2057 #endif
2058 mt7996_msdu_page_put_to_cache(dev, p);
2059 p = NULL;
2060 }
2061 }
2062
2063 update_ack_seq_num:
2064 if ((i + 1) % 4 == 0)
2065 mt76_wr(dev, MT_RRO_ACK_SN_CTRL,
2066 FIELD_PREP(MT_RRO_ACK_SN_CTRL_SESSION_MASK,
2067 seq_id) |
2068 FIELD_PREP(MT_RRO_ACK_SN_CTRL_SN_MASK,
2069 seq_num));
2070 if (p) {
2071 mt7996_msdu_page_put_to_cache(dev, p);
2072 p = NULL;
2073 }
2074 }
2075
2076 /* Update ack_seq_num for remaining addr_elem */
2077 if (i % 4)
2078 mt76_wr(dev, MT_RRO_ACK_SN_CTRL,
2079 FIELD_PREP(MT_RRO_ACK_SN_CTRL_SESSION_MASK, seq_id) |
2080 FIELD_PREP(MT_RRO_ACK_SN_CTRL_SN_MASK, seq_num));
2081 }
2082
mt7996_mac_cca_stats_reset(struct mt7996_phy * phy)2083 void mt7996_mac_cca_stats_reset(struct mt7996_phy *phy)
2084 {
2085 struct mt7996_dev *dev = phy->dev;
2086 u32 reg = MT_WF_PHYRX_BAND_RX_CTRL1(phy->mt76->band_idx);
2087
2088 mt76_clear(dev, reg, MT_WF_PHYRX_BAND_RX_CTRL1_STSCNT_EN);
2089 mt76_set(dev, reg, BIT(11) | BIT(9));
2090 }
2091
mt7996_mac_reset_counters(struct mt7996_phy * phy)2092 void mt7996_mac_reset_counters(struct mt7996_phy *phy)
2093 {
2094 struct mt7996_dev *dev = phy->dev;
2095 u8 band_idx = phy->mt76->band_idx;
2096 int i;
2097
2098 for (i = 0; i < 16; i++)
2099 mt76_rr(dev, MT_TX_AGG_CNT(band_idx, i));
2100
2101 phy->mt76->survey_time = ktime_get_boottime();
2102
2103 memset(phy->mt76->aggr_stats, 0, sizeof(phy->mt76->aggr_stats));
2104
2105 /* reset airtime counters */
2106 mt76_set(dev, MT_WF_RMAC_MIB_AIRTIME0(band_idx),
2107 MT_WF_RMAC_MIB_RXTIME_CLR);
2108
2109 mt7996_mcu_get_chan_mib_info(phy, true);
2110 }
2111
mt7996_mac_set_coverage_class(struct mt7996_phy * phy)2112 void mt7996_mac_set_coverage_class(struct mt7996_phy *phy)
2113 {
2114 s16 coverage_class = phy->coverage_class;
2115 struct mt7996_dev *dev = phy->dev;
2116 struct mt7996_phy *phy2 = mt7996_phy2(dev);
2117 struct mt7996_phy *phy3 = mt7996_phy3(dev);
2118 u32 reg_offset;
2119 u32 cck = FIELD_PREP(MT_TIMEOUT_VAL_PLCP, 231) |
2120 FIELD_PREP(MT_TIMEOUT_VAL_CCA, 48);
2121 u32 ofdm = FIELD_PREP(MT_TIMEOUT_VAL_PLCP, 60) |
2122 FIELD_PREP(MT_TIMEOUT_VAL_CCA, 28);
2123 u8 band_idx = phy->mt76->band_idx;
2124 int offset;
2125
2126 if (!test_bit(MT76_STATE_RUNNING, &phy->mt76->state))
2127 return;
2128
2129 if (phy2)
2130 coverage_class = max_t(s16, dev->phy.coverage_class,
2131 phy2->coverage_class);
2132
2133 if (phy3)
2134 coverage_class = max_t(s16, coverage_class,
2135 phy3->coverage_class);
2136
2137 offset = 3 * coverage_class;
2138 reg_offset = FIELD_PREP(MT_TIMEOUT_VAL_PLCP, offset) |
2139 FIELD_PREP(MT_TIMEOUT_VAL_CCA, offset);
2140
2141 mt76_wr(dev, MT_TMAC_CDTR(band_idx), cck + reg_offset);
2142 mt76_wr(dev, MT_TMAC_ODTR(band_idx), ofdm + reg_offset);
2143 }
2144
mt7996_mac_enable_nf(struct mt7996_dev * dev,u8 band)2145 void mt7996_mac_enable_nf(struct mt7996_dev *dev, u8 band)
2146 {
2147 mt76_set(dev, MT_WF_PHYRX_CSD_BAND_RXTD12(band),
2148 MT_WF_PHYRX_CSD_BAND_RXTD12_IRPI_SW_CLR_ONLY |
2149 MT_WF_PHYRX_CSD_BAND_RXTD12_IRPI_SW_CLR);
2150
2151 mt76_set(dev, MT_WF_PHYRX_BAND_RX_CTRL1(band),
2152 FIELD_PREP(MT_WF_PHYRX_BAND_RX_CTRL1_IPI_EN, 0x5));
2153 }
2154
2155 static u8
mt7996_phy_get_nf(struct mt7996_phy * phy,u8 band_idx)2156 mt7996_phy_get_nf(struct mt7996_phy *phy, u8 band_idx)
2157 {
2158 static const u8 nf_power[] = { 92, 89, 86, 83, 80, 75, 70, 65, 60, 55, 52 };
2159 struct mt7996_dev *dev = phy->dev;
2160 u32 val, sum = 0, n = 0;
2161 int ant, i;
2162
2163 for (ant = 0; ant < hweight8(phy->mt76->antenna_mask); ant++) {
2164 u32 reg = MT_WF_PHYRX_CSD_IRPI(band_idx, ant);
2165
2166 for (i = 0; i < ARRAY_SIZE(nf_power); i++, reg += 4) {
2167 val = mt76_rr(dev, reg);
2168 sum += val * nf_power[i];
2169 n += val;
2170 }
2171 }
2172
2173 return n ? sum / n : 0;
2174 }
2175
mt7996_update_channel(struct mt76_phy * mphy)2176 void mt7996_update_channel(struct mt76_phy *mphy)
2177 {
2178 struct mt7996_phy *phy = mphy->priv;
2179 struct mt76_channel_state *state = mphy->chan_state;
2180 int nf;
2181
2182 mt7996_mcu_get_chan_mib_info(phy, false);
2183
2184 nf = mt7996_phy_get_nf(phy, mphy->band_idx);
2185 if (!phy->noise)
2186 phy->noise = nf << 4;
2187 else if (nf)
2188 phy->noise += nf - (phy->noise >> 4);
2189
2190 state->noise = -(phy->noise >> 4);
2191 }
2192
2193 static bool
mt7996_wait_reset_state(struct mt7996_dev * dev,u32 state)2194 mt7996_wait_reset_state(struct mt7996_dev *dev, u32 state)
2195 {
2196 bool ret;
2197
2198 ret = wait_event_timeout(dev->reset_wait,
2199 (READ_ONCE(dev->recovery.state) & state),
2200 MT7996_RESET_TIMEOUT);
2201
2202 WARN(!ret, "Timeout waiting for MCU reset state %x\n", state);
2203 return ret;
2204 }
2205
2206 static void
mt7996_update_vif_beacon(void * priv,u8 * mac,struct ieee80211_vif * vif)2207 mt7996_update_vif_beacon(void *priv, u8 *mac, struct ieee80211_vif *vif)
2208 {
