xref: /freebsd/sys/contrib/dev/athk/ath10k/mac.c (revision 59c8e88e72633afbc47a4ace0d2170d00d51f7dc) 
1 // SPDX-License-Identifier: ISC
2 /*
3  * Copyright (c) 2005-2011 Atheros Communications Inc.
4  * Copyright (c) 2011-2017 Qualcomm Atheros, Inc.
5  * Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
6  */
7 
8 #include "mac.h"
9 
10 #include <net/cfg80211.h>
11 #include <net/mac80211.h>
12 #include <linux/etherdevice.h>
13 #include <linux/acpi.h>
14 #if defined(__linux__) || (defined(__FreeBSD__) && defined(CONFIG_OF))
15 #include <linux/of.h>
16 #endif
17 #include <linux/bitfield.h>
18 
19 #include "hif.h"
20 #include "core.h"
21 #include "debug.h"
22 #include "wmi.h"
23 #include "htt.h"
24 #include "txrx.h"
25 #include "testmode.h"
26 #include "wmi-tlv.h"
27 #include "wmi-ops.h"
28 #include "wow.h"
29 
30 /*********/
31 /* Rates */
32 /*********/
33 
34 static struct ieee80211_rate ath10k_rates[] = {
35 	{ .bitrate = 10,
36 	  .hw_value = ATH10K_HW_RATE_CCK_LP_1M },
37 	{ .bitrate = 20,
38 	  .hw_value = ATH10K_HW_RATE_CCK_LP_2M,
39 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_2M,
40 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
41 	{ .bitrate = 55,
42 	  .hw_value = ATH10K_HW_RATE_CCK_LP_5_5M,
43 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_5_5M,
44 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
45 	{ .bitrate = 110,
46 	  .hw_value = ATH10K_HW_RATE_CCK_LP_11M,
47 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_11M,
48 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
49 
50 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
51 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
52 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
53 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
54 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
55 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
56 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
57 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
58 };
59 
60 static struct ieee80211_rate ath10k_rates_rev2[] = {
61 	{ .bitrate = 10,
62 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_1M },
63 	{ .bitrate = 20,
64 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_2M,
65 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_2M,
66 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
67 	{ .bitrate = 55,
68 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_5_5M,
69 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_5_5M,
70 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
71 	{ .bitrate = 110,
72 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_11M,
73 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_11M,
74 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
75 
76 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
77 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
78 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
79 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
80 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
81 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
82 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
83 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
84 };
85 
86 static const struct cfg80211_sar_freq_ranges ath10k_sar_freq_ranges[] = {
87 	{.start_freq = 2402, .end_freq = 2494 },
88 	{.start_freq = 5170, .end_freq = 5875 },
89 };
90 
91 static const struct cfg80211_sar_capa ath10k_sar_capa = {
92 	.type = NL80211_SAR_TYPE_POWER,
93 	.num_freq_ranges = (ARRAY_SIZE(ath10k_sar_freq_ranges)),
94 	.freq_ranges = &ath10k_sar_freq_ranges[0],
95 };
96 
97 #define ATH10K_MAC_FIRST_OFDM_RATE_IDX 4
98 
99 #define ath10k_a_rates (ath10k_rates + ATH10K_MAC_FIRST_OFDM_RATE_IDX)
100 #define ath10k_a_rates_size (ARRAY_SIZE(ath10k_rates) - \
101 			     ATH10K_MAC_FIRST_OFDM_RATE_IDX)
102 #define ath10k_g_rates (ath10k_rates + 0)
103 #define ath10k_g_rates_size (ARRAY_SIZE(ath10k_rates))
104 
105 #define ath10k_g_rates_rev2 (ath10k_rates_rev2 + 0)
106 #define ath10k_g_rates_rev2_size (ARRAY_SIZE(ath10k_rates_rev2))
107 
108 #define ath10k_wmi_legacy_rates ath10k_rates
109 
110 static bool ath10k_mac_bitrate_is_cck(int bitrate)
111 {
112 	switch (bitrate) {
113 	case 10:
114 	case 20:
115 	case 55:
116 	case 110:
117 		return true;
118 	}
119 
120 	return false;
121 }
122 
123 static u8 ath10k_mac_bitrate_to_rate(int bitrate)
124 {
125 	return DIV_ROUND_UP(bitrate, 5) |
126 	       (ath10k_mac_bitrate_is_cck(bitrate) ? BIT(7) : 0);
127 }
128 
129 u8 ath10k_mac_hw_rate_to_idx(const struct ieee80211_supported_band *sband,
130 			     u8 hw_rate, bool cck)
131 {
132 	const struct ieee80211_rate *rate;
133 	int i;
134 
135 	for (i = 0; i < sband->n_bitrates; i++) {
136 		rate = &sband->bitrates[i];
137 
138 		if (ath10k_mac_bitrate_is_cck(rate->bitrate) != cck)
139 			continue;
140 
141 		if (rate->hw_value == hw_rate)
142 			return i;
143 		else if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE &&
144 			 rate->hw_value_short == hw_rate)
145 			return i;
146 	}
147 
148 	return 0;
149 }
150 
151 u8 ath10k_mac_bitrate_to_idx(const struct ieee80211_supported_band *sband,
152 			     u32 bitrate)
153 {
154 	int i;
155 
156 	for (i = 0; i < sband->n_bitrates; i++)
157 		if (sband->bitrates[i].bitrate == bitrate)
158 			return i;
159 
160 	return 0;
161 }
162 
163 static int ath10k_mac_get_rate_hw_value(int bitrate)
164 {
165 	int i;
166 	u8 hw_value_prefix = 0;
167 
168 	if (ath10k_mac_bitrate_is_cck(bitrate))
169 		hw_value_prefix = WMI_RATE_PREAMBLE_CCK << 6;
170 
171 	for (i = 0; i < ARRAY_SIZE(ath10k_rates); i++) {
172 		if (ath10k_rates[i].bitrate == bitrate)
173 			return hw_value_prefix | ath10k_rates[i].hw_value;
174 	}
175 
176 	return -EINVAL;
177 }
178 
179 static int ath10k_mac_get_max_vht_mcs_map(u16 mcs_map, int nss)
180 {
181 	switch ((mcs_map >> (2 * nss)) & 0x3) {
182 	case IEEE80211_VHT_MCS_SUPPORT_0_7: return BIT(8) - 1;
183 	case IEEE80211_VHT_MCS_SUPPORT_0_8: return BIT(9) - 1;
184 	case IEEE80211_VHT_MCS_SUPPORT_0_9: return BIT(10) - 1;
185 	}
186 	return 0;
187 }
188 
189 static u32
190 ath10k_mac_max_ht_nss(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
191 {
192 	int nss;
193 
194 	for (nss = IEEE80211_HT_MCS_MASK_LEN - 1; nss >= 0; nss--)
195 		if (ht_mcs_mask[nss])
196 			return nss + 1;
197 
198 	return 1;
199 }
200 
201 static u32
202 ath10k_mac_max_vht_nss(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
203 {
204 	int nss;
205 
206 	for (nss = NL80211_VHT_NSS_MAX - 1; nss >= 0; nss--)
207 		if (vht_mcs_mask[nss])
208 			return nss + 1;
209 
210 	return 1;
211 }
212 
213 int ath10k_mac_ext_resource_config(struct ath10k *ar, u32 val)
214 {
215 	enum wmi_host_platform_type platform_type;
216 	int ret;
217 
218 	if (test_bit(WMI_SERVICE_TX_MODE_DYNAMIC, ar->wmi.svc_map))
219 		platform_type = WMI_HOST_PLATFORM_LOW_PERF;
220 	else
221 		platform_type = WMI_HOST_PLATFORM_HIGH_PERF;
222 
223 	ret = ath10k_wmi_ext_resource_config(ar, platform_type, val);
224 
225 	if (ret && ret != -EOPNOTSUPP) {
226 		ath10k_warn(ar, "failed to configure ext resource: %d\n", ret);
227 		return ret;
228 	}
229 
230 	return 0;
231 }
232 
233 /**********/
234 /* Crypto */
235 /**********/
236 
237 static int ath10k_send_key(struct ath10k_vif *arvif,
238 			   struct ieee80211_key_conf *key,
239 			   enum set_key_cmd cmd,
240 			   const u8 *macaddr, u32 flags)
241 {
242 	struct ath10k *ar = arvif->ar;
243 	struct wmi_vdev_install_key_arg arg = {
244 		.vdev_id = arvif->vdev_id,
245 		.key_idx = key->keyidx,
246 		.key_len = key->keylen,
247 		.key_data = key->key,
248 		.key_flags = flags,
249 		.macaddr = macaddr,
250 	};
251 
252 	lockdep_assert_held(&arvif->ar->conf_mutex);
253 
254 	switch (key->cipher) {
255 	case WLAN_CIPHER_SUITE_CCMP:
256 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
257 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
258 		break;
259 	case WLAN_CIPHER_SUITE_TKIP:
260 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_TKIP];
261 		arg.key_txmic_len = 8;
262 		arg.key_rxmic_len = 8;
263 		break;
264 	case WLAN_CIPHER_SUITE_WEP40:
265 	case WLAN_CIPHER_SUITE_WEP104:
266 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_WEP];
267 		break;
268 	case WLAN_CIPHER_SUITE_CCMP_256:
269 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
270 		break;
271 	case WLAN_CIPHER_SUITE_GCMP:
272 	case WLAN_CIPHER_SUITE_GCMP_256:
273 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_GCM];
274 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
275 		break;
276 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
277 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
278 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
279 	case WLAN_CIPHER_SUITE_AES_CMAC:
280 		WARN_ON(1);
281 		return -EINVAL;
282 	default:
283 		ath10k_warn(ar, "cipher %d is not supported\n", key->cipher);
284 		return -EOPNOTSUPP;
285 	}
286 
287 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
288 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
289 
290 	if (cmd == DISABLE_KEY) {
291 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_NONE];
292 		arg.key_data = NULL;
293 	}
294 
295 	return ath10k_wmi_vdev_install_key(arvif->ar, &arg);
296 }
297 
298 static int ath10k_install_key(struct ath10k_vif *arvif,
299 			      struct ieee80211_key_conf *key,
300 			      enum set_key_cmd cmd,
301 			      const u8 *macaddr, u32 flags)
302 {
303 	struct ath10k *ar = arvif->ar;
304 	int ret;
305 	unsigned long time_left;
306 
307 	lockdep_assert_held(&ar->conf_mutex);
308 
309 	reinit_completion(&ar->install_key_done);
310 
311 	if (arvif->nohwcrypt)
312 		return 1;
313 
314 	ret = ath10k_send_key(arvif, key, cmd, macaddr, flags);
315 	if (ret)
316 		return ret;
317 
318 	time_left = wait_for_completion_timeout(&ar->install_key_done, 3 * HZ);
319 	if (time_left == 0)
320 		return -ETIMEDOUT;
321 
322 	return 0;
323 }
324 
325 static int ath10k_install_peer_wep_keys(struct ath10k_vif *arvif,
326 					const u8 *addr)
327 {
328 	struct ath10k *ar = arvif->ar;
329 	struct ath10k_peer *peer;
330 	int ret;
331 	int i;
332 	u32 flags;
333 
334 	lockdep_assert_held(&ar->conf_mutex);
335 
336 	if (WARN_ON(arvif->vif->type != NL80211_IFTYPE_AP &&
337 		    arvif->vif->type != NL80211_IFTYPE_ADHOC &&
338 		    arvif->vif->type != NL80211_IFTYPE_MESH_POINT))
339 		return -EINVAL;
340 
341 	spin_lock_bh(&ar->data_lock);
342 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
343 	spin_unlock_bh(&ar->data_lock);
344 
345 	if (!peer)
346 		return -ENOENT;
347 
348 	for (i = 0; i < ARRAY_SIZE(arvif->wep_keys); i++) {
349 		if (arvif->wep_keys[i] == NULL)
350 			continue;
351 
352 		switch (arvif->vif->type) {
353 		case NL80211_IFTYPE_AP:
354 			flags = WMI_KEY_PAIRWISE;
355 
356 			if (arvif->def_wep_key_idx == i)
357 				flags |= WMI_KEY_TX_USAGE;
358 
359 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
360 						 SET_KEY, addr, flags);
361 			if (ret < 0)
362 				return ret;
363 			break;
364 		case NL80211_IFTYPE_ADHOC:
365 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
366 						 SET_KEY, addr,
367 						 WMI_KEY_PAIRWISE);
368 			if (ret < 0)
369 				return ret;
370 
371 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
372 						 SET_KEY, addr, WMI_KEY_GROUP);
373 			if (ret < 0)
374 				return ret;
375 			break;
376 		default:
377 			WARN_ON(1);
378 			return -EINVAL;
379 		}
380 
381 		spin_lock_bh(&ar->data_lock);
382 		peer->keys[i] = arvif->wep_keys[i];
383 		spin_unlock_bh(&ar->data_lock);
384 	}
385 
386 	/* In some cases (notably with static WEP IBSS with multiple keys)
387 	 * multicast Tx becomes broken. Both pairwise and groupwise keys are
388 	 * installed already. Using WMI_KEY_TX_USAGE in different combinations
389 	 * didn't seem help. Using def_keyid vdev parameter seems to be
390 	 * effective so use that.
391 	 *
392 	 * FIXME: Revisit. Perhaps this can be done in a less hacky way.
393 	 */
394 	if (arvif->vif->type != NL80211_IFTYPE_ADHOC)
395 		return 0;
396 
397 	if (arvif->def_wep_key_idx == -1)
398 		return 0;
399 
400 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
401 					arvif->vdev_id,
402 					arvif->ar->wmi.vdev_param->def_keyid,
403 					arvif->def_wep_key_idx);
404 	if (ret) {
405 		ath10k_warn(ar, "failed to re-set def wpa key idxon vdev %i: %d\n",
406 			    arvif->vdev_id, ret);
407 		return ret;
408 	}
409 
410 	return 0;
411 }
412 
413 static int ath10k_clear_peer_keys(struct ath10k_vif *arvif,
414 				  const u8 *addr)
415 {
416 	struct ath10k *ar = arvif->ar;
417 	struct ath10k_peer *peer;
418 	int first_errno = 0;
419 	int ret;
420 	int i;
421 	u32 flags = 0;
422 
423 	lockdep_assert_held(&ar->conf_mutex);
424 
425 	spin_lock_bh(&ar->data_lock);
426 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
427 	spin_unlock_bh(&ar->data_lock);
428 
429 	if (!peer)
430 		return -ENOENT;
431 
432 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
433 		if (peer->keys[i] == NULL)
434 			continue;
435 
436 		/* key flags are not required to delete the key */
437 		ret = ath10k_install_key(arvif, peer->keys[i],
438 					 DISABLE_KEY, addr, flags);
439 		if (ret < 0 && first_errno == 0)
440 			first_errno = ret;
441 
442 		if (ret < 0)
443 			ath10k_warn(ar, "failed to remove peer wep key %d: %d\n",
444 				    i, ret);
445 
446 		spin_lock_bh(&ar->data_lock);
447 		peer->keys[i] = NULL;
448 		spin_unlock_bh(&ar->data_lock);
449 	}
450 
451 	return first_errno;
452 }
453 
454 bool ath10k_mac_is_peer_wep_key_set(struct ath10k *ar, const u8 *addr,
455 				    u8 keyidx)
456 {
457 	struct ath10k_peer *peer;
458 	int i;
459 
460 	lockdep_assert_held(&ar->data_lock);
461 
462 	/* We don't know which vdev this peer belongs to,
463 	 * since WMI doesn't give us that information.
464 	 *
465 	 * FIXME: multi-bss needs to be handled.
466 	 */
467 	peer = ath10k_peer_find(ar, 0, addr);
468 	if (!peer)
469 		return false;
470 
471 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
472 		if (peer->keys[i] && peer->keys[i]->keyidx == keyidx)
473 			return true;
474 	}
475 
476 	return false;
477 }
478 
479 static int ath10k_clear_vdev_key(struct ath10k_vif *arvif,
480 				 struct ieee80211_key_conf *key)
481 {
482 	struct ath10k *ar = arvif->ar;
483 	struct ath10k_peer *peer;
484 	u8 addr[ETH_ALEN];
485 	int first_errno = 0;
486 	int ret;
487 	int i;
488 	u32 flags = 0;
489 
490 	lockdep_assert_held(&ar->conf_mutex);
491 
492 	for (;;) {
493 		/* since ath10k_install_key we can't hold data_lock all the
494 		 * time, so we try to remove the keys incrementally
495 		 */
496 		spin_lock_bh(&ar->data_lock);
497 		i = 0;
498 		list_for_each_entry(peer, &ar->peers, list) {
499 			for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
500 				if (peer->keys[i] == key) {
501 					ether_addr_copy(addr, peer->addr);
502 					peer->keys[i] = NULL;
503 					break;
504 				}
505 			}
506 
507 			if (i < ARRAY_SIZE(peer->keys))
508 				break;
509 		}
510 		spin_unlock_bh(&ar->data_lock);
511 
512 		if (i == ARRAY_SIZE(peer->keys))
513 			break;
514 		/* key flags are not required to delete the key */
515 		ret = ath10k_install_key(arvif, key, DISABLE_KEY, addr, flags);
516 		if (ret < 0 && first_errno == 0)
517 			first_errno = ret;
518 
519 		if (ret)
520 			ath10k_warn(ar, "failed to remove key for %pM: %d\n",
521 				    addr, ret);
522 	}
523 
524 	return first_errno;
525 }
526 
527 static int ath10k_mac_vif_update_wep_key(struct ath10k_vif *arvif,
528 					 struct ieee80211_key_conf *key)
529 {
530 	struct ath10k *ar = arvif->ar;
531 	struct ath10k_peer *peer;
532 	int ret;
533 
534 	lockdep_assert_held(&ar->conf_mutex);
535 
536 	list_for_each_entry(peer, &ar->peers, list) {
537 		if (ether_addr_equal(peer->addr, arvif->vif->addr))
538 			continue;
539 
540 		if (ether_addr_equal(peer->addr, arvif->bssid))
541 			continue;
542 
543 		if (peer->keys[key->keyidx] == key)
544 			continue;
545 
546 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vif vdev %i update key %i needs update\n",
547 			   arvif->vdev_id, key->keyidx);
548 
549 		ret = ath10k_install_peer_wep_keys(arvif, peer->addr);
550 		if (ret) {
551 			ath10k_warn(ar, "failed to update wep keys on vdev %i for peer %pM: %d\n",
552 				    arvif->vdev_id, peer->addr, ret);
553 			return ret;
554 		}
555 	}
556 
557 	return 0;
558 }
559 
560 /*********************/
561 /* General utilities */
562 /*********************/
563 
564 static inline enum wmi_phy_mode
565 chan_to_phymode(const struct cfg80211_chan_def *chandef)
566 {
567 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
568 
569 	switch (chandef->chan->band) {
570 	case NL80211_BAND_2GHZ:
571 		switch (chandef->width) {
572 		case NL80211_CHAN_WIDTH_20_NOHT:
573 			if (chandef->chan->flags & IEEE80211_CHAN_NO_OFDM)
574 				phymode = MODE_11B;
575 			else
576 				phymode = MODE_11G;
577 			break;
578 		case NL80211_CHAN_WIDTH_20:
579 			phymode = MODE_11NG_HT20;
580 			break;
581 		case NL80211_CHAN_WIDTH_40:
582 			phymode = MODE_11NG_HT40;
583 			break;
584 		default:
585 			phymode = MODE_UNKNOWN;
586 			break;
587 		}
588 		break;
589 	case NL80211_BAND_5GHZ:
590 		switch (chandef->width) {
591 		case NL80211_CHAN_WIDTH_20_NOHT:
592 			phymode = MODE_11A;
593 			break;
594 		case NL80211_CHAN_WIDTH_20:
595 			phymode = MODE_11NA_HT20;
596 			break;
597 		case NL80211_CHAN_WIDTH_40:
598 			phymode = MODE_11NA_HT40;
599 			break;
600 		case NL80211_CHAN_WIDTH_80:
601 			phymode = MODE_11AC_VHT80;
602 			break;
603 		case NL80211_CHAN_WIDTH_160:
604 			phymode = MODE_11AC_VHT160;
605 			break;
606 		case NL80211_CHAN_WIDTH_80P80:
607 			phymode = MODE_11AC_VHT80_80;
608 			break;
609 		default:
610 			phymode = MODE_UNKNOWN;
611 			break;
612 		}
613 		break;
614 	default:
615 		break;
616 	}
617 
618 	WARN_ON(phymode == MODE_UNKNOWN);
