xref: /freebsd/sys/contrib/dev/athk/ath10k/mac.c (revision 43e29d03f416d7dda52112a29600a7c82ee1a91e)
1 // SPDX-License-Identifier: ISC
2 /*
3  * Copyright (c) 2005-2011 Atheros Communications Inc.
4  * Copyright (c) 2011-2017 Qualcomm Atheros, Inc.
5  * Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
6  */
7 
8 #include "mac.h"
9 
10 #include <net/cfg80211.h>
11 #include <net/mac80211.h>
12 #include <linux/etherdevice.h>
13 #include <linux/acpi.h>
14 #if defined(__linux__) || (defined(__FreeBSD__) && defined(CONFIG_OF))
15 #include <linux/of.h>
16 #endif
17 #include <linux/bitfield.h>
18 
19 #include "hif.h"
20 #include "core.h"
21 #include "debug.h"
22 #include "wmi.h"
23 #include "htt.h"
24 #include "txrx.h"
25 #include "testmode.h"
26 #include "wmi-tlv.h"
27 #include "wmi-ops.h"
28 #include "wow.h"
29 
30 /*********/
31 /* Rates */
32 /*********/
33 
34 static struct ieee80211_rate ath10k_rates[] = {
35 	{ .bitrate = 10,
36 	  .hw_value = ATH10K_HW_RATE_CCK_LP_1M },
37 	{ .bitrate = 20,
38 	  .hw_value = ATH10K_HW_RATE_CCK_LP_2M,
39 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_2M,
40 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
41 	{ .bitrate = 55,
42 	  .hw_value = ATH10K_HW_RATE_CCK_LP_5_5M,
43 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_5_5M,
44 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
45 	{ .bitrate = 110,
46 	  .hw_value = ATH10K_HW_RATE_CCK_LP_11M,
47 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_11M,
48 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
49 
50 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
51 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
52 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
53 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
54 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
55 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
56 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
57 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
58 };
59 
60 static struct ieee80211_rate ath10k_rates_rev2[] = {
61 	{ .bitrate = 10,
62 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_1M },
63 	{ .bitrate = 20,
64 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_2M,
65 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_2M,
66 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
67 	{ .bitrate = 55,
68 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_5_5M,
69 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_5_5M,
70 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
71 	{ .bitrate = 110,
72 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_11M,
73 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_11M,
74 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
75 
76 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
77 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
78 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
79 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
80 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
81 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
82 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
83 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
84 };
85 
86 static const struct cfg80211_sar_freq_ranges ath10k_sar_freq_ranges[] = {
87 	{.start_freq = 2402, .end_freq = 2494 },
88 	{.start_freq = 5170, .end_freq = 5875 },
89 };
90 
91 static const struct cfg80211_sar_capa ath10k_sar_capa = {
92 	.type = NL80211_SAR_TYPE_POWER,
93 	.num_freq_ranges = (ARRAY_SIZE(ath10k_sar_freq_ranges)),
94 	.freq_ranges = &ath10k_sar_freq_ranges[0],
95 };
96 
97 #define ATH10K_MAC_FIRST_OFDM_RATE_IDX 4
98 
99 #define ath10k_a_rates (ath10k_rates + ATH10K_MAC_FIRST_OFDM_RATE_IDX)
100 #define ath10k_a_rates_size (ARRAY_SIZE(ath10k_rates) - \
101 			     ATH10K_MAC_FIRST_OFDM_RATE_IDX)
102 #define ath10k_g_rates (ath10k_rates + 0)
103 #define ath10k_g_rates_size (ARRAY_SIZE(ath10k_rates))
104 
105 #define ath10k_g_rates_rev2 (ath10k_rates_rev2 + 0)
106 #define ath10k_g_rates_rev2_size (ARRAY_SIZE(ath10k_rates_rev2))
107 
108 #define ath10k_wmi_legacy_rates ath10k_rates
109 
110 static bool ath10k_mac_bitrate_is_cck(int bitrate)
111 {
112 	switch (bitrate) {
113 	case 10:
114 	case 20:
115 	case 55:
116 	case 110:
117 		return true;
118 	}
119 
120 	return false;
121 }
122 
123 static u8 ath10k_mac_bitrate_to_rate(int bitrate)
124 {
125 	return DIV_ROUND_UP(bitrate, 5) |
126 	       (ath10k_mac_bitrate_is_cck(bitrate) ? BIT(7) : 0);
127 }
128 
129 u8 ath10k_mac_hw_rate_to_idx(const struct ieee80211_supported_band *sband,
130 			     u8 hw_rate, bool cck)
131 {
132 	const struct ieee80211_rate *rate;
133 	int i;
134 
135 	for (i = 0; i < sband->n_bitrates; i++) {
136 		rate = &sband->bitrates[i];
137 
138 		if (ath10k_mac_bitrate_is_cck(rate->bitrate) != cck)
139 			continue;
140 
141 		if (rate->hw_value == hw_rate)
142 			return i;
143 		else if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE &&
144 			 rate->hw_value_short == hw_rate)
145 			return i;
146 	}
147 
148 	return 0;
149 }
150 
151 u8 ath10k_mac_bitrate_to_idx(const struct ieee80211_supported_band *sband,
152 			     u32 bitrate)
153 {
154 	int i;
155 
156 	for (i = 0; i < sband->n_bitrates; i++)
157 		if (sband->bitrates[i].bitrate == bitrate)
158 			return i;
159 
160 	return 0;
161 }
162 
163 static int ath10k_mac_get_rate_hw_value(int bitrate)
164 {
165 	int i;
166 	u8 hw_value_prefix = 0;
167 
168 	if (ath10k_mac_bitrate_is_cck(bitrate))
169 		hw_value_prefix = WMI_RATE_PREAMBLE_CCK << 6;
170 
171 	for (i = 0; i < ARRAY_SIZE(ath10k_rates); i++) {
172 		if (ath10k_rates[i].bitrate == bitrate)
173 			return hw_value_prefix | ath10k_rates[i].hw_value;
174 	}
175 
176 	return -EINVAL;
177 }
178 
179 static int ath10k_mac_get_max_vht_mcs_map(u16 mcs_map, int nss)
180 {
181 	switch ((mcs_map >> (2 * nss)) & 0x3) {
182 	case IEEE80211_VHT_MCS_SUPPORT_0_7: return BIT(8) - 1;
183 	case IEEE80211_VHT_MCS_SUPPORT_0_8: return BIT(9) - 1;
184 	case IEEE80211_VHT_MCS_SUPPORT_0_9: return BIT(10) - 1;
185 	}
186 	return 0;
187 }
188 
189 static u32
190 ath10k_mac_max_ht_nss(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
191 {
192 	int nss;
193 
194 	for (nss = IEEE80211_HT_MCS_MASK_LEN - 1; nss >= 0; nss--)
195 		if (ht_mcs_mask[nss])
196 			return nss + 1;
197 
198 	return 1;
199 }
200 
201 static u32
202 ath10k_mac_max_vht_nss(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
203 {
204 	int nss;
205 
206 	for (nss = NL80211_VHT_NSS_MAX - 1; nss >= 0; nss--)
207 		if (vht_mcs_mask[nss])
208 			return nss + 1;
209 
210 	return 1;
211 }
212 
213 int ath10k_mac_ext_resource_config(struct ath10k *ar, u32 val)
214 {
215 	enum wmi_host_platform_type platform_type;
216 	int ret;
217 
218 	if (test_bit(WMI_SERVICE_TX_MODE_DYNAMIC, ar->wmi.svc_map))
219 		platform_type = WMI_HOST_PLATFORM_LOW_PERF;
220 	else
221 		platform_type = WMI_HOST_PLATFORM_HIGH_PERF;
222 
223 	ret = ath10k_wmi_ext_resource_config(ar, platform_type, val);
224 
225 	if (ret && ret != -EOPNOTSUPP) {
226 		ath10k_warn(ar, "failed to configure ext resource: %d\n", ret);
227 		return ret;
228 	}
229 
230 	return 0;
231 }
232 
233 /**********/
234 /* Crypto */
235 /**********/
236 
237 static int ath10k_send_key(struct ath10k_vif *arvif,
238 			   struct ieee80211_key_conf *key,
239 			   enum set_key_cmd cmd,
240 			   const u8 *macaddr, u32 flags)
241 {
242 	struct ath10k *ar = arvif->ar;
243 	struct wmi_vdev_install_key_arg arg = {
244 		.vdev_id = arvif->vdev_id,
245 		.key_idx = key->keyidx,
246 		.key_len = key->keylen,
247 		.key_data = key->key,
248 		.key_flags = flags,
249 		.macaddr = macaddr,
250 	};
251 
252 	lockdep_assert_held(&arvif->ar->conf_mutex);
253 
254 	switch (key->cipher) {
255 	case WLAN_CIPHER_SUITE_CCMP:
256 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
257 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
258 		break;
259 	case WLAN_CIPHER_SUITE_TKIP:
260 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_TKIP];
261 		arg.key_txmic_len = 8;
262 		arg.key_rxmic_len = 8;
263 		break;
264 	case WLAN_CIPHER_SUITE_WEP40:
265 	case WLAN_CIPHER_SUITE_WEP104:
266 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_WEP];
267 		break;
268 	case WLAN_CIPHER_SUITE_CCMP_256:
269 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
270 		break;
271 	case WLAN_CIPHER_SUITE_GCMP:
272 	case WLAN_CIPHER_SUITE_GCMP_256:
273 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_GCM];
274 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
275 		break;
276 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
277 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
278 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
279 	case WLAN_CIPHER_SUITE_AES_CMAC:
280 		WARN_ON(1);
281 		return -EINVAL;
282 	default:
283 		ath10k_warn(ar, "cipher %d is not supported\n", key->cipher);
284 		return -EOPNOTSUPP;
285 	}
286 
287 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
288 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
289 
290 	if (cmd == DISABLE_KEY) {
291 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_NONE];
292 		arg.key_data = NULL;
293 	}
294 
295 	return ath10k_wmi_vdev_install_key(arvif->ar, &arg);
296 }
297 
298 static int ath10k_install_key(struct ath10k_vif *arvif,
299 			      struct ieee80211_key_conf *key,
300 			      enum set_key_cmd cmd,
301 			      const u8 *macaddr, u32 flags)
302 {
303 	struct ath10k *ar = arvif->ar;
304 	int ret;
305 	unsigned long time_left;
306 
307 	lockdep_assert_held(&ar->conf_mutex);
308 
309 	reinit_completion(&ar->install_key_done);
310 
311 	if (arvif->nohwcrypt)
312 		return 1;
313 
314 	ret = ath10k_send_key(arvif, key, cmd, macaddr, flags);
315 	if (ret)
316 		return ret;
317 
318 	time_left = wait_for_completion_timeout(&ar->install_key_done, 3 * HZ);
319 	if (time_left == 0)
320 		return -ETIMEDOUT;
321 
322 	return 0;
323 }
324 
325 static int ath10k_install_peer_wep_keys(struct ath10k_vif *arvif,
326 					const u8 *addr)
327 {
328 	struct ath10k *ar = arvif->ar;
329 	struct ath10k_peer *peer;
330 	int ret;
331 	int i;
332 	u32 flags;
333 
334 	lockdep_assert_held(&ar->conf_mutex);
335 
336 	if (WARN_ON(arvif->vif->type != NL80211_IFTYPE_AP &&
337 		    arvif->vif->type != NL80211_IFTYPE_ADHOC &&
338 		    arvif->vif->type != NL80211_IFTYPE_MESH_POINT))
339 		return -EINVAL;
340 
341 	spin_lock_bh(&ar->data_lock);
342 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
343 	spin_unlock_bh(&ar->data_lock);
344 
345 	if (!peer)
346 		return -ENOENT;
347 
348 	for (i = 0; i < ARRAY_SIZE(arvif->wep_keys); i++) {
349 		if (arvif->wep_keys[i] == NULL)
350 			continue;
351 
352 		switch (arvif->vif->type) {
353 		case NL80211_IFTYPE_AP:
354 			flags = WMI_KEY_PAIRWISE;
355 
356 			if (arvif->def_wep_key_idx == i)
357 				flags |= WMI_KEY_TX_USAGE;
358 
359 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
360 						 SET_KEY, addr, flags);
361 			if (ret < 0)
362 				return ret;
363 			break;
364 		case NL80211_IFTYPE_ADHOC:
365 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
366 						 SET_KEY, addr,
367 						 WMI_KEY_PAIRWISE);
368 			if (ret < 0)
369 				return ret;
370 
371 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
372 						 SET_KEY, addr, WMI_KEY_GROUP);
373 			if (ret < 0)
374 				return ret;
375 			break;
376 		default:
377 			WARN_ON(1);
378 			return -EINVAL;
379 		}
380 
381 		spin_lock_bh(&ar->data_lock);
382 		peer->keys[i] = arvif->wep_keys[i];
383 		spin_unlock_bh(&ar->data_lock);
384 	}
385 
386 	/* In some cases (notably with static WEP IBSS with multiple keys)
387 	 * multicast Tx becomes broken. Both pairwise and groupwise keys are
388 	 * installed already. Using WMI_KEY_TX_USAGE in different combinations
389 	 * didn't seem help. Using def_keyid vdev parameter seems to be
390 	 * effective so use that.
391 	 *
392 	 * FIXME: Revisit. Perhaps this can be done in a less hacky way.
393 	 */
394 	if (arvif->vif->type != NL80211_IFTYPE_ADHOC)
395 		return 0;
396 
397 	if (arvif->def_wep_key_idx == -1)
398 		return 0;
399 
400 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
401 					arvif->vdev_id,
402 					arvif->ar->wmi.vdev_param->def_keyid,
403 					arvif->def_wep_key_idx);
404 	if (ret) {
405 		ath10k_warn(ar, "failed to re-set def wpa key idxon vdev %i: %d\n",
406 			    arvif->vdev_id, ret);
407 		return ret;
408 	}
409 
410 	return 0;
411 }
412 
413 static int ath10k_clear_peer_keys(struct ath10k_vif *arvif,
414 				  const u8 *addr)
415 {
416 	struct ath10k *ar = arvif->ar;
417 	struct ath10k_peer *peer;
418 	int first_errno = 0;
419 	int ret;
420 	int i;
421 	u32 flags = 0;
422 
423 	lockdep_assert_held(&ar->conf_mutex);
424 
425 	spin_lock_bh(&ar->data_lock);
426 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
427 	spin_unlock_bh(&ar->data_lock);
428 
429 	if (!peer)
430 		return -ENOENT;
431 
432 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
433 		if (peer->keys[i] == NULL)
434 			continue;
435 
436 		/* key flags are not required to delete the key */
437 		ret = ath10k_install_key(arvif, peer->keys[i],
438 					 DISABLE_KEY, addr, flags);
439 		if (ret < 0 && first_errno == 0)
440 			first_errno = ret;
441 
442 		if (ret < 0)
443 			ath10k_warn(ar, "failed to remove peer wep key %d: %d\n",
444 				    i, ret);
445 
446 		spin_lock_bh(&ar->data_lock);
447 		peer->keys[i] = NULL;
448 		spin_unlock_bh(&ar->data_lock);
449 	}
450 
451 	return first_errno;
452 }
453 
454 bool ath10k_mac_is_peer_wep_key_set(struct ath10k *ar, const u8 *addr,
455 				    u8 keyidx)
456 {
457 	struct ath10k_peer *peer;
458 	int i;
459 
460 	lockdep_assert_held(&ar->data_lock);
461 
462 	/* We don't know which vdev this peer belongs to,
463 	 * since WMI doesn't give us that information.
464 	 *
465 	 * FIXME: multi-bss needs to be handled.
466 	 */
467 	peer = ath10k_peer_find(ar, 0, addr);
468 	if (!peer)
469 		return false;
470 
471 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
472 		if (peer->keys[i] && peer->keys[i]->keyidx == keyidx)
473 			return true;
474 	}
475 
476 	return false;
477 }
478 
479 static int ath10k_clear_vdev_key(struct ath10k_vif *arvif,
480 				 struct ieee80211_key_conf *key)
481 {
482 	struct ath10k *ar = arvif->ar;
483 	struct ath10k_peer *peer;
484 	u8 addr[ETH_ALEN];
485 	int first_errno = 0;
486 	int ret;
487 	int i;
488 	u32 flags = 0;
489 
490 	lockdep_assert_held(&ar->conf_mutex);
491 
492 	for (;;) {
493 		/* since ath10k_install_key we can't hold data_lock all the
494 		 * time, so we try to remove the keys incrementally
495 		 */
496 		spin_lock_bh(&ar->data_lock);
497 		i = 0;
498 		list_for_each_entry(peer, &ar->peers, list) {
499 			for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
500 				if (peer->keys[i] == key) {
501 					ether_addr_copy(addr, peer->addr);
502 					peer->keys[i] = NULL;
503 					break;
504 				}
505 			}
506 
507 			if (i < ARRAY_SIZE(peer->keys))
508 				break;
509 		}
510 		spin_unlock_bh(&ar->data_lock);
511 
512 		if (i == ARRAY_SIZE(peer->keys))
513 			break;
514 		/* key flags are not required to delete the key */
515 		ret = ath10k_install_key(arvif, key, DISABLE_KEY, addr, flags);
516 		if (ret < 0 && first_errno == 0)
517 			first_errno = ret;
518 
519 		if (ret)
520 			ath10k_warn(ar, "failed to remove key for %pM: %d\n",
521 				    addr, ret);
522 	}
523 
524 	return first_errno;
525 }
526 
527 static int ath10k_mac_vif_update_wep_key(struct ath10k_vif *arvif,
528 					 struct ieee80211_key_conf *key)
529 {
530 	struct ath10k *ar = arvif->ar;
531 	struct ath10k_peer *peer;
532 	int ret;
533 
534 	lockdep_assert_held(&ar->conf_mutex);
535 
536 	list_for_each_entry(peer, &ar->peers, list) {
537 		if (ether_addr_equal(peer->addr, arvif->vif->addr))
538 			continue;
539 
540 		if (ether_addr_equal(peer->addr, arvif->bssid))
541 			continue;
542 
543 		if (peer->keys[key->keyidx] == key)
544 			continue;
545 
546 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vif vdev %i update key %i needs update\n",
547 			   arvif->vdev_id, key->keyidx);
548 
549 		ret = ath10k_install_peer_wep_keys(arvif, peer->addr);
550 		if (ret) {
551 			ath10k_warn(ar, "failed to update wep keys on vdev %i for peer %pM: %d\n",
552 				    arvif->vdev_id, peer->addr, ret);
553 			return ret;
554 		}
555 	}
556 
557 	return 0;
558 }
559 
560 /*********************/
561 /* General utilities */
562 /*********************/
563 
564 static inline enum wmi_phy_mode
565 chan_to_phymode(const struct cfg80211_chan_def *chandef)
566 {
567 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
568 
569 	switch (chandef->chan->band) {
570 	case NL80211_BAND_2GHZ:
571 		switch (chandef->width) {
572 		case NL80211_CHAN_WIDTH_20_NOHT:
573 			if (chandef->chan->flags & IEEE80211_CHAN_NO_OFDM)
574 				phymode = MODE_11B;
575 			else
576 				phymode = MODE_11G;
577 			break;
578 		case NL80211_CHAN_WIDTH_20:
579 			phymode = MODE_11NG_HT20;
580 			break;
581 		case NL80211_CHAN_WIDTH_40:
582 			phymode = MODE_11NG_HT40;
583 			break;
584 		default:
585 			phymode = MODE_UNKNOWN;
586 			break;
587 		}
588 		break;
589 	case NL80211_BAND_5GHZ:
590 		switch (chandef->width) {
591 		case NL80211_CHAN_WIDTH_20_NOHT:
592 			phymode = MODE_11A;
593 			break;
594 		case NL80211_CHAN_WIDTH_20:
595 			phymode = MODE_11NA_HT20;
596 			break;
597 		case NL80211_CHAN_WIDTH_40:
598 			phymode = MODE_11NA_HT40;
599 			break;
600 		case NL80211_CHAN_WIDTH_80:
601 			phymode = MODE_11AC_VHT80;
602 			break;
603 		case NL80211_CHAN_WIDTH_160:
604 			phymode = MODE_11AC_VHT160;
605 			break;
606 		case NL80211_CHAN_WIDTH_80P80:
607 			phymode = MODE_11AC_VHT80_80;
608 			break;
609 		default:
610 			phymode = MODE_UNKNOWN;
611 			break;
612 		}
613 		break;
614 	default:
615 		break;
616 	}
617 
618 	WARN_ON(phymode == MODE_UNKNOWN);
619 	return phymode;
620 }
621 
622 static u8 ath10k_parse_mpdudensity(u8 mpdudensity)
623 {
624 /*
625  * 802.11n D2.0 defined values for "Minimum MPDU Start Spacing":
626  *   0 for no restriction
627  *   1 for 1/4 us
628  *   2 for 1/2 us
629  *   3 for 1 us
630  *   4 for 2 us
631  *   5 for 4 us
632  *   6 for 8 us
633  *   7 for 16 us
634  */
635 	switch (mpdudensity) {
636 	case 0:
637 		return 0;
638 	case 1:
639 	case 2:
640 	case 3:
641 	/* Our lower layer calculations limit our precision to
642 	 * 1 microsecond
643 	 */
644 		return 1;
645 	case 4:
646 		return 2;
647 	case 5:
648 		return 4;
649 	case 6:
650 		return 8;
651 	case 7:
652 		return 16;
653 	default:
654 		return 0;
655 	}
656 }
657 
658 int ath10k_mac_vif_chan(struct ieee80211_vif *vif,
659 			struct cfg80211_chan_def *def)
660 {
661 	struct ieee80211_chanctx_conf *conf;
662 
663 	rcu_read_lock();
664 	conf = rcu_dereference(vif->chanctx_conf);
665 	if (!conf) {
666 		rcu_read_unlock();
667 		return -ENOENT;
668 	}
669 
670 	*def = conf->def;
671 	rcu_read_unlock();
672 
673 	return 0;
674 }
675 
676 static void ath10k_mac_num_chanctxs_iter(struct ieee80211_hw *hw,
677 					 struct ieee80211_chanctx_conf *conf,
678 					 void *data)
679 {
680 	int *num = data;
681 
682 	(*num)++;
683 }
684 
685 static int ath10k_mac_num_chanctxs(struct ath10k *ar)
686 {
687 	int num = 0;
688 
689 	ieee80211_iter_chan_contexts_atomic(ar->hw,
690 					    ath10k_mac_num_chanctxs_iter,
691 					    &num);
692 
693 	return num;
694 }
695 
696 static void
697 ath10k_mac_get_any_chandef_iter(struct ieee80211_hw *hw,
698 				struct ieee80211_chanctx_conf *conf,
699 				void *data)
700 {
701 	struct cfg80211_chan_def **def = data;
702 
703 	*def = &conf->def;
704 }
705 
706 static void ath10k_wait_for_peer_delete_done(struct ath10k *ar, u32 vdev_id,
707 					     const u8 *addr)
708 {
709 	unsigned long time_left;
710 	int ret;
711 
712 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
713 		ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
714 		if (ret) {
715 			ath10k_warn(ar, "failed wait for peer deleted");
716 			return;
717 		}
718 
719 		time_left = wait_for_completion_timeout(&ar->peer_delete_done,
720 							5 * HZ);
721 		if (!time_left)
722 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
723 	}
724 }
725 
726 static int ath10k_peer_create(struct ath10k *ar,
727 			      struct ieee80211_vif *vif,
728 			      struct ieee80211_sta *sta,
729 			      u32 vdev_id,
730 			      const u8 *addr,
731 			      enum wmi_peer_type peer_type)
732 {
733 	struct ath10k_vif *arvif;
734 	struct ath10k_peer *peer;
735 	int num_peers = 0;
736 	int ret;
737 
738 	lockdep_assert_held(&ar->conf_mutex);
739 
740 	num_peers = ar->num_peers;
741 
742 	/* Each vdev consumes a peer entry as well */
743 	list_for_each_entry(arvif, &ar->arvifs, list)
744 		num_peers++;
745 
746 	if (num_peers >= ar->max_num_peers)
747 		return -ENOBUFS;
748 
749 	ret = ath10k_wmi_peer_create(ar, vdev_id, addr, peer_type);
750 	if (ret) {
751 		ath10k_warn(ar, "failed to create wmi peer %pM on vdev %i: %i\n",
752 			    addr, vdev_id, ret);
753 		return ret;
754 	}
755 
756 	ret = ath10k_wait_for_peer_created(ar, vdev_id, addr);
757 	if (ret) {
758 		ath10k_warn(ar, "failed to wait for created wmi peer %pM on vdev %i: %i\n",
759 			    addr, vdev_id, ret);
760 		return ret;
761 	}
762 
763 	spin_lock_bh(&ar->data_lock);
764 
765 	peer = ath10k_peer_find(ar, vdev_id, addr);
766 	if (!peer) {
767 		spin_unlock_bh(&ar->data_lock);
768 		ath10k_warn(ar, "failed to find peer %pM on vdev %i after creation\n",
769 			    addr, vdev_id);
770 		ath10k_wait_for_peer_delete_done(ar, vdev_id, addr);
771 		return -ENOENT;
772 	}
773 
774 	peer->vif = vif;
775 	peer->sta = sta;
776 
777 	spin_unlock_bh(&ar->data_lock);
778 
779 	ar->num_peers++;
780 
781 	return 0;
782 }
783 
784 static int ath10k_mac_set_kickout(struct ath10k_vif *arvif)
785 {
786 	struct ath10k *ar = arvif->ar;
787 	u32 param;
788 	int ret;
789 
790 	param = ar->wmi.pdev_param->sta_kickout_th;
791 	ret = ath10k_wmi_pdev_set_param(ar, param,
792 					ATH10K_KICKOUT_THRESHOLD);
793 	if (ret) {
794 		ath10k_warn(ar, "failed to set kickout threshold on vdev %i: %d\n",
795 			    arvif->vdev_id, ret);
796 		return ret;
797 	}
798 
799 	param = ar->wmi.vdev_param->ap_keepalive_min_idle_inactive_time_secs;
800 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
801 					ATH10K_KEEPALIVE_MIN_IDLE);
802 	if (ret) {
803 		ath10k_warn(ar, "failed to set keepalive minimum idle time on vdev %i: %d\n",
804 			    arvif->vdev_id, ret);
805 		return ret;
806 	}
807 
808 	param = ar->wmi.vdev_param->ap_keepalive_max_idle_inactive_time_secs;
809 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
810 					ATH10K_KEEPALIVE_MAX_IDLE);
811 	if (ret) {
812 		ath10k_warn(ar, "failed to set keepalive maximum idle time on vdev %i: %d\n",
813 			    arvif->vdev_id, ret);
814 		return ret;
815 	}
816 
817 	param = ar->wmi.vdev_param->ap_keepalive_max_unresponsive_time_secs;
818 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
819 					ATH10K_KEEPALIVE_MAX_UNRESPONSIVE);
820 	if (ret) {
821 		ath10k_warn(ar, "failed to set keepalive maximum unresponsive time on vdev %i: %d\n",
822 			    arvif->vdev_id, ret);
823 		return ret;
824 	}
825 
826 	return 0;
827 }
828 
829 static int ath10k_mac_set_rts(struct ath10k_vif *arvif, u32 value)
830 {
831 	struct ath10k *ar = arvif->ar;
832 	u32 vdev_param;
833 
834 	vdev_param = ar->wmi.vdev_param->rts_threshold;
835 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, value);
836 }
837 
838 static int ath10k_peer_delete(struct ath10k *ar, u32 vdev_id, const u8 *addr)
839 {
840 	int ret;
841 
842 	lockdep_assert_held(&ar->conf_mutex);
843 
844 	ret = ath10k_wmi_peer_delete(ar, vdev_id, addr);
845 	if (ret)
846 		return ret;
847 
848 	ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
849 	if (ret)
850 		return ret;
851 
852 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
853 		unsigned long time_left;
854 
855 		time_left = wait_for_completion_timeout
856 			    (&ar->peer_delete_done, 5 * HZ);
857 
858 		if (!time_left) {
859 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
860 			return -ETIMEDOUT;
861 		}
862 	}
863 
864 	ar->num_peers--;
865 
866 	return 0;
867 }
868 
869 static void ath10k_peer_cleanup(struct ath10k *ar, u32 vdev_id)
870 {
871 	struct ath10k_peer *peer, *tmp;
872 	int peer_id;
873 	int i;
874 
875 	lockdep_assert_held(&ar->conf_mutex);
876 
877 	spin_lock_bh(&ar->data_lock);
878 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
879 		if (peer->vdev_id != vdev_id)
880 			continue;
881 
882 		ath10k_warn(ar, "removing stale peer %pM from vdev_id %d\n",
883 			    peer->addr, vdev_id);
884 
885 		for_each_set_bit(peer_id, peer->peer_ids,
886 				 ATH10K_MAX_NUM_PEER_IDS) {
887 			ar->peer_map[peer_id] = NULL;
888 		}
889 
890 		/* Double check that peer is properly un-referenced from
891 		 * the peer_map
892 		 */
893 		for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
894 			if (ar->peer_map[i] == peer) {
895 				ath10k_warn(ar, "removing stale peer_map entry for %pM (ptr %pK idx %d)\n",
896 					    peer->addr, peer, i);
897 				ar->peer_map[i] = NULL;
898 			}
899 		}
900 
901 		list_del(&peer->list);
902 		kfree(peer);
903 		ar->num_peers--;
904 	}
905 	spin_unlock_bh(&ar->data_lock);
906 }
907 
908 static void ath10k_peer_cleanup_all(struct ath10k *ar)
909 {
910 	struct ath10k_peer *peer, *tmp;
911 	int i;
912 
913 	lockdep_assert_held(&ar->conf_mutex);
914 
915 	spin_lock_bh(&ar->data_lock);
916 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
917 		list_del(&peer->list);
918 		kfree(peer);
919 	}
920 
921 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++)
922 		ar->peer_map[i] = NULL;
923 
924 	spin_unlock_bh(&ar->data_lock);
925 
926 	ar->num_peers = 0;
927 	ar->num_stations = 0;
928 }
929 
930 static int ath10k_mac_tdls_peer_update(struct ath10k *ar, u32 vdev_id,
931 				       struct ieee80211_sta *sta,
932 				       enum wmi_tdls_peer_state state)
933 {
934 	int ret;
935 	struct wmi_tdls_peer_update_cmd_arg arg = {};
936 	struct wmi_tdls_peer_capab_arg cap = {};
937 	struct wmi_channel_arg chan_arg = {};
938 
939 	lockdep_assert_held(&ar->conf_mutex);
940 
941 	arg.vdev_id = vdev_id;
942 	arg.peer_state = state;
943 	ether_addr_copy(arg.addr, sta->addr);
944 
945 	cap.peer_max_sp = sta->max_sp;
946 	cap.peer_uapsd_queues = sta->uapsd_queues;
947 
948 	if (state == WMI_TDLS_PEER_STATE_CONNECTED &&
949 	    !sta->tdls_initiator)
950 		cap.is_peer_responder = 1;
951 
952 	ret = ath10k_wmi_tdls_peer_update(ar, &arg, &cap, &chan_arg);
953 	if (ret) {
954 		ath10k_warn(ar, "failed to update tdls peer %pM on vdev %i: %i\n",
955 			    arg.addr, vdev_id, ret);
956 		return ret;
957 	}
958 
959 	return 0;
960 }
961 
962 /************************/
963 /* Interface management */
964 /************************/
965 
966 void ath10k_mac_vif_beacon_free(struct ath10k_vif *arvif)
967 {
968 	struct ath10k *ar = arvif->ar;
969 
970 	lockdep_assert_held(&ar->data_lock);
971 
972 	if (!arvif->beacon)
973 		return;
974 
975 	if (!arvif->beacon_buf)
976 		dma_unmap_single(ar->dev, ATH10K_SKB_CB(arvif->beacon)->paddr,
977 				 arvif->beacon->len, DMA_TO_DEVICE);
978 
979 	if (WARN_ON(arvif->beacon_state != ATH10K_BEACON_SCHEDULED &&
980 		    arvif->beacon_state != ATH10K_BEACON_SENT))
981 		return;
982 
983 	dev_kfree_skb_any(arvif->beacon);
984 
985 	arvif->beacon = NULL;
986 	arvif->beacon_state = ATH10K_BEACON_SCHEDULED;
987 }
988 
989 static void ath10k_mac_vif_beacon_cleanup(struct ath10k_vif *arvif)
990 {
991 	struct ath10k *ar = arvif->ar;
992 
993 	lockdep_assert_held(&ar->data_lock);
994 
995 	ath10k_mac_vif_beacon_free(arvif);
996 
997 	if (arvif->beacon_buf) {
998 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)
999 			kfree(arvif->beacon_buf);
1000 		else
1001 			dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
1002 					  arvif->beacon_buf,
1003 					  arvif->beacon_paddr);
1004 		arvif->beacon_buf = NULL;
1005 	}
1006 }
1007 
1008 static inline int ath10k_vdev_setup_sync(struct ath10k *ar)
1009 {
1010 	unsigned long time_left;
1011 
1012 	lockdep_assert_held(&ar->conf_mutex);
1013 
1014 	if (test_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags))
1015 		return -ESHUTDOWN;
1016 
1017 	time_left = wait_for_completion_timeout(&ar->vdev_setup_done,
1018 						ATH10K_VDEV_SETUP_TIMEOUT_HZ);
1019 	if (time_left == 0)
1020 		return -ETIMEDOUT;
1021 
1022 	return ar->last_wmi_vdev_start_status;
1023 }
1024 
1025 static int ath10k_monitor_vdev_start(struct ath10k *ar, int vdev_id)
1026 {
1027 	struct cfg80211_chan_def *chandef = NULL;
1028 	struct ieee80211_channel *channel = NULL;
1029 	struct wmi_vdev_start_request_arg arg = {};
1030 	int ret = 0;
1031 
1032 	lockdep_assert_held(&ar->conf_mutex);
1033 
1034 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1035 					    ath10k_mac_get_any_chandef_iter,
1036 					    &chandef);
1037 	if (WARN_ON_ONCE(!chandef))
1038 		return -ENOENT;
1039 
1040 	channel = chandef->chan;
1041 
1042 	arg.vdev_id = vdev_id;
1043 	arg.channel.freq = channel->center_freq;
1044 	arg.channel.band_center_freq1 = chandef->center_freq1;
1045 	arg.channel.band_center_freq2 = chandef->center_freq2;
1046 
1047 	/* TODO setup this dynamically, what in case we
1048 	 * don't have any vifs?
1049 	 */
1050 	arg.channel.mode = chan_to_phymode(chandef);
1051 	arg.channel.chan_radar =
1052 			!!(channel->flags & IEEE80211_CHAN_RADAR);
1053 
1054 	arg.channel.min_power = 0;
1055 	arg.channel.max_power = channel->max_power * 2;
1056 	arg.channel.max_reg_power = channel->max_reg_power * 2;
1057 	arg.channel.max_antenna_gain = channel->max_antenna_gain;
1058 
1059 	reinit_completion(&ar->vdev_setup_done);
1060 	reinit_completion(&ar->vdev_delete_done);
1061 
1062 	ret = ath10k_wmi_vdev_start(ar, &arg);
1063 	if (ret) {
1064 		ath10k_warn(ar, "failed to request monitor vdev %i start: %d\n",
1065 			    vdev_id, ret);
1066 		return ret;
1067 	}
1068 
1069 	ret = ath10k_vdev_setup_sync(ar);
1070 	if (ret) {
1071 		ath10k_warn(ar, "failed to synchronize setup for monitor vdev %i start: %d\n",
1072 			    vdev_id, ret);
1073 		return ret;
1074 	}
1075 
1076 	ret = ath10k_wmi_vdev_up(ar, vdev_id, 0, ar->mac_addr);
1077 	if (ret) {
1078 		ath10k_warn(ar, "failed to put up monitor vdev %i: %d\n",
1079 			    vdev_id, ret);
1080 		goto vdev_stop;
1081 	}
1082 
1083 	ar->monitor_vdev_id = vdev_id;
1084 
1085 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i started\n",
1086 		   ar->monitor_vdev_id);
1087 	return 0;
1088 
1089 vdev_stop:
1090 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1091 	if (ret)
1092 		ath10k_warn(ar, "failed to stop monitor vdev %i after start failure: %d\n",
1093 			    ar->monitor_vdev_id, ret);
1094 
1095 	return ret;
1096 }
1097 
1098 static int ath10k_monitor_vdev_stop(struct ath10k *ar)
1099 {
1100 	int ret = 0;
1101 
1102 	lockdep_assert_held(&ar->conf_mutex);
1103 
1104 	ret = ath10k_wmi_vdev_down(ar, ar->monitor_vdev_id);
1105 	if (ret)
1106 		ath10k_warn(ar, "failed to put down monitor vdev %i: %d\n",
1107 			    ar->monitor_vdev_id, ret);
1108 
1109 	reinit_completion(&ar->vdev_setup_done);
1110 	reinit_completion(&ar->vdev_delete_done);
1111 
1112 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1113 	if (ret)
1114 		ath10k_warn(ar, "failed to request monitor vdev %i stop: %d\n",
1115 			    ar->monitor_vdev_id, ret);
1116 
1117 	ret = ath10k_vdev_setup_sync(ar);
1118 	if (ret)
1119 		ath10k_warn(ar, "failed to synchronize monitor vdev %i stop: %d\n",
1120 			    ar->monitor_vdev_id, ret);
1121 
1122 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i stopped\n",
1123 		   ar->monitor_vdev_id);
1124 	return ret;
1125 }
1126 
1127 static int ath10k_monitor_vdev_create(struct ath10k *ar)
1128 {
1129 	int bit, ret = 0;
1130 
1131 	lockdep_assert_held(&ar->conf_mutex);
1132 
1133 	if (ar->free_vdev_map == 0) {
1134 		ath10k_warn(ar, "failed to find free vdev id for monitor vdev\n");
1135 		return -ENOMEM;
1136 	}
1137 
1138 	bit = __ffs64(ar->free_vdev_map);
1139 
1140 	ar->monitor_vdev_id = bit;
1141 
1142 	ret = ath10k_wmi_vdev_create(ar, ar->monitor_vdev_id,
1143 				     WMI_VDEV_TYPE_MONITOR,
1144 				     0, ar->mac_addr);
1145 	if (ret) {
1146 		ath10k_warn(ar, "failed to request monitor vdev %i creation: %d\n",
1147 			    ar->monitor_vdev_id, ret);
1148 		return ret;
1149 	}
1150 
1151 	ar->free_vdev_map &= ~(1LL << ar->monitor_vdev_id);
1152 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d created\n",
1153 		   ar->monitor_vdev_id);
1154 
1155 	return 0;
1156 }
1157 
1158 static int ath10k_monitor_vdev_delete(struct ath10k *ar)
1159 {
1160 	int ret = 0;
1161 
1162 	lockdep_assert_held(&ar->conf_mutex);
1163 
1164 	ret = ath10k_wmi_vdev_delete(ar, ar->monitor_vdev_id);
1165 	if (ret) {
1166 		ath10k_warn(ar, "failed to request wmi monitor vdev %i removal: %d\n",
1167 			    ar->monitor_vdev_id, ret);
1168 		return ret;
1169 	}
1170 
1171 	ar->free_vdev_map |= 1LL << ar->monitor_vdev_id;
1172 
1173 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d deleted\n",
1174 		   ar->monitor_vdev_id);
1175 	return ret;
1176 }
1177 
1178 static int ath10k_monitor_start(struct ath10k *ar)
1179 {
1180 	int ret;
1181 
1182 	lockdep_assert_held(&ar->conf_mutex);
1183 
1184 	ret = ath10k_monitor_vdev_create(ar);
1185 	if (ret) {
1186 		ath10k_warn(ar, "failed to create monitor vdev: %d\n", ret);
1187 		return ret;
1188 	}
1189 
1190 	ret = ath10k_monitor_vdev_start(ar, ar->monitor_vdev_id);
1191 	if (ret) {
1192 		ath10k_warn(ar, "failed to start monitor vdev: %d\n", ret);
1193 		ath10k_monitor_vdev_delete(ar);
1194 		return ret;
1195 	}
1196 
1197 	ar->monitor_started = true;
1198 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor started\n");
1199 
1200 	return 0;
1201 }
1202 
1203 static int ath10k_monitor_stop(struct ath10k *ar)
1204 {
1205 	int ret;
1206 
1207 	lockdep_assert_held(&ar->conf_mutex);
1208 
1209 	ret = ath10k_monitor_vdev_stop(ar);
1210 	if (ret) {
1211 		ath10k_warn(ar, "failed to stop monitor vdev: %d\n", ret);
1212 		return ret;
1213 	}
1214 
1215 	ret = ath10k_monitor_vdev_delete(ar);
1216 	if (ret) {
1217 		ath10k_warn(ar, "failed to delete monitor vdev: %d\n", ret);
1218 		return ret;
1219 	}
1220 
1221 	ar->monitor_started = false;
1222 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopped\n");
1223 
1224 	return 0;
1225 }
1226 
1227 static bool ath10k_mac_monitor_vdev_is_needed(struct ath10k *ar)
1228 {
1229 	int num_ctx;
1230 
1231 	/* At least one chanctx is required to derive a channel to start
1232 	 * monitor vdev on.
1233 	 */
1234 	num_ctx = ath10k_mac_num_chanctxs(ar);
1235 	if (num_ctx == 0)
1236 		return false;
1237 
1238 	/* If there's already an existing special monitor interface then don't
1239 	 * bother creating another monitor vdev.
1240 	 */
1241 	if (ar->monitor_arvif)
1242 		return false;
1243 
1244 	return ar->monitor ||
1245 	       (!test_bit(ATH10K_FW_FEATURE_ALLOWS_MESH_BCAST,
1246 			  ar->running_fw->fw_file.fw_features) &&
1247 		(ar->filter_flags & FIF_OTHER_BSS)) ||
1248 	       test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1249 }
1250 
1251 static bool ath10k_mac_monitor_vdev_is_allowed(struct ath10k *ar)
1252 {
1253 	int num_ctx;
1254 
1255 	num_ctx = ath10k_mac_num_chanctxs(ar);
1256 
1257 	/* FIXME: Current interface combinations and cfg80211/mac80211 code
1258 	 * shouldn't allow this but make sure to prevent handling the following
1259 	 * case anyway since multi-channel DFS hasn't been tested at all.
1260 	 */
1261 	if (test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags) && num_ctx > 1)
1262 		return false;
1263 
1264 	return true;
1265 }
1266 
1267 static int ath10k_monitor_recalc(struct ath10k *ar)
1268 {
1269 	bool needed;
1270 	bool allowed;
1271 	int ret;
1272 
1273 	lockdep_assert_held(&ar->conf_mutex);
1274 
1275 	needed = ath10k_mac_monitor_vdev_is_needed(ar);
1276 	allowed = ath10k_mac_monitor_vdev_is_allowed(ar);
1277 
1278 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1279 		   "mac monitor recalc started? %d needed? %d allowed? %d\n",
1280 		   ar->monitor_started, needed, allowed);
1281 
1282 	if (WARN_ON(needed && !allowed)) {
1283 		if (ar->monitor_started) {
1284 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopping disallowed monitor\n");
1285 
1286 			ret = ath10k_monitor_stop(ar);
1287 			if (ret)
1288 				ath10k_warn(ar, "failed to stop disallowed monitor: %d\n",
1289 					    ret);
1290 				/* not serious */
1291 		}
1292 
1293 		return -EPERM;
1294 	}
1295 
1296 	if (needed == ar->monitor_started)
1297 		return 0;
1298 
1299 	if (needed)
1300 		return ath10k_monitor_start(ar);
1301 	else
1302 		return ath10k_monitor_stop(ar);
1303 }
1304 
1305 static bool ath10k_mac_can_set_cts_prot(struct ath10k_vif *arvif)
1306 {
1307 	struct ath10k *ar = arvif->ar;
1308 
1309 	lockdep_assert_held(&ar->conf_mutex);
1310 
1311 	if (!arvif->is_started) {
1312 		ath10k_dbg(ar, ATH10K_DBG_MAC, "defer cts setup, vdev is not ready yet\n");
1313 		return false;
1314 	}
1315 
1316 	return true;
1317 }
1318 
1319 static int ath10k_mac_set_cts_prot(struct ath10k_vif *arvif)
1320 {
1321 	struct ath10k *ar = arvif->ar;
1322 	u32 vdev_param;
1323 
1324 	lockdep_assert_held(&ar->conf_mutex);
1325 
1326 	vdev_param = ar->wmi.vdev_param->protection_mode;
1327 
1328 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d cts_protection %d\n",
1329 		   arvif->vdev_id, arvif->use_cts_prot);
1330 
1331 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1332 					 arvif->use_cts_prot ? 1 : 0);
1333 }
1334 
1335 static int ath10k_recalc_rtscts_prot(struct ath10k_vif *arvif)
1336 {
1337 	struct ath10k *ar = arvif->ar;
1338 	u32 vdev_param, rts_cts = 0;
1339 
1340 	lockdep_assert_held(&ar->conf_mutex);
1341 
1342 	vdev_param = ar->wmi.vdev_param->enable_rtscts;
1343 
1344 	rts_cts |= SM(WMI_RTSCTS_ENABLED, WMI_RTSCTS_SET);
1345 
1346 	if (arvif->num_legacy_stations > 0)
1347 		rts_cts |= SM(WMI_RTSCTS_ACROSS_SW_RETRIES,
1348 			      WMI_RTSCTS_PROFILE);
1349 	else
1350 		rts_cts |= SM(WMI_RTSCTS_FOR_SECOND_RATESERIES,
1351 			      WMI_RTSCTS_PROFILE);
1352 
1353 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d recalc rts/cts prot %d\n",
1354 		   arvif->vdev_id, rts_cts);
1355 
1356 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1357 					 rts_cts);
1358 }
1359 
1360 static int ath10k_start_cac(struct ath10k *ar)
1361 {
1362 	int ret;
1363 
1364 	lockdep_assert_held(&ar->conf_mutex);
1365 
1366 	set_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1367 
1368 	ret = ath10k_monitor_recalc(ar);
1369 	if (ret) {
1370 		ath10k_warn(ar, "failed to start monitor (cac): %d\n", ret);
1371 		clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1372 		return ret;
1373 	}
1374 
1375 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac start monitor vdev %d\n",
1376 		   ar->monitor_vdev_id);
1377 
1378 	return 0;
1379 }
1380 
1381 static int ath10k_stop_cac(struct ath10k *ar)
1382 {
1383 	lockdep_assert_held(&ar->conf_mutex);
1384 
1385 	/* CAC is not running - do nothing */
1386 	if (!test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags))
1387 		return 0;
1388 
1389 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1390 	ath10k_monitor_stop(ar);
1391 
1392 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac finished\n");
1393 
1394 	return 0;
1395 }
1396 
1397 static void ath10k_mac_has_radar_iter(struct ieee80211_hw *hw,
1398 				      struct ieee80211_chanctx_conf *conf,
1399 				      void *data)
1400 {
1401 	bool *ret = data;
1402 
1403 	if (!*ret && conf->radar_enabled)
1404 		*ret = true;
1405 }
1406 
1407 static bool ath10k_mac_has_radar_enabled(struct ath10k *ar)
1408 {
1409 	bool has_radar = false;
1410 
1411 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1412 					    ath10k_mac_has_radar_iter,
1413 					    &has_radar);
1414 
1415 	return has_radar;
1416 }
1417 
1418 static void ath10k_recalc_radar_detection(struct ath10k *ar)
1419 {
1420 	int ret;
1421 
1422 	lockdep_assert_held(&ar->conf_mutex);
1423 
1424 	ath10k_stop_cac(ar);
1425 
1426 	if (!ath10k_mac_has_radar_enabled(ar))
1427 		return;
1428 
1429 	if (ar->num_started_vdevs > 0)
1430 		return;
1431 
1432 	ret = ath10k_start_cac(ar);
1433 	if (ret) {
1434 		/*
1435 		 * Not possible to start CAC on current channel so starting
1436 		 * radiation is not allowed, make this channel DFS_UNAVAILABLE
1437 		 * by indicating that radar was detected.