2209 struct ieee80211_bss_conf *link_conf;
2210 struct mt7996_phy *phy = priv;
2211 struct mt7996_dev *dev = phy->dev;
2212 unsigned int link_id;
2213
2214
2215 switch (vif->type) {
2216 case NL80211_IFTYPE_MESH_POINT:
2217 case NL80211_IFTYPE_ADHOC:
2218 case NL80211_IFTYPE_AP:
2219 break;
2220 default:
2221 return;
2222 }
2223
2224 for_each_vif_active_link(vif, link_conf, link_id) {
2225 struct mt7996_vif_link *link;
2226
2227 link = mt7996_vif_link(dev, vif, link_id);
2228 if (!link || link->phy != phy)
2229 continue;
2230
2231 mt7996_mcu_add_beacon(dev->mt76.hw, vif, link_conf,
2232 link_conf->enable_beacon);
2233 }
2234 }
2235
mt7996_mac_update_beacons(struct mt7996_phy * phy)2236 void mt7996_mac_update_beacons(struct mt7996_phy *phy)
2237 {
2238 ieee80211_iterate_active_interfaces(phy->mt76->hw,
2239 IEEE80211_IFACE_ITER_RESUME_ALL,
2240 mt7996_update_vif_beacon, phy);
2241 }
2242
2243 static void
mt7996_update_beacons(struct mt7996_dev * dev)2244 mt7996_update_beacons(struct mt7996_dev *dev)
2245 {
2246 struct mt76_phy *phy2, *phy3;
2247
2248 mt7996_mac_update_beacons(&dev->phy);
2249
2250 phy2 = dev->mt76.phys[MT_BAND1];
2251 if (phy2)
2252 mt7996_mac_update_beacons(phy2->priv);
2253
2254 phy3 = dev->mt76.phys[MT_BAND2];
2255 if (phy3)
2256 mt7996_mac_update_beacons(phy3->priv);
2257 }
2258
mt7996_tx_token_put(struct mt7996_dev * dev)2259 void mt7996_tx_token_put(struct mt7996_dev *dev)
2260 {
2261 struct mt76_txwi_cache *txwi;
2262 int id;
2263
2264 spin_lock_bh(&dev->mt76.token_lock);
2265 idr_for_each_entry(&dev->mt76.token, txwi, id) {
2266 mt7996_txwi_free(dev, txwi, NULL, NULL, NULL);
2267 dev->mt76.token_count--;
2268 }
2269 spin_unlock_bh(&dev->mt76.token_lock);
2270 idr_destroy(&dev->mt76.token);
2271 }
2272
2273 static int
mt7996_mac_restart(struct mt7996_dev * dev)2274 mt7996_mac_restart(struct mt7996_dev *dev)
2275 {
2276 struct mt76_dev *mdev = &dev->mt76;
2277 struct mt7996_phy *phy;
2278 int i, ret;
2279
2280 if (dev->hif2) {
2281 mt76_wr(dev, MT_INT1_MASK_CSR, 0x0);
2282 mt76_wr(dev, MT_INT1_SOURCE_CSR, ~0);
2283 }
2284
2285 if (dev_is_pci(mdev->dev)) {
2286 mt76_wr(dev, MT_PCIE_MAC_INT_ENABLE, 0x0);
2287 if (dev->hif2)
2288 mt76_wr(dev, MT_PCIE1_MAC_INT_ENABLE, 0x0);
2289 }
2290
2291 set_bit(MT76_MCU_RESET, &dev->mphy.state);
2292 mt7996_for_each_phy(dev, phy)
2293 set_bit(MT76_RESET, &phy->mt76->state);
2294 wake_up(&dev->mt76.mcu.wait);
2295
2296 /* lock/unlock all queues to ensure that no tx is pending */
2297 mt7996_for_each_phy(dev, phy)
2298 mt76_txq_schedule_all(phy->mt76);
2299
2300 /* disable all tx/rx napi */
2301 mt76_worker_disable(&dev->mt76.tx_worker);
2302 mt76_for_each_q_rx(mdev, i) {
2303 if (mtk_wed_device_active(&dev->mt76.mmio.wed) &&
2304 mt76_queue_is_wed_rro(&mdev->q_rx[i]))
2305 continue;
2306
2307 if (mdev->q_rx[i].ndesc)
2308 napi_disable(&dev->mt76.napi[i]);
2309 }
2310 napi_disable(&dev->mt76.tx_napi);
2311
2312 /* token reinit */
2313 mt7996_tx_token_put(dev);
2314 idr_init(&dev->mt76.token);
2315
2316 mt7996_dma_reset(dev, true);
2317
2318 mt76_for_each_q_rx(mdev, i) {
2319 if (mtk_wed_device_active(&dev->mt76.mmio.wed) &&
2320 mt76_queue_is_wed_rro(&mdev->q_rx[i]))
2321 continue;
2322
2323 if (mdev->q_rx[i].ndesc) {
2324 napi_enable(&dev->mt76.napi[i]);
2325 local_bh_disable();
2326 napi_schedule(&dev->mt76.napi[i]);
2327 local_bh_enable();
2328 }
2329 }
2330 clear_bit(MT76_MCU_RESET, &dev->mphy.state);
2331 clear_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state);
2332
2333 mt76_wr(dev, MT_INT_MASK_CSR, dev->mt76.mmio.irqmask);
2334 mt76_wr(dev, MT_INT_SOURCE_CSR, ~0);
2335 if (dev->hif2) {
2336 mt76_wr(dev, MT_INT1_MASK_CSR, dev->mt76.mmio.irqmask);
2337 mt76_wr(dev, MT_INT1_SOURCE_CSR, ~0);
2338 }
2339 if (dev_is_pci(mdev->dev)) {
2340 mt76_wr(dev, MT_PCIE_MAC_INT_ENABLE, 0xff);
2341 if (dev->hif2)
2342 mt76_wr(dev, MT_PCIE1_MAC_INT_ENABLE, 0xff);
2343 }
2344
2345 /* load firmware */
2346 ret = mt7996_mcu_init_firmware(dev);
2347 if (ret)
2348 goto out;
2349
2350 if (mtk_wed_device_active(&dev->mt76.mmio.wed) &&
2351 mt7996_has_hwrro(dev)) {
2352 u32 wed_irq_mask = dev->mt76.mmio.irqmask |
2353 MT_INT_TX_DONE_BAND2;
2354
2355 mt7996_rro_hw_init(dev);
2356 mt76_for_each_q_rx(&dev->mt76, i) {
2357 if (mt76_queue_is_wed_rro_ind(&dev->mt76.q_rx[i]) ||
2358 mt76_queue_is_wed_rro_msdu_pg(&dev->mt76.q_rx[i]))
2359 mt76_queue_rx_reset(dev, i);
2360 }
2361
2362 mt76_wr(dev, MT_INT_MASK_CSR, wed_irq_mask);
2363 mtk_wed_device_start_hw_rro(&dev->mt76.mmio.wed, wed_irq_mask,
2364 false);
2365 mt7996_irq_enable(dev, wed_irq_mask);
2366 mt7996_irq_disable(dev, 0);
2367 }
2368
2369 if (mtk_wed_device_active(&dev->mt76.mmio.wed_hif2)) {
2370 mt76_wr(dev, MT_INT_PCIE1_MASK_CSR,
2371 MT_INT_TX_RX_DONE_EXT);
2372 mtk_wed_device_start(&dev->mt76.mmio.wed_hif2,
2373 MT_INT_TX_RX_DONE_EXT);
2374 }
2375
2376 /* set the necessary init items */