619 	return phymode;
620 }
621 
622 static u8 ath10k_parse_mpdudensity(u8 mpdudensity)
623 {
624 /*
625  * 802.11n D2.0 defined values for "Minimum MPDU Start Spacing":
626  *   0 for no restriction
627  *   1 for 1/4 us
628  *   2 for 1/2 us
629  *   3 for 1 us
630  *   4 for 2 us
631  *   5 for 4 us
632  *   6 for 8 us
633  *   7 for 16 us
634  */
635 	switch (mpdudensity) {
636 	case 0:
637 		return 0;
638 	case 1:
639 	case 2:
640 	case 3:
641 	/* Our lower layer calculations limit our precision to
642 	 * 1 microsecond
643 	 */
644 		return 1;
645 	case 4:
646 		return 2;
647 	case 5:
648 		return 4;
649 	case 6:
650 		return 8;
651 	case 7:
652 		return 16;
653 	default:
654 		return 0;
655 	}
656 }
657 
658 int ath10k_mac_vif_chan(struct ieee80211_vif *vif,
659 			struct cfg80211_chan_def *def)
660 {
661 	struct ieee80211_chanctx_conf *conf;
662 
663 	rcu_read_lock();
664 	conf = rcu_dereference(vif->bss_conf.chanctx_conf);
665 	if (!conf) {
666 		rcu_read_unlock();
667 		return -ENOENT;
668 	}
669 
670 	*def = conf->def;
671 	rcu_read_unlock();
672 
673 	return 0;
674 }
675 
676 static void ath10k_mac_num_chanctxs_iter(struct ieee80211_hw *hw,
677 					 struct ieee80211_chanctx_conf *conf,
678 					 void *data)
679 {
680 	int *num = data;
681 
682 	(*num)++;
683 }
684 
685 static int ath10k_mac_num_chanctxs(struct ath10k *ar)
686 {
687 	int num = 0;
688 
689 	ieee80211_iter_chan_contexts_atomic(ar->hw,
690 					    ath10k_mac_num_chanctxs_iter,
691 					    &num);
692 
693 	return num;
694 }
695 
696 static void
697 ath10k_mac_get_any_chandef_iter(struct ieee80211_hw *hw,
698 				struct ieee80211_chanctx_conf *conf,
699 				void *data)
700 {
701 	struct cfg80211_chan_def **def = data;
702 
703 	*def = &conf->def;
704 }
705 
706 static void ath10k_wait_for_peer_delete_done(struct ath10k *ar, u32 vdev_id,
707 					     const u8 *addr)
708 {
709 	unsigned long time_left;
710 	int ret;
711 
712 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
713 		ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
714 		if (ret) {
715 			ath10k_warn(ar, "failed wait for peer deleted");
716 			return;
717 		}
718 
719 		time_left = wait_for_completion_timeout(&ar->peer_delete_done,
720 							5 * HZ);
721 		if (!time_left)
722 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
723 	}
724 }
725 
726 static int ath10k_peer_create(struct ath10k *ar,
727 			      struct ieee80211_vif *vif,
728 			      struct ieee80211_sta *sta,
729 			      u32 vdev_id,
730 			      const u8 *addr,
731 			      enum wmi_peer_type peer_type)
732 {
733 	struct ath10k_vif *arvif;
734 	struct ath10k_peer *peer;
735 	int num_peers = 0;
736 	int ret;
737 
738 	lockdep_assert_held(&ar->conf_mutex);
739 
740 	num_peers = ar->num_peers;
741 
742 	/* Each vdev consumes a peer entry as well */
743 	list_for_each_entry(arvif, &ar->arvifs, list)
744 		num_peers++;
745 
746 	if (num_peers >= ar->max_num_peers)
747 		return -ENOBUFS;
748 
749 	ret = ath10k_wmi_peer_create(ar, vdev_id, addr, peer_type);
750 	if (ret) {
751 		ath10k_warn(ar, "failed to create wmi peer %pM on vdev %i: %i\n",
752 			    addr, vdev_id, ret);
753 		return ret;
754 	}
755 
756 	ret = ath10k_wait_for_peer_created(ar, vdev_id, addr);
757 	if (ret) {
758 		ath10k_warn(ar, "failed to wait for created wmi peer %pM on vdev %i: %i\n",
759 			    addr, vdev_id, ret);
760 		return ret;
761 	}
762 
763 	spin_lock_bh(&ar->data_lock);
764 
765 	peer = ath10k_peer_find(ar, vdev_id, addr);
766 	if (!peer) {
767 		spin_unlock_bh(&ar->data_lock);
768 		ath10k_warn(ar, "failed to find peer %pM on vdev %i after creation\n",
769 			    addr, vdev_id);
770 		ath10k_wait_for_peer_delete_done(ar, vdev_id, addr);
771 		return -ENOENT;
772 	}
773 
774 	peer->vif = vif;
775 	peer->sta = sta;
776 
777 	spin_unlock_bh(&ar->data_lock);
778 
779 	ar->num_peers++;
780 
781 	return 0;
782 }
783 
784 static int ath10k_mac_set_kickout(struct ath10k_vif *arvif)
785 {
786 	struct ath10k *ar = arvif->ar;
787 	u32 param;
788 	int ret;
789 
790 	param = ar->wmi.pdev_param->sta_kickout_th;
791 	ret = ath10k_wmi_pdev_set_param(ar, param,
792 					ATH10K_KICKOUT_THRESHOLD);
793 	if (ret) {
794 		ath10k_warn(ar, "failed to set kickout threshold on vdev %i: %d\n",
795 			    arvif->vdev_id, ret);
796 		return ret;
797 	}
798 
799 	param = ar->wmi.vdev_param->ap_keepalive_min_idle_inactive_time_secs;
800 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
801 					ATH10K_KEEPALIVE_MIN_IDLE);
802 	if (ret) {
803 		ath10k_warn(ar, "failed to set keepalive minimum idle time on vdev %i: %d\n",
804 			    arvif->vdev_id, ret);
805 		return ret;
806 	}
807 
808 	param = ar->wmi.vdev_param->ap_keepalive_max_idle_inactive_time_secs;
809 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
810 					ATH10K_KEEPALIVE_MAX_IDLE);
811 	if (ret) {
812 		ath10k_warn(ar, "failed to set keepalive maximum idle time on vdev %i: %d\n",
813 			    arvif->vdev_id, ret);
814 		return ret;
815 	}
816 
817 	param = ar->wmi.vdev_param->ap_keepalive_max_unresponsive_time_secs;
818 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
819 					ATH10K_KEEPALIVE_MAX_UNRESPONSIVE);
820 	if (ret) {
821 		ath10k_warn(ar, "failed to set keepalive maximum unresponsive time on vdev %i: %d\n",
822 			    arvif->vdev_id, ret);
823 		return ret;
824 	}
825 
826 	return 0;
827 }
828 
829 static int ath10k_mac_set_rts(struct ath10k_vif *arvif, u32 value)
830 {
831 	struct ath10k *ar = arvif->ar;
832 	u32 vdev_param;
833 
834 	vdev_param = ar->wmi.vdev_param->rts_threshold;
835 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, value);
836 }
837 
838 static int ath10k_peer_delete(struct ath10k *ar, u32 vdev_id, const u8 *addr)
839 {
840 	int ret;
841 
842 	lockdep_assert_held(&ar->conf_mutex);
843 
844 	ret = ath10k_wmi_peer_delete(ar, vdev_id, addr);
845 	if (ret)
846 		return ret;
847 
848 	ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
849 	if (ret)
850 		return ret;
851 
852 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
853 		unsigned long time_left;
854 
855 		time_left = wait_for_completion_timeout
856 			    (&ar->peer_delete_done, 5 * HZ);
857 
858 		if (!time_left) {
859 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
860 			return -ETIMEDOUT;
861 		}
862 	}
863 
864 	ar->num_peers--;
865 
866 	return 0;
867 }
868 
869 static void ath10k_peer_map_cleanup(struct ath10k *ar, struct ath10k_peer *peer)
870 {
871 	int peer_id, i;
872 
873 	lockdep_assert_held(&ar->conf_mutex);
874 
875 	for_each_set_bit(peer_id, peer->peer_ids,
876 			 ATH10K_MAX_NUM_PEER_IDS) {
877 		ar->peer_map[peer_id] = NULL;
878 	}
879 
880 	/* Double check that peer is properly un-referenced from
881 	 * the peer_map
882 	 */
883 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
884 		if (ar->peer_map[i] == peer) {
885 			ath10k_warn(ar, "removing stale peer_map entry for %pM (ptr %pK idx %d)\n",
886 				    peer->addr, peer, i);
887 			ar->peer_map[i] = NULL;
888 		}
889 	}
890 
891 	list_del(&peer->list);
892 	kfree(peer);
893 	ar->num_peers--;
894 }
895 
896 static void ath10k_peer_cleanup(struct ath10k *ar, u32 vdev_id)
897 {
898 	struct ath10k_peer *peer, *tmp;
899 
900 	lockdep_assert_held(&ar->conf_mutex);
901 
902 	spin_lock_bh(&ar->data_lock);
903 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
904 		if (peer->vdev_id != vdev_id)
905 			continue;
906 
907 		ath10k_warn(ar, "removing stale peer %pM from vdev_id %d\n",
908 			    peer->addr, vdev_id);
909 
910 		ath10k_peer_map_cleanup(ar, peer);
911 	}
912 	spin_unlock_bh(&ar->data_lock);
913 }
914 
915 static void ath10k_peer_cleanup_all(struct ath10k *ar)
916 {
917 	struct ath10k_peer *peer, *tmp;
918 	int i;
919 
920 	lockdep_assert_held(&ar->conf_mutex);
921 
922 	spin_lock_bh(&ar->data_lock);
923 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
924 		list_del(&peer->list);
925 		kfree(peer);
926 	}
927 
928 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++)
929 		ar->peer_map[i] = NULL;
930 
931 	spin_unlock_bh(&ar->data_lock);
932 
933 	ar->num_peers = 0;
934 	ar->num_stations = 0;
935 }
936 
937 static int ath10k_mac_tdls_peer_update(struct ath10k *ar, u32 vdev_id,
938 				       struct ieee80211_sta *sta,
939 				       enum wmi_tdls_peer_state state)
940 {
941 	int ret;
942 	struct wmi_tdls_peer_update_cmd_arg arg = {};
943 	struct wmi_tdls_peer_capab_arg cap = {};
944 	struct wmi_channel_arg chan_arg = {};
945 
946 	lockdep_assert_held(&ar->conf_mutex);
947 
948 	arg.vdev_id = vdev_id;
949 	arg.peer_state = state;
950 	ether_addr_copy(arg.addr, sta->addr);
951 
952 	cap.peer_max_sp = sta->max_sp;
953 	cap.peer_uapsd_queues = sta->uapsd_queues;
954 
955 	if (state == WMI_TDLS_PEER_STATE_CONNECTED &&
956 	    !sta->tdls_initiator)
957 		cap.is_peer_responder = 1;
958 
959 	ret = ath10k_wmi_tdls_peer_update(ar, &arg, &cap, &chan_arg);
960 	if (ret) {
961 		ath10k_warn(ar, "failed to update tdls peer %pM on vdev %i: %i\n",
962 			    arg.addr, vdev_id, ret);
963 		return ret;
964 	}
965 
966 	return 0;
967 }
968 
969 /************************/
970 /* Interface management */
971 /************************/
972 
973 void ath10k_mac_vif_beacon_free(struct ath10k_vif *arvif)
974 {
975 	struct ath10k *ar = arvif->ar;
976 
977 	lockdep_assert_held(&ar->data_lock);
978 
979 	if (!arvif->beacon)
980 		return;
981 
982 	if (!arvif->beacon_buf)
983 		dma_unmap_single(ar->dev, ATH10K_SKB_CB(arvif->beacon)->paddr,
984 				 arvif->beacon->len, DMA_TO_DEVICE);
985 
986 	if (WARN_ON(arvif->beacon_state != ATH10K_BEACON_SCHEDULED &&
987 		    arvif->beacon_state != ATH10K_BEACON_SENT))
988 		return;
989 
990 	dev_kfree_skb_any(arvif->beacon);
991 
992 	arvif->beacon = NULL;
993 	arvif->beacon_state = ATH10K_BEACON_SCHEDULED;
994 }
995 
996 static void ath10k_mac_vif_beacon_cleanup(struct ath10k_vif *arvif)
997 {
998 	struct ath10k *ar = arvif->ar;
999 
1000 	lockdep_assert_held(&ar->data_lock);
1001 
1002 	ath10k_mac_vif_beacon_free(arvif);
1003 
1004 	if (arvif->beacon_buf) {
1005 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)
1006 			kfree(arvif->beacon_buf);
1007 		else
1008 			dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
1009 					  arvif->beacon_buf,
1010 					  arvif->beacon_paddr);
1011 		arvif->beacon_buf = NULL;
1012 	}
1013 }
1014 
1015 static inline int ath10k_vdev_setup_sync(struct ath10k *ar)
1016 {
1017 	unsigned long time_left;
1018 
1019 	lockdep_assert_held(&ar->conf_mutex);
1020 
1021 	if (test_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags))
1022 		return -ESHUTDOWN;
1023 
1024 	time_left = wait_for_completion_timeout(&ar->vdev_setup_done,
1025 						ATH10K_VDEV_SETUP_TIMEOUT_HZ);
1026 	if (time_left == 0)
1027 		return -ETIMEDOUT;
1028 
1029 	return ar->last_wmi_vdev_start_status;
1030 }
1031 
1032 static int ath10k_monitor_vdev_start(struct ath10k *ar, int vdev_id)
1033 {
1034 	struct cfg80211_chan_def *chandef = NULL;
1035 	struct ieee80211_channel *channel = NULL;
1036 	struct wmi_vdev_start_request_arg arg = {};
1037 	int ret = 0;
1038 
1039 	lockdep_assert_held(&ar->conf_mutex);
1040 
1041 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1042 					    ath10k_mac_get_any_chandef_iter,
1043 					    &chandef);
1044 	if (WARN_ON_ONCE(!chandef))
1045 		return -ENOENT;
1046 
1047 	channel = chandef->chan;
1048 
1049 	arg.vdev_id = vdev_id;
1050 	arg.channel.freq = channel->center_freq;
1051 	arg.channel.band_center_freq1 = chandef->center_freq1;
1052 	arg.channel.band_center_freq2 = chandef->center_freq2;
1053 
1054 	/* TODO setup this dynamically, what in case we
1055 	 * don't have any vifs?
1056 	 */
1057 	arg.channel.mode = chan_to_phymode(chandef);
1058 	arg.channel.chan_radar =
1059 			!!(channel->flags & IEEE80211_CHAN_RADAR);
1060 
1061 	arg.channel.min_power = 0;
1062 	arg.channel.max_power = channel->max_power * 2;
1063 	arg.channel.max_reg_power = channel->max_reg_power * 2;
1064 	arg.channel.max_antenna_gain = channel->max_antenna_gain;
1065 
1066 	reinit_completion(&ar->vdev_setup_done);
1067 	reinit_completion(&ar->vdev_delete_done);
1068 
1069 	ret = ath10k_wmi_vdev_start(ar, &arg);
1070 	if (ret) {
1071 		ath10k_warn(ar, "failed to request monitor vdev %i start: %d\n",
1072 			    vdev_id, ret);
1073 		return ret;
1074 	}
1075 
1076 	ret = ath10k_vdev_setup_sync(ar);
1077 	if (ret) {
1078 		ath10k_warn(ar, "failed to synchronize setup for monitor vdev %i start: %d\n",
1079 			    vdev_id, ret);
1080 		return ret;
1081 	}
1082 
1083 	ret = ath10k_wmi_vdev_up(ar, vdev_id, 0, ar->mac_addr);
1084 	if (ret) {
1085 		ath10k_warn(ar, "failed to put up monitor vdev %i: %d\n",
1086 			    vdev_id, ret);
1087 		goto vdev_stop;
1088 	}
1089 
1090 	ar->monitor_vdev_id = vdev_id;
1091 
1092 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i started\n",
1093 		   ar->monitor_vdev_id);
1094 	return 0;
1095 
1096 vdev_stop:
1097 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1098 	if (ret)
1099 		ath10k_warn(ar, "failed to stop monitor vdev %i after start failure: %d\n",
1100 			    ar->monitor_vdev_id, ret);
1101 
1102 	return ret;
1103 }
1104 
1105 static int ath10k_monitor_vdev_stop(struct ath10k *ar)
1106 {
1107 	int ret = 0;
1108 
1109 	lockdep_assert_held(&ar->conf_mutex);
1110 
1111 	ret = ath10k_wmi_vdev_down(ar, ar->monitor_vdev_id);
1112 	if (ret)
1113 		ath10k_warn(ar, "failed to put down monitor vdev %i: %d\n",
1114 			    ar->monitor_vdev_id, ret);
1115 
1116 	reinit_completion(&ar->vdev_setup_done);
1117 	reinit_completion(&ar->vdev_delete_done);
1118 
1119 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1120 	if (ret)
1121 		ath10k_warn(ar, "failed to request monitor vdev %i stop: %d\n",
1122 			    ar->monitor_vdev_id, ret);
1123 
1124 	ret = ath10k_vdev_setup_sync(ar);
1125 	if (ret)
1126 		ath10k_warn(ar, "failed to synchronize monitor vdev %i stop: %d\n",
1127 			    ar->monitor_vdev_id, ret);
1128 
1129 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i stopped\n",
1130 		   ar->monitor_vdev_id);
1131 	return ret;
1132 }
1133 
1134 static int ath10k_monitor_vdev_create(struct ath10k *ar)
1135 {
1136 	int bit, ret = 0;
1137 
1138 	lockdep_assert_held(&ar->conf_mutex);
1139 
1140 	if (ar->free_vdev_map == 0) {
1141 		ath10k_warn(ar, "failed to find free vdev id for monitor vdev\n");
1142 		return -ENOMEM;
1143 	}
1144 
1145 	bit = __ffs64(ar->free_vdev_map);
1146 
1147 	ar->monitor_vdev_id = bit;
1148 
1149 	ret = ath10k_wmi_vdev_create(ar, ar->monitor_vdev_id,
1150 				     WMI_VDEV_TYPE_MONITOR,
1151 				     0, ar->mac_addr);
1152 	if (ret) {
1153 		ath10k_warn(ar, "failed to request monitor vdev %i creation: %d\n",
1154 			    ar->monitor_vdev_id, ret);
1155 		return ret;
1156 	}
1157 
1158 	ar->free_vdev_map &= ~(1LL << ar->monitor_vdev_id);
1159 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d created\n",
1160 		   ar->monitor_vdev_id);
1161 
1162 	return 0;
1163 }
1164 
1165 static int ath10k_monitor_vdev_delete(struct ath10k *ar)
1166 {
1167 	int ret = 0;
1168 
1169 	lockdep_assert_held(&ar->conf_mutex);
1170 
1171 	ret = ath10k_wmi_vdev_delete(ar, ar->monitor_vdev_id);
1172 	if (ret) {
1173 		ath10k_warn(ar, "failed to request wmi monitor vdev %i removal: %d\n",
1174 			    ar->monitor_vdev_id, ret);
1175 		return ret;
1176 	}
1177 
1178 	ar->free_vdev_map |= 1LL << ar->monitor_vdev_id;
1179 
1180 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d deleted\n",
1181 		   ar->monitor_vdev_id);
1182 	return ret;
1183 }
1184 
1185 static int ath10k_monitor_start(struct ath10k *ar)
1186 {
1187 	int ret;
1188 
1189 	lockdep_assert_held(&ar->conf_mutex);
1190 
1191 	ret = ath10k_monitor_vdev_create(ar);
1192 	if (ret) {
1193 		ath10k_warn(ar, "failed to create monitor vdev: %d\n", ret);
1194 		return ret;
1195 	}
1196 
1197 	ret = ath10k_monitor_vdev_start(ar, ar->monitor_vdev_id);
1198 	if (ret) {
1199 		ath10k_warn(ar, "failed to start monitor vdev: %d\n", ret);
1200 		ath10k_monitor_vdev_delete(ar);
1201 		return ret;
1202 	}
1203 
1204 	ar->monitor_started = true;
1205 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor started\n");
1206 
1207 	return 0;
1208 }
1209 
1210 static int ath10k_monitor_stop(struct ath10k *ar)
1211 {
1212 	int ret;
1213 
1214 	lockdep_assert_held(&ar->conf_mutex);
1215 
1216 	ret = ath10k_monitor_vdev_stop(ar);
1217 	if (ret) {
1218 		ath10k_warn(ar, "failed to stop monitor vdev: %d\n", ret);
1219 		return ret;
1220 	}
1221 
1222 	ret = ath10k_monitor_vdev_delete(ar);
1223 	if (ret) {
1224 		ath10k_warn(ar, "failed to delete monitor vdev: %d\n", ret);
1225 		return ret;
1226 	}
1227 
1228 	ar->monitor_started = false;
1229 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopped\n");
1230 
1231 	return 0;
1232 }
1233 
1234 static bool ath10k_mac_monitor_vdev_is_needed(struct ath10k *ar)
1235 {
1236 	int num_ctx;
1237 
1238 	/* At least one chanctx is required to derive a channel to start
1239 	 * monitor vdev on.
1240 	 */
1241 	num_ctx = ath10k_mac_num_chanctxs(ar);
1242 	if (num_ctx == 0)
1243 		return false;
1244 
1245 	/* If there's already an existing special monitor interface then don't
1246 	 * bother creating another monitor vdev.
1247 	 */
1248 	if (ar->monitor_arvif)
1249 		return false;
1250 
1251 	return ar->monitor ||
1252 	       (!test_bit(ATH10K_FW_FEATURE_ALLOWS_MESH_BCAST,
1253 			  ar->running_fw->fw_file.fw_features) &&
1254 		(ar->filter_flags & FIF_OTHER_BSS)) ||
1255 	       test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1256 }
1257 
1258 static bool ath10k_mac_monitor_vdev_is_allowed(struct ath10k *ar)
1259 {
1260 	int num_ctx;
1261 
1262 	num_ctx = ath10k_mac_num_chanctxs(ar);
1263 
1264 	/* FIXME: Current interface combinations and cfg80211/mac80211 code
1265 	 * shouldn't allow this but make sure to prevent handling the following
1266 	 * case anyway since multi-channel DFS hasn't been tested at all.