1438 		 */
1439 		ath10k_warn(ar, "failed to start CAC: %d\n", ret);
1440 		ieee80211_radar_detected(ar->hw);
1441 	}
1442 }
1443 
1444 static int ath10k_vdev_stop(struct ath10k_vif *arvif)
1445 {
1446 	struct ath10k *ar = arvif->ar;
1447 	int ret;
1448 
1449 	lockdep_assert_held(&ar->conf_mutex);
1450 
1451 	reinit_completion(&ar->vdev_setup_done);
1452 	reinit_completion(&ar->vdev_delete_done);
1453 
1454 	ret = ath10k_wmi_vdev_stop(ar, arvif->vdev_id);
1455 	if (ret) {
1456 		ath10k_warn(ar, "failed to stop WMI vdev %i: %d\n",
1457 			    arvif->vdev_id, ret);
1458 		return ret;
1459 	}
1460 
1461 	ret = ath10k_vdev_setup_sync(ar);
1462 	if (ret) {
1463 		ath10k_warn(ar, "failed to synchronize setup for vdev %i: %d\n",
1464 			    arvif->vdev_id, ret);
1465 		return ret;
1466 	}
1467 
1468 	WARN_ON(ar->num_started_vdevs == 0);
1469 
1470 	if (ar->num_started_vdevs != 0) {
1471 		ar->num_started_vdevs--;
1472 		ath10k_recalc_radar_detection(ar);
1473 	}
1474 
1475 	return ret;
1476 }
1477 
1478 static int ath10k_vdev_start_restart(struct ath10k_vif *arvif,
1479 				     const struct cfg80211_chan_def *chandef,
1480 				     bool restart)
1481 {
1482 	struct ath10k *ar = arvif->ar;
1483 	struct wmi_vdev_start_request_arg arg = {};
1484 	int ret = 0;
1485 
1486 	lockdep_assert_held(&ar->conf_mutex);
1487 
1488 	reinit_completion(&ar->vdev_setup_done);
1489 	reinit_completion(&ar->vdev_delete_done);
1490 
1491 	arg.vdev_id = arvif->vdev_id;
1492 	arg.dtim_period = arvif->dtim_period;
1493 	arg.bcn_intval = arvif->beacon_interval;
1494 
1495 	arg.channel.freq = chandef->chan->center_freq;
1496 	arg.channel.band_center_freq1 = chandef->center_freq1;
1497 	arg.channel.band_center_freq2 = chandef->center_freq2;
1498 	arg.channel.mode = chan_to_phymode(chandef);
1499 
1500 	arg.channel.min_power = 0;
1501 	arg.channel.max_power = chandef->chan->max_power * 2;
1502 	arg.channel.max_reg_power = chandef->chan->max_reg_power * 2;
1503 	arg.channel.max_antenna_gain = chandef->chan->max_antenna_gain;
1504 
1505 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
1506 		arg.ssid = arvif->u.ap.ssid;
1507 		arg.ssid_len = arvif->u.ap.ssid_len;
1508 		arg.hidden_ssid = arvif->u.ap.hidden_ssid;
1509 
1510 		/* For now allow DFS for AP mode */
1511 		arg.channel.chan_radar =
1512 			!!(chandef->chan->flags & IEEE80211_CHAN_RADAR);
1513 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
1514 		arg.ssid = arvif->vif->bss_conf.ssid;
1515 		arg.ssid_len = arvif->vif->bss_conf.ssid_len;
1516 	}
1517 
1518 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1519 		   "mac vdev %d start center_freq %d phymode %s\n",
1520 		   arg.vdev_id, arg.channel.freq,
1521 		   ath10k_wmi_phymode_str(arg.channel.mode));
1522 
1523 	if (restart)
1524 		ret = ath10k_wmi_vdev_restart(ar, &arg);
1525 	else
1526 		ret = ath10k_wmi_vdev_start(ar, &arg);
1527 
1528 	if (ret) {
1529 		ath10k_warn(ar, "failed to start WMI vdev %i: %d\n",
1530 			    arg.vdev_id, ret);
1531 		return ret;
1532 	}
1533 
1534 	ret = ath10k_vdev_setup_sync(ar);
1535 	if (ret) {
1536 		ath10k_warn(ar,
1537 			    "failed to synchronize setup for vdev %i restart %d: %d\n",
1538 			    arg.vdev_id, restart, ret);
1539 		return ret;
1540 	}
1541 
1542 	ar->num_started_vdevs++;
1543 	ath10k_recalc_radar_detection(ar);
1544 
1545 	return ret;
1546 }
1547 
1548 static int ath10k_vdev_start(struct ath10k_vif *arvif,
1549 			     const struct cfg80211_chan_def *def)
1550 {
1551 	return ath10k_vdev_start_restart(arvif, def, false);
1552 }
1553 
1554 static int ath10k_vdev_restart(struct ath10k_vif *arvif,
1555 			       const struct cfg80211_chan_def *def)
1556 {
1557 	return ath10k_vdev_start_restart(arvif, def, true);
1558 }
1559 
1560 static int ath10k_mac_setup_bcn_p2p_ie(struct ath10k_vif *arvif,
1561 				       struct sk_buff *bcn)
1562 {
1563 	struct ath10k *ar = arvif->ar;
1564 	struct ieee80211_mgmt *mgmt;
1565 	const u8 *p2p_ie;
1566 	int ret;
1567 
1568 	if (arvif->vif->type != NL80211_IFTYPE_AP || !arvif->vif->p2p)
1569 		return 0;
1570 
1571 	mgmt = (void *)bcn->data;
1572 	p2p_ie = cfg80211_find_vendor_ie(WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1573 					 mgmt->u.beacon.variable,
1574 					 bcn->len - (mgmt->u.beacon.variable -
1575 						     bcn->data));
1576 	if (!p2p_ie)
1577 		return -ENOENT;
1578 
1579 	ret = ath10k_wmi_p2p_go_bcn_ie(ar, arvif->vdev_id, p2p_ie);
1580 	if (ret) {
1581 		ath10k_warn(ar, "failed to submit p2p go bcn ie for vdev %i: %d\n",
1582 			    arvif->vdev_id, ret);
1583 		return ret;
1584 	}
1585 
1586 	return 0;
1587 }
1588 
1589 static int ath10k_mac_remove_vendor_ie(struct sk_buff *skb, unsigned int oui,
1590 				       u8 oui_type, size_t ie_offset)
1591 {
1592 	size_t len;
1593 	const u8 *next;
1594 	const u8 *end;
1595 	u8 *ie;
1596 
1597 	if (WARN_ON(skb->len < ie_offset))
1598 		return -EINVAL;
1599 
1600 	ie = (u8 *)cfg80211_find_vendor_ie(oui, oui_type,
1601 					   skb->data + ie_offset,
1602 					   skb->len - ie_offset);
1603 	if (!ie)
1604 		return -ENOENT;
1605 
1606 	len = ie[1] + 2;
1607 	end = skb->data + skb->len;
1608 	next = ie + len;
1609 
1610 	if (WARN_ON(next > end))
1611 		return -EINVAL;
1612 
1613 	memmove(ie, next, end - next);
1614 	skb_trim(skb, skb->len - len);
1615 
1616 	return 0;
1617 }
1618 
1619 static int ath10k_mac_setup_bcn_tmpl(struct ath10k_vif *arvif)
1620 {
1621 	struct ath10k *ar = arvif->ar;
1622 	struct ieee80211_hw *hw = ar->hw;
1623 	struct ieee80211_vif *vif = arvif->vif;
1624 	struct ieee80211_mutable_offsets offs = {};
1625 	struct sk_buff *bcn;
1626 	int ret;
1627 
1628 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1629 		return 0;
1630 
1631 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
1632 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
1633 		return 0;
1634 
1635 	bcn = ieee80211_beacon_get_template(hw, vif, &offs, 0);
1636 	if (!bcn) {
1637 		ath10k_warn(ar, "failed to get beacon template from mac80211\n");
1638 		return -EPERM;
1639 	}
1640 
1641 	ret = ath10k_mac_setup_bcn_p2p_ie(arvif, bcn);
1642 	if (ret) {
1643 		ath10k_warn(ar, "failed to setup p2p go bcn ie: %d\n", ret);
1644 		kfree_skb(bcn);
1645 		return ret;
1646 	}
1647 
1648 	/* P2P IE is inserted by firmware automatically (as configured above)
1649 	 * so remove it from the base beacon template to avoid duplicate P2P
1650 	 * IEs in beacon frames.
1651 	 */
1652 	ath10k_mac_remove_vendor_ie(bcn, WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1653 				    offsetof(struct ieee80211_mgmt,
1654 					     u.beacon.variable));
1655 
1656 	ret = ath10k_wmi_bcn_tmpl(ar, arvif->vdev_id, offs.tim_offset, bcn, 0,
1657 				  0, NULL, 0);
1658 	kfree_skb(bcn);
1659 
1660 	if (ret) {
1661 		ath10k_warn(ar, "failed to submit beacon template command: %d\n",
1662 			    ret);
1663 		return ret;
1664 	}
1665 
1666 	return 0;
1667 }
1668 
1669 static int ath10k_mac_setup_prb_tmpl(struct ath10k_vif *arvif)
1670 {
1671 	struct ath10k *ar = arvif->ar;
1672 	struct ieee80211_hw *hw = ar->hw;
1673 	struct ieee80211_vif *vif = arvif->vif;
1674 	struct sk_buff *prb;
1675 	int ret;
1676 
1677 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1678 		return 0;
1679 
1680 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
1681 		return 0;
1682 
1683 	 /* For mesh, probe response and beacon share the same template */
1684 	if (ieee80211_vif_is_mesh(vif))
1685 		return 0;
1686 
1687 	prb = ieee80211_proberesp_get(hw, vif);
1688 	if (!prb) {
1689 		ath10k_warn(ar, "failed to get probe resp template from mac80211\n");
1690 		return -EPERM;
1691 	}
1692 
1693 	ret = ath10k_wmi_prb_tmpl(ar, arvif->vdev_id, prb);
1694 	kfree_skb(prb);
1695 
1696 	if (ret) {
1697 		ath10k_warn(ar, "failed to submit probe resp template command: %d\n",
1698 			    ret);
1699 		return ret;
1700 	}
1701 
1702 	return 0;
1703 }
1704 
1705 static int ath10k_mac_vif_fix_hidden_ssid(struct ath10k_vif *arvif)
1706 {
1707 	struct ath10k *ar = arvif->ar;
1708 	struct cfg80211_chan_def def;
1709 	int ret;
1710 
1711 	/* When originally vdev is started during assign_vif_chanctx() some
1712 	 * information is missing, notably SSID. Firmware revisions with beacon
1713 	 * offloading require the SSID to be provided during vdev (re)start to
1714 	 * handle hidden SSID properly.
1715 	 *
1716 	 * Vdev restart must be done after vdev has been both started and
1717 	 * upped. Otherwise some firmware revisions (at least 10.2) fail to
1718 	 * deliver vdev restart response event causing timeouts during vdev
1719 	 * syncing in ath10k.
1720 	 *
1721 	 * Note: The vdev down/up and template reinstallation could be skipped
1722 	 * since only wmi-tlv firmware are known to have beacon offload and
1723 	 * wmi-tlv doesn't seem to misbehave like 10.2 wrt vdev restart
1724 	 * response delivery. It's probably more robust to keep it as is.
1725 	 */
1726 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1727 		return 0;
1728 
1729 	if (WARN_ON(!arvif->is_started))
1730 		return -EINVAL;
1731 
1732 	if (WARN_ON(!arvif->is_up))
1733 		return -EINVAL;
1734 
1735 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
1736 		return -EINVAL;
1737 
1738 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1739 	if (ret) {
1740 		ath10k_warn(ar, "failed to bring down ap vdev %i: %d\n",
1741 			    arvif->vdev_id, ret);
1742 		return ret;
1743 	}
1744 
1745 	/* Vdev down reset beacon & presp templates. Reinstall them. Otherwise
1746 	 * firmware will crash upon vdev up.
1747 	 */
1748 
1749 	ret = ath10k_mac_setup_bcn_tmpl(arvif);
1750 	if (ret) {
1751 		ath10k_warn(ar, "failed to update beacon template: %d\n", ret);
1752 		return ret;
1753 	}
1754 
1755 	ret = ath10k_mac_setup_prb_tmpl(arvif);
1756 	if (ret) {
1757 		ath10k_warn(ar, "failed to update presp template: %d\n", ret);
1758 		return ret;
1759 	}
1760 
1761 	ret = ath10k_vdev_restart(arvif, &def);
1762 	if (ret) {
1763 		ath10k_warn(ar, "failed to restart ap vdev %i: %d\n",
1764 			    arvif->vdev_id, ret);
1765 		return ret;
1766 	}
1767 
1768 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1769 				 arvif->bssid);
1770 	if (ret) {
1771 		ath10k_warn(ar, "failed to bring up ap vdev %i: %d\n",
1772 			    arvif->vdev_id, ret);
1773 		return ret;
1774 	}
1775 
1776 	return 0;
1777 }
1778 
1779 static void ath10k_control_beaconing(struct ath10k_vif *arvif,
1780 				     struct ieee80211_bss_conf *info)
1781 {
1782 	struct ath10k *ar = arvif->ar;
1783 	int ret = 0;
1784 
1785 	lockdep_assert_held(&arvif->ar->conf_mutex);
1786 
1787 	if (!info->enable_beacon) {
1788 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1789 		if (ret)
1790 			ath10k_warn(ar, "failed to down vdev_id %i: %d\n",
1791 				    arvif->vdev_id, ret);
1792 
1793 		arvif->is_up = false;
1794 
1795 		spin_lock_bh(&arvif->ar->data_lock);
1796 		ath10k_mac_vif_beacon_free(arvif);
1797 		spin_unlock_bh(&arvif->ar->data_lock);
1798 
1799 		return;
1800 	}
1801 
1802 	arvif->tx_seq_no = 0x1000;
1803 
1804 	arvif->aid = 0;
1805 	ether_addr_copy(arvif->bssid, info->bssid);
1806 
1807 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1808 				 arvif->bssid);
1809 	if (ret) {
1810 		ath10k_warn(ar, "failed to bring up vdev %d: %i\n",
1811 			    arvif->vdev_id, ret);
1812 		return;
1813 	}
1814 
1815 	arvif->is_up = true;
1816 
1817 	ret = ath10k_mac_vif_fix_hidden_ssid(arvif);
1818 	if (ret) {
1819 		ath10k_warn(ar, "failed to fix hidden ssid for vdev %i, expect trouble: %d\n",
1820 			    arvif->vdev_id, ret);
1821 		return;
1822 	}
1823 
1824 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d up\n", arvif->vdev_id);
1825 }
1826 
1827 static void ath10k_control_ibss(struct ath10k_vif *arvif,
1828 				struct ieee80211_bss_conf *info,
1829 				const u8 self_peer[ETH_ALEN])
1830 {
1831 	struct ath10k *ar = arvif->ar;
1832 	u32 vdev_param;
1833 	int ret = 0;
1834 
1835 	lockdep_assert_held(&arvif->ar->conf_mutex);
1836 
1837 	if (!info->ibss_joined) {
1838 		if (is_zero_ether_addr(arvif->bssid))
1839 			return;
1840 
1841 		eth_zero_addr(arvif->bssid);
1842 
1843 		return;
1844 	}
1845 
1846 	vdev_param = arvif->ar->wmi.vdev_param->atim_window;
1847 	ret = ath10k_wmi_vdev_set_param(arvif->ar, arvif->vdev_id, vdev_param,
1848 					ATH10K_DEFAULT_ATIM);
1849 	if (ret)
1850 		ath10k_warn(ar, "failed to set IBSS ATIM for vdev %d: %d\n",
1851 			    arvif->vdev_id, ret);
1852 }
1853 
1854 static int ath10k_mac_vif_recalc_ps_wake_threshold(struct ath10k_vif *arvif)
1855 {
1856 	struct ath10k *ar = arvif->ar;
1857 	u32 param;
1858 	u32 value;
1859 	int ret;
1860 
1861 	lockdep_assert_held(&arvif->ar->conf_mutex);
1862 
1863 	if (arvif->u.sta.uapsd)
1864 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_NEVER;
1865 	else
1866 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_ALWAYS;
1867 
1868 	param = WMI_STA_PS_PARAM_TX_WAKE_THRESHOLD;
1869 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param, value);
1870 	if (ret) {
1871 		ath10k_warn(ar, "failed to submit ps wake threshold %u on vdev %i: %d\n",
1872 			    value, arvif->vdev_id, ret);
1873 		return ret;
1874 	}
1875 
1876 	return 0;
1877 }
1878 
1879 static int ath10k_mac_vif_recalc_ps_poll_count(struct ath10k_vif *arvif)
1880 {
1881 	struct ath10k *ar = arvif->ar;
1882 	u32 param;
1883 	u32 value;
1884 	int ret;
1885 
1886 	lockdep_assert_held(&arvif->ar->conf_mutex);
1887 
1888 	if (arvif->u.sta.uapsd)
1889 		value = WMI_STA_PS_PSPOLL_COUNT_UAPSD;
1890 	else
1891 		value = WMI_STA_PS_PSPOLL_COUNT_NO_MAX;
1892 
1893 	param = WMI_STA_PS_PARAM_PSPOLL_COUNT;
1894 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
1895 					  param, value);
1896 	if (ret) {
1897 		ath10k_warn(ar, "failed to submit ps poll count %u on vdev %i: %d\n",
1898 			    value, arvif->vdev_id, ret);
1899 		return ret;
1900 	}
1901 
1902 	return 0;
1903 }
1904 
1905 static int ath10k_mac_num_vifs_started(struct ath10k *ar)
1906 {
1907 	struct ath10k_vif *arvif;
1908 	int num = 0;
1909 
1910 	lockdep_assert_held(&ar->conf_mutex);
1911 
1912 	list_for_each_entry(arvif, &ar->arvifs, list)
1913 		if (arvif->is_started)
1914 			num++;
1915 
1916 	return num;
1917 }
1918 
1919 static int ath10k_mac_vif_setup_ps(struct ath10k_vif *arvif)
1920 {
1921 	struct ath10k *ar = arvif->ar;
1922 	struct ieee80211_vif *vif = arvif->vif;
1923 	struct ieee80211_conf *conf = &ar->hw->conf;
1924 	enum wmi_sta_powersave_param param;
1925 	enum wmi_sta_ps_mode psmode;
1926 	int ret;
1927 	int ps_timeout;
1928 	bool enable_ps;
1929 
1930 	lockdep_assert_held(&arvif->ar->conf_mutex);
1931 
1932 	if (arvif->vif->type != NL80211_IFTYPE_STATION)
1933 		return 0;
1934 
1935 	enable_ps = arvif->ps;
1936 
1937 	if (enable_ps && ath10k_mac_num_vifs_started(ar) > 1 &&
1938 	    !test_bit(ATH10K_FW_FEATURE_MULTI_VIF_PS_SUPPORT,
1939 		      ar->running_fw->fw_file.fw_features)) {
1940 		ath10k_warn(ar, "refusing to enable ps on vdev %i: not supported by fw\n",
1941 			    arvif->vdev_id);
1942 		enable_ps = false;
1943 	}
1944 
1945 	if (!arvif->is_started) {
1946 		/* mac80211 can update vif powersave state while disconnected.
1947 		 * Firmware doesn't behave nicely and consumes more power than
1948 		 * necessary if PS is disabled on a non-started vdev. Hence
1949 		 * force-enable PS for non-running vdevs.
1950 		 */
1951 		psmode = WMI_STA_PS_MODE_ENABLED;
1952 	} else if (enable_ps) {
1953 		psmode = WMI_STA_PS_MODE_ENABLED;
1954 		param = WMI_STA_PS_PARAM_INACTIVITY_TIME;
1955 
1956 		ps_timeout = conf->dynamic_ps_timeout;
1957 		if (ps_timeout == 0) {
1958 			/* Firmware doesn't like 0 */
1959 			ps_timeout = ieee80211_tu_to_usec(
1960 				vif->bss_conf.beacon_int) / 1000;
1961 		}
1962 
1963 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param,
1964 						  ps_timeout);
1965 		if (ret) {
1966 			ath10k_warn(ar, "failed to set inactivity time for vdev %d: %i\n",
1967 				    arvif->vdev_id, ret);
1968 			return ret;
1969 		}
1970 	} else {
1971 		psmode = WMI_STA_PS_MODE_DISABLED;
1972 	}
1973 
1974 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d psmode %s\n",
1975 		   arvif->vdev_id, psmode ? "enable" : "disable");
1976 
1977 	ret = ath10k_wmi_set_psmode(ar, arvif->vdev_id, psmode);
1978 	if (ret) {
1979 		ath10k_warn(ar, "failed to set PS Mode %d for vdev %d: %d\n",
1980 			    psmode, arvif->vdev_id, ret);
1981 		return ret;
1982 	}
1983 
1984 	return 0;
1985 }
1986 
1987 static int ath10k_mac_vif_disable_keepalive(struct ath10k_vif *arvif)
1988 {
1989 	struct ath10k *ar = arvif->ar;
1990 	struct wmi_sta_keepalive_arg arg = {};
1991 	int ret;
1992 
1993 	lockdep_assert_held(&arvif->ar->conf_mutex);
1994 
1995 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
1996 		return 0;
1997 
1998 	if (!test_bit(WMI_SERVICE_STA_KEEP_ALIVE, ar->wmi.svc_map))
1999 		return 0;
2000 
2001 	/* Some firmware revisions have a bug and ignore the `enabled` field.
2002 	 * Instead use the interval to disable the keepalive.
2003 	 */
2004 	arg.vdev_id = arvif->vdev_id;
2005 	arg.enabled = 1;
2006 	arg.method = WMI_STA_KEEPALIVE_METHOD_NULL_FRAME;
2007 	arg.interval = WMI_STA_KEEPALIVE_INTERVAL_DISABLE;
2008 
2009 	ret = ath10k_wmi_sta_keepalive(ar, &arg);
2010 	if (ret) {
2011 		ath10k_warn(ar, "failed to submit keepalive on vdev %i: %d\n",
2012 			    arvif->vdev_id, ret);
2013 		return ret;
2014 	}
2015 
2016 	return 0;
2017 }
2018 
2019 static void ath10k_mac_vif_ap_csa_count_down(struct ath10k_vif *arvif)
2020 {
2021 	struct ath10k *ar = arvif->ar;
2022 	struct ieee80211_vif *vif = arvif->vif;
2023 	int ret;
2024 
2025 	lockdep_assert_held(&arvif->ar->conf_mutex);
2026 
2027 	if (WARN_ON(!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)))
2028 		return;
2029 
2030 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
2031 		return;
2032 
2033 	if (!vif->csa_active)
2034 		return;
2035 
2036 	if (!arvif->is_up)
2037 		return;
2038 
2039 	if (!ieee80211_beacon_cntdwn_is_complete(vif)) {
2040 		ieee80211_beacon_update_cntdwn(vif);
2041 
2042 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
2043 		if (ret)
2044 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
2045 				    ret);
2046 
2047 		ret = ath10k_mac_setup_prb_tmpl(arvif);
2048 		if (ret)
2049 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
2050 				    ret);
2051 	} else {
2052 		ieee80211_csa_finish(vif);
2053 	}
2054 }
2055 
2056 static void ath10k_mac_vif_ap_csa_work(struct work_struct *work)
2057 {
2058 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2059 						ap_csa_work);
2060 	struct ath10k *ar = arvif->ar;
2061 
2062 	mutex_lock(&ar->conf_mutex);
2063 	ath10k_mac_vif_ap_csa_count_down(arvif);
2064 	mutex_unlock(&ar->conf_mutex);
2065 }
2066 
2067 static void ath10k_mac_handle_beacon_iter(void *data, u8 *mac,
2068 					  struct ieee80211_vif *vif)
2069 {
2070 	struct sk_buff *skb = data;
2071 	struct ieee80211_mgmt *mgmt = (void *)skb->data;
2072 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2073 
2074 	if (vif->type != NL80211_IFTYPE_STATION)
2075 		return;
2076 
2077 	if (!ether_addr_equal(mgmt->bssid, vif->bss_conf.bssid))
2078 		return;
2079 
2080 	cancel_delayed_work(&arvif->connection_loss_work);
2081 }
2082 
2083 void ath10k_mac_handle_beacon(struct ath10k *ar, struct sk_buff *skb)
2084 {
2085 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2086 						   ATH10K_ITER_NORMAL_FLAGS,
2087 						   ath10k_mac_handle_beacon_iter,
2088 						   skb);
2089 }
2090 
2091 static void ath10k_mac_handle_beacon_miss_iter(void *data, u8 *mac,
2092 					       struct ieee80211_vif *vif)
2093 {
2094 	u32 *vdev_id = data;
2095 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2096 	struct ath10k *ar = arvif->ar;
2097 	struct ieee80211_hw *hw = ar->hw;
2098 
2099 	if (arvif->vdev_id != *vdev_id)
2100 		return;
2101 
2102 	if (!arvif->is_up)
2103 		return;
2104 
2105 	ieee80211_beacon_loss(vif);
2106 
2107 	/* Firmware doesn't report beacon loss events repeatedly. If AP probe
2108 	 * (done by mac80211) succeeds but beacons do not resume then it
2109 	 * doesn't make sense to continue operation. Queue connection loss work
2110 	 * which can be cancelled when beacon is received.
2111 	 */
2112 	ieee80211_queue_delayed_work(hw, &arvif->connection_loss_work,
2113 				     ATH10K_CONNECTION_LOSS_HZ);
2114 }
2115 
2116 void ath10k_mac_handle_beacon_miss(struct ath10k *ar, u32 vdev_id)
2117 {
2118 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2119 						   ATH10K_ITER_NORMAL_FLAGS,
2120 						   ath10k_mac_handle_beacon_miss_iter,
2121 						   &vdev_id);
2122 }
2123 
2124 static void ath10k_mac_vif_sta_connection_loss_work(struct work_struct *work)
2125 {
2126 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2127 						connection_loss_work.work);
2128 	struct ieee80211_vif *vif = arvif->vif;
2129 
2130 	if (!arvif->is_up)
2131 		return;
2132 
2133 	ieee80211_connection_loss(vif);
2134 }
2135 
2136 /**********************/
2137 /* Station management */
2138 /**********************/
2139 
2140 static u32 ath10k_peer_assoc_h_listen_intval(struct ath10k *ar,
2141 					     struct ieee80211_vif *vif)
2142 {
2143 	/* Some firmware revisions have unstable STA powersave when listen
2144 	 * interval is set too high (e.g. 5). The symptoms are firmware doesn't
2145 	 * generate NullFunc frames properly even if buffered frames have been
2146 	 * indicated in Beacon TIM. Firmware would seldom wake up to pull
2147 	 * buffered frames. Often pinging the device from AP would simply fail.
2148 	 *
2149 	 * As a workaround set it to 1.
2150 	 */
2151 	if (vif->type == NL80211_IFTYPE_STATION)
2152 		return 1;
2153 
2154 	return ar->hw->conf.listen_interval;
2155 }
2156 
2157 static void ath10k_peer_assoc_h_basic(struct ath10k *ar,
2158 				      struct ieee80211_vif *vif,
2159 				      struct ieee80211_sta *sta,
2160 				      struct wmi_peer_assoc_complete_arg *arg)
2161 {
2162 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2163 	u32 aid;
2164 
2165 	lockdep_assert_held(&ar->conf_mutex);
2166 
2167 	if (vif->type == NL80211_IFTYPE_STATION)
2168 		aid = vif->bss_conf.aid;
2169 	else
2170 		aid = sta->aid;
2171 
2172 	ether_addr_copy(arg->addr, sta->addr);
2173 	arg->vdev_id = arvif->vdev_id;
2174 	arg->peer_aid = aid;
2175 	arg->peer_flags |= arvif->ar->wmi.peer_flags->auth;
2176 	arg->peer_listen_intval = ath10k_peer_assoc_h_listen_intval(ar, vif);
2177 	arg->peer_num_spatial_streams = 1;
2178 	arg->peer_caps = vif->bss_conf.assoc_capability;
2179 }
2180 
2181 static void ath10k_peer_assoc_h_crypto(struct ath10k *ar,
2182 				       struct ieee80211_vif *vif,
2183 				       struct ieee80211_sta *sta,
2184 				       struct wmi_peer_assoc_complete_arg *arg)
2185 {
2186 	struct ieee80211_bss_conf *info = &vif->bss_conf;
2187 	struct cfg80211_chan_def def;
2188 	struct cfg80211_bss *bss;
2189 	const u8 *rsnie = NULL;
2190 	const u8 *wpaie = NULL;
2191 
2192 	lockdep_assert_held(&ar->conf_mutex);
2193 
2194 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2195 		return;
2196 
2197 	bss = cfg80211_get_bss(ar->hw->wiphy, def.chan, info->bssid,
2198 			       info->ssid_len ? info->ssid : NULL, info->ssid_len,
2199 			       IEEE80211_BSS_TYPE_ANY, IEEE80211_PRIVACY_ANY);
2200 	if (bss) {
2201 		const struct cfg80211_bss_ies *ies;
2202 
2203 		rcu_read_lock();
2204 		rsnie = ieee80211_bss_get_ie(bss, WLAN_EID_RSN);
2205 
2206 		ies = rcu_dereference(bss->ies);
2207 
2208 		wpaie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
2209 						WLAN_OUI_TYPE_MICROSOFT_WPA,
2210 						ies->data,
2211 						ies->len);
2212 		rcu_read_unlock();
2213 		cfg80211_put_bss(ar->hw->wiphy, bss);
2214 	}
2215 
2216 	/* FIXME: base on RSN IE/WPA IE is a correct idea? */
2217 	if (rsnie || wpaie) {
2218 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: rsn ie found\n", __func__);
2219 		arg->peer_flags |= ar->wmi.peer_flags->need_ptk_4_way;
2220 	}
2221 
2222 	if (wpaie) {
2223 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: wpa ie found\n", __func__);
2224 		arg->peer_flags |= ar->wmi.peer_flags->need_gtk_2_way;
2225 	}
2226 
2227 	if (sta->mfp &&
2228 	    test_bit(ATH10K_FW_FEATURE_MFP_SUPPORT,
2229 		     ar->running_fw->fw_file.fw_features)) {
2230 		arg->peer_flags |= ar->wmi.peer_flags->pmf;
2231 	}
2232 }
2233 
2234 static void ath10k_peer_assoc_h_rates(struct ath10k *ar,
2235 				      struct ieee80211_vif *vif,
2236 				      struct ieee80211_sta *sta,
2237 				      struct wmi_peer_assoc_complete_arg *arg)
2238 {
2239 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2240 	struct wmi_rate_set_arg *rateset = &arg->peer_legacy_rates;
2241 	struct cfg80211_chan_def def;
2242 	const struct ieee80211_supported_band *sband;
2243 	const struct ieee80211_rate *rates;
2244 	enum nl80211_band band;
2245 	u32 ratemask;
2246 	u8 rate;
2247 	int i;
2248 
2249 	lockdep_assert_held(&ar->conf_mutex);
2250 
2251 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2252 		return;
2253 
2254 	band = def.chan->band;
2255 	sband = ar->hw->wiphy->bands[band];
2256 	ratemask = sta->deflink.supp_rates[band];
2257 	ratemask &= arvif->bitrate_mask.control[band].legacy;
2258 	rates = sband->bitrates;
2259 
2260 	rateset->num_rates = 0;
2261 
2262 	for (i = 0; i < 32; i++, ratemask >>= 1, rates++) {
2263 		if (!(ratemask & 1))
2264 			continue;
2265 
2266 		rate = ath10k_mac_bitrate_to_rate(rates->bitrate);
2267 		rateset->rates[rateset->num_rates] = rate;
2268 		rateset->num_rates++;
2269 	}
2270 }
2271 
2272 static bool
2273 ath10k_peer_assoc_h_ht_masked(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
2274 {
2275 	int nss;
2276 
2277 	for (nss = 0; nss < IEEE80211_HT_MCS_MASK_LEN; nss++)
2278 		if (ht_mcs_mask[nss])
2279 			return false;
2280 
2281 	return true;
2282 }
2283 
2284 static bool
2285 ath10k_peer_assoc_h_vht_masked(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
2286 {
2287 	int nss;
2288 
2289 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++)
2290 		if (vht_mcs_mask[nss])
2291 			return false;
2292 
2293 	return true;
2294 }
2295 
2296 static void ath10k_peer_assoc_h_ht(struct ath10k *ar,
2297 				   struct ieee80211_vif *vif,
2298 				   struct ieee80211_sta *sta,
2299 				   struct wmi_peer_assoc_complete_arg *arg)
2300 {
2301 	const struct ieee80211_sta_ht_cap *ht_cap = &sta->deflink.ht_cap;
2302 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2303 	struct cfg80211_chan_def def;
2304 	enum nl80211_band band;
2305 	const u8 *ht_mcs_mask;
2306 	const u16 *vht_mcs_mask;
2307 	int i, n;
2308 	u8 max_nss;
2309 	u32 stbc;
2310 
2311 	lockdep_assert_held(&ar->conf_mutex);
2312 
2313 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2314 		return;
2315 
2316 	if (!ht_cap->ht_supported)
2317 		return;
2318 
2319 	band = def.chan->band;
2320 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2321 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2322 
2323 	if (ath10k_peer_assoc_h_ht_masked(ht_mcs_mask) &&
2324 	    ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2325 		return;
2326 
2327 	arg->peer_flags |= ar->wmi.peer_flags->ht;
2328 	arg->peer_max_mpdu = (1 << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2329 				    ht_cap->ampdu_factor)) - 1;
2330 
2331 	arg->peer_mpdu_density =
2332 		ath10k_parse_mpdudensity(ht_cap->ampdu_density);
2333 
2334 	arg->peer_ht_caps = ht_cap->cap;
2335 	arg->peer_rate_caps |= WMI_RC_HT_FLAG;
2336 
2337 	if (ht_cap->cap & IEEE80211_HT_CAP_LDPC_CODING)
2338 		arg->peer_flags |= ar->wmi.peer_flags->ldbc;
2339 
2340 	if (sta->deflink.bandwidth >= IEEE80211_STA_RX_BW_40) {
2341 		arg->peer_flags |= ar->wmi.peer_flags->bw40;
2342 		arg->peer_rate_caps |= WMI_RC_CW40_FLAG;
2343 	}
2344 
2345 	if (arvif->bitrate_mask.control[band].gi != NL80211_TXRATE_FORCE_LGI) {
2346 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_20)
2347 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2348 
2349 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_40)
2350 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2351 	}
2352 
2353 	if (ht_cap->cap & IEEE80211_HT_CAP_TX_STBC) {
2354 		arg->peer_rate_caps |= WMI_RC_TX_STBC_FLAG;
2355 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2356 	}
2357 
2358 	if (ht_cap->cap & IEEE80211_HT_CAP_RX_STBC) {
2359 		stbc = ht_cap->cap & IEEE80211_HT_CAP_RX_STBC;
2360 		stbc = stbc >> IEEE80211_HT_CAP_RX_STBC_SHIFT;
2361 		stbc = stbc << WMI_RC_RX_STBC_FLAG_S;
2362 		arg->peer_rate_caps |= stbc;
2363 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2364 	}
2365 
2366 	if (ht_cap->mcs.rx_mask[1] && ht_cap->mcs.rx_mask[2])
2367 		arg->peer_rate_caps |= WMI_RC_TS_FLAG;
2368 	else if (ht_cap->mcs.rx_mask[1])
2369 		arg->peer_rate_caps |= WMI_RC_DS_FLAG;
2370 
2371 	for (i = 0, n = 0, max_nss = 0; i < IEEE80211_HT_MCS_MASK_LEN * 8; i++)
2372 		if ((ht_cap->mcs.rx_mask[i / 8] & BIT(i % 8)) &&
2373 		    (ht_mcs_mask[i / 8] & BIT(i % 8))) {
2374 			max_nss = (i / 8) + 1;
2375 			arg->peer_ht_rates.rates[n++] = i;
2376 		}
2377 
2378 	/*
2379 	 * This is a workaround for HT-enabled STAs which break the spec
2380 	 * and have no HT capabilities RX mask (no HT RX MCS map).
2381 	 *
2382 	 * As per spec, in section 20.3.5 Modulation and coding scheme (MCS),
2383 	 * MCS 0 through 7 are mandatory in 20MHz with 800 ns GI at all STAs.
2384 	 *
2385 	 * Firmware asserts if such situation occurs.
2386 	 */
2387 	if (n == 0) {
2388 		arg->peer_ht_rates.num_rates = 8;
2389 		for (i = 0; i < arg->peer_ht_rates.num_rates; i++)
2390 			arg->peer_ht_rates.rates[i] = i;
2391 	} else {
2392 		arg->peer_ht_rates.num_rates = n;
2393 		arg->peer_num_spatial_streams = min(sta->deflink.rx_nss,
2394 						    max_nss);
2395 	}
2396 
2397 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ht peer %pM mcs cnt %d nss %d\n",
2398 		   arg->addr,
2399 		   arg->peer_ht_rates.num_rates,
2400 		   arg->peer_num_spatial_streams);
2401 }
2402 
2403 static int ath10k_peer_assoc_qos_ap(struct ath10k *ar,
2404 				    struct ath10k_vif *arvif,
2405 				    struct ieee80211_sta *sta)
2406 {
2407 	u32 uapsd = 0;
2408 	u32 max_sp = 0;
2409 	int ret = 0;
2410 
2411 	lockdep_assert_held(&ar->conf_mutex);
2412 
2413 	if (sta->wme && sta->uapsd_queues) {
2414 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac uapsd_queues 0x%x max_sp %d\n",
2415 			   sta->uapsd_queues, sta->max_sp);
2416 
2417 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
2418 			uapsd |= WMI_AP_PS_UAPSD_AC3_DELIVERY_EN |
2419 				 WMI_AP_PS_UAPSD_AC3_TRIGGER_EN;
2420 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
2421 			uapsd |= WMI_AP_PS_UAPSD_AC2_DELIVERY_EN |
2422 				 WMI_AP_PS_UAPSD_AC2_TRIGGER_EN;
2423 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
2424 			uapsd |= WMI_AP_PS_UAPSD_AC1_DELIVERY_EN |
2425 				 WMI_AP_PS_UAPSD_AC1_TRIGGER_EN;
2426 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
2427 			uapsd |= WMI_AP_PS_UAPSD_AC0_DELIVERY_EN |
2428 				 WMI_AP_PS_UAPSD_AC0_TRIGGER_EN;
2429 
2430 		if (sta->max_sp < MAX_WMI_AP_PS_PEER_PARAM_MAX_SP)
2431 			max_sp = sta->max_sp;
2432 
2433 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2434 						 sta->addr,
2435 						 WMI_AP_PS_PEER_PARAM_UAPSD,
2436 						 uapsd);
2437 		if (ret) {
2438 			ath10k_warn(ar, "failed to set ap ps peer param uapsd for vdev %i: %d\n",
2439 				    arvif->vdev_id, ret);
2440 			return ret;
2441 		}
2442 
2443 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2444 						 sta->addr,
2445 						 WMI_AP_PS_PEER_PARAM_MAX_SP,
2446 						 max_sp);
2447 		if (ret) {
2448 			ath10k_warn(ar, "failed to set ap ps peer param max sp for vdev %i: %d\n",
2449 				    arvif->vdev_id, ret);
2450 			return ret;
2451 		}
2452 
2453 		/* TODO setup this based on STA listen interval and
2454 		 * beacon interval. Currently we don't know
2455 		 * sta->listen_interval - mac80211 patch required.
2456 		 * Currently use 10 seconds
2457 		 */
2458 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id, sta->addr,
2459 						 WMI_AP_PS_PEER_PARAM_AGEOUT_TIME,
2460 						 10);
2461 		if (ret) {
2462 			ath10k_warn(ar, "failed to set ap ps peer param ageout time for vdev %i: %d\n",
2463 				    arvif->vdev_id, ret);
2464 			return ret;
2465 		}
2466 	}
2467 
2468 	return 0;
2469 }
2470 
2471 static u16
2472 ath10k_peer_assoc_h_vht_limit(u16 tx_mcs_set,
2473 			      const u16 vht_mcs_limit[NL80211_VHT_NSS_MAX])
2474 {
2475 	int idx_limit;
2476 	int nss;
2477 	u16 mcs_map;
2478 	u16 mcs;
2479 
2480 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
2481 		mcs_map = ath10k_mac_get_max_vht_mcs_map(tx_mcs_set, nss) &
2482 			  vht_mcs_limit[nss];
2483 
2484 		if (mcs_map)
2485 			idx_limit = fls(mcs_map) - 1;
2486 		else
2487 			idx_limit = -1;
2488 
2489 		switch (idx_limit) {
2490 		case 0:
2491 		case 1:
2492 		case 2:
2493 		case 3:
2494 		case 4:
2495 		case 5:
2496 		case 6:
2497 		default:
2498 			/* see ath10k_mac_can_set_bitrate_mask() */
2499 			WARN_ON(1);
2500 			fallthrough;
2501 		case -1:
2502 			mcs = IEEE80211_VHT_MCS_NOT_SUPPORTED;
2503 			break;
2504 		case 7:
2505 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_7;
2506 			break;
2507 		case 8:
2508 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_8;
2509 			break;
2510 		case 9:
2511 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_9;
2512 			break;
2513 		}
2514 
2515 		tx_mcs_set &= ~(0x3 << (nss * 2));
2516 		tx_mcs_set |= mcs << (nss * 2);
2517 	}
2518 
2519 	return tx_mcs_set;
2520 }
2521 
2522 static u32 get_160mhz_nss_from_maxrate(int rate)
2523 {
2524 	u32 nss;
2525 
2526 	switch (rate) {
2527 	case 780:
2528 		nss = 1;
2529 		break;
2530 	case 1560:
2531 		nss = 2;
2532 		break;
2533 	case 2106:
2534 		nss = 3; /* not support MCS9 from spec*/
2535 		break;
2536 	case 3120:
2537 		nss = 4;
2538 		break;
2539 	default:
2540 		 nss = 1;
2541 	}
2542 
2543 	return nss;
2544 }
2545 
2546 static void ath10k_peer_assoc_h_vht(struct ath10k *ar,
2547 				    struct ieee80211_vif *vif,
2548 				    struct ieee80211_sta *sta,
2549 				    struct wmi_peer_assoc_complete_arg *arg)
2550 {
2551 	const struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
2552 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2553 	struct ath10k_hw_params *hw = &ar->hw_params;
2554 	struct cfg80211_chan_def def;
2555 	enum nl80211_band band;
2556 	const u16 *vht_mcs_mask;
2557 	u8 ampdu_factor;
2558 	u8 max_nss, vht_mcs;
2559 	int i;
2560 
2561 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2562 		return;
2563 
2564 	if (!vht_cap->vht_supported)
2565 		return;
2566 
2567 	band = def.chan->band;
2568 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2569 
2570 	if (ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2571 		return;
2572 
2573 	arg->peer_flags |= ar->wmi.peer_flags->vht;
2574 
2575 	if (def.chan->band == NL80211_BAND_2GHZ)
2576 		arg->peer_flags |= ar->wmi.peer_flags->vht_2g;
2577 
2578 	arg->peer_vht_caps = vht_cap->cap;
2579 
2580 	ampdu_factor = (vht_cap->cap &
2581 			IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK) >>
2582 		       IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT;
2583 
2584 	/* Workaround: Some Netgear/Linksys 11ac APs set Rx A-MPDU factor to
2585 	 * zero in VHT IE. Using it would result in degraded throughput.
2586 	 * arg->peer_max_mpdu at this point contains HT max_mpdu so keep
2587 	 * it if VHT max_mpdu is smaller.
2588 	 */
2589 	arg->peer_max_mpdu = max(arg->peer_max_mpdu,
2590 				 (1U << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2591 					ampdu_factor)) - 1);
2592 
2593 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_80)
2594 		arg->peer_flags |= ar->wmi.peer_flags->bw80;
2595 
2596 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
2597 		arg->peer_flags |= ar->wmi.peer_flags->bw160;
2598 
2599 	/* Calculate peer NSS capability from VHT capabilities if STA
2600 	 * supports VHT.
2601 	 */
2602 	for (i = 0, max_nss = 0, vht_mcs = 0; i < NL80211_VHT_NSS_MAX; i++) {
2603 		vht_mcs = __le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map) >>
2604 			  (2 * i) & 3;
2605 
2606 		if ((vht_mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED) &&
2607 		    vht_mcs_mask[i])
2608 			max_nss = i + 1;
2609 	}
2610 	arg->peer_num_spatial_streams = min(sta->deflink.rx_nss, max_nss);
2611 	arg->peer_vht_rates.rx_max_rate =
2612 		__le16_to_cpu(vht_cap->vht_mcs.rx_highest);
2613 	arg->peer_vht_rates.rx_mcs_set =
2614 		__le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map);
2615 	arg->peer_vht_rates.tx_max_rate =
2616 		__le16_to_cpu(vht_cap->vht_mcs.tx_highest);
2617 	arg->peer_vht_rates.tx_mcs_set = ath10k_peer_assoc_h_vht_limit(
2618 		__le16_to_cpu(vht_cap->vht_mcs.tx_mcs_map), vht_mcs_mask);
2619 
2620 	/* Configure bandwidth-NSS mapping to FW
2621 	 * for the chip's tx chains setting on 160Mhz bw
2622 	 */
2623 	if (arg->peer_phymode == MODE_11AC_VHT160 ||
2624 	    arg->peer_phymode == MODE_11AC_VHT80_80) {
2625 		u32 rx_nss;
2626 		u32 max_rate;
2627 
2628 		max_rate = arg->peer_vht_rates.rx_max_rate;
2629 		rx_nss = get_160mhz_nss_from_maxrate(max_rate);
2630 
2631 		if (rx_nss == 0)
2632 			rx_nss = arg->peer_num_spatial_streams;
2633 		else
2634 			rx_nss = min(arg->peer_num_spatial_streams, rx_nss);
2635 
2636 		max_rate = hw->vht160_mcs_tx_highest;
2637 		rx_nss = min(rx_nss, get_160mhz_nss_from_maxrate(max_rate));
2638 
2639 		arg->peer_bw_rxnss_override =
2640 			FIELD_PREP(WMI_PEER_NSS_MAP_ENABLE, 1) |
2641 			FIELD_PREP(WMI_PEER_NSS_160MHZ_MASK, (rx_nss - 1));
2642 
2643 		if (arg->peer_phymode == MODE_11AC_VHT80_80) {
2644 			arg->peer_bw_rxnss_override |=
2645 			FIELD_PREP(WMI_PEER_NSS_80_80MHZ_MASK, (rx_nss - 1));
2646 		}
2647 	}
2648 	ath10k_dbg(ar, ATH10K_DBG_MAC,
2649 		   "mac vht peer %pM max_mpdu %d flags 0x%x peer_rx_nss_override 0x%x\n",
2650 		   sta->addr, arg->peer_max_mpdu,
2651 		   arg->peer_flags, arg->peer_bw_rxnss_override);
2652 }
2653 
2654 static void ath10k_peer_assoc_h_qos(struct ath10k *ar,
2655 				    struct ieee80211_vif *vif,
2656 				    struct ieee80211_sta *sta,
2657 				    struct wmi_peer_assoc_complete_arg *arg)
2658 {
2659 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2660 
2661 	switch (arvif->vdev_type) {
2662 	case WMI_VDEV_TYPE_AP:
2663 		if (sta->wme)
2664 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2665 
2666 		if (sta->wme && sta->uapsd_queues) {
2667 			arg->peer_flags |= arvif->ar->wmi.peer_flags->apsd;
2668 			arg->peer_rate_caps |= WMI_RC_UAPSD_FLAG;
2669 		}
2670 		break;
2671 	case WMI_VDEV_TYPE_STA:
2672 		if (sta->wme)
2673 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2674 		break;
2675 	case WMI_VDEV_TYPE_IBSS:
2676 		if (sta->wme)
2677 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2678 		break;
2679 	default:
2680 		break;
2681 	}
2682 
2683 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM qos %d\n",
2684 		   sta->addr, !!(arg->peer_flags &
2685 		   arvif->ar->wmi.peer_flags->qos));
2686 }
2687 
2688 static bool ath10k_mac_sta_has_ofdm_only(struct ieee80211_sta *sta)
2689 {
2690 	return sta->deflink.supp_rates[NL80211_BAND_2GHZ] >>
2691 	       ATH10K_MAC_FIRST_OFDM_RATE_IDX;
2692 }
2693 
2694 static enum wmi_phy_mode ath10k_mac_get_phymode_vht(struct ath10k *ar,
2695 						    struct ieee80211_sta *sta)
2696 {
2697 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160) {
2698 		switch (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) {
2699 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ:
2700 			return MODE_11AC_VHT160;
2701 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ:
2702 			return MODE_11AC_VHT80_80;
2703 		default:
2704 			/* not sure if this is a valid case? */
2705 			return MODE_11AC_VHT160;
2706 		}
2707 	}
2708 
2709 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_80)
2710 		return MODE_11AC_VHT80;
2711 
2712 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2713 		return MODE_11AC_VHT40;
2714 
2715 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_20)
2716 		return MODE_11AC_VHT20;
2717 
2718 	return MODE_UNKNOWN;
2719 }
2720 
2721 static void ath10k_peer_assoc_h_phymode(struct ath10k *ar,
2722 					struct ieee80211_vif *vif,
2723 					struct ieee80211_sta *sta,
2724 					struct wmi_peer_assoc_complete_arg *arg)
2725 {
2726 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2727 	struct cfg80211_chan_def def;
2728 	enum nl80211_band band;
2729 	const u8 *ht_mcs_mask;
2730 	const u16 *vht_mcs_mask;
2731 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
2732 
2733 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2734 		return;
2735 
2736 	band = def.chan->band;
2737 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2738 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2739 
2740 	switch (band) {
2741 	case NL80211_BAND_2GHZ:
2742 		if (sta->deflink.vht_cap.vht_supported &&
2743 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2744 			if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2745 				phymode = MODE_11AC_VHT40;
2746 			else
2747 				phymode = MODE_11AC_VHT20;
2748 		} else if (sta->deflink.ht_cap.ht_supported &&
2749 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2750 			if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2751 				phymode = MODE_11NG_HT40;
2752 			else
2753 				phymode = MODE_11NG_HT20;
2754 		} else if (ath10k_mac_sta_has_ofdm_only(sta)) {
2755 			phymode = MODE_11G;
2756 		} else {
2757 			phymode = MODE_11B;
2758 		}
2759 
2760 		break;
2761 	case NL80211_BAND_5GHZ:
2762 		/*
2763 		 * Check VHT first.