2377 ret = mt7996_mcu_set_eeprom(dev);
2378 if (ret)
2379 goto out;
2380
2381 mt7996_mac_init(dev);
2382 mt7996_for_each_phy(dev, phy)
2383 mt7996_init_txpower(phy);
2384 ret = mt7996_txbf_init(dev);
2385 if (ret)
2386 goto out;
2387
2388 mt7996_for_each_phy(dev, phy) {
2389 if (!test_bit(MT76_STATE_RUNNING, &phy->mt76->state))
2390 continue;
2391
2392 ret = mt7996_run(phy);
2393 if (ret)
2394 goto out;
2395 }
2396
2397 out:
2398 /* reset done */
2399 mt7996_for_each_phy(dev, phy)
2400 clear_bit(MT76_RESET, &phy->mt76->state);
2401
2402 napi_enable(&dev->mt76.tx_napi);
2403 local_bh_disable();
2404 napi_schedule(&dev->mt76.tx_napi);
2405 local_bh_enable();
2406
2407 mt76_worker_enable(&dev->mt76.tx_worker);
2408 return ret;
2409 }
2410
2411 static void
mt7996_mac_reset_sta_iter(void * data,struct ieee80211_sta * sta)2412 mt7996_mac_reset_sta_iter(void *data, struct ieee80211_sta *sta)
2413 {
2414 struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
2415 struct mt7996_dev *dev = data;
2416 int i;
2417
2418 for (i = 0; i < ARRAY_SIZE(msta->link); i++) {
2419 struct mt7996_sta_link *msta_link = NULL;
2420
2421 msta_link = rcu_replace_pointer(msta->link[i], msta_link,
2422 lockdep_is_held(&dev->mt76.mutex));
2423 if (!msta_link)
2424 continue;
2425
2426 mt7996_mac_sta_deinit_link(dev, msta_link);
2427
2428 if (msta->deflink_id == i) {
2429 msta->deflink_id = IEEE80211_LINK_UNSPECIFIED;
2430 continue;
2431 }
2432
2433 kfree_rcu(msta_link, rcu_head);
2434 }
2435 }
2436
2437 static void
mt7996_mac_reset_vif_iter(void * data,u8 * mac,struct ieee80211_vif * vif)2438 mt7996_mac_reset_vif_iter(void *data, u8 *mac, struct ieee80211_vif *vif)
2439 {
2440 struct mt76_vif_link *mlink = (struct mt76_vif_link *)vif->drv_priv;
2441 struct mt76_vif_data *mvif = mlink->mvif;
2442 struct mt7996_dev *dev = data;
2443 int i;
2444
2445 rcu_read_lock();
2446 for (i = 0; i < ARRAY_SIZE(mvif->link); i++) {
2447
2448 mlink = mt76_dereference(mvif->link[i], &dev->mt76);
2449 if (!mlink || mlink == (struct mt76_vif_link *)vif->drv_priv)
2450 continue;
2451
2452 rcu_assign_pointer(mvif->link[i], NULL);
2453 kfree_rcu(mlink, rcu_head);
2454 }
2455 rcu_read_unlock();
2456 }
2457
2458 static void
mt7996_mac_full_reset(struct mt7996_dev * dev)2459 mt7996_mac_full_reset(struct mt7996_dev *dev)
2460 {
2461 struct ieee80211_hw *hw = mt76_hw(dev);
2462 struct mt7996_phy *phy;
2463 LIST_HEAD(list);
2464 int i;
2465
2466 dev->recovery.hw_full_reset = true;
2467
2468 wake_up(&dev->mt76.mcu.wait);
2469 ieee80211_stop_queues(hw);
2470
2471 cancel_work_sync(&dev->wed_rro.work);
2472 mt7996_for_each_phy(dev, phy)
2473 cancel_delayed_work_sync(&phy->mt76->mac_work);
2474
2475 mt76_abort_scan(&dev->mt76);
2476
2477 mutex_lock(&dev->mt76.mutex);
2478 for (i = 0; i < 10; i++) {
2479 if (!mt7996_mac_restart(dev))
2480 break;
2481 }
2482
2483 if (i == 10)
2484 dev_err(dev->mt76.dev, "chip full reset failed\n");
2485
2486 mt7996_for_each_phy(dev, phy)
2487 phy->omac_mask = 0;
2488
2489 ieee80211_iterate_stations_atomic(hw, mt7996_mac_reset_sta_iter, dev);
2490 ieee80211_iterate_active_interfaces_atomic(hw,
2491 IEEE80211_IFACE_SKIP_SDATA_NOT_IN_DRIVER,
2492 mt7996_mac_reset_vif_iter, dev);
2493 mt76_reset_device(&dev->mt76);
2494
2495 INIT_LIST_HEAD(&dev->sta_rc_list);
2496 INIT_LIST_HEAD(&dev->twt_list);
2497
2498 spin_lock_bh(&dev->wed_rro.lock);
2499 list_splice_init(&dev->wed_rro.poll_list, &list);
2500 spin_unlock_bh(&dev->wed_rro.lock);
2501
2502 while (!list_empty(&list)) {
2503 struct mt7996_wed_rro_session_id *e;
2504
2505 e = list_first_entry(&list, struct mt7996_wed_rro_session_id,
2506 list);
2507 list_del_init(&e->list);
2508 kfree(e);
2509 }
2510
2511 i = mt76_wcid_alloc(dev->mt76.wcid_mask, MT7996_WTBL_STA);
2512 dev->mt76.global_wcid.idx = i;
2513 dev->recovery.hw_full_reset = false;
2514
2515 mutex_unlock(&dev->mt76.mutex);
2516
2517 ieee80211_restart_hw(mt76_hw(dev));
2518 }
2519
mt7996_mac_reset_work(struct work_struct * work)2520 void mt7996_mac_reset_work(struct work_struct *work)
2521 {
2522 struct ieee80211_hw *hw;
2523 struct mt7996_dev *dev;
2524 struct mt7996_phy *phy;
2525 int i;
2526
2527 dev = container_of(work, struct mt7996_dev, reset_work);
2528 hw = mt76_hw(dev);
2529
2530 /* chip full reset */
2531 if (dev->recovery.restart) {
2532 /* disable WA/WM WDT */
2533 mt76_clear(dev, MT_WFDMA0_MCU_HOST_INT_ENA,
2534 MT_MCU_CMD_WDT_MASK);
2535
2536 if (READ_ONCE(dev->recovery.state) & MT_MCU_CMD_WA_WDT)
2537 dev->recovery.wa_reset_count++;
2538 else
2539 dev->recovery.wm_reset_count++;
2540
2541 mt7996_mac_full_reset(dev);
2542
2543 /* enable mcu irq */
2544 mt7996_irq_enable(dev, MT_INT_MCU_CMD);
2545 mt7996_irq_disable(dev, 0);
2546
2547 /* enable WA/WM WDT */
2548 mt76_set(dev, MT_WFDMA0_MCU_HOST_INT_ENA, MT_MCU_CMD_WDT_MASK);
2549
2550 dev->recovery.state = MT_MCU_CMD_NORMAL_STATE;