1267 	 */
1268 	if (test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags) && num_ctx > 1)
1269 		return false;
1270 
1271 	return true;
1272 }
1273 
1274 static int ath10k_monitor_recalc(struct ath10k *ar)
1275 {
1276 	bool needed;
1277 	bool allowed;
1278 	int ret;
1279 
1280 	lockdep_assert_held(&ar->conf_mutex);
1281 
1282 	needed = ath10k_mac_monitor_vdev_is_needed(ar);
1283 	allowed = ath10k_mac_monitor_vdev_is_allowed(ar);
1284 
1285 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1286 		   "mac monitor recalc started? %d needed? %d allowed? %d\n",
1287 		   ar->monitor_started, needed, allowed);
1288 
1289 	if (WARN_ON(needed && !allowed)) {
1290 		if (ar->monitor_started) {
1291 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopping disallowed monitor\n");
1292 
1293 			ret = ath10k_monitor_stop(ar);
1294 			if (ret)
1295 				ath10k_warn(ar, "failed to stop disallowed monitor: %d\n",
1296 					    ret);
1297 				/* not serious */
1298 		}
1299 
1300 		return -EPERM;
1301 	}
1302 
1303 	if (needed == ar->monitor_started)
1304 		return 0;
1305 
1306 	if (needed)
1307 		return ath10k_monitor_start(ar);
1308 	else
1309 		return ath10k_monitor_stop(ar);
1310 }
1311 
1312 static bool ath10k_mac_can_set_cts_prot(struct ath10k_vif *arvif)
1313 {
1314 	struct ath10k *ar = arvif->ar;
1315 
1316 	lockdep_assert_held(&ar->conf_mutex);
1317 
1318 	if (!arvif->is_started) {
1319 		ath10k_dbg(ar, ATH10K_DBG_MAC, "defer cts setup, vdev is not ready yet\n");
1320 		return false;
1321 	}
1322 
1323 	return true;
1324 }
1325 
1326 static int ath10k_mac_set_cts_prot(struct ath10k_vif *arvif)
1327 {
1328 	struct ath10k *ar = arvif->ar;
1329 	u32 vdev_param;
1330 
1331 	lockdep_assert_held(&ar->conf_mutex);
1332 
1333 	vdev_param = ar->wmi.vdev_param->protection_mode;
1334 
1335 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d cts_protection %d\n",
1336 		   arvif->vdev_id, arvif->use_cts_prot);
1337 
1338 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1339 					 arvif->use_cts_prot ? 1 : 0);
1340 }
1341 
1342 static int ath10k_recalc_rtscts_prot(struct ath10k_vif *arvif)
1343 {
1344 	struct ath10k *ar = arvif->ar;
1345 	u32 vdev_param, rts_cts = 0;
1346 
1347 	lockdep_assert_held(&ar->conf_mutex);
1348 
1349 	vdev_param = ar->wmi.vdev_param->enable_rtscts;
1350 
1351 	rts_cts |= SM(WMI_RTSCTS_ENABLED, WMI_RTSCTS_SET);
1352 
1353 	if (arvif->num_legacy_stations > 0)
1354 		rts_cts |= SM(WMI_RTSCTS_ACROSS_SW_RETRIES,
1355 			      WMI_RTSCTS_PROFILE);
1356 	else
1357 		rts_cts |= SM(WMI_RTSCTS_FOR_SECOND_RATESERIES,
1358 			      WMI_RTSCTS_PROFILE);
1359 
1360 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d recalc rts/cts prot %d\n",
1361 		   arvif->vdev_id, rts_cts);
1362 
1363 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1364 					 rts_cts);
1365 }
1366 
1367 static int ath10k_start_cac(struct ath10k *ar)
1368 {
1369 	int ret;
1370 
1371 	lockdep_assert_held(&ar->conf_mutex);
1372 
1373 	set_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1374 
1375 	ret = ath10k_monitor_recalc(ar);
1376 	if (ret) {
1377 		ath10k_warn(ar, "failed to start monitor (cac): %d\n", ret);
1378 		clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1379 		return ret;
1380 	}
1381 
1382 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac start monitor vdev %d\n",
1383 		   ar->monitor_vdev_id);
1384 
1385 	return 0;
1386 }
1387 
1388 static int ath10k_stop_cac(struct ath10k *ar)
1389 {
1390 	lockdep_assert_held(&ar->conf_mutex);
1391 
1392 	/* CAC is not running - do nothing */
1393 	if (!test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags))
1394 		return 0;
1395 
1396 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1397 	ath10k_monitor_stop(ar);
1398 
1399 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac finished\n");
1400 
1401 	return 0;
1402 }
1403 
1404 static void ath10k_mac_has_radar_iter(struct ieee80211_hw *hw,
1405 				      struct ieee80211_chanctx_conf *conf,
1406 				      void *data)
1407 {
1408 	bool *ret = data;
1409 
1410 	if (!*ret && conf->radar_enabled)
1411 		*ret = true;
1412 }
1413 
1414 static bool ath10k_mac_has_radar_enabled(struct ath10k *ar)
1415 {
1416 	bool has_radar = false;
1417 
1418 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1419 					    ath10k_mac_has_radar_iter,
1420 					    &has_radar);
1421 
1422 	return has_radar;
1423 }
1424 
1425 static void ath10k_recalc_radar_detection(struct ath10k *ar)
1426 {
1427 	int ret;
1428 
1429 	lockdep_assert_held(&ar->conf_mutex);
1430 
1431 	ath10k_stop_cac(ar);
1432 
1433 	if (!ath10k_mac_has_radar_enabled(ar))
1434 		return;
1435 
1436 	if (ar->num_started_vdevs > 0)
1437 		return;
1438 
1439 	ret = ath10k_start_cac(ar);
1440 	if (ret) {
1441 		/*
1442 		 * Not possible to start CAC on current channel so starting
1443 		 * radiation is not allowed, make this channel DFS_UNAVAILABLE
1444 		 * by indicating that radar was detected.
1445 		 */
1446 		ath10k_warn(ar, "failed to start CAC: %d\n", ret);
1447 		ieee80211_radar_detected(ar->hw);
1448 	}
1449 }
1450 
1451 static int ath10k_vdev_stop(struct ath10k_vif *arvif)
1452 {
1453 	struct ath10k *ar = arvif->ar;
1454 	int ret;
1455 
1456 	lockdep_assert_held(&ar->conf_mutex);
1457 
1458 	reinit_completion(&ar->vdev_setup_done);
1459 	reinit_completion(&ar->vdev_delete_done);
1460 
1461 	ret = ath10k_wmi_vdev_stop(ar, arvif->vdev_id);
1462 	if (ret) {
1463 		ath10k_warn(ar, "failed to stop WMI vdev %i: %d\n",
1464 			    arvif->vdev_id, ret);
1465 		return ret;
1466 	}
1467 
1468 	ret = ath10k_vdev_setup_sync(ar);
1469 	if (ret) {
1470 		ath10k_warn(ar, "failed to synchronize setup for vdev %i: %d\n",
1471 			    arvif->vdev_id, ret);
1472 		return ret;
1473 	}
1474 
1475 	WARN_ON(ar->num_started_vdevs == 0);
1476 
1477 	if (ar->num_started_vdevs != 0) {
1478 		ar->num_started_vdevs--;
1479 		ath10k_recalc_radar_detection(ar);
1480 	}
1481 
1482 	return ret;
1483 }
1484 
1485 static int ath10k_vdev_start_restart(struct ath10k_vif *arvif,
1486 				     const struct cfg80211_chan_def *chandef,
1487 				     bool restart)
1488 {
1489 	struct ath10k *ar = arvif->ar;
1490 	struct wmi_vdev_start_request_arg arg = {};
1491 	int ret = 0;
1492 
1493 	lockdep_assert_held(&ar->conf_mutex);
1494 
1495 	reinit_completion(&ar->vdev_setup_done);
1496 	reinit_completion(&ar->vdev_delete_done);
1497 
1498 	arg.vdev_id = arvif->vdev_id;
1499 	arg.dtim_period = arvif->dtim_period;
1500 	arg.bcn_intval = arvif->beacon_interval;
1501 
1502 	arg.channel.freq = chandef->chan->center_freq;
1503 	arg.channel.band_center_freq1 = chandef->center_freq1;
1504 	arg.channel.band_center_freq2 = chandef->center_freq2;
1505 	arg.channel.mode = chan_to_phymode(chandef);
1506 
1507 	arg.channel.min_power = 0;
1508 	arg.channel.max_power = chandef->chan->max_power * 2;
1509 	arg.channel.max_reg_power = chandef->chan->max_reg_power * 2;
1510 	arg.channel.max_antenna_gain = chandef->chan->max_antenna_gain;
1511 
1512 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
1513 		arg.ssid = arvif->u.ap.ssid;
1514 		arg.ssid_len = arvif->u.ap.ssid_len;
1515 		arg.hidden_ssid = arvif->u.ap.hidden_ssid;
1516 
1517 		/* For now allow DFS for AP mode */
1518 		arg.channel.chan_radar =
1519 			!!(chandef->chan->flags & IEEE80211_CHAN_RADAR);
1520 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
1521 		arg.ssid = arvif->vif->cfg.ssid;
1522 		arg.ssid_len = arvif->vif->cfg.ssid_len;
1523 	}
1524 
1525 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1526 		   "mac vdev %d start center_freq %d phymode %s\n",
1527 		   arg.vdev_id, arg.channel.freq,
1528 		   ath10k_wmi_phymode_str(arg.channel.mode));
1529 
1530 	if (restart)
1531 		ret = ath10k_wmi_vdev_restart(ar, &arg);
1532 	else
1533 		ret = ath10k_wmi_vdev_start(ar, &arg);
1534 
1535 	if (ret) {
1536 		ath10k_warn(ar, "failed to start WMI vdev %i: %d\n",
1537 			    arg.vdev_id, ret);
1538 		return ret;
1539 	}
1540 
1541 	ret = ath10k_vdev_setup_sync(ar);
1542 	if (ret) {
1543 		ath10k_warn(ar,
1544 			    "failed to synchronize setup for vdev %i restart %d: %d\n",
1545 			    arg.vdev_id, restart, ret);
1546 		return ret;
1547 	}
1548 
1549 	ar->num_started_vdevs++;
1550 	ath10k_recalc_radar_detection(ar);
1551 
1552 	return ret;
1553 }
1554 
1555 static int ath10k_vdev_start(struct ath10k_vif *arvif,
1556 			     const struct cfg80211_chan_def *def)
1557 {
1558 	return ath10k_vdev_start_restart(arvif, def, false);
1559 }
1560 
1561 static int ath10k_vdev_restart(struct ath10k_vif *arvif,
1562 			       const struct cfg80211_chan_def *def)
1563 {
1564 	return ath10k_vdev_start_restart(arvif, def, true);
1565 }
1566 
1567 static int ath10k_mac_setup_bcn_p2p_ie(struct ath10k_vif *arvif,
1568 				       struct sk_buff *bcn)
1569 {
1570 	struct ath10k *ar = arvif->ar;
1571 	struct ieee80211_mgmt *mgmt;
1572 	const u8 *p2p_ie;
1573 	int ret;
1574 
1575 	if (arvif->vif->type != NL80211_IFTYPE_AP || !arvif->vif->p2p)
1576 		return 0;
1577 
1578 	mgmt = (void *)bcn->data;
1579 	p2p_ie = cfg80211_find_vendor_ie(WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1580 					 mgmt->u.beacon.variable,
1581 					 bcn->len - (mgmt->u.beacon.variable -
1582 						     bcn->data));
1583 	if (!p2p_ie)
1584 		return -ENOENT;
1585 
1586 	ret = ath10k_wmi_p2p_go_bcn_ie(ar, arvif->vdev_id, p2p_ie);
1587 	if (ret) {
1588 		ath10k_warn(ar, "failed to submit p2p go bcn ie for vdev %i: %d\n",
1589 			    arvif->vdev_id, ret);
1590 		return ret;
1591 	}
1592 
1593 	return 0;
1594 }
1595 
1596 static int ath10k_mac_remove_vendor_ie(struct sk_buff *skb, unsigned int oui,
1597 				       u8 oui_type, size_t ie_offset)
1598 {
1599 	size_t len;
1600 	const u8 *next;
1601 	const u8 *end;
1602 	u8 *ie;
1603 
1604 	if (WARN_ON(skb->len < ie_offset))
1605 		return -EINVAL;
1606 
1607 	ie = (u8 *)cfg80211_find_vendor_ie(oui, oui_type,
1608 					   skb->data + ie_offset,
1609 					   skb->len - ie_offset);
1610 	if (!ie)
1611 		return -ENOENT;
1612 
1613 	len = ie[1] + 2;
1614 	end = skb->data + skb->len;
1615 	next = ie + len;
1616 
1617 	if (WARN_ON(next > end))
1618 		return -EINVAL;
1619 
1620 	memmove(ie, next, end - next);
1621 	skb_trim(skb, skb->len - len);
1622 
1623 	return 0;
1624 }
1625 
1626 static int ath10k_mac_setup_bcn_tmpl(struct ath10k_vif *arvif)
1627 {
1628 	struct ath10k *ar = arvif->ar;
1629 	struct ieee80211_hw *hw = ar->hw;
1630 	struct ieee80211_vif *vif = arvif->vif;
1631 	struct ieee80211_mutable_offsets offs = {};
1632 	struct sk_buff *bcn;
1633 	int ret;
1634 
1635 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1636 		return 0;
1637 
1638 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
1639 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
1640 		return 0;
1641 
1642 	bcn = ieee80211_beacon_get_template(hw, vif, &offs, 0);
1643 	if (!bcn) {
1644 		ath10k_warn(ar, "failed to get beacon template from mac80211\n");
1645 		return -EPERM;
1646 	}
1647 
1648 	ret = ath10k_mac_setup_bcn_p2p_ie(arvif, bcn);
1649 	if (ret) {
1650 		ath10k_warn(ar, "failed to setup p2p go bcn ie: %d\n", ret);
1651 		kfree_skb(bcn);
1652 		return ret;
1653 	}
1654 
1655 	/* P2P IE is inserted by firmware automatically (as configured above)
1656 	 * so remove it from the base beacon template to avoid duplicate P2P
1657 	 * IEs in beacon frames.
1658 	 */
1659 	ath10k_mac_remove_vendor_ie(bcn, WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1660 				    offsetof(struct ieee80211_mgmt,
1661 					     u.beacon.variable));
1662 
1663 	ret = ath10k_wmi_bcn_tmpl(ar, arvif->vdev_id, offs.tim_offset, bcn, 0,
1664 				  0, NULL, 0);
1665 	kfree_skb(bcn);
1666 
1667 	if (ret) {
1668 		ath10k_warn(ar, "failed to submit beacon template command: %d\n",
1669 			    ret);
1670 		return ret;
1671 	}
1672 
1673 	return 0;
1674 }
1675 
1676 static int ath10k_mac_setup_prb_tmpl(struct ath10k_vif *arvif)
1677 {
1678 	struct ath10k *ar = arvif->ar;
1679 	struct ieee80211_hw *hw = ar->hw;
1680 	struct ieee80211_vif *vif = arvif->vif;
1681 	struct sk_buff *prb;
1682 	int ret;
1683 
1684 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1685 		return 0;
1686 
1687 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
1688 		return 0;
1689 
1690 	 /* For mesh, probe response and beacon share the same template */
1691 	if (ieee80211_vif_is_mesh(vif))
1692 		return 0;
1693 
1694 	prb = ieee80211_proberesp_get(hw, vif);
1695 	if (!prb) {
1696 		ath10k_warn(ar, "failed to get probe resp template from mac80211\n");
1697 		return -EPERM;
1698 	}
1699 
1700 	ret = ath10k_wmi_prb_tmpl(ar, arvif->vdev_id, prb);
1701 	kfree_skb(prb);
1702 
1703 	if (ret) {
1704 		ath10k_warn(ar, "failed to submit probe resp template command: %d\n",
1705 			    ret);
1706 		return ret;
1707 	}
1708 
1709 	return 0;
1710 }
1711 
1712 static int ath10k_mac_vif_fix_hidden_ssid(struct ath10k_vif *arvif)
1713 {
1714 	struct ath10k *ar = arvif->ar;
1715 	struct cfg80211_chan_def def;
1716 	int ret;
1717 
1718 	/* When originally vdev is started during assign_vif_chanctx() some
1719 	 * information is missing, notably SSID. Firmware revisions with beacon
1720 	 * offloading require the SSID to be provided during vdev (re)start to
1721 	 * handle hidden SSID properly.
1722 	 *
1723 	 * Vdev restart must be done after vdev has been both started and
1724 	 * upped. Otherwise some firmware revisions (at least 10.2) fail to
1725 	 * deliver vdev restart response event causing timeouts during vdev
1726 	 * syncing in ath10k.
1727 	 *
1728 	 * Note: The vdev down/up and template reinstallation could be skipped
1729 	 * since only wmi-tlv firmware are known to have beacon offload and
1730 	 * wmi-tlv doesn't seem to misbehave like 10.2 wrt vdev restart
1731 	 * response delivery. It's probably more robust to keep it as is.
1732 	 */
1733 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1734 		return 0;
1735 
1736 	if (WARN_ON(!arvif->is_started))
1737 		return -EINVAL;
1738 
1739 	if (WARN_ON(!arvif->is_up))
1740 		return -EINVAL;
1741 
1742 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
1743 		return -EINVAL;
1744 
1745 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1746 	if (ret) {
1747 		ath10k_warn(ar, "failed to bring down ap vdev %i: %d\n",
1748 			    arvif->vdev_id, ret);
1749 		return ret;
1750 	}
1751 
1752 	/* Vdev down reset beacon & presp templates. Reinstall them. Otherwise
1753 	 * firmware will crash upon vdev up.
1754 	 */
1755 
1756 	ret = ath10k_mac_setup_bcn_tmpl(arvif);
1757 	if (ret) {
1758 		ath10k_warn(ar, "failed to update beacon template: %d\n", ret);
1759 		return ret;
1760 	}
1761 
1762 	ret = ath10k_mac_setup_prb_tmpl(arvif);
1763 	if (ret) {
1764 		ath10k_warn(ar, "failed to update presp template: %d\n", ret);
1765 		return ret;
1766 	}
1767 
1768 	ret = ath10k_vdev_restart(arvif, &def);
1769 	if (ret) {
1770 		ath10k_warn(ar, "failed to restart ap vdev %i: %d\n",
1771 			    arvif->vdev_id, ret);
1772 		return ret;
1773 	}
1774 
1775 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1776 				 arvif->bssid);
1777 	if (ret) {
1778 		ath10k_warn(ar, "failed to bring up ap vdev %i: %d\n",
1779 			    arvif->vdev_id, ret);
1780 		return ret;
1781 	}
1782 
1783 	return 0;
1784 }
1785 
1786 static void ath10k_control_beaconing(struct ath10k_vif *arvif,
1787 				     struct ieee80211_bss_conf *info)
1788 {
1789 	struct ath10k *ar = arvif->ar;
1790 	int ret = 0;
1791 
1792 	lockdep_assert_held(&arvif->ar->conf_mutex);
1793 
1794 	if (!info->enable_beacon) {
1795 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1796 		if (ret)
1797 			ath10k_warn(ar, "failed to down vdev_id %i: %d\n",
1798 				    arvif->vdev_id, ret);
1799 
1800 		arvif->is_up = false;
1801 
1802 		spin_lock_bh(&arvif->ar->data_lock);
1803 		ath10k_mac_vif_beacon_free(arvif);
1804 		spin_unlock_bh(&arvif->ar->data_lock);
1805 
1806 		return;
1807 	}
1808 
1809 	arvif->tx_seq_no = 0x1000;
1810 
1811 	arvif->aid = 0;
1812 	ether_addr_copy(arvif->bssid, info->bssid);
1813 
1814 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1815 				 arvif->bssid);
1816 	if (ret) {
1817 		ath10k_warn(ar, "failed to bring up vdev %d: %i\n",
1818 			    arvif->vdev_id, ret);
1819 		return;
1820 	}
1821 
1822 	arvif->is_up = true;
1823 
1824 	ret = ath10k_mac_vif_fix_hidden_ssid(arvif);
1825 	if (ret) {
1826 		ath10k_warn(ar, "failed to fix hidden ssid for vdev %i, expect trouble: %d\n",
1827 			    arvif->vdev_id, ret);
1828 		return;
1829 	}
1830 
1831 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d up\n", arvif->vdev_id);
1832 }
1833 
1834 static void ath10k_control_ibss(struct ath10k_vif *arvif,
1835 				struct ieee80211_vif *vif)
1836 {
1837 	struct ath10k *ar = arvif->ar;
1838 	u32 vdev_param;
1839 	int ret = 0;
1840 
1841 	lockdep_assert_held(&arvif->ar->conf_mutex);
1842 
1843 	if (!vif->cfg.ibss_joined) {
1844 		if (is_zero_ether_addr(arvif->bssid))
1845 			return;
1846 
1847 		eth_zero_addr(arvif->bssid);
1848 
1849 		return;
1850 	}
1851 
1852 	vdev_param = arvif->ar->wmi.vdev_param->atim_window;
1853 	ret = ath10k_wmi_vdev_set_param(arvif->ar, arvif->vdev_id, vdev_param,
1854 					ATH10K_DEFAULT_ATIM);
1855 	if (ret)
1856 		ath10k_warn(ar, "failed to set IBSS ATIM for vdev %d: %d\n",
1857 			    arvif->vdev_id, ret);
1858 }
1859 
1860 static int ath10k_mac_vif_recalc_ps_wake_threshold(struct ath10k_vif *arvif)
1861 {
1862 	struct ath10k *ar = arvif->ar;
1863 	u32 param;
1864 	u32 value;
1865 	int ret;
1866 
1867 	lockdep_assert_held(&arvif->ar->conf_mutex);
1868 
1869 	if (arvif->u.sta.uapsd)
1870 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_NEVER;
1871 	else
1872 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_ALWAYS;
1873 
1874 	param = WMI_STA_PS_PARAM_TX_WAKE_THRESHOLD;
1875 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param, value);
1876 	if (ret) {
1877 		ath10k_warn(ar, "failed to submit ps wake threshold %u on vdev %i: %d\n",
1878 			    value, arvif->vdev_id, ret);
1879 		return ret;
1880 	}
1881 
1882 	return 0;
1883 }
1884 
1885 static int ath10k_mac_vif_recalc_ps_poll_count(struct ath10k_vif *arvif)
1886 {
1887 	struct ath10k *ar = arvif->ar;
1888 	u32 param;
1889 	u32 value;
1890 	int ret;
1891 
1892 	lockdep_assert_held(&arvif->ar->conf_mutex);
1893 
1894 	if (arvif->u.sta.uapsd)
1895 		value = WMI_STA_PS_PSPOLL_COUNT_UAPSD;
1896 	else
1897 		value = WMI_STA_PS_PSPOLL_COUNT_NO_MAX;
1898 
1899 	param = WMI_STA_PS_PARAM_PSPOLL_COUNT;
1900 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
1901 					  param, value);
1902 	if (ret) {
1903 		ath10k_warn(ar, "failed to submit ps poll count %u on vdev %i: %d\n",
1904 			    value, arvif->vdev_id, ret);
1905 		return ret;
1906 	}
1907 
1908 	return 0;
1909 }
1910 
1911 static int ath10k_mac_num_vifs_started(struct ath10k *ar)
1912 {
1913 	struct ath10k_vif *arvif;
1914 	int num = 0;
1915 
1916 	lockdep_assert_held(&ar->conf_mutex);
1917 
1918 	list_for_each_entry(arvif, &ar->arvifs, list)
1919 		if (arvif->is_started)
1920 			num++;
1921 
1922 	return num;
1923 }
1924 
1925 static int ath10k_mac_vif_setup_ps(struct ath10k_vif *arvif)
1926 {
1927 	struct ath10k *ar = arvif->ar;
1928 	struct ieee80211_vif *vif = arvif->vif;
1929 	struct ieee80211_conf *conf = &ar->hw->conf;
1930 	enum wmi_sta_powersave_param param;
1931 	enum wmi_sta_ps_mode psmode;
1932 	int ret;
1933 	int ps_timeout;
1934 	bool enable_ps;
1935 
1936 	lockdep_assert_held(&arvif->ar->conf_mutex);
1937 
1938 	if (arvif->vif->type != NL80211_IFTYPE_STATION)
1939 		return 0;
1940 
1941 	enable_ps = arvif->ps;
1942 
1943 	if (enable_ps && ath10k_mac_num_vifs_started(ar) > 1 &&
1944 	    !test_bit(ATH10K_FW_FEATURE_MULTI_VIF_PS_SUPPORT,
1945 		      ar->running_fw->fw_file.fw_features)) {
1946 		ath10k_warn(ar, "refusing to enable ps on vdev %i: not supported by fw\n",
1947 			    arvif->vdev_id);
1948 		enable_ps = false;
1949 	}
1950 
1951 	if (!arvif->is_started) {
1952 		/* mac80211 can update vif powersave state while disconnected.
1953 		 * Firmware doesn't behave nicely and consumes more power than
1954 		 * necessary if PS is disabled on a non-started vdev. Hence
1955 		 * force-enable PS for non-running vdevs.