2764 		 */
2765 		if (sta->deflink.vht_cap.vht_supported &&
2766 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2767 			phymode = ath10k_mac_get_phymode_vht(ar, sta);
2768 		} else if (sta->deflink.ht_cap.ht_supported &&
2769 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2770 			if (sta->deflink.bandwidth >= IEEE80211_STA_RX_BW_40)
2771 				phymode = MODE_11NA_HT40;
2772 			else
2773 				phymode = MODE_11NA_HT20;
2774 		} else {
2775 			phymode = MODE_11A;
2776 		}
2777 
2778 		break;
2779 	default:
2780 		break;
2781 	}
2782 
2783 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM phymode %s\n",
2784 		   sta->addr, ath10k_wmi_phymode_str(phymode));
2785 
2786 	arg->peer_phymode = phymode;
2787 	WARN_ON(phymode == MODE_UNKNOWN);
2788 }
2789 
2790 static int ath10k_peer_assoc_prepare(struct ath10k *ar,
2791 				     struct ieee80211_vif *vif,
2792 				     struct ieee80211_sta *sta,
2793 				     struct wmi_peer_assoc_complete_arg *arg)
2794 {
2795 	lockdep_assert_held(&ar->conf_mutex);
2796 
2797 	memset(arg, 0, sizeof(*arg));
2798 
2799 	ath10k_peer_assoc_h_basic(ar, vif, sta, arg);
2800 	ath10k_peer_assoc_h_crypto(ar, vif, sta, arg);
2801 	ath10k_peer_assoc_h_rates(ar, vif, sta, arg);
2802 	ath10k_peer_assoc_h_ht(ar, vif, sta, arg);
2803 	ath10k_peer_assoc_h_phymode(ar, vif, sta, arg);
2804 	ath10k_peer_assoc_h_vht(ar, vif, sta, arg);
2805 	ath10k_peer_assoc_h_qos(ar, vif, sta, arg);
2806 
2807 	return 0;
2808 }
2809 
2810 static const u32 ath10k_smps_map[] = {
2811 	[WLAN_HT_CAP_SM_PS_STATIC] = WMI_PEER_SMPS_STATIC,
2812 	[WLAN_HT_CAP_SM_PS_DYNAMIC] = WMI_PEER_SMPS_DYNAMIC,
2813 	[WLAN_HT_CAP_SM_PS_INVALID] = WMI_PEER_SMPS_PS_NONE,
2814 	[WLAN_HT_CAP_SM_PS_DISABLED] = WMI_PEER_SMPS_PS_NONE,
2815 };
2816 
2817 static int ath10k_setup_peer_smps(struct ath10k *ar, struct ath10k_vif *arvif,
2818 				  const u8 *addr,
2819 				  const struct ieee80211_sta_ht_cap *ht_cap)
2820 {
2821 	int smps;
2822 
2823 	if (!ht_cap->ht_supported)
2824 		return 0;
2825 
2826 	smps = ht_cap->cap & IEEE80211_HT_CAP_SM_PS;
2827 	smps >>= IEEE80211_HT_CAP_SM_PS_SHIFT;
2828 
2829 	if (smps >= ARRAY_SIZE(ath10k_smps_map))
2830 		return -EINVAL;
2831 
2832 	return ath10k_wmi_peer_set_param(ar, arvif->vdev_id, addr,
2833 					 ar->wmi.peer_param->smps_state,
2834 					 ath10k_smps_map[smps]);
2835 }
2836 
2837 static int ath10k_mac_vif_recalc_txbf(struct ath10k *ar,
2838 				      struct ieee80211_vif *vif,
2839 				      struct ieee80211_sta_vht_cap vht_cap)
2840 {
2841 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2842 	int ret;
2843 	u32 param;
2844 	u32 value;
2845 
2846 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_AFTER_ASSOC)
2847 		return 0;
2848 
2849 	if (!(ar->vht_cap_info &
2850 	      (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2851 	       IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE |
2852 	       IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2853 	       IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
2854 		return 0;
2855 
2856 	param = ar->wmi.vdev_param->txbf;
2857 	value = 0;
2858 
2859 	if (WARN_ON(param == WMI_VDEV_PARAM_UNSUPPORTED))
2860 		return 0;
2861 
2862 	/* The following logic is correct. If a remote STA advertises support
2863 	 * for being a beamformer then we should enable us being a beamformee.
2864 	 */
2865 
2866 	if (ar->vht_cap_info &
2867 	    (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2868 	     IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
2869 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
2870 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2871 
2872 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
2873 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFEE;
2874 	}
2875 
2876 	if (ar->vht_cap_info &
2877 	    (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2878 	     IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
2879 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
2880 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2881 
2882 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
2883 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFER;
2884 	}
2885 
2886 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFEE)
2887 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2888 
2889 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFER)
2890 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2891 
2892 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param, value);
2893 	if (ret) {
2894 		ath10k_warn(ar, "failed to submit vdev param txbf 0x%x: %d\n",
2895 			    value, ret);
2896 		return ret;
2897 	}
2898 
2899 	return 0;
2900 }
2901 
2902 static bool ath10k_mac_is_connected(struct ath10k *ar)
2903 {
2904 	struct ath10k_vif *arvif;
2905 
2906 	list_for_each_entry(arvif, &ar->arvifs, list) {
2907 		if (arvif->is_up && arvif->vdev_type == WMI_VDEV_TYPE_STA)
2908 			return true;
2909 	}
2910 
2911 	return false;
2912 }
2913 
2914 static int ath10k_mac_txpower_setup(struct ath10k *ar, int txpower)
2915 {
2916 	int ret;
2917 	u32 param;
2918 	int tx_power_2g, tx_power_5g;
2919 	bool connected;
2920 
2921 	lockdep_assert_held(&ar->conf_mutex);
2922 
2923 	/* ath10k internally uses unit of 0.5 dBm so multiply by 2 */
2924 	tx_power_2g = txpower * 2;
2925 	tx_power_5g = txpower * 2;
2926 
2927 	connected = ath10k_mac_is_connected(ar);
2928 
2929 	if (connected && ar->tx_power_2g_limit)
2930 		if (tx_power_2g > ar->tx_power_2g_limit)
2931 			tx_power_2g = ar->tx_power_2g_limit;
2932 
2933 	if (connected && ar->tx_power_5g_limit)
2934 		if (tx_power_5g > ar->tx_power_5g_limit)
2935 			tx_power_5g = ar->tx_power_5g_limit;
2936 
2937 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac txpower 2g: %d, 5g: %d\n",
2938 		   tx_power_2g, tx_power_5g);
2939 
2940 	param = ar->wmi.pdev_param->txpower_limit2g;
2941 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_2g);
2942 	if (ret) {
2943 		ath10k_warn(ar, "failed to set 2g txpower %d: %d\n",
2944 			    tx_power_2g, ret);
2945 		return ret;
2946 	}
2947 
2948 	param = ar->wmi.pdev_param->txpower_limit5g;
2949 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_5g);
2950 	if (ret) {
2951 		ath10k_warn(ar, "failed to set 5g txpower %d: %d\n",
2952 			    tx_power_5g, ret);
2953 		return ret;
2954 	}
2955 
2956 	return 0;
2957 }
2958 
2959 static int ath10k_mac_txpower_recalc(struct ath10k *ar)
2960 {
2961 	struct ath10k_vif *arvif;
2962 	int ret, txpower = -1;
2963 
2964 	lockdep_assert_held(&ar->conf_mutex);
2965 
2966 	list_for_each_entry(arvif, &ar->arvifs, list) {
2967 		/* txpower not initialized yet? */
2968 		if (arvif->txpower == INT_MIN)
2969 			continue;
2970 
2971 		if (txpower == -1)
2972 			txpower = arvif->txpower;
2973 		else
2974 			txpower = min(txpower, arvif->txpower);
2975 	}
2976 
2977 	if (txpower == -1)
2978 		return 0;
2979 
2980 	ret = ath10k_mac_txpower_setup(ar, txpower);
2981 	if (ret) {
2982 		ath10k_warn(ar, "failed to setup tx power %d: %d\n",
2983 			    txpower, ret);
2984 		return ret;
2985 	}
2986 
2987 	return 0;
2988 }
2989 
2990 static int ath10k_mac_set_sar_power(struct ath10k *ar)
2991 {
2992 	if (!ar->hw_params.dynamic_sar_support)
2993 		return -EOPNOTSUPP;
2994 
2995 	if (!ath10k_mac_is_connected(ar))
2996 		return 0;
2997 
2998 	/* if connected, then arvif->txpower must be valid */
2999 	return ath10k_mac_txpower_recalc(ar);
3000 }
3001 
3002 static int ath10k_mac_set_sar_specs(struct ieee80211_hw *hw,
3003 				    const struct cfg80211_sar_specs *sar)
3004 {
3005 	const struct cfg80211_sar_sub_specs *sub_specs;
3006 	struct ath10k *ar = hw->priv;
3007 	u32 i;
3008 	int ret;
3009 
3010 	mutex_lock(&ar->conf_mutex);
3011 
3012 	if (!ar->hw_params.dynamic_sar_support) {
3013 		ret = -EOPNOTSUPP;
3014 		goto err;
3015 	}
3016 
3017 	if (!sar || sar->type != NL80211_SAR_TYPE_POWER ||
3018 	    sar->num_sub_specs == 0) {
3019 		ret = -EINVAL;
3020 		goto err;
3021 	}
3022 
3023 	sub_specs = sar->sub_specs;
3024 
3025 	/* 0dbm is not a practical value for ath10k, so use 0
3026 	 * as no SAR limitation on it.
3027 	 */
3028 	ar->tx_power_2g_limit = 0;
3029 	ar->tx_power_5g_limit = 0;
3030 
3031 	/* note the power is in 0.25dbm unit, while ath10k uses
3032 	 * 0.5dbm unit.
3033 	 */
3034 	for (i = 0; i < sar->num_sub_specs; i++) {
3035 		if (sub_specs->freq_range_index == 0)
3036 			ar->tx_power_2g_limit = sub_specs->power / 2;
3037 		else if (sub_specs->freq_range_index == 1)
3038 			ar->tx_power_5g_limit = sub_specs->power / 2;
3039 
3040 		sub_specs++;
3041 	}
3042 
3043 	ret = ath10k_mac_set_sar_power(ar);
3044 	if (ret) {
3045 		ath10k_warn(ar, "failed to set sar power: %d", ret);
3046 		goto err;
3047 	}
3048 
3049 err:
3050 	mutex_unlock(&ar->conf_mutex);
3051 	return ret;
3052 }
3053 
3054 /* can be called only in mac80211 callbacks due to `key_count` usage */
3055 static void ath10k_bss_assoc(struct ieee80211_hw *hw,
3056 			     struct ieee80211_vif *vif,
3057 			     struct ieee80211_bss_conf *bss_conf)
3058 {
3059 	struct ath10k *ar = hw->priv;
3060 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3061 	struct ieee80211_sta_ht_cap ht_cap;
3062 	struct ieee80211_sta_vht_cap vht_cap;
3063 	struct wmi_peer_assoc_complete_arg peer_arg;
3064 	struct ieee80211_sta *ap_sta;
3065 	int ret;
3066 
3067 	lockdep_assert_held(&ar->conf_mutex);
3068 
3069 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i assoc bssid %pM aid %d\n",
3070 		   arvif->vdev_id, arvif->bssid, arvif->aid);
3071 
3072 	rcu_read_lock();
3073 
3074 	ap_sta = ieee80211_find_sta(vif, bss_conf->bssid);
3075 	if (!ap_sta) {
3076 		ath10k_warn(ar, "failed to find station entry for bss %pM vdev %i\n",
3077 			    bss_conf->bssid, arvif->vdev_id);
3078 		rcu_read_unlock();
3079 		return;
3080 	}
3081 
3082 	/* ap_sta must be accessed only within rcu section which must be left
3083 	 * before calling ath10k_setup_peer_smps() which might sleep.
3084 	 */
3085 	ht_cap = ap_sta->deflink.ht_cap;
3086 	vht_cap = ap_sta->deflink.vht_cap;
3087 
3088 	ret = ath10k_peer_assoc_prepare(ar, vif, ap_sta, &peer_arg);
3089 	if (ret) {
3090 		ath10k_warn(ar, "failed to prepare peer assoc for %pM vdev %i: %d\n",
3091 			    bss_conf->bssid, arvif->vdev_id, ret);
3092 		rcu_read_unlock();
3093 		return;
3094 	}
3095 
3096 	rcu_read_unlock();
3097 
3098 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3099 	if (ret) {
3100 		ath10k_warn(ar, "failed to run peer assoc for %pM vdev %i: %d\n",
3101 			    bss_conf->bssid, arvif->vdev_id, ret);
3102 		return;
3103 	}
3104 
3105 	ret = ath10k_setup_peer_smps(ar, arvif, bss_conf->bssid, &ht_cap);
3106 	if (ret) {
3107 		ath10k_warn(ar, "failed to setup peer SMPS for vdev %i: %d\n",
3108 			    arvif->vdev_id, ret);
3109 		return;
3110 	}
3111 
3112 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3113 	if (ret) {
3114 		ath10k_warn(ar, "failed to recalc txbf for vdev %i on bss %pM: %d\n",
3115 			    arvif->vdev_id, bss_conf->bssid, ret);
3116 		return;
3117 	}
3118 
3119 	ath10k_dbg(ar, ATH10K_DBG_MAC,
3120 		   "mac vdev %d up (associated) bssid %pM aid %d\n",
3121 		   arvif->vdev_id, bss_conf->bssid, bss_conf->aid);
3122 
3123 	WARN_ON(arvif->is_up);
3124 
3125 	arvif->aid = bss_conf->aid;
3126 	ether_addr_copy(arvif->bssid, bss_conf->bssid);
3127 
3128 	ret = ath10k_wmi_pdev_set_param(ar,
3129 					ar->wmi.pdev_param->peer_stats_info_enable, 1);
3130 	if (ret)
3131 		ath10k_warn(ar, "failed to enable peer stats info: %d\n", ret);
3132 
3133 	ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, arvif->aid, arvif->bssid);
3134 	if (ret) {
3135 		ath10k_warn(ar, "failed to set vdev %d up: %d\n",
3136 			    arvif->vdev_id, ret);
3137 		return;
3138 	}
3139 
3140 	arvif->is_up = true;
3141 
3142 	ath10k_mac_set_sar_power(ar);
3143 
3144 	/* Workaround: Some firmware revisions (tested with qca6174
3145 	 * WLAN.RM.2.0-00073) have buggy powersave state machine and must be
3146 	 * poked with peer param command.
3147 	 */
3148 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, arvif->bssid,
3149 					ar->wmi.peer_param->dummy_var, 1);
3150 	if (ret) {
3151 		ath10k_warn(ar, "failed to poke peer %pM param for ps workaround on vdev %i: %d\n",
3152 			    arvif->bssid, arvif->vdev_id, ret);
3153 		return;
3154 	}
3155 }
3156 
3157 static void ath10k_bss_disassoc(struct ieee80211_hw *hw,
3158 				struct ieee80211_vif *vif)
3159 {
3160 	struct ath10k *ar = hw->priv;
3161 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3162 	struct ieee80211_sta_vht_cap vht_cap = {};
3163 	int ret;
3164 
3165 	lockdep_assert_held(&ar->conf_mutex);
3166 
3167 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i disassoc bssid %pM\n",
3168 		   arvif->vdev_id, arvif->bssid);
3169 
3170 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
3171 	if (ret)
3172 		ath10k_warn(ar, "failed to down vdev %i: %d\n",
3173 			    arvif->vdev_id, ret);
3174 
3175 	arvif->def_wep_key_idx = -1;
3176 
3177 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3178 	if (ret) {
3179 		ath10k_warn(ar, "failed to recalc txbf for vdev %i: %d\n",
3180 			    arvif->vdev_id, ret);
3181 		return;
3182 	}
3183 
3184 	arvif->is_up = false;
3185 
3186 	ath10k_mac_txpower_recalc(ar);
3187 
3188 	cancel_delayed_work_sync(&arvif->connection_loss_work);
3189 }
3190 
3191 static int ath10k_new_peer_tid_config(struct ath10k *ar,
3192 				      struct ieee80211_sta *sta,
3193 				      struct ath10k_vif *arvif)
3194 {
3195 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
3196 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
3197 	bool config_apply;
3198 	int ret, i;
3199 
3200 	for (i = 0; i < ATH10K_TID_MAX; i++) {
3201 		config_apply = false;
3202 		if (arvif->retry_long[i] || arvif->ampdu[i] ||
3203 		    arvif->rate_ctrl[i] || arvif->rtscts[i]) {
3204 			config_apply = true;
3205 			arg.tid = i;
3206 			arg.vdev_id = arvif->vdev_id;
3207 			arg.retry_count = arvif->retry_long[i];
3208 			arg.aggr_control = arvif->ampdu[i];
3209 			arg.rate_ctrl = arvif->rate_ctrl[i];
3210 			arg.rcode_flags = arvif->rate_code[i];
3211 
3212 			if (arvif->rtscts[i])
3213 				arg.ext_tid_cfg_bitmap =
3214 					WMI_EXT_TID_RTS_CTS_CONFIG;
3215 			else
3216 				arg.ext_tid_cfg_bitmap = 0;
3217 
3218 			arg.rtscts_ctrl = arvif->rtscts[i];
3219 		}
3220 
3221 		if (arvif->noack[i]) {
3222 			arg.ack_policy = arvif->noack[i];
3223 			arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
3224 			arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
3225 			config_apply = true;
3226 		}
3227 
3228 		/* Assign default value(-1) to newly connected station.
3229 		 * This is to identify station specific tid configuration not
3230 		 * configured for the station.
3231 		 */
3232 		arsta->retry_long[i] = -1;
3233 		arsta->noack[i] = -1;
3234 		arsta->ampdu[i] = -1;
3235 
3236 		if (!config_apply)
3237 			continue;
3238 
3239 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
3240 
3241 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
3242 		if (ret) {
3243 			ath10k_warn(ar, "failed to set per tid retry/aggr config for sta %pM: %d\n",
3244 				    sta->addr, ret);
3245 			return ret;
3246 		}
3247 
3248 		memset(&arg, 0, sizeof(arg));
3249 	}
3250 
3251 	return 0;
3252 }
3253 
3254 static int ath10k_station_assoc(struct ath10k *ar,
3255 				struct ieee80211_vif *vif,
3256 				struct ieee80211_sta *sta,
3257 				bool reassoc)
3258 {
3259 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3260 	struct wmi_peer_assoc_complete_arg peer_arg;
3261 	int ret = 0;
3262 
3263 	lockdep_assert_held(&ar->conf_mutex);
3264 
3265 	ret = ath10k_peer_assoc_prepare(ar, vif, sta, &peer_arg);
3266 	if (ret) {
3267 		ath10k_warn(ar, "failed to prepare WMI peer assoc for %pM vdev %i: %i\n",
3268 			    sta->addr, arvif->vdev_id, ret);
3269 		return ret;
3270 	}
3271 
3272 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3273 	if (ret) {
3274 		ath10k_warn(ar, "failed to run peer assoc for STA %pM vdev %i: %d\n",
3275 			    sta->addr, arvif->vdev_id, ret);
3276 		return ret;
3277 	}
3278 
3279 	/* Re-assoc is run only to update supported rates for given station. It
3280 	 * doesn't make much sense to reconfigure the peer completely.
3281 	 */
3282 	if (!reassoc) {
3283 		ret = ath10k_setup_peer_smps(ar, arvif, sta->addr,
3284 					     &sta->deflink.ht_cap);
3285 		if (ret) {
3286 			ath10k_warn(ar, "failed to setup peer SMPS for vdev %d: %d\n",
3287 				    arvif->vdev_id, ret);
3288 			return ret;
3289 		}
3290 
3291 		ret = ath10k_peer_assoc_qos_ap(ar, arvif, sta);
3292 		if (ret) {
3293 			ath10k_warn(ar, "failed to set qos params for STA %pM for vdev %i: %d\n",
3294 				    sta->addr, arvif->vdev_id, ret);
3295 			return ret;
3296 		}
3297 
3298 		if (!sta->wme) {
3299 			arvif->num_legacy_stations++;
3300 			ret  = ath10k_recalc_rtscts_prot(arvif);
3301 			if (ret) {
3302 				ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3303 					    arvif->vdev_id, ret);
3304 				return ret;
3305 			}
3306 		}
3307 
3308 		/* Plumb cached keys only for static WEP */
3309 		if ((arvif->def_wep_key_idx != -1) && (!sta->tdls)) {
3310 			ret = ath10k_install_peer_wep_keys(arvif, sta->addr);
3311 			if (ret) {
3312 				ath10k_warn(ar, "failed to install peer wep keys for vdev %i: %d\n",
3313 					    arvif->vdev_id, ret);
3314 				return ret;
3315 			}
3316 		}
3317 	}
3318 
3319 	if (!test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map))
3320 		return ret;
3321 
3322 	return ath10k_new_peer_tid_config(ar, sta, arvif);
3323 }
3324 
3325 static int ath10k_station_disassoc(struct ath10k *ar,
3326 				   struct ieee80211_vif *vif,
3327 				   struct ieee80211_sta *sta)
3328 {
3329 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3330 	int ret = 0;
3331 
3332 	lockdep_assert_held(&ar->conf_mutex);
3333 
3334 	if (!sta->wme) {
3335 		arvif->num_legacy_stations--;
3336 		ret = ath10k_recalc_rtscts_prot(arvif);
3337 		if (ret) {
3338 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3339 				    arvif->vdev_id, ret);
3340 			return ret;
3341 		}
3342 	}
3343 
3344 	ret = ath10k_clear_peer_keys(arvif, sta->addr);
3345 	if (ret) {
3346 		ath10k_warn(ar, "failed to clear all peer wep keys for vdev %i: %d\n",
3347 			    arvif->vdev_id, ret);
3348 		return ret;
3349 	}
3350 
3351 	return ret;
3352 }
3353 
3354 /**************/
3355 /* Regulatory */
3356 /**************/
3357 
3358 static int ath10k_update_channel_list(struct ath10k *ar)
3359 {
3360 	struct ieee80211_hw *hw = ar->hw;
3361 	struct ieee80211_supported_band **bands;
3362 	enum nl80211_band band;
3363 	struct ieee80211_channel *channel;
3364 	struct wmi_scan_chan_list_arg arg = {0};
3365 	struct wmi_channel_arg *ch;
3366 	bool passive;
3367 	int len;
3368 	int ret;
3369 	int i;
3370 
3371 	lockdep_assert_held(&ar->conf_mutex);
3372 
3373 	bands = hw->wiphy->bands;
3374 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3375 		if (!bands[band])
3376 			continue;
3377 
3378 		for (i = 0; i < bands[band]->n_channels; i++) {
3379 			if (bands[band]->channels[i].flags &
3380 			    IEEE80211_CHAN_DISABLED)
3381 				continue;
3382 
3383 			arg.n_channels++;
3384 		}
3385 	}
3386 
3387 	len = sizeof(struct wmi_channel_arg) * arg.n_channels;
3388 	arg.channels = kzalloc(len, GFP_KERNEL);
3389 	if (!arg.channels)
3390 		return -ENOMEM;
3391 
3392 	ch = arg.channels;
3393 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3394 		if (!bands[band])
3395 			continue;
3396 
3397 		for (i = 0; i < bands[band]->n_channels; i++) {
3398 			channel = &bands[band]->channels[i];
3399 
3400 			if (channel->flags & IEEE80211_CHAN_DISABLED)
3401 				continue;
3402 
3403 			ch->allow_ht = true;
3404 
3405 			/* FIXME: when should we really allow VHT? */
3406 			ch->allow_vht = true;
3407 
3408 			ch->allow_ibss =
3409 				!(channel->flags & IEEE80211_CHAN_NO_IR);
3410 
3411 			ch->ht40plus =
3412 				!(channel->flags & IEEE80211_CHAN_NO_HT40PLUS);
3413 
3414 			ch->chan_radar =
3415 				!!(channel->flags & IEEE80211_CHAN_RADAR);
3416 
3417 			passive = channel->flags & IEEE80211_CHAN_NO_IR;
3418 			ch->passive = passive;
3419 
3420 			/* the firmware is ignoring the "radar" flag of the
3421 			 * channel and is scanning actively using Probe Requests
3422 			 * on "Radar detection"/DFS channels which are not
3423 			 * marked as "available"
3424 			 */
3425 			ch->passive |= ch->chan_radar;
3426 
3427 			ch->freq = channel->center_freq;
3428 			ch->band_center_freq1 = channel->center_freq;
3429 			ch->min_power = 0;
3430 			ch->max_power = channel->max_power * 2;
3431 			ch->max_reg_power = channel->max_reg_power * 2;
3432 			ch->max_antenna_gain = channel->max_antenna_gain;
3433 			ch->reg_class_id = 0; /* FIXME */
3434 
3435 			/* FIXME: why use only legacy modes, why not any
3436 			 * HT/VHT modes? Would that even make any
3437 			 * difference?
3438 			 */
3439 			if (channel->band == NL80211_BAND_2GHZ)
3440 				ch->mode = MODE_11G;
3441 			else
3442 				ch->mode = MODE_11A;
3443 
3444 			if (WARN_ON_ONCE(ch->mode == MODE_UNKNOWN))
3445 				continue;
3446 
3447 			ath10k_dbg(ar, ATH10K_DBG_WMI,
3448 				   "mac channel [%zd/%d] freq %d maxpower %d regpower %d antenna %d mode %d\n",
3449 				    ch - arg.channels, arg.n_channels,
3450 				   ch->freq, ch->max_power, ch->max_reg_power,
3451 				   ch->max_antenna_gain, ch->mode);
3452 
3453 			ch++;
3454 		}
3455 	}
3456 
3457 	ret = ath10k_wmi_scan_chan_list(ar, &arg);
3458 	kfree(arg.channels);
3459 
3460 	return ret;
3461 }
3462 
3463 static enum wmi_dfs_region
3464 ath10k_mac_get_dfs_region(enum nl80211_dfs_regions dfs_region)
3465 {
3466 	switch (dfs_region) {
3467 	case NL80211_DFS_UNSET:
3468 		return WMI_UNINIT_DFS_DOMAIN;
3469 	case NL80211_DFS_FCC:
3470 		return WMI_FCC_DFS_DOMAIN;
3471 	case NL80211_DFS_ETSI:
3472 		return WMI_ETSI_DFS_DOMAIN;
3473 	case NL80211_DFS_JP:
3474 		return WMI_MKK4_DFS_DOMAIN;
3475 	}
3476 	return WMI_UNINIT_DFS_DOMAIN;
3477 }
3478 
3479 static void ath10k_regd_update(struct ath10k *ar)
3480 {
3481 	struct reg_dmn_pair_mapping *regpair;
3482 	int ret;
3483 	enum wmi_dfs_region wmi_dfs_reg;
3484 	enum nl80211_dfs_regions nl_dfs_reg;
3485 
3486 	lockdep_assert_held(&ar->conf_mutex);
3487 
3488 	ret = ath10k_update_channel_list(ar);
3489 	if (ret)
3490 		ath10k_warn(ar, "failed to update channel list: %d\n", ret);
3491 
3492 	regpair = ar->ath_common.regulatory.regpair;
3493 
3494 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3495 		nl_dfs_reg = ar->dfs_detector->region;
3496 		wmi_dfs_reg = ath10k_mac_get_dfs_region(nl_dfs_reg);
3497 	} else {
3498 		wmi_dfs_reg = WMI_UNINIT_DFS_DOMAIN;
3499 	}
3500 
3501 	/* Target allows setting up per-band regdomain but ath_common provides
3502 	 * a combined one only
3503 	 */
3504 	ret = ath10k_wmi_pdev_set_regdomain(ar,
3505 					    regpair->reg_domain,
3506 					    regpair->reg_domain, /* 2ghz */
3507 					    regpair->reg_domain, /* 5ghz */
3508 					    regpair->reg_2ghz_ctl,
3509 					    regpair->reg_5ghz_ctl,
3510 					    wmi_dfs_reg);
3511 	if (ret)
3512 		ath10k_warn(ar, "failed to set pdev regdomain: %d\n", ret);
3513 }
3514 
3515 static void ath10k_mac_update_channel_list(struct ath10k *ar,
3516 					   struct ieee80211_supported_band *band)
3517 {
3518 	int i;
3519 
3520 	if (ar->low_5ghz_chan && ar->high_5ghz_chan) {
3521 		for (i = 0; i < band->n_channels; i++) {
3522 			if (band->channels[i].center_freq < ar->low_5ghz_chan ||
3523 			    band->channels[i].center_freq > ar->high_5ghz_chan)
3524 				band->channels[i].flags |=
3525 					IEEE80211_CHAN_DISABLED;
3526 		}
3527 	}
3528 }
3529 
3530 static void ath10k_reg_notifier(struct wiphy *wiphy,
3531 				struct regulatory_request *request)
3532 {
3533 	struct ieee80211_hw *hw = wiphy_to_ieee80211_hw(wiphy);
3534 	struct ath10k *ar = hw->priv;
3535 	bool result;
3536 
3537 	ath_reg_notifier_apply(wiphy, request, &ar->ath_common.regulatory);
3538 
3539 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3540 		ath10k_dbg(ar, ATH10K_DBG_REGULATORY, "dfs region 0x%x\n",
3541 			   request->dfs_region);
3542 		result = ar->dfs_detector->set_dfs_domain(ar->dfs_detector,
3543 							  request->dfs_region);
3544 		if (!result)
3545 			ath10k_warn(ar, "DFS region 0x%X not supported, will trigger radar for every pulse\n",
3546 				    request->dfs_region);
3547 	}
3548 
3549 	mutex_lock(&ar->conf_mutex);
3550 	if (ar->state == ATH10K_STATE_ON)
3551 		ath10k_regd_update(ar);
3552 	mutex_unlock(&ar->conf_mutex);
3553 
3554 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
3555 		ath10k_mac_update_channel_list(ar,
3556 					       ar->hw->wiphy->bands[NL80211_BAND_5GHZ]);
3557 }
3558 
3559 static void ath10k_stop_radar_confirmation(struct ath10k *ar)
3560 {
3561 	spin_lock_bh(&ar->data_lock);
3562 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_STOPPED;
3563 	spin_unlock_bh(&ar->data_lock);
3564 
3565 	cancel_work_sync(&ar->radar_confirmation_work);
3566 }
3567 
3568 /***************/
3569 /* TX handlers */
3570 /***************/
3571 
3572 enum ath10k_mac_tx_path {
3573 	ATH10K_MAC_TX_HTT,
3574 	ATH10K_MAC_TX_HTT_MGMT,
3575 	ATH10K_MAC_TX_WMI_MGMT,
3576 	ATH10K_MAC_TX_UNKNOWN,
3577 };
3578 
3579 void ath10k_mac_tx_lock(struct ath10k *ar, int reason)
3580 {
3581 	lockdep_assert_held(&ar->htt.tx_lock);
3582 
3583 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3584 	ar->tx_paused |= BIT(reason);
3585 	ieee80211_stop_queues(ar->hw);
3586 }
3587 
3588 static void ath10k_mac_tx_unlock_iter(void *data, u8 *mac,
3589 				      struct ieee80211_vif *vif)
3590 {
3591 	struct ath10k *ar = data;
3592 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3593 
3594 	if (arvif->tx_paused)
3595 		return;
3596 
3597 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3598 }
3599 
3600 void ath10k_mac_tx_unlock(struct ath10k *ar, int reason)
3601 {
3602 	lockdep_assert_held(&ar->htt.tx_lock);
3603 
3604 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3605 	ar->tx_paused &= ~BIT(reason);
3606 
3607 	if (ar->tx_paused)
3608 		return;
3609 
3610 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3611 						   ATH10K_ITER_RESUME_FLAGS,
3612 						   ath10k_mac_tx_unlock_iter,
3613 						   ar);
3614 
3615 	ieee80211_wake_queue(ar->hw, ar->hw->offchannel_tx_hw_queue);
3616 }
3617 
3618 void ath10k_mac_vif_tx_lock(struct ath10k_vif *arvif, int reason)
3619 {
3620 	struct ath10k *ar = arvif->ar;
3621 
3622 	lockdep_assert_held(&ar->htt.tx_lock);
3623 
3624 	WARN_ON(reason >= BITS_PER_LONG);
3625 	arvif->tx_paused |= BIT(reason);
3626 	ieee80211_stop_queue(ar->hw, arvif->vdev_id);
3627 }
3628 
3629 void ath10k_mac_vif_tx_unlock(struct ath10k_vif *arvif, int reason)
3630 {
3631 	struct ath10k *ar = arvif->ar;
3632 
3633 	lockdep_assert_held(&ar->htt.tx_lock);
3634 
3635 	WARN_ON(reason >= BITS_PER_LONG);
3636 	arvif->tx_paused &= ~BIT(reason);
3637 
3638 	if (ar->tx_paused)
3639 		return;
3640 
3641 	if (arvif->tx_paused)
3642 		return;
3643 
3644 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3645 }
3646 
3647 static void ath10k_mac_vif_handle_tx_pause(struct ath10k_vif *arvif,
3648 					   enum wmi_tlv_tx_pause_id pause_id,
3649 					   enum wmi_tlv_tx_pause_action action)
3650 {
3651 	struct ath10k *ar = arvif->ar;
3652 
3653 	lockdep_assert_held(&ar->htt.tx_lock);
3654 
3655 	switch (action) {
3656 	case WMI_TLV_TX_PAUSE_ACTION_STOP:
3657 		ath10k_mac_vif_tx_lock(arvif, pause_id);
3658 		break;
3659 	case WMI_TLV_TX_PAUSE_ACTION_WAKE:
3660 		ath10k_mac_vif_tx_unlock(arvif, pause_id);
3661 		break;
3662 	default:
3663 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
3664 			   "received unknown tx pause action %d on vdev %i, ignoring\n",
3665 			    action, arvif->vdev_id);
3666 		break;
3667 	}
3668 }
3669 
3670 struct ath10k_mac_tx_pause {
3671 	u32 vdev_id;
3672 	enum wmi_tlv_tx_pause_id pause_id;
3673 	enum wmi_tlv_tx_pause_action action;
3674 };
3675 
3676 static void ath10k_mac_handle_tx_pause_iter(void *data, u8 *mac,
3677 					    struct ieee80211_vif *vif)
3678 {
3679 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3680 	struct ath10k_mac_tx_pause *arg = data;
3681 
3682 	if (arvif->vdev_id != arg->vdev_id)
3683 		return;
3684 
3685 	ath10k_mac_vif_handle_tx_pause(arvif, arg->pause_id, arg->action);
3686 }
3687 
3688 void ath10k_mac_handle_tx_pause_vdev(struct ath10k *ar, u32 vdev_id,
3689 				     enum wmi_tlv_tx_pause_id pause_id,
3690 				     enum wmi_tlv_tx_pause_action action)
3691 {
3692 	struct ath10k_mac_tx_pause arg = {
3693 		.vdev_id = vdev_id,
3694 		.pause_id = pause_id,
3695 		.action = action,
3696 	};
3697 
3698 	spin_lock_bh(&ar->htt.tx_lock);
3699 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3700 						   ATH10K_ITER_RESUME_FLAGS,
3701 						   ath10k_mac_handle_tx_pause_iter,
3702 						   &arg);
3703 	spin_unlock_bh(&ar->htt.tx_lock);
3704 }
3705 
3706 static enum ath10k_hw_txrx_mode
3707 ath10k_mac_tx_h_get_txmode(struct ath10k *ar,
3708 			   struct ieee80211_vif *vif,
3709 			   struct ieee80211_sta *sta,
3710 			   struct sk_buff *skb)
3711 {
3712 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3713 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
3714 	__le16 fc = hdr->frame_control;
3715 
3716 	if (!vif || vif->type == NL80211_IFTYPE_MONITOR)
3717 		return ATH10K_HW_TXRX_RAW;
3718 
3719 	if (ieee80211_is_mgmt(fc))
3720 		return ATH10K_HW_TXRX_MGMT;
3721 
3722 	/* Workaround:
3723 	 *
3724 	 * NullFunc frames are mostly used to ping if a client or AP are still
3725 	 * reachable and responsive. This implies tx status reports must be
3726 	 * accurate - otherwise either mac80211 or userspace (e.g. hostapd) can
3727 	 * come to a conclusion that the other end disappeared and tear down
3728 	 * BSS connection or it can never disconnect from BSS/client (which is
3729 	 * the case).
3730 	 *
3731 	 * Firmware with HTT older than 3.0 delivers incorrect tx status for
3732 	 * NullFunc frames to driver. However there's a HTT Mgmt Tx command
3733 	 * which seems to deliver correct tx reports for NullFunc frames. The
3734 	 * downside of using it is it ignores client powersave state so it can
3735 	 * end up disconnecting sleeping clients in AP mode. It should fix STA
3736 	 * mode though because AP don't sleep.
3737 	 */
3738 	if (ar->htt.target_version_major < 3 &&
3739 	    (ieee80211_is_nullfunc(fc) || ieee80211_is_qos_nullfunc(fc)) &&
3740 	    !test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3741 		      ar->running_fw->fw_file.fw_features))
3742 		return ATH10K_HW_TXRX_MGMT;
3743 
3744 	/* Workaround:
3745 	 *
3746 	 * Some wmi-tlv firmwares for qca6174 have broken Tx key selection for
3747 	 * NativeWifi txmode - it selects AP key instead of peer key. It seems
3748 	 * to work with Ethernet txmode so use it.
3749 	 *
3750 	 * FIXME: Check if raw mode works with TDLS.
3751 	 */
3752 	if (ieee80211_is_data_present(fc) && sta && sta->tdls)
3753 		return ATH10K_HW_TXRX_ETHERNET;
3754 
3755 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) ||
3756 	    skb_cb->flags & ATH10K_SKB_F_RAW_TX)
3757 		return ATH10K_HW_TXRX_RAW;
3758 
3759 	return ATH10K_HW_TXRX_NATIVE_WIFI;
3760 }
3761 
3762 static bool ath10k_tx_h_use_hwcrypto(struct ieee80211_vif *vif,
3763 				     struct sk_buff *skb)
3764 {
3765 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3766 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3767 	const u32 mask = IEEE80211_TX_INTFL_DONT_ENCRYPT |
3768 			 IEEE80211_TX_CTL_INJECTED;
3769 
3770 	if (!ieee80211_has_protected(hdr->frame_control))
3771 		return false;
3772 
3773 	if ((info->flags & mask) == mask)
3774 		return false;
3775 
3776 	if (vif)
3777 		return !((struct ath10k_vif *)vif->drv_priv)->nohwcrypt;
3778 
3779 	return true;
3780 }
3781 
3782 /* HTT Tx uses Native Wifi tx mode which expects 802.11 frames without QoS
3783  * Control in the header.
3784  */
3785 static void ath10k_tx_h_nwifi(struct ieee80211_hw *hw, struct sk_buff *skb)
3786 {
3787 	struct ieee80211_hdr *hdr = (void *)skb->data;
3788 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3789 	u8 *qos_ctl;
3790 
3791 	if (!ieee80211_is_data_qos(hdr->frame_control))
3792 		return;
3793 
3794 	qos_ctl = ieee80211_get_qos_ctl(hdr);
3795 	memmove(skb->data + IEEE80211_QOS_CTL_LEN,
3796 #if defined(__linux__)
3797 		skb->data, (void *)qos_ctl - (void *)skb->data);
3798 #elif defined(__FreeBSD__)
3799 		skb->data, qos_ctl - skb->data);
3800 #endif
3801 	skb_pull(skb, IEEE80211_QOS_CTL_LEN);
3802 
3803 	/* Some firmware revisions don't handle sending QoS NullFunc well.
3804 	 * These frames are mainly used for CQM purposes so it doesn't really
3805 	 * matter whether QoS NullFunc or NullFunc are sent.
3806 	 */
3807 	hdr = (void *)skb->data;
3808 	if (ieee80211_is_qos_nullfunc(hdr->frame_control))
3809 		cb->flags &= ~ATH10K_SKB_F_QOS;
3810 
3811 	hdr->frame_control &= ~__cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
3812 }
3813 
3814 static void ath10k_tx_h_8023(struct sk_buff *skb)
3815 {
3816 	struct ieee80211_hdr *hdr;
3817 	struct rfc1042_hdr *rfc1042;
3818 	struct ethhdr *eth;
3819 	size_t hdrlen;
3820 	u8 da[ETH_ALEN];
3821 	u8 sa[ETH_ALEN];
3822 	__be16 type;
3823 
3824 	hdr = (void *)skb->data;
3825 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
3826 #if defined(__linux__)
3827 	rfc1042 = (void *)skb->data + hdrlen;
3828 #elif defined(__FreeBSD__)
3829 	rfc1042 = (void *)(skb->data + hdrlen);
3830 #endif
3831 
3832 	ether_addr_copy(da, ieee80211_get_DA(hdr));
3833 	ether_addr_copy(sa, ieee80211_get_SA(hdr));
3834 	type = rfc1042->snap_type;
3835 
3836 	skb_pull(skb, hdrlen + sizeof(*rfc1042));
3837 	skb_push(skb, sizeof(*eth));
3838 
3839 	eth = (void *)skb->data;
3840 	ether_addr_copy(eth->h_dest, da);
3841 	ether_addr_copy(eth->h_source, sa);
3842 	eth->h_proto = type;
3843 }
3844 
3845 static void ath10k_tx_h_add_p2p_noa_ie(struct ath10k *ar,
3846 				       struct ieee80211_vif *vif,
3847 				       struct sk_buff *skb)
3848 {
3849 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
3850 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3851 
3852 	/* This is case only for P2P_GO */
3853 	if (vif->type != NL80211_IFTYPE_AP || !vif->p2p)
3854 		return;
3855 
3856 	if (unlikely(ieee80211_is_probe_resp(hdr->frame_control))) {
3857 		spin_lock_bh(&ar->data_lock);
3858 		if (arvif->u.ap.noa_data)
3859 			if (!pskb_expand_head(skb, 0, arvif->u.ap.noa_len,
3860 					      GFP_ATOMIC))
3861 				skb_put_data(skb, arvif->u.ap.noa_data,
3862 					     arvif->u.ap.noa_len);
3863 		spin_unlock_bh(&ar->data_lock);
3864 	}
3865 }
3866 
3867 static void ath10k_mac_tx_h_fill_cb(struct ath10k *ar,
3868 				    struct ieee80211_vif *vif,
3869 				    struct ieee80211_txq *txq,
3870 				    struct ieee80211_sta *sta,
3871 				    struct sk_buff *skb, u16 airtime)
3872 {
3873 	struct ieee80211_hdr *hdr = (void *)skb->data;
3874 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3875 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3876 	bool is_data = ieee80211_is_data(hdr->frame_control) ||
3877 			ieee80211_is_data_qos(hdr->frame_control);
3878 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3879 	struct ath10k_sta *arsta;
3880 	u8 tid, *qos_ctl;
3881 	bool noack = false;
3882 
3883 	cb->flags = 0;
3884 	if (!ath10k_tx_h_use_hwcrypto(vif, skb))
3885 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3886 
3887 	if (ieee80211_is_mgmt(hdr->frame_control))
3888 		cb->flags |= ATH10K_SKB_F_MGMT;
3889 
3890 	if (ieee80211_is_data_qos(hdr->frame_control)) {
3891 		cb->flags |= ATH10K_SKB_F_QOS;
3892 		qos_ctl = ieee80211_get_qos_ctl(hdr);
3893 		tid = (*qos_ctl) & IEEE80211_QOS_CTL_TID_MASK;
3894 
3895 		if (arvif->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3896 			noack = true;
3897 
3898 		if (sta) {
3899 			arsta = (struct ath10k_sta *)sta->drv_priv;
3900 
3901 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3902 				noack = true;
3903 
3904 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_ACK)
3905 				noack = false;
3906 		}
3907 
3908 		if (noack)
3909 			cb->flags |= ATH10K_SKB_F_NOACK_TID;
3910 	}
3911 
3912 	/* Data frames encrypted in software will be posted to firmware
3913 	 * with tx encap mode set to RAW. Ex: Multicast traffic generated
3914 	 * for a specific VLAN group will always be encrypted in software.
3915 	 */
3916 	if (is_data && ieee80211_has_protected(hdr->frame_control) &&
3917 	    !info->control.hw_key) {
3918 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3919 		cb->flags |= ATH10K_SKB_F_RAW_TX;
3920 	}
3921 
3922 	cb->vif = vif;
3923 	cb->txq = txq;
3924 	cb->airtime_est = airtime;
3925 	if (sta) {
3926 		arsta = (struct ath10k_sta *)sta->drv_priv;
3927 		spin_lock_bh(&ar->data_lock);
3928 		cb->ucast_cipher = arsta->ucast_cipher;
3929 		spin_unlock_bh(&ar->data_lock);
3930 	}
3931 }
3932 
3933 bool ath10k_mac_tx_frm_has_freq(struct ath10k *ar)
3934 {
3935 	/* FIXME: Not really sure since when the behaviour changed. At some
3936 	 * point new firmware stopped requiring creation of peer entries for
3937 	 * offchannel tx (and actually creating them causes issues with wmi-htc
3938 	 * tx credit replenishment and reliability). Assuming it's at least 3.4
3939 	 * because that's when the `freq` was introduced to TX_FRM HTT command.
3940 	 */
3941 	return (ar->htt.target_version_major >= 3 &&
3942 		ar->htt.target_version_minor >= 4 &&
3943 		ar->running_fw->fw_file.htt_op_version == ATH10K_FW_HTT_OP_VERSION_TLV);
3944 }
3945 
3946 static int ath10k_mac_tx_wmi_mgmt(struct ath10k *ar, struct sk_buff *skb)
3947 {
3948 	struct sk_buff_head *q = &ar->wmi_mgmt_tx_queue;
3949 
3950 	if (skb_queue_len_lockless(q) >= ATH10K_MAX_NUM_MGMT_PENDING) {
3951 		ath10k_warn(ar, "wmi mgmt tx queue is full\n");
3952 		return -ENOSPC;
3953 	}
3954 
3955 	skb_queue_tail(q, skb);
3956 	ieee80211_queue_work(ar->hw, &ar->wmi_mgmt_tx_work);
3957 
3958 	return 0;
3959 }
3960 
3961 static enum ath10k_mac_tx_path
3962 ath10k_mac_tx_h_get_txpath(struct ath10k *ar,
3963 			   struct sk_buff *skb,
3964 			   enum ath10k_hw_txrx_mode txmode)
3965 {
3966 	switch (txmode) {
3967 	case ATH10K_HW_TXRX_RAW:
3968 	case ATH10K_HW_TXRX_NATIVE_WIFI:
3969 	case ATH10K_HW_TXRX_ETHERNET:
3970 		return ATH10K_MAC_TX_HTT;
3971 	case ATH10K_HW_TXRX_MGMT:
3972 		if (test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3973 			     ar->running_fw->fw_file.fw_features) ||
3974 			     test_bit(WMI_SERVICE_MGMT_TX_WMI,
3975 				      ar->wmi.svc_map))
3976 			return ATH10K_MAC_TX_WMI_MGMT;
3977 		else if (ar->htt.target_version_major >= 3)
3978 			return ATH10K_MAC_TX_HTT;
3979 		else
3980 			return ATH10K_MAC_TX_HTT_MGMT;
3981 	}
3982 
3983 	return ATH10K_MAC_TX_UNKNOWN;
3984 }
3985 
3986 static int ath10k_mac_tx_submit(struct ath10k *ar,
3987 				enum ath10k_hw_txrx_mode txmode,
3988 				enum ath10k_mac_tx_path txpath,
3989 				struct sk_buff *skb)
3990 {
3991 	struct ath10k_htt *htt = &ar->htt;
3992 	int ret = -EINVAL;
3993 
3994 	switch (txpath) {
3995 	case ATH10K_MAC_TX_HTT:
3996 		ret = ath10k_htt_tx(htt, txmode, skb);
3997 		break;
3998 	case ATH10K_MAC_TX_HTT_MGMT:
3999 		ret = ath10k_htt_mgmt_tx(htt, skb);
4000 		break;
4001 	case ATH10K_MAC_TX_WMI_MGMT:
4002 		ret = ath10k_mac_tx_wmi_mgmt(ar, skb);
4003 		break;
4004 	case ATH10K_MAC_TX_UNKNOWN:
4005 		WARN_ON_ONCE(1);
4006 		ret = -EINVAL;
4007 		break;
4008 	}
4009 
4010 	if (ret) {
4011 		ath10k_warn(ar, "failed to transmit packet, dropping: %d\n",
4012 			    ret);
4013 		ieee80211_free_txskb(ar->hw, skb);
4014 	}
4015 
4016 	return ret;
4017 }
4018 
4019 /* This function consumes the sk_buff regardless of return value as far as
4020  * caller is concerned so no freeing is necessary afterwards.