2551 dev->recovery.restart = false;
2552 return;
2553 }
2554
2555 if (!(READ_ONCE(dev->recovery.state) & MT_MCU_CMD_STOP_DMA))
2556 return;
2557
2558 dev_info(dev->mt76.dev,"\n%s L1 SER recovery start.",
2559 wiphy_name(hw->wiphy));
2560
2561 if (mtk_wed_device_active(&dev->mt76.mmio.wed_hif2))
2562 mtk_wed_device_stop(&dev->mt76.mmio.wed_hif2);
2563
2564 if (mtk_wed_device_active(&dev->mt76.mmio.wed))
2565 mtk_wed_device_stop(&dev->mt76.mmio.wed);
2566
2567 ieee80211_stop_queues(mt76_hw(dev));
2568
2569 set_bit(MT76_RESET, &dev->mphy.state);
2570 set_bit(MT76_MCU_RESET, &dev->mphy.state);
2571 mt76_abort_scan(&dev->mt76);
2572 wake_up(&dev->mt76.mcu.wait);
2573
2574 cancel_work_sync(&dev->wed_rro.work);
2575 mt7996_for_each_phy(dev, phy) {
2576 mt76_abort_roc(phy->mt76);
2577 set_bit(MT76_RESET, &phy->mt76->state);
2578 cancel_delayed_work_sync(&phy->mt76->mac_work);
2579 }
2580
2581 mt76_worker_disable(&dev->mt76.tx_worker);
2582 mt76_for_each_q_rx(&dev->mt76, i) {
2583 if (mtk_wed_device_active(&dev->mt76.mmio.wed) &&
2584 mt76_queue_is_wed_rro(&dev->mt76.q_rx[i]))
2585 continue;
2586
2587 napi_disable(&dev->mt76.napi[i]);
2588 }
2589 napi_disable(&dev->mt76.tx_napi);
2590
2591 mutex_lock(&dev->mt76.mutex);
2592
2593 mt7996_npu_hw_stop(dev);
2594
2595 mt76_wr(dev, MT_MCU_INT_EVENT, MT_MCU_INT_EVENT_DMA_STOPPED);
2596
2597 if (mt7996_wait_reset_state(dev, MT_MCU_CMD_RESET_DONE)) {
2598 mt7996_dma_reset(dev, false);
2599
2600 mt7996_tx_token_put(dev);
2601 idr_init(&dev->mt76.token);
2602
2603 mt76_wr(dev, MT_MCU_INT_EVENT, MT_MCU_INT_EVENT_DMA_INIT);
2604 mt7996_wait_reset_state(dev, MT_MCU_CMD_RECOVERY_DONE);
2605 }
2606
2607 mt76_wr(dev, MT_MCU_INT_EVENT, MT_MCU_INT_EVENT_RESET_DONE);
2608 mt7996_wait_reset_state(dev, MT_MCU_CMD_NORMAL_STATE);
2609
2610 /* enable DMA Rx/Tx and interrupt */
2611 mt7996_dma_start(dev, false, false);
2612
2613 if (!is_mt7996(&dev->mt76) && dev->mt76.hwrro_mode == MT76_HWRRO_V3)
2614 mt76_wr(dev, MT_RRO_3_0_EMU_CONF, MT_RRO_3_0_EMU_CONF_EN_MASK);
2615
2616 if (mtk_wed_device_active(&dev->mt76.mmio.wed)) {
2617 u32 wed_irq_mask = MT_INT_TX_DONE_BAND2 |
2618 dev->mt76.mmio.irqmask;
2619
2620 mt76_wr(dev, MT_INT_MASK_CSR, wed_irq_mask);
2621 mtk_wed_device_start_hw_rro(&dev->mt76.mmio.wed, wed_irq_mask,
2622 true);
2623 mt7996_irq_enable(dev, wed_irq_mask);
2624 mt7996_irq_disable(dev, 0);
2625 }
2626
2627 if (mtk_wed_device_active(&dev->mt76.mmio.wed_hif2)) {
2628 mt76_wr(dev, MT_INT_PCIE1_MASK_CSR, MT_INT_TX_RX_DONE_EXT);
2629 mtk_wed_device_start(&dev->mt76.mmio.wed_hif2,
2630 MT_INT_TX_RX_DONE_EXT);
2631 }
2632
2633 clear_bit(MT76_MCU_RESET, &dev->mphy.state);
2634 mt7996_for_each_phy(dev, phy)
2635 clear_bit(MT76_RESET, &phy->mt76->state);
2636
2637 mt76_for_each_q_rx(&dev->mt76, i) {
2638 if (mtk_wed_device_active(&dev->mt76.mmio.wed) &&
2639 mt76_queue_is_wed_rro(&dev->mt76.q_rx[i]))
2640 continue;
2641
2642 napi_enable(&dev->mt76.napi[i]);
2643 local_bh_disable();
2644 napi_schedule(&dev->mt76.napi[i]);
2645 local_bh_enable();
2646 }
2647
2648 tasklet_schedule(&dev->mt76.irq_tasklet);
2649
2650 mt76_worker_enable(&dev->mt76.tx_worker);
2651
2652 napi_enable(&dev->mt76.tx_napi);
2653 local_bh_disable();
2654 napi_schedule(&dev->mt76.tx_napi);
2655 local_bh_enable();
2656
2657 ieee80211_wake_queues(hw);
2658 mt7996_update_beacons(dev);
2659
2660 mutex_unlock(&dev->mt76.mutex);
2661
2662 mt7996_npu_hw_init(dev);
2663
2664 mt7996_for_each_phy(dev, phy)
2665 ieee80211_queue_delayed_work(hw, &phy->mt76->mac_work,
2666 MT7996_WATCHDOG_TIME);
2667 dev_info(dev->mt76.dev,"\n%s L1 SER recovery completed.",
2668 wiphy_name(dev->mt76.hw->wiphy));
2669 }
2670
2671 /* firmware coredump */
mt7996_mac_dump_work(struct work_struct * work)2672 void mt7996_mac_dump_work(struct work_struct *work)
2673 {
2674 const struct mt7996_mem_region *mem_region;
2675 struct mt7996_crash_data *crash_data;
2676 struct mt7996_dev *dev;
2677 struct mt7996_mem_hdr *hdr;
2678 size_t buf_len;
2679 int i;
2680 u32 num;
2681 u8 *buf;
2682
2683 dev = container_of(work, struct mt7996_dev, dump_work);
2684
2685 mutex_lock(&dev->dump_mutex);
2686
2687 crash_data = mt7996_coredump_new(dev);
2688 if (!crash_data) {
2689 mutex_unlock(&dev->dump_mutex);
2690 goto skip_coredump;
2691 }
2692
2693 mem_region = mt7996_coredump_get_mem_layout(dev, &num);
2694 if (!mem_region || !crash_data->memdump_buf_len) {
2695 mutex_unlock(&dev->dump_mutex);
2696 goto skip_memdump;
2697 }
2698
2699 buf = crash_data->memdump_buf;
2700 buf_len = crash_data->memdump_buf_len;
2701
2702 /* dumping memory content... */
2703 memset(buf, 0, buf_len);
2704 for (i = 0; i < num; i++) {
2705 if (mem_region->len > buf_len) {
2706 dev_warn(dev->mt76.dev, "%s len %zu is too large\n",
2707 mem_region->name, mem_region->len);
2708 break;
2709 }
2710
2711 /* reserve space for the header */