1956 		 */
1957 		psmode = WMI_STA_PS_MODE_ENABLED;
1958 	} else if (enable_ps) {
1959 		psmode = WMI_STA_PS_MODE_ENABLED;
1960 		param = WMI_STA_PS_PARAM_INACTIVITY_TIME;
1961 
1962 		ps_timeout = conf->dynamic_ps_timeout;
1963 		if (ps_timeout == 0) {
1964 			/* Firmware doesn't like 0 */
1965 			ps_timeout = ieee80211_tu_to_usec(
1966 				vif->bss_conf.beacon_int) / 1000;
1967 		}
1968 
1969 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param,
1970 						  ps_timeout);
1971 		if (ret) {
1972 			ath10k_warn(ar, "failed to set inactivity time for vdev %d: %i\n",
1973 				    arvif->vdev_id, ret);
1974 			return ret;
1975 		}
1976 	} else {
1977 		psmode = WMI_STA_PS_MODE_DISABLED;
1978 	}
1979 
1980 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d psmode %s\n",
1981 		   arvif->vdev_id, psmode ? "enable" : "disable");
1982 
1983 	ret = ath10k_wmi_set_psmode(ar, arvif->vdev_id, psmode);
1984 	if (ret) {
1985 		ath10k_warn(ar, "failed to set PS Mode %d for vdev %d: %d\n",
1986 			    psmode, arvif->vdev_id, ret);
1987 		return ret;
1988 	}
1989 
1990 	return 0;
1991 }
1992 
1993 static int ath10k_mac_vif_disable_keepalive(struct ath10k_vif *arvif)
1994 {
1995 	struct ath10k *ar = arvif->ar;
1996 	struct wmi_sta_keepalive_arg arg = {};
1997 	int ret;
1998 
1999 	lockdep_assert_held(&arvif->ar->conf_mutex);
2000 
2001 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
2002 		return 0;
2003 
2004 	if (!test_bit(WMI_SERVICE_STA_KEEP_ALIVE, ar->wmi.svc_map))
2005 		return 0;
2006 
2007 	/* Some firmware revisions have a bug and ignore the `enabled` field.
2008 	 * Instead use the interval to disable the keepalive.
2009 	 */
2010 	arg.vdev_id = arvif->vdev_id;
2011 	arg.enabled = 1;
2012 	arg.method = WMI_STA_KEEPALIVE_METHOD_NULL_FRAME;
2013 	arg.interval = WMI_STA_KEEPALIVE_INTERVAL_DISABLE;
2014 
2015 	ret = ath10k_wmi_sta_keepalive(ar, &arg);
2016 	if (ret) {
2017 		ath10k_warn(ar, "failed to submit keepalive on vdev %i: %d\n",
2018 			    arvif->vdev_id, ret);
2019 		return ret;
2020 	}
2021 
2022 	return 0;
2023 }
2024 
2025 static void ath10k_mac_vif_ap_csa_count_down(struct ath10k_vif *arvif)
2026 {
2027 	struct ath10k *ar = arvif->ar;
2028 	struct ieee80211_vif *vif = arvif->vif;
2029 	int ret;
2030 
2031 	lockdep_assert_held(&arvif->ar->conf_mutex);
2032 
2033 	if (WARN_ON(!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)))
2034 		return;
2035 
2036 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
2037 		return;
2038 
2039 	if (!vif->bss_conf.csa_active)
2040 		return;
2041 
2042 	if (!arvif->is_up)
2043 		return;
2044 
2045 	if (!ieee80211_beacon_cntdwn_is_complete(vif)) {
2046 		ieee80211_beacon_update_cntdwn(vif);
2047 
2048 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
2049 		if (ret)
2050 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
2051 				    ret);
2052 
2053 		ret = ath10k_mac_setup_prb_tmpl(arvif);
2054 		if (ret)
2055 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
2056 				    ret);
2057 	} else {
2058 		ieee80211_csa_finish(vif);
2059 	}
2060 }
2061 
2062 static void ath10k_mac_vif_ap_csa_work(struct work_struct *work)
2063 {
2064 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2065 						ap_csa_work);
2066 	struct ath10k *ar = arvif->ar;
2067 
2068 	mutex_lock(&ar->conf_mutex);
2069 	ath10k_mac_vif_ap_csa_count_down(arvif);
2070 	mutex_unlock(&ar->conf_mutex);
2071 }
2072 
2073 static void ath10k_mac_handle_beacon_iter(void *data, u8 *mac,
2074 					  struct ieee80211_vif *vif)
2075 {
2076 	struct sk_buff *skb = data;
2077 	struct ieee80211_mgmt *mgmt = (void *)skb->data;
2078 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2079 
2080 	if (vif->type != NL80211_IFTYPE_STATION)
2081 		return;
2082 
2083 	if (!ether_addr_equal(mgmt->bssid, vif->bss_conf.bssid))
2084 		return;
2085 
2086 	cancel_delayed_work(&arvif->connection_loss_work);
2087 }
2088 
2089 void ath10k_mac_handle_beacon(struct ath10k *ar, struct sk_buff *skb)
2090 {
2091 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2092 						   ATH10K_ITER_NORMAL_FLAGS,
2093 						   ath10k_mac_handle_beacon_iter,
2094 						   skb);
2095 }
2096 
2097 static void ath10k_mac_handle_beacon_miss_iter(void *data, u8 *mac,
2098 					       struct ieee80211_vif *vif)
2099 {
2100 	u32 *vdev_id = data;
2101 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2102 	struct ath10k *ar = arvif->ar;
2103 	struct ieee80211_hw *hw = ar->hw;
2104 
2105 	if (arvif->vdev_id != *vdev_id)
2106 		return;
2107 
2108 	if (!arvif->is_up)
2109 		return;
2110 
2111 	ieee80211_beacon_loss(vif);
2112 
2113 	/* Firmware doesn't report beacon loss events repeatedly. If AP probe
2114 	 * (done by mac80211) succeeds but beacons do not resume then it
2115 	 * doesn't make sense to continue operation. Queue connection loss work
2116 	 * which can be cancelled when beacon is received.
2117 	 */
2118 	ieee80211_queue_delayed_work(hw, &arvif->connection_loss_work,
2119 				     ATH10K_CONNECTION_LOSS_HZ);
2120 }
2121 
2122 void ath10k_mac_handle_beacon_miss(struct ath10k *ar, u32 vdev_id)
2123 {
2124 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2125 						   ATH10K_ITER_NORMAL_FLAGS,
2126 						   ath10k_mac_handle_beacon_miss_iter,
2127 						   &vdev_id);
2128 }
2129 
2130 static void ath10k_mac_vif_sta_connection_loss_work(struct work_struct *work)
2131 {
2132 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2133 						connection_loss_work.work);
2134 	struct ieee80211_vif *vif = arvif->vif;
2135 
2136 	if (!arvif->is_up)
2137 		return;
2138 
2139 	ieee80211_connection_loss(vif);
2140 }
2141 
2142 /**********************/
2143 /* Station management */
2144 /**********************/
2145 
2146 static u32 ath10k_peer_assoc_h_listen_intval(struct ath10k *ar,
2147 					     struct ieee80211_vif *vif)
2148 {
2149 	/* Some firmware revisions have unstable STA powersave when listen
2150 	 * interval is set too high (e.g. 5). The symptoms are firmware doesn't
2151 	 * generate NullFunc frames properly even if buffered frames have been
2152 	 * indicated in Beacon TIM. Firmware would seldom wake up to pull
2153 	 * buffered frames. Often pinging the device from AP would simply fail.
2154 	 *
2155 	 * As a workaround set it to 1.
2156 	 */
2157 	if (vif->type == NL80211_IFTYPE_STATION)
2158 		return 1;
2159 
2160 	return ar->hw->conf.listen_interval;
2161 }
2162 
2163 static void ath10k_peer_assoc_h_basic(struct ath10k *ar,
2164 				      struct ieee80211_vif *vif,
2165 				      struct ieee80211_sta *sta,
2166 				      struct wmi_peer_assoc_complete_arg *arg)
2167 {
2168 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2169 	u32 aid;
2170 
2171 	lockdep_assert_held(&ar->conf_mutex);
2172 
2173 	if (vif->type == NL80211_IFTYPE_STATION)
2174 		aid = vif->cfg.aid;
2175 	else
2176 		aid = sta->aid;
2177 
2178 	ether_addr_copy(arg->addr, sta->addr);
2179 	arg->vdev_id = arvif->vdev_id;
2180 	arg->peer_aid = aid;
2181 	arg->peer_flags |= arvif->ar->wmi.peer_flags->auth;
2182 	arg->peer_listen_intval = ath10k_peer_assoc_h_listen_intval(ar, vif);
2183 	arg->peer_num_spatial_streams = 1;
2184 	arg->peer_caps = vif->bss_conf.assoc_capability;
2185 }
2186 
2187 static void ath10k_peer_assoc_h_crypto(struct ath10k *ar,
2188 				       struct ieee80211_vif *vif,
2189 				       struct ieee80211_sta *sta,
2190 				       struct wmi_peer_assoc_complete_arg *arg)
2191 {
2192 	struct ieee80211_bss_conf *info = &vif->bss_conf;
2193 	struct cfg80211_chan_def def;
2194 	struct cfg80211_bss *bss;
2195 	const u8 *rsnie = NULL;
2196 	const u8 *wpaie = NULL;
2197 
2198 	lockdep_assert_held(&ar->conf_mutex);
2199 
2200 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2201 		return;
2202 
2203 	bss = cfg80211_get_bss(ar->hw->wiphy, def.chan, info->bssid,
2204 			       vif->cfg.ssid_len ? vif->cfg.ssid : NULL,
2205 			       vif->cfg.ssid_len,
2206 			       IEEE80211_BSS_TYPE_ANY, IEEE80211_PRIVACY_ANY);
2207 	if (bss) {
2208 		const struct cfg80211_bss_ies *ies;
2209 
2210 		rcu_read_lock();
2211 		rsnie = ieee80211_bss_get_ie(bss, WLAN_EID_RSN);
2212 
2213 		ies = rcu_dereference(bss->ies);
2214 
2215 		wpaie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
2216 						WLAN_OUI_TYPE_MICROSOFT_WPA,
2217 						ies->data,
2218 						ies->len);
2219 		rcu_read_unlock();
2220 		cfg80211_put_bss(ar->hw->wiphy, bss);
2221 	}
2222 
2223 	/* FIXME: base on RSN IE/WPA IE is a correct idea? */
2224 	if (rsnie || wpaie) {
2225 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: rsn ie found\n", __func__);
2226 		arg->peer_flags |= ar->wmi.peer_flags->need_ptk_4_way;
2227 	}
2228 
2229 	if (wpaie) {
2230 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: wpa ie found\n", __func__);
2231 		arg->peer_flags |= ar->wmi.peer_flags->need_gtk_2_way;
2232 	}
2233 
2234 	if (sta->mfp &&
2235 	    test_bit(ATH10K_FW_FEATURE_MFP_SUPPORT,
2236 		     ar->running_fw->fw_file.fw_features)) {
2237 		arg->peer_flags |= ar->wmi.peer_flags->pmf;
2238 	}
2239 }
2240 
2241 static void ath10k_peer_assoc_h_rates(struct ath10k *ar,
2242 				      struct ieee80211_vif *vif,
2243 				      struct ieee80211_sta *sta,
2244 				      struct wmi_peer_assoc_complete_arg *arg)
2245 {
2246 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2247 	struct wmi_rate_set_arg *rateset = &arg->peer_legacy_rates;
2248 	struct cfg80211_chan_def def;
2249 	const struct ieee80211_supported_band *sband;
2250 	const struct ieee80211_rate *rates;
2251 	enum nl80211_band band;
2252 	u32 ratemask;
2253 	u8 rate;
2254 	int i;
2255 
2256 	lockdep_assert_held(&ar->conf_mutex);
2257 
2258 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2259 		return;
2260 
2261 	band = def.chan->band;
2262 	sband = ar->hw->wiphy->bands[band];
2263 	ratemask = sta->deflink.supp_rates[band];
2264 	ratemask &= arvif->bitrate_mask.control[band].legacy;
2265 	rates = sband->bitrates;
2266 
2267 	rateset->num_rates = 0;
2268 
2269 	for (i = 0; i < 32; i++, ratemask >>= 1, rates++) {
2270 		if (!(ratemask & 1))
2271 			continue;
2272 
2273 		rate = ath10k_mac_bitrate_to_rate(rates->bitrate);
2274 		rateset->rates[rateset->num_rates] = rate;
2275 		rateset->num_rates++;
2276 	}
2277 }
2278 
2279 static bool
2280 ath10k_peer_assoc_h_ht_masked(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
2281 {
2282 	int nss;
2283 
2284 	for (nss = 0; nss < IEEE80211_HT_MCS_MASK_LEN; nss++)
2285 		if (ht_mcs_mask[nss])
2286 			return false;
2287 
2288 	return true;
2289 }
2290 
2291 static bool
2292 ath10k_peer_assoc_h_vht_masked(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
2293 {
2294 	int nss;
2295 
2296 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++)
2297 		if (vht_mcs_mask[nss])
2298 			return false;
2299 
2300 	return true;
2301 }
2302 
2303 static void ath10k_peer_assoc_h_ht(struct ath10k *ar,
2304 				   struct ieee80211_vif *vif,
2305 				   struct ieee80211_sta *sta,
2306 				   struct wmi_peer_assoc_complete_arg *arg)
2307 {
2308 	const struct ieee80211_sta_ht_cap *ht_cap = &sta->deflink.ht_cap;
2309 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2310 	struct cfg80211_chan_def def;
2311 	enum nl80211_band band;
2312 	const u8 *ht_mcs_mask;
2313 	const u16 *vht_mcs_mask;
2314 	int i, n;
2315 	u8 max_nss;
2316 	u32 stbc;
2317 
2318 	lockdep_assert_held(&ar->conf_mutex);
2319 
2320 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2321 		return;
2322 
2323 	if (!ht_cap->ht_supported)
2324 		return;
2325 
2326 	band = def.chan->band;
2327 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2328 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2329 
2330 	if (ath10k_peer_assoc_h_ht_masked(ht_mcs_mask) &&
2331 	    ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2332 		return;
2333 
2334 	arg->peer_flags |= ar->wmi.peer_flags->ht;
2335 	arg->peer_max_mpdu = (1 << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2336 				    ht_cap->ampdu_factor)) - 1;
2337 
2338 	arg->peer_mpdu_density =
2339 		ath10k_parse_mpdudensity(ht_cap->ampdu_density);
2340 
2341 	arg->peer_ht_caps = ht_cap->cap;
2342 	arg->peer_rate_caps |= WMI_RC_HT_FLAG;
2343 
2344 	if (ht_cap->cap & IEEE80211_HT_CAP_LDPC_CODING)
2345 		arg->peer_flags |= ar->wmi.peer_flags->ldbc;
2346 
2347 	if (sta->deflink.bandwidth >= IEEE80211_STA_RX_BW_40) {
2348 		arg->peer_flags |= ar->wmi.peer_flags->bw40;
2349 		arg->peer_rate_caps |= WMI_RC_CW40_FLAG;
2350 	}
2351 
2352 	if (arvif->bitrate_mask.control[band].gi != NL80211_TXRATE_FORCE_LGI) {
2353 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_20)
2354 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2355 
2356 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_40)
2357 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2358 	}
2359 
2360 	if (ht_cap->cap & IEEE80211_HT_CAP_TX_STBC) {
2361 		arg->peer_rate_caps |= WMI_RC_TX_STBC_FLAG;
2362 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2363 	}
2364 
2365 	if (ht_cap->cap & IEEE80211_HT_CAP_RX_STBC) {
2366 		stbc = ht_cap->cap & IEEE80211_HT_CAP_RX_STBC;
2367 		stbc = stbc >> IEEE80211_HT_CAP_RX_STBC_SHIFT;
2368 		stbc = stbc << WMI_RC_RX_STBC_FLAG_S;
2369 		arg->peer_rate_caps |= stbc;
2370 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2371 	}
2372 
2373 	if (ht_cap->mcs.rx_mask[1] && ht_cap->mcs.rx_mask[2])
2374 		arg->peer_rate_caps |= WMI_RC_TS_FLAG;
2375 	else if (ht_cap->mcs.rx_mask[1])
2376 		arg->peer_rate_caps |= WMI_RC_DS_FLAG;
2377 
2378 	for (i = 0, n = 0, max_nss = 0; i < IEEE80211_HT_MCS_MASK_LEN * 8; i++)
2379 		if ((ht_cap->mcs.rx_mask[i / 8] & BIT(i % 8)) &&
2380 		    (ht_mcs_mask[i / 8] & BIT(i % 8))) {
2381 			max_nss = (i / 8) + 1;
2382 			arg->peer_ht_rates.rates[n++] = i;
2383 		}
2384 
2385 	/*
2386 	 * This is a workaround for HT-enabled STAs which break the spec
2387 	 * and have no HT capabilities RX mask (no HT RX MCS map).
2388 	 *
2389 	 * As per spec, in section 20.3.5 Modulation and coding scheme (MCS),
2390 	 * MCS 0 through 7 are mandatory in 20MHz with 800 ns GI at all STAs.
2391 	 *
2392 	 * Firmware asserts if such situation occurs.
2393 	 */
2394 	if (n == 0) {
2395 		arg->peer_ht_rates.num_rates = 8;
2396 		for (i = 0; i < arg->peer_ht_rates.num_rates; i++)
2397 			arg->peer_ht_rates.rates[i] = i;
2398 	} else {
2399 		arg->peer_ht_rates.num_rates = n;
2400 		arg->peer_num_spatial_streams = min(sta->deflink.rx_nss,
2401 						    max_nss);
2402 	}
2403 
2404 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ht peer %pM mcs cnt %d nss %d\n",
2405 		   arg->addr,
2406 		   arg->peer_ht_rates.num_rates,
2407 		   arg->peer_num_spatial_streams);
2408 }
2409 
2410 static int ath10k_peer_assoc_qos_ap(struct ath10k *ar,
2411 				    struct ath10k_vif *arvif,
2412 				    struct ieee80211_sta *sta)
2413 {
2414 	u32 uapsd = 0;
2415 	u32 max_sp = 0;
2416 	int ret = 0;
2417 
2418 	lockdep_assert_held(&ar->conf_mutex);
2419 
2420 	if (sta->wme && sta->uapsd_queues) {
2421 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac uapsd_queues 0x%x max_sp %d\n",
2422 			   sta->uapsd_queues, sta->max_sp);
2423 
2424 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
2425 			uapsd |= WMI_AP_PS_UAPSD_AC3_DELIVERY_EN |
2426 				 WMI_AP_PS_UAPSD_AC3_TRIGGER_EN;
2427 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
2428 			uapsd |= WMI_AP_PS_UAPSD_AC2_DELIVERY_EN |
2429 				 WMI_AP_PS_UAPSD_AC2_TRIGGER_EN;
2430 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
2431 			uapsd |= WMI_AP_PS_UAPSD_AC1_DELIVERY_EN |
2432 				 WMI_AP_PS_UAPSD_AC1_TRIGGER_EN;
2433 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
2434 			uapsd |= WMI_AP_PS_UAPSD_AC0_DELIVERY_EN |
2435 				 WMI_AP_PS_UAPSD_AC0_TRIGGER_EN;
2436 
2437 		if (sta->max_sp < MAX_WMI_AP_PS_PEER_PARAM_MAX_SP)
2438 			max_sp = sta->max_sp;
2439 
2440 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2441 						 sta->addr,
2442 						 WMI_AP_PS_PEER_PARAM_UAPSD,
2443 						 uapsd);
2444 		if (ret) {
2445 			ath10k_warn(ar, "failed to set ap ps peer param uapsd for vdev %i: %d\n",
2446 				    arvif->vdev_id, ret);
2447 			return ret;
2448 		}
2449 
2450 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2451 						 sta->addr,
2452 						 WMI_AP_PS_PEER_PARAM_MAX_SP,
2453 						 max_sp);
2454 		if (ret) {
2455 			ath10k_warn(ar, "failed to set ap ps peer param max sp for vdev %i: %d\n",
2456 				    arvif->vdev_id, ret);
2457 			return ret;
2458 		}
2459 
2460 		/* TODO setup this based on STA listen interval and
2461 		 * beacon interval. Currently we don't know
2462 		 * sta->listen_interval - mac80211 patch required.
2463 		 * Currently use 10 seconds
2464 		 */
2465 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id, sta->addr,
2466 						 WMI_AP_PS_PEER_PARAM_AGEOUT_TIME,
2467 						 10);
2468 		if (ret) {
2469 			ath10k_warn(ar, "failed to set ap ps peer param ageout time for vdev %i: %d\n",
2470 				    arvif->vdev_id, ret);
2471 			return ret;
2472 		}
2473 	}
2474 
2475 	return 0;
2476 }
2477 
2478 static u16
2479 ath10k_peer_assoc_h_vht_limit(u16 tx_mcs_set,
2480 			      const u16 vht_mcs_limit[NL80211_VHT_NSS_MAX])
2481 {
2482 	int idx_limit;
2483 	int nss;
2484 	u16 mcs_map;
2485 	u16 mcs;
2486 
2487 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
2488 		mcs_map = ath10k_mac_get_max_vht_mcs_map(tx_mcs_set, nss) &
2489 			  vht_mcs_limit[nss];
2490 
2491 		if (mcs_map)
2492 			idx_limit = fls(mcs_map) - 1;
2493 		else
2494 			idx_limit = -1;
2495 
2496 		switch (idx_limit) {
2497 		case 0:
2498 		case 1:
2499 		case 2:
2500 		case 3:
2501 		case 4:
2502 		case 5:
2503 		case 6:
2504 		default:
2505 			/* see ath10k_mac_can_set_bitrate_mask() */
2506 			WARN_ON(1);
2507 			fallthrough;
2508 		case -1:
2509 			mcs = IEEE80211_VHT_MCS_NOT_SUPPORTED;
2510 			break;
2511 		case 7:
2512 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_7;
2513 			break;
2514 		case 8:
2515 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_8;
2516 			break;
2517 		case 9:
2518 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_9;
2519 			break;
2520 		}
2521 
2522 		tx_mcs_set &= ~(0x3 << (nss * 2));
2523 		tx_mcs_set |= mcs << (nss * 2);
2524 	}
2525 
2526 	return tx_mcs_set;
2527 }
2528 
2529 static u32 get_160mhz_nss_from_maxrate(int rate)
2530 {
2531 	u32 nss;
2532 
2533 	switch (rate) {
2534 	case 780:
2535 		nss = 1;
2536 		break;
2537 	case 1560:
2538 		nss = 2;
2539 		break;
2540 	case 2106:
2541 		nss = 3; /* not support MCS9 from spec*/
2542 		break;
2543 	case 3120:
2544 		nss = 4;
2545 		break;
2546 	default:
2547 		 nss = 1;
2548 	}
2549 
2550 	return nss;
2551 }
2552 
2553 static void ath10k_peer_assoc_h_vht(struct ath10k *ar,
2554 				    struct ieee80211_vif *vif,
2555 				    struct ieee80211_sta *sta,
2556 				    struct wmi_peer_assoc_complete_arg *arg)
2557 {
2558 	const struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
2559 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2560 	struct ath10k_hw_params *hw = &ar->hw_params;
2561 	struct cfg80211_chan_def def;
2562 	enum nl80211_band band;
2563 	const u16 *vht_mcs_mask;
2564 	u8 ampdu_factor;
2565 	u8 max_nss, vht_mcs;
2566 	int i;
2567 
2568 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2569 		return;
2570 
2571 	if (!vht_cap->vht_supported)
2572 		return;
2573 
2574 	band = def.chan->band;
2575 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2576 
2577 	if (ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2578 		return;
2579 
2580 	arg->peer_flags |= ar->wmi.peer_flags->vht;
2581 
2582 	if (def.chan->band == NL80211_BAND_2GHZ)
2583 		arg->peer_flags |= ar->wmi.peer_flags->vht_2g;
2584 
2585 	arg->peer_vht_caps = vht_cap->cap;
2586 
2587 	ampdu_factor = (vht_cap->cap &
2588 			IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK) >>
2589 		       IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT;
2590 
2591 	/* Workaround: Some Netgear/Linksys 11ac APs set Rx A-MPDU factor to
2592 	 * zero in VHT IE. Using it would result in degraded throughput.