4021  */
4022 static int ath10k_mac_tx(struct ath10k *ar,
4023 			 struct ieee80211_vif *vif,
4024 			 enum ath10k_hw_txrx_mode txmode,
4025 			 enum ath10k_mac_tx_path txpath,
4026 			 struct sk_buff *skb, bool noque_offchan)
4027 {
4028 	struct ieee80211_hw *hw = ar->hw;
4029 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4030 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
4031 	int ret;
4032 
4033 	/* We should disable CCK RATE due to P2P */
4034 	if (info->flags & IEEE80211_TX_CTL_NO_CCK_RATE)
4035 		ath10k_dbg(ar, ATH10K_DBG_MAC, "IEEE80211_TX_CTL_NO_CCK_RATE\n");
4036 
4037 	switch (txmode) {
4038 	case ATH10K_HW_TXRX_MGMT:
4039 	case ATH10K_HW_TXRX_NATIVE_WIFI:
4040 		ath10k_tx_h_nwifi(hw, skb);
4041 		ath10k_tx_h_add_p2p_noa_ie(ar, vif, skb);
4042 		ath10k_tx_h_seq_no(vif, skb);
4043 		break;
4044 	case ATH10K_HW_TXRX_ETHERNET:
4045 		ath10k_tx_h_8023(skb);
4046 		break;
4047 	case ATH10K_HW_TXRX_RAW:
4048 		if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) &&
4049 		    !(skb_cb->flags & ATH10K_SKB_F_RAW_TX)) {
4050 			WARN_ON_ONCE(1);
4051 			ieee80211_free_txskb(hw, skb);
4052 			return -ENOTSUPP;
4053 		}
4054 	}
4055 
4056 	if (!noque_offchan && info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) {
4057 		if (!ath10k_mac_tx_frm_has_freq(ar)) {
4058 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac queued offchannel skb %pK len %d\n",
4059 				   skb, skb->len);
4060 
4061 			skb_queue_tail(&ar->offchan_tx_queue, skb);
4062 			ieee80211_queue_work(hw, &ar->offchan_tx_work);
4063 			return 0;
4064 		}
4065 	}
4066 
4067 	ret = ath10k_mac_tx_submit(ar, txmode, txpath, skb);
4068 	if (ret) {
4069 		ath10k_warn(ar, "failed to submit frame: %d\n", ret);
4070 		return ret;
4071 	}
4072 
4073 	return 0;
4074 }
4075 
4076 void ath10k_offchan_tx_purge(struct ath10k *ar)
4077 {
4078 	struct sk_buff *skb;
4079 
4080 	for (;;) {
4081 		skb = skb_dequeue(&ar->offchan_tx_queue);
4082 		if (!skb)
4083 			break;
4084 
4085 		ieee80211_free_txskb(ar->hw, skb);
4086 	}
4087 }
4088 
4089 void ath10k_offchan_tx_work(struct work_struct *work)
4090 {
4091 	struct ath10k *ar = container_of(work, struct ath10k, offchan_tx_work);
4092 	struct ath10k_peer *peer;
4093 	struct ath10k_vif *arvif;
4094 	enum ath10k_hw_txrx_mode txmode;
4095 	enum ath10k_mac_tx_path txpath;
4096 	struct ieee80211_hdr *hdr;
4097 	struct ieee80211_vif *vif;
4098 	struct ieee80211_sta *sta;
4099 	struct sk_buff *skb;
4100 	const u8 *peer_addr;
4101 	int vdev_id;
4102 	int ret;
4103 	unsigned long time_left;
4104 	bool tmp_peer_created = false;
4105 
4106 	/* FW requirement: We must create a peer before FW will send out
4107 	 * an offchannel frame. Otherwise the frame will be stuck and
4108 	 * never transmitted. We delete the peer upon tx completion.
4109 	 * It is unlikely that a peer for offchannel tx will already be
4110 	 * present. However it may be in some rare cases so account for that.
4111 	 * Otherwise we might remove a legitimate peer and break stuff.
4112 	 */
4113 
4114 	for (;;) {
4115 		skb = skb_dequeue(&ar->offchan_tx_queue);
4116 		if (!skb)
4117 			break;
4118 
4119 		mutex_lock(&ar->conf_mutex);
4120 
4121 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac offchannel skb %pK len %d\n",
4122 			   skb, skb->len);
4123 
4124 		hdr = (struct ieee80211_hdr *)skb->data;
4125 		peer_addr = ieee80211_get_DA(hdr);
4126 
4127 		spin_lock_bh(&ar->data_lock);
4128 		vdev_id = ar->scan.vdev_id;
4129 		peer = ath10k_peer_find(ar, vdev_id, peer_addr);
4130 		spin_unlock_bh(&ar->data_lock);
4131 
4132 		if (peer)
4133 			ath10k_warn(ar, "peer %pM on vdev %d already present\n",
4134 				    peer_addr, vdev_id);
4135 
4136 		if (!peer) {
4137 			ret = ath10k_peer_create(ar, NULL, NULL, vdev_id,
4138 						 peer_addr,
4139 						 WMI_PEER_TYPE_DEFAULT);
4140 			if (ret)
4141 				ath10k_warn(ar, "failed to create peer %pM on vdev %d: %d\n",
4142 					    peer_addr, vdev_id, ret);
4143 			tmp_peer_created = (ret == 0);
4144 		}
4145 
4146 		spin_lock_bh(&ar->data_lock);
4147 		reinit_completion(&ar->offchan_tx_completed);
4148 		ar->offchan_tx_skb = skb;
4149 		spin_unlock_bh(&ar->data_lock);
4150 
4151 		/* It's safe to access vif and sta - conf_mutex guarantees that
4152 		 * sta_state() and remove_interface() are locked exclusively
4153 		 * out wrt to this offchannel worker.
4154 		 */
4155 		arvif = ath10k_get_arvif(ar, vdev_id);
4156 		if (arvif) {
4157 			vif = arvif->vif;
4158 			sta = ieee80211_find_sta(vif, peer_addr);
4159 		} else {
4160 			vif = NULL;
4161 			sta = NULL;
4162 		}
4163 
4164 		txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4165 		txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4166 
4167 		ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, true);
4168 		if (ret) {
4169 			ath10k_warn(ar, "failed to transmit offchannel frame: %d\n",
4170 				    ret);
4171 			/* not serious */
4172 		}
4173 
4174 		time_left =
4175 		wait_for_completion_timeout(&ar->offchan_tx_completed, 3 * HZ);
4176 		if (time_left == 0)
4177 			ath10k_warn(ar, "timed out waiting for offchannel skb %pK, len: %d\n",
4178 				    skb, skb->len);
4179 
4180 		if (!peer && tmp_peer_created) {
4181 			ret = ath10k_peer_delete(ar, vdev_id, peer_addr);
4182 			if (ret)
4183 				ath10k_warn(ar, "failed to delete peer %pM on vdev %d: %d\n",
4184 					    peer_addr, vdev_id, ret);
4185 		}
4186 
4187 		mutex_unlock(&ar->conf_mutex);
4188 	}
4189 }
4190 
4191 void ath10k_mgmt_over_wmi_tx_purge(struct ath10k *ar)
4192 {
4193 	struct sk_buff *skb;
4194 
4195 	for (;;) {
4196 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4197 		if (!skb)
4198 			break;
4199 
4200 		ieee80211_free_txskb(ar->hw, skb);
4201 	}
4202 }
4203 
4204 void ath10k_mgmt_over_wmi_tx_work(struct work_struct *work)
4205 {
4206 	struct ath10k *ar = container_of(work, struct ath10k, wmi_mgmt_tx_work);
4207 	struct sk_buff *skb;
4208 	dma_addr_t paddr;
4209 	int ret;
4210 
4211 	for (;;) {
4212 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4213 		if (!skb)
4214 			break;
4215 
4216 		if (test_bit(ATH10K_FW_FEATURE_MGMT_TX_BY_REF,
4217 			     ar->running_fw->fw_file.fw_features)) {
4218 			paddr = dma_map_single(ar->dev, skb->data,
4219 					       skb->len, DMA_TO_DEVICE);
4220 			if (dma_mapping_error(ar->dev, paddr)) {
4221 				ieee80211_free_txskb(ar->hw, skb);
4222 				continue;
4223 			}
4224 			ret = ath10k_wmi_mgmt_tx_send(ar, skb, paddr);
4225 			if (ret) {
4226 				ath10k_warn(ar, "failed to transmit management frame by ref via WMI: %d\n",
4227 					    ret);
4228 				/* remove this msdu from idr tracking */
4229 				ath10k_wmi_cleanup_mgmt_tx_send(ar, skb);
4230 
4231 				dma_unmap_single(ar->dev, paddr, skb->len,
4232 						 DMA_TO_DEVICE);
4233 				ieee80211_free_txskb(ar->hw, skb);
4234 			}
4235 		} else {
4236 			ret = ath10k_wmi_mgmt_tx(ar, skb);
4237 			if (ret) {
4238 				ath10k_warn(ar, "failed to transmit management frame via WMI: %d\n",
4239 					    ret);
4240 				ieee80211_free_txskb(ar->hw, skb);
4241 			}
4242 		}
4243 	}
4244 }
4245 
4246 static void ath10k_mac_txq_init(struct ieee80211_txq *txq)
4247 {
4248 	struct ath10k_txq *artxq;
4249 
4250 	if (!txq)
4251 		return;
4252 
4253 	artxq = (void *)txq->drv_priv;
4254 	INIT_LIST_HEAD(&artxq->list);
4255 }
4256 
4257 static void ath10k_mac_txq_unref(struct ath10k *ar, struct ieee80211_txq *txq)
4258 {
4259 	struct ath10k_skb_cb *cb;
4260 	struct sk_buff *msdu;
4261 	int msdu_id;
4262 
4263 	if (!txq)
4264 		return;
4265 
4266 	spin_lock_bh(&ar->htt.tx_lock);
4267 	idr_for_each_entry(&ar->htt.pending_tx, msdu, msdu_id) {
4268 		cb = ATH10K_SKB_CB(msdu);
4269 		if (cb->txq == txq)
4270 			cb->txq = NULL;
4271 	}
4272 	spin_unlock_bh(&ar->htt.tx_lock);
4273 }
4274 
4275 struct ieee80211_txq *ath10k_mac_txq_lookup(struct ath10k *ar,
4276 					    u16 peer_id,
4277 					    u8 tid)
4278 {
4279 	struct ath10k_peer *peer;
4280 
4281 	lockdep_assert_held(&ar->data_lock);
4282 
4283 	peer = ar->peer_map[peer_id];
4284 	if (!peer)
4285 		return NULL;
4286 
4287 	if (peer->removed)
4288 		return NULL;
4289 
4290 	if (peer->sta)
4291 		return peer->sta->txq[tid];
4292 	else if (peer->vif)
4293 		return peer->vif->txq;
4294 	else
4295 		return NULL;
4296 }
4297 
4298 static bool ath10k_mac_tx_can_push(struct ieee80211_hw *hw,
4299 				   struct ieee80211_txq *txq)
4300 {
4301 	struct ath10k *ar = hw->priv;
4302 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4303 
4304 	/* No need to get locks */
4305 	if (ar->htt.tx_q_state.mode == HTT_TX_MODE_SWITCH_PUSH)
4306 		return true;
4307 
4308 	if (ar->htt.num_pending_tx < ar->htt.tx_q_state.num_push_allowed)
4309 		return true;
4310 
4311 	if (artxq->num_fw_queued < artxq->num_push_allowed)
4312 		return true;
4313 
4314 	return false;
4315 }
4316 
4317 /* Return estimated airtime in microsecond, which is calculated using last
4318  * reported TX rate. This is just a rough estimation because host driver has no
4319  * knowledge of the actual transmit rate, retries or aggregation. If actual
4320  * airtime can be reported by firmware, then delta between estimated and actual
4321  * airtime can be adjusted from deficit.
4322  */
4323 #define IEEE80211_ATF_OVERHEAD		100	/* IFS + some slot time */
4324 #define IEEE80211_ATF_OVERHEAD_IFS	16	/* IFS only */
4325 static u16 ath10k_mac_update_airtime(struct ath10k *ar,
4326 				     struct ieee80211_txq *txq,
4327 				     struct sk_buff *skb)
4328 {
4329 	struct ath10k_sta *arsta;
4330 	u32 pktlen;
4331 	u16 airtime = 0;
4332 
4333 	if (!txq || !txq->sta)
4334 		return airtime;
4335 
4336 	if (test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
4337 		return airtime;
4338 
4339 	spin_lock_bh(&ar->data_lock);
4340 	arsta = (struct ath10k_sta *)txq->sta->drv_priv;
4341 
4342 	pktlen = skb->len + 38; /* Assume MAC header 30, SNAP 8 for most case */
4343 	if (arsta->last_tx_bitrate) {
4344 		/* airtime in us, last_tx_bitrate in 100kbps */
4345 		airtime = (pktlen * 8 * (1000 / 100))
4346 				/ arsta->last_tx_bitrate;
4347 		/* overhead for media access time and IFS */
4348 		airtime += IEEE80211_ATF_OVERHEAD_IFS;
4349 	} else {
4350 		/* This is mostly for throttle excessive BC/MC frames, and the
4351 		 * airtime/rate doesn't need be exact. Airtime of BC/MC frames
4352 		 * in 2G get some discount, which helps prevent very low rate
4353 		 * frames from being blocked for too long.
4354 		 */
4355 		airtime = (pktlen * 8 * (1000 / 100)) / 60; /* 6M */
4356 		airtime += IEEE80211_ATF_OVERHEAD;
4357 	}
4358 	spin_unlock_bh(&ar->data_lock);
4359 
4360 	return airtime;
4361 }
4362 
4363 int ath10k_mac_tx_push_txq(struct ieee80211_hw *hw,
4364 			   struct ieee80211_txq *txq)
4365 {
4366 	struct ath10k *ar = hw->priv;
4367 	struct ath10k_htt *htt = &ar->htt;
4368 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4369 	struct ieee80211_vif *vif = txq->vif;
4370 	struct ieee80211_sta *sta = txq->sta;
4371 	enum ath10k_hw_txrx_mode txmode;
4372 	enum ath10k_mac_tx_path txpath;
4373 	struct sk_buff *skb;
4374 	struct ieee80211_hdr *hdr;
4375 	size_t skb_len;
4376 	bool is_mgmt, is_presp;
4377 	int ret;
4378 	u16 airtime;
4379 
4380 	spin_lock_bh(&ar->htt.tx_lock);
4381 	ret = ath10k_htt_tx_inc_pending(htt);
4382 	spin_unlock_bh(&ar->htt.tx_lock);
4383 
4384 	if (ret)
4385 		return ret;
4386 
4387 	skb = ieee80211_tx_dequeue_ni(hw, txq);
4388 	if (!skb) {
4389 		spin_lock_bh(&ar->htt.tx_lock);
4390 		ath10k_htt_tx_dec_pending(htt);
4391 		spin_unlock_bh(&ar->htt.tx_lock);
4392 
4393 		return -ENOENT;
4394 	}
4395 
4396 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4397 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4398 
4399 	skb_len = skb->len;
4400 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4401 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4402 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4403 
4404 	if (is_mgmt) {
4405 		hdr = (struct ieee80211_hdr *)skb->data;
4406 		is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4407 
4408 		spin_lock_bh(&ar->htt.tx_lock);
4409 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4410 
4411 		if (ret) {
4412 			ath10k_htt_tx_dec_pending(htt);
4413 			spin_unlock_bh(&ar->htt.tx_lock);
4414 			return ret;
4415 		}
4416 		spin_unlock_bh(&ar->htt.tx_lock);
4417 	}
4418 
4419 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4420 	if (unlikely(ret)) {
4421 		ath10k_warn(ar, "failed to push frame: %d\n", ret);
4422 
4423 		spin_lock_bh(&ar->htt.tx_lock);
4424 		ath10k_htt_tx_dec_pending(htt);
4425 		if (is_mgmt)
4426 			ath10k_htt_tx_mgmt_dec_pending(htt);
4427 		spin_unlock_bh(&ar->htt.tx_lock);
4428 
4429 		return ret;
4430 	}
4431 
4432 	spin_lock_bh(&ar->htt.tx_lock);
4433 	artxq->num_fw_queued++;
4434 	spin_unlock_bh(&ar->htt.tx_lock);
4435 
4436 	return skb_len;
4437 }
4438 
4439 static int ath10k_mac_schedule_txq(struct ieee80211_hw *hw, u32 ac)
4440 {
4441 	struct ieee80211_txq *txq;
4442 	int ret = 0;
4443 
4444 	ieee80211_txq_schedule_start(hw, ac);
4445 	while ((txq = ieee80211_next_txq(hw, ac))) {
4446 		while (ath10k_mac_tx_can_push(hw, txq)) {
4447 			ret = ath10k_mac_tx_push_txq(hw, txq);
4448 			if (ret < 0)
4449 				break;
4450 		}
4451 		ieee80211_return_txq(hw, txq, false);
4452 		ath10k_htt_tx_txq_update(hw, txq);
4453 		if (ret == -EBUSY)
4454 			break;
4455 	}
4456 	ieee80211_txq_schedule_end(hw, ac);
4457 
4458 	return ret;
4459 }
4460 
4461 void ath10k_mac_tx_push_pending(struct ath10k *ar)
4462 {
4463 	struct ieee80211_hw *hw = ar->hw;
4464 	u32 ac;
4465 
4466 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4467 		return;
4468 
4469 	if (ar->htt.num_pending_tx >= (ar->htt.max_num_pending_tx / 2))
4470 		return;
4471 
4472 	rcu_read_lock();
4473 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
4474 		if (ath10k_mac_schedule_txq(hw, ac) == -EBUSY)
4475 			break;
4476 	}
4477 	rcu_read_unlock();
4478 }
4479 EXPORT_SYMBOL(ath10k_mac_tx_push_pending);
4480 
4481 /************/
4482 /* Scanning */
4483 /************/
4484 
4485 void __ath10k_scan_finish(struct ath10k *ar)
4486 {
4487 	lockdep_assert_held(&ar->data_lock);
4488 
4489 	switch (ar->scan.state) {
4490 	case ATH10K_SCAN_IDLE:
4491 		break;
4492 	case ATH10K_SCAN_RUNNING:
4493 	case ATH10K_SCAN_ABORTING:
4494 		if (!ar->scan.is_roc) {
4495 			struct cfg80211_scan_info info = {
4496 				.aborted = (ar->scan.state ==
4497 					    ATH10K_SCAN_ABORTING),
4498 			};
4499 
4500 			ieee80211_scan_completed(ar->hw, &info);
4501 		} else if (ar->scan.roc_notify) {
4502 			ieee80211_remain_on_channel_expired(ar->hw);
4503 		}
4504 		fallthrough;
4505 	case ATH10K_SCAN_STARTING:
4506 		ar->scan.state = ATH10K_SCAN_IDLE;
4507 		ar->scan_channel = NULL;
4508 		ar->scan.roc_freq = 0;
4509 		ath10k_offchan_tx_purge(ar);
4510 		cancel_delayed_work(&ar->scan.timeout);
4511 		complete(&ar->scan.completed);
4512 		break;
4513 	}
4514 }
4515 
4516 void ath10k_scan_finish(struct ath10k *ar)
4517 {
4518 	spin_lock_bh(&ar->data_lock);
4519 	__ath10k_scan_finish(ar);
4520 	spin_unlock_bh(&ar->data_lock);
4521 }
4522 
4523 static int ath10k_scan_stop(struct ath10k *ar)
4524 {
4525 	struct wmi_stop_scan_arg arg = {
4526 		.req_id = 1, /* FIXME */
4527 		.req_type = WMI_SCAN_STOP_ONE,
4528 		.u.scan_id = ATH10K_SCAN_ID,
4529 	};
4530 	int ret;
4531 
4532 	lockdep_assert_held(&ar->conf_mutex);
4533 
4534 	ret = ath10k_wmi_stop_scan(ar, &arg);
4535 	if (ret) {
4536 		ath10k_warn(ar, "failed to stop wmi scan: %d\n", ret);
4537 		goto out;
4538 	}
4539 
4540 	ret = wait_for_completion_timeout(&ar->scan.completed, 3 * HZ);
4541 	if (ret == 0) {
4542 		ath10k_warn(ar, "failed to receive scan abortion completion: timed out\n");
4543 		ret = -ETIMEDOUT;
4544 	} else if (ret > 0) {
4545 		ret = 0;
4546 	}
4547 
4548 out:
4549 	/* Scan state should be updated upon scan completion but in case
4550 	 * firmware fails to deliver the event (for whatever reason) it is
4551 	 * desired to clean up scan state anyway. Firmware may have just
4552 	 * dropped the scan completion event delivery due to transport pipe
4553 	 * being overflown with data and/or it can recover on its own before
4554 	 * next scan request is submitted.
4555 	 */
4556 	spin_lock_bh(&ar->data_lock);
4557 	if (ar->scan.state != ATH10K_SCAN_IDLE)
4558 		__ath10k_scan_finish(ar);
4559 	spin_unlock_bh(&ar->data_lock);
4560 
4561 	return ret;
4562 }
4563 
4564 static void ath10k_scan_abort(struct ath10k *ar)
4565 {
4566 	int ret;
4567 
4568 	lockdep_assert_held(&ar->conf_mutex);
4569 
4570 	spin_lock_bh(&ar->data_lock);
4571 
4572 	switch (ar->scan.state) {
4573 	case ATH10K_SCAN_IDLE:
4574 		/* This can happen if timeout worker kicked in and called
4575 		 * abortion while scan completion was being processed.
4576 		 */
4577 		break;
4578 	case ATH10K_SCAN_STARTING:
4579 	case ATH10K_SCAN_ABORTING:
4580 		ath10k_warn(ar, "refusing scan abortion due to invalid scan state: %s (%d)\n",
4581 			    ath10k_scan_state_str(ar->scan.state),
4582 			    ar->scan.state);
4583 		break;
4584 	case ATH10K_SCAN_RUNNING:
4585 		ar->scan.state = ATH10K_SCAN_ABORTING;
4586 		spin_unlock_bh(&ar->data_lock);
4587 
4588 		ret = ath10k_scan_stop(ar);
4589 		if (ret)
4590 			ath10k_warn(ar, "failed to abort scan: %d\n", ret);
4591 
4592 		spin_lock_bh(&ar->data_lock);
4593 		break;
4594 	}
4595 
4596 	spin_unlock_bh(&ar->data_lock);
4597 }
4598 
4599 void ath10k_scan_timeout_work(struct work_struct *work)
4600 {
4601 	struct ath10k *ar = container_of(work, struct ath10k,
4602 					 scan.timeout.work);
4603 
4604 	mutex_lock(&ar->conf_mutex);
4605 	ath10k_scan_abort(ar);
4606 	mutex_unlock(&ar->conf_mutex);
4607 }
4608 
4609 static int ath10k_start_scan(struct ath10k *ar,
4610 			     const struct wmi_start_scan_arg *arg)
4611 {
4612 	int ret;
4613 
4614 	lockdep_assert_held(&ar->conf_mutex);
4615 
4616 	ret = ath10k_wmi_start_scan(ar, arg);
4617 	if (ret)
4618 		return ret;
4619 
4620 	ret = wait_for_completion_timeout(&ar->scan.started, 1 * HZ);
4621 	if (ret == 0) {
4622 		ret = ath10k_scan_stop(ar);
4623 		if (ret)
4624 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
4625 
4626 		return -ETIMEDOUT;
4627 	}
4628 
4629 	/* If we failed to start the scan, return error code at
4630 	 * this point.  This is probably due to some issue in the
4631 	 * firmware, but no need to wedge the driver due to that...
4632 	 */
4633 	spin_lock_bh(&ar->data_lock);
4634 	if (ar->scan.state == ATH10K_SCAN_IDLE) {
4635 		spin_unlock_bh(&ar->data_lock);
4636 		return -EINVAL;
4637 	}
4638 	spin_unlock_bh(&ar->data_lock);
4639 
4640 	return 0;
4641 }
4642 
4643 /**********************/
4644 /* mac80211 callbacks */
4645 /**********************/
4646 
4647 static void ath10k_mac_op_tx(struct ieee80211_hw *hw,
4648 			     struct ieee80211_tx_control *control,
4649 			     struct sk_buff *skb)
4650 {
4651 	struct ath10k *ar = hw->priv;
4652 	struct ath10k_htt *htt = &ar->htt;
4653 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4654 	struct ieee80211_vif *vif = info->control.vif;
4655 	struct ieee80211_sta *sta = control->sta;
4656 	struct ieee80211_txq *txq = NULL;
4657 	struct ieee80211_hdr *hdr = (void *)skb->data;
4658 	enum ath10k_hw_txrx_mode txmode;
4659 	enum ath10k_mac_tx_path txpath;
4660 	bool is_htt;
4661 	bool is_mgmt;
4662 	bool is_presp;
4663 	int ret;
4664 	u16 airtime;
4665 
4666 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4667 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4668 
4669 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4670 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4671 	is_htt = (txpath == ATH10K_MAC_TX_HTT ||
4672 		  txpath == ATH10K_MAC_TX_HTT_MGMT);
4673 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4674 
4675 	if (is_htt) {
4676 		spin_lock_bh(&ar->htt.tx_lock);
4677 		is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4678 
4679 		ret = ath10k_htt_tx_inc_pending(htt);
4680 		if (ret) {
4681 			ath10k_warn(ar, "failed to increase tx pending count: %d, dropping\n",
4682 				    ret);
4683 			spin_unlock_bh(&ar->htt.tx_lock);
4684 			ieee80211_free_txskb(ar->hw, skb);
4685 			return;
4686 		}
4687 
4688 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4689 		if (ret) {
4690 			ath10k_dbg(ar, ATH10K_DBG_MAC, "failed to increase tx mgmt pending count: %d, dropping\n",
4691 				   ret);
4692 			ath10k_htt_tx_dec_pending(htt);
4693 			spin_unlock_bh(&ar->htt.tx_lock);
4694 			ieee80211_free_txskb(ar->hw, skb);
4695 			return;
4696 		}
4697 		spin_unlock_bh(&ar->htt.tx_lock);
4698 	}
4699 
4700 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4701 	if (ret) {
4702 		ath10k_warn(ar, "failed to transmit frame: %d\n", ret);
4703 		if (is_htt) {
4704 			spin_lock_bh(&ar->htt.tx_lock);
4705 			ath10k_htt_tx_dec_pending(htt);
4706 			if (is_mgmt)
4707 				ath10k_htt_tx_mgmt_dec_pending(htt);
4708 			spin_unlock_bh(&ar->htt.tx_lock);
4709 		}
4710 		return;
4711 	}
4712 }
4713 
4714 static void ath10k_mac_op_wake_tx_queue(struct ieee80211_hw *hw,
4715 					struct ieee80211_txq *txq)
4716 {
4717 	struct ath10k *ar = hw->priv;
4718 	int ret;
4719 	u8 ac;
4720 
4721 	ath10k_htt_tx_txq_update(hw, txq);
4722 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4723 		return;
4724 
4725 	ac = txq->ac;
4726 	ieee80211_txq_schedule_start(hw, ac);
4727 	txq = ieee80211_next_txq(hw, ac);
4728 	if (!txq)
4729 		goto out;
4730 
4731 	while (ath10k_mac_tx_can_push(hw, txq)) {
4732 		ret = ath10k_mac_tx_push_txq(hw, txq);
4733 		if (ret < 0)
4734 			break;
4735 	}
4736 	ieee80211_return_txq(hw, txq, false);
4737 	ath10k_htt_tx_txq_update(hw, txq);
4738 out:
4739 	ieee80211_txq_schedule_end(hw, ac);
4740 }
4741 
4742 /* Must not be called with conf_mutex held as workers can use that also. */
4743 void ath10k_drain_tx(struct ath10k *ar)
4744 {
4745 	lockdep_assert_not_held(&ar->conf_mutex);
4746 
4747 	/* make sure rcu-protected mac80211 tx path itself is drained */
4748 	synchronize_net();
4749 
4750 	ath10k_offchan_tx_purge(ar);
4751 	ath10k_mgmt_over_wmi_tx_purge(ar);
4752 
4753 	cancel_work_sync(&ar->offchan_tx_work);
4754 	cancel_work_sync(&ar->wmi_mgmt_tx_work);
4755 }
4756 
4757 void ath10k_halt(struct ath10k *ar)
4758 {
4759 	struct ath10k_vif *arvif;
4760 
4761 	lockdep_assert_held(&ar->conf_mutex);
4762 
4763 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
4764 	ar->filter_flags = 0;
4765 	ar->monitor = false;
4766 	ar->monitor_arvif = NULL;
4767 
4768 	if (ar->monitor_started)
4769 		ath10k_monitor_stop(ar);
4770 
4771 	ar->monitor_started = false;
4772 	ar->tx_paused = 0;
4773 
4774 	ath10k_scan_finish(ar);
4775 	ath10k_peer_cleanup_all(ar);
4776 	ath10k_stop_radar_confirmation(ar);
4777 	ath10k_core_stop(ar);
4778 	ath10k_hif_power_down(ar);
4779 
4780 	spin_lock_bh(&ar->data_lock);
4781 	list_for_each_entry(arvif, &ar->arvifs, list)
4782 		ath10k_mac_vif_beacon_cleanup(arvif);
4783 	spin_unlock_bh(&ar->data_lock);
4784 }
4785 
4786 static int ath10k_get_antenna(struct ieee80211_hw *hw, u32 *tx_ant, u32 *rx_ant)
4787 {
4788 	struct ath10k *ar = hw->priv;
4789 
4790 	mutex_lock(&ar->conf_mutex);
4791 
4792 	*tx_ant = ar->cfg_tx_chainmask;
4793 	*rx_ant = ar->cfg_rx_chainmask;
4794 
4795 	mutex_unlock(&ar->conf_mutex);
4796 
4797 	return 0;
4798 }
4799 
4800 static bool ath10k_check_chain_mask(struct ath10k *ar, u32 cm, const char *dbg)
4801 {
4802 	/* It is not clear that allowing gaps in chainmask
4803 	 * is helpful.  Probably it will not do what user
4804 	 * is hoping for, so warn in that case.
4805 	 */
4806 	if (cm == 15 || cm == 7 || cm == 3 || cm == 1 || cm == 0)
4807 		return true;
4808 
4809 	ath10k_warn(ar, "mac %s antenna chainmask is invalid: 0x%x.  Suggested values: 15, 7, 3, 1 or 0.\n",
4810 		    dbg, cm);
4811 	return false;
4812 }
4813 
4814 static int ath10k_mac_get_vht_cap_bf_sts(struct ath10k *ar)
4815 {
4816 	int nsts = ar->vht_cap_info;
4817 
4818 	nsts &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4819 	nsts >>= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4820 
4821 	/* If firmware does not deliver to host number of space-time
4822 	 * streams supported, assume it support up to 4 BF STS and return
4823 	 * the value for VHT CAP: nsts-1)
4824 	 */
4825 	if (nsts == 0)
4826 		return 3;
4827 
4828 	return nsts;
4829 }
4830 
4831 static int ath10k_mac_get_vht_cap_bf_sound_dim(struct ath10k *ar)
4832 {
4833 	int sound_dim = ar->vht_cap_info;
4834 
4835 	sound_dim &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4836 	sound_dim >>= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4837 
4838 	/* If the sounding dimension is not advertised by the firmware,
4839 	 * let's use a default value of 1
4840 	 */
4841 	if (sound_dim == 0)
4842 		return 1;
4843 
4844 	return sound_dim;
4845 }
4846 
4847 static struct ieee80211_sta_vht_cap ath10k_create_vht_cap(struct ath10k *ar)
4848 {
4849 	struct ieee80211_sta_vht_cap vht_cap = {0};
4850 	struct ath10k_hw_params *hw = &ar->hw_params;
4851 	u16 mcs_map;
4852 	u32 val;
4853 	int i;
4854 
4855 	vht_cap.vht_supported = 1;
4856 	vht_cap.cap = ar->vht_cap_info;
4857 
4858 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
4859 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
4860 		val = ath10k_mac_get_vht_cap_bf_sts(ar);
4861 		val <<= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4862 		val &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4863 
4864 		vht_cap.cap |= val;
4865 	}
4866 
4867 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
4868 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
4869 		val = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
4870 		val <<= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4871 		val &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4872 
4873 		vht_cap.cap |= val;
4874 	}
4875 
4876 	mcs_map = 0;
4877 	for (i = 0; i < 8; i++) {
4878 		if ((i < ar->num_rf_chains) && (ar->cfg_tx_chainmask & BIT(i)))
4879 			mcs_map |= IEEE80211_VHT_MCS_SUPPORT_0_9 << (i * 2);
4880 		else
4881 			mcs_map |= IEEE80211_VHT_MCS_NOT_SUPPORTED << (i * 2);
4882 	}
4883 
4884 	if (ar->cfg_tx_chainmask <= 1)
4885 		vht_cap.cap &= ~IEEE80211_VHT_CAP_TXSTBC;
4886 
4887 	vht_cap.vht_mcs.rx_mcs_map = cpu_to_le16(mcs_map);
4888 	vht_cap.vht_mcs.tx_mcs_map = cpu_to_le16(mcs_map);
4889 
4890 	/* If we are supporting 160Mhz or 80+80, then the NIC may be able to do
4891 	 * a restricted NSS for 160 or 80+80 vs what it can do for 80Mhz.  Give
4892 	 * user-space a clue if that is the case.
4893 	 */
4894 	if ((vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) &&
4895 	    (hw->vht160_mcs_rx_highest != 0 ||
4896 	     hw->vht160_mcs_tx_highest != 0)) {
4897 		vht_cap.vht_mcs.rx_highest = cpu_to_le16(hw->vht160_mcs_rx_highest);
4898 		vht_cap.vht_mcs.tx_highest = cpu_to_le16(hw->vht160_mcs_tx_highest);
4899 	}
4900 
4901 	return vht_cap;
4902 }
4903 
4904 static struct ieee80211_sta_ht_cap ath10k_get_ht_cap(struct ath10k *ar)
4905 {
4906 	int i;
4907 	struct ieee80211_sta_ht_cap ht_cap = {0};
4908 
4909 	if (!(ar->ht_cap_info & WMI_HT_CAP_ENABLED))
4910 		return ht_cap;
4911 
4912 	ht_cap.ht_supported = 1;
4913 	ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
4914 	ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_8;
4915 	ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
4916 	ht_cap.cap |= IEEE80211_HT_CAP_DSSSCCK40;
4917 	ht_cap.cap |=
4918 		WLAN_HT_CAP_SM_PS_DISABLED << IEEE80211_HT_CAP_SM_PS_SHIFT;
4919 
4920 	if (ar->ht_cap_info & WMI_HT_CAP_HT20_SGI)
4921 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
4922 
4923 	if (ar->ht_cap_info & WMI_HT_CAP_HT40_SGI)
4924 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
4925 
4926 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS) {
4927 		u32 smps;
4928 
4929 		smps   = WLAN_HT_CAP_SM_PS_DYNAMIC;
4930 		smps <<= IEEE80211_HT_CAP_SM_PS_SHIFT;
4931 
4932 		ht_cap.cap |= smps;
4933 	}
4934 
4935 	if (ar->ht_cap_info & WMI_HT_CAP_TX_STBC && (ar->cfg_tx_chainmask > 1))
4936 		ht_cap.cap |= IEEE80211_HT_CAP_TX_STBC;
4937 
4938 	if (ar->ht_cap_info & WMI_HT_CAP_RX_STBC) {
4939 		u32 stbc;
4940 
4941 		stbc   = ar->ht_cap_info;
4942 		stbc  &= WMI_HT_CAP_RX_STBC;
4943 		stbc >>= WMI_HT_CAP_RX_STBC_MASK_SHIFT;
4944 		stbc <<= IEEE80211_HT_CAP_RX_STBC_SHIFT;
4945 		stbc  &= IEEE80211_HT_CAP_RX_STBC;
4946 
4947 		ht_cap.cap |= stbc;
4948 	}
4949 
4950 	if (ar->ht_cap_info & WMI_HT_CAP_LDPC || (ar->ht_cap_info &
4951 	    WMI_HT_CAP_RX_LDPC && (ar->ht_cap_info & WMI_HT_CAP_TX_LDPC)))
4952 		ht_cap.cap |= IEEE80211_HT_CAP_LDPC_CODING;
4953 
4954 	if (ar->ht_cap_info & WMI_HT_CAP_L_SIG_TXOP_PROT)
4955 		ht_cap.cap |= IEEE80211_HT_CAP_LSIG_TXOP_PROT;
4956 
4957 	/* max AMSDU is implicitly taken from vht_cap_info */
4958 	if (ar->vht_cap_info & WMI_VHT_CAP_MAX_MPDU_LEN_MASK)
4959 		ht_cap.cap |= IEEE80211_HT_CAP_MAX_AMSDU;
4960 
4961 	for (i = 0; i < ar->num_rf_chains; i++) {
4962 		if (ar->cfg_rx_chainmask & BIT(i))
4963 			ht_cap.mcs.rx_mask[i] = 0xFF;
4964 	}
4965 
4966 	ht_cap.mcs.tx_params |= IEEE80211_HT_MCS_TX_DEFINED;
4967 
4968 	return ht_cap;
4969 }
4970 
4971 static void ath10k_mac_setup_ht_vht_cap(struct ath10k *ar)
4972 {
4973 	struct ieee80211_supported_band *band;
4974 	struct ieee80211_sta_vht_cap vht_cap;
4975 	struct ieee80211_sta_ht_cap ht_cap;
4976 
4977 	ht_cap = ath10k_get_ht_cap(ar);
4978 	vht_cap = ath10k_create_vht_cap(ar);
4979 
4980 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
4981 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
4982 		band->ht_cap = ht_cap;
4983 	}
4984 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
4985 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
4986 		band->ht_cap = ht_cap;
4987 		band->vht_cap = vht_cap;
4988 	}
4989 }
4990 
4991 static int __ath10k_set_antenna(struct ath10k *ar, u32 tx_ant, u32 rx_ant)
4992 {
4993 	int ret;
4994 	bool is_valid_tx_chain_mask, is_valid_rx_chain_mask;
4995 
4996 	lockdep_assert_held(&ar->conf_mutex);
4997 
4998 	is_valid_tx_chain_mask = ath10k_check_chain_mask(ar, tx_ant, "tx");
4999 	is_valid_rx_chain_mask = ath10k_check_chain_mask(ar, rx_ant, "rx");
5000 
5001 	if (!is_valid_tx_chain_mask || !is_valid_rx_chain_mask)
5002 		return -EINVAL;
5003 
5004 	ar->cfg_tx_chainmask = tx_ant;
5005 	ar->cfg_rx_chainmask = rx_ant;
5006 
5007 	if ((ar->state != ATH10K_STATE_ON) &&
5008 	    (ar->state != ATH10K_STATE_RESTARTED))
5009 		return 0;
5010 
5011 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->tx_chain_mask,
5012 					tx_ant);
5013 	if (ret) {
5014 		ath10k_warn(ar, "failed to set tx-chainmask: %d, req 0x%x\n",
5015 			    ret, tx_ant);
5016 		return ret;
5017 	}
5018 
5019 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rx_chain_mask,
5020 					rx_ant);
5021 	if (ret) {
5022 		ath10k_warn(ar, "failed to set rx-chainmask: %d, req 0x%x\n",
5023 			    ret, rx_ant);
5024 		return ret;
5025 	}
5026 
5027 	/* Reload HT/VHT capability */
5028 	ath10k_mac_setup_ht_vht_cap(ar);
5029 
5030 	return 0;
5031 }
5032 
5033 static int ath10k_set_antenna(struct ieee80211_hw *hw, u32 tx_ant, u32 rx_ant)
5034 {
5035 	struct ath10k *ar = hw->priv;
5036 	int ret;
5037 
5038 	mutex_lock(&ar->conf_mutex);
5039 	ret = __ath10k_set_antenna(ar, tx_ant, rx_ant);
5040 	mutex_unlock(&ar->conf_mutex);
5041 	return ret;
5042 }
5043 
5044 static int __ath10k_fetch_bb_timing_dt(struct ath10k *ar,
5045 				       struct wmi_bb_timing_cfg_arg *bb_timing)
5046 {
5047 #if defined(__linux__) || (defined(__FreeBSD__) && defined(CONFIG_OF))
5048 	struct device_node *node;
5049 	const char *fem_name;
5050 	int ret;
5051 
5052 	node = ar->dev->of_node;
5053 	if (!node)
5054 		return -ENOENT;
5055 
5056 	ret = of_property_read_string_index(node, "ext-fem-name", 0, &fem_name);
5057 	if (ret)
5058 		return -ENOENT;
5059 
5060 	/*
5061 	 * If external Front End module used in hardware, then default base band timing
5062 	 * parameter cannot be used since they were fine tuned for reference hardware,
5063 	 * so choosing different value suitable for that external FEM.
5064 	 */
5065 	if (!strcmp("microsemi-lx5586", fem_name)) {
5066 		bb_timing->bb_tx_timing = 0x00;
5067 		bb_timing->bb_xpa_timing = 0x0101;
5068 	} else {
5069 		return -ENOENT;
5070 	}
5071 
5072 	ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot bb_tx_timing 0x%x bb_xpa_timing 0x%x\n",
5073 		   bb_timing->bb_tx_timing, bb_timing->bb_xpa_timing);
5074 	return 0;
5075 #else
5076 	return -EINVAL;
5077 #endif
5078 }
5079 
5080 static int ath10k_mac_rfkill_config(struct ath10k *ar)
5081 {
5082 	u32 param;
5083 	int ret;
5084 
5085 	if (ar->hw_values->rfkill_pin == 0) {
5086 		ath10k_warn(ar, "ath10k does not support hardware rfkill with this device\n");
5087 		return -EOPNOTSUPP;
5088 	}
5089 
5090 	ath10k_dbg(ar, ATH10K_DBG_MAC,
5091 		   "mac rfkill_pin %d rfkill_cfg %d rfkill_on_level %d",
5092 		   ar->hw_values->rfkill_pin, ar->hw_values->rfkill_cfg,
5093 		   ar->hw_values->rfkill_on_level);
5094 
5095 	param = FIELD_PREP(WMI_TLV_RFKILL_CFG_RADIO_LEVEL,
5096 			   ar->hw_values->rfkill_on_level) |
5097 		FIELD_PREP(WMI_TLV_RFKILL_CFG_GPIO_PIN_NUM,
5098 			   ar->hw_values->rfkill_pin) |
5099 		FIELD_PREP(WMI_TLV_RFKILL_CFG_PIN_AS_GPIO,
5100 			   ar->hw_values->rfkill_cfg);
5101 
5102 	ret = ath10k_wmi_pdev_set_param(ar,
5103 					ar->wmi.pdev_param->rfkill_config,
5104 					param);
5105 	if (ret) {
5106 		ath10k_warn(ar,
5107 			    "failed to set rfkill config 0x%x: %d\n",
5108 			    param, ret);
5109 		return ret;
5110 	}
5111 	return 0;
5112 }
5113 
5114 int ath10k_mac_rfkill_enable_radio(struct ath10k *ar, bool enable)
5115 {
5116 	enum wmi_tlv_rfkill_enable_radio param;
5117 	int ret;
5118 
5119 	if (enable)
5120 		param = WMI_TLV_RFKILL_ENABLE_RADIO_ON;
5121 	else
5122 		param = WMI_TLV_RFKILL_ENABLE_RADIO_OFF;
5123 
5124 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac rfkill enable %d", param);
5125 
5126 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rfkill_enable,
5127 					param);
5128 	if (ret) {
5129 		ath10k_warn(ar, "failed to set rfkill enable param %d: %d\n",
5130 			    param, ret);
5131 		return ret;
5132 	}
5133 
5134 	return 0;
5135 }
5136 
5137 static int ath10k_start(struct ieee80211_hw *hw)
5138 {
5139 	struct ath10k *ar = hw->priv;
5140 	u32 param;
5141 	int ret = 0;
5142 	struct wmi_bb_timing_cfg_arg bb_timing = {0};
5143 
5144 	/*
5145 	 * This makes sense only when restarting hw. It is harmless to call
5146 	 * unconditionally. This is necessary to make sure no HTT/WMI tx
5147 	 * commands will be submitted while restarting.
5148 	 */
5149 	ath10k_drain_tx(ar);
5150 
5151 	mutex_lock(&ar->conf_mutex);
5152 
5153 	switch (ar->state) {
5154 	case ATH10K_STATE_OFF:
5155 		ar->state = ATH10K_STATE_ON;
5156 		break;
5157 	case ATH10K_STATE_RESTARTING:
5158 		ar->state = ATH10K_STATE_RESTARTED;
5159 		break;
5160 	case ATH10K_STATE_ON:
5161 	case ATH10K_STATE_RESTARTED:
5162 	case ATH10K_STATE_WEDGED:
5163 		WARN_ON(1);
5164 		ret = -EINVAL;
5165 		goto err;
5166 	case ATH10K_STATE_UTF:
5167 		ret = -EBUSY;
5168 		goto err;
5169 	}
5170 
5171 	spin_lock_bh(&ar->data_lock);
5172 
5173 	if (ar->hw_rfkill_on) {
5174 		ar->hw_rfkill_on = false;
5175 		spin_unlock_bh(&ar->data_lock);
5176 		goto err;
5177 	}
5178 
5179 	spin_unlock_bh(&ar->data_lock);
5180 
5181 	ret = ath10k_hif_power_up(ar, ATH10K_FIRMWARE_MODE_NORMAL);
5182 	if (ret) {
5183 		ath10k_err(ar, "Could not init hif: %d\n", ret);
5184 		goto err_off;
5185 	}
5186 
5187 	ret = ath10k_core_start(ar, ATH10K_FIRMWARE_MODE_NORMAL,
5188 				&ar->normal_mode_fw);
5189 	if (ret) {
5190 		ath10k_err(ar, "Could not init core: %d\n", ret);
5191 		goto err_power_down;
5192 	}
5193 
5194 	if (ar->sys_cap_info & WMI_TLV_SYS_CAP_INFO_RFKILL) {
5195 		ret = ath10k_mac_rfkill_config(ar);
5196 		if (ret && ret != -EOPNOTSUPP) {
5197 			ath10k_warn(ar, "failed to configure rfkill: %d", ret);
5198 			goto err_core_stop;
5199 		}
5200 	}
5201 
5202 	param = ar->wmi.pdev_param->pmf_qos;
5203 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5204 	if (ret) {
5205 		ath10k_warn(ar, "failed to enable PMF QOS: %d\n", ret);
5206 		goto err_core_stop;
5207 	}
5208 
5209 	param = ar->wmi.pdev_param->dynamic_bw;
5210 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5211 	if (ret) {
5212 		ath10k_warn(ar, "failed to enable dynamic BW: %d\n", ret);
5213 		goto err_core_stop;
5214 	}
5215 
5216 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
5217 		ret = ath10k_wmi_scan_prob_req_oui(ar, ar->mac_addr);
5218 		if (ret) {
5219 			ath10k_err(ar, "failed to set prob req oui: %i\n", ret);
5220 			goto err_core_stop;
5221 		}
5222 	}
5223 
5224 	if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
5225 		ret = ath10k_wmi_adaptive_qcs(ar, true);
5226 		if (ret) {
5227 			ath10k_warn(ar, "failed to enable adaptive qcs: %d\n",
5228 				    ret);
5229 			goto err_core_stop;
5230 		}
5231 	}
5232 
5233 	if (test_bit(WMI_SERVICE_BURST, ar->wmi.svc_map)) {
5234 		param = ar->wmi.pdev_param->burst_enable;
5235 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5236 		if (ret) {
5237 			ath10k_warn(ar, "failed to disable burst: %d\n", ret);
5238 			goto err_core_stop;
5239 		}
5240 	}
5241 
5242 	param = ar->wmi.pdev_param->idle_ps_config;
5243 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5244 	if (ret && ret != -EOPNOTSUPP) {
5245 		ath10k_warn(ar, "failed to enable idle_ps_config: %d\n", ret);
5246 		goto err_core_stop;
5247 	}
5248 
5249 	__ath10k_set_antenna(ar, ar->cfg_tx_chainmask, ar->cfg_rx_chainmask);
5250 
5251 	/*
5252 	 * By default FW set ARP frames ac to voice (6). In that case ARP
5253 	 * exchange is not working properly for UAPSD enabled AP. ARP requests
5254 	 * which arrives with access category 0 are processed by network stack
5255 	 * and send back with access category 0, but FW changes access category
5256 	 * to 6. Set ARP frames access category to best effort (0) solves
5257 	 * this problem.