2712 hdr = (void *)buf;
2713 buf += sizeof(*hdr);
2714 buf_len -= sizeof(*hdr);
2715
2716 mt7996_memcpy_fromio(dev, buf, mem_region->start,
2717 mem_region->len);
2718
2719 hdr->start = mem_region->start;
2720 hdr->len = mem_region->len;
2721
2722 if (!mem_region->len)
2723 /* note: the header remains, just with zero length */
2724 break;
2725
2726 buf += mem_region->len;
2727 buf_len -= mem_region->len;
2728
2729 mem_region++;
2730 }
2731
2732 mutex_unlock(&dev->dump_mutex);
2733
2734 skip_memdump:
2735 mt7996_coredump_submit(dev);
2736 skip_coredump:
2737 queue_work(dev->mt76.wq, &dev->reset_work);
2738 }
2739
mt7996_reset(struct mt7996_dev * dev)2740 void mt7996_reset(struct mt7996_dev *dev)
2741 {
2742 if (!dev->recovery.hw_init_done)
2743 return;
2744
2745 if (dev->recovery.hw_full_reset)
2746 return;
2747
2748 /* wm/wa exception: do full recovery */
2749 if (READ_ONCE(dev->recovery.state) & MT_MCU_CMD_WDT_MASK) {
2750 dev->recovery.restart = true;
2751 dev_info(dev->mt76.dev,
2752 "%s indicated firmware crash, attempting recovery\n",
2753 wiphy_name(dev->mt76.hw->wiphy));
2754
2755 mt7996_irq_disable(dev, MT_INT_MCU_CMD);
2756 queue_work(dev->mt76.wq, &dev->dump_work);
2757 return;
2758 }
2759
2760 queue_work(dev->mt76.wq, &dev->reset_work);
2761 wake_up(&dev->reset_wait);
2762 }
2763
mt7996_mac_update_stats(struct mt7996_phy * phy)2764 void mt7996_mac_update_stats(struct mt7996_phy *phy)
2765 {
2766 struct mt76_mib_stats *mib = &phy->mib;
2767 struct mt7996_dev *dev = phy->dev;
2768 u8 band_idx = phy->mt76->band_idx;
2769 u32 cnt;
2770 int i;
2771
2772 cnt = mt76_rr(dev, MT_MIB_RSCR1(band_idx));
2773 mib->fcs_err_cnt += cnt;
2774
2775 cnt = mt76_rr(dev, MT_MIB_RSCR33(band_idx));
2776 mib->rx_fifo_full_cnt += cnt;
2777
2778 cnt = mt76_rr(dev, MT_MIB_RSCR31(band_idx));
2779 mib->rx_mpdu_cnt += cnt;
2780
2781 cnt = mt76_rr(dev, MT_MIB_SDR6(band_idx));
2782 mib->channel_idle_cnt += FIELD_GET(MT_MIB_SDR6_CHANNEL_IDL_CNT_MASK, cnt);
2783
2784 cnt = mt76_rr(dev, MT_MIB_RVSR0(band_idx));
2785 mib->rx_vector_mismatch_cnt += cnt;
2786
2787 cnt = mt76_rr(dev, MT_MIB_RSCR35(band_idx));
2788 mib->rx_delimiter_fail_cnt += cnt;
2789
2790 cnt = mt76_rr(dev, MT_MIB_RSCR36(band_idx));
2791 mib->rx_len_mismatch_cnt += cnt;
2792
2793 cnt = mt76_rr(dev, MT_MIB_TSCR0(band_idx));
2794 mib->tx_ampdu_cnt += cnt;
2795
2796 cnt = mt76_rr(dev, MT_MIB_TSCR2(band_idx));
2797 mib->tx_stop_q_empty_cnt += cnt;
2798
2799 cnt = mt76_rr(dev, MT_MIB_TSCR3(band_idx));
2800 mib->tx_mpdu_attempts_cnt += cnt;
2801
2802 cnt = mt76_rr(dev, MT_MIB_TSCR4(band_idx));
2803 mib->tx_mpdu_success_cnt += cnt;
2804
2805 cnt = mt76_rr(dev, MT_MIB_RSCR27(band_idx));
2806 mib->rx_ampdu_cnt += cnt;
2807
2808 cnt = mt76_rr(dev, MT_MIB_RSCR28(band_idx));
2809 mib->rx_ampdu_bytes_cnt += cnt;
2810
2811 cnt = mt76_rr(dev, MT_MIB_RSCR29(band_idx));
2812 mib->rx_ampdu_valid_subframe_cnt += cnt;
2813
2814 cnt = mt76_rr(dev, MT_MIB_RSCR30(band_idx));
2815 mib->rx_ampdu_valid_subframe_bytes_cnt += cnt;
2816
2817 cnt = mt76_rr(dev, MT_MIB_SDR27(band_idx));
2818 mib->tx_rwp_fail_cnt += FIELD_GET(MT_MIB_SDR27_TX_RWP_FAIL_CNT, cnt);
2819
2820 cnt = mt76_rr(dev, MT_MIB_SDR28(band_idx));
2821 mib->tx_rwp_need_cnt += FIELD_GET(MT_MIB_SDR28_TX_RWP_NEED_CNT, cnt);
2822
2823 cnt = mt76_rr(dev, MT_UMIB_RPDCR(band_idx));
2824 mib->rx_pfdrop_cnt += cnt;
2825
2826 cnt = mt76_rr(dev, MT_MIB_RVSR1(band_idx));
2827 mib->rx_vec_queue_overflow_drop_cnt += cnt;
2828
2829 cnt = mt76_rr(dev, MT_MIB_TSCR1(band_idx));
2830 mib->rx_ba_cnt += cnt;
2831
2832 cnt = mt76_rr(dev, MT_MIB_BSCR0(band_idx));
2833 mib->tx_bf_ebf_ppdu_cnt += cnt;
2834
2835 cnt = mt76_rr(dev, MT_MIB_BSCR1(band_idx));
2836 mib->tx_bf_ibf_ppdu_cnt += cnt;
2837
2838 cnt = mt76_rr(dev, MT_MIB_BSCR2(band_idx));
2839 mib->tx_mu_bf_cnt += cnt;
2840
2841 cnt = mt76_rr(dev, MT_MIB_TSCR5(band_idx));
2842 mib->tx_mu_mpdu_cnt += cnt;
2843
2844 cnt = mt76_rr(dev, MT_MIB_TSCR6(band_idx));
2845 mib->tx_mu_acked_mpdu_cnt += cnt;
2846
2847 cnt = mt76_rr(dev, MT_MIB_TSCR7(band_idx));
2848 mib->tx_su_acked_mpdu_cnt += cnt;
2849
2850 cnt = mt76_rr(dev, MT_MIB_BSCR3(band_idx));
2851 mib->tx_bf_rx_fb_ht_cnt += cnt;
2852 mib->tx_bf_rx_fb_all_cnt += cnt;
2853
2854 cnt = mt76_rr(dev, MT_MIB_BSCR4(band_idx));
2855 mib->tx_bf_rx_fb_vht_cnt += cnt;
2856 mib->tx_bf_rx_fb_all_cnt += cnt;
2857
2858 cnt = mt76_rr(dev, MT_MIB_BSCR5(band_idx));
2859 mib->tx_bf_rx_fb_he_cnt += cnt;
2860 mib->tx_bf_rx_fb_all_cnt += cnt;
2861
2862 cnt = mt76_rr(dev, MT_MIB_BSCR6(band_idx));
2863 mib->tx_bf_rx_fb_eht_cnt += cnt;
2864 mib->tx_bf_rx_fb_all_cnt += cnt;
2865
2866 cnt = mt76_rr(dev, MT_ETBF_RX_FB_CONT(band_idx));
2867 mib->tx_bf_rx_fb_bw = FIELD_GET(MT_ETBF_RX_FB_BW, cnt);
2868 mib->tx_bf_rx_fb_nc_cnt += FIELD_GET(MT_ETBF_RX_FB_NC, cnt);
2869 mib->tx_bf_rx_fb_nr_cnt += FIELD_GET(MT_ETBF_RX_FB_NR, cnt);