2593 	 * arg->peer_max_mpdu at this point contains HT max_mpdu so keep
2594 	 * it if VHT max_mpdu is smaller.
2595 	 */
2596 	arg->peer_max_mpdu = max(arg->peer_max_mpdu,
2597 				 (1U << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2598 					ampdu_factor)) - 1);
2599 
2600 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_80)
2601 		arg->peer_flags |= ar->wmi.peer_flags->bw80;
2602 
2603 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
2604 		arg->peer_flags |= ar->wmi.peer_flags->bw160;
2605 
2606 	/* Calculate peer NSS capability from VHT capabilities if STA
2607 	 * supports VHT.
2608 	 */
2609 	for (i = 0, max_nss = 0, vht_mcs = 0; i < NL80211_VHT_NSS_MAX; i++) {
2610 		vht_mcs = __le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map) >>
2611 			  (2 * i) & 3;
2612 
2613 		if ((vht_mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED) &&
2614 		    vht_mcs_mask[i])
2615 			max_nss = i + 1;
2616 	}
2617 	arg->peer_num_spatial_streams = min(sta->deflink.rx_nss, max_nss);
2618 	arg->peer_vht_rates.rx_max_rate =
2619 		__le16_to_cpu(vht_cap->vht_mcs.rx_highest);
2620 	arg->peer_vht_rates.rx_mcs_set =
2621 		__le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map);
2622 	arg->peer_vht_rates.tx_max_rate =
2623 		__le16_to_cpu(vht_cap->vht_mcs.tx_highest);
2624 	arg->peer_vht_rates.tx_mcs_set = ath10k_peer_assoc_h_vht_limit(
2625 		__le16_to_cpu(vht_cap->vht_mcs.tx_mcs_map), vht_mcs_mask);
2626 
2627 	/* Configure bandwidth-NSS mapping to FW
2628 	 * for the chip's tx chains setting on 160Mhz bw
2629 	 */
2630 	if (arg->peer_phymode == MODE_11AC_VHT160 ||
2631 	    arg->peer_phymode == MODE_11AC_VHT80_80) {
2632 		u32 rx_nss;
2633 		u32 max_rate;
2634 
2635 		max_rate = arg->peer_vht_rates.rx_max_rate;
2636 		rx_nss = get_160mhz_nss_from_maxrate(max_rate);
2637 
2638 		if (rx_nss == 0)
2639 			rx_nss = arg->peer_num_spatial_streams;
2640 		else
2641 			rx_nss = min(arg->peer_num_spatial_streams, rx_nss);
2642 
2643 		max_rate = hw->vht160_mcs_tx_highest;
2644 		rx_nss = min(rx_nss, get_160mhz_nss_from_maxrate(max_rate));
2645 
2646 		arg->peer_bw_rxnss_override =
2647 			FIELD_PREP(WMI_PEER_NSS_MAP_ENABLE, 1) |
2648 			FIELD_PREP(WMI_PEER_NSS_160MHZ_MASK, (rx_nss - 1));
2649 
2650 		if (arg->peer_phymode == MODE_11AC_VHT80_80) {
2651 			arg->peer_bw_rxnss_override |=
2652 			FIELD_PREP(WMI_PEER_NSS_80_80MHZ_MASK, (rx_nss - 1));
2653 		}
2654 	}
2655 	ath10k_dbg(ar, ATH10K_DBG_MAC,
2656 		   "mac vht peer %pM max_mpdu %d flags 0x%x peer_rx_nss_override 0x%x\n",
2657 		   sta->addr, arg->peer_max_mpdu,
2658 		   arg->peer_flags, arg->peer_bw_rxnss_override);
2659 }
2660 
2661 static void ath10k_peer_assoc_h_qos(struct ath10k *ar,
2662 				    struct ieee80211_vif *vif,
2663 				    struct ieee80211_sta *sta,
2664 				    struct wmi_peer_assoc_complete_arg *arg)
2665 {
2666 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2667 
2668 	switch (arvif->vdev_type) {
2669 	case WMI_VDEV_TYPE_AP:
2670 		if (sta->wme)
2671 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2672 
2673 		if (sta->wme && sta->uapsd_queues) {
2674 			arg->peer_flags |= arvif->ar->wmi.peer_flags->apsd;
2675 			arg->peer_rate_caps |= WMI_RC_UAPSD_FLAG;
2676 		}
2677 		break;
2678 	case WMI_VDEV_TYPE_STA:
2679 		if (sta->wme)
2680 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2681 		break;
2682 	case WMI_VDEV_TYPE_IBSS:
2683 		if (sta->wme)
2684 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2685 		break;
2686 	default:
2687 		break;
2688 	}
2689 
2690 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM qos %d\n",
2691 		   sta->addr, !!(arg->peer_flags &
2692 		   arvif->ar->wmi.peer_flags->qos));
2693 }
2694 
2695 static bool ath10k_mac_sta_has_ofdm_only(struct ieee80211_sta *sta)
2696 {
2697 	return sta->deflink.supp_rates[NL80211_BAND_2GHZ] >>
2698 	       ATH10K_MAC_FIRST_OFDM_RATE_IDX;
2699 }
2700 
2701 static enum wmi_phy_mode ath10k_mac_get_phymode_vht(struct ath10k *ar,
2702 						    struct ieee80211_sta *sta)
2703 {
2704 	struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
2705 
2706 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160) {
2707 		switch (vht_cap->cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) {
2708 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ:
2709 			return MODE_11AC_VHT160;
2710 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ:
2711 			return MODE_11AC_VHT80_80;
2712 		default:
2713 			/* not sure if this is a valid case? */
2714 			return MODE_11AC_VHT160;
2715 		}
2716 	}
2717 
2718 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_80)
2719 		return MODE_11AC_VHT80;
2720 
2721 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2722 		return MODE_11AC_VHT40;
2723 
2724 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_20)
2725 		return MODE_11AC_VHT20;
2726 
2727 	return MODE_UNKNOWN;
2728 }
2729 
2730 static void ath10k_peer_assoc_h_phymode(struct ath10k *ar,
2731 					struct ieee80211_vif *vif,
2732 					struct ieee80211_sta *sta,
2733 					struct wmi_peer_assoc_complete_arg *arg)
2734 {
2735 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2736 	struct cfg80211_chan_def def;
2737 	enum nl80211_band band;
2738 	const u8 *ht_mcs_mask;
2739 	const u16 *vht_mcs_mask;
2740 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
2741 
2742 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2743 		return;
2744 
2745 	band = def.chan->band;
2746 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2747 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2748 
2749 	switch (band) {
2750 	case NL80211_BAND_2GHZ:
2751 		if (sta->deflink.vht_cap.vht_supported &&
2752 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2753 			if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2754 				phymode = MODE_11AC_VHT40;
2755 			else
2756 				phymode = MODE_11AC_VHT20;
2757 		} else if (sta->deflink.ht_cap.ht_supported &&
2758 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2759 			if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2760 				phymode = MODE_11NG_HT40;
2761 			else
2762 				phymode = MODE_11NG_HT20;
2763 		} else if (ath10k_mac_sta_has_ofdm_only(sta)) {
2764 			phymode = MODE_11G;
2765 		} else {
2766 			phymode = MODE_11B;
2767 		}
2768 
2769 		break;
2770 	case NL80211_BAND_5GHZ:
2771 		/*
2772 		 * Check VHT first.
2773 		 */
2774 		if (sta->deflink.vht_cap.vht_supported &&
2775 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2776 			phymode = ath10k_mac_get_phymode_vht(ar, sta);
2777 		} else if (sta->deflink.ht_cap.ht_supported &&
2778 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2779 			if (sta->deflink.bandwidth >= IEEE80211_STA_RX_BW_40)
2780 				phymode = MODE_11NA_HT40;
2781 			else
2782 				phymode = MODE_11NA_HT20;
2783 		} else {
2784 			phymode = MODE_11A;
2785 		}
2786 
2787 		break;
2788 	default:
2789 		break;
2790 	}
2791 
2792 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM phymode %s\n",
2793 		   sta->addr, ath10k_wmi_phymode_str(phymode));
2794 
2795 	arg->peer_phymode = phymode;
2796 	WARN_ON(phymode == MODE_UNKNOWN);
2797 }
2798 
2799 static int ath10k_peer_assoc_prepare(struct ath10k *ar,
2800 				     struct ieee80211_vif *vif,
2801 				     struct ieee80211_sta *sta,
2802 				     struct wmi_peer_assoc_complete_arg *arg)
2803 {
2804 	lockdep_assert_held(&ar->conf_mutex);
2805 
2806 	memset(arg, 0, sizeof(*arg));
2807 
2808 	ath10k_peer_assoc_h_basic(ar, vif, sta, arg);
2809 	ath10k_peer_assoc_h_crypto(ar, vif, sta, arg);
2810 	ath10k_peer_assoc_h_rates(ar, vif, sta, arg);
2811 	ath10k_peer_assoc_h_ht(ar, vif, sta, arg);
2812 	ath10k_peer_assoc_h_phymode(ar, vif, sta, arg);
2813 	ath10k_peer_assoc_h_vht(ar, vif, sta, arg);
2814 	ath10k_peer_assoc_h_qos(ar, vif, sta, arg);
2815 
2816 	return 0;
2817 }
2818 
2819 static const u32 ath10k_smps_map[] = {
2820 	[WLAN_HT_CAP_SM_PS_STATIC] = WMI_PEER_SMPS_STATIC,
2821 	[WLAN_HT_CAP_SM_PS_DYNAMIC] = WMI_PEER_SMPS_DYNAMIC,
2822 	[WLAN_HT_CAP_SM_PS_INVALID] = WMI_PEER_SMPS_PS_NONE,
2823 	[WLAN_HT_CAP_SM_PS_DISABLED] = WMI_PEER_SMPS_PS_NONE,
2824 };
2825 
2826 static int ath10k_setup_peer_smps(struct ath10k *ar, struct ath10k_vif *arvif,
2827 				  const u8 *addr,
2828 				  const struct ieee80211_sta_ht_cap *ht_cap)
2829 {
2830 	int smps;
2831 
2832 	if (!ht_cap->ht_supported)
2833 		return 0;
2834 
2835 	smps = ht_cap->cap & IEEE80211_HT_CAP_SM_PS;
2836 	smps >>= IEEE80211_HT_CAP_SM_PS_SHIFT;
2837 
2838 	if (smps >= ARRAY_SIZE(ath10k_smps_map))
2839 		return -EINVAL;
2840 
2841 	return ath10k_wmi_peer_set_param(ar, arvif->vdev_id, addr,
2842 					 ar->wmi.peer_param->smps_state,
2843 					 ath10k_smps_map[smps]);
2844 }
2845 
2846 static int ath10k_mac_vif_recalc_txbf(struct ath10k *ar,
2847 				      struct ieee80211_vif *vif,
2848 				      struct ieee80211_sta_vht_cap vht_cap)
2849 {
2850 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2851 	int ret;
2852 	u32 param;
2853 	u32 value;
2854 
2855 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_AFTER_ASSOC)
2856 		return 0;
2857 
2858 	if (!(ar->vht_cap_info &
2859 	      (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2860 	       IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE |
2861 	       IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2862 	       IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
2863 		return 0;
2864 
2865 	param = ar->wmi.vdev_param->txbf;
2866 	value = 0;
2867 
2868 	if (WARN_ON(param == WMI_VDEV_PARAM_UNSUPPORTED))
2869 		return 0;
2870 
2871 	/* The following logic is correct. If a remote STA advertises support
2872 	 * for being a beamformer then we should enable us being a beamformee.
2873 	 */
2874 
2875 	if (ar->vht_cap_info &
2876 	    (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2877 	     IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
2878 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
2879 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2880 
2881 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
2882 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFEE;
2883 	}
2884 
2885 	if (ar->vht_cap_info &
2886 	    (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2887 	     IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
2888 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
2889 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2890 
2891 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
2892 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFER;
2893 	}
2894 
2895 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFEE)
2896 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2897 
2898 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFER)
2899 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2900 
2901 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param, value);
2902 	if (ret) {
2903 		ath10k_warn(ar, "failed to submit vdev param txbf 0x%x: %d\n",
2904 			    value, ret);
2905 		return ret;
2906 	}
2907 
2908 	return 0;
2909 }
2910 
2911 static bool ath10k_mac_is_connected(struct ath10k *ar)
2912 {
2913 	struct ath10k_vif *arvif;
2914 
2915 	list_for_each_entry(arvif, &ar->arvifs, list) {
2916 		if (arvif->is_up && arvif->vdev_type == WMI_VDEV_TYPE_STA)
2917 			return true;
2918 	}
2919 
2920 	return false;
2921 }
2922 
2923 static int ath10k_mac_txpower_setup(struct ath10k *ar, int txpower)
2924 {
2925 	int ret;
2926 	u32 param;
2927 	int tx_power_2g, tx_power_5g;
2928 	bool connected;
2929 
2930 	lockdep_assert_held(&ar->conf_mutex);
2931 
2932 	/* ath10k internally uses unit of 0.5 dBm so multiply by 2 */
2933 	tx_power_2g = txpower * 2;
2934 	tx_power_5g = txpower * 2;
2935 
2936 	connected = ath10k_mac_is_connected(ar);
2937 
2938 	if (connected && ar->tx_power_2g_limit)
2939 		if (tx_power_2g > ar->tx_power_2g_limit)
2940 			tx_power_2g = ar->tx_power_2g_limit;
2941 
2942 	if (connected && ar->tx_power_5g_limit)
2943 		if (tx_power_5g > ar->tx_power_5g_limit)
2944 			tx_power_5g = ar->tx_power_5g_limit;
2945 
2946 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac txpower 2g: %d, 5g: %d\n",
2947 		   tx_power_2g, tx_power_5g);
2948 
2949 	param = ar->wmi.pdev_param->txpower_limit2g;
2950 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_2g);
2951 	if (ret) {
2952 		ath10k_warn(ar, "failed to set 2g txpower %d: %d\n",
2953 			    tx_power_2g, ret);
2954 		return ret;
2955 	}
2956 
2957 	param = ar->wmi.pdev_param->txpower_limit5g;
2958 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_5g);
2959 	if (ret) {
2960 		ath10k_warn(ar, "failed to set 5g txpower %d: %d\n",
2961 			    tx_power_5g, ret);
2962 		return ret;
2963 	}
2964 
2965 	return 0;
2966 }
2967 
2968 static int ath10k_mac_txpower_recalc(struct ath10k *ar)
2969 {
2970 	struct ath10k_vif *arvif;
2971 	int ret, txpower = -1;
2972 
2973 	lockdep_assert_held(&ar->conf_mutex);
2974 
2975 	list_for_each_entry(arvif, &ar->arvifs, list) {
2976 		/* txpower not initialized yet? */
2977 		if (arvif->txpower == INT_MIN)
2978 			continue;
2979 
2980 		if (txpower == -1)
2981 			txpower = arvif->txpower;
2982 		else
2983 			txpower = min(txpower, arvif->txpower);
2984 	}
2985 
2986 	if (txpower == -1)
2987 		return 0;
2988 
2989 	ret = ath10k_mac_txpower_setup(ar, txpower);
2990 	if (ret) {
2991 		ath10k_warn(ar, "failed to setup tx power %d: %d\n",
2992 			    txpower, ret);
2993 		return ret;
2994 	}
2995 
2996 	return 0;
2997 }
2998 
2999 static int ath10k_mac_set_sar_power(struct ath10k *ar)
3000 {
3001 	if (!ar->hw_params.dynamic_sar_support)
3002 		return -EOPNOTSUPP;
3003 
3004 	if (!ath10k_mac_is_connected(ar))
3005 		return 0;
3006 
3007 	/* if connected, then arvif->txpower must be valid */
3008 	return ath10k_mac_txpower_recalc(ar);
3009 }
3010 
3011 static int ath10k_mac_set_sar_specs(struct ieee80211_hw *hw,
3012 				    const struct cfg80211_sar_specs *sar)
3013 {
3014 	const struct cfg80211_sar_sub_specs *sub_specs;
3015 	struct ath10k *ar = hw->priv;
3016 	u32 i;
3017 	int ret;
3018 
3019 	mutex_lock(&ar->conf_mutex);
3020 
3021 	if (!ar->hw_params.dynamic_sar_support) {
3022 		ret = -EOPNOTSUPP;
3023 		goto err;
3024 	}
3025 
3026 	if (!sar || sar->type != NL80211_SAR_TYPE_POWER ||
3027 	    sar->num_sub_specs == 0) {
3028 		ret = -EINVAL;
3029 		goto err;
3030 	}
3031 
3032 	sub_specs = sar->sub_specs;
3033 
3034 	/* 0dbm is not a practical value for ath10k, so use 0
3035 	 * as no SAR limitation on it.
3036 	 */
3037 	ar->tx_power_2g_limit = 0;
3038 	ar->tx_power_5g_limit = 0;
3039 
3040 	/* note the power is in 0.25dbm unit, while ath10k uses
3041 	 * 0.5dbm unit.
3042 	 */
3043 	for (i = 0; i < sar->num_sub_specs; i++) {
3044 		if (sub_specs->freq_range_index == 0)
3045 			ar->tx_power_2g_limit = sub_specs->power / 2;
3046 		else if (sub_specs->freq_range_index == 1)
3047 			ar->tx_power_5g_limit = sub_specs->power / 2;
3048 
3049 		sub_specs++;
3050 	}
3051 
3052 	ret = ath10k_mac_set_sar_power(ar);
3053 	if (ret) {
3054 		ath10k_warn(ar, "failed to set sar power: %d", ret);
3055 		goto err;
3056 	}
3057 
3058 err:
3059 	mutex_unlock(&ar->conf_mutex);
3060 	return ret;
3061 }
3062 
3063 /* can be called only in mac80211 callbacks due to `key_count` usage */
3064 static void ath10k_bss_assoc(struct ieee80211_hw *hw,
3065 			     struct ieee80211_vif *vif,
3066 			     struct ieee80211_bss_conf *bss_conf)
3067 {
3068 	struct ath10k *ar = hw->priv;
3069 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3070 	struct ieee80211_sta_ht_cap ht_cap;
3071 	struct ieee80211_sta_vht_cap vht_cap;
3072 	struct wmi_peer_assoc_complete_arg peer_arg;
3073 	struct ieee80211_sta *ap_sta;
3074 	int ret;
3075 
3076 	lockdep_assert_held(&ar->conf_mutex);
3077 
3078 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i assoc bssid %pM aid %d\n",
3079 		   arvif->vdev_id, arvif->bssid, arvif->aid);
3080 
3081 	rcu_read_lock();
3082 
3083 	ap_sta = ieee80211_find_sta(vif, bss_conf->bssid);
3084 	if (!ap_sta) {
3085 		ath10k_warn(ar, "failed to find station entry for bss %pM vdev %i\n",
3086 			    bss_conf->bssid, arvif->vdev_id);
3087 		rcu_read_unlock();
3088 		return;
3089 	}
3090 
3091 	/* ap_sta must be accessed only within rcu section which must be left
3092 	 * before calling ath10k_setup_peer_smps() which might sleep.
3093 	 */
3094 	ht_cap = ap_sta->deflink.ht_cap;
3095 	vht_cap = ap_sta->deflink.vht_cap;
3096 
3097 	ret = ath10k_peer_assoc_prepare(ar, vif, ap_sta, &peer_arg);
3098 	if (ret) {
3099 		ath10k_warn(ar, "failed to prepare peer assoc for %pM vdev %i: %d\n",
3100 			    bss_conf->bssid, arvif->vdev_id, ret);
3101 		rcu_read_unlock();
3102 		return;
3103 	}
3104 
3105 	rcu_read_unlock();
3106 
3107 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3108 	if (ret) {
3109 		ath10k_warn(ar, "failed to run peer assoc for %pM vdev %i: %d\n",
3110 			    bss_conf->bssid, arvif->vdev_id, ret);
3111 		return;
3112 	}
3113 
3114 	ret = ath10k_setup_peer_smps(ar, arvif, bss_conf->bssid, &ht_cap);
3115 	if (ret) {
3116 		ath10k_warn(ar, "failed to setup peer SMPS for vdev %i: %d\n",
3117 			    arvif->vdev_id, ret);
3118 		return;
3119 	}
3120 
3121 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3122 	if (ret) {
3123 		ath10k_warn(ar, "failed to recalc txbf for vdev %i on bss %pM: %d\n",
3124 			    arvif->vdev_id, bss_conf->bssid, ret);
3125 		return;
3126 	}
3127 
3128 	ath10k_dbg(ar, ATH10K_DBG_MAC,
3129 		   "mac vdev %d up (associated) bssid %pM aid %d\n",
3130 		   arvif->vdev_id, bss_conf->bssid, vif->cfg.aid);
3131 
3132 	WARN_ON(arvif->is_up);
3133 
3134 	arvif->aid = vif->cfg.aid;
3135 	ether_addr_copy(arvif->bssid, bss_conf->bssid);
3136 
3137 	ret = ath10k_wmi_pdev_set_param(ar,
3138 					ar->wmi.pdev_param->peer_stats_info_enable, 1);
3139 	if (ret)
3140 		ath10k_warn(ar, "failed to enable peer stats info: %d\n", ret);
3141 
3142 	ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, arvif->aid, arvif->bssid);
3143 	if (ret) {
3144 		ath10k_warn(ar, "failed to set vdev %d up: %d\n",
3145 			    arvif->vdev_id, ret);
3146 		return;
3147 	}
3148 
3149 	arvif->is_up = true;
3150 
3151 	ath10k_mac_set_sar_power(ar);
3152 
3153 	/* Workaround: Some firmware revisions (tested with qca6174
3154 	 * WLAN.RM.2.0-00073) have buggy powersave state machine and must be
3155 	 * poked with peer param command.