5258 	 */
5259 
5260 	param = ar->wmi.pdev_param->arp_ac_override;
5261 	ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5262 	if (ret) {
5263 		ath10k_warn(ar, "failed to set arp ac override parameter: %d\n",
5264 			    ret);
5265 		goto err_core_stop;
5266 	}
5267 
5268 	if (test_bit(ATH10K_FW_FEATURE_SUPPORTS_ADAPTIVE_CCA,
5269 		     ar->running_fw->fw_file.fw_features)) {
5270 		ret = ath10k_wmi_pdev_enable_adaptive_cca(ar, 1,
5271 							  WMI_CCA_DETECT_LEVEL_AUTO,
5272 							  WMI_CCA_DETECT_MARGIN_AUTO);
5273 		if (ret) {
5274 			ath10k_warn(ar, "failed to enable adaptive cca: %d\n",
5275 				    ret);
5276 			goto err_core_stop;
5277 		}
5278 	}
5279 
5280 	param = ar->wmi.pdev_param->ani_enable;
5281 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5282 	if (ret) {
5283 		ath10k_warn(ar, "failed to enable ani by default: %d\n",
5284 			    ret);
5285 		goto err_core_stop;
5286 	}
5287 
5288 	ar->ani_enabled = true;
5289 
5290 	if (ath10k_peer_stats_enabled(ar)) {
5291 		param = ar->wmi.pdev_param->peer_stats_update_period;
5292 		ret = ath10k_wmi_pdev_set_param(ar, param,
5293 						PEER_DEFAULT_STATS_UPDATE_PERIOD);
5294 		if (ret) {
5295 			ath10k_warn(ar,
5296 				    "failed to set peer stats period : %d\n",
5297 				    ret);
5298 			goto err_core_stop;
5299 		}
5300 	}
5301 
5302 	param = ar->wmi.pdev_param->enable_btcoex;
5303 	if (test_bit(WMI_SERVICE_COEX_GPIO, ar->wmi.svc_map) &&
5304 	    test_bit(ATH10K_FW_FEATURE_BTCOEX_PARAM,
5305 		     ar->running_fw->fw_file.fw_features) &&
5306 	    ar->coex_support) {
5307 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5308 		if (ret) {
5309 			ath10k_warn(ar,
5310 				    "failed to set btcoex param: %d\n", ret);
5311 			goto err_core_stop;
5312 		}
5313 		clear_bit(ATH10K_FLAG_BTCOEX, &ar->dev_flags);
5314 	}
5315 
5316 	if (test_bit(WMI_SERVICE_BB_TIMING_CONFIG_SUPPORT, ar->wmi.svc_map)) {
5317 		ret = __ath10k_fetch_bb_timing_dt(ar, &bb_timing);
5318 		if (!ret) {
5319 			ret = ath10k_wmi_pdev_bb_timing(ar, &bb_timing);
5320 			if (ret) {
5321 				ath10k_warn(ar,
5322 					    "failed to set bb timings: %d\n",
5323 					    ret);
5324 				goto err_core_stop;
5325 			}
5326 		}
5327 	}
5328 
5329 	ar->num_started_vdevs = 0;
5330 	ath10k_regd_update(ar);
5331 
5332 	ath10k_spectral_start(ar);
5333 	ath10k_thermal_set_throttling(ar);
5334 
5335 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_IDLE;
5336 
5337 	mutex_unlock(&ar->conf_mutex);
5338 	return 0;
5339 
5340 err_core_stop:
5341 	ath10k_core_stop(ar);
5342 
5343 err_power_down:
5344 	ath10k_hif_power_down(ar);
5345 
5346 err_off:
5347 	ar->state = ATH10K_STATE_OFF;
5348 
5349 err:
5350 	mutex_unlock(&ar->conf_mutex);
5351 	return ret;
5352 }
5353 
5354 static void ath10k_stop(struct ieee80211_hw *hw)
5355 {
5356 	struct ath10k *ar = hw->priv;
5357 
5358 	ath10k_drain_tx(ar);
5359 
5360 	mutex_lock(&ar->conf_mutex);
5361 	if (ar->state != ATH10K_STATE_OFF) {
5362 		if (!ar->hw_rfkill_on)
5363 			ath10k_halt(ar);
5364 		ar->state = ATH10K_STATE_OFF;
5365 	}
5366 	mutex_unlock(&ar->conf_mutex);
5367 
5368 	cancel_work_sync(&ar->set_coverage_class_work);
5369 	cancel_delayed_work_sync(&ar->scan.timeout);
5370 	cancel_work_sync(&ar->restart_work);
5371 }
5372 
5373 static int ath10k_config_ps(struct ath10k *ar)
5374 {
5375 	struct ath10k_vif *arvif;
5376 	int ret = 0;
5377 
5378 	lockdep_assert_held(&ar->conf_mutex);
5379 
5380 	list_for_each_entry(arvif, &ar->arvifs, list) {
5381 		ret = ath10k_mac_vif_setup_ps(arvif);
5382 		if (ret) {
5383 			ath10k_warn(ar, "failed to setup powersave: %d\n", ret);
5384 			break;
5385 		}
5386 	}
5387 
5388 	return ret;
5389 }
5390 
5391 static int ath10k_config(struct ieee80211_hw *hw, u32 changed)
5392 {
5393 	struct ath10k *ar = hw->priv;
5394 	struct ieee80211_conf *conf = &hw->conf;
5395 	int ret = 0;
5396 
5397 	mutex_lock(&ar->conf_mutex);
5398 
5399 	if (changed & IEEE80211_CONF_CHANGE_PS)
5400 		ath10k_config_ps(ar);
5401 
5402 	if (changed & IEEE80211_CONF_CHANGE_MONITOR) {
5403 		ar->monitor = conf->flags & IEEE80211_CONF_MONITOR;
5404 		ret = ath10k_monitor_recalc(ar);
5405 		if (ret)
5406 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5407 	}
5408 
5409 	mutex_unlock(&ar->conf_mutex);
5410 	return ret;
5411 }
5412 
5413 static u32 get_nss_from_chainmask(u16 chain_mask)
5414 {
5415 	if ((chain_mask & 0xf) == 0xf)
5416 		return 4;
5417 	else if ((chain_mask & 0x7) == 0x7)
5418 		return 3;
5419 	else if ((chain_mask & 0x3) == 0x3)
5420 		return 2;
5421 	return 1;
5422 }
5423 
5424 static int ath10k_mac_set_txbf_conf(struct ath10k_vif *arvif)
5425 {
5426 	u32 value = 0;
5427 	struct ath10k *ar = arvif->ar;
5428 	int nsts;
5429 	int sound_dim;
5430 
5431 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_BEFORE_ASSOC)
5432 		return 0;
5433 
5434 	nsts = ath10k_mac_get_vht_cap_bf_sts(ar);
5435 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
5436 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE))
5437 		value |= SM(nsts, WMI_TXBF_STS_CAP_OFFSET);
5438 
5439 	sound_dim = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
5440 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
5441 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE))
5442 		value |= SM(sound_dim, WMI_BF_SOUND_DIM_OFFSET);
5443 
5444 	if (!value)
5445 		return 0;
5446 
5447 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
5448 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
5449 
5450 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
5451 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFER |
5452 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFER);
5453 
5454 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
5455 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
5456 
5457 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
5458 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFEE |
5459 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFEE);
5460 
5461 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
5462 					 ar->wmi.vdev_param->txbf, value);
5463 }
5464 
5465 /*
5466  * TODO:
5467  * Figure out how to handle WMI_VDEV_SUBTYPE_P2P_DEVICE,
5468  * because we will send mgmt frames without CCK. This requirement
5469  * for P2P_FIND/GO_NEG should be handled by checking CCK flag
5470  * in the TX packet.
5471  */
5472 static int ath10k_add_interface(struct ieee80211_hw *hw,
5473 				struct ieee80211_vif *vif)
5474 {
5475 	struct ath10k *ar = hw->priv;
5476 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5477 	struct ath10k_peer *peer;
5478 	enum wmi_sta_powersave_param param;
5479 	int ret = 0;
5480 	u32 value;
5481 	int bit;
5482 	int i;
5483 	u32 vdev_param;
5484 
5485 	vif->driver_flags |= IEEE80211_VIF_SUPPORTS_UAPSD;
5486 
5487 	mutex_lock(&ar->conf_mutex);
5488 
5489 	memset(arvif, 0, sizeof(*arvif));
5490 	ath10k_mac_txq_init(vif->txq);
5491 
5492 	arvif->ar = ar;
5493 	arvif->vif = vif;
5494 
5495 	INIT_LIST_HEAD(&arvif->list);
5496 	INIT_WORK(&arvif->ap_csa_work, ath10k_mac_vif_ap_csa_work);
5497 	INIT_DELAYED_WORK(&arvif->connection_loss_work,
5498 			  ath10k_mac_vif_sta_connection_loss_work);
5499 
5500 	for (i = 0; i < ARRAY_SIZE(arvif->bitrate_mask.control); i++) {
5501 		arvif->bitrate_mask.control[i].legacy = 0xffffffff;
5502 		memset(arvif->bitrate_mask.control[i].ht_mcs, 0xff,
5503 		       sizeof(arvif->bitrate_mask.control[i].ht_mcs));
5504 		memset(arvif->bitrate_mask.control[i].vht_mcs, 0xff,
5505 		       sizeof(arvif->bitrate_mask.control[i].vht_mcs));
5506 	}
5507 
5508 	if (ar->num_peers >= ar->max_num_peers) {
5509 		ath10k_warn(ar, "refusing vdev creation due to insufficient peer entry resources in firmware\n");
5510 		ret = -ENOBUFS;
5511 		goto err;
5512 	}
5513 
5514 	if (ar->free_vdev_map == 0) {
5515 		ath10k_warn(ar, "Free vdev map is empty, no more interfaces allowed.\n");
5516 		ret = -EBUSY;
5517 		goto err;
5518 	}
5519 	bit = __ffs64(ar->free_vdev_map);
5520 
5521 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac create vdev %i map %llx\n",
5522 		   bit, ar->free_vdev_map);
5523 
5524 	arvif->vdev_id = bit;
5525 	arvif->vdev_subtype =
5526 		ath10k_wmi_get_vdev_subtype(ar, WMI_VDEV_SUBTYPE_NONE);
5527 
5528 	switch (vif->type) {
5529 	case NL80211_IFTYPE_P2P_DEVICE:
5530 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5531 		arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5532 					(ar, WMI_VDEV_SUBTYPE_P2P_DEVICE);
5533 		break;
5534 	case NL80211_IFTYPE_UNSPECIFIED:
5535 	case NL80211_IFTYPE_STATION:
5536 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5537 		if (vif->p2p)
5538 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5539 					(ar, WMI_VDEV_SUBTYPE_P2P_CLIENT);
5540 		break;
5541 	case NL80211_IFTYPE_ADHOC:
5542 		arvif->vdev_type = WMI_VDEV_TYPE_IBSS;
5543 		break;
5544 	case NL80211_IFTYPE_MESH_POINT:
5545 		if (test_bit(WMI_SERVICE_MESH_11S, ar->wmi.svc_map)) {
5546 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5547 						(ar, WMI_VDEV_SUBTYPE_MESH_11S);
5548 		} else if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5549 			ret = -EINVAL;
5550 			ath10k_warn(ar, "must load driver with rawmode=1 to add mesh interfaces\n");
5551 			goto err;
5552 		}
5553 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5554 		break;
5555 	case NL80211_IFTYPE_AP:
5556 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5557 
5558 		if (vif->p2p)
5559 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5560 						(ar, WMI_VDEV_SUBTYPE_P2P_GO);
5561 		break;
5562 	case NL80211_IFTYPE_MONITOR:
5563 		arvif->vdev_type = WMI_VDEV_TYPE_MONITOR;
5564 		break;
5565 	default:
5566 		WARN_ON(1);
5567 		break;
5568 	}
5569 
5570 	/* Using vdev_id as queue number will make it very easy to do per-vif
5571 	 * tx queue locking. This shouldn't wrap due to interface combinations
5572 	 * but do a modulo for correctness sake and prevent using offchannel tx
5573 	 * queues for regular vif tx.
5574 	 */
5575 	vif->cab_queue = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5576 	for (i = 0; i < ARRAY_SIZE(vif->hw_queue); i++)
5577 		vif->hw_queue[i] = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5578 
5579 	/* Some firmware revisions don't wait for beacon tx completion before
5580 	 * sending another SWBA event. This could lead to hardware using old
5581 	 * (freed) beacon data in some cases, e.g. tx credit starvation
5582 	 * combined with missed TBTT. This is very rare.
5583 	 *
5584 	 * On non-IOMMU-enabled hosts this could be a possible security issue
5585 	 * because hw could beacon some random data on the air.  On
5586 	 * IOMMU-enabled hosts DMAR faults would occur in most cases and target
5587 	 * device would crash.
5588 	 *
5589 	 * Since there are no beacon tx completions (implicit nor explicit)
5590 	 * propagated to host the only workaround for this is to allocate a
5591 	 * DMA-coherent buffer for a lifetime of a vif and use it for all
5592 	 * beacon tx commands. Worst case for this approach is some beacons may
5593 	 * become corrupted, e.g. have garbled IEs or out-of-date TIM bitmap.
5594 	 */
5595 	if (vif->type == NL80211_IFTYPE_ADHOC ||
5596 	    vif->type == NL80211_IFTYPE_MESH_POINT ||
5597 	    vif->type == NL80211_IFTYPE_AP) {
5598 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL) {
5599 			arvif->beacon_buf = kmalloc(IEEE80211_MAX_FRAME_LEN,
5600 						    GFP_KERNEL);
5601 
5602 			/* Using a kernel pointer in place of a dma_addr_t
5603 			 * token can lead to undefined behavior if that
5604 			 * makes it into cache management functions. Use a
5605 			 * known-invalid address token instead, which
5606 			 * avoids the warning and makes it easier to catch
5607 			 * bugs if it does end up getting used.
5608 			 */
5609 			arvif->beacon_paddr = DMA_MAPPING_ERROR;
5610 		} else {
5611 			arvif->beacon_buf =
5612 				dma_alloc_coherent(ar->dev,
5613 						   IEEE80211_MAX_FRAME_LEN,
5614 						   &arvif->beacon_paddr,
5615 						   GFP_ATOMIC);
5616 		}
5617 		if (!arvif->beacon_buf) {
5618 			ret = -ENOMEM;
5619 			ath10k_warn(ar, "failed to allocate beacon buffer: %d\n",
5620 				    ret);
5621 			goto err;
5622 		}
5623 	}
5624 	if (test_bit(ATH10K_FLAG_HW_CRYPTO_DISABLED, &ar->dev_flags))
5625 		arvif->nohwcrypt = true;
5626 
5627 	if (arvif->nohwcrypt &&
5628 	    !test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5629 		ret = -EINVAL;
5630 		ath10k_warn(ar, "cryptmode module param needed for sw crypto\n");
5631 		goto err;
5632 	}
5633 
5634 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev create %d (add interface) type %d subtype %d bcnmode %s\n",
5635 		   arvif->vdev_id, arvif->vdev_type, arvif->vdev_subtype,
5636 		   arvif->beacon_buf ? "single-buf" : "per-skb");
5637 
5638 	ret = ath10k_wmi_vdev_create(ar, arvif->vdev_id, arvif->vdev_type,
5639 				     arvif->vdev_subtype, vif->addr);
5640 	if (ret) {
5641 		ath10k_warn(ar, "failed to create WMI vdev %i: %d\n",
5642 			    arvif->vdev_id, ret);
5643 		goto err;
5644 	}
5645 
5646 	if (test_bit(WMI_SERVICE_VDEV_DISABLE_4_ADDR_SRC_LRN_SUPPORT,
5647 		     ar->wmi.svc_map)) {
5648 		vdev_param = ar->wmi.vdev_param->disable_4addr_src_lrn;
5649 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5650 						WMI_VDEV_DISABLE_4_ADDR_SRC_LRN);
5651 		if (ret && ret != -EOPNOTSUPP) {
5652 			ath10k_warn(ar, "failed to disable 4addr src lrn vdev %i: %d\n",
5653 				    arvif->vdev_id, ret);
5654 		}
5655 	}
5656 
5657 	ar->free_vdev_map &= ~(1LL << arvif->vdev_id);
5658 	spin_lock_bh(&ar->data_lock);
5659 	list_add(&arvif->list, &ar->arvifs);
5660 	spin_unlock_bh(&ar->data_lock);
5661 
5662 	/* It makes no sense to have firmware do keepalives. mac80211 already
5663 	 * takes care of this with idle connection polling.
5664 	 */
5665 	ret = ath10k_mac_vif_disable_keepalive(arvif);
5666 	if (ret) {
5667 		ath10k_warn(ar, "failed to disable keepalive on vdev %i: %d\n",
5668 			    arvif->vdev_id, ret);
5669 		goto err_vdev_delete;
5670 	}
5671 
5672 	arvif->def_wep_key_idx = -1;
5673 
5674 	vdev_param = ar->wmi.vdev_param->tx_encap_type;
5675 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5676 					ATH10K_HW_TXRX_NATIVE_WIFI);
5677 	/* 10.X firmware does not support this VDEV parameter. Do not warn */
5678 	if (ret && ret != -EOPNOTSUPP) {
5679 		ath10k_warn(ar, "failed to set vdev %i TX encapsulation: %d\n",
5680 			    arvif->vdev_id, ret);
5681 		goto err_vdev_delete;
5682 	}
5683 
5684 	/* Configuring number of spatial stream for monitor interface is causing
5685 	 * target assert in qca9888 and qca6174.
5686 	 */
5687 	if (ar->cfg_tx_chainmask && (vif->type != NL80211_IFTYPE_MONITOR)) {
5688 		u16 nss = get_nss_from_chainmask(ar->cfg_tx_chainmask);
5689 
5690 		vdev_param = ar->wmi.vdev_param->nss;
5691 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5692 						nss);
5693 		if (ret) {
5694 			ath10k_warn(ar, "failed to set vdev %i chainmask 0x%x, nss %i: %d\n",
5695 				    arvif->vdev_id, ar->cfg_tx_chainmask, nss,
5696 				    ret);
5697 			goto err_vdev_delete;
5698 		}
5699 	}
5700 
5701 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5702 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5703 		ret = ath10k_peer_create(ar, vif, NULL, arvif->vdev_id,
5704 					 vif->addr, WMI_PEER_TYPE_DEFAULT);
5705 		if (ret) {
5706 			ath10k_warn(ar, "failed to create vdev %i peer for AP/IBSS: %d\n",
5707 				    arvif->vdev_id, ret);
5708 			goto err_vdev_delete;
5709 		}
5710 
5711 		spin_lock_bh(&ar->data_lock);
5712 
5713 		peer = ath10k_peer_find(ar, arvif->vdev_id, vif->addr);
5714 		if (!peer) {
5715 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
5716 				    vif->addr, arvif->vdev_id);
5717 			spin_unlock_bh(&ar->data_lock);
5718 			ret = -ENOENT;
5719 			goto err_peer_delete;
5720 		}
5721 
5722 		arvif->peer_id = find_first_bit(peer->peer_ids,
5723 						ATH10K_MAX_NUM_PEER_IDS);
5724 
5725 		spin_unlock_bh(&ar->data_lock);
5726 	} else {
5727 		arvif->peer_id = HTT_INVALID_PEERID;
5728 	}
5729 
5730 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
5731 		ret = ath10k_mac_set_kickout(arvif);
5732 		if (ret) {
5733 			ath10k_warn(ar, "failed to set vdev %i kickout parameters: %d\n",
5734 				    arvif->vdev_id, ret);
5735 			goto err_peer_delete;
5736 		}
5737 	}
5738 
5739 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
5740 		param = WMI_STA_PS_PARAM_RX_WAKE_POLICY;
5741 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
5742 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
5743 						  param, value);
5744 		if (ret) {
5745 			ath10k_warn(ar, "failed to set vdev %i RX wake policy: %d\n",
5746 				    arvif->vdev_id, ret);
5747 			goto err_peer_delete;
5748 		}
5749 
5750 		ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
5751 		if (ret) {
5752 			ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
5753 				    arvif->vdev_id, ret);
5754 			goto err_peer_delete;
5755 		}
5756 
5757 		ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
5758 		if (ret) {
5759 			ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
5760 				    arvif->vdev_id, ret);
5761 			goto err_peer_delete;
5762 		}
5763 	}
5764 
5765 	ret = ath10k_mac_set_txbf_conf(arvif);
5766 	if (ret) {
5767 		ath10k_warn(ar, "failed to set txbf for vdev %d: %d\n",
5768 			    arvif->vdev_id, ret);
5769 		goto err_peer_delete;
5770 	}
5771 
5772 	ret = ath10k_mac_set_rts(arvif, ar->hw->wiphy->rts_threshold);
5773 	if (ret) {
5774 		ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
5775 			    arvif->vdev_id, ret);
5776 		goto err_peer_delete;
5777 	}
5778 
5779 	arvif->txpower = vif->bss_conf.txpower;
5780 	ret = ath10k_mac_txpower_recalc(ar);
5781 	if (ret) {
5782 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5783 		goto err_peer_delete;
5784 	}
5785 
5786 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
5787 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
5788 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5789 						arvif->ftm_responder);
5790 
5791 		/* It is harmless to not set FTM role. Do not warn */
5792 		if (ret && ret != -EOPNOTSUPP)
5793 			ath10k_warn(ar, "failed to set vdev %i FTM Responder: %d\n",
5794 				    arvif->vdev_id, ret);
5795 	}
5796 
5797 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5798 		ar->monitor_arvif = arvif;
5799 		ret = ath10k_monitor_recalc(ar);
5800 		if (ret) {
5801 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5802 			goto err_peer_delete;
5803 		}
5804 	}
5805 
5806 	spin_lock_bh(&ar->htt.tx_lock);
5807 	if (!ar->tx_paused)
5808 		ieee80211_wake_queue(ar->hw, arvif->vdev_id);
5809 	spin_unlock_bh(&ar->htt.tx_lock);
5810 
5811 	mutex_unlock(&ar->conf_mutex);
5812 	return 0;
5813 
5814 err_peer_delete:
5815 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5816 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5817 		ath10k_wmi_peer_delete(ar, arvif->vdev_id, vif->addr);
5818 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5819 						 vif->addr);
5820 	}
5821 
5822 err_vdev_delete:
5823 	ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5824 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5825 	spin_lock_bh(&ar->data_lock);
5826 	list_del(&arvif->list);
5827 	spin_unlock_bh(&ar->data_lock);
5828 
5829 err:
5830 	if (arvif->beacon_buf) {
5831 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)
5832 			kfree(arvif->beacon_buf);
5833 		else
5834 			dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
5835 					  arvif->beacon_buf,
5836 					  arvif->beacon_paddr);
5837 		arvif->beacon_buf = NULL;
5838 	}
5839 
5840 	mutex_unlock(&ar->conf_mutex);
5841 
5842 	return ret;
5843 }
5844 
5845 static void ath10k_mac_vif_tx_unlock_all(struct ath10k_vif *arvif)
5846 {
5847 	int i;
5848 
5849 	for (i = 0; i < BITS_PER_LONG; i++)
5850 		ath10k_mac_vif_tx_unlock(arvif, i);
5851 }
5852 
5853 static void ath10k_remove_interface(struct ieee80211_hw *hw,
5854 				    struct ieee80211_vif *vif)
5855 {
5856 	struct ath10k *ar = hw->priv;
5857 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5858 	struct ath10k_peer *peer;
5859 	unsigned long time_left;
5860 	int ret;
5861 	int i;
5862 
5863 	cancel_work_sync(&arvif->ap_csa_work);
5864 	cancel_delayed_work_sync(&arvif->connection_loss_work);
5865 
5866 	mutex_lock(&ar->conf_mutex);
5867 
5868 	ret = ath10k_spectral_vif_stop(arvif);
5869 	if (ret)
5870 		ath10k_warn(ar, "failed to stop spectral for vdev %i: %d\n",
5871 			    arvif->vdev_id, ret);
5872 
5873 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5874 	spin_lock_bh(&ar->data_lock);
5875 	list_del(&arvif->list);
5876 	spin_unlock_bh(&ar->data_lock);
5877 
5878 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5879 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5880 		ret = ath10k_wmi_peer_delete(arvif->ar, arvif->vdev_id,
5881 					     vif->addr);
5882 		if (ret)
5883 			ath10k_warn(ar, "failed to submit AP/IBSS self-peer removal on vdev %i: %d\n",
5884 				    arvif->vdev_id, ret);
5885 
5886 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5887 						 vif->addr);
5888 		kfree(arvif->u.ap.noa_data);
5889 	}
5890 
5891 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i delete (remove interface)\n",
5892 		   arvif->vdev_id);
5893 
5894 	ret = ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5895 	if (ret)
5896 		ath10k_warn(ar, "failed to delete WMI vdev %i: %d\n",
5897 			    arvif->vdev_id, ret);
5898 
5899 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
5900 		time_left = wait_for_completion_timeout(&ar->vdev_delete_done,
5901 							ATH10K_VDEV_DELETE_TIMEOUT_HZ);
5902 		if (time_left == 0) {
5903 			ath10k_warn(ar, "Timeout in receiving vdev delete response\n");
5904 			goto out;
5905 		}
5906 	}
5907 
5908 	/* Some firmware revisions don't notify host about self-peer removal
5909 	 * until after associated vdev is deleted.
5910 	 */
5911 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5912 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5913 		ret = ath10k_wait_for_peer_deleted(ar, arvif->vdev_id,
5914 						   vif->addr);
5915 		if (ret)
5916 			ath10k_warn(ar, "failed to remove AP self-peer on vdev %i: %d\n",
5917 				    arvif->vdev_id, ret);
5918 
5919 		spin_lock_bh(&ar->data_lock);
5920 		ar->num_peers--;
5921 		spin_unlock_bh(&ar->data_lock);
5922 	}
5923 
5924 	spin_lock_bh(&ar->data_lock);
5925 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
5926 		peer = ar->peer_map[i];
5927 		if (!peer)
5928 			continue;
5929 
5930 		if (peer->vif == vif) {
5931 			ath10k_warn(ar, "found vif peer %pM entry on vdev %i after it was supposedly removed\n",
5932 				    vif->addr, arvif->vdev_id);
5933 			peer->vif = NULL;
5934 		}
5935 	}
5936 
5937 	/* Clean this up late, less opportunity for firmware to access
5938 	 * DMA memory we have deleted.
5939 	 */
5940 	ath10k_mac_vif_beacon_cleanup(arvif);
5941 	spin_unlock_bh(&ar->data_lock);
5942 
5943 	ath10k_peer_cleanup(ar, arvif->vdev_id);
5944 	ath10k_mac_txq_unref(ar, vif->txq);
5945 
5946 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5947 		ar->monitor_arvif = NULL;
5948 		ret = ath10k_monitor_recalc(ar);
5949 		if (ret)
5950 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5951 	}
5952 
5953 	ret = ath10k_mac_txpower_recalc(ar);
5954 	if (ret)
5955 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5956 
5957 	spin_lock_bh(&ar->htt.tx_lock);
5958 	ath10k_mac_vif_tx_unlock_all(arvif);
5959 	spin_unlock_bh(&ar->htt.tx_lock);
5960 
5961 	ath10k_mac_txq_unref(ar, vif->txq);
5962 
5963 out:
5964 	mutex_unlock(&ar->conf_mutex);
5965 }
5966 
5967 /*
5968  * FIXME: Has to be verified.
5969  */
5970 #define SUPPORTED_FILTERS			\
5971 	(FIF_ALLMULTI |				\
5972 	FIF_CONTROL |				\
5973 	FIF_PSPOLL |				\
5974 	FIF_OTHER_BSS |				\
5975 	FIF_BCN_PRBRESP_PROMISC |		\
5976 	FIF_PROBE_REQ |				\
5977 	FIF_FCSFAIL)
5978 
5979 static void ath10k_configure_filter(struct ieee80211_hw *hw,
5980 				    unsigned int changed_flags,
5981 				    unsigned int *total_flags,
5982 				    u64 multicast)
5983 {
5984 	struct ath10k *ar = hw->priv;
5985 	int ret;
5986 
5987 	mutex_lock(&ar->conf_mutex);
5988 
5989 	changed_flags &= SUPPORTED_FILTERS;
5990 	*total_flags &= SUPPORTED_FILTERS;
5991 	ar->filter_flags = *total_flags;
5992 
5993 	ret = ath10k_monitor_recalc(ar);
5994 	if (ret)
5995 		ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5996 
5997 	mutex_unlock(&ar->conf_mutex);
5998 }
5999 
6000 static void ath10k_recalculate_mgmt_rate(struct ath10k *ar,
6001 					 struct ieee80211_vif *vif,
6002 					 struct cfg80211_chan_def *def)
6003 {
6004 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6005 	const struct ieee80211_supported_band *sband;
6006 	u8 basic_rate_idx;
6007 	int hw_rate_code;
6008 	u32 vdev_param;
6009 	u16 bitrate;
6010 	int ret;
6011 
6012 	lockdep_assert_held(&ar->conf_mutex);
6013 
6014 	sband = ar->hw->wiphy->bands[def->chan->band];
6015 	basic_rate_idx = ffs(vif->bss_conf.basic_rates) - 1;
6016 	bitrate = sband->bitrates[basic_rate_idx].bitrate;
6017 
6018 	hw_rate_code = ath10k_mac_get_rate_hw_value(bitrate);
6019 	if (hw_rate_code < 0) {
6020 		ath10k_warn(ar, "bitrate not supported %d\n", bitrate);
6021 		return;
6022 	}
6023 
6024 	vdev_param = ar->wmi.vdev_param->mgmt_rate;
6025 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6026 					hw_rate_code);
6027 	if (ret)
6028 		ath10k_warn(ar, "failed to set mgmt tx rate %d\n", ret);
6029 }
6030 
6031 static void ath10k_bss_info_changed(struct ieee80211_hw *hw,
6032 				    struct ieee80211_vif *vif,
6033 				    struct ieee80211_bss_conf *info,
6034 				    u64 changed)
6035 {
6036 	struct ath10k *ar = hw->priv;
6037 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6038 	struct cfg80211_chan_def def;
6039 	u32 vdev_param, pdev_param, slottime, preamble;
6040 	u16 bitrate, hw_value;
6041 	u8 rate, rateidx;
6042 	int ret = 0, mcast_rate;
6043 	enum nl80211_band band;
6044 
6045 	mutex_lock(&ar->conf_mutex);
6046 
6047 	if (changed & BSS_CHANGED_IBSS)
6048 		ath10k_control_ibss(arvif, info, vif->addr);
6049 
6050 	if (changed & BSS_CHANGED_BEACON_INT) {
6051 		arvif->beacon_interval = info->beacon_int;
6052 		vdev_param = ar->wmi.vdev_param->beacon_interval;
6053 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6054 						arvif->beacon_interval);
6055 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6056 			   "mac vdev %d beacon_interval %d\n",
6057 			   arvif->vdev_id, arvif->beacon_interval);
6058 
6059 		if (ret)
6060 			ath10k_warn(ar, "failed to set beacon interval for vdev %d: %i\n",
6061 				    arvif->vdev_id, ret);
6062 	}
6063 
6064 	if (changed & BSS_CHANGED_BEACON) {
6065 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6066 			   "vdev %d set beacon tx mode to staggered\n",
6067 			   arvif->vdev_id);
6068 
6069 		pdev_param = ar->wmi.pdev_param->beacon_tx_mode;
6070 		ret = ath10k_wmi_pdev_set_param(ar, pdev_param,
6071 						WMI_BEACON_STAGGERED_MODE);
6072 		if (ret)
6073 			ath10k_warn(ar, "failed to set beacon mode for vdev %d: %i\n",
6074 				    arvif->vdev_id, ret);
6075 
6076 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
6077 		if (ret)
6078 			ath10k_warn(ar, "failed to update beacon template: %d\n",
6079 				    ret);
6080 
6081 		if (ieee80211_vif_is_mesh(vif)) {
6082 			/* mesh doesn't use SSID but firmware needs it */
6083 			strncpy(arvif->u.ap.ssid, "mesh",
6084 				sizeof(arvif->u.ap.ssid));
6085 			arvif->u.ap.ssid_len = 4;
6086 		}
6087 	}
6088 
6089 	if (changed & BSS_CHANGED_AP_PROBE_RESP) {
6090 		ret = ath10k_mac_setup_prb_tmpl(arvif);
6091 		if (ret)
6092 			ath10k_warn(ar, "failed to setup probe resp template on vdev %i: %d\n",
6093 				    arvif->vdev_id, ret);
6094 	}
6095 
6096 	if (changed & (BSS_CHANGED_BEACON_INFO | BSS_CHANGED_BEACON)) {
6097 		arvif->dtim_period = info->dtim_period;
6098 
6099 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6100 			   "mac vdev %d dtim_period %d\n",
6101 			   arvif->vdev_id, arvif->dtim_period);
6102 
6103 		vdev_param = ar->wmi.vdev_param->dtim_period;
6104 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6105 						arvif->dtim_period);
6106 		if (ret)
6107 			ath10k_warn(ar, "failed to set dtim period for vdev %d: %i\n",
6108 				    arvif->vdev_id, ret);
6109 	}
6110 
6111 	if (changed & BSS_CHANGED_SSID &&
6112 	    vif->type == NL80211_IFTYPE_AP) {
6113 		arvif->u.ap.ssid_len = info->ssid_len;
6114 		if (info->ssid_len)
6115 			memcpy(arvif->u.ap.ssid, info->ssid, info->ssid_len);
6116 		arvif->u.ap.hidden_ssid = info->hidden_ssid;
6117 	}
6118 
6119 	if (changed & BSS_CHANGED_BSSID && !is_zero_ether_addr(info->bssid))
6120 		ether_addr_copy(arvif->bssid, info->bssid);
6121 
6122 	if (changed & BSS_CHANGED_FTM_RESPONDER &&
6123 	    arvif->ftm_responder != info->ftm_responder &&
6124 	    test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
6125 		arvif->ftm_responder = info->ftm_responder;
6126 
6127 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
6128 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6129 						arvif->ftm_responder);
6130 
6131 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6132 			   "mac vdev %d ftm_responder %d:ret %d\n",
6133 			   arvif->vdev_id, arvif->ftm_responder, ret);
6134 	}
6135 
6136 	if (changed & BSS_CHANGED_BEACON_ENABLED)
6137 		ath10k_control_beaconing(arvif, info);
6138 
6139 	if (changed & BSS_CHANGED_ERP_CTS_PROT) {
6140 		arvif->use_cts_prot = info->use_cts_prot;
6141 
6142 		ret = ath10k_recalc_rtscts_prot(arvif);
6143 		if (ret)
6144 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
6145 				    arvif->vdev_id, ret);
6146 
6147 		if (ath10k_mac_can_set_cts_prot(arvif)) {
6148 			ret = ath10k_mac_set_cts_prot(arvif);
6149 			if (ret)
6150 				ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
6151 					    arvif->vdev_id, ret);
6152 		}
6153 	}
6154 
6155 	if (changed & BSS_CHANGED_ERP_SLOT) {
6156 		if (info->use_short_slot)
6157 			slottime = WMI_VDEV_SLOT_TIME_SHORT; /* 9us */
6158 
6159 		else
6160 			slottime = WMI_VDEV_SLOT_TIME_LONG; /* 20us */
6161 
6162 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d slot_time %d\n",
6163 			   arvif->vdev_id, slottime);
6164 
6165 		vdev_param = ar->wmi.vdev_param->slot_time;
6166 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6167 						slottime);
6168 		if (ret)
6169 			ath10k_warn(ar, "failed to set erp slot for vdev %d: %i\n",
6170 				    arvif->vdev_id, ret);
6171 	}
6172 
6173 	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
6174 		if (info->use_short_preamble)
6175 			preamble = WMI_VDEV_PREAMBLE_SHORT;
6176 		else
6177 			preamble = WMI_VDEV_PREAMBLE_LONG;
6178 
6179 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6180 			   "mac vdev %d preamble %dn",
6181 			   arvif->vdev_id, preamble);
6182 
6183 		vdev_param = ar->wmi.vdev_param->preamble;
6184 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6185 						preamble);
6186 		if (ret)
6187 			ath10k_warn(ar, "failed to set preamble for vdev %d: %i\n",
6188 				    arvif->vdev_id, ret);
6189 	}
6190 
6191 	if (changed & BSS_CHANGED_ASSOC) {
6192 		if (info->assoc) {
6193 			/* Workaround: Make sure monitor vdev is not running
6194 			 * when associating to prevent some firmware revisions
6195 			 * (e.g. 10.1 and 10.2) from crashing.
6196 			 */
6197 			if (ar->monitor_started)
6198 				ath10k_monitor_stop(ar);
6199 			ath10k_bss_assoc(hw, vif, info);
6200 			ath10k_monitor_recalc(ar);
6201 		} else {
6202 			ath10k_bss_disassoc(hw, vif);
6203 		}
6204 	}
6205 
6206 	if (changed & BSS_CHANGED_TXPOWER) {
6207 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev_id %i txpower %d\n",
6208 			   arvif->vdev_id, info->txpower);
6209 
6210 		arvif->txpower = info->txpower;
6211 		ret = ath10k_mac_txpower_recalc(ar);
6212 		if (ret)
6213 			ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
6214 	}
6215 
6216 	if (changed & BSS_CHANGED_PS) {
6217 		arvif->ps = vif->bss_conf.ps;
6218 
6219 		ret = ath10k_config_ps(ar);
6220 		if (ret)
6221 			ath10k_warn(ar, "failed to setup ps on vdev %i: %d\n",
6222 				    arvif->vdev_id, ret);
6223 	}
6224 
6225 	if (changed & BSS_CHANGED_MCAST_RATE &&
6226 	    !ath10k_mac_vif_chan(arvif->vif, &def)) {
6227 		band = def.chan->band;
6228 		mcast_rate = vif->bss_conf.mcast_rate[band];
6229 		if (mcast_rate > 0)
6230 			rateidx = mcast_rate - 1;
6231 		else
6232 			rateidx = ffs(vif->bss_conf.basic_rates) - 1;
6233 
6234 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6235 			rateidx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6236 
6237 		bitrate = ath10k_wmi_legacy_rates[rateidx].bitrate;
6238 		hw_value = ath10k_wmi_legacy_rates[rateidx].hw_value;
6239 		if (ath10k_mac_bitrate_is_cck(bitrate))
6240 			preamble = WMI_RATE_PREAMBLE_CCK;
6241 		else
6242 			preamble = WMI_RATE_PREAMBLE_OFDM;
6243 
6244 		rate = ATH10K_HW_RATECODE(hw_value, 0, preamble);
6245 
6246 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6247 			   "mac vdev %d mcast_rate %x\n",
6248 			   arvif->vdev_id, rate);
6249 
6250 		vdev_param = ar->wmi.vdev_param->mcast_data_rate;
6251 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6252 						vdev_param, rate);
6253 		if (ret)
6254 			ath10k_warn(ar,
6255 				    "failed to set mcast rate on vdev %i: %d\n",
6256 				    arvif->vdev_id,  ret);
6257 
6258 		vdev_param = ar->wmi.vdev_param->bcast_data_rate;
6259 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6260 						vdev_param, rate);
6261 		if (ret)
6262 			ath10k_warn(ar,
6263 				    "failed to set bcast rate on vdev %i: %d\n",
6264 				    arvif->vdev_id,  ret);
6265 	}
6266 
6267 	if (changed & BSS_CHANGED_BASIC_RATES &&
6268 	    !ath10k_mac_vif_chan(arvif->vif, &def))
6269 		ath10k_recalculate_mgmt_rate(ar, vif, &def);
6270 
6271 	mutex_unlock(&ar->conf_mutex);
6272 }
6273 
6274 static void ath10k_mac_op_set_coverage_class(struct ieee80211_hw *hw, s16 value)
6275 {
6276 	struct ath10k *ar = hw->priv;
6277 
6278 	/* This function should never be called if setting the coverage class
6279 	 * is not supported on this hardware.
6280 	 */
6281 	if (!ar->hw_params.hw_ops->set_coverage_class) {
6282 		WARN_ON_ONCE(1);
6283 		return;
6284 	}
6285 	ar->hw_params.hw_ops->set_coverage_class(ar, value);
6286 }
6287 
6288 struct ath10k_mac_tdls_iter_data {
6289 	u32 num_tdls_stations;
6290 	struct ieee80211_vif *curr_vif;
6291 };
6292 
6293 static void ath10k_mac_tdls_vif_stations_count_iter(void *data,
6294 						    struct ieee80211_sta *sta)
6295 {
6296 	struct ath10k_mac_tdls_iter_data *iter_data = data;
6297 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
6298 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
6299 
6300 	if (sta->tdls && sta_vif == iter_data->curr_vif)
6301 		iter_data->num_tdls_stations++;
6302 }
6303 
6304 static int ath10k_mac_tdls_vif_stations_count(struct ieee80211_hw *hw,
6305 					      struct ieee80211_vif *vif)
6306 {
6307 	struct ath10k_mac_tdls_iter_data data = {};
6308 
6309 	data.curr_vif = vif;
6310 
6311 	ieee80211_iterate_stations_atomic(hw,
6312 					  ath10k_mac_tdls_vif_stations_count_iter,
6313 					  &data);
6314 	return data.num_tdls_stations;
6315 }
6316 
6317 static int ath10k_hw_scan(struct ieee80211_hw *hw,
6318 			  struct ieee80211_vif *vif,
6319 			  struct ieee80211_scan_request *hw_req)
6320 {
6321 	struct ath10k *ar = hw->priv;
6322 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6323 	struct cfg80211_scan_request *req = &hw_req->req;
6324 	struct wmi_start_scan_arg arg;
6325 	int ret = 0;
6326 	int i;
6327 	u32 scan_timeout;
6328 
6329 	mutex_lock(&ar->conf_mutex);
6330 
6331 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
6332 		ret = -EBUSY;
6333 		goto exit;
6334 	}
6335 
6336 	spin_lock_bh(&ar->data_lock);
6337 	switch (ar->scan.state) {
6338 	case ATH10K_SCAN_IDLE:
6339 		reinit_completion(&ar->scan.started);
6340 		reinit_completion(&ar->scan.completed);
6341 		ar->scan.state = ATH10K_SCAN_STARTING;
6342 		ar->scan.is_roc = false;
6343 		ar->scan.vdev_id = arvif->vdev_id;
6344 		ret = 0;
6345 		break;
6346 	case ATH10K_SCAN_STARTING:
6347 	case ATH10K_SCAN_RUNNING:
6348 	case ATH10K_SCAN_ABORTING:
6349 		ret = -EBUSY;
6350 		break;
6351 	}
6352 	spin_unlock_bh(&ar->data_lock);
6353 
6354 	if (ret)
6355 		goto exit;
6356 
6357 	memset(&arg, 0, sizeof(arg));
6358 	ath10k_wmi_start_scan_init(ar, &arg);
6359 	arg.vdev_id = arvif->vdev_id;
6360 	arg.scan_id = ATH10K_SCAN_ID;
6361 
6362 	if (req->ie_len) {
6363 		arg.ie_len = req->ie_len;
6364 		memcpy(arg.ie, req->ie, arg.ie_len);
6365 	}
6366 
6367 	if (req->n_ssids) {
6368 		arg.n_ssids = req->n_ssids;
6369 		for (i = 0; i < arg.n_ssids; i++) {
6370 			arg.ssids[i].len  = req->ssids[i].ssid_len;
6371 			arg.ssids[i].ssid = req->ssids[i].ssid;
6372 		}
6373 	} else {
6374 		arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
6375 	}
6376 
6377 	if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6378 		arg.scan_ctrl_flags |=  WMI_SCAN_ADD_SPOOFED_MAC_IN_PROBE_REQ;
6379 		ether_addr_copy(arg.mac_addr.addr, req->mac_addr);
6380 		ether_addr_copy(arg.mac_mask.addr, req->mac_addr_mask);
6381 	}
6382 
6383 	if (req->n_channels) {
6384 		arg.n_channels = req->n_channels;
6385 		for (i = 0; i < arg.n_channels; i++)
6386 			arg.channels[i] = req->channels[i]->center_freq;
6387 	}
6388 
6389 	/* if duration is set, default dwell times will be overwritten */
6390 	if (req->duration) {
6391 		arg.dwell_time_active = req->duration;
6392 		arg.dwell_time_passive = req->duration;
6393 		arg.burst_duration_ms = req->duration;
6394 
6395 		scan_timeout = min_t(u32, arg.max_rest_time *
6396 				(arg.n_channels - 1) + (req->duration +
6397 				ATH10K_SCAN_CHANNEL_SWITCH_WMI_EVT_OVERHEAD) *
6398 				arg.n_channels, arg.max_scan_time);
6399 	} else {
6400 		scan_timeout = arg.max_scan_time;
6401 	}
6402 
6403 	/* Add a 200ms margin to account for event/command processing */
6404 	scan_timeout += 200;
6405 
6406 	ret = ath10k_start_scan(ar, &arg);
6407 	if (ret) {
6408 		ath10k_warn(ar, "failed to start hw scan: %d\n", ret);
6409 		spin_lock_bh(&ar->data_lock);
6410 		ar->scan.state = ATH10K_SCAN_IDLE;
6411 		spin_unlock_bh(&ar->data_lock);
6412 	}
6413 
6414 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
6415 				     msecs_to_jiffies(scan_timeout));
6416 
6417 exit:
6418 	mutex_unlock(&ar->conf_mutex);
6419 	return ret;
6420 }
6421 
6422 static void ath10k_cancel_hw_scan(struct ieee80211_hw *hw,
6423 				  struct ieee80211_vif *vif)
6424 {
6425 	struct ath10k *ar = hw->priv;
6426 
6427 	mutex_lock(&ar->conf_mutex);
6428 	ath10k_scan_abort(ar);
6429 	mutex_unlock(&ar->conf_mutex);
6430 
6431 	cancel_delayed_work_sync(&ar->scan.timeout);
6432 }
6433 
6434 static void ath10k_set_key_h_def_keyidx(struct ath10k *ar,
6435 					struct ath10k_vif *arvif,
6436 					enum set_key_cmd cmd,
6437 					struct ieee80211_key_conf *key)
6438 {
6439 	u32 vdev_param = arvif->ar->wmi.vdev_param->def_keyid;
6440 	int ret;
6441 
6442 	/* 10.1 firmware branch requires default key index to be set to group
6443 	 * key index after installing it. Otherwise FW/HW Txes corrupted
6444 	 * frames with multi-vif APs. This is not required for main firmware
6445 	 * branch (e.g. 636).
6446 	 *
6447 	 * This is also needed for 636 fw for IBSS-RSN to work more reliably.
6448 	 *
6449 	 * FIXME: It remains unknown if this is required for multi-vif STA
6450 	 * interfaces on 10.1.
6451 	 */
6452 
6453 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
6454 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
6455 		return;
6456 
6457 	if (key->cipher == WLAN_CIPHER_SUITE_WEP40)
6458 		return;
6459 
6460 	if (key->cipher == WLAN_CIPHER_SUITE_WEP104)
6461 		return;
6462 
6463 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6464 		return;
6465 
6466 	if (cmd != SET_KEY)
6467 		return;
6468 
6469 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6470 					key->keyidx);
6471 	if (ret)
6472 		ath10k_warn(ar, "failed to set vdev %i group key as default key: %d\n",
6473 			    arvif->vdev_id, ret);
6474 }
6475 
6476 static int ath10k_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
6477 			  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
6478 			  struct ieee80211_key_conf *key)
6479 {
6480 	struct ath10k *ar = hw->priv;
6481 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6482 	struct ath10k_sta *arsta;
6483 	struct ath10k_peer *peer;
6484 	const u8 *peer_addr;
6485 	bool is_wep = key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
6486 		      key->cipher == WLAN_CIPHER_SUITE_WEP104;
6487 	int ret = 0;
6488 	int ret2;
6489 	u32 flags = 0;
6490 	u32 flags2;
6491 
6492 	/* this one needs to be done in software */
6493 	if (key->cipher == WLAN_CIPHER_SUITE_AES_CMAC ||
6494 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 ||
6495 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256 ||
6496 	    key->cipher == WLAN_CIPHER_SUITE_BIP_CMAC_256)
6497 		return 1;
6498 
6499 	if (arvif->nohwcrypt)
6500 		return 1;
6501 
6502 	if (key->keyidx > WMI_MAX_KEY_INDEX)
6503 		return -ENOSPC;
6504 
6505 	mutex_lock(&ar->conf_mutex);
6506 
6507 	if (sta) {
6508 		arsta = (struct ath10k_sta *)sta->drv_priv;
6509 		peer_addr = sta->addr;
6510 		spin_lock_bh(&ar->data_lock);
6511 		arsta->ucast_cipher = key->cipher;
6512 		spin_unlock_bh(&ar->data_lock);
6513 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
6514 		peer_addr = vif->bss_conf.bssid;
6515 	} else {
6516 		peer_addr = vif->addr;
6517 	}
6518 
6519 	key->hw_key_idx = key->keyidx;
6520 
6521 	if (is_wep) {
6522 		if (cmd == SET_KEY)
6523 			arvif->wep_keys[key->keyidx] = key;
6524 		else
6525 			arvif->wep_keys[key->keyidx] = NULL;
6526 	}
6527 
6528 	/* the peer should not disappear in mid-way (unless FW goes awry) since
6529 	 * we already hold conf_mutex. we just make sure its there now.
6530 	 */
6531 	spin_lock_bh(&ar->data_lock);
6532 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6533 	spin_unlock_bh(&ar->data_lock);
6534 
6535 	if (!peer) {
6536 		if (cmd == SET_KEY) {
6537 			ath10k_warn(ar, "failed to install key for non-existent peer %pM\n",
6538 				    peer_addr);
6539 			ret = -EOPNOTSUPP;
6540 			goto exit;
6541 		} else {
6542 			/* if the peer doesn't exist there is no key to disable anymore */
6543 			goto exit;
6544 		}
6545 	}
6546 
6547 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6548 		flags |= WMI_KEY_PAIRWISE;
6549 	else
6550 		flags |= WMI_KEY_GROUP;
6551 
6552 	if (is_wep) {
6553 		if (cmd == DISABLE_KEY)
6554 			ath10k_clear_vdev_key(arvif, key);
6555 
6556 		/* When WEP keys are uploaded it's possible that there are
6557 		 * stations associated already (e.g. when merging) without any
6558 		 * keys. Static WEP needs an explicit per-peer key upload.
6559 		 */
6560 		if (vif->type == NL80211_IFTYPE_ADHOC &&
6561 		    cmd == SET_KEY)
6562 			ath10k_mac_vif_update_wep_key(arvif, key);
6563 
6564 		/* 802.1x never sets the def_wep_key_idx so each set_key()
6565 		 * call changes default tx key.
6566 		 *
6567 		 * Static WEP sets def_wep_key_idx via .set_default_unicast_key
6568 		 * after first set_key().