2870
2871 cnt = mt76_rr(dev, MT_MIB_BSCR7(band_idx));
2872 mib->tx_bf_fb_trig_cnt += cnt;
2873
2874 cnt = mt76_rr(dev, MT_MIB_BSCR17(band_idx));
2875 mib->tx_bf_fb_cpl_cnt += cnt;
2876
2877 for (i = 0; i < ARRAY_SIZE(mib->tx_amsdu); i++) {
2878 cnt = mt76_rr(dev, MT_PLE_AMSDU_PACK_MSDU_CNT(i));
2879 mib->tx_amsdu[i] += cnt;
2880 mib->tx_amsdu_cnt += cnt;
2881 }
2882
2883 /* rts count */
2884 cnt = mt76_rr(dev, MT_MIB_BTSCR5(band_idx));
2885 mib->rts_cnt += cnt;
2886
2887 /* rts retry count */
2888 cnt = mt76_rr(dev, MT_MIB_BTSCR6(band_idx));
2889 mib->rts_retries_cnt += cnt;
2890
2891 /* ba miss count */
2892 cnt = mt76_rr(dev, MT_MIB_BTSCR0(band_idx));
2893 mib->ba_miss_cnt += cnt;
2894
2895 /* ack fail count */
2896 cnt = mt76_rr(dev, MT_MIB_BFTFCR(band_idx));
2897 mib->ack_fail_cnt += cnt;
2898
2899 for (i = 0; i < 16; i++) {
2900 cnt = mt76_rr(dev, MT_TX_AGG_CNT(band_idx, i));
2901 phy->mt76->aggr_stats[i] += cnt;
2902 }
2903 }
2904
mt7996_mac_sta_rc_work(struct work_struct * work)2905 void mt7996_mac_sta_rc_work(struct work_struct *work)
2906 {
2907 struct mt7996_dev *dev = container_of(work, struct mt7996_dev, rc_work);
2908 struct mt7996_sta_link *msta_link;
2909 struct ieee80211_vif *vif;
2910 struct mt7996_vif *mvif;
2911 LIST_HEAD(list);
2912 u32 changed;
2913
2914 mutex_lock(&dev->mt76.mutex);
2915
2916 spin_lock_bh(&dev->mt76.sta_poll_lock);
2917 list_splice_init(&dev->sta_rc_list, &list);
2918
2919 while (!list_empty(&list)) {
2920 msta_link = list_first_entry(&list, struct mt7996_sta_link,
2921 rc_list);
2922 list_del_init(&msta_link->rc_list);
2923
2924 changed = msta_link->changed;
2925 msta_link->changed = 0;
2926 mvif = msta_link->sta->vif;
2927 vif = container_of((void *)mvif, struct ieee80211_vif,
2928 drv_priv);
2929
2930 spin_unlock_bh(&dev->mt76.sta_poll_lock);
2931
2932 if (changed & (IEEE80211_RC_SUPP_RATES_CHANGED |
2933 IEEE80211_RC_NSS_CHANGED |
2934 IEEE80211_RC_BW_CHANGED))
2935 mt7996_mcu_add_rate_ctrl(dev, msta_link->sta, vif,
2936 msta_link->wcid.link_id,
2937 true);
2938
2939 if (changed & IEEE80211_RC_SMPS_CHANGED)
2940 mt7996_mcu_set_fixed_field(dev, msta_link->sta, NULL,
2941 msta_link->wcid.link_id,
2942 RATE_PARAM_MMPS_UPDATE);
2943
2944 spin_lock_bh(&dev->mt76.sta_poll_lock);
2945 }
2946
2947 spin_unlock_bh(&dev->mt76.sta_poll_lock);
2948
2949 mutex_unlock(&dev->mt76.mutex);
2950 }
2951
mt7996_mac_work(struct work_struct * work)2952 void mt7996_mac_work(struct work_struct *work)
2953 {
2954 struct mt7996_phy *phy;
2955 struct mt76_phy *mphy;
2956
2957 mphy = (struct mt76_phy *)container_of(work, struct mt76_phy,
2958 mac_work.work);
2959 phy = mphy->priv;
2960
2961 mutex_lock(&mphy->dev->mutex);
2962
2963 mt76_update_survey(mphy);
2964 if (++mphy->mac_work_count == 5) {
2965 mphy->mac_work_count = 0;
2966
2967 mt7996_mac_update_stats(phy);
2968
2969 mt7996_mcu_get_all_sta_info(phy, UNI_ALL_STA_TXRX_RATE);
2970 if (mtk_wed_device_active(&phy->dev->mt76.mmio.wed)) {
2971 mt7996_mcu_get_all_sta_info(phy, UNI_ALL_STA_TXRX_ADM_STAT);
2972 mt7996_mcu_get_all_sta_info(phy, UNI_ALL_STA_TXRX_MSDU_COUNT);
2973 }
2974 }
2975
2976 mutex_unlock(&mphy->dev->mutex);
2977
2978 mt76_tx_status_check(mphy->dev, false);
2979
2980 ieee80211_queue_delayed_work(mphy->hw, &mphy->mac_work,
2981 MT7996_WATCHDOG_TIME);
2982 }
2983
mt7996_dfs_stop_radar_detector(struct mt7996_phy * phy)2984 static void mt7996_dfs_stop_radar_detector(struct mt7996_phy *phy)
2985 {
2986 struct mt7996_dev *dev = phy->dev;
2987 int rdd_idx = mt7996_get_rdd_idx(phy, false);
2988
2989 if (rdd_idx < 0)
2990 return;
2991
2992 mt7996_mcu_rdd_cmd(dev, RDD_STOP, rdd_idx, 0);
2993 }
2994
mt7996_dfs_start_rdd(struct mt7996_dev * dev,int rdd_idx)2995 static int mt7996_dfs_start_rdd(struct mt7996_dev *dev, int rdd_idx)
2996 {
2997 int err, region;
2998
2999 switch (dev->mt76.region) {
3000 case NL80211_DFS_ETSI:
3001 region = 0;
3002 break;
3003 case NL80211_DFS_JP:
3004 region = 2;
3005 break;
3006 case NL80211_DFS_FCC:
3007 default:
3008 region = 1;
3009 break;
3010 }
3011
3012 err = mt7996_mcu_rdd_cmd(dev, RDD_START, rdd_idx, region);
3013 if (err < 0)
3014 return err;
3015
3016 return mt7996_mcu_rdd_cmd(dev, RDD_DET_MODE, rdd_idx, 1);
3017 }
3018
mt7996_dfs_start_radar_detector(struct mt7996_phy * phy)3019 static int mt7996_dfs_start_radar_detector(struct mt7996_phy *phy)
3020 {
3021 struct mt7996_dev *dev = phy->dev;
3022 int err, rdd_idx;
3023
3024 rdd_idx = mt7996_get_rdd_idx(phy, false);
3025 if (rdd_idx < 0)
3026 return -EINVAL;
3027
3028 /* start CAC */
3029 err = mt7996_mcu_rdd_cmd(dev, RDD_CAC_START, rdd_idx, 0);
3030 if (err < 0)
3031 return err;
3032
3033 err = mt7996_dfs_start_rdd(dev, rdd_idx);
3034
3035 return err;
3036 }
3037
3038 static int
mt7996_dfs_init_radar_specs(struct mt7996_phy * phy)3039 mt7996_dfs_init_radar_specs(struct mt7996_phy *phy)