3156 	 */
3157 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, arvif->bssid,
3158 					ar->wmi.peer_param->dummy_var, 1);
3159 	if (ret) {
3160 		ath10k_warn(ar, "failed to poke peer %pM param for ps workaround on vdev %i: %d\n",
3161 			    arvif->bssid, arvif->vdev_id, ret);
3162 		return;
3163 	}
3164 }
3165 
3166 static void ath10k_bss_disassoc(struct ieee80211_hw *hw,
3167 				struct ieee80211_vif *vif)
3168 {
3169 	struct ath10k *ar = hw->priv;
3170 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3171 	struct ieee80211_sta_vht_cap vht_cap = {};
3172 	int ret;
3173 
3174 	lockdep_assert_held(&ar->conf_mutex);
3175 
3176 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i disassoc bssid %pM\n",
3177 		   arvif->vdev_id, arvif->bssid);
3178 
3179 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
3180 	if (ret)
3181 		ath10k_warn(ar, "failed to down vdev %i: %d\n",
3182 			    arvif->vdev_id, ret);
3183 
3184 	arvif->def_wep_key_idx = -1;
3185 
3186 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3187 	if (ret) {
3188 		ath10k_warn(ar, "failed to recalc txbf for vdev %i: %d\n",
3189 			    arvif->vdev_id, ret);
3190 		return;
3191 	}
3192 
3193 	arvif->is_up = false;
3194 
3195 	ath10k_mac_txpower_recalc(ar);
3196 
3197 	cancel_delayed_work_sync(&arvif->connection_loss_work);
3198 }
3199 
3200 static int ath10k_new_peer_tid_config(struct ath10k *ar,
3201 				      struct ieee80211_sta *sta,
3202 				      struct ath10k_vif *arvif)
3203 {
3204 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
3205 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
3206 	bool config_apply;
3207 	int ret, i;
3208 
3209 	for (i = 0; i < ATH10K_TID_MAX; i++) {
3210 		config_apply = false;
3211 		if (arvif->retry_long[i] || arvif->ampdu[i] ||
3212 		    arvif->rate_ctrl[i] || arvif->rtscts[i]) {
3213 			config_apply = true;
3214 			arg.tid = i;
3215 			arg.vdev_id = arvif->vdev_id;
3216 			arg.retry_count = arvif->retry_long[i];
3217 			arg.aggr_control = arvif->ampdu[i];
3218 			arg.rate_ctrl = arvif->rate_ctrl[i];
3219 			arg.rcode_flags = arvif->rate_code[i];
3220 
3221 			if (arvif->rtscts[i])
3222 				arg.ext_tid_cfg_bitmap =
3223 					WMI_EXT_TID_RTS_CTS_CONFIG;
3224 			else
3225 				arg.ext_tid_cfg_bitmap = 0;
3226 
3227 			arg.rtscts_ctrl = arvif->rtscts[i];
3228 		}
3229 
3230 		if (arvif->noack[i]) {
3231 			arg.ack_policy = arvif->noack[i];
3232 			arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
3233 			arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
3234 			config_apply = true;
3235 		}
3236 
3237 		/* Assign default value(-1) to newly connected station.
3238 		 * This is to identify station specific tid configuration not
3239 		 * configured for the station.
3240 		 */
3241 		arsta->retry_long[i] = -1;
3242 		arsta->noack[i] = -1;
3243 		arsta->ampdu[i] = -1;
3244 
3245 		if (!config_apply)
3246 			continue;
3247 
3248 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
3249 
3250 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
3251 		if (ret) {
3252 			ath10k_warn(ar, "failed to set per tid retry/aggr config for sta %pM: %d\n",
3253 				    sta->addr, ret);
3254 			return ret;
3255 		}
3256 
3257 		memset(&arg, 0, sizeof(arg));
3258 	}
3259 
3260 	return 0;
3261 }
3262 
3263 static int ath10k_station_assoc(struct ath10k *ar,
3264 				struct ieee80211_vif *vif,
3265 				struct ieee80211_sta *sta,
3266 				bool reassoc)
3267 {
3268 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3269 	struct wmi_peer_assoc_complete_arg peer_arg;
3270 	int ret = 0;
3271 
3272 	lockdep_assert_held(&ar->conf_mutex);
3273 
3274 	ret = ath10k_peer_assoc_prepare(ar, vif, sta, &peer_arg);
3275 	if (ret) {
3276 		ath10k_warn(ar, "failed to prepare WMI peer assoc for %pM vdev %i: %i\n",
3277 			    sta->addr, arvif->vdev_id, ret);
3278 		return ret;
3279 	}
3280 
3281 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3282 	if (ret) {
3283 		ath10k_warn(ar, "failed to run peer assoc for STA %pM vdev %i: %d\n",
3284 			    sta->addr, arvif->vdev_id, ret);
3285 		return ret;
3286 	}
3287 
3288 	/* Re-assoc is run only to update supported rates for given station. It
3289 	 * doesn't make much sense to reconfigure the peer completely.
3290 	 */
3291 	if (!reassoc) {
3292 		ret = ath10k_setup_peer_smps(ar, arvif, sta->addr,
3293 					     &sta->deflink.ht_cap);
3294 		if (ret) {
3295 			ath10k_warn(ar, "failed to setup peer SMPS for vdev %d: %d\n",
3296 				    arvif->vdev_id, ret);
3297 			return ret;
3298 		}
3299 
3300 		ret = ath10k_peer_assoc_qos_ap(ar, arvif, sta);
3301 		if (ret) {
3302 			ath10k_warn(ar, "failed to set qos params for STA %pM for vdev %i: %d\n",
3303 				    sta->addr, arvif->vdev_id, ret);
3304 			return ret;
3305 		}
3306 
3307 		if (!sta->wme) {
3308 			arvif->num_legacy_stations++;
3309 			ret  = ath10k_recalc_rtscts_prot(arvif);
3310 			if (ret) {
3311 				ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3312 					    arvif->vdev_id, ret);
3313 				return ret;
3314 			}
3315 		}
3316 
3317 		/* Plumb cached keys only for static WEP */
3318 		if ((arvif->def_wep_key_idx != -1) && (!sta->tdls)) {
3319 			ret = ath10k_install_peer_wep_keys(arvif, sta->addr);
3320 			if (ret) {
3321 				ath10k_warn(ar, "failed to install peer wep keys for vdev %i: %d\n",
3322 					    arvif->vdev_id, ret);
3323 				return ret;
3324 			}
3325 		}
3326 	}
3327 
3328 	if (!test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map))
3329 		return ret;
3330 
3331 	return ath10k_new_peer_tid_config(ar, sta, arvif);
3332 }
3333 
3334 static int ath10k_station_disassoc(struct ath10k *ar,
3335 				   struct ieee80211_vif *vif,
3336 				   struct ieee80211_sta *sta)
3337 {
3338 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3339 	int ret = 0;
3340 
3341 	lockdep_assert_held(&ar->conf_mutex);
3342 
3343 	if (!sta->wme) {
3344 		arvif->num_legacy_stations--;
3345 		ret = ath10k_recalc_rtscts_prot(arvif);
3346 		if (ret) {
3347 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3348 				    arvif->vdev_id, ret);
3349 			return ret;
3350 		}
3351 	}
3352 
3353 	ret = ath10k_clear_peer_keys(arvif, sta->addr);
3354 	if (ret) {
3355 		ath10k_warn(ar, "failed to clear all peer wep keys for vdev %i: %d\n",
3356 			    arvif->vdev_id, ret);
3357 		return ret;
3358 	}
3359 
3360 	return ret;
3361 }
3362 
3363 /**************/
3364 /* Regulatory */
3365 /**************/
3366 
3367 static int ath10k_update_channel_list(struct ath10k *ar)
3368 {
3369 	struct ieee80211_hw *hw = ar->hw;
3370 	struct ieee80211_supported_band **bands;
3371 	enum nl80211_band band;
3372 	struct ieee80211_channel *channel;
3373 	struct wmi_scan_chan_list_arg arg = {0};
3374 	struct wmi_channel_arg *ch;
3375 	bool passive;
3376 	int len;
3377 	int ret;
3378 	int i;
3379 
3380 	lockdep_assert_held(&ar->conf_mutex);
3381 
3382 	bands = hw->wiphy->bands;
3383 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3384 		if (!bands[band])
3385 			continue;
3386 
3387 		for (i = 0; i < bands[band]->n_channels; i++) {
3388 			if (bands[band]->channels[i].flags &
3389 			    IEEE80211_CHAN_DISABLED)
3390 				continue;
3391 
3392 			arg.n_channels++;
3393 		}
3394 	}
3395 
3396 	len = sizeof(struct wmi_channel_arg) * arg.n_channels;
3397 	arg.channels = kzalloc(len, GFP_KERNEL);
3398 	if (!arg.channels)
3399 		return -ENOMEM;
3400 
3401 	ch = arg.channels;
3402 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3403 		if (!bands[band])
3404 			continue;
3405 
3406 		for (i = 0; i < bands[band]->n_channels; i++) {
3407 			channel = &bands[band]->channels[i];
3408 
3409 			if (channel->flags & IEEE80211_CHAN_DISABLED)
3410 				continue;
3411 
3412 			ch->allow_ht = true;
3413 
3414 			/* FIXME: when should we really allow VHT? */
3415 			ch->allow_vht = true;
3416 
3417 			ch->allow_ibss =
3418 				!(channel->flags & IEEE80211_CHAN_NO_IR);
3419 
3420 			ch->ht40plus =
3421 				!(channel->flags & IEEE80211_CHAN_NO_HT40PLUS);
3422 
3423 			ch->chan_radar =
3424 				!!(channel->flags & IEEE80211_CHAN_RADAR);
3425 
3426 			passive = channel->flags & IEEE80211_CHAN_NO_IR;
3427 			ch->passive = passive;
3428 
3429 			/* the firmware is ignoring the "radar" flag of the
3430 			 * channel and is scanning actively using Probe Requests
3431 			 * on "Radar detection"/DFS channels which are not
3432 			 * marked as "available"
3433 			 */
3434 			ch->passive |= ch->chan_radar;
3435 
3436 			ch->freq = channel->center_freq;
3437 			ch->band_center_freq1 = channel->center_freq;
3438 			ch->min_power = 0;
3439 			ch->max_power = channel->max_power * 2;
3440 			ch->max_reg_power = channel->max_reg_power * 2;
3441 			ch->max_antenna_gain = channel->max_antenna_gain;
3442 			ch->reg_class_id = 0; /* FIXME */
3443 
3444 			/* FIXME: why use only legacy modes, why not any
3445 			 * HT/VHT modes? Would that even make any
3446 			 * difference?
3447 			 */
3448 			if (channel->band == NL80211_BAND_2GHZ)
3449 				ch->mode = MODE_11G;
3450 			else
3451 				ch->mode = MODE_11A;
3452 
3453 			if (WARN_ON_ONCE(ch->mode == MODE_UNKNOWN))
3454 				continue;
3455 
3456 			ath10k_dbg(ar, ATH10K_DBG_WMI,
3457 				   "mac channel [%zd/%d] freq %d maxpower %d regpower %d antenna %d mode %d\n",
3458 				    ch - arg.channels, arg.n_channels,
3459 				   ch->freq, ch->max_power, ch->max_reg_power,
3460 				   ch->max_antenna_gain, ch->mode);
3461 
3462 			ch++;
3463 		}
3464 	}
3465 
3466 	ret = ath10k_wmi_scan_chan_list(ar, &arg);
3467 	kfree(arg.channels);
3468 
3469 	return ret;
3470 }
3471 
3472 static enum wmi_dfs_region
3473 ath10k_mac_get_dfs_region(enum nl80211_dfs_regions dfs_region)
3474 {
3475 	switch (dfs_region) {
3476 	case NL80211_DFS_UNSET:
3477 		return WMI_UNINIT_DFS_DOMAIN;
3478 	case NL80211_DFS_FCC:
3479 		return WMI_FCC_DFS_DOMAIN;
3480 	case NL80211_DFS_ETSI:
3481 		return WMI_ETSI_DFS_DOMAIN;
3482 	case NL80211_DFS_JP:
3483 		return WMI_MKK4_DFS_DOMAIN;
3484 	}
3485 	return WMI_UNINIT_DFS_DOMAIN;
3486 }
3487 
3488 static void ath10k_regd_update(struct ath10k *ar)
3489 {
3490 	struct reg_dmn_pair_mapping *regpair;
3491 	int ret;
3492 	enum wmi_dfs_region wmi_dfs_reg;
3493 	enum nl80211_dfs_regions nl_dfs_reg;
3494 
3495 	lockdep_assert_held(&ar->conf_mutex);
3496 
3497 	ret = ath10k_update_channel_list(ar);
3498 	if (ret)
3499 		ath10k_warn(ar, "failed to update channel list: %d\n", ret);
3500 
3501 	regpair = ar->ath_common.regulatory.regpair;
3502 
3503 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3504 		nl_dfs_reg = ar->dfs_detector->region;
3505 		wmi_dfs_reg = ath10k_mac_get_dfs_region(nl_dfs_reg);
3506 	} else {
3507 		wmi_dfs_reg = WMI_UNINIT_DFS_DOMAIN;
3508 	}
3509 
3510 	/* Target allows setting up per-band regdomain but ath_common provides
3511 	 * a combined one only
3512 	 */
3513 	ret = ath10k_wmi_pdev_set_regdomain(ar,
3514 					    regpair->reg_domain,
3515 					    regpair->reg_domain, /* 2ghz */
3516 					    regpair->reg_domain, /* 5ghz */
3517 					    regpair->reg_2ghz_ctl,
3518 					    regpair->reg_5ghz_ctl,
3519 					    wmi_dfs_reg);
3520 	if (ret)
3521 		ath10k_warn(ar, "failed to set pdev regdomain: %d\n", ret);
3522 }
3523 
3524 static void ath10k_mac_update_channel_list(struct ath10k *ar,
3525 					   struct ieee80211_supported_band *band)
3526 {
3527 	int i;
3528 
3529 	if (ar->low_5ghz_chan && ar->high_5ghz_chan) {
3530 		for (i = 0; i < band->n_channels; i++) {
3531 			if (band->channels[i].center_freq < ar->low_5ghz_chan ||
3532 			    band->channels[i].center_freq > ar->high_5ghz_chan)
3533 				band->channels[i].flags |=
3534 					IEEE80211_CHAN_DISABLED;
3535 		}
3536 	}
3537 }
3538 
3539 static void ath10k_reg_notifier(struct wiphy *wiphy,
3540 				struct regulatory_request *request)
3541 {
3542 	struct ieee80211_hw *hw = wiphy_to_ieee80211_hw(wiphy);
3543 	struct ath10k *ar = hw->priv;
3544 	bool result;
3545 
3546 	ath_reg_notifier_apply(wiphy, request, &ar->ath_common.regulatory);
3547 
3548 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3549 		ath10k_dbg(ar, ATH10K_DBG_REGULATORY, "dfs region 0x%x\n",
3550 			   request->dfs_region);
3551 		result = ar->dfs_detector->set_dfs_domain(ar->dfs_detector,
3552 							  request->dfs_region);
3553 		if (!result)
3554 			ath10k_warn(ar, "DFS region 0x%X not supported, will trigger radar for every pulse\n",
3555 				    request->dfs_region);
3556 	}
3557 
3558 	mutex_lock(&ar->conf_mutex);
3559 	if (ar->state == ATH10K_STATE_ON)
3560 		ath10k_regd_update(ar);
3561 	mutex_unlock(&ar->conf_mutex);
3562 
3563 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
3564 		ath10k_mac_update_channel_list(ar,
3565 					       ar->hw->wiphy->bands[NL80211_BAND_5GHZ]);
3566 }
3567 
3568 static void ath10k_stop_radar_confirmation(struct ath10k *ar)
3569 {
3570 	spin_lock_bh(&ar->data_lock);
3571 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_STOPPED;
3572 	spin_unlock_bh(&ar->data_lock);
3573 
3574 	cancel_work_sync(&ar->radar_confirmation_work);
3575 }
3576 
3577 /***************/
3578 /* TX handlers */
3579 /***************/
3580 
3581 enum ath10k_mac_tx_path {
3582 	ATH10K_MAC_TX_HTT,
3583 	ATH10K_MAC_TX_HTT_MGMT,
3584 	ATH10K_MAC_TX_WMI_MGMT,
3585 	ATH10K_MAC_TX_UNKNOWN,
3586 };
3587 
3588 void ath10k_mac_tx_lock(struct ath10k *ar, int reason)
3589 {
3590 	lockdep_assert_held(&ar->htt.tx_lock);
3591 
3592 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3593 	ar->tx_paused |= BIT(reason);
3594 	ieee80211_stop_queues(ar->hw);
3595 }
3596 
3597 static void ath10k_mac_tx_unlock_iter(void *data, u8 *mac,
3598 				      struct ieee80211_vif *vif)
3599 {
3600 	struct ath10k *ar = data;
3601 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3602 
3603 	if (arvif->tx_paused)
3604 		return;
3605 
3606 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3607 }
3608 
3609 void ath10k_mac_tx_unlock(struct ath10k *ar, int reason)
3610 {
3611 	lockdep_assert_held(&ar->htt.tx_lock);
3612 
3613 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3614 	ar->tx_paused &= ~BIT(reason);
3615 
3616 	if (ar->tx_paused)
3617 		return;
3618 
3619 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3620 						   ATH10K_ITER_RESUME_FLAGS,
3621 						   ath10k_mac_tx_unlock_iter,
3622 						   ar);
3623 
3624 	ieee80211_wake_queue(ar->hw, ar->hw->offchannel_tx_hw_queue);
3625 }
3626 
3627 void ath10k_mac_vif_tx_lock(struct ath10k_vif *arvif, int reason)
3628 {
3629 	struct ath10k *ar = arvif->ar;
3630 
3631 	lockdep_assert_held(&ar->htt.tx_lock);
3632 
3633 	WARN_ON(reason >= BITS_PER_LONG);
3634 	arvif->tx_paused |= BIT(reason);
3635 	ieee80211_stop_queue(ar->hw, arvif->vdev_id);
3636 }
3637 
3638 void ath10k_mac_vif_tx_unlock(struct ath10k_vif *arvif, int reason)
3639 {
3640 	struct ath10k *ar = arvif->ar;
3641 
3642 	lockdep_assert_held(&ar->htt.tx_lock);
3643 
3644 	WARN_ON(reason >= BITS_PER_LONG);
3645 	arvif->tx_paused &= ~BIT(reason);
3646 
3647 	if (ar->tx_paused)
3648 		return;
3649 
3650 	if (arvif->tx_paused)
3651 		return;
3652 
3653 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3654 }
3655 
3656 static void ath10k_mac_vif_handle_tx_pause(struct ath10k_vif *arvif,
3657 					   enum wmi_tlv_tx_pause_id pause_id,
3658 					   enum wmi_tlv_tx_pause_action action)
3659 {
3660 	struct ath10k *ar = arvif->ar;
3661 
3662 	lockdep_assert_held(&ar->htt.tx_lock);
3663 
3664 	switch (action) {
3665 	case WMI_TLV_TX_PAUSE_ACTION_STOP:
3666 		ath10k_mac_vif_tx_lock(arvif, pause_id);
3667 		break;
3668 	case WMI_TLV_TX_PAUSE_ACTION_WAKE:
3669 		ath10k_mac_vif_tx_unlock(arvif, pause_id);
3670 		break;
3671 	default:
3672 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
3673 			   "received unknown tx pause action %d on vdev %i, ignoring\n",
3674 			    action, arvif->vdev_id);
3675 		break;
3676 	}
3677 }
3678 
3679 struct ath10k_mac_tx_pause {
3680 	u32 vdev_id;
3681 	enum wmi_tlv_tx_pause_id pause_id;
3682 	enum wmi_tlv_tx_pause_action action;
3683 };
3684 
3685 static void ath10k_mac_handle_tx_pause_iter(void *data, u8 *mac,
3686 					    struct ieee80211_vif *vif)
3687 {
3688 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3689 	struct ath10k_mac_tx_pause *arg = data;
3690 
3691 	if (arvif->vdev_id != arg->vdev_id)
3692 		return;
3693 
3694 	ath10k_mac_vif_handle_tx_pause(arvif, arg->pause_id, arg->action);
3695 }
3696 
3697 void ath10k_mac_handle_tx_pause_vdev(struct ath10k *ar, u32 vdev_id,
3698 				     enum wmi_tlv_tx_pause_id pause_id,
3699 				     enum wmi_tlv_tx_pause_action action)
3700 {
3701 	struct ath10k_mac_tx_pause arg = {
3702 		.vdev_id = vdev_id,
3703 		.pause_id = pause_id,
3704 		.action = action,
3705 	};
3706 
3707 	spin_lock_bh(&ar->htt.tx_lock);
3708 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3709 						   ATH10K_ITER_RESUME_FLAGS,
3710 						   ath10k_mac_handle_tx_pause_iter,
3711 						   &arg);
3712 	spin_unlock_bh(&ar->htt.tx_lock);
3713 }
3714 
3715 static enum ath10k_hw_txrx_mode
3716 ath10k_mac_tx_h_get_txmode(struct ath10k *ar,
3717 			   struct ieee80211_vif *vif,
3718 			   struct ieee80211_sta *sta,
3719 			   struct sk_buff *skb)
3720 {
3721 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3722 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
3723 	__le16 fc = hdr->frame_control;
3724 
3725 	if (IEEE80211_SKB_CB(skb)->flags & IEEE80211_TX_CTL_HW_80211_ENCAP)
3726 		return ATH10K_HW_TXRX_ETHERNET;
3727 
3728 	if (!vif || vif->type == NL80211_IFTYPE_MONITOR)
3729 		return ATH10K_HW_TXRX_RAW;
3730 
3731 	if (ieee80211_is_mgmt(fc))
3732 		return ATH10K_HW_TXRX_MGMT;
3733 
3734 	/* Workaround:
3735 	 *
3736 	 * NullFunc frames are mostly used to ping if a client or AP are still
3737 	 * reachable and responsive. This implies tx status reports must be
3738 	 * accurate - otherwise either mac80211 or userspace (e.g. hostapd) can
3739 	 * come to a conclusion that the other end disappeared and tear down
3740 	 * BSS connection or it can never disconnect from BSS/client (which is
3741 	 * the case).
3742 	 *
3743 	 * Firmware with HTT older than 3.0 delivers incorrect tx status for
3744 	 * NullFunc frames to driver. However there's a HTT Mgmt Tx command
3745 	 * which seems to deliver correct tx reports for NullFunc frames. The
3746 	 * downside of using it is it ignores client powersave state so it can
3747 	 * end up disconnecting sleeping clients in AP mode. It should fix STA
3748 	 * mode though because AP don't sleep.