6569 		 */
6570 		if (cmd == SET_KEY && arvif->def_wep_key_idx == -1)
6571 			flags |= WMI_KEY_TX_USAGE;
6572 	}
6573 
6574 	ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags);
6575 	if (ret) {
6576 		WARN_ON(ret > 0);
6577 		ath10k_warn(ar, "failed to install key for vdev %i peer %pM: %d\n",
6578 			    arvif->vdev_id, peer_addr, ret);
6579 		goto exit;
6580 	}
6581 
6582 	/* mac80211 sets static WEP keys as groupwise while firmware requires
6583 	 * them to be installed twice as both pairwise and groupwise.
6584 	 */
6585 	if (is_wep && !sta && vif->type == NL80211_IFTYPE_STATION) {
6586 		flags2 = flags;
6587 		flags2 &= ~WMI_KEY_GROUP;
6588 		flags2 |= WMI_KEY_PAIRWISE;
6589 
6590 		ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags2);
6591 		if (ret) {
6592 			WARN_ON(ret > 0);
6593 			ath10k_warn(ar, "failed to install (ucast) key for vdev %i peer %pM: %d\n",
6594 				    arvif->vdev_id, peer_addr, ret);
6595 			ret2 = ath10k_install_key(arvif, key, DISABLE_KEY,
6596 						  peer_addr, flags);
6597 			if (ret2) {
6598 				WARN_ON(ret2 > 0);
6599 				ath10k_warn(ar, "failed to disable (mcast) key for vdev %i peer %pM: %d\n",
6600 					    arvif->vdev_id, peer_addr, ret2);
6601 			}
6602 			goto exit;
6603 		}
6604 	}
6605 
6606 	ath10k_set_key_h_def_keyidx(ar, arvif, cmd, key);
6607 
6608 	spin_lock_bh(&ar->data_lock);
6609 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6610 	if (peer && cmd == SET_KEY)
6611 		peer->keys[key->keyidx] = key;
6612 	else if (peer && cmd == DISABLE_KEY)
6613 		peer->keys[key->keyidx] = NULL;
6614 	else if (peer == NULL)
6615 		/* impossible unless FW goes crazy */
6616 		ath10k_warn(ar, "Peer %pM disappeared!\n", peer_addr);
6617 	spin_unlock_bh(&ar->data_lock);
6618 
6619 	if (sta && sta->tdls)
6620 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6621 					  ar->wmi.peer_param->authorize, 1);
6622 	else if (sta && cmd == SET_KEY && (key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
6623 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, peer_addr,
6624 					  ar->wmi.peer_param->authorize, 1);
6625 
6626 exit:
6627 	mutex_unlock(&ar->conf_mutex);
6628 	return ret;
6629 }
6630 
6631 static void ath10k_set_default_unicast_key(struct ieee80211_hw *hw,
6632 					   struct ieee80211_vif *vif,
6633 					   int keyidx)
6634 {
6635 	struct ath10k *ar = hw->priv;
6636 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6637 	int ret;
6638 
6639 	mutex_lock(&arvif->ar->conf_mutex);
6640 
6641 	if (arvif->ar->state != ATH10K_STATE_ON)
6642 		goto unlock;
6643 
6644 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d set keyidx %d\n",
6645 		   arvif->vdev_id, keyidx);
6646 
6647 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
6648 					arvif->vdev_id,
6649 					arvif->ar->wmi.vdev_param->def_keyid,
6650 					keyidx);
6651 
6652 	if (ret) {
6653 		ath10k_warn(ar, "failed to update wep key index for vdev %d: %d\n",
6654 			    arvif->vdev_id,
6655 			    ret);
6656 		goto unlock;
6657 	}
6658 
6659 	arvif->def_wep_key_idx = keyidx;
6660 
6661 unlock:
6662 	mutex_unlock(&arvif->ar->conf_mutex);
6663 }
6664 
6665 static void ath10k_sta_rc_update_wk(struct work_struct *wk)
6666 {
6667 	struct ath10k *ar;
6668 	struct ath10k_vif *arvif;
6669 	struct ath10k_sta *arsta;
6670 	struct ieee80211_sta *sta;
6671 	struct cfg80211_chan_def def;
6672 	enum nl80211_band band;
6673 	const u8 *ht_mcs_mask;
6674 	const u16 *vht_mcs_mask;
6675 	u32 changed, bw, nss, smps;
6676 	int err;
6677 
6678 	arsta = container_of(wk, struct ath10k_sta, update_wk);
6679 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
6680 	arvif = arsta->arvif;
6681 	ar = arvif->ar;
6682 
6683 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
6684 		return;
6685 
6686 	band = def.chan->band;
6687 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
6688 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
6689 
6690 	spin_lock_bh(&ar->data_lock);
6691 
6692 	changed = arsta->changed;
6693 	arsta->changed = 0;
6694 
6695 	bw = arsta->bw;
6696 	nss = arsta->nss;
6697 	smps = arsta->smps;
6698 
6699 	spin_unlock_bh(&ar->data_lock);
6700 
6701 	mutex_lock(&ar->conf_mutex);
6702 
6703 	nss = max_t(u32, 1, nss);
6704 	nss = min(nss, max(ath10k_mac_max_ht_nss(ht_mcs_mask),
6705 			   ath10k_mac_max_vht_nss(vht_mcs_mask)));
6706 
6707 	if (changed & IEEE80211_RC_BW_CHANGED) {
6708 		enum wmi_phy_mode mode;
6709 
6710 		mode = chan_to_phymode(&def);
6711 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM peer bw %d phymode %d\n",
6712 			   sta->addr, bw, mode);
6713 
6714 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6715 						ar->wmi.peer_param->phymode, mode);
6716 		if (err) {
6717 			ath10k_warn(ar, "failed to update STA %pM peer phymode %d: %d\n",
6718 				    sta->addr, mode, err);
6719 			goto exit;
6720 		}
6721 
6722 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6723 						ar->wmi.peer_param->chan_width, bw);
6724 		if (err)
6725 			ath10k_warn(ar, "failed to update STA %pM peer bw %d: %d\n",
6726 				    sta->addr, bw, err);
6727 	}
6728 
6729 	if (changed & IEEE80211_RC_NSS_CHANGED) {
6730 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM nss %d\n",
6731 			   sta->addr, nss);
6732 
6733 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6734 						ar->wmi.peer_param->nss, nss);
6735 		if (err)
6736 			ath10k_warn(ar, "failed to update STA %pM nss %d: %d\n",
6737 				    sta->addr, nss, err);
6738 	}
6739 
6740 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
6741 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM smps %d\n",
6742 			   sta->addr, smps);
6743 
6744 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6745 						ar->wmi.peer_param->smps_state, smps);
6746 		if (err)
6747 			ath10k_warn(ar, "failed to update STA %pM smps %d: %d\n",
6748 				    sta->addr, smps, err);
6749 	}
6750 
6751 	if (changed & IEEE80211_RC_SUPP_RATES_CHANGED) {
6752 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM supp rates\n",
6753 			   sta->addr);
6754 
6755 		err = ath10k_station_assoc(ar, arvif->vif, sta, true);
6756 		if (err)
6757 			ath10k_warn(ar, "failed to reassociate station: %pM\n",
6758 				    sta->addr);
6759 	}
6760 
6761 exit:
6762 	mutex_unlock(&ar->conf_mutex);
6763 }
6764 
6765 static int ath10k_mac_inc_num_stations(struct ath10k_vif *arvif,
6766 				       struct ieee80211_sta *sta)
6767 {
6768 	struct ath10k *ar = arvif->ar;
6769 
6770 	lockdep_assert_held(&ar->conf_mutex);
6771 
6772 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6773 		return 0;
6774 
6775 	if (ar->num_stations >= ar->max_num_stations)
6776 		return -ENOBUFS;
6777 
6778 	ar->num_stations++;
6779 
6780 	return 0;
6781 }
6782 
6783 static void ath10k_mac_dec_num_stations(struct ath10k_vif *arvif,
6784 					struct ieee80211_sta *sta)
6785 {
6786 	struct ath10k *ar = arvif->ar;
6787 
6788 	lockdep_assert_held(&ar->conf_mutex);
6789 
6790 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6791 		return;
6792 
6793 	ar->num_stations--;
6794 }
6795 
6796 static int ath10k_sta_set_txpwr(struct ieee80211_hw *hw,
6797 				struct ieee80211_vif *vif,
6798 				struct ieee80211_sta *sta)
6799 {
6800 	struct ath10k *ar = hw->priv;
6801 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6802 	int ret = 0;
6803 	s16 txpwr;
6804 
6805 	if (sta->deflink.txpwr.type == NL80211_TX_POWER_AUTOMATIC) {
6806 		txpwr = 0;
6807 	} else {
6808 		txpwr = sta->deflink.txpwr.power;
6809 		if (!txpwr)
6810 			return -EINVAL;
6811 	}
6812 
6813 	if (txpwr > ATH10K_TX_POWER_MAX_VAL || txpwr < ATH10K_TX_POWER_MIN_VAL)
6814 		return -EINVAL;
6815 
6816 	mutex_lock(&ar->conf_mutex);
6817 
6818 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6819 					ar->wmi.peer_param->use_fixed_power, txpwr);
6820 	if (ret) {
6821 		ath10k_warn(ar, "failed to set tx power for station ret: %d\n",
6822 			    ret);
6823 		goto out;
6824 	}
6825 
6826 out:
6827 	mutex_unlock(&ar->conf_mutex);
6828 	return ret;
6829 }
6830 
6831 struct ath10k_mac_iter_tid_conf_data {
6832 	struct ieee80211_vif *curr_vif;
6833 	struct ath10k *ar;
6834 	bool reset_config;
6835 };
6836 
6837 static bool
6838 ath10k_mac_bitrate_mask_has_single_rate(struct ath10k *ar,
6839 					enum nl80211_band band,
6840 					const struct cfg80211_bitrate_mask *mask,
6841 					int *vht_num_rates)
6842 {
6843 	int num_rates = 0;
6844 	int i, tmp;
6845 
6846 	num_rates += hweight32(mask->control[band].legacy);
6847 
6848 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++)
6849 		num_rates += hweight8(mask->control[band].ht_mcs[i]);
6850 
6851 	*vht_num_rates = 0;
6852 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6853 		tmp = hweight16(mask->control[band].vht_mcs[i]);
6854 		num_rates += tmp;
6855 		*vht_num_rates += tmp;
6856 	}
6857 
6858 	return num_rates == 1;
6859 }
6860 
6861 static int
6862 ath10k_mac_bitrate_mask_get_single_rate(struct ath10k *ar,
6863 					enum nl80211_band band,
6864 					const struct cfg80211_bitrate_mask *mask,
6865 					u8 *rate, u8 *nss, bool vht_only)
6866 {
6867 	int rate_idx;
6868 	int i;
6869 	u16 bitrate;
6870 	u8 preamble;
6871 	u8 hw_rate;
6872 
6873 	if (vht_only)
6874 		goto next;
6875 
6876 	if (hweight32(mask->control[band].legacy) == 1) {
6877 		rate_idx = ffs(mask->control[band].legacy) - 1;
6878 
6879 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6880 			rate_idx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6881 
6882 		hw_rate = ath10k_wmi_legacy_rates[rate_idx].hw_value;
6883 		bitrate = ath10k_wmi_legacy_rates[rate_idx].bitrate;
6884 
6885 		if (ath10k_mac_bitrate_is_cck(bitrate))
6886 			preamble = WMI_RATE_PREAMBLE_CCK;
6887 		else
6888 			preamble = WMI_RATE_PREAMBLE_OFDM;
6889 
6890 		*nss = 1;
6891 		*rate = preamble << 6 |
6892 			(*nss - 1) << 4 |
6893 			hw_rate << 0;
6894 
6895 		return 0;
6896 	}
6897 
6898 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
6899 		if (hweight8(mask->control[band].ht_mcs[i]) == 1) {
6900 			*nss = i + 1;
6901 			*rate = WMI_RATE_PREAMBLE_HT << 6 |
6902 				(*nss - 1) << 4 |
6903 				(ffs(mask->control[band].ht_mcs[i]) - 1);
6904 
6905 			return 0;
6906 		}
6907 	}
6908 
6909 next:
6910 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6911 		if (hweight16(mask->control[band].vht_mcs[i]) == 1) {
6912 			*nss = i + 1;
6913 			*rate = WMI_RATE_PREAMBLE_VHT << 6 |
6914 				(*nss - 1) << 4 |
6915 				(ffs(mask->control[band].vht_mcs[i]) - 1);
6916 
6917 			return 0;
6918 		}
6919 	}
6920 
6921 	return -EINVAL;
6922 }
6923 
6924 static int ath10k_mac_validate_rate_mask(struct ath10k *ar,
6925 					 struct ieee80211_sta *sta,
6926 					 u32 rate_ctrl_flag, u8 nss)
6927 {
6928 	if (nss > sta->deflink.rx_nss) {
6929 		ath10k_warn(ar, "Invalid nss field, configured %u limit %u\n",
6930 			    nss, sta->deflink.rx_nss);
6931 		return -EINVAL;
6932 	}
6933 
6934 	if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_VHT) {
6935 		if (!sta->deflink.vht_cap.vht_supported) {
6936 			ath10k_warn(ar, "Invalid VHT rate for sta %pM\n",
6937 				    sta->addr);
6938 			return -EINVAL;
6939 		}
6940 	} else if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_HT) {
6941 		if (!sta->deflink.ht_cap.ht_supported || sta->deflink.vht_cap.vht_supported) {
6942 			ath10k_warn(ar, "Invalid HT rate for sta %pM\n",
6943 				    sta->addr);
6944 			return -EINVAL;
6945 		}
6946 	} else {
6947 		if (sta->deflink.ht_cap.ht_supported || sta->deflink.vht_cap.vht_supported)
6948 			return -EINVAL;
6949 	}
6950 
6951 	return 0;
6952 }
6953 
6954 static int
6955 ath10k_mac_tid_bitrate_config(struct ath10k *ar,
6956 			      struct ieee80211_vif *vif,
6957 			      struct ieee80211_sta *sta,
6958 			      u32 *rate_ctrl_flag, u8 *rate_ctrl,
6959 			      enum nl80211_tx_rate_setting txrate_type,
6960 			      const struct cfg80211_bitrate_mask *mask)
6961 {
6962 	struct cfg80211_chan_def def;
6963 	enum nl80211_band band;
6964 	u8 nss, rate;
6965 	int vht_num_rates, ret;
6966 
6967 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
6968 		return -EINVAL;
6969 
6970 	if (txrate_type == NL80211_TX_RATE_AUTOMATIC) {
6971 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
6972 		*rate_ctrl_flag = 0;
6973 		return 0;
6974 	}
6975 
6976 	band = def.chan->band;
6977 
6978 	if (!ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
6979 						     &vht_num_rates)) {
6980 		return -EINVAL;
6981 	}
6982 
6983 	ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
6984 						      &rate, &nss, false);
6985 	if (ret) {
6986 		ath10k_warn(ar, "failed to get single rate: %d\n",
6987 			    ret);
6988 		return ret;
6989 	}
6990 
6991 	*rate_ctrl_flag = rate;
6992 
6993 	if (sta && ath10k_mac_validate_rate_mask(ar, sta, *rate_ctrl_flag, nss))
6994 		return -EINVAL;
6995 
6996 	if (txrate_type == NL80211_TX_RATE_FIXED)
6997 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_FIXED_RATE;
6998 	else if (txrate_type == NL80211_TX_RATE_LIMITED &&
6999 		 (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
7000 			   ar->wmi.svc_map)))
7001 		*rate_ctrl = WMI_PEER_TID_CONFIG_RATE_UPPER_CAP;
7002 	else
7003 		return -EOPNOTSUPP;
7004 
7005 	return 0;
7006 }
7007 
7008 static int ath10k_mac_set_tid_config(struct ath10k *ar, struct ieee80211_sta *sta,
7009 				     struct ieee80211_vif *vif, u32 changed,
7010 				     struct wmi_per_peer_per_tid_cfg_arg *arg)
7011 {
7012 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7013 	struct ath10k_sta *arsta;
7014 	int ret;
7015 
7016 	if (sta) {
7017 		if (!sta->wme)
7018 			return -ENOTSUPP;
7019 
7020 		arsta = (struct ath10k_sta *)sta->drv_priv;
7021 
7022 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7023 			if ((arsta->retry_long[arg->tid] > 0 ||
7024 			     arsta->rate_code[arg->tid] > 0 ||
7025 			     arsta->ampdu[arg->tid] ==
7026 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7027 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7028 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7029 				arg->ack_policy = 0;
7030 				arg->aggr_control = 0;
7031 				arg->rate_ctrl = 0;
7032 				arg->rcode_flags = 0;
7033 			}
7034 		}
7035 
7036 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7037 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7038 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7039 				arg->aggr_control = 0;
7040 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7041 			}
7042 		}
7043 
7044 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7045 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7046 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7047 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7048 				arg->rate_ctrl = 0;
7049 				arg->rcode_flags = 0;
7050 			}
7051 		}
7052 
7053 		ether_addr_copy(arg->peer_macaddr.addr, sta->addr);
7054 
7055 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, arg);
7056 		if (ret)
7057 			return ret;
7058 
7059 		/* Store the configured parameters in success case */
7060 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7061 			arsta->noack[arg->tid] = arg->ack_policy;
7062 			arg->ack_policy = 0;
7063 			arg->aggr_control = 0;
7064 			arg->rate_ctrl = 0;
7065 			arg->rcode_flags = 0;
7066 		}
7067 
7068 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7069 			arsta->retry_long[arg->tid] = arg->retry_count;
7070 			arg->retry_count = 0;
7071 		}
7072 
7073 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7074 			arsta->ampdu[arg->tid] = arg->aggr_control;
7075 			arg->aggr_control = 0;
7076 		}
7077 
7078 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7079 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7080 			arsta->rate_ctrl[arg->tid] = arg->rate_ctrl;
7081 			arg->rate_ctrl = 0;
7082 			arg->rcode_flags = 0;
7083 		}
7084 
7085 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7086 			arsta->rtscts[arg->tid] = arg->rtscts_ctrl;
7087 			arg->ext_tid_cfg_bitmap = 0;
7088 		}
7089 	} else {
7090 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7091 			if ((arvif->retry_long[arg->tid] ||
7092 			     arvif->rate_code[arg->tid] ||
7093 			     arvif->ampdu[arg->tid] ==
7094 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7095 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7096 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7097 			} else {
7098 				arvif->noack[arg->tid] = arg->ack_policy;
7099 				arvif->ampdu[arg->tid] = arg->aggr_control;
7100 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7101 			}
7102 		}
7103 
7104 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7105 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7106 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7107 			else
7108 				arvif->retry_long[arg->tid] = arg->retry_count;
7109 		}
7110 
7111 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7112 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7113 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
7114 			else
7115 				arvif->ampdu[arg->tid] = arg->aggr_control;
7116 		}
7117 
7118 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7119 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7120 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7121 				changed &= ~(BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7122 					     BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE));
7123 			} else {
7124 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7125 				arvif->rate_code[arg->tid] = arg->rcode_flags;
7126 			}
7127 		}
7128 
7129 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7130 			arvif->rtscts[arg->tid] = arg->rtscts_ctrl;
7131 			arg->ext_tid_cfg_bitmap = 0;
7132 		}
7133 
7134 		if (changed)
7135 			arvif->tid_conf_changed[arg->tid] |= changed;
7136 	}
7137 
7138 	return 0;
7139 }
7140 
7141 static int
7142 ath10k_mac_parse_tid_config(struct ath10k *ar,
7143 			    struct ieee80211_sta *sta,
7144 			    struct ieee80211_vif *vif,
7145 			    struct cfg80211_tid_cfg *tid_conf,
7146 			    struct wmi_per_peer_per_tid_cfg_arg *arg)
7147 {
7148 	u32 changed = tid_conf->mask;
7149 	int ret = 0, i = 0;
7150 
7151 	if (!changed)
7152 		return -EINVAL;
7153 
7154 	while (i < ATH10K_TID_MAX) {
7155 		if (!(tid_conf->tids & BIT(i))) {
7156 			i++;
7157 			continue;
7158 		}
7159 
7160 		arg->tid = i;
7161 
7162 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7163 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE) {
7164 				arg->ack_policy = WMI_PEER_TID_CONFIG_NOACK;
7165 				arg->rate_ctrl =
7166 				WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
7167 				arg->aggr_control =
7168 					WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7169 			} else {
7170 				arg->ack_policy =
7171 					WMI_PEER_TID_CONFIG_ACK;
7172 				arg->rate_ctrl =
7173 					WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7174 				arg->aggr_control =
7175 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7176 			}
7177 		}
7178 
7179 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG))
7180 			arg->retry_count = tid_conf->retry_long;
7181 
7182 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7183 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE)
7184 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7185 			else
7186 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7187 		}
7188 
7189 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7190 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7191 			ret = ath10k_mac_tid_bitrate_config(ar, vif, sta,
7192 							    &arg->rcode_flags,
7193 							    &arg->rate_ctrl,
7194 							    tid_conf->txrate_type,
7195 							&tid_conf->txrate_mask);
7196 			if (ret) {
7197 				ath10k_warn(ar, "failed to configure bitrate mask %d\n",
7198 					    ret);
7199 				arg->rcode_flags = 0;
7200 				arg->rate_ctrl = 0;
7201 			}
7202 		}
7203 
7204 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7205 			if (tid_conf->rtscts)
7206 				arg->rtscts_ctrl = tid_conf->rtscts;
7207 
7208 			arg->ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7209 		}
7210 
7211 		ret = ath10k_mac_set_tid_config(ar, sta, vif, changed, arg);
7212 		if (ret)
7213 			return ret;
7214 		i++;
7215 	}
7216 
7217 	return ret;
7218 }
7219 
7220 static int ath10k_mac_reset_tid_config(struct ath10k *ar,
7221 				       struct ieee80211_sta *sta,
7222 				       struct ath10k_vif *arvif,
7223 				       u8 tids)
7224 {
7225 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7226 	struct wmi_per_peer_per_tid_cfg_arg arg;
7227 	int ret = 0, i = 0;
7228 
7229 	arg.vdev_id = arvif->vdev_id;
7230 	while (i < ATH10K_TID_MAX) {
7231 		if (!(tids & BIT(i))) {
7232 			i++;
7233 			continue;
7234 		}
7235 
7236 		arg.tid = i;
7237 		arg.ack_policy = WMI_PEER_TID_CONFIG_ACK;
7238 		arg.retry_count = ATH10K_MAX_RETRY_COUNT;
7239 		arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7240 		arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7241 		arg.rtscts_ctrl = WMI_TID_CONFIG_RTSCTS_CONTROL_ENABLE;
7242 		arg.ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7243 
7244 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7245 
7246 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7247 		if (ret)
7248 			return ret;
7249 
7250 		if (!arvif->tids_rst) {
7251 			arsta->retry_long[i] = -1;
7252 			arsta->noack[i] = -1;
7253 			arsta->ampdu[i] = -1;
7254 			arsta->rate_code[i] = -1;
7255 			arsta->rate_ctrl[i] = 0;
7256 			arsta->rtscts[i] = -1;
7257 		} else {
7258 			arvif->retry_long[i] = 0;
7259 			arvif->noack[i] = 0;
7260 			arvif->ampdu[i] = 0;
7261 			arvif->rate_code[i] = 0;
7262 			arvif->rate_ctrl[i] = 0;
7263 			arvif->rtscts[i] = 0;
7264 		}
7265 
7266 		i++;
7267 	}
7268 
7269 	return ret;
7270 }
7271 
7272 static void ath10k_sta_tid_cfg_wk(struct work_struct *wk)
7273 {
7274 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
7275 	struct ieee80211_sta *sta;
7276 	struct ath10k_sta *arsta;
7277 	struct ath10k_vif *arvif;
7278 	struct ath10k *ar;
7279 	bool config_apply;
7280 	int ret, i;
7281 	u32 changed;
7282 	u8 nss;
7283 
7284 	arsta = container_of(wk, struct ath10k_sta, tid_config_wk);
7285 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
7286 	arvif = arsta->arvif;
7287 	ar = arvif->ar;
7288 
7289 	mutex_lock(&ar->conf_mutex);
7290 
7291 	if (arvif->tids_rst) {
7292 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif,
7293 						  arvif->tids_rst);
7294 		goto exit;
7295 	}
7296 
7297 	ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7298 
7299 	for (i = 0; i < ATH10K_TID_MAX; i++) {
7300 		config_apply = false;
7301 		changed = arvif->tid_conf_changed[i];
7302 
7303 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7304 			if (arsta->noack[i] != -1) {
7305 				arg.ack_policy  = 0;
7306 			} else {
7307 				config_apply = true;
7308 				arg.ack_policy = arvif->noack[i];
7309 				arg.aggr_control = arvif->ampdu[i];
7310 				arg.rate_ctrl = arvif->rate_ctrl[i];
7311 			}
7312 		}
7313 
7314 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7315 			if (arsta->retry_long[i] != -1 ||
7316 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7317 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7318 				arg.retry_count = 0;
7319 			} else {
7320 				arg.retry_count = arvif->retry_long[i];
7321 				config_apply = true;
7322 			}
7323 		}
7324 
7325 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7326 			if (arsta->ampdu[i] != -1 ||
7327 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7328 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7329 				arg.aggr_control = 0;
7330 			} else {
7331 				arg.aggr_control = arvif->ampdu[i];
7332 				config_apply = true;
7333 			}
7334 		}
7335 
7336 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7337 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7338 			nss = ATH10K_HW_NSS(arvif->rate_code[i]);
7339 			ret = ath10k_mac_validate_rate_mask(ar, sta,
7340 							    arvif->rate_code[i],
7341 							    nss);
7342 			if (ret &&
7343 			    arvif->rate_ctrl[i] > WMI_TID_CONFIG_RATE_CONTROL_AUTO) {
7344 				arg.rate_ctrl = 0;
7345 				arg.rcode_flags = 0;
7346 			}
7347 
7348 			if (arsta->rate_ctrl[i] >
7349 			    WMI_TID_CONFIG_RATE_CONTROL_AUTO ||
7350 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7351 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7352 				arg.rate_ctrl = 0;
7353 				arg.rcode_flags = 0;
7354 			} else {
7355 				arg.rate_ctrl = arvif->rate_ctrl[i];
7356 				arg.rcode_flags = arvif->rate_code[i];
7357 				config_apply = true;
7358 			}
7359 		}
7360 
7361 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7362 			if (arsta->rtscts[i]) {
7363 				arg.rtscts_ctrl = 0;
7364 				arg.ext_tid_cfg_bitmap = 0;
7365 			} else {
7366 				arg.rtscts_ctrl = arvif->rtscts[i] - 1;
7367 				arg.ext_tid_cfg_bitmap =
7368 					WMI_EXT_TID_RTS_CTS_CONFIG;
7369 				config_apply = true;
7370 			}
7371 		}
7372 
7373 		arg.tid = i;
7374 
7375 		if (config_apply) {
7376 			ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7377 			if (ret)
7378 				ath10k_warn(ar, "failed to set per tid config for sta %pM: %d\n",
7379 					    sta->addr, ret);
7380 		}
7381 
7382 		arg.ack_policy  = 0;
7383 		arg.retry_count  = 0;
7384 		arg.aggr_control  = 0;
7385 		arg.rate_ctrl = 0;
7386 		arg.rcode_flags = 0;
7387 	}
7388 
7389 exit:
7390 	mutex_unlock(&ar->conf_mutex);
7391 }
7392 
7393 static void ath10k_mac_vif_stations_tid_conf(void *data,
7394 					     struct ieee80211_sta *sta)
7395 {
7396 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7397 	struct ath10k_mac_iter_tid_conf_data *iter_data = data;
7398 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
7399 
7400 	if (sta_vif != iter_data->curr_vif || !sta->wme)
7401 		return;
7402 
7403 	ieee80211_queue_work(iter_data->ar->hw, &arsta->tid_config_wk);
7404 }
7405 
7406 static int ath10k_sta_state(struct ieee80211_hw *hw,
7407 			    struct ieee80211_vif *vif,
7408 			    struct ieee80211_sta *sta,
7409 			    enum ieee80211_sta_state old_state,
7410 			    enum ieee80211_sta_state new_state)
7411 {
7412 	struct ath10k *ar = hw->priv;
7413 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7414 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7415 	struct ath10k_peer *peer;
7416 	int ret = 0;
7417 	int i;
7418 
7419 	if (old_state == IEEE80211_STA_NOTEXIST &&
7420 	    new_state == IEEE80211_STA_NONE) {
7421 		memset(arsta, 0, sizeof(*arsta));
7422 		arsta->arvif = arvif;
7423 		arsta->peer_ps_state = WMI_PEER_PS_STATE_DISABLED;
7424 		INIT_WORK(&arsta->update_wk, ath10k_sta_rc_update_wk);
7425 		INIT_WORK(&arsta->tid_config_wk, ath10k_sta_tid_cfg_wk);
7426 
7427 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7428 			ath10k_mac_txq_init(sta->txq[i]);
7429 	}
7430 
7431 	/* cancel must be done outside the mutex to avoid deadlock */
7432 	if ((old_state == IEEE80211_STA_NONE &&
7433 	     new_state == IEEE80211_STA_NOTEXIST)) {
7434 		cancel_work_sync(&arsta->update_wk);
7435 		cancel_work_sync(&arsta->tid_config_wk);
7436 	}
7437 
7438 	mutex_lock(&ar->conf_mutex);
7439 
7440 	if (old_state == IEEE80211_STA_NOTEXIST &&
7441 	    new_state == IEEE80211_STA_NONE) {
7442 		/*
7443 		 * New station addition.
7444 		 */
7445 		enum wmi_peer_type peer_type = WMI_PEER_TYPE_DEFAULT;
7446 		u32 num_tdls_stations;
7447 
7448 		ath10k_dbg(ar, ATH10K_DBG_STA,
7449 			   "mac vdev %d peer create %pM (new sta) sta %d / %d peer %d / %d\n",
7450 			   arvif->vdev_id, sta->addr,
7451 			   ar->num_stations + 1, ar->max_num_stations,
7452 			   ar->num_peers + 1, ar->max_num_peers);
7453 
7454 		num_tdls_stations = ath10k_mac_tdls_vif_stations_count(hw, vif);
7455 
7456 		if (sta->tdls) {
7457 			if (num_tdls_stations >= ar->max_num_tdls_vdevs) {
7458 				ath10k_warn(ar, "vdev %i exceeded maximum number of tdls vdevs %i\n",
7459 					    arvif->vdev_id,
7460 					    ar->max_num_tdls_vdevs);
7461 				ret = -ELNRNG;
7462 				goto exit;
7463 			}
7464 			peer_type = WMI_PEER_TYPE_TDLS;
7465 		}
7466 
7467 		ret = ath10k_mac_inc_num_stations(arvif, sta);
7468 		if (ret) {
7469 			ath10k_warn(ar, "refusing to associate station: too many connected already (%d)\n",
7470 				    ar->max_num_stations);
7471 			goto exit;
7472 		}
7473 
7474 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7475 			arsta->tx_stats = kzalloc(sizeof(*arsta->tx_stats),
7476 						  GFP_KERNEL);
7477 			if (!arsta->tx_stats) {
7478 				ath10k_mac_dec_num_stations(arvif, sta);
7479 				ret = -ENOMEM;
7480 				goto exit;
7481 			}
7482 		}
7483 
7484 		ret = ath10k_peer_create(ar, vif, sta, arvif->vdev_id,
7485 					 sta->addr, peer_type);
7486 		if (ret) {
7487 			ath10k_warn(ar, "failed to add peer %pM for vdev %d when adding a new sta: %i\n",
7488 				    sta->addr, arvif->vdev_id, ret);
7489 			ath10k_mac_dec_num_stations(arvif, sta);
7490 			kfree(arsta->tx_stats);
7491 			goto exit;
7492 		}
7493 
7494 		spin_lock_bh(&ar->data_lock);
7495 
7496 		peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
7497 		if (!peer) {
7498 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
7499 				    vif->addr, arvif->vdev_id);
7500 			spin_unlock_bh(&ar->data_lock);
7501 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7502 			ath10k_mac_dec_num_stations(arvif, sta);
7503 			kfree(arsta->tx_stats);
7504 			ret = -ENOENT;
7505 			goto exit;
7506 		}
7507 
7508 		arsta->peer_id = find_first_bit(peer->peer_ids,
7509 						ATH10K_MAX_NUM_PEER_IDS);
7510 
7511 		spin_unlock_bh(&ar->data_lock);
7512 
7513 		if (!sta->tdls)
7514 			goto exit;
7515 
7516 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7517 						      WMI_TDLS_ENABLE_ACTIVE);
7518 		if (ret) {
7519 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7520 				    arvif->vdev_id, ret);
7521 			ath10k_peer_delete(ar, arvif->vdev_id,
7522 					   sta->addr);
7523 			ath10k_mac_dec_num_stations(arvif, sta);
7524 			kfree(arsta->tx_stats);
7525 			goto exit;
7526 		}
7527 
7528 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7529 						  WMI_TDLS_PEER_STATE_PEERING);
7530 		if (ret) {
7531 			ath10k_warn(ar,
7532 				    "failed to update tdls peer %pM for vdev %d when adding a new sta: %i\n",
7533 				    sta->addr, arvif->vdev_id, ret);
7534 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7535 			ath10k_mac_dec_num_stations(arvif, sta);
7536 			kfree(arsta->tx_stats);
7537 
7538 			if (num_tdls_stations != 0)
7539 				goto exit;
7540 			ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7541 							WMI_TDLS_DISABLE);
7542 		}
7543 	} else if ((old_state == IEEE80211_STA_NONE &&
7544 		    new_state == IEEE80211_STA_NOTEXIST)) {
7545 		/*
7546 		 * Existing station deletion.
7547 		 */
7548 		ath10k_dbg(ar, ATH10K_DBG_STA,
7549 			   "mac vdev %d peer delete %pM sta %pK (sta gone)\n",
7550 			   arvif->vdev_id, sta->addr, sta);
7551 
7552 		if (sta->tdls) {
7553 			ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id,
7554 							  sta,
7555 							  WMI_TDLS_PEER_STATE_TEARDOWN);
7556 			if (ret)
7557 				ath10k_warn(ar, "failed to update tdls peer state for %pM state %d: %i\n",
7558 					    sta->addr,
7559 					    WMI_TDLS_PEER_STATE_TEARDOWN, ret);
7560 		}
7561 
7562 		ret = ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7563 		if (ret)
7564 			ath10k_warn(ar, "failed to delete peer %pM for vdev %d: %i\n",
7565 				    sta->addr, arvif->vdev_id, ret);
7566 
7567 		ath10k_mac_dec_num_stations(arvif, sta);
7568 
7569 		spin_lock_bh(&ar->data_lock);
7570 		for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
7571 			peer = ar->peer_map[i];
7572 			if (!peer)
7573 				continue;
7574 
7575 			if (peer->sta == sta) {
7576 				ath10k_warn(ar, "found sta peer %pM (ptr %pK id %d) entry on vdev %i after it was supposedly removed\n",
7577 					    sta->addr, peer, i, arvif->vdev_id);
7578 				peer->sta = NULL;
7579 
7580 				/* Clean up the peer object as well since we
7581 				 * must have failed to do this above.
7582 				 */
7583 				list_del(&peer->list);
7584 				ar->peer_map[i] = NULL;
7585 				kfree(peer);
7586 				ar->num_peers--;
7587 			}
7588 		}
7589 		spin_unlock_bh(&ar->data_lock);
7590 
7591 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7592 			kfree(arsta->tx_stats);
7593 			arsta->tx_stats = NULL;
7594 		}
7595 
7596 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7597 			ath10k_mac_txq_unref(ar, sta->txq[i]);
7598 
7599 		if (!sta->tdls)
7600 			goto exit;
7601 
7602 		if (ath10k_mac_tdls_vif_stations_count(hw, vif))
7603 			goto exit;
7604 
7605 		/* This was the last tdls peer in current vif */
7606 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7607 						      WMI_TDLS_DISABLE);
7608 		if (ret) {
7609 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7610 				    arvif->vdev_id, ret);
7611 		}
7612 	} else if (old_state == IEEE80211_STA_AUTH &&
7613 		   new_state == IEEE80211_STA_ASSOC &&
7614 		   (vif->type == NL80211_IFTYPE_AP ||
7615 		    vif->type == NL80211_IFTYPE_MESH_POINT ||
7616 		    vif->type == NL80211_IFTYPE_ADHOC)) {
7617 		/*
7618 		 * New association.
7619 		 */
7620 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM associated\n",
7621 			   sta->addr);
7622 
7623 		ret = ath10k_station_assoc(ar, vif, sta, false);
7624 		if (ret)
7625 			ath10k_warn(ar, "failed to associate station %pM for vdev %i: %i\n",
7626 				    sta->addr, arvif->vdev_id, ret);
7627 	} else if (old_state == IEEE80211_STA_ASSOC &&
7628 		   new_state == IEEE80211_STA_AUTHORIZED &&
7629 		   sta->tdls) {
7630 		/*
7631 		 * Tdls station authorized.
7632 		 */
7633 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac tdls sta %pM authorized\n",
7634 			   sta->addr);
7635 
7636 		ret = ath10k_station_assoc(ar, vif, sta, false);
7637 		if (ret) {
7638 			ath10k_warn(ar, "failed to associate tdls station %pM for vdev %i: %i\n",
7639 				    sta->addr, arvif->vdev_id, ret);
7640 			goto exit;
7641 		}
7642 
7643 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7644 						  WMI_TDLS_PEER_STATE_CONNECTED);
7645 		if (ret)
7646 			ath10k_warn(ar, "failed to update tdls peer %pM for vdev %i: %i\n",
7647 				    sta->addr, arvif->vdev_id, ret);
7648 	} else if (old_state == IEEE80211_STA_ASSOC &&
7649 		    new_state == IEEE80211_STA_AUTH &&
7650 		    (vif->type == NL80211_IFTYPE_AP ||
7651 		     vif->type == NL80211_IFTYPE_MESH_POINT ||
7652 		     vif->type == NL80211_IFTYPE_ADHOC)) {
7653 		/*
7654 		 * Disassociation.
7655 		 */
7656 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM disassociated\n",
7657 			   sta->addr);
7658 
7659 		ret = ath10k_station_disassoc(ar, vif, sta);
7660 		if (ret)
7661 			ath10k_warn(ar, "failed to disassociate station: %pM vdev %i: %i\n",
7662 				    sta->addr, arvif->vdev_id, ret);
7663 	}
7664 exit:
7665 	mutex_unlock(&ar->conf_mutex);
7666 	return ret;
7667 }
7668 
7669 static int ath10k_conf_tx_uapsd(struct ath10k *ar, struct ieee80211_vif *vif,
7670 				u16 ac, bool enable)
7671 {
7672 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7673 	struct wmi_sta_uapsd_auto_trig_arg arg = {};
7674 	u32 prio = 0, acc = 0;
7675 	u32 value = 0;
7676 	int ret = 0;
7677 
7678 	lockdep_assert_held(&ar->conf_mutex);
7679 
7680 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
7681 		return 0;
7682 
7683 	switch (ac) {
7684 	case IEEE80211_AC_VO:
7685 		value = WMI_STA_PS_UAPSD_AC3_DELIVERY_EN |
7686 			WMI_STA_PS_UAPSD_AC3_TRIGGER_EN;
7687 		prio = 7;
7688 		acc = 3;
7689 		break;
7690 	case IEEE80211_AC_VI:
7691 		value = WMI_STA_PS_UAPSD_AC2_DELIVERY_EN |
7692 			WMI_STA_PS_UAPSD_AC2_TRIGGER_EN;
7693 		prio = 5;
7694 		acc = 2;
7695 		break;
7696 	case IEEE80211_AC_BE:
7697 		value = WMI_STA_PS_UAPSD_AC1_DELIVERY_EN |
7698 			WMI_STA_PS_UAPSD_AC1_TRIGGER_EN;
7699 		prio = 2;
7700 		acc = 1;
7701 		break;
7702 	case IEEE80211_AC_BK:
7703 		value = WMI_STA_PS_UAPSD_AC0_DELIVERY_EN |
7704 			WMI_STA_PS_UAPSD_AC0_TRIGGER_EN;
7705 		prio = 0;
7706 		acc = 0;
7707 		break;
7708 	}
7709 
7710 	if (enable)
7711 		arvif->u.sta.uapsd |= value;
7712 	else
7713 		arvif->u.sta.uapsd &= ~value;
7714 
7715 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7716 					  WMI_STA_PS_PARAM_UAPSD,
7717 					  arvif->u.sta.uapsd);
7718 	if (ret) {
7719 		ath10k_warn(ar, "failed to set uapsd params: %d\n", ret);
7720 		goto exit;
7721 	}
7722 
7723 	if (arvif->u.sta.uapsd)
7724 		value = WMI_STA_PS_RX_WAKE_POLICY_POLL_UAPSD;
7725 	else
7726 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
7727 
7728 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7729 					  WMI_STA_PS_PARAM_RX_WAKE_POLICY,
7730 					  value);
7731 	if (ret)
7732 		ath10k_warn(ar, "failed to set rx wake param: %d\n", ret);
7733 
7734 	ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
7735 	if (ret) {
7736 		ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
7737 			    arvif->vdev_id, ret);
7738 		return ret;
7739 	}
7740 
7741 	ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
7742 	if (ret) {
7743 		ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
7744 			    arvif->vdev_id, ret);
7745 		return ret;
7746 	}
7747 
7748 	if (test_bit(WMI_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG, ar->wmi.svc_map) ||
7749 	    test_bit(WMI_SERVICE_STA_UAPSD_VAR_AUTO_TRIG, ar->wmi.svc_map)) {
7750 		/* Only userspace can make an educated decision when to send
7751 		 * trigger frame. The following effectively disables u-UAPSD
7752 		 * autotrigger in firmware (which is enabled by default
7753 		 * provided the autotrigger service is available).
7754 		 */
7755 
7756 		arg.wmm_ac = acc;
7757 		arg.user_priority = prio;
7758 		arg.service_interval = 0;
7759 		arg.suspend_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7760 		arg.delay_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7761 
7762 		ret = ath10k_wmi_vdev_sta_uapsd(ar, arvif->vdev_id,
7763 						arvif->bssid, &arg, 1);
7764 		if (ret) {
7765 			ath10k_warn(ar, "failed to set uapsd auto trigger %d\n",
7766 				    ret);
7767 			return ret;
7768 		}
7769 	}
7770 
7771 exit:
7772 	return ret;
7773 }
7774 
7775 static int ath10k_conf_tx(struct ieee80211_hw *hw,
7776 			  struct ieee80211_vif *vif,
7777 			  unsigned int link_id, u16 ac,
7778 			  const struct ieee80211_tx_queue_params *params)
7779 {
7780 	struct ath10k *ar = hw->priv;
7781 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7782 	struct wmi_wmm_params_arg *p = NULL;
7783 	int ret;
7784 
7785 	mutex_lock(&ar->conf_mutex);
7786 
7787 	switch (ac) {
7788 	case IEEE80211_AC_VO:
7789 		p = &arvif->wmm_params.ac_vo;
7790 		break;
7791 	case IEEE80211_AC_VI:
7792 		p = &arvif->wmm_params.ac_vi;
7793 		break;
7794 	case IEEE80211_AC_BE:
7795 		p = &arvif->wmm_params.ac_be;
7796 		break;
7797 	case IEEE80211_AC_BK:
7798 		p = &arvif->wmm_params.ac_bk;
7799 		break;
7800 	}
7801 
7802 	if (WARN_ON(!p)) {
7803 		ret = -EINVAL;
7804 		goto exit;
7805 	}
7806 
7807 	p->cwmin = params->cw_min;
7808 	p->cwmax = params->cw_max;
7809 	p->aifs = params->aifs;
7810 
7811 	/*
7812 	 * The channel time duration programmed in the HW is in absolute
7813 	 * microseconds, while mac80211 gives the txop in units of
7814 	 * 32 microseconds.
7815 	 */
7816 	p->txop = params->txop * 32;
7817 
7818 	if (ar->wmi.ops->gen_vdev_wmm_conf) {
7819 		ret = ath10k_wmi_vdev_wmm_conf(ar, arvif->vdev_id,
7820 					       &arvif->wmm_params);
7821 		if (ret) {
7822 			ath10k_warn(ar, "failed to set vdev wmm params on vdev %i: %d\n",
7823 				    arvif->vdev_id, ret);
7824 			goto exit;
7825 		}
7826 	} else {
7827 		/* This won't work well with multi-interface cases but it's
7828 		 * better than nothing.
7829 		 */
7830 		ret = ath10k_wmi_pdev_set_wmm_params(ar, &arvif->wmm_params);
7831 		if (ret) {
7832 			ath10k_warn(ar, "failed to set wmm params: %d\n", ret);
7833 			goto exit;
7834 		}
7835 	}
7836 
7837 	ret = ath10k_conf_tx_uapsd(ar, vif, ac, params->uapsd);
7838 	if (ret)
7839 		ath10k_warn(ar, "failed to set sta uapsd: %d\n", ret);
7840 
7841 exit:
7842 	mutex_unlock(&ar->conf_mutex);
7843 	return ret;
7844 }
7845 
7846 static int ath10k_remain_on_channel(struct ieee80211_hw *hw,
7847 				    struct ieee80211_vif *vif,
7848 				    struct ieee80211_channel *chan,
7849 				    int duration,
7850 				    enum ieee80211_roc_type type)
7851 {
7852 	struct ath10k *ar = hw->priv;
7853 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7854 	struct wmi_start_scan_arg arg;
7855 	int ret = 0;
7856 	u32 scan_time_msec;
7857 
7858 	mutex_lock(&ar->conf_mutex);
7859 
7860 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
7861 		ret = -EBUSY;
7862 		goto exit;
7863 	}
7864 
7865 	spin_lock_bh(&ar->data_lock);
7866 	switch (ar->scan.state) {
7867 	case ATH10K_SCAN_IDLE:
7868 		reinit_completion(&ar->scan.started);
7869 		reinit_completion(&ar->scan.completed);
7870 		reinit_completion(&ar->scan.on_channel);
7871 		ar->scan.state = ATH10K_SCAN_STARTING;
7872 		ar->scan.is_roc = true;
7873 		ar->scan.vdev_id = arvif->vdev_id;
7874 		ar->scan.roc_freq = chan->center_freq;
7875 		ar->scan.roc_notify = true;
7876 		ret = 0;
7877 		break;
7878 	case ATH10K_SCAN_STARTING:
7879 	case ATH10K_SCAN_RUNNING:
7880 	case ATH10K_SCAN_ABORTING:
7881 		ret = -EBUSY;
7882 		break;
7883 	}
7884 	spin_unlock_bh(&ar->data_lock);
7885 
7886 	if (ret)
7887 		goto exit;
7888 
7889 	scan_time_msec = ar->hw->wiphy->max_remain_on_channel_duration * 2;
7890 
7891 	memset(&arg, 0, sizeof(arg));
7892 	ath10k_wmi_start_scan_init(ar, &arg);
7893 	arg.vdev_id = arvif->vdev_id;
7894 	arg.scan_id = ATH10K_SCAN_ID;
7895 	arg.n_channels = 1;
7896 	arg.channels[0] = chan->center_freq;
7897 	arg.dwell_time_active = scan_time_msec;
7898 	arg.dwell_time_passive = scan_time_msec;
7899 	arg.max_scan_time = scan_time_msec;
7900 	arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
7901 	arg.scan_ctrl_flags |= WMI_SCAN_FILTER_PROBE_REQ;
7902 	arg.burst_duration_ms = duration;
7903 
7904 	ret = ath10k_start_scan(ar, &arg);
7905 	if (ret) {
7906 		ath10k_warn(ar, "failed to start roc scan: %d\n", ret);
7907 		spin_lock_bh(&ar->data_lock);
7908 		ar->scan.state = ATH10K_SCAN_IDLE;
7909 		spin_unlock_bh(&ar->data_lock);
7910 		goto exit;
7911 	}
7912 
7913 	ret = wait_for_completion_timeout(&ar->scan.on_channel, 3 * HZ);
7914 	if (ret == 0) {
7915 		ath10k_warn(ar, "failed to switch to channel for roc scan\n");
7916 
7917 		ret = ath10k_scan_stop(ar);
7918 		if (ret)
7919 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
7920 
7921 		ret = -ETIMEDOUT;
7922 		goto exit;
7923 	}
7924 
7925 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
7926 				     msecs_to_jiffies(duration));
7927 
7928 	ret = 0;
7929 exit:
7930 	mutex_unlock(&ar->conf_mutex);
7931 	return ret;
7932 }
7933 
7934 static int ath10k_cancel_remain_on_channel(struct ieee80211_hw *hw,
7935 					   struct ieee80211_vif *vif)
7936 {
7937 	struct ath10k *ar = hw->priv;
7938 
7939 	mutex_lock(&ar->conf_mutex);
7940 
7941 	spin_lock_bh(&ar->data_lock);
7942 	ar->scan.roc_notify = false;
7943 	spin_unlock_bh(&ar->data_lock);
7944 
7945 	ath10k_scan_abort(ar);
7946 
7947 	mutex_unlock(&ar->conf_mutex);
7948 
7949 	cancel_delayed_work_sync(&ar->scan.timeout);
7950 
7951 	return 0;
7952 }
7953 
7954 /*
7955  * Both RTS and Fragmentation threshold are interface-specific
7956  * in ath10k, but device-specific in mac80211.