3040 {
3041 const struct mt7996_dfs_radar_spec *radar_specs;
3042 struct mt7996_dev *dev = phy->dev;
3043 int err, i;
3044
3045 switch (dev->mt76.region) {
3046 case NL80211_DFS_FCC:
3047 radar_specs = &fcc_radar_specs;
3048 err = mt7996_mcu_set_fcc5_lpn(dev, 8);
3049 if (err < 0)
3050 return err;
3051 break;
3052 case NL80211_DFS_ETSI:
3053 radar_specs = &etsi_radar_specs;
3054 break;
3055 case NL80211_DFS_JP:
3056 radar_specs = &jp_radar_specs;
3057 break;
3058 default:
3059 return -EINVAL;
3060 }
3061
3062 for (i = 0; i < ARRAY_SIZE(radar_specs->radar_pattern); i++) {
3063 err = mt7996_mcu_set_radar_th(dev, i,
3064 &radar_specs->radar_pattern[i]);
3065 if (err < 0)
3066 return err;
3067 }
3068
3069 return mt7996_mcu_set_pulse_th(dev, &radar_specs->pulse_th);
3070 }
3071
mt7996_dfs_init_radar_detector(struct mt7996_phy * phy)3072 int mt7996_dfs_init_radar_detector(struct mt7996_phy *phy)
3073 {
3074 struct mt7996_dev *dev = phy->dev;
3075 enum mt76_dfs_state dfs_state, prev_state;
3076 int err, rdd_idx = mt7996_get_rdd_idx(phy, false);
3077
3078 prev_state = phy->mt76->dfs_state;
3079 dfs_state = mt76_phy_dfs_state(phy->mt76);
3080
3081 if (prev_state == dfs_state || rdd_idx < 0)
3082 return 0;
3083
3084 if (prev_state == MT_DFS_STATE_UNKNOWN)
3085 mt7996_dfs_stop_radar_detector(phy);
3086
3087 if (dfs_state == MT_DFS_STATE_DISABLED)
3088 goto stop;
3089
3090 if (prev_state <= MT_DFS_STATE_DISABLED) {
3091 err = mt7996_dfs_init_radar_specs(phy);
3092 if (err < 0)
3093 return err;
3094
3095 err = mt7996_dfs_start_radar_detector(phy);
3096 if (err < 0)
3097 return err;
3098
3099 phy->mt76->dfs_state = MT_DFS_STATE_CAC;
3100 }
3101
3102 if (dfs_state == MT_DFS_STATE_CAC)
3103 return 0;
3104
3105 err = mt7996_mcu_rdd_cmd(dev, RDD_CAC_END, rdd_idx, 0);
3106 if (err < 0) {
3107 phy->mt76->dfs_state = MT_DFS_STATE_UNKNOWN;
3108 return err;
3109 }
3110
3111 phy->mt76->dfs_state = MT_DFS_STATE_ACTIVE;
3112 return 0;
3113
3114 stop:
3115 err = mt7996_mcu_rdd_cmd(dev, RDD_NORMAL_START, rdd_idx, 0);
3116 if (err < 0)
3117 return err;
3118
3119 mt7996_dfs_stop_radar_detector(phy);
3120 phy->mt76->dfs_state = MT_DFS_STATE_DISABLED;
3121
3122 return 0;
3123 }
3124
3125 static int
mt7996_mac_twt_duration_align(int duration)3126 mt7996_mac_twt_duration_align(int duration)
3127 {
3128 return duration << 8;
3129 }
3130
3131 static u64
mt7996_mac_twt_sched_list_add(struct mt7996_dev * dev,struct mt7996_twt_flow * flow)3132 mt7996_mac_twt_sched_list_add(struct mt7996_dev *dev,
3133 struct mt7996_twt_flow *flow)
3134 {
3135 struct mt7996_twt_flow *iter, *iter_next;
3136 u32 duration = flow->duration << 8;
3137 u64 start_tsf;
3138
3139 iter = list_first_entry_or_null(&dev->twt_list,
3140 struct mt7996_twt_flow, list);
3141 if (!iter || !iter->sched || iter->start_tsf > duration) {
3142 /* add flow as first entry in the list */
3143 list_add(&flow->list, &dev->twt_list);
3144 return 0;
3145 }
3146
3147 list_for_each_entry_safe(iter, iter_next, &dev->twt_list, list) {
3148 start_tsf = iter->start_tsf +
3149 mt7996_mac_twt_duration_align(iter->duration);
3150 if (list_is_last(&iter->list, &dev->twt_list))
3151 break;
3152
3153 if (!iter_next->sched ||
3154 iter_next->start_tsf > start_tsf + duration) {
3155 list_add(&flow->list, &iter->list);
3156 goto out;
3157 }
3158 }
3159
3160 /* add flow as last entry in the list */
3161 list_add_tail(&flow->list, &dev->twt_list);
3162 out:
3163 return start_tsf;
3164 }
3165
mt7996_mac_check_twt_req(struct ieee80211_twt_setup * twt)3166 static int mt7996_mac_check_twt_req(struct ieee80211_twt_setup *twt)
3167 {
3168 struct ieee80211_twt_params *twt_agrt;
3169 u64 interval, duration;
3170 u16 mantissa;
3171 u8 exp;
3172
3173 /* only individual agreement supported */
3174 if (twt->control & IEEE80211_TWT_CONTROL_NEG_TYPE_BROADCAST)
3175 return -EOPNOTSUPP;
3176
3177 /* only 256us unit supported */
3178 if (twt->control & IEEE80211_TWT_CONTROL_WAKE_DUR_UNIT)
3179 return -EOPNOTSUPP;
3180
3181 twt_agrt = (struct ieee80211_twt_params *)twt->params;
3182
3183 /* explicit agreement not supported */
3184 if (!(twt_agrt->req_type & cpu_to_le16(IEEE80211_TWT_REQTYPE_IMPLICIT)))
3185 return -EOPNOTSUPP;
3186
3187 exp = FIELD_GET(IEEE80211_TWT_REQTYPE_WAKE_INT_EXP,
3188 le16_to_cpu(twt_agrt->req_type));
3189 mantissa = le16_to_cpu(twt_agrt->mantissa);
3190 duration = twt_agrt->min_twt_dur << 8;
3191
3192 interval = (u64)mantissa << exp;
3193 if (interval < duration)
3194 return -EOPNOTSUPP;
3195
3196 return 0;
3197 }
3198
3199 static bool
mt7996_mac_twt_param_equal(struct mt7996_sta_link * msta_link,struct ieee80211_twt_params * twt_agrt)3200 mt7996_mac_twt_param_equal(struct mt7996_sta_link *msta_link,
3201 struct ieee80211_twt_params *twt_agrt)
3202 {
3203 u16 type = le16_to_cpu(twt_agrt->req_type);
3204 u8 exp;
3205 int i;
3206