3749 	 */
3750 	if (ar->htt.target_version_major < 3 &&
3751 	    (ieee80211_is_nullfunc(fc) || ieee80211_is_qos_nullfunc(fc)) &&
3752 	    !test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3753 		      ar->running_fw->fw_file.fw_features))
3754 		return ATH10K_HW_TXRX_MGMT;
3755 
3756 	/* Workaround:
3757 	 *
3758 	 * Some wmi-tlv firmwares for qca6174 have broken Tx key selection for
3759 	 * NativeWifi txmode - it selects AP key instead of peer key. It seems
3760 	 * to work with Ethernet txmode so use it.
3761 	 *
3762 	 * FIXME: Check if raw mode works with TDLS.
3763 	 */
3764 	if (ieee80211_is_data_present(fc) && sta && sta->tdls)
3765 		return ATH10K_HW_TXRX_ETHERNET;
3766 
3767 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) ||
3768 	    skb_cb->flags & ATH10K_SKB_F_RAW_TX)
3769 		return ATH10K_HW_TXRX_RAW;
3770 
3771 	return ATH10K_HW_TXRX_NATIVE_WIFI;
3772 }
3773 
3774 static bool ath10k_tx_h_use_hwcrypto(struct ieee80211_vif *vif,
3775 				     struct sk_buff *skb)
3776 {
3777 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3778 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3779 	const u32 mask = IEEE80211_TX_INTFL_DONT_ENCRYPT |
3780 			 IEEE80211_TX_CTL_INJECTED;
3781 
3782 	if (!ieee80211_has_protected(hdr->frame_control))
3783 		return false;
3784 
3785 	if ((info->flags & mask) == mask)
3786 		return false;
3787 
3788 	if (vif)
3789 		return !((struct ath10k_vif *)vif->drv_priv)->nohwcrypt;
3790 
3791 	return true;
3792 }
3793 
3794 /* HTT Tx uses Native Wifi tx mode which expects 802.11 frames without QoS
3795  * Control in the header.
3796  */
3797 static void ath10k_tx_h_nwifi(struct ieee80211_hw *hw, struct sk_buff *skb)
3798 {
3799 	struct ieee80211_hdr *hdr = (void *)skb->data;
3800 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3801 	u8 *qos_ctl;
3802 
3803 	if (!ieee80211_is_data_qos(hdr->frame_control))
3804 		return;
3805 
3806 	qos_ctl = ieee80211_get_qos_ctl(hdr);
3807 	memmove(skb->data + IEEE80211_QOS_CTL_LEN,
3808 #if defined(__linux__)
3809 		skb->data, (void *)qos_ctl - (void *)skb->data);
3810 #elif defined(__FreeBSD__)
3811 		skb->data, qos_ctl - skb->data);
3812 #endif
3813 	skb_pull(skb, IEEE80211_QOS_CTL_LEN);
3814 
3815 	/* Some firmware revisions don't handle sending QoS NullFunc well.
3816 	 * These frames are mainly used for CQM purposes so it doesn't really
3817 	 * matter whether QoS NullFunc or NullFunc are sent.
3818 	 */
3819 	hdr = (void *)skb->data;
3820 	if (ieee80211_is_qos_nullfunc(hdr->frame_control))
3821 		cb->flags &= ~ATH10K_SKB_F_QOS;
3822 
3823 	hdr->frame_control &= ~__cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
3824 }
3825 
3826 static void ath10k_tx_h_8023(struct sk_buff *skb)
3827 {
3828 	struct ieee80211_hdr *hdr;
3829 	struct rfc1042_hdr *rfc1042;
3830 	struct ethhdr *eth;
3831 	size_t hdrlen;
3832 	u8 da[ETH_ALEN];
3833 	u8 sa[ETH_ALEN];
3834 	__be16 type;
3835 
3836 	hdr = (void *)skb->data;
3837 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
3838 #if defined(__linux__)
3839 	rfc1042 = (void *)skb->data + hdrlen;
3840 #elif defined(__FreeBSD__)
3841 	rfc1042 = (void *)(skb->data + hdrlen);
3842 #endif
3843 
3844 	ether_addr_copy(da, ieee80211_get_DA(hdr));
3845 	ether_addr_copy(sa, ieee80211_get_SA(hdr));
3846 	type = rfc1042->snap_type;
3847 
3848 	skb_pull(skb, hdrlen + sizeof(*rfc1042));
3849 	skb_push(skb, sizeof(*eth));
3850 
3851 	eth = (void *)skb->data;
3852 	ether_addr_copy(eth->h_dest, da);
3853 	ether_addr_copy(eth->h_source, sa);
3854 	eth->h_proto = type;
3855 }
3856 
3857 static void ath10k_tx_h_add_p2p_noa_ie(struct ath10k *ar,
3858 				       struct ieee80211_vif *vif,
3859 				       struct sk_buff *skb)
3860 {
3861 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
3862 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3863 
3864 	/* This is case only for P2P_GO */
3865 	if (vif->type != NL80211_IFTYPE_AP || !vif->p2p)
3866 		return;
3867 
3868 	if (unlikely(ieee80211_is_probe_resp(hdr->frame_control))) {
3869 		spin_lock_bh(&ar->data_lock);
3870 		if (arvif->u.ap.noa_data)
3871 			if (!pskb_expand_head(skb, 0, arvif->u.ap.noa_len,
3872 					      GFP_ATOMIC))
3873 				skb_put_data(skb, arvif->u.ap.noa_data,
3874 					     arvif->u.ap.noa_len);
3875 		spin_unlock_bh(&ar->data_lock);
3876 	}
3877 }
3878 
3879 static void ath10k_mac_tx_h_fill_cb(struct ath10k *ar,
3880 				    struct ieee80211_vif *vif,
3881 				    struct ieee80211_txq *txq,
3882 				    struct ieee80211_sta *sta,
3883 				    struct sk_buff *skb, u16 airtime)
3884 {
3885 	struct ieee80211_hdr *hdr = (void *)skb->data;
3886 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3887 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3888 	bool is_data = ieee80211_is_data(hdr->frame_control) ||
3889 			ieee80211_is_data_qos(hdr->frame_control);
3890 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3891 	struct ath10k_sta *arsta;
3892 	u8 tid, *qos_ctl;
3893 	bool noack = false;
3894 
3895 	cb->flags = 0;
3896 
3897 	if (info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) {
3898 		cb->flags |= ATH10K_SKB_F_QOS;	/* Assume data frames are QoS */
3899 		goto finish_cb_fill;
3900 	}
3901 
3902 	if (!ath10k_tx_h_use_hwcrypto(vif, skb))
3903 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3904 
3905 	if (ieee80211_is_mgmt(hdr->frame_control))
3906 		cb->flags |= ATH10K_SKB_F_MGMT;
3907 
3908 	if (ieee80211_is_data_qos(hdr->frame_control)) {
3909 		cb->flags |= ATH10K_SKB_F_QOS;
3910 		qos_ctl = ieee80211_get_qos_ctl(hdr);
3911 		tid = (*qos_ctl) & IEEE80211_QOS_CTL_TID_MASK;
3912 
3913 		if (arvif->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3914 			noack = true;
3915 
3916 		if (sta) {
3917 			arsta = (struct ath10k_sta *)sta->drv_priv;
3918 
3919 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3920 				noack = true;
3921 
3922 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_ACK)
3923 				noack = false;
3924 		}
3925 
3926 		if (noack)
3927 			cb->flags |= ATH10K_SKB_F_NOACK_TID;
3928 	}
3929 
3930 	/* Data frames encrypted in software will be posted to firmware
3931 	 * with tx encap mode set to RAW. Ex: Multicast traffic generated
3932 	 * for a specific VLAN group will always be encrypted in software.
3933 	 */
3934 	if (is_data && ieee80211_has_protected(hdr->frame_control) &&
3935 	    !info->control.hw_key) {
3936 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3937 		cb->flags |= ATH10K_SKB_F_RAW_TX;
3938 	}
3939 
3940 finish_cb_fill:
3941 	cb->vif = vif;
3942 	cb->txq = txq;
3943 	cb->airtime_est = airtime;
3944 	if (sta) {
3945 		arsta = (struct ath10k_sta *)sta->drv_priv;
3946 		spin_lock_bh(&ar->data_lock);
3947 		cb->ucast_cipher = arsta->ucast_cipher;
3948 		spin_unlock_bh(&ar->data_lock);
3949 	}
3950 }
3951 
3952 bool ath10k_mac_tx_frm_has_freq(struct ath10k *ar)
3953 {
3954 	/* FIXME: Not really sure since when the behaviour changed. At some
3955 	 * point new firmware stopped requiring creation of peer entries for
3956 	 * offchannel tx (and actually creating them causes issues with wmi-htc
3957 	 * tx credit replenishment and reliability). Assuming it's at least 3.4
3958 	 * because that's when the `freq` was introduced to TX_FRM HTT command.
3959 	 */
3960 	return (ar->htt.target_version_major >= 3 &&
3961 		ar->htt.target_version_minor >= 4 &&
3962 		ar->running_fw->fw_file.htt_op_version == ATH10K_FW_HTT_OP_VERSION_TLV);
3963 }
3964 
3965 static int ath10k_mac_tx_wmi_mgmt(struct ath10k *ar, struct sk_buff *skb)
3966 {
3967 	struct sk_buff_head *q = &ar->wmi_mgmt_tx_queue;
3968 
3969 	if (skb_queue_len_lockless(q) >= ATH10K_MAX_NUM_MGMT_PENDING) {
3970 		ath10k_warn(ar, "wmi mgmt tx queue is full\n");
3971 		return -ENOSPC;
3972 	}
3973 
3974 	skb_queue_tail(q, skb);
3975 	ieee80211_queue_work(ar->hw, &ar->wmi_mgmt_tx_work);
3976 
3977 	return 0;
3978 }
3979 
3980 static enum ath10k_mac_tx_path
3981 ath10k_mac_tx_h_get_txpath(struct ath10k *ar,
3982 			   struct sk_buff *skb,
3983 			   enum ath10k_hw_txrx_mode txmode)
3984 {
3985 	switch (txmode) {
3986 	case ATH10K_HW_TXRX_RAW:
3987 	case ATH10K_HW_TXRX_NATIVE_WIFI:
3988 	case ATH10K_HW_TXRX_ETHERNET:
3989 		return ATH10K_MAC_TX_HTT;
3990 	case ATH10K_HW_TXRX_MGMT:
3991 		if (test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3992 			     ar->running_fw->fw_file.fw_features) ||
3993 			     test_bit(WMI_SERVICE_MGMT_TX_WMI,
3994 				      ar->wmi.svc_map))
3995 			return ATH10K_MAC_TX_WMI_MGMT;
3996 		else if (ar->htt.target_version_major >= 3)
3997 			return ATH10K_MAC_TX_HTT;
3998 		else
3999 			return ATH10K_MAC_TX_HTT_MGMT;
4000 	}
4001 
4002 	return ATH10K_MAC_TX_UNKNOWN;
4003 }
4004 
4005 static int ath10k_mac_tx_submit(struct ath10k *ar,
4006 				enum ath10k_hw_txrx_mode txmode,
4007 				enum ath10k_mac_tx_path txpath,
4008 				struct sk_buff *skb)
4009 {
4010 	struct ath10k_htt *htt = &ar->htt;
4011 	int ret = -EINVAL;
4012 
4013 	switch (txpath) {
4014 	case ATH10K_MAC_TX_HTT:
4015 		ret = ath10k_htt_tx(htt, txmode, skb);
4016 		break;
4017 	case ATH10K_MAC_TX_HTT_MGMT:
4018 		ret = ath10k_htt_mgmt_tx(htt, skb);
4019 		break;
4020 	case ATH10K_MAC_TX_WMI_MGMT:
4021 		ret = ath10k_mac_tx_wmi_mgmt(ar, skb);
4022 		break;
4023 	case ATH10K_MAC_TX_UNKNOWN:
4024 		WARN_ON_ONCE(1);
4025 		ret = -EINVAL;
4026 		break;
4027 	}
4028 
4029 	if (ret) {
4030 		ath10k_warn(ar, "failed to transmit packet, dropping: %d\n",
4031 			    ret);
4032 		ieee80211_free_txskb(ar->hw, skb);
4033 	}
4034 
4035 	return ret;
4036 }
4037 
4038 /* This function consumes the sk_buff regardless of return value as far as
4039  * caller is concerned so no freeing is necessary afterwards.
4040  */
4041 static int ath10k_mac_tx(struct ath10k *ar,
4042 			 struct ieee80211_vif *vif,
4043 			 enum ath10k_hw_txrx_mode txmode,
4044 			 enum ath10k_mac_tx_path txpath,
4045 			 struct sk_buff *skb, bool noque_offchan)
4046 {
4047 	struct ieee80211_hw *hw = ar->hw;
4048 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4049 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
4050 	int ret;
4051 
4052 	/* We should disable CCK RATE due to P2P */
4053 	if (info->flags & IEEE80211_TX_CTL_NO_CCK_RATE)
4054 		ath10k_dbg(ar, ATH10K_DBG_MAC, "IEEE80211_TX_CTL_NO_CCK_RATE\n");
4055 
4056 	switch (txmode) {
4057 	case ATH10K_HW_TXRX_MGMT:
4058 	case ATH10K_HW_TXRX_NATIVE_WIFI:
4059 		ath10k_tx_h_nwifi(hw, skb);
4060 		ath10k_tx_h_add_p2p_noa_ie(ar, vif, skb);
4061 		ath10k_tx_h_seq_no(vif, skb);
4062 		break;
4063 	case ATH10K_HW_TXRX_ETHERNET:
4064 		/* Convert 802.11->802.3 header only if the frame was earlier
4065 		 * encapsulated to 802.11 by mac80211. Otherwise pass it as is.
4066 		 */
4067 		if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP))
4068 			ath10k_tx_h_8023(skb);
4069 		break;
4070 	case ATH10K_HW_TXRX_RAW:
4071 		if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) &&
4072 		    !(skb_cb->flags & ATH10K_SKB_F_RAW_TX)) {
4073 			WARN_ON_ONCE(1);
4074 			ieee80211_free_txskb(hw, skb);
4075 			return -ENOTSUPP;
4076 		}
4077 	}
4078 
4079 	if (!noque_offchan && info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) {
4080 		if (!ath10k_mac_tx_frm_has_freq(ar)) {
4081 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac queued offchannel skb %pK len %d\n",
4082 				   skb, skb->len);
4083 
4084 			skb_queue_tail(&ar->offchan_tx_queue, skb);
4085 			ieee80211_queue_work(hw, &ar->offchan_tx_work);
4086 			return 0;
4087 		}
4088 	}
4089 
4090 	ret = ath10k_mac_tx_submit(ar, txmode, txpath, skb);
4091 	if (ret) {
4092 		ath10k_warn(ar, "failed to submit frame: %d\n", ret);
4093 		return ret;
4094 	}
4095 
4096 	return 0;
4097 }
4098 
4099 void ath10k_offchan_tx_purge(struct ath10k *ar)
4100 {
4101 	struct sk_buff *skb;
4102 
4103 	for (;;) {
4104 		skb = skb_dequeue(&ar->offchan_tx_queue);
4105 		if (!skb)
4106 			break;
4107 
4108 		ieee80211_free_txskb(ar->hw, skb);
4109 	}
4110 }
4111 
4112 void ath10k_offchan_tx_work(struct work_struct *work)
4113 {
4114 	struct ath10k *ar = container_of(work, struct ath10k, offchan_tx_work);
4115 	struct ath10k_peer *peer;
4116 	struct ath10k_vif *arvif;
4117 	enum ath10k_hw_txrx_mode txmode;
4118 	enum ath10k_mac_tx_path txpath;
4119 	struct ieee80211_hdr *hdr;
4120 	struct ieee80211_vif *vif;
4121 	struct ieee80211_sta *sta;
4122 	struct sk_buff *skb;
4123 	const u8 *peer_addr;
4124 	int vdev_id;
4125 	int ret;
4126 	unsigned long time_left;
4127 	bool tmp_peer_created = false;
4128 
4129 	/* FW requirement: We must create a peer before FW will send out
4130 	 * an offchannel frame. Otherwise the frame will be stuck and
4131 	 * never transmitted. We delete the peer upon tx completion.
4132 	 * It is unlikely that a peer for offchannel tx will already be
4133 	 * present. However it may be in some rare cases so account for that.
4134 	 * Otherwise we might remove a legitimate peer and break stuff.
4135 	 */
4136 
4137 	for (;;) {
4138 		skb = skb_dequeue(&ar->offchan_tx_queue);
4139 		if (!skb)
4140 			break;
4141 
4142 		mutex_lock(&ar->conf_mutex);
4143 
4144 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac offchannel skb %pK len %d\n",
4145 			   skb, skb->len);
4146 
4147 		hdr = (struct ieee80211_hdr *)skb->data;
4148 		peer_addr = ieee80211_get_DA(hdr);
4149 
4150 		spin_lock_bh(&ar->data_lock);
4151 		vdev_id = ar->scan.vdev_id;
4152 		peer = ath10k_peer_find(ar, vdev_id, peer_addr);
4153 		spin_unlock_bh(&ar->data_lock);
4154 
4155 		if (peer) {
4156 			ath10k_warn(ar, "peer %pM on vdev %d already present\n",
4157 				    peer_addr, vdev_id);
4158 		} else {
4159 			ret = ath10k_peer_create(ar, NULL, NULL, vdev_id,
4160 						 peer_addr,
4161 						 WMI_PEER_TYPE_DEFAULT);
4162 			if (ret)
4163 				ath10k_warn(ar, "failed to create peer %pM on vdev %d: %d\n",
4164 					    peer_addr, vdev_id, ret);
4165 			tmp_peer_created = (ret == 0);
4166 		}
4167 
4168 		spin_lock_bh(&ar->data_lock);
4169 		reinit_completion(&ar->offchan_tx_completed);
4170 		ar->offchan_tx_skb = skb;
4171 		spin_unlock_bh(&ar->data_lock);
4172 
4173 		/* It's safe to access vif and sta - conf_mutex guarantees that
4174 		 * sta_state() and remove_interface() are locked exclusively
4175 		 * out wrt to this offchannel worker.
4176 		 */
4177 		arvif = ath10k_get_arvif(ar, vdev_id);
4178 		if (arvif) {
4179 			vif = arvif->vif;
4180 			sta = ieee80211_find_sta(vif, peer_addr);
4181 		} else {
4182 			vif = NULL;
4183 			sta = NULL;
4184 		}
4185 
4186 		txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4187 		txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4188 
4189 		ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, true);
4190 		if (ret) {
4191 			ath10k_warn(ar, "failed to transmit offchannel frame: %d\n",
4192 				    ret);
4193 			/* not serious */
4194 		}
4195 
4196 		time_left =
4197 		wait_for_completion_timeout(&ar->offchan_tx_completed, 3 * HZ);
4198 		if (time_left == 0)
4199 			ath10k_warn(ar, "timed out waiting for offchannel skb %pK, len: %d\n",
4200 				    skb, skb->len);
4201 
4202 		if (!peer && tmp_peer_created) {
4203 			ret = ath10k_peer_delete(ar, vdev_id, peer_addr);
4204 			if (ret)
4205 				ath10k_warn(ar, "failed to delete peer %pM on vdev %d: %d\n",
4206 					    peer_addr, vdev_id, ret);
4207 		}
4208 
4209 		mutex_unlock(&ar->conf_mutex);
4210 	}
4211 }
4212 
4213 void ath10k_mgmt_over_wmi_tx_purge(struct ath10k *ar)
4214 {
4215 	struct sk_buff *skb;
4216 
4217 	for (;;) {
4218 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4219 		if (!skb)
4220 			break;
4221 
4222 		ieee80211_free_txskb(ar->hw, skb);
4223 	}
4224 }
4225 
4226 void ath10k_mgmt_over_wmi_tx_work(struct work_struct *work)
4227 {
4228 	struct ath10k *ar = container_of(work, struct ath10k, wmi_mgmt_tx_work);
4229 	struct sk_buff *skb;
4230 	dma_addr_t paddr;
4231 	int ret;
4232 
4233 	for (;;) {
4234 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4235 		if (!skb)
4236 			break;
4237 
4238 		if (test_bit(ATH10K_FW_FEATURE_MGMT_TX_BY_REF,
4239 			     ar->running_fw->fw_file.fw_features)) {
4240 			paddr = dma_map_single(ar->dev, skb->data,
4241 					       skb->len, DMA_TO_DEVICE);
4242 			if (dma_mapping_error(ar->dev, paddr)) {
4243 				ieee80211_free_txskb(ar->hw, skb);
4244 				continue;
4245 			}
4246 			ret = ath10k_wmi_mgmt_tx_send(ar, skb, paddr);
4247 			if (ret) {
4248 				ath10k_warn(ar, "failed to transmit management frame by ref via WMI: %d\n",
4249 					    ret);
4250 				/* remove this msdu from idr tracking */
4251 				ath10k_wmi_cleanup_mgmt_tx_send(ar, skb);
4252 
4253 				dma_unmap_single(ar->dev, paddr, skb->len,
4254 						 DMA_TO_DEVICE);
4255 				ieee80211_free_txskb(ar->hw, skb);
4256 			}
4257 		} else {
4258 			ret = ath10k_wmi_mgmt_tx(ar, skb);
4259 			if (ret) {
4260 				ath10k_warn(ar, "failed to transmit management frame via WMI: %d\n",
4261 					    ret);
4262 				ieee80211_free_txskb(ar->hw, skb);
4263 			}
4264 		}
4265 	}
4266 }
4267 
4268 static void ath10k_mac_txq_init(struct ieee80211_txq *txq)
4269 {
4270 	struct ath10k_txq *artxq;
4271 
4272 	if (!txq)
4273 		return;
4274 
4275 	artxq = (void *)txq->drv_priv;
4276 	INIT_LIST_HEAD(&artxq->list);
4277 }
4278 
4279 static void ath10k_mac_txq_unref(struct ath10k *ar, struct ieee80211_txq *txq)
4280 {
4281 	struct ath10k_skb_cb *cb;
4282 	struct sk_buff *msdu;
4283 	int msdu_id;
4284 
4285 	if (!txq)
4286 		return;
4287 
4288 	spin_lock_bh(&ar->htt.tx_lock);
4289 	idr_for_each_entry(&ar->htt.pending_tx, msdu, msdu_id) {
4290 		cb = ATH10K_SKB_CB(msdu);
4291 		if (cb->txq == txq)
4292 			cb->txq = NULL;
4293 	}
4294 	spin_unlock_bh(&ar->htt.tx_lock);
4295 }
4296 
4297 struct ieee80211_txq *ath10k_mac_txq_lookup(struct ath10k *ar,
4298 					    u16 peer_id,
4299 					    u8 tid)
4300 {
4301 	struct ath10k_peer *peer;
4302 
4303 	lockdep_assert_held(&ar->data_lock);
4304 
4305 	peer = ar->peer_map[peer_id];
4306 	if (!peer)
4307 		return NULL;
4308 
4309 	if (peer->removed)
4310 		return NULL;
4311 
4312 	if (peer->sta)
4313 		return peer->sta->txq[tid];
4314 	else if (peer->vif)
4315 		return peer->vif->txq;
4316 	else
4317 		return NULL;
4318 }
4319 
4320 static bool ath10k_mac_tx_can_push(struct ieee80211_hw *hw,
4321 				   struct ieee80211_txq *txq)
4322 {
4323 	struct ath10k *ar = hw->priv;
4324 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4325 
4326 	/* No need to get locks */
4327 	if (ar->htt.tx_q_state.mode == HTT_TX_MODE_SWITCH_PUSH)
4328 		return true;
4329 
4330 	if (ar->htt.num_pending_tx < ar->htt.tx_q_state.num_push_allowed)
4331 		return true;
4332 
4333 	if (artxq->num_fw_queued < artxq->num_push_allowed)
4334 		return true;
4335 
4336 	return false;
4337 }
4338 
4339 /* Return estimated airtime in microsecond, which is calculated using last
4340  * reported TX rate. This is just a rough estimation because host driver has no
4341  * knowledge of the actual transmit rate, retries or aggregation. If actual
4342  * airtime can be reported by firmware, then delta between estimated and actual
4343  * airtime can be adjusted from deficit.