7957  */
7958 
7959 static int ath10k_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
7960 {
7961 	struct ath10k *ar = hw->priv;
7962 	struct ath10k_vif *arvif;
7963 	int ret = 0;
7964 
7965 	mutex_lock(&ar->conf_mutex);
7966 	list_for_each_entry(arvif, &ar->arvifs, list) {
7967 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d rts threshold %d\n",
7968 			   arvif->vdev_id, value);
7969 
7970 		ret = ath10k_mac_set_rts(arvif, value);
7971 		if (ret) {
7972 			ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
7973 				    arvif->vdev_id, ret);
7974 			break;
7975 		}
7976 	}
7977 	mutex_unlock(&ar->conf_mutex);
7978 
7979 	return ret;
7980 }
7981 
7982 static int ath10k_mac_op_set_frag_threshold(struct ieee80211_hw *hw, u32 value)
7983 {
7984 	/* Even though there's a WMI enum for fragmentation threshold no known
7985 	 * firmware actually implements it. Moreover it is not possible to rely
7986 	 * frame fragmentation to mac80211 because firmware clears the "more
7987 	 * fragments" bit in frame control making it impossible for remote
7988 	 * devices to reassemble frames.
7989 	 *
7990 	 * Hence implement a dummy callback just to say fragmentation isn't
7991 	 * supported. This effectively prevents mac80211 from doing frame
7992 	 * fragmentation in software.
7993 	 */
7994 	return -EOPNOTSUPP;
7995 }
7996 
7997 void ath10k_mac_wait_tx_complete(struct ath10k *ar)
7998 {
7999 	bool skip;
8000 	long time_left;
8001 
8002 	/* mac80211 doesn't care if we really xmit queued frames or not
8003 	 * we'll collect those frames either way if we stop/delete vdevs
8004 	 */
8005 
8006 	if (ar->state == ATH10K_STATE_WEDGED)
8007 		return;
8008 
8009 	time_left = wait_event_timeout(ar->htt.empty_tx_wq, ({
8010 			bool empty;
8011 
8012 			spin_lock_bh(&ar->htt.tx_lock);
8013 			empty = (ar->htt.num_pending_tx == 0);
8014 			spin_unlock_bh(&ar->htt.tx_lock);
8015 
8016 			skip = (ar->state == ATH10K_STATE_WEDGED) ||
8017 			       test_bit(ATH10K_FLAG_CRASH_FLUSH,
8018 					&ar->dev_flags);
8019 
8020 			(empty || skip);
8021 		}), ATH10K_FLUSH_TIMEOUT_HZ);
8022 
8023 	if (time_left == 0 || skip)
8024 		ath10k_warn(ar, "failed to flush transmit queue (skip %i ar-state %i): %ld\n",
8025 			    skip, ar->state, time_left);
8026 }
8027 
8028 static void ath10k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
8029 			 u32 queues, bool drop)
8030 {
8031 	struct ath10k *ar = hw->priv;
8032 	struct ath10k_vif *arvif;
8033 	u32 bitmap;
8034 
8035 	if (drop) {
8036 		if (vif && vif->type == NL80211_IFTYPE_STATION) {
8037 			bitmap = ~(1 << WMI_MGMT_TID);
8038 			list_for_each_entry(arvif, &ar->arvifs, list) {
8039 				if (arvif->vdev_type == WMI_VDEV_TYPE_STA)
8040 					ath10k_wmi_peer_flush(ar, arvif->vdev_id,
8041 							      arvif->bssid, bitmap);
8042 			}
8043 			ath10k_htt_flush_tx(&ar->htt);
8044 		}
8045 		return;
8046 	}
8047 
8048 	mutex_lock(&ar->conf_mutex);
8049 	ath10k_mac_wait_tx_complete(ar);
8050 	mutex_unlock(&ar->conf_mutex);
8051 }
8052 
8053 /* TODO: Implement this function properly
8054  * For now it is needed to reply to Probe Requests in IBSS mode.
8055  * Propably we need this information from FW.
8056  */
8057 static int ath10k_tx_last_beacon(struct ieee80211_hw *hw)
8058 {
8059 	return 1;
8060 }
8061 
8062 static void ath10k_reconfig_complete(struct ieee80211_hw *hw,
8063 				     enum ieee80211_reconfig_type reconfig_type)
8064 {
8065 	struct ath10k *ar = hw->priv;
8066 
8067 	if (reconfig_type != IEEE80211_RECONFIG_TYPE_RESTART)
8068 		return;
8069 
8070 	mutex_lock(&ar->conf_mutex);
8071 
8072 	/* If device failed to restart it will be in a different state, e.g.
8073 	 * ATH10K_STATE_WEDGED
8074 	 */
8075 	if (ar->state == ATH10K_STATE_RESTARTED) {
8076 		ath10k_info(ar, "device successfully recovered\n");
8077 		ar->state = ATH10K_STATE_ON;
8078 		ieee80211_wake_queues(ar->hw);
8079 		clear_bit(ATH10K_FLAG_RESTARTING, &ar->dev_flags);
8080 	}
8081 
8082 	mutex_unlock(&ar->conf_mutex);
8083 }
8084 
8085 static void
8086 ath10k_mac_update_bss_chan_survey(struct ath10k *ar,
8087 				  struct ieee80211_channel *channel)
8088 {
8089 	int ret;
8090 	enum wmi_bss_survey_req_type type = WMI_BSS_SURVEY_REQ_TYPE_READ;
8091 
8092 	lockdep_assert_held(&ar->conf_mutex);
8093 
8094 	if (!test_bit(WMI_SERVICE_BSS_CHANNEL_INFO_64, ar->wmi.svc_map) ||
8095 	    (ar->rx_channel != channel))
8096 		return;
8097 
8098 	if (ar->scan.state != ATH10K_SCAN_IDLE) {
8099 		ath10k_dbg(ar, ATH10K_DBG_MAC, "ignoring bss chan info request while scanning..\n");
8100 		return;
8101 	}
8102 
8103 	reinit_completion(&ar->bss_survey_done);
8104 
8105 	ret = ath10k_wmi_pdev_bss_chan_info_request(ar, type);
8106 	if (ret) {
8107 		ath10k_warn(ar, "failed to send pdev bss chan info request\n");
8108 		return;
8109 	}
8110 
8111 	ret = wait_for_completion_timeout(&ar->bss_survey_done, 3 * HZ);
8112 	if (!ret) {
8113 		ath10k_warn(ar, "bss channel survey timed out\n");
8114 		return;
8115 	}
8116 }
8117 
8118 static int ath10k_get_survey(struct ieee80211_hw *hw, int idx,
8119 			     struct survey_info *survey)
8120 {
8121 	struct ath10k *ar = hw->priv;
8122 	struct ieee80211_supported_band *sband;
8123 	struct survey_info *ar_survey = &ar->survey[idx];
8124 	int ret = 0;
8125 
8126 	mutex_lock(&ar->conf_mutex);
8127 
8128 	sband = hw->wiphy->bands[NL80211_BAND_2GHZ];
8129 	if (sband && idx >= sband->n_channels) {
8130 		idx -= sband->n_channels;
8131 		sband = NULL;
8132 	}
8133 
8134 	if (!sband)
8135 		sband = hw->wiphy->bands[NL80211_BAND_5GHZ];
8136 
8137 	if (!sband || idx >= sband->n_channels) {
8138 		ret = -ENOENT;
8139 		goto exit;
8140 	}
8141 
8142 	ath10k_mac_update_bss_chan_survey(ar, &sband->channels[idx]);
8143 
8144 	spin_lock_bh(&ar->data_lock);
8145 	memcpy(survey, ar_survey, sizeof(*survey));
8146 	spin_unlock_bh(&ar->data_lock);
8147 
8148 	survey->channel = &sband->channels[idx];
8149 
8150 	if (ar->rx_channel == survey->channel)
8151 		survey->filled |= SURVEY_INFO_IN_USE;
8152 
8153 exit:
8154 	mutex_unlock(&ar->conf_mutex);
8155 	return ret;
8156 }
8157 
8158 static bool
8159 ath10k_mac_bitrate_mask_get_single_nss(struct ath10k *ar,
8160 				       enum nl80211_band band,
8161 				       const struct cfg80211_bitrate_mask *mask,
8162 				       int *nss)
8163 {
8164 	struct ieee80211_supported_band *sband = &ar->mac.sbands[band];
8165 	u16 vht_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8166 	u8 ht_nss_mask = 0;
8167 	u8 vht_nss_mask = 0;
8168 	int i;
8169 
8170 	if (mask->control[band].legacy)
8171 		return false;
8172 
8173 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
8174 		if (mask->control[band].ht_mcs[i] == 0)
8175 			continue;
8176 		else if (mask->control[band].ht_mcs[i] ==
8177 			 sband->ht_cap.mcs.rx_mask[i])
8178 			ht_nss_mask |= BIT(i);
8179 		else
8180 			return false;
8181 	}
8182 
8183 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
8184 		if (mask->control[band].vht_mcs[i] == 0)
8185 			continue;
8186 		else if (mask->control[band].vht_mcs[i] ==
8187 			 ath10k_mac_get_max_vht_mcs_map(vht_mcs_map, i))
8188 			vht_nss_mask |= BIT(i);
8189 		else
8190 			return false;
8191 	}
8192 
8193 	if (ht_nss_mask != vht_nss_mask)
8194 		return false;
8195 
8196 	if (ht_nss_mask == 0)
8197 		return false;
8198 
8199 	if (BIT(fls(ht_nss_mask)) - 1 != ht_nss_mask)
8200 		return false;
8201 
8202 	*nss = fls(ht_nss_mask);
8203 
8204 	return true;
8205 }
8206 
8207 static int ath10k_mac_set_fixed_rate_params(struct ath10k_vif *arvif,
8208 					    u8 rate, u8 nss, u8 sgi, u8 ldpc)
8209 {
8210 	struct ath10k *ar = arvif->ar;
8211 	u32 vdev_param;
8212 	int ret;
8213 
8214 	lockdep_assert_held(&ar->conf_mutex);
8215 
8216 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac set fixed rate params vdev %i rate 0x%02x nss %u sgi %u\n",
8217 		   arvif->vdev_id, rate, nss, sgi);
8218 
8219 	vdev_param = ar->wmi.vdev_param->fixed_rate;
8220 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, rate);
8221 	if (ret) {
8222 		ath10k_warn(ar, "failed to set fixed rate param 0x%02x: %d\n",
8223 			    rate, ret);
8224 		return ret;
8225 	}
8226 
8227 	vdev_param = ar->wmi.vdev_param->nss;
8228 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, nss);
8229 	if (ret) {
8230 		ath10k_warn(ar, "failed to set nss param %d: %d\n", nss, ret);
8231 		return ret;
8232 	}
8233 
8234 	vdev_param = ar->wmi.vdev_param->sgi;
8235 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, sgi);
8236 	if (ret) {
8237 		ath10k_warn(ar, "failed to set sgi param %d: %d\n", sgi, ret);
8238 		return ret;
8239 	}
8240 
8241 	vdev_param = ar->wmi.vdev_param->ldpc;
8242 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, ldpc);
8243 	if (ret) {
8244 		ath10k_warn(ar, "failed to set ldpc param %d: %d\n", ldpc, ret);
8245 		return ret;
8246 	}
8247 
8248 	return 0;
8249 }
8250 
8251 static bool
8252 ath10k_mac_can_set_bitrate_mask(struct ath10k *ar,
8253 				enum nl80211_band band,
8254 				const struct cfg80211_bitrate_mask *mask,
8255 				bool allow_pfr)
8256 {
8257 	int i;
8258 	u16 vht_mcs;
8259 
8260 	/* Due to firmware limitation in WMI_PEER_ASSOC_CMDID it is impossible
8261 	 * to express all VHT MCS rate masks. Effectively only the following
8262 	 * ranges can be used: none, 0-7, 0-8 and 0-9.
8263 	 */
8264 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
8265 		vht_mcs = mask->control[band].vht_mcs[i];
8266 
8267 		switch (vht_mcs) {
8268 		case 0:
8269 		case BIT(8) - 1:
8270 		case BIT(9) - 1:
8271 		case BIT(10) - 1:
8272 			break;
8273 		default:
8274 			if (!allow_pfr)
8275 				ath10k_warn(ar, "refusing bitrate mask with missing 0-7 VHT MCS rates\n");
8276 			return false;
8277 		}
8278 	}
8279 
8280 	return true;
8281 }
8282 
8283 static bool ath10k_mac_set_vht_bitrate_mask_fixup(struct ath10k *ar,
8284 						  struct ath10k_vif *arvif,
8285 						  struct ieee80211_sta *sta)
8286 {
8287 	int err;
8288 	u8 rate = arvif->vht_pfr;
8289 
8290 	/* skip non vht and multiple rate peers */
8291 	if (!sta->deflink.vht_cap.vht_supported || arvif->vht_num_rates != 1)
8292 		return false;
8293 
8294 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8295 					WMI_PEER_PARAM_FIXED_RATE, rate);
8296 	if (err)
8297 		ath10k_warn(ar, "failed to enable STA %pM peer fixed rate: %d\n",
8298 			    sta->addr, err);
8299 
8300 	return true;
8301 }
8302 
8303 static void ath10k_mac_set_bitrate_mask_iter(void *data,
8304 					     struct ieee80211_sta *sta)
8305 {
8306 	struct ath10k_vif *arvif = data;
8307 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8308 	struct ath10k *ar = arvif->ar;
8309 
8310 	if (arsta->arvif != arvif)
8311 		return;
8312 
8313 	if (ath10k_mac_set_vht_bitrate_mask_fixup(ar, arvif, sta))
8314 		return;
8315 
8316 	spin_lock_bh(&ar->data_lock);
8317 	arsta->changed |= IEEE80211_RC_SUPP_RATES_CHANGED;
8318 	spin_unlock_bh(&ar->data_lock);
8319 
8320 	ieee80211_queue_work(ar->hw, &arsta->update_wk);
8321 }
8322 
8323 static void ath10k_mac_clr_bitrate_mask_iter(void *data,
8324 					     struct ieee80211_sta *sta)
8325 {
8326 	struct ath10k_vif *arvif = data;
8327 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8328 	struct ath10k *ar = arvif->ar;
8329 	int err;
8330 
8331 	/* clear vht peers only */
8332 	if (arsta->arvif != arvif || !sta->deflink.vht_cap.vht_supported)
8333 		return;
8334 
8335 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8336 					WMI_PEER_PARAM_FIXED_RATE,
8337 					WMI_FIXED_RATE_NONE);
8338 	if (err)
8339 		ath10k_warn(ar, "failed to clear STA %pM peer fixed rate: %d\n",
8340 			    sta->addr, err);
8341 }
8342 
8343 static int ath10k_mac_op_set_bitrate_mask(struct ieee80211_hw *hw,
8344 					  struct ieee80211_vif *vif,
8345 					  const struct cfg80211_bitrate_mask *mask)
8346 {
8347 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8348 	struct cfg80211_chan_def def;
8349 	struct ath10k *ar = arvif->ar;
8350 	enum nl80211_band band;
8351 	const u8 *ht_mcs_mask;
8352 	const u16 *vht_mcs_mask;
8353 	u8 rate;
8354 	u8 nss;
8355 	u8 sgi;
8356 	u8 ldpc;
8357 	int single_nss;
8358 	int ret;
8359 	int vht_num_rates, allow_pfr;
8360 	u8 vht_pfr;
8361 	bool update_bitrate_mask = true;
8362 
8363 	if (ath10k_mac_vif_chan(vif, &def))
8364 		return -EPERM;
8365 
8366 	band = def.chan->band;
8367 	ht_mcs_mask = mask->control[band].ht_mcs;
8368 	vht_mcs_mask = mask->control[band].vht_mcs;
8369 	ldpc = !!(ar->ht_cap_info & WMI_HT_CAP_LDPC);
8370 
8371 	sgi = mask->control[band].gi;
8372 	if (sgi == NL80211_TXRATE_FORCE_LGI)
8373 		return -EINVAL;
8374 
8375 	allow_pfr = test_bit(ATH10K_FW_FEATURE_PEER_FIXED_RATE,
8376 			     ar->normal_mode_fw.fw_file.fw_features);
8377 	if (allow_pfr) {
8378 		mutex_lock(&ar->conf_mutex);
8379 		ieee80211_iterate_stations_atomic(ar->hw,
8380 						  ath10k_mac_clr_bitrate_mask_iter,
8381 						  arvif);
8382 		mutex_unlock(&ar->conf_mutex);
8383 	}
8384 
8385 	if (ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
8386 						    &vht_num_rates)) {
8387 		ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8388 							      &rate, &nss,
8389 							      false);
8390 		if (ret) {
8391 			ath10k_warn(ar, "failed to get single rate for vdev %i: %d\n",
8392 				    arvif->vdev_id, ret);
8393 			return ret;
8394 		}
8395 	} else if (ath10k_mac_bitrate_mask_get_single_nss(ar, band, mask,
8396 							  &single_nss)) {
8397 		rate = WMI_FIXED_RATE_NONE;
8398 		nss = single_nss;
8399 	} else {
8400 		rate = WMI_FIXED_RATE_NONE;
8401 		nss = min(ar->num_rf_chains,
8402 			  max(ath10k_mac_max_ht_nss(ht_mcs_mask),
8403 			      ath10k_mac_max_vht_nss(vht_mcs_mask)));
8404 
8405 #if defined(__FreeBSD__)
8406 		vht_pfr = 0;
8407 #endif
8408 		if (!ath10k_mac_can_set_bitrate_mask(ar, band, mask,
8409 						     allow_pfr)) {
8410 			u8 vht_nss;
8411 
8412 			if (!allow_pfr || vht_num_rates != 1)
8413 				return -EINVAL;
8414 
8415 			/* Reach here, firmware supports peer fixed rate and has
8416 			 * single vht rate, and don't update vif birate_mask, as
8417 			 * the rate only for specific peer.
8418 			 */
8419 			ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8420 								&vht_pfr,
8421 								&vht_nss,
8422 								true);
8423 			update_bitrate_mask = false;
8424 #if defined(__linux__)
8425 		} else {
8426 			vht_pfr = 0;
8427 #endif
8428 		}
8429 
8430 		mutex_lock(&ar->conf_mutex);
8431 
8432 		if (update_bitrate_mask)
8433 			arvif->bitrate_mask = *mask;
8434 		arvif->vht_num_rates = vht_num_rates;
8435 		arvif->vht_pfr = vht_pfr;
8436 		ieee80211_iterate_stations_atomic(ar->hw,
8437 						  ath10k_mac_set_bitrate_mask_iter,
8438 						  arvif);
8439 
8440 		mutex_unlock(&ar->conf_mutex);
8441 	}
8442 
8443 	mutex_lock(&ar->conf_mutex);
8444 
8445 	ret = ath10k_mac_set_fixed_rate_params(arvif, rate, nss, sgi, ldpc);
8446 	if (ret) {
8447 		ath10k_warn(ar, "failed to set fixed rate params on vdev %i: %d\n",
8448 			    arvif->vdev_id, ret);
8449 		goto exit;
8450 	}
8451 
8452 exit:
8453 	mutex_unlock(&ar->conf_mutex);
8454 
8455 	return ret;
8456 }
8457 
8458 static void ath10k_sta_rc_update(struct ieee80211_hw *hw,
8459 				 struct ieee80211_vif *vif,
8460 				 struct ieee80211_sta *sta,
8461 				 u32 changed)
8462 {
8463 	struct ath10k *ar = hw->priv;
8464 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8465 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8466 	struct ath10k_peer *peer;
8467 	u32 bw, smps;
8468 
8469 	spin_lock_bh(&ar->data_lock);
8470 
8471 	peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
8472 	if (!peer) {
8473 		spin_unlock_bh(&ar->data_lock);
8474 		ath10k_warn(ar, "mac sta rc update failed to find peer %pM on vdev %i\n",
8475 			    sta->addr, arvif->vdev_id);
8476 		return;
8477 	}
8478 
8479 	ath10k_dbg(ar, ATH10K_DBG_STA,
8480 		   "mac sta rc update for %pM changed %08x bw %d nss %d smps %d\n",
8481 		   sta->addr, changed, sta->deflink.bandwidth,
8482 		   sta->deflink.rx_nss,
8483 		   sta->smps_mode);
8484 
8485 	if (changed & IEEE80211_RC_BW_CHANGED) {
8486 		bw = WMI_PEER_CHWIDTH_20MHZ;
8487 
8488 		switch (sta->deflink.bandwidth) {
8489 		case IEEE80211_STA_RX_BW_20:
8490 			bw = WMI_PEER_CHWIDTH_20MHZ;
8491 			break;
8492 		case IEEE80211_STA_RX_BW_40:
8493 			bw = WMI_PEER_CHWIDTH_40MHZ;
8494 			break;
8495 		case IEEE80211_STA_RX_BW_80:
8496 			bw = WMI_PEER_CHWIDTH_80MHZ;
8497 			break;
8498 		case IEEE80211_STA_RX_BW_160:
8499 			bw = WMI_PEER_CHWIDTH_160MHZ;
8500 			break;
8501 		default:
8502 			ath10k_warn(ar, "Invalid bandwidth %d in rc update for %pM\n",
8503 				    sta->deflink.bandwidth, sta->addr);
8504 			bw = WMI_PEER_CHWIDTH_20MHZ;
8505 			break;
8506 		}
8507 
8508 		arsta->bw = bw;
8509 	}
8510 
8511 	if (changed & IEEE80211_RC_NSS_CHANGED)
8512 		arsta->nss = sta->deflink.rx_nss;
8513 
8514 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
8515 		smps = WMI_PEER_SMPS_PS_NONE;
8516 
8517 		switch (sta->smps_mode) {
8518 		case IEEE80211_SMPS_AUTOMATIC:
8519 		case IEEE80211_SMPS_OFF:
8520 			smps = WMI_PEER_SMPS_PS_NONE;
8521 			break;
8522 		case IEEE80211_SMPS_STATIC:
8523 			smps = WMI_PEER_SMPS_STATIC;
8524 			break;
8525 		case IEEE80211_SMPS_DYNAMIC:
8526 			smps = WMI_PEER_SMPS_DYNAMIC;
8527 			break;
8528 		case IEEE80211_SMPS_NUM_MODES:
8529 			ath10k_warn(ar, "Invalid smps %d in sta rc update for %pM\n",
8530 				    sta->smps_mode, sta->addr);
8531 			smps = WMI_PEER_SMPS_PS_NONE;
8532 			break;
8533 		}
8534 
8535 		arsta->smps = smps;
8536 	}
8537 
8538 	arsta->changed |= changed;
8539 
8540 	spin_unlock_bh(&ar->data_lock);
8541 
8542 	ieee80211_queue_work(hw, &arsta->update_wk);
8543 }
8544 
8545 static void ath10k_offset_tsf(struct ieee80211_hw *hw,
8546 			      struct ieee80211_vif *vif, s64 tsf_offset)
8547 {
8548 	struct ath10k *ar = hw->priv;
8549 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8550 	u32 offset, vdev_param;
8551 	int ret;
8552 
8553 	if (tsf_offset < 0) {
8554 		vdev_param = ar->wmi.vdev_param->dec_tsf;
8555 		offset = -tsf_offset;
8556 	} else {
8557 		vdev_param = ar->wmi.vdev_param->inc_tsf;
8558 		offset = tsf_offset;
8559 	}
8560 
8561 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
8562 					vdev_param, offset);
8563 
8564 	if (ret && ret != -EOPNOTSUPP)
8565 		ath10k_warn(ar, "failed to set tsf offset %d cmd %d: %d\n",
8566 			    offset, vdev_param, ret);
8567 }
8568 
8569 static int ath10k_ampdu_action(struct ieee80211_hw *hw,
8570 			       struct ieee80211_vif *vif,
8571 			       struct ieee80211_ampdu_params *params)
8572 {
8573 	struct ath10k *ar = hw->priv;
8574 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8575 	struct ieee80211_sta *sta = params->sta;
8576 	enum ieee80211_ampdu_mlme_action action = params->action;
8577 	u16 tid = params->tid;
8578 
8579 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ampdu vdev_id %i sta %pM tid %u action %d\n",
8580 		   arvif->vdev_id, sta->addr, tid, action);
8581 
8582 	switch (action) {
8583 	case IEEE80211_AMPDU_RX_START:
8584 	case IEEE80211_AMPDU_RX_STOP:
8585 		/* HTT AddBa/DelBa events trigger mac80211 Rx BA session
8586 		 * creation/removal. Do we need to verify this?
8587 		 */
8588 		return 0;
8589 	case IEEE80211_AMPDU_TX_START:
8590 	case IEEE80211_AMPDU_TX_STOP_CONT:
8591 	case IEEE80211_AMPDU_TX_STOP_FLUSH:
8592 	case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
8593 	case IEEE80211_AMPDU_TX_OPERATIONAL:
8594 		/* Firmware offloads Tx aggregation entirely so deny mac80211
8595 		 * Tx aggregation requests.
8596 		 */
8597 #if defined(__FreeBSD__)
8598 	default:
8599 #endif
8600 		return -EOPNOTSUPP;
8601 	}
8602 
8603 	return -EINVAL;
8604 }
8605 
8606 static void
8607 ath10k_mac_update_rx_channel(struct ath10k *ar,
8608 			     struct ieee80211_chanctx_conf *ctx,
8609 			     struct ieee80211_vif_chanctx_switch *vifs,
8610 			     int n_vifs)
8611 {
8612 	struct cfg80211_chan_def *def = NULL;
8613 
8614 	/* Both locks are required because ar->rx_channel is modified. This
8615 	 * allows readers to hold either lock.
8616 	 */
8617 	lockdep_assert_held(&ar->conf_mutex);
8618 	lockdep_assert_held(&ar->data_lock);
8619 
8620 	WARN_ON(ctx && vifs);
8621 	WARN_ON(vifs && !n_vifs);
8622 
8623 	/* FIXME: Sort of an optimization and a workaround. Peers and vifs are
8624 	 * on a linked list now. Doing a lookup peer -> vif -> chanctx for each
8625 	 * ppdu on Rx may reduce performance on low-end systems. It should be
8626 	 * possible to make tables/hashmaps to speed the lookup up (be vary of
8627 	 * cpu data cache lines though regarding sizes) but to keep the initial
8628 	 * implementation simple and less intrusive fallback to the slow lookup
8629 	 * only for multi-channel cases. Single-channel cases will remain to
8630 	 * use the old channel derival and thus performance should not be
8631 	 * affected much.
8632 	 */
8633 	rcu_read_lock();
8634 	if (!ctx && ath10k_mac_num_chanctxs(ar) == 1) {
8635 		ieee80211_iter_chan_contexts_atomic(ar->hw,
8636 						    ath10k_mac_get_any_chandef_iter,
8637 						    &def);
8638 
8639 		if (vifs)
8640 			def = &vifs[0].new_ctx->def;
8641 
8642 		ar->rx_channel = def->chan;
8643 	} else if ((ctx && ath10k_mac_num_chanctxs(ar) == 0) ||
8644 		   (ctx && (ar->state == ATH10K_STATE_RESTARTED))) {
8645 		/* During driver restart due to firmware assert, since mac80211
8646 		 * already has valid channel context for given radio, channel
8647 		 * context iteration return num_chanctx > 0. So fix rx_channel
8648 		 * when restart is in progress.
8649 		 */
8650 		ar->rx_channel = ctx->def.chan;
8651 	} else {
8652 		ar->rx_channel = NULL;
8653 	}
8654 	rcu_read_unlock();
8655 }
8656 
8657 static void
8658 ath10k_mac_update_vif_chan(struct ath10k *ar,
8659 			   struct ieee80211_vif_chanctx_switch *vifs,
8660 			   int n_vifs)
8661 {
8662 	struct ath10k_vif *arvif;
8663 	int ret;
8664 	int i;
8665 
8666 	lockdep_assert_held(&ar->conf_mutex);
8667 
8668 	/* First stop monitor interface. Some FW versions crash if there's a
8669 	 * lone monitor interface.
8670 	 */
8671 	if (ar->monitor_started)
8672 		ath10k_monitor_stop(ar);
8673 
8674 	for (i = 0; i < n_vifs; i++) {
8675 		arvif = (void *)vifs[i].vif->drv_priv;
8676 
8677 		ath10k_dbg(ar, ATH10K_DBG_MAC,
8678 			   "mac chanctx switch vdev_id %i freq %u->%u width %d->%d\n",
8679 			   arvif->vdev_id,
8680 			   vifs[i].old_ctx->def.chan->center_freq,
8681 			   vifs[i].new_ctx->def.chan->center_freq,
8682 			   vifs[i].old_ctx->def.width,
8683 			   vifs[i].new_ctx->def.width);
8684 
8685 		if (WARN_ON(!arvif->is_started))
8686 			continue;
8687 
8688 		if (WARN_ON(!arvif->is_up))
8689 			continue;
8690 
8691 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
8692 		if (ret) {
8693 			ath10k_warn(ar, "failed to down vdev %d: %d\n",
8694 				    arvif->vdev_id, ret);
8695 			continue;
8696 		}
8697 	}
8698 
8699 	/* All relevant vdevs are downed and associated channel resources
8700 	 * should be available for the channel switch now.
8701 	 */
8702 
8703 	spin_lock_bh(&ar->data_lock);
8704 	ath10k_mac_update_rx_channel(ar, NULL, vifs, n_vifs);
8705 	spin_unlock_bh(&ar->data_lock);
8706 
8707 	for (i = 0; i < n_vifs; i++) {
8708 		arvif = (void *)vifs[i].vif->drv_priv;
8709 
8710 		if (WARN_ON(!arvif->is_started))
8711 			continue;
8712 
8713 		if (WARN_ON(!arvif->is_up))
8714 			continue;
8715 
8716 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
8717 		if (ret)
8718 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
8719 				    ret);
8720 
8721 		ret = ath10k_mac_setup_prb_tmpl(arvif);
8722 		if (ret)
8723 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
8724 				    ret);
8725 
8726 		ret = ath10k_vdev_restart(arvif, &vifs[i].new_ctx->def);
8727 		if (ret) {
8728 			ath10k_warn(ar, "failed to restart vdev %d: %d\n",
8729 				    arvif->vdev_id, ret);
8730 			continue;
8731 		}
8732 
8733 		ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
8734 					 arvif->bssid);
8735 		if (ret) {
8736 			ath10k_warn(ar, "failed to bring vdev up %d: %d\n",
8737 				    arvif->vdev_id, ret);
8738 			continue;
8739 		}
8740 	}
8741 
8742 	ath10k_monitor_recalc(ar);
8743 }
8744 
8745 static int
8746 ath10k_mac_op_add_chanctx(struct ieee80211_hw *hw,
8747 			  struct ieee80211_chanctx_conf *ctx)
8748 {
8749 	struct ath10k *ar = hw->priv;
8750 
8751 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8752 		   "mac chanctx add freq %u width %d ptr %pK\n",
8753 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8754 
8755 	mutex_lock(&ar->conf_mutex);
8756 
8757 	spin_lock_bh(&ar->data_lock);
8758 	ath10k_mac_update_rx_channel(ar, ctx, NULL, 0);
8759 	spin_unlock_bh(&ar->data_lock);
8760 
8761 	ath10k_recalc_radar_detection(ar);
8762 	ath10k_monitor_recalc(ar);
8763 
8764 	mutex_unlock(&ar->conf_mutex);
8765 
8766 	return 0;
8767 }
8768 
8769 static void
8770 ath10k_mac_op_remove_chanctx(struct ieee80211_hw *hw,
8771 			     struct ieee80211_chanctx_conf *ctx)
8772 {
8773 	struct ath10k *ar = hw->priv;
8774 
8775 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8776 		   "mac chanctx remove freq %u width %d ptr %pK\n",
8777 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8778 
8779 	mutex_lock(&ar->conf_mutex);
8780 
8781 	spin_lock_bh(&ar->data_lock);
8782 	ath10k_mac_update_rx_channel(ar, NULL, NULL, 0);
8783 	spin_unlock_bh(&ar->data_lock);
8784 
8785 	ath10k_recalc_radar_detection(ar);
8786 	ath10k_monitor_recalc(ar);
8787 
8788 	mutex_unlock(&ar->conf_mutex);
8789 }
8790 
8791 struct ath10k_mac_change_chanctx_arg {
8792 	struct ieee80211_chanctx_conf *ctx;
8793 	struct ieee80211_vif_chanctx_switch *vifs;
8794 	int n_vifs;
8795 	int next_vif;
8796 };
8797 
8798 static void
8799 ath10k_mac_change_chanctx_cnt_iter(void *data, u8 *mac,
8800 				   struct ieee80211_vif *vif)
8801 {
8802 	struct ath10k_mac_change_chanctx_arg *arg = data;
8803 
8804 	if (rcu_access_pointer(vif->chanctx_conf) != arg->ctx)
8805 		return;
8806 
8807 	arg->n_vifs++;
8808 }
8809 
8810 static void
8811 ath10k_mac_change_chanctx_fill_iter(void *data, u8 *mac,
8812 				    struct ieee80211_vif *vif)
8813 {
8814 	struct ath10k_mac_change_chanctx_arg *arg = data;
8815 	struct ieee80211_chanctx_conf *ctx;
8816 
8817 	ctx = rcu_access_pointer(vif->chanctx_conf);
8818 	if (ctx != arg->ctx)
8819 		return;
8820 
8821 	if (WARN_ON(arg->next_vif == arg->n_vifs))
8822 		return;
8823 
8824 	arg->vifs[arg->next_vif].vif = vif;
8825 	arg->vifs[arg->next_vif].old_ctx = ctx;
8826 	arg->vifs[arg->next_vif].new_ctx = ctx;
8827 	arg->next_vif++;
8828 }
8829 
8830 static void
8831 ath10k_mac_op_change_chanctx(struct ieee80211_hw *hw,
8832 			     struct ieee80211_chanctx_conf *ctx,
8833 			     u32 changed)
8834 {
8835 	struct ath10k *ar = hw->priv;
8836 	struct ath10k_mac_change_chanctx_arg arg = { .ctx = ctx };
8837 
8838 	mutex_lock(&ar->conf_mutex);
8839 
8840 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8841 		   "mac chanctx change freq %u width %d ptr %pK changed %x\n",
8842 		   ctx->def.chan->center_freq, ctx->def.width, ctx, changed);
8843 
8844 	/* This shouldn't really happen because channel switching should use
8845 	 * switch_vif_chanctx().
8846 	 */
8847 	if (WARN_ON(changed & IEEE80211_CHANCTX_CHANGE_CHANNEL))
8848 		goto unlock;
8849 
8850 	if (changed & IEEE80211_CHANCTX_CHANGE_WIDTH) {
8851 		ieee80211_iterate_active_interfaces_atomic(
8852 					hw,
8853 					ATH10K_ITER_NORMAL_FLAGS,
8854 					ath10k_mac_change_chanctx_cnt_iter,
8855 					&arg);
8856 		if (arg.n_vifs == 0)
8857 			goto radar;
8858 
8859 		arg.vifs = kcalloc(arg.n_vifs, sizeof(arg.vifs[0]),
8860 				   GFP_KERNEL);
8861 		if (!arg.vifs)
8862 			goto radar;
8863 
8864 		ieee80211_iterate_active_interfaces_atomic(
8865 					hw,
8866 					ATH10K_ITER_NORMAL_FLAGS,
8867 					ath10k_mac_change_chanctx_fill_iter,
8868 					&arg);
8869 		ath10k_mac_update_vif_chan(ar, arg.vifs, arg.n_vifs);
8870 		kfree(arg.vifs);
8871 	}
8872 
8873 radar:
8874 	ath10k_recalc_radar_detection(ar);
8875 
8876 	/* FIXME: How to configure Rx chains properly? */
8877 
8878 	/* No other actions are actually necessary. Firmware maintains channel
8879 	 * definitions per vdev internally and there's no host-side channel
8880 	 * context abstraction to configure, e.g. channel width.