3207 exp = FIELD_GET(IEEE80211_TWT_REQTYPE_WAKE_INT_EXP, type);
3208 for (i = 0; i < MT7996_MAX_STA_TWT_AGRT; i++) {
3209 struct mt7996_twt_flow *f;
3210
3211 if (!(msta_link->twt.flowid_mask & BIT(i)))
3212 continue;
3213
3214 f = &msta_link->twt.flow[i];
3215 if (f->duration == twt_agrt->min_twt_dur &&
3216 f->mantissa == twt_agrt->mantissa &&
3217 f->exp == exp &&
3218 f->protection == !!(type & IEEE80211_TWT_REQTYPE_PROTECTION) &&
3219 f->flowtype == !!(type & IEEE80211_TWT_REQTYPE_FLOWTYPE) &&
3220 f->trigger == !!(type & IEEE80211_TWT_REQTYPE_TRIGGER))
3221 return true;
3222 }
3223
3224 return false;
3225 }
3226
mt7996_mac_add_twt_setup(struct ieee80211_hw * hw,struct ieee80211_sta * sta,struct ieee80211_twt_setup * twt)3227 void mt7996_mac_add_twt_setup(struct ieee80211_hw *hw,
3228 struct ieee80211_sta *sta,
3229 struct ieee80211_twt_setup *twt)
3230 {
3231 enum ieee80211_twt_setup_cmd setup_cmd = TWT_SETUP_CMD_REJECT;
3232 struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
3233 struct ieee80211_twt_params *twt_agrt = (void *)twt->params;
3234 struct mt7996_sta_link *msta_link = &msta->deflink;
3235 u16 req_type = le16_to_cpu(twt_agrt->req_type);
3236 enum ieee80211_twt_setup_cmd sta_setup_cmd;
3237 struct mt7996_dev *dev = mt7996_hw_dev(hw);
3238 struct mt7996_twt_flow *flow;
3239 u8 flowid, table_id, exp;
3240
3241 if (mt7996_mac_check_twt_req(twt))
3242 goto out;
3243
3244 mutex_lock(&dev->mt76.mutex);
3245
3246 if (dev->twt.n_agrt == MT7996_MAX_TWT_AGRT)
3247 goto unlock;
3248
3249 if (hweight8(msta_link->twt.flowid_mask) ==
3250 ARRAY_SIZE(msta_link->twt.flow))
3251 goto unlock;
3252
3253 if (twt_agrt->min_twt_dur < MT7996_MIN_TWT_DUR) {
3254 setup_cmd = TWT_SETUP_CMD_DICTATE;
3255 twt_agrt->min_twt_dur = MT7996_MIN_TWT_DUR;
3256 goto unlock;
3257 }
3258
3259 if (mt7996_mac_twt_param_equal(msta_link, twt_agrt))
3260 goto unlock;
3261
3262 flowid = ffs(~msta_link->twt.flowid_mask) - 1;
3263 twt_agrt->req_type &= ~cpu_to_le16(IEEE80211_TWT_REQTYPE_FLOWID);
3264 twt_agrt->req_type |= le16_encode_bits(flowid,
3265 IEEE80211_TWT_REQTYPE_FLOWID);
3266
3267 table_id = ffs(~dev->twt.table_mask) - 1;
3268 exp = FIELD_GET(IEEE80211_TWT_REQTYPE_WAKE_INT_EXP, req_type);
3269 sta_setup_cmd = FIELD_GET(IEEE80211_TWT_REQTYPE_SETUP_CMD, req_type);
3270
3271 flow = &msta_link->twt.flow[flowid];
3272 memset(flow, 0, sizeof(*flow));
3273 INIT_LIST_HEAD(&flow->list);
3274 flow->wcid = msta_link->wcid.idx;
3275 flow->table_id = table_id;
3276 flow->id = flowid;
3277 flow->duration = twt_agrt->min_twt_dur;
3278 flow->mantissa = twt_agrt->mantissa;
3279 flow->exp = exp;
3280 flow->protection = !!(req_type & IEEE80211_TWT_REQTYPE_PROTECTION);
3281 flow->flowtype = !!(req_type & IEEE80211_TWT_REQTYPE_FLOWTYPE);
3282 flow->trigger = !!(req_type & IEEE80211_TWT_REQTYPE_TRIGGER);
3283
3284 if (sta_setup_cmd == TWT_SETUP_CMD_REQUEST ||
3285 sta_setup_cmd == TWT_SETUP_CMD_SUGGEST) {
3286 u64 interval = (u64)le16_to_cpu(twt_agrt->mantissa) << exp;
3287 u64 flow_tsf, curr_tsf;
3288 u32 rem;
3289
3290 flow->sched = true;
3291 flow->start_tsf = mt7996_mac_twt_sched_list_add(dev, flow);
3292 curr_tsf = __mt7996_get_tsf(hw, &msta->vif->deflink);
3293 div_u64_rem(curr_tsf - flow->start_tsf, interval, &rem);
3294 flow_tsf = curr_tsf + interval - rem;
3295 twt_agrt->twt = cpu_to_le64(flow_tsf);
3296 } else {
3297 list_add_tail(&flow->list, &dev->twt_list);
3298 }
3299 flow->tsf = le64_to_cpu(twt_agrt->twt);
3300
3301 if (mt7996_mcu_twt_agrt_update(dev, &msta->vif->deflink, flow,
3302 MCU_TWT_AGRT_ADD))
3303 goto unlock;
3304
3305 setup_cmd = TWT_SETUP_CMD_ACCEPT;
3306 dev->twt.table_mask |= BIT(table_id);
3307 msta_link->twt.flowid_mask |= BIT(flowid);
3308 dev->twt.n_agrt++;
3309
3310 unlock:
3311 mutex_unlock(&dev->mt76.mutex);
3312 out:
3313 twt_agrt->req_type &= ~cpu_to_le16(IEEE80211_TWT_REQTYPE_SETUP_CMD);
3314 twt_agrt->req_type |=
3315 le16_encode_bits(setup_cmd, IEEE80211_TWT_REQTYPE_SETUP_CMD);
3316 twt->control = twt->control & IEEE80211_TWT_CONTROL_RX_DISABLED;
3317 }
3318
mt7996_mac_twt_teardown_flow(struct mt7996_dev * dev,struct mt7996_vif_link * link,struct mt7996_sta_link * msta_link,u8 flowid)3319 void mt7996_mac_twt_teardown_flow(struct mt7996_dev *dev,
3320 struct mt7996_vif_link *link,
3321 struct mt7996_sta_link *msta_link,
3322 u8 flowid)
3323 {
3324 struct mt7996_twt_flow *flow;
3325
3326 lockdep_assert_held(&dev->mt76.mutex);
3327
3328 if (flowid >= ARRAY_SIZE(msta_link->twt.flow))
3329 return;
3330
3331 if (!(msta_link->twt.flowid_mask & BIT(flowid)))
3332 return;
3333
3334 flow = &msta_link->twt.flow[flowid];
3335 if (mt7996_mcu_twt_agrt_update(dev, link, flow, MCU_TWT_AGRT_DELETE))
3336 return;
3337
3338 list_del_init(&flow->list);
3339 msta_link->twt.flowid_mask &= ~BIT(flowid);
3340 dev->twt.table_mask &= ~BIT(flow->table_id);
3341 dev->twt.n_agrt--;
3342 }
3343