8881 	 */
8882 
8883 unlock:
8884 	mutex_unlock(&ar->conf_mutex);
8885 }
8886 
8887 static int
8888 ath10k_mac_op_assign_vif_chanctx(struct ieee80211_hw *hw,
8889 				 struct ieee80211_vif *vif,
8890 				 struct ieee80211_bss_conf *link_conf,
8891 				 struct ieee80211_chanctx_conf *ctx)
8892 {
8893 	struct ath10k *ar = hw->priv;
8894 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8895 	int ret;
8896 
8897 	mutex_lock(&ar->conf_mutex);
8898 
8899 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8900 		   "mac chanctx assign ptr %pK vdev_id %i\n",
8901 		   ctx, arvif->vdev_id);
8902 
8903 	if (WARN_ON(arvif->is_started)) {
8904 		mutex_unlock(&ar->conf_mutex);
8905 		return -EBUSY;
8906 	}
8907 
8908 	ret = ath10k_vdev_start(arvif, &ctx->def);
8909 	if (ret) {
8910 		ath10k_warn(ar, "failed to start vdev %i addr %pM on freq %d: %d\n",
8911 			    arvif->vdev_id, vif->addr,
8912 			    ctx->def.chan->center_freq, ret);
8913 		goto err;
8914 	}
8915 
8916 	arvif->is_started = true;
8917 
8918 	ret = ath10k_mac_vif_setup_ps(arvif);
8919 	if (ret) {
8920 		ath10k_warn(ar, "failed to update vdev %i ps: %d\n",
8921 			    arvif->vdev_id, ret);
8922 		goto err_stop;
8923 	}
8924 
8925 	if (vif->type == NL80211_IFTYPE_MONITOR) {
8926 		ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, 0, vif->addr);
8927 		if (ret) {
8928 			ath10k_warn(ar, "failed to up monitor vdev %i: %d\n",
8929 				    arvif->vdev_id, ret);
8930 			goto err_stop;
8931 		}
8932 
8933 		arvif->is_up = true;
8934 	}
8935 
8936 	if (ath10k_mac_can_set_cts_prot(arvif)) {
8937 		ret = ath10k_mac_set_cts_prot(arvif);
8938 		if (ret)
8939 			ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
8940 				    arvif->vdev_id, ret);
8941 	}
8942 
8943 	if (ath10k_peer_stats_enabled(ar) &&
8944 	    ar->hw_params.tx_stats_over_pktlog) {
8945 		ar->pktlog_filter |= ATH10K_PKTLOG_PEER_STATS;
8946 		ret = ath10k_wmi_pdev_pktlog_enable(ar,
8947 						    ar->pktlog_filter);
8948 		if (ret) {
8949 			ath10k_warn(ar, "failed to enable pktlog %d\n", ret);
8950 			goto err_stop;
8951 		}
8952 	}
8953 
8954 	mutex_unlock(&ar->conf_mutex);
8955 	return 0;
8956 
8957 err_stop:
8958 	ath10k_vdev_stop(arvif);
8959 	arvif->is_started = false;
8960 	ath10k_mac_vif_setup_ps(arvif);
8961 
8962 err:
8963 	mutex_unlock(&ar->conf_mutex);
8964 	return ret;
8965 }
8966 
8967 static void
8968 ath10k_mac_op_unassign_vif_chanctx(struct ieee80211_hw *hw,
8969 				   struct ieee80211_vif *vif,
8970 				   struct ieee80211_bss_conf *link_conf,
8971 				   struct ieee80211_chanctx_conf *ctx)
8972 {
8973 	struct ath10k *ar = hw->priv;
8974 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8975 	int ret;
8976 
8977 	mutex_lock(&ar->conf_mutex);
8978 
8979 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8980 		   "mac chanctx unassign ptr %pK vdev_id %i\n",
8981 		   ctx, arvif->vdev_id);
8982 
8983 	WARN_ON(!arvif->is_started);
8984 
8985 	if (vif->type == NL80211_IFTYPE_MONITOR) {
8986 		WARN_ON(!arvif->is_up);
8987 
8988 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
8989 		if (ret)
8990 			ath10k_warn(ar, "failed to down monitor vdev %i: %d\n",
8991 				    arvif->vdev_id, ret);
8992 
8993 		arvif->is_up = false;
8994 	}
8995 
8996 	ret = ath10k_vdev_stop(arvif);
8997 	if (ret)
8998 		ath10k_warn(ar, "failed to stop vdev %i: %d\n",
8999 			    arvif->vdev_id, ret);
9000 
9001 	arvif->is_started = false;
9002 
9003 	mutex_unlock(&ar->conf_mutex);
9004 }
9005 
9006 static int
9007 ath10k_mac_op_switch_vif_chanctx(struct ieee80211_hw *hw,
9008 				 struct ieee80211_vif_chanctx_switch *vifs,
9009 				 int n_vifs,
9010 				 enum ieee80211_chanctx_switch_mode mode)
9011 {
9012 	struct ath10k *ar = hw->priv;
9013 
9014 	mutex_lock(&ar->conf_mutex);
9015 
9016 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9017 		   "mac chanctx switch n_vifs %d mode %d\n",
9018 		   n_vifs, mode);
9019 	ath10k_mac_update_vif_chan(ar, vifs, n_vifs);
9020 
9021 	mutex_unlock(&ar->conf_mutex);
9022 	return 0;
9023 }
9024 
9025 static void ath10k_mac_op_sta_pre_rcu_remove(struct ieee80211_hw *hw,
9026 					     struct ieee80211_vif *vif,
9027 					     struct ieee80211_sta *sta)
9028 {
9029 	struct ath10k *ar;
9030 	struct ath10k_peer *peer;
9031 
9032 	ar = hw->priv;
9033 
9034 	list_for_each_entry(peer, &ar->peers, list)
9035 		if (peer->sta == sta)
9036 			peer->removed = true;
9037 }
9038 
9039 /* HT MCS parameters with Nss = 1 */
9040 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss1[] = {
9041 	/* MCS  L20   L40   S20  S40 */
9042 	{0,  { 65,  135,  72,  150} },
9043 	{1,  { 130, 270,  144, 300} },
9044 	{2,  { 195, 405,  217, 450} },
9045 	{3,  { 260, 540,  289, 600} },
9046 	{4,  { 390, 810,  433, 900} },
9047 	{5,  { 520, 1080, 578, 1200} },
9048 	{6,  { 585, 1215, 650, 1350} },
9049 	{7,  { 650, 1350, 722, 1500} }
9050 };
9051 
9052 /* HT MCS parameters with Nss = 2 */
9053 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss2[] = {
9054 	/* MCS  L20    L40   S20   S40 */
9055 	{0,  {130,  270,  144,  300} },
9056 	{1,  {260,  540,  289,  600} },
9057 	{2,  {390,  810,  433,  900} },
9058 	{3,  {520,  1080, 578,  1200} },
9059 	{4,  {780,  1620, 867,  1800} },
9060 	{5,  {1040, 2160, 1156, 2400} },
9061 	{6,  {1170, 2430, 1300, 2700} },
9062 	{7,  {1300, 2700, 1444, 3000} }
9063 };
9064 
9065 /* MCS parameters with Nss = 1 */
9066 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss1[] = {
9067 	/* MCS  L80    S80     L40   S40    L20   S20 */
9068 	{0,  {293,  325},  {135,  150},  {65,   72} },
9069 	{1,  {585,  650},  {270,  300},  {130,  144} },
9070 	{2,  {878,  975},  {405,  450},  {195,  217} },
9071 	{3,  {1170, 1300}, {540,  600},  {260,  289} },
9072 	{4,  {1755, 1950}, {810,  900},  {390,  433} },
9073 	{5,  {2340, 2600}, {1080, 1200}, {520,  578} },
9074 	{6,  {2633, 2925}, {1215, 1350}, {585,  650} },
9075 	{7,  {2925, 3250}, {1350, 1500}, {650,  722} },
9076 	{8,  {3510, 3900}, {1620, 1800}, {780,  867} },
9077 	{9,  {3900, 4333}, {1800, 2000}, {780,  867} }
9078 };
9079 
9080 /*MCS parameters with Nss = 2 */
9081 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss2[] = {
9082 	/* MCS  L80    S80     L40   S40    L20   S20 */
9083 	{0,  {585,  650},  {270,  300},  {130,  144} },
9084 	{1,  {1170, 1300}, {540,  600},  {260,  289} },
9085 	{2,  {1755, 1950}, {810,  900},  {390,  433} },
9086 	{3,  {2340, 2600}, {1080, 1200}, {520,  578} },
9087 	{4,  {3510, 3900}, {1620, 1800}, {780,  867} },
9088 	{5,  {4680, 5200}, {2160, 2400}, {1040, 1156} },
9089 	{6,  {5265, 5850}, {2430, 2700}, {1170, 1300} },
9090 	{7,  {5850, 6500}, {2700, 3000}, {1300, 1444} },
9091 	{8,  {7020, 7800}, {3240, 3600}, {1560, 1733} },
9092 	{9,  {7800, 8667}, {3600, 4000}, {1560, 1733} }
9093 };
9094 
9095 static void ath10k_mac_get_rate_flags_ht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9096 					 u8 *flags, u8 *bw)
9097 {
9098 #if defined(__linux__)
9099 	struct ath10k_index_ht_data_rate_type *mcs_rate;
9100 #elif defined(__FreeBSD__)
9101 	const struct ath10k_index_ht_data_rate_type *mcs_rate;
9102 #endif
9103 	u8 index;
9104 	size_t len_nss1 = ARRAY_SIZE(supported_ht_mcs_rate_nss1);
9105 	size_t len_nss2 = ARRAY_SIZE(supported_ht_mcs_rate_nss2);
9106 
9107 	if (mcs >= (len_nss1 + len_nss2)) {
9108 		ath10k_warn(ar, "not supported mcs %d in current rate table", mcs);
9109 		return;
9110 	}
9111 
9112 #if defined(__linux__)
9113 	mcs_rate = (struct ath10k_index_ht_data_rate_type *)
9114 #elif defined(__FreeBSD__)
9115 	mcs_rate = (const struct ath10k_index_ht_data_rate_type *)
9116 #endif
9117 		   ((nss == 1) ? &supported_ht_mcs_rate_nss1 :
9118 		   &supported_ht_mcs_rate_nss2);
9119 
9120 	if (mcs >= len_nss1)
9121 		index = mcs - len_nss1;
9122 	else
9123 		index = mcs;
9124 
9125 	if (rate == mcs_rate[index].supported_rate[0]) {
9126 		*bw = RATE_INFO_BW_20;
9127 	} else if (rate == mcs_rate[index].supported_rate[1]) {
9128 		*bw |= RATE_INFO_BW_40;
9129 	} else if (rate == mcs_rate[index].supported_rate[2]) {
9130 		*bw |= RATE_INFO_BW_20;
9131 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9132 	} else if (rate == mcs_rate[index].supported_rate[3]) {
9133 		*bw |= RATE_INFO_BW_40;
9134 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9135 	} else {
9136 		ath10k_warn(ar, "invalid ht params rate %d 100kbps nss %d mcs %d",
9137 			    rate, nss, mcs);
9138 	}
9139 }
9140 
9141 static void ath10k_mac_get_rate_flags_vht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9142 					  u8 *flags, u8 *bw)
9143 {
9144 #if defined(__linux__)
9145 	struct ath10k_index_vht_data_rate_type *mcs_rate;
9146 
9147 	mcs_rate = (struct ath10k_index_vht_data_rate_type *)
9148 #elif defined(__FreeBSD__)
9149 	const struct ath10k_index_vht_data_rate_type *mcs_rate;
9150 
9151 	mcs_rate = (const struct ath10k_index_vht_data_rate_type *)
9152 #endif
9153 		   ((nss == 1) ? &supported_vht_mcs_rate_nss1 :
9154 		   &supported_vht_mcs_rate_nss2);
9155 
9156 	if (rate == mcs_rate[mcs].supported_VHT80_rate[0]) {
9157 		*bw = RATE_INFO_BW_80;
9158 	} else if (rate == mcs_rate[mcs].supported_VHT80_rate[1]) {
9159 		*bw = RATE_INFO_BW_80;
9160 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9161 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[0]) {
9162 		*bw = RATE_INFO_BW_40;
9163 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[1]) {
9164 		*bw = RATE_INFO_BW_40;
9165 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9166 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[0]) {
9167 		*bw = RATE_INFO_BW_20;
9168 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[1]) {
9169 		*bw = RATE_INFO_BW_20;
9170 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9171 	} else {
9172 		ath10k_warn(ar, "invalid vht params rate %d 100kbps nss %d mcs %d",
9173 			    rate, nss, mcs);
9174 	}
9175 }
9176 
9177 static void ath10k_mac_get_rate_flags(struct ath10k *ar, u32 rate,
9178 				      enum ath10k_phy_mode mode, u8 nss, u8 mcs,
9179 				      u8 *flags, u8 *bw)
9180 {
9181 	if (mode == ATH10K_PHY_MODE_HT) {
9182 		*flags = RATE_INFO_FLAGS_MCS;
9183 		ath10k_mac_get_rate_flags_ht(ar, rate, nss, mcs, flags, bw);
9184 	} else if (mode == ATH10K_PHY_MODE_VHT) {
9185 		*flags = RATE_INFO_FLAGS_VHT_MCS;
9186 		ath10k_mac_get_rate_flags_vht(ar, rate, nss, mcs, flags, bw);
9187 	}
9188 }
9189 
9190 static void ath10k_mac_parse_bitrate(struct ath10k *ar, u32 rate_code,
9191 				     u32 bitrate_kbps, struct rate_info *rate)
9192 {
9193 	enum ath10k_phy_mode mode = ATH10K_PHY_MODE_LEGACY;
9194 	enum wmi_rate_preamble preamble = WMI_TLV_GET_HW_RC_PREAM_V1(rate_code);
9195 	u8 nss = WMI_TLV_GET_HW_RC_NSS_V1(rate_code) + 1;
9196 	u8 mcs = WMI_TLV_GET_HW_RC_RATE_V1(rate_code);
9197 	u8 flags = 0, bw = 0;
9198 
9199 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac parse rate code 0x%x bitrate %d kbps\n",
9200 		   rate_code, bitrate_kbps);
9201 
9202 	if (preamble == WMI_RATE_PREAMBLE_HT)
9203 		mode = ATH10K_PHY_MODE_HT;
9204 	else if (preamble == WMI_RATE_PREAMBLE_VHT)
9205 		mode = ATH10K_PHY_MODE_VHT;
9206 
9207 	ath10k_mac_get_rate_flags(ar, bitrate_kbps / 100, mode, nss, mcs, &flags, &bw);
9208 
9209 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9210 		   "mac parse bitrate preamble %d mode %d nss %d mcs %d flags %x bw %d\n",
9211 		   preamble, mode, nss, mcs, flags, bw);
9212 
9213 	rate->flags = flags;
9214 	rate->bw = bw;
9215 	rate->legacy = bitrate_kbps / 100;
9216 	rate->nss = nss;
9217 	rate->mcs = mcs;
9218 }
9219 
9220 static void ath10k_mac_sta_get_peer_stats_info(struct ath10k *ar,
9221 					       struct ieee80211_sta *sta,
9222 					       struct station_info *sinfo)
9223 {
9224 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9225 	struct ath10k_peer *peer;
9226 	unsigned long time_left;
9227 	int ret;
9228 
9229 	if (!(ar->hw_params.supports_peer_stats_info &&
9230 	      arsta->arvif->vdev_type == WMI_VDEV_TYPE_STA))
9231 		return;
9232 
9233 	spin_lock_bh(&ar->data_lock);
9234 	peer = ath10k_peer_find(ar, arsta->arvif->vdev_id, sta->addr);
9235 	spin_unlock_bh(&ar->data_lock);
9236 	if (!peer)
9237 		return;
9238 
9239 	reinit_completion(&ar->peer_stats_info_complete);
9240 
9241 	ret = ath10k_wmi_request_peer_stats_info(ar,
9242 						 arsta->arvif->vdev_id,
9243 						 WMI_REQUEST_ONE_PEER_STATS_INFO,
9244 						 arsta->arvif->bssid,
9245 						 0);
9246 	if (ret && ret != -EOPNOTSUPP) {
9247 		ath10k_warn(ar, "could not request peer stats info: %d\n", ret);
9248 		return;
9249 	}
9250 
9251 	time_left = wait_for_completion_timeout(&ar->peer_stats_info_complete, 3 * HZ);
9252 	if (time_left == 0) {
9253 		ath10k_warn(ar, "timed out waiting peer stats info\n");
9254 		return;
9255 	}
9256 
9257 	if (arsta->rx_rate_code != 0 && arsta->rx_bitrate_kbps != 0) {
9258 		ath10k_mac_parse_bitrate(ar, arsta->rx_rate_code,
9259 					 arsta->rx_bitrate_kbps,
9260 					 &sinfo->rxrate);
9261 
9262 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
9263 		arsta->rx_rate_code = 0;
9264 		arsta->rx_bitrate_kbps = 0;
9265 	}
9266 
9267 	if (arsta->tx_rate_code != 0 && arsta->tx_bitrate_kbps != 0) {
9268 		ath10k_mac_parse_bitrate(ar, arsta->tx_rate_code,
9269 					 arsta->tx_bitrate_kbps,
9270 					 &sinfo->txrate);
9271 
9272 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9273 		arsta->tx_rate_code = 0;
9274 		arsta->tx_bitrate_kbps = 0;
9275 	}
9276 }
9277 
9278 static void ath10k_sta_statistics(struct ieee80211_hw *hw,
9279 				  struct ieee80211_vif *vif,
9280 				  struct ieee80211_sta *sta,
9281 				  struct station_info *sinfo)
9282 {
9283 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9284 	struct ath10k *ar = arsta->arvif->ar;
9285 
9286 	if (!ath10k_peer_stats_enabled(ar))
9287 		return;
9288 
9289 	mutex_lock(&ar->conf_mutex);
9290 	ath10k_debug_fw_stats_request(ar);
9291 	mutex_unlock(&ar->conf_mutex);
9292 
9293 	sinfo->rx_duration = arsta->rx_duration;
9294 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_DURATION);
9295 
9296 	if (arsta->txrate.legacy || arsta->txrate.nss) {
9297 		if (arsta->txrate.legacy) {
9298 			sinfo->txrate.legacy = arsta->txrate.legacy;
9299 		} else {
9300 			sinfo->txrate.mcs = arsta->txrate.mcs;
9301 			sinfo->txrate.nss = arsta->txrate.nss;
9302 			sinfo->txrate.bw = arsta->txrate.bw;
9303 		}
9304 		sinfo->txrate.flags = arsta->txrate.flags;
9305 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9306 	}
9307 
9308 	if (ar->htt.disable_tx_comp) {
9309 		sinfo->tx_failed = arsta->tx_failed;
9310 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
9311 	}
9312 
9313 	sinfo->tx_retries = arsta->tx_retries;
9314 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_RETRIES);
9315 
9316 	ath10k_mac_sta_get_peer_stats_info(ar, sta, sinfo);
9317 }
9318 
9319 static int ath10k_mac_op_set_tid_config(struct ieee80211_hw *hw,
9320 					struct ieee80211_vif *vif,
9321 					struct ieee80211_sta *sta,
9322 					struct cfg80211_tid_config *tid_config)
9323 {
9324 	struct ath10k *ar = hw->priv;
9325 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9326 	struct ath10k_mac_iter_tid_conf_data data = {};
9327 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
9328 	int ret, i;
9329 
9330 	mutex_lock(&ar->conf_mutex);
9331 	arg.vdev_id = arvif->vdev_id;
9332 
9333 	arvif->tids_rst = 0;
9334 	memset(arvif->tid_conf_changed, 0, sizeof(arvif->tid_conf_changed));
9335 
9336 	for (i = 0; i < tid_config->n_tid_conf; i++) {
9337 		ret = ath10k_mac_parse_tid_config(ar, sta, vif,
9338 						  &tid_config->tid_conf[i],
9339 						  &arg);
9340 		if (ret)
9341 			goto exit;
9342 	}
9343 
9344 	ret = 0;
9345 
9346 	if (sta)
9347 		goto exit;
9348 
9349 	arvif->tids_rst = 0;
9350 	data.curr_vif = vif;
9351 	data.ar = ar;
9352 
9353 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9354 					  &data);
9355 
9356 exit:
9357 	mutex_unlock(&ar->conf_mutex);
9358 	return ret;
9359 }
9360 
9361 static int ath10k_mac_op_reset_tid_config(struct ieee80211_hw *hw,
9362 					  struct ieee80211_vif *vif,
9363 					  struct ieee80211_sta *sta,
9364 					  u8 tids)
9365 {
9366 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9367 	struct ath10k_mac_iter_tid_conf_data data = {};
9368 	struct ath10k *ar = hw->priv;
9369 	int ret = 0;
9370 
9371 	mutex_lock(&ar->conf_mutex);
9372 
9373 	if (sta) {
9374 		arvif->tids_rst = 0;
9375 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif, tids);
9376 		goto exit;
9377 	}
9378 
9379 	arvif->tids_rst = tids;
9380 	data.curr_vif = vif;
9381 	data.ar = ar;
9382 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9383 					  &data);
9384 
9385 exit:
9386 	mutex_unlock(&ar->conf_mutex);
9387 	return ret;
9388 }
9389 
9390 static const struct ieee80211_ops ath10k_ops = {
9391 	.tx				= ath10k_mac_op_tx,
9392 	.wake_tx_queue			= ath10k_mac_op_wake_tx_queue,
9393 	.start				= ath10k_start,
9394 	.stop				= ath10k_stop,
9395 	.config				= ath10k_config,
9396 	.add_interface			= ath10k_add_interface,
9397 	.remove_interface		= ath10k_remove_interface,
9398 	.configure_filter		= ath10k_configure_filter,
9399 	.bss_info_changed		= ath10k_bss_info_changed,
9400 	.set_coverage_class		= ath10k_mac_op_set_coverage_class,
9401 	.hw_scan			= ath10k_hw_scan,
9402 	.cancel_hw_scan			= ath10k_cancel_hw_scan,
9403 	.set_key			= ath10k_set_key,
9404 	.set_default_unicast_key        = ath10k_set_default_unicast_key,
9405 	.sta_state			= ath10k_sta_state,
9406 	.sta_set_txpwr			= ath10k_sta_set_txpwr,
9407 	.conf_tx			= ath10k_conf_tx,
9408 	.remain_on_channel		= ath10k_remain_on_channel,
9409 	.cancel_remain_on_channel	= ath10k_cancel_remain_on_channel,
9410 	.set_rts_threshold		= ath10k_set_rts_threshold,
9411 	.set_frag_threshold		= ath10k_mac_op_set_frag_threshold,
9412 	.flush				= ath10k_flush,
9413 	.tx_last_beacon			= ath10k_tx_last_beacon,
9414 	.set_antenna			= ath10k_set_antenna,
9415 	.get_antenna			= ath10k_get_antenna,
9416 	.reconfig_complete		= ath10k_reconfig_complete,
9417 	.get_survey			= ath10k_get_survey,
9418 	.set_bitrate_mask		= ath10k_mac_op_set_bitrate_mask,
9419 	.sta_rc_update			= ath10k_sta_rc_update,
9420 	.offset_tsf			= ath10k_offset_tsf,
9421 	.ampdu_action			= ath10k_ampdu_action,
9422 	.get_et_sset_count		= ath10k_debug_get_et_sset_count,
9423 	.get_et_stats			= ath10k_debug_get_et_stats,
9424 	.get_et_strings			= ath10k_debug_get_et_strings,
9425 	.add_chanctx			= ath10k_mac_op_add_chanctx,
9426 	.remove_chanctx			= ath10k_mac_op_remove_chanctx,
9427 	.change_chanctx			= ath10k_mac_op_change_chanctx,
9428 	.assign_vif_chanctx		= ath10k_mac_op_assign_vif_chanctx,
9429 	.unassign_vif_chanctx		= ath10k_mac_op_unassign_vif_chanctx,
9430 	.switch_vif_chanctx		= ath10k_mac_op_switch_vif_chanctx,
9431 	.sta_pre_rcu_remove		= ath10k_mac_op_sta_pre_rcu_remove,
9432 	.sta_statistics			= ath10k_sta_statistics,
9433 	.set_tid_config			= ath10k_mac_op_set_tid_config,
9434 	.reset_tid_config		= ath10k_mac_op_reset_tid_config,
9435 
9436 	CFG80211_TESTMODE_CMD(ath10k_tm_cmd)
9437 
9438 #ifdef CONFIG_PM
9439 	.suspend			= ath10k_wow_op_suspend,
9440 	.resume				= ath10k_wow_op_resume,
9441 	.set_wakeup			= ath10k_wow_op_set_wakeup,
9442 #endif
9443 #ifdef CONFIG_MAC80211_DEBUGFS
9444 	.sta_add_debugfs		= ath10k_sta_add_debugfs,
9445 #endif
9446 	.set_sar_specs			= ath10k_mac_set_sar_specs,
9447 };
9448 
9449 #define CHAN2G(_channel, _freq, _flags) { \
9450 	.band			= NL80211_BAND_2GHZ, \
9451 	.hw_value		= (_channel), \
9452 	.center_freq		= (_freq), \
9453 	.flags			= (_flags), \
9454 	.max_antenna_gain	= 0, \
9455 	.max_power		= 30, \
9456 }
9457 
9458 #define CHAN5G(_channel, _freq, _flags) { \
9459 	.band			= NL80211_BAND_5GHZ, \
9460 	.hw_value		= (_channel), \
9461 	.center_freq		= (_freq), \
9462 	.flags			= (_flags), \
9463 	.max_antenna_gain	= 0, \
9464 	.max_power		= 30, \
9465 }
9466 
9467 static const struct ieee80211_channel ath10k_2ghz_channels[] = {
9468 	CHAN2G(1, 2412, 0),
9469 	CHAN2G(2, 2417, 0),
9470 	CHAN2G(3, 2422, 0),
9471 	CHAN2G(4, 2427, 0),
9472 	CHAN2G(5, 2432, 0),
9473 	CHAN2G(6, 2437, 0),
9474 	CHAN2G(7, 2442, 0),
9475 	CHAN2G(8, 2447, 0),
9476 	CHAN2G(9, 2452, 0),
9477 	CHAN2G(10, 2457, 0),
9478 	CHAN2G(11, 2462, 0),
9479 	CHAN2G(12, 2467, 0),
9480 	CHAN2G(13, 2472, 0),
9481 	CHAN2G(14, 2484, 0),
9482 };
9483 
9484 static const struct ieee80211_channel ath10k_5ghz_channels[] = {
9485 	CHAN5G(36, 5180, 0),
9486 	CHAN5G(40, 5200, 0),
9487 	CHAN5G(44, 5220, 0),
9488 	CHAN5G(48, 5240, 0),
9489 	CHAN5G(52, 5260, 0),
9490 	CHAN5G(56, 5280, 0),
9491 	CHAN5G(60, 5300, 0),
9492 	CHAN5G(64, 5320, 0),
9493 	CHAN5G(100, 5500, 0),
9494 	CHAN5G(104, 5520, 0),
9495 	CHAN5G(108, 5540, 0),
9496 	CHAN5G(112, 5560, 0),
9497 	CHAN5G(116, 5580, 0),
9498 	CHAN5G(120, 5600, 0),
9499 	CHAN5G(124, 5620, 0),
9500 	CHAN5G(128, 5640, 0),
9501 	CHAN5G(132, 5660, 0),
9502 	CHAN5G(136, 5680, 0),
9503 	CHAN5G(140, 5700, 0),
9504 	CHAN5G(144, 5720, 0),
9505 	CHAN5G(149, 5745, 0),
9506 	CHAN5G(153, 5765, 0),
9507 	CHAN5G(157, 5785, 0),
9508 	CHAN5G(161, 5805, 0),
9509 	CHAN5G(165, 5825, 0),
9510 	CHAN5G(169, 5845, 0),
9511 	CHAN5G(173, 5865, 0),
9512 	/* If you add more, you may need to change ATH10K_MAX_5G_CHAN */
9513 	/* And you will definitely need to change ATH10K_NUM_CHANS in core.h */
9514 };
9515 
9516 struct ath10k *ath10k_mac_create(size_t priv_size)
9517 {
9518 	struct ieee80211_hw *hw;
9519 	struct ieee80211_ops *ops;
9520 	struct ath10k *ar;
9521 
9522 	ops = kmemdup(&ath10k_ops, sizeof(ath10k_ops), GFP_KERNEL);
9523 	if (!ops)
9524 		return NULL;
9525 
9526 	hw = ieee80211_alloc_hw(sizeof(struct ath10k) + priv_size, ops);
9527 	if (!hw) {
9528 		kfree(ops);
9529 		return NULL;
9530 	}
9531 
9532 	ar = hw->priv;
9533 	ar->hw = hw;
9534 	ar->ops = ops;
9535 
9536 	return ar;
9537 }
9538 
9539 void ath10k_mac_destroy(struct ath10k *ar)
9540 {
9541 	struct ieee80211_ops *ops = ar->ops;
9542 
9543 	ieee80211_free_hw(ar->hw);
9544 	kfree(ops);
9545 }
9546 
9547 static const struct ieee80211_iface_limit ath10k_if_limits[] = {
9548 	{
9549 		.max	= 8,
9550 		.types	= BIT(NL80211_IFTYPE_STATION)
9551 			| BIT(NL80211_IFTYPE_P2P_CLIENT)
9552 	},
9553 	{
9554 		.max	= 3,
9555 		.types	= BIT(NL80211_IFTYPE_P2P_GO)
9556 	},
9557 	{
9558 		.max	= 1,
9559 		.types	= BIT(NL80211_IFTYPE_P2P_DEVICE)
9560 	},
9561 	{
9562 		.max	= 7,
9563 		.types	= BIT(NL80211_IFTYPE_AP)
9564 #ifdef CONFIG_MAC80211_MESH
9565 			| BIT(NL80211_IFTYPE_MESH_POINT)
9566 #endif
9567 	},
9568 };
9569 
9570 static const struct ieee80211_iface_limit ath10k_10x_if_limits[] = {
9571 	{
9572 		.max	= 8,
9573 		.types	= BIT(NL80211_IFTYPE_AP)
9574 #ifdef CONFIG_MAC80211_MESH
9575 			| BIT(NL80211_IFTYPE_MESH_POINT)
9576 #endif
9577 	},
9578 	{
9579 		.max	= 1,
9580 		.types	= BIT(NL80211_IFTYPE_STATION)
9581 	},
9582 };
9583 
9584 static const struct ieee80211_iface_combination ath10k_if_comb[] = {
9585 	{
9586 		.limits = ath10k_if_limits,
9587 		.n_limits = ARRAY_SIZE(ath10k_if_limits),
9588 		.max_interfaces = 8,
9589 		.num_different_channels = 1,
9590 		.beacon_int_infra_match = true,
9591 	},
9592 };
9593 
9594 static const struct ieee80211_iface_combination ath10k_10x_if_comb[] = {
9595 	{
9596 		.limits = ath10k_10x_if_limits,
9597 		.n_limits = ARRAY_SIZE(ath10k_10x_if_limits),
9598 		.max_interfaces = 8,
9599 		.num_different_channels = 1,
9600 		.beacon_int_infra_match = true,
9601 		.beacon_int_min_gcd = 1,
9602 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9603 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9604 					BIT(NL80211_CHAN_WIDTH_20) |
9605 					BIT(NL80211_CHAN_WIDTH_40) |
9606 					BIT(NL80211_CHAN_WIDTH_80),
9607 #endif
9608 	},
9609 };
9610 
9611 static const struct ieee80211_iface_limit ath10k_tlv_if_limit[] = {
9612 	{
9613 		.max = 2,
9614 		.types = BIT(NL80211_IFTYPE_STATION),
9615 	},
9616 	{
9617 		.max = 2,
9618 		.types = BIT(NL80211_IFTYPE_AP) |
9619 #ifdef CONFIG_MAC80211_MESH
9620 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9621 #endif
9622 			 BIT(NL80211_IFTYPE_P2P_CLIENT) |
9623 			 BIT(NL80211_IFTYPE_P2P_GO),
9624 	},
9625 	{
9626 		.max = 1,
9627 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9628 	},
9629 };
9630 
9631 static const struct ieee80211_iface_limit ath10k_tlv_qcs_if_limit[] = {
9632 	{
9633 		.max = 2,
9634 		.types = BIT(NL80211_IFTYPE_STATION),
9635 	},
9636 	{
9637 		.max = 2,
9638 		.types = BIT(NL80211_IFTYPE_P2P_CLIENT),
9639 	},
9640 	{
9641 		.max = 1,
9642 		.types = BIT(NL80211_IFTYPE_AP) |
9643 #ifdef CONFIG_MAC80211_MESH
9644 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9645 #endif
9646 			 BIT(NL80211_IFTYPE_P2P_GO),
9647 	},
9648 	{
9649 		.max = 1,
9650 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9651 	},
9652 };
9653 
9654 static const struct ieee80211_iface_limit ath10k_tlv_if_limit_ibss[] = {
9655 	{
9656 		.max = 1,
9657 		.types = BIT(NL80211_IFTYPE_STATION),
9658 	},
9659 	{
9660 		.max = 1,
9661 		.types = BIT(NL80211_IFTYPE_ADHOC),
9662 	},
9663 };
9664 
9665 /* FIXME: This is not thouroughly tested. These combinations may over- or
9666  * underestimate hw/fw capabilities.
9667  */
9668 static struct ieee80211_iface_combination ath10k_tlv_if_comb[] = {
9669 	{
9670 		.limits = ath10k_tlv_if_limit,
9671 		.num_different_channels = 1,
9672 		.max_interfaces = 4,
9673 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9674 	},
9675 	{
9676 		.limits = ath10k_tlv_if_limit_ibss,
9677 		.num_different_channels = 1,
9678 		.max_interfaces = 2,
9679 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9680 	},
9681 };
9682 
9683 static struct ieee80211_iface_combination ath10k_tlv_qcs_if_comb[] = {
9684 	{
9685 		.limits = ath10k_tlv_if_limit,
9686 		.num_different_channels = 1,
9687 		.max_interfaces = 4,
9688 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9689 	},
9690 	{
9691 		.limits = ath10k_tlv_qcs_if_limit,
9692 		.num_different_channels = 2,
9693 		.max_interfaces = 4,
9694 		.n_limits = ARRAY_SIZE(ath10k_tlv_qcs_if_limit),
9695 	},
9696 	{
9697 		.limits = ath10k_tlv_if_limit_ibss,
9698 		.num_different_channels = 1,
9699 		.max_interfaces = 2,
9700 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9701 	},
9702 };
9703 
9704 static const struct ieee80211_iface_limit ath10k_10_4_if_limits[] = {
9705 	{
9706 		.max = 1,
9707 		.types = BIT(NL80211_IFTYPE_STATION),
9708 	},
9709 	{
9710 		.max	= 16,
9711 		.types	= BIT(NL80211_IFTYPE_AP)
9712 #ifdef CONFIG_MAC80211_MESH
9713 			| BIT(NL80211_IFTYPE_MESH_POINT)
9714 #endif
9715 	},
9716 };
9717 
9718 static const struct ieee80211_iface_combination ath10k_10_4_if_comb[] = {
9719 	{
9720 		.limits = ath10k_10_4_if_limits,
9721 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9722 		.max_interfaces = 16,
9723 		.num_different_channels = 1,
9724 		.beacon_int_infra_match = true,
9725 		.beacon_int_min_gcd = 1,
9726 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9727 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9728 					BIT(NL80211_CHAN_WIDTH_20) |
9729 					BIT(NL80211_CHAN_WIDTH_40) |
9730 					BIT(NL80211_CHAN_WIDTH_80) |
9731 					BIT(NL80211_CHAN_WIDTH_80P80) |
9732 					BIT(NL80211_CHAN_WIDTH_160),
9733 #endif
9734 	},
9735 };
9736 
9737 static const struct
9738 ieee80211_iface_combination ath10k_10_4_bcn_int_if_comb[] = {
9739 	{
9740 		.limits = ath10k_10_4_if_limits,
9741 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9742 		.max_interfaces = 16,
9743 		.num_different_channels = 1,
9744 		.beacon_int_infra_match = true,
9745 		.beacon_int_min_gcd = 100,
9746 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9747 		.radar_detect_widths =  BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9748 					BIT(NL80211_CHAN_WIDTH_20) |
9749 					BIT(NL80211_CHAN_WIDTH_40) |
9750 					BIT(NL80211_CHAN_WIDTH_80) |
9751 					BIT(NL80211_CHAN_WIDTH_80P80) |
9752 					BIT(NL80211_CHAN_WIDTH_160),
9753 #endif
9754 	},
9755 };
9756 
9757 static void ath10k_get_arvif_iter(void *data, u8 *mac,
9758 				  struct ieee80211_vif *vif)
9759 {
9760 	struct ath10k_vif_iter *arvif_iter = data;
9761 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9762 
9763 	if (arvif->vdev_id == arvif_iter->vdev_id)
9764 		arvif_iter->arvif = arvif;
9765 }
9766 
9767 struct ath10k_vif *ath10k_get_arvif(struct ath10k *ar, u32 vdev_id)
9768 {
9769 	struct ath10k_vif_iter arvif_iter;
9770 
9771 	memset(&arvif_iter, 0, sizeof(struct ath10k_vif_iter));
9772 	arvif_iter.vdev_id = vdev_id;
9773 
9774 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
9775 						   ATH10K_ITER_RESUME_FLAGS,
9776 						   ath10k_get_arvif_iter,
9777 						   &arvif_iter);
9778 	if (!arvif_iter.arvif) {
9779 		ath10k_warn(ar, "No VIF found for vdev %d\n", vdev_id);
9780 		return NULL;
9781 	}
9782 
9783 	return arvif_iter.arvif;
9784 }
9785 
9786 #define WRD_METHOD "WRDD"
9787 #define WRDD_WIFI  (0x07)
9788 
9789 static u32 ath10k_mac_wrdd_get_mcc(struct ath10k *ar, union acpi_object *wrdd)
9790 {
9791 	union acpi_object *mcc_pkg;
9792 	union acpi_object *domain_type;
9793 	union acpi_object *mcc_value;
9794 	u32 i;
9795 
9796 #if defined(__linux__)
9797 	if (wrdd->type != ACPI_TYPE_PACKAGE ||
9798 	    wrdd->package.count < 2 ||
9799 	    wrdd->package.elements[0].type != ACPI_TYPE_INTEGER ||
9800 	    wrdd->package.elements[0].integer.value != 0) {
9801 #elif defined(__FreeBSD__)
9802 	if (wrdd->Type != ACPI_TYPE_PACKAGE ||
9803 	    wrdd->Package.Count < 2 ||
9804 	    wrdd->Package.Elements[0].Type != ACPI_TYPE_INTEGER ||
9805 	    wrdd->Package.Elements[0].Integer.Value != 0) {
9806 #endif
9807 		ath10k_warn(ar, "ignoring malformed/unsupported wrdd structure\n");
9808 		return 0;
9809 	}
9810 
9811 #if defined(__linux__)
9812 	for (i = 1; i < wrdd->package.count; ++i) {
9813 		mcc_pkg = &wrdd->package.elements[i];
9814 
9815 		if (mcc_pkg->type != ACPI_TYPE_PACKAGE)
9816 			continue;
9817 		if (mcc_pkg->package.count < 2)
9818 			continue;
9819 		if (mcc_pkg->package.elements[0].type != ACPI_TYPE_INTEGER ||
9820 		    mcc_pkg->package.elements[1].type != ACPI_TYPE_INTEGER)
9821 			continue;
9822 
9823 		domain_type = &mcc_pkg->package.elements[0];
9824 		if (domain_type->integer.value != WRDD_WIFI)
9825 			continue;
9826 
9827 		mcc_value = &mcc_pkg->package.elements[1];
9828 		return mcc_value->integer.value;
9829 #elif defined(__FreeBSD__)
9830 	for (i = 1; i < wrdd->Package.Count; ++i) {
9831 		mcc_pkg = &wrdd->Package.Elements[i];
9832 
9833 		if (mcc_pkg->Type != ACPI_TYPE_PACKAGE)
9834 			continue;
9835 		if (mcc_pkg->Package.Count < 2)
9836 			continue;
9837 		if (mcc_pkg->Package.Elements[0].Type != ACPI_TYPE_INTEGER ||
9838 		    mcc_pkg->Package.Elements[1].Type != ACPI_TYPE_INTEGER)
9839 			continue;
9840 
9841 		domain_type = &mcc_pkg->Package.Elements[0];
9842 		if (domain_type->Integer.Value != WRDD_WIFI)
9843 			continue;
9844 
9845 		mcc_value = &mcc_pkg->Package.Elements[1];
9846 		return mcc_value->Integer.Value;
9847 #endif
9848 	}
9849 	return 0;
9850 }
9851 
9852 static int ath10k_mac_get_wrdd_regulatory(struct ath10k *ar, u16 *rd)
9853 {
9854 	acpi_handle root_handle;
9855 	acpi_handle handle;
9856 	struct acpi_buffer wrdd = {ACPI_ALLOCATE_BUFFER, NULL};
9857 	acpi_status status;
9858 	u32 alpha2_code;
9859 	char alpha2[3];
9860 
9861 	root_handle = ACPI_HANDLE(ar->dev);
9862 	if (!root_handle)
9863 		return -EOPNOTSUPP;
9864 
9865 	status = acpi_get_handle(root_handle, (acpi_string)WRD_METHOD, &handle);
9866 	if (ACPI_FAILURE(status)) {
9867 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9868 			   "failed to get wrd method %d\n", status);
9869 		return -EIO;
9870 	}
9871 
9872 	status = acpi_evaluate_object(handle, NULL, NULL, &wrdd);
9873 	if (ACPI_FAILURE(status)) {
9874 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9875 			   "failed to call wrdc %d\n", status);
9876 		return -EIO;
9877 	}
9878 
9879 #if defined(__linux__)
9880 	alpha2_code = ath10k_mac_wrdd_get_mcc(ar, wrdd.pointer);
9881 	kfree(wrdd.pointer);
9882 #elif defined(__FreeBSD__)
9883 	alpha2_code = ath10k_mac_wrdd_get_mcc(ar, wrdd.Pointer);
9884 	kfree(wrdd.Pointer);
9885 #endif
9886 	if (!alpha2_code)
9887 		return -EIO;
9888 
9889 	alpha2[0] = (alpha2_code >> 8) & 0xff;
9890 	alpha2[1] = (alpha2_code >> 0) & 0xff;
9891 	alpha2[2] = '\0';
9892 
9893 	ath10k_dbg(ar, ATH10K_DBG_BOOT,
9894 		   "regulatory hint from WRDD (alpha2-code): %s\n", alpha2);
9895 
9896 	*rd = ath_regd_find_country_by_name(alpha2);
9897 	if (*rd == 0xffff)
9898 		return -EIO;
9899 
9900 	*rd |= COUNTRY_ERD_FLAG;
9901 	return 0;
9902 }
9903 
9904 static int ath10k_mac_init_rd(struct ath10k *ar)
9905 {
9906 	int ret;
9907 	u16 rd;
9908 
9909 	ret = ath10k_mac_get_wrdd_regulatory(ar, &rd);
9910 	if (ret) {
9911 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9912 			   "fallback to eeprom programmed regulatory settings\n");
9913 		rd = ar->hw_eeprom_rd;
9914 	}
9915 
9916 	ar->ath_common.regulatory.current_rd = rd;
9917 	return 0;
9918 }
9919 
9920 int ath10k_mac_register(struct ath10k *ar)
9921 {
9922 	static const u32 cipher_suites[] = {
9923 		WLAN_CIPHER_SUITE_WEP40,
9924 		WLAN_CIPHER_SUITE_WEP104,
9925 		WLAN_CIPHER_SUITE_TKIP,
9926 		WLAN_CIPHER_SUITE_CCMP,
9927 
9928 		/* Do not add hardware supported ciphers before this line.
9929 		 * Allow software encryption for all chips. Don't forget to
9930 		 * update n_cipher_suites below.
9931 		 */
9932 		WLAN_CIPHER_SUITE_AES_CMAC,
9933 		WLAN_CIPHER_SUITE_BIP_CMAC_256,
9934 		WLAN_CIPHER_SUITE_BIP_GMAC_128,
9935 		WLAN_CIPHER_SUITE_BIP_GMAC_256,
9936 
9937 		/* Only QCA99x0 and QCA4019 varients support GCMP-128, GCMP-256
9938 		 * and CCMP-256 in hardware.
9939 		 */
9940 		WLAN_CIPHER_SUITE_GCMP,
9941 		WLAN_CIPHER_SUITE_GCMP_256,
9942 		WLAN_CIPHER_SUITE_CCMP_256,
9943 	};
9944 	struct ieee80211_supported_band *band;
9945 	void *channels;
9946 	int ret;
9947 
9948 	if (!is_valid_ether_addr(ar->mac_addr)) {
9949 		ath10k_warn(ar, "invalid MAC address; choosing random\n");
9950 		eth_random_addr(ar->mac_addr);
9951 	}
9952 	SET_IEEE80211_PERM_ADDR(ar->hw, ar->mac_addr);
9953 
9954 	SET_IEEE80211_DEV(ar->hw, ar->dev);
9955 
9956 	BUILD_BUG_ON((ARRAY_SIZE(ath10k_2ghz_channels) +
9957 		      ARRAY_SIZE(ath10k_5ghz_channels)) !=
9958 		     ATH10K_NUM_CHANS);
9959 
9960 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
9961 		channels = kmemdup(ath10k_2ghz_channels,
9962 				   sizeof(ath10k_2ghz_channels),
9963 				   GFP_KERNEL);
9964 		if (!channels) {
9965 			ret = -ENOMEM;
9966 			goto err_free;
9967 		}
9968 
9969 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
9970 		band->n_channels = ARRAY_SIZE(ath10k_2ghz_channels);
9971 		band->channels = channels;
9972 
9973 		if (ar->hw_params.cck_rate_map_rev2) {
9974 			band->n_bitrates = ath10k_g_rates_rev2_size;
9975 			band->bitrates = ath10k_g_rates_rev2;
9976 		} else {
9977 			band->n_bitrates = ath10k_g_rates_size;
9978 			band->bitrates = ath10k_g_rates;
9979 		}
9980 
9981 		ar->hw->wiphy->bands[NL80211_BAND_2GHZ] = band;
9982 	}
9983 
9984 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
9985 		channels = kmemdup(ath10k_5ghz_channels,
9986 				   sizeof(ath10k_5ghz_channels),
9987 				   GFP_KERNEL);
9988 		if (!channels) {
9989 			ret = -ENOMEM;
9990 			goto err_free;
9991 		}
9992 
9993 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
9994 		band->n_channels = ARRAY_SIZE(ath10k_5ghz_channels);
9995 		band->channels = channels;
9996 		band->n_bitrates = ath10k_a_rates_size;
9997 		band->bitrates = ath10k_a_rates;
9998 		ar->hw->wiphy->bands[NL80211_BAND_5GHZ] = band;
9999 	}
10000 
10001 	wiphy_read_of_freq_limits(ar->hw->wiphy);
10002 	ath10k_mac_setup_ht_vht_cap(ar);
10003 
10004 	ar->hw->wiphy->interface_modes =
10005 		BIT(NL80211_IFTYPE_STATION) |
10006 		BIT(NL80211_IFTYPE_AP) |
10007 		BIT(NL80211_IFTYPE_MESH_POINT);
10008 
10009 	ar->hw->wiphy->available_antennas_rx = ar->cfg_rx_chainmask;
10010 	ar->hw->wiphy->available_antennas_tx = ar->cfg_tx_chainmask;
10011 
10012 	if (!test_bit(ATH10K_FW_FEATURE_NO_P2P, ar->normal_mode_fw.fw_file.fw_features))
10013 		ar->hw->wiphy->interface_modes |=
10014 			BIT(NL80211_IFTYPE_P2P_DEVICE) |
10015 			BIT(NL80211_IFTYPE_P2P_CLIENT) |
10016 			BIT(NL80211_IFTYPE_P2P_GO);
10017 
10018 	ieee80211_hw_set(ar->hw, SIGNAL_DBM);
10019 
10020 	if (!test_bit(ATH10K_FW_FEATURE_NO_PS,
10021 		      ar->running_fw->fw_file.fw_features)) {
10022 		ieee80211_hw_set(ar->hw, SUPPORTS_PS);
10023 		ieee80211_hw_set(ar->hw, SUPPORTS_DYNAMIC_PS);
10024 	}
10025 
10026 	ieee80211_hw_set(ar->hw, MFP_CAPABLE);
10027 	ieee80211_hw_set(ar->hw, REPORTS_TX_ACK_STATUS);
10028 	ieee80211_hw_set(ar->hw, HAS_RATE_CONTROL);
10029 	ieee80211_hw_set(ar->hw, AP_LINK_PS);
10030 	ieee80211_hw_set(ar->hw, SPECTRUM_MGMT);
10031 	ieee80211_hw_set(ar->hw, SUPPORT_FAST_XMIT);
10032 	ieee80211_hw_set(ar->hw, CONNECTION_MONITOR);
10033 	ieee80211_hw_set(ar->hw, SUPPORTS_PER_STA_GTK);
10034 	ieee80211_hw_set(ar->hw, WANT_MONITOR_VIF);
10035 	ieee80211_hw_set(ar->hw, CHANCTX_STA_CSA);
10036 	ieee80211_hw_set(ar->hw, QUEUE_CONTROL);
10037 	ieee80211_hw_set(ar->hw, SUPPORTS_TX_FRAG);
10038 	ieee80211_hw_set(ar->hw, REPORTS_LOW_ACK);
10039 
10040 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
10041 		ieee80211_hw_set(ar->hw, SW_CRYPTO_CONTROL);
10042 
10043 	ar->hw->wiphy->features |= NL80211_FEATURE_STATIC_SMPS;
10044 	ar->hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
10045 
10046 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS)
10047 		ar->hw->wiphy->features |= NL80211_FEATURE_DYNAMIC_SMPS;
10048 
10049 	if (ar->ht_cap_info & WMI_HT_CAP_ENABLED) {
10050 		ieee80211_hw_set(ar->hw, AMPDU_AGGREGATION);
10051 		ieee80211_hw_set(ar->hw, TX_AMPDU_SETUP_IN_HW);
10052 	}
10053 
10054 	ar->hw->wiphy->max_scan_ssids = WLAN_SCAN_PARAMS_MAX_SSID;
10055 	ar->hw->wiphy->max_scan_ie_len = WLAN_SCAN_PARAMS_MAX_IE_LEN;
10056 
10057 	if (test_bit(WMI_SERVICE_NLO, ar->wmi.svc_map)) {
10058 		ar->hw->wiphy->max_sched_scan_ssids = WMI_PNO_MAX_SUPP_NETWORKS;
10059 		ar->hw->wiphy->max_match_sets = WMI_PNO_MAX_SUPP_NETWORKS;
10060 		ar->hw->wiphy->max_sched_scan_ie_len = WMI_PNO_MAX_IE_LENGTH;
10061 		ar->hw->wiphy->max_sched_scan_plans = WMI_PNO_MAX_SCHED_SCAN_PLANS;
10062 		ar->hw->wiphy->max_sched_scan_plan_interval =
10063 			WMI_PNO_MAX_SCHED_SCAN_PLAN_INT;
10064 		ar->hw->wiphy->max_sched_scan_plan_iterations =
10065 			WMI_PNO_MAX_SCHED_SCAN_PLAN_ITRNS;
10066 		ar->hw->wiphy->features |= NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
10067 	}
10068 
10069 	ar->hw->vif_data_size = sizeof(struct ath10k_vif);
10070 	ar->hw->sta_data_size = sizeof(struct ath10k_sta);
10071 	ar->hw->txq_data_size = sizeof(struct ath10k_txq);
10072 
10073 	ar->hw->max_listen_interval = ATH10K_MAX_HW_LISTEN_INTERVAL;
10074 
10075 	if (test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)) {
10076 		ar->hw->wiphy->flags |= WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD;
10077 
10078 		/* Firmware delivers WPS/P2P Probe Requests frames to driver so
10079 		 * that userspace (e.g. wpa_supplicant/hostapd) can generate
10080 		 * correct Probe Responses. This is more of a hack advert..
10081 		 */
10082 		ar->hw->wiphy->probe_resp_offload |=
10083 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS |
10084 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2 |
10085 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P;
10086 	}
10087 
10088 	if (test_bit(WMI_SERVICE_TDLS, ar->wmi.svc_map) ||
10089 	    test_bit(WMI_SERVICE_TDLS_EXPLICIT_MODE_ONLY, ar->wmi.svc_map)) {
10090 		ar->hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS;
10091 		if (test_bit(WMI_SERVICE_TDLS_WIDER_BANDWIDTH, ar->wmi.svc_map))
10092 			ieee80211_hw_set(ar->hw, TDLS_WIDER_BW);
10093 	}
10094 
10095 	if (test_bit(WMI_SERVICE_TDLS_UAPSD_BUFFER_STA, ar->wmi.svc_map))
10096 		ieee80211_hw_set(ar->hw, SUPPORTS_TDLS_BUFFER_STA);
10097 
10098 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
10099 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH;
10100 	ar->hw->wiphy->max_remain_on_channel_duration = 5000;
10101 
10102 	ar->hw->wiphy->flags |= WIPHY_FLAG_AP_UAPSD;
10103 	ar->hw->wiphy->features |= NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE |
10104 				   NL80211_FEATURE_AP_SCAN;
10105 
10106 	ar->hw->wiphy->max_ap_assoc_sta = ar->max_num_stations;
10107 
10108 	ret = ath10k_wow_init(ar);
10109 	if (ret) {
10110 		ath10k_warn(ar, "failed to init wow: %d\n", ret);
10111 		goto err_free;
10112 	}
10113 
10114 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_VHT_IBSS);
10115 	wiphy_ext_feature_set(ar->hw->wiphy,
10116 			      NL80211_EXT_FEATURE_SET_SCAN_DWELL);
10117 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_AQL);
10118 
10119 	if (test_bit(WMI_SERVICE_TX_DATA_ACK_RSSI, ar->wmi.svc_map) ||
10120 	    test_bit(WMI_SERVICE_HTT_MGMT_TX_COMP_VALID_FLAGS, ar->wmi.svc_map))
10121 		wiphy_ext_feature_set(ar->hw->wiphy,
10122 				      NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT);
10123 
10124 	if (ath10k_peer_stats_enabled(ar) ||
10125 	    test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
10126 		wiphy_ext_feature_set(ar->hw->wiphy,
10127 				      NL80211_EXT_FEATURE_AIRTIME_FAIRNESS);
10128 
10129 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map))
10130 		wiphy_ext_feature_set(ar->hw->wiphy,
10131 				      NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER);
10132 
10133 	if (test_bit(WMI_SERVICE_TX_PWR_PER_PEER, ar->wmi.svc_map))
10134 		wiphy_ext_feature_set(ar->hw->wiphy,
10135 				      NL80211_EXT_FEATURE_STA_TX_PWR);
10136 
10137 	if (test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map)) {
10138 		ar->hw->wiphy->tid_config_support.vif |=
10139 				BIT(NL80211_TID_CONFIG_ATTR_NOACK) |
10140 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT) |
10141 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG) |
10142 				BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL) |
10143 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
10144 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
10145 
10146 		if (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
10147 			     ar->wmi.svc_map)) {
10148 			ar->hw->wiphy->tid_config_support.vif |=
10149 				BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
10150 		}
10151 
10152 		ar->hw->wiphy->tid_config_support.peer =
10153 				ar->hw->wiphy->tid_config_support.vif;
10154 		ar->hw->wiphy->max_data_retry_count = ATH10K_MAX_RETRY_COUNT;
10155 	} else {
10156 		ar->ops->set_tid_config = NULL;
10157 	}
10158 	/*
10159 	 * on LL hardware queues are managed entirely by the FW
10160 	 * so we only advertise to mac we can do the queues thing
10161 	 */
10162 	ar->hw->queues = IEEE80211_MAX_QUEUES;
10163 
10164 	/* vdev_ids are used as hw queue numbers. Make sure offchan tx queue is
10165 	 * something that vdev_ids can't reach so that we don't stop the queue
10166 	 * accidentally.
10167 	 */
10168 	ar->hw->offchannel_tx_hw_queue = IEEE80211_MAX_QUEUES - 1;
10169 
10170 	switch (ar->running_fw->fw_file.wmi_op_version) {
10171 	case ATH10K_FW_WMI_OP_VERSION_MAIN:
10172 		ar->hw->wiphy->iface_combinations = ath10k_if_comb;
10173 		ar->hw->wiphy->n_iface_combinations =
10174 			ARRAY_SIZE(ath10k_if_comb);
10175 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10176 		break;
10177 	case ATH10K_FW_WMI_OP_VERSION_TLV:
10178 		if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
10179 			ar->hw->wiphy->iface_combinations =
10180 				ath10k_tlv_qcs_if_comb;
10181 			ar->hw->wiphy->n_iface_combinations =
10182 				ARRAY_SIZE(ath10k_tlv_qcs_if_comb);
10183 		} else {
10184 			ar->hw->wiphy->iface_combinations = ath10k_tlv_if_comb;
10185 			ar->hw->wiphy->n_iface_combinations =
10186 				ARRAY_SIZE(ath10k_tlv_if_comb);
10187 		}
10188 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10189 		break;
10190 	case ATH10K_FW_WMI_OP_VERSION_10_1:
10191 	case ATH10K_FW_WMI_OP_VERSION_10_2:
10192 	case ATH10K_FW_WMI_OP_VERSION_10_2_4:
10193 		ar->hw->wiphy->iface_combinations = ath10k_10x_if_comb;
10194 		ar->hw->wiphy->n_iface_combinations =
10195 			ARRAY_SIZE(ath10k_10x_if_comb);
10196 		break;
10197 	case ATH10K_FW_WMI_OP_VERSION_10_4:
10198 		ar->hw->wiphy->iface_combinations = ath10k_10_4_if_comb;
10199 		ar->hw->wiphy->n_iface_combinations =
10200 			ARRAY_SIZE(ath10k_10_4_if_comb);
10201 		if (test_bit(WMI_SERVICE_VDEV_DIFFERENT_BEACON_INTERVAL_SUPPORT,
10202 			     ar->wmi.svc_map)) {
10203 			ar->hw->wiphy->iface_combinations =
10204 				ath10k_10_4_bcn_int_if_comb;
10205 			ar->hw->wiphy->n_iface_combinations =
10206 				ARRAY_SIZE(ath10k_10_4_bcn_int_if_comb);
10207 		}
10208 		break;
10209 	case ATH10K_FW_WMI_OP_VERSION_UNSET:
10210 	case ATH10K_FW_WMI_OP_VERSION_MAX:
10211 		WARN_ON(1);
10212 		ret = -EINVAL;
10213 		goto err_free;
10214 	}
10215 
10216 	if (ar->hw_params.dynamic_sar_support)
10217 		ar->hw->wiphy->sar_capa = &ath10k_sar_capa;
10218 
10219 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
10220 		ar->hw->netdev_features = NETIF_F_HW_CSUM;
10221 
10222 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED)) {
10223 		/* Init ath dfs pattern detector */
10224 		ar->ath_common.debug_mask = ATH_DBG_DFS;
10225 		ar->dfs_detector = dfs_pattern_detector_init(&ar->ath_common,
10226 							     NL80211_DFS_UNSET);
10227 
10228 		if (!ar->dfs_detector)
10229 			ath10k_warn(ar, "failed to initialise DFS pattern detector\n");
10230 	}
10231 
10232 	ret = ath10k_mac_init_rd(ar);
10233 	if (ret) {
10234 		ath10k_err(ar, "failed to derive regdom: %d\n", ret);
10235 		goto err_dfs_detector_exit;
10236 	}
10237 
10238 	/* Disable set_coverage_class for chipsets that do not support it. */
10239 	if (!ar->hw_params.hw_ops->set_coverage_class)
10240 		ar->ops->set_coverage_class = NULL;
10241 
10242 	ret = ath_regd_init(&ar->ath_common.regulatory, ar->hw->wiphy,
10243 			    ath10k_reg_notifier);
10244 	if (ret) {
10245 		ath10k_err(ar, "failed to initialise regulatory: %i\n", ret);
10246 		goto err_dfs_detector_exit;
10247 	}
10248 
10249 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
10250 		ar->hw->wiphy->features |=
10251 			NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
10252 	}
10253 
10254 	ar->hw->wiphy->cipher_suites = cipher_suites;
10255 
10256 	/* QCA988x and QCA6174 family chips do not support CCMP-256, GCMP-128
10257 	 * and GCMP-256 ciphers in hardware. Fetch number of ciphers supported
10258 	 * from chip specific hw_param table.
10259 	 */
10260 	if (!ar->hw_params.n_cipher_suites ||
10261 	    ar->hw_params.n_cipher_suites > ARRAY_SIZE(cipher_suites)) {
10262 		ath10k_err(ar, "invalid hw_params.n_cipher_suites %d\n",
10263 			   ar->hw_params.n_cipher_suites);
10264 		ar->hw_params.n_cipher_suites = 8;
10265 	}
10266 	ar->hw->wiphy->n_cipher_suites = ar->hw_params.n_cipher_suites;
10267 
10268 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
10269 
10270 	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
10271 
10272 	ret = ieee80211_register_hw(ar->hw);
10273 	if (ret) {
10274 		ath10k_err(ar, "failed to register ieee80211: %d\n", ret);
10275 		goto err_dfs_detector_exit;
10276 	}
10277 
10278 	if (test_bit(WMI_SERVICE_PER_PACKET_SW_ENCRYPT, ar->wmi.svc_map)) {
10279 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP_VLAN);
10280 		ar->hw->wiphy->software_iftypes |= BIT(NL80211_IFTYPE_AP_VLAN);
10281 	}
10282 
10283 	if (!ath_is_world_regd(&ar->ath_common.regulatory)) {
10284 		ret = regulatory_hint(ar->hw->wiphy,
10285 				      ar->ath_common.regulatory.alpha2);
10286 		if (ret)
10287 			goto err_unregister;
10288 	}
10289 
10290 	return 0;
10291 
10292 err_unregister:
10293 	ieee80211_unregister_hw(ar->hw);
10294 
10295 err_dfs_detector_exit:
10296 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10297 		ar->dfs_detector->exit(ar->dfs_detector);
10298 
10299 err_free:
10300 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10301 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10302 
10303 	SET_IEEE80211_DEV(ar->hw, NULL);
10304 	return ret;
10305 }
10306 
10307 void ath10k_mac_unregister(struct ath10k *ar)
10308 {
10309 	ieee80211_unregister_hw(ar->hw);
10310 
10311 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10312 		ar->dfs_detector->exit(ar->dfs_detector);
10313 
10314 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10315 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10316 
10317 	SET_IEEE80211_DEV(ar->hw, NULL);
10318 }
10319