4344  */
4345 #define IEEE80211_ATF_OVERHEAD		100	/* IFS + some slot time */
4346 #define IEEE80211_ATF_OVERHEAD_IFS	16	/* IFS only */
4347 static u16 ath10k_mac_update_airtime(struct ath10k *ar,
4348 				     struct ieee80211_txq *txq,
4349 				     struct sk_buff *skb)
4350 {
4351 	struct ath10k_sta *arsta;
4352 	u32 pktlen;
4353 	u16 airtime = 0;
4354 
4355 	if (!txq || !txq->sta)
4356 		return airtime;
4357 
4358 	if (test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
4359 		return airtime;
4360 
4361 	spin_lock_bh(&ar->data_lock);
4362 	arsta = (struct ath10k_sta *)txq->sta->drv_priv;
4363 
4364 	pktlen = skb->len + 38; /* Assume MAC header 30, SNAP 8 for most case */
4365 	if (arsta->last_tx_bitrate) {
4366 		/* airtime in us, last_tx_bitrate in 100kbps */
4367 		airtime = (pktlen * 8 * (1000 / 100))
4368 				/ arsta->last_tx_bitrate;
4369 		/* overhead for media access time and IFS */
4370 		airtime += IEEE80211_ATF_OVERHEAD_IFS;
4371 	} else {
4372 		/* This is mostly for throttle excessive BC/MC frames, and the
4373 		 * airtime/rate doesn't need be exact. Airtime of BC/MC frames
4374 		 * in 2G get some discount, which helps prevent very low rate
4375 		 * frames from being blocked for too long.
4376 		 */
4377 		airtime = (pktlen * 8 * (1000 / 100)) / 60; /* 6M */
4378 		airtime += IEEE80211_ATF_OVERHEAD;
4379 	}
4380 	spin_unlock_bh(&ar->data_lock);
4381 
4382 	return airtime;
4383 }
4384 
4385 int ath10k_mac_tx_push_txq(struct ieee80211_hw *hw,
4386 			   struct ieee80211_txq *txq)
4387 {
4388 	struct ath10k *ar = hw->priv;
4389 	struct ath10k_htt *htt = &ar->htt;
4390 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4391 	struct ieee80211_vif *vif = txq->vif;
4392 	struct ieee80211_sta *sta = txq->sta;
4393 	enum ath10k_hw_txrx_mode txmode;
4394 	enum ath10k_mac_tx_path txpath;
4395 	struct sk_buff *skb;
4396 	struct ieee80211_hdr *hdr;
4397 	size_t skb_len;
4398 	bool is_mgmt, is_presp;
4399 	int ret;
4400 	u16 airtime;
4401 
4402 	spin_lock_bh(&ar->htt.tx_lock);
4403 	ret = ath10k_htt_tx_inc_pending(htt);
4404 	spin_unlock_bh(&ar->htt.tx_lock);
4405 
4406 	if (ret)
4407 		return ret;
4408 
4409 	skb = ieee80211_tx_dequeue_ni(hw, txq);
4410 	if (!skb) {
4411 		spin_lock_bh(&ar->htt.tx_lock);
4412 		ath10k_htt_tx_dec_pending(htt);
4413 		spin_unlock_bh(&ar->htt.tx_lock);
4414 
4415 		return -ENOENT;
4416 	}
4417 
4418 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4419 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4420 
4421 	skb_len = skb->len;
4422 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4423 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4424 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4425 
4426 	if (is_mgmt) {
4427 		hdr = (struct ieee80211_hdr *)skb->data;
4428 		is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4429 
4430 		spin_lock_bh(&ar->htt.tx_lock);
4431 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4432 
4433 		if (ret) {
4434 			ath10k_htt_tx_dec_pending(htt);
4435 			spin_unlock_bh(&ar->htt.tx_lock);
4436 			return ret;
4437 		}
4438 		spin_unlock_bh(&ar->htt.tx_lock);
4439 	}
4440 
4441 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4442 	if (unlikely(ret)) {
4443 		ath10k_warn(ar, "failed to push frame: %d\n", ret);
4444 
4445 		spin_lock_bh(&ar->htt.tx_lock);
4446 		ath10k_htt_tx_dec_pending(htt);
4447 		if (is_mgmt)
4448 			ath10k_htt_tx_mgmt_dec_pending(htt);
4449 		spin_unlock_bh(&ar->htt.tx_lock);
4450 
4451 		return ret;
4452 	}
4453 
4454 	spin_lock_bh(&ar->htt.tx_lock);
4455 	artxq->num_fw_queued++;
4456 	spin_unlock_bh(&ar->htt.tx_lock);
4457 
4458 	return skb_len;
4459 }
4460 
4461 static int ath10k_mac_schedule_txq(struct ieee80211_hw *hw, u32 ac)
4462 {
4463 	struct ieee80211_txq *txq;
4464 	int ret = 0;
4465 
4466 	ieee80211_txq_schedule_start(hw, ac);
4467 	while ((txq = ieee80211_next_txq(hw, ac))) {
4468 		while (ath10k_mac_tx_can_push(hw, txq)) {
4469 			ret = ath10k_mac_tx_push_txq(hw, txq);
4470 			if (ret < 0)
4471 				break;
4472 		}
4473 		ieee80211_return_txq(hw, txq, false);
4474 		ath10k_htt_tx_txq_update(hw, txq);
4475 		if (ret == -EBUSY)
4476 			break;
4477 	}
4478 	ieee80211_txq_schedule_end(hw, ac);
4479 
4480 	return ret;
4481 }
4482 
4483 void ath10k_mac_tx_push_pending(struct ath10k *ar)
4484 {
4485 	struct ieee80211_hw *hw = ar->hw;
4486 	u32 ac;
4487 
4488 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4489 		return;
4490 
4491 	if (ar->htt.num_pending_tx >= (ar->htt.max_num_pending_tx / 2))
4492 		return;
4493 
4494 	rcu_read_lock();
4495 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
4496 		if (ath10k_mac_schedule_txq(hw, ac) == -EBUSY)
4497 			break;
4498 	}
4499 	rcu_read_unlock();
4500 }
4501 EXPORT_SYMBOL(ath10k_mac_tx_push_pending);
4502 
4503 /************/
4504 /* Scanning */
4505 /************/
4506 
4507 void __ath10k_scan_finish(struct ath10k *ar)
4508 {
4509 	lockdep_assert_held(&ar->data_lock);
4510 
4511 	switch (ar->scan.state) {
4512 	case ATH10K_SCAN_IDLE:
4513 		break;
4514 	case ATH10K_SCAN_RUNNING:
4515 	case ATH10K_SCAN_ABORTING:
4516 		if (!ar->scan.is_roc) {
4517 			struct cfg80211_scan_info info = {
4518 				.aborted = (ar->scan.state ==
4519 					    ATH10K_SCAN_ABORTING),
4520 			};
4521 
4522 			ieee80211_scan_completed(ar->hw, &info);
4523 		} else if (ar->scan.roc_notify) {
4524 			ieee80211_remain_on_channel_expired(ar->hw);
4525 		}
4526 		fallthrough;
4527 	case ATH10K_SCAN_STARTING:
4528 		ar->scan.state = ATH10K_SCAN_IDLE;
4529 		ar->scan_channel = NULL;
4530 		ar->scan.roc_freq = 0;
4531 		ath10k_offchan_tx_purge(ar);
4532 		cancel_delayed_work(&ar->scan.timeout);
4533 		complete(&ar->scan.completed);
4534 		break;
4535 	}
4536 }
4537 
4538 void ath10k_scan_finish(struct ath10k *ar)
4539 {
4540 	spin_lock_bh(&ar->data_lock);
4541 	__ath10k_scan_finish(ar);
4542 	spin_unlock_bh(&ar->data_lock);
4543 }
4544 
4545 static int ath10k_scan_stop(struct ath10k *ar)
4546 {
4547 	struct wmi_stop_scan_arg arg = {
4548 		.req_id = 1, /* FIXME */
4549 		.req_type = WMI_SCAN_STOP_ONE,
4550 		.u.scan_id = ATH10K_SCAN_ID,
4551 	};
4552 	int ret;
4553 
4554 	lockdep_assert_held(&ar->conf_mutex);
4555 
4556 	ret = ath10k_wmi_stop_scan(ar, &arg);
4557 	if (ret) {
4558 		ath10k_warn(ar, "failed to stop wmi scan: %d\n", ret);
4559 		goto out;
4560 	}
4561 
4562 	ret = wait_for_completion_timeout(&ar->scan.completed, 3 * HZ);
4563 	if (ret == 0) {
4564 		ath10k_warn(ar, "failed to receive scan abortion completion: timed out\n");
4565 		ret = -ETIMEDOUT;
4566 	} else if (ret > 0) {
4567 		ret = 0;
4568 	}
4569 
4570 out:
4571 	/* Scan state should be updated upon scan completion but in case
4572 	 * firmware fails to deliver the event (for whatever reason) it is
4573 	 * desired to clean up scan state anyway. Firmware may have just
4574 	 * dropped the scan completion event delivery due to transport pipe
4575 	 * being overflown with data and/or it can recover on its own before
4576 	 * next scan request is submitted.
4577 	 */
4578 	spin_lock_bh(&ar->data_lock);
4579 	if (ar->scan.state != ATH10K_SCAN_IDLE)
4580 		__ath10k_scan_finish(ar);
4581 	spin_unlock_bh(&ar->data_lock);
4582 
4583 	return ret;
4584 }
4585 
4586 static void ath10k_scan_abort(struct ath10k *ar)
4587 {
4588 	int ret;
4589 
4590 	lockdep_assert_held(&ar->conf_mutex);
4591 
4592 	spin_lock_bh(&ar->data_lock);
4593 
4594 	switch (ar->scan.state) {
4595 	case ATH10K_SCAN_IDLE:
4596 		/* This can happen if timeout worker kicked in and called
4597 		 * abortion while scan completion was being processed.
4598 		 */
4599 		break;
4600 	case ATH10K_SCAN_STARTING:
4601 	case ATH10K_SCAN_ABORTING:
4602 		ath10k_warn(ar, "refusing scan abortion due to invalid scan state: %s (%d)\n",
4603 			    ath10k_scan_state_str(ar->scan.state),
4604 			    ar->scan.state);
4605 		break;
4606 	case ATH10K_SCAN_RUNNING:
4607 		ar->scan.state = ATH10K_SCAN_ABORTING;
4608 		spin_unlock_bh(&ar->data_lock);
4609 
4610 		ret = ath10k_scan_stop(ar);
4611 		if (ret)
4612 			ath10k_warn(ar, "failed to abort scan: %d\n", ret);
4613 
4614 		spin_lock_bh(&ar->data_lock);
4615 		break;
4616 	}
4617 
4618 	spin_unlock_bh(&ar->data_lock);
4619 }
4620 
4621 void ath10k_scan_timeout_work(struct work_struct *work)
4622 {
4623 	struct ath10k *ar = container_of(work, struct ath10k,
4624 					 scan.timeout.work);
4625 
4626 	mutex_lock(&ar->conf_mutex);
4627 	ath10k_scan_abort(ar);
4628 	mutex_unlock(&ar->conf_mutex);
4629 }
4630 
4631 static int ath10k_start_scan(struct ath10k *ar,
4632 			     const struct wmi_start_scan_arg *arg)
4633 {
4634 	int ret;
4635 
4636 	lockdep_assert_held(&ar->conf_mutex);
4637 
4638 	ret = ath10k_wmi_start_scan(ar, arg);
4639 	if (ret)
4640 		return ret;
4641 
4642 	ret = wait_for_completion_timeout(&ar->scan.started, 1 * HZ);
4643 	if (ret == 0) {
4644 		ret = ath10k_scan_stop(ar);
4645 		if (ret)
4646 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
4647 
4648 		return -ETIMEDOUT;
4649 	}
4650 
4651 	/* If we failed to start the scan, return error code at
4652 	 * this point.  This is probably due to some issue in the
4653 	 * firmware, but no need to wedge the driver due to that...
4654 	 */
4655 	spin_lock_bh(&ar->data_lock);
4656 	if (ar->scan.state == ATH10K_SCAN_IDLE) {
4657 		spin_unlock_bh(&ar->data_lock);
4658 		return -EINVAL;
4659 	}
4660 	spin_unlock_bh(&ar->data_lock);
4661 
4662 	return 0;
4663 }
4664 
4665 /**********************/
4666 /* mac80211 callbacks */
4667 /**********************/
4668 
4669 static void ath10k_mac_op_tx(struct ieee80211_hw *hw,
4670 			     struct ieee80211_tx_control *control,
4671 			     struct sk_buff *skb)
4672 {
4673 	struct ath10k *ar = hw->priv;
4674 	struct ath10k_htt *htt = &ar->htt;
4675 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4676 	struct ieee80211_vif *vif = info->control.vif;
4677 	struct ieee80211_sta *sta = control->sta;
4678 	struct ieee80211_txq *txq = NULL;
4679 	enum ath10k_hw_txrx_mode txmode;
4680 	enum ath10k_mac_tx_path txpath;
4681 	bool is_htt;
4682 	bool is_mgmt;
4683 	int ret;
4684 	u16 airtime;
4685 
4686 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4687 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4688 
4689 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4690 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4691 	is_htt = (txpath == ATH10K_MAC_TX_HTT ||
4692 		  txpath == ATH10K_MAC_TX_HTT_MGMT);
4693 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4694 
4695 	if (is_htt) {
4696 		bool is_presp = false;
4697 
4698 		spin_lock_bh(&ar->htt.tx_lock);
4699 		if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP)) {
4700 			struct ieee80211_hdr *hdr = (void *)skb->data;
4701 
4702 			is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4703 		}
4704 
4705 		ret = ath10k_htt_tx_inc_pending(htt);
4706 		if (ret) {
4707 			ath10k_warn(ar, "failed to increase tx pending count: %d, dropping\n",
4708 				    ret);
4709 			spin_unlock_bh(&ar->htt.tx_lock);
4710 			ieee80211_free_txskb(ar->hw, skb);
4711 			return;
4712 		}
4713 
4714 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4715 		if (ret) {
4716 			ath10k_dbg(ar, ATH10K_DBG_MAC, "failed to increase tx mgmt pending count: %d, dropping\n",
4717 				   ret);
4718 			ath10k_htt_tx_dec_pending(htt);
4719 			spin_unlock_bh(&ar->htt.tx_lock);
4720 			ieee80211_free_txskb(ar->hw, skb);
4721 			return;
4722 		}
4723 		spin_unlock_bh(&ar->htt.tx_lock);
4724 	}
4725 
4726 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4727 	if (ret) {
4728 		ath10k_warn(ar, "failed to transmit frame: %d\n", ret);
4729 		if (is_htt) {
4730 			spin_lock_bh(&ar->htt.tx_lock);
4731 			ath10k_htt_tx_dec_pending(htt);
4732 			if (is_mgmt)
4733 				ath10k_htt_tx_mgmt_dec_pending(htt);
4734 			spin_unlock_bh(&ar->htt.tx_lock);
4735 		}
4736 		return;
4737 	}
4738 }
4739 
4740 static void ath10k_mac_op_wake_tx_queue(struct ieee80211_hw *hw,
4741 					struct ieee80211_txq *txq)
4742 {
4743 	struct ath10k *ar = hw->priv;
4744 	int ret;
4745 	u8 ac = txq->ac;
4746 
4747 	ath10k_htt_tx_txq_update(hw, txq);
4748 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4749 		return;
4750 
4751 	spin_lock_bh(&ar->queue_lock[ac]);
4752 
4753 	ieee80211_txq_schedule_start(hw, ac);
4754 	txq = ieee80211_next_txq(hw, ac);
4755 	if (!txq)
4756 		goto out;
4757 
4758 	while (ath10k_mac_tx_can_push(hw, txq)) {
4759 		ret = ath10k_mac_tx_push_txq(hw, txq);
4760 		if (ret < 0)
4761 			break;
4762 	}
4763 	ieee80211_return_txq(hw, txq, false);
4764 	ath10k_htt_tx_txq_update(hw, txq);
4765 out:
4766 	ieee80211_txq_schedule_end(hw, ac);
4767 	spin_unlock_bh(&ar->queue_lock[ac]);
4768 }
4769 
4770 /* Must not be called with conf_mutex held as workers can use that also. */
4771 void ath10k_drain_tx(struct ath10k *ar)
4772 {
4773 	lockdep_assert_not_held(&ar->conf_mutex);
4774 
4775 	/* make sure rcu-protected mac80211 tx path itself is drained */
4776 	synchronize_net();
4777 
4778 	ath10k_offchan_tx_purge(ar);
4779 	ath10k_mgmt_over_wmi_tx_purge(ar);
4780 
4781 	cancel_work_sync(&ar->offchan_tx_work);
4782 	cancel_work_sync(&ar->wmi_mgmt_tx_work);
4783 }
4784 
4785 void ath10k_halt(struct ath10k *ar)
4786 {
4787 	struct ath10k_vif *arvif;
4788 
4789 	lockdep_assert_held(&ar->conf_mutex);
4790 
4791 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
4792 	ar->filter_flags = 0;
4793 	ar->monitor = false;
4794 	ar->monitor_arvif = NULL;
4795 
4796 	if (ar->monitor_started)
4797 		ath10k_monitor_stop(ar);
4798 
4799 	ar->monitor_started = false;
4800 	ar->tx_paused = 0;
4801 
4802 	ath10k_scan_finish(ar);
4803 	ath10k_peer_cleanup_all(ar);
4804 	ath10k_stop_radar_confirmation(ar);
4805 	ath10k_core_stop(ar);
4806 	ath10k_hif_power_down(ar);
4807 
4808 	spin_lock_bh(&ar->data_lock);
4809 	list_for_each_entry(arvif, &ar->arvifs, list)
4810 		ath10k_mac_vif_beacon_cleanup(arvif);
4811 	spin_unlock_bh(&ar->data_lock);
4812 }
4813 
4814 static int ath10k_get_antenna(struct ieee80211_hw *hw, u32 *tx_ant, u32 *rx_ant)
4815 {
4816 	struct ath10k *ar = hw->priv;
4817 
4818 	mutex_lock(&ar->conf_mutex);
4819 
4820 	*tx_ant = ar->cfg_tx_chainmask;
4821 	*rx_ant = ar->cfg_rx_chainmask;
4822 
4823 	mutex_unlock(&ar->conf_mutex);
4824 
4825 	return 0;
4826 }
4827 
4828 static bool ath10k_check_chain_mask(struct ath10k *ar, u32 cm, const char *dbg)
4829 {
4830 	/* It is not clear that allowing gaps in chainmask
4831 	 * is helpful.  Probably it will not do what user
4832 	 * is hoping for, so warn in that case.
4833 	 */
4834 	if (cm == 15 || cm == 7 || cm == 3 || cm == 1 || cm == 0)
4835 		return true;
4836 
4837 	ath10k_warn(ar, "mac %s antenna chainmask is invalid: 0x%x.  Suggested values: 15, 7, 3, 1 or 0.\n",
4838 		    dbg, cm);
4839 	return false;
4840 }
4841 
4842 static int ath10k_mac_get_vht_cap_bf_sts(struct ath10k *ar)
4843 {
4844 	int nsts = ar->vht_cap_info;
4845 
4846 	nsts &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4847 	nsts >>= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4848 
4849 	/* If firmware does not deliver to host number of space-time
4850 	 * streams supported, assume it support up to 4 BF STS and return
4851 	 * the value for VHT CAP: nsts-1)
4852 	 */
4853 	if (nsts == 0)
4854 		return 3;
4855 
4856 	return nsts;
4857 }
4858 
4859 static int ath10k_mac_get_vht_cap_bf_sound_dim(struct ath10k *ar)
4860 {
4861 	int sound_dim = ar->vht_cap_info;
4862 
4863 	sound_dim &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4864 	sound_dim >>= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4865 
4866 	/* If the sounding dimension is not advertised by the firmware,
4867 	 * let's use a default value of 1
4868 	 */
4869 	if (sound_dim == 0)
4870 		return 1;
4871 
4872 	return sound_dim;
4873 }
4874 
4875 static struct ieee80211_sta_vht_cap ath10k_create_vht_cap(struct ath10k *ar)
4876 {
4877 	struct ieee80211_sta_vht_cap vht_cap = {0};
4878 	struct ath10k_hw_params *hw = &ar->hw_params;
4879 	u16 mcs_map;
4880 	u32 val;
4881 	int i;
4882 
4883 	vht_cap.vht_supported = 1;
4884 	vht_cap.cap = ar->vht_cap_info;
4885 
4886 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
4887 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
4888 		val = ath10k_mac_get_vht_cap_bf_sts(ar);
4889 		val <<= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4890 		val &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4891 
4892 		vht_cap.cap |= val;
4893 	}
4894 
4895 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
4896 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
4897 		val = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
4898 		val <<= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4899 		val &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4900 
4901 		vht_cap.cap |= val;
4902 	}
4903 
4904 	mcs_map = 0;
4905 	for (i = 0; i < 8; i++) {
4906 		if ((i < ar->num_rf_chains) && (ar->cfg_tx_chainmask & BIT(i)))
4907 			mcs_map |= IEEE80211_VHT_MCS_SUPPORT_0_9 << (i * 2);
4908 		else
4909 			mcs_map |= IEEE80211_VHT_MCS_NOT_SUPPORTED << (i * 2);
4910 	}
4911 
4912 	if (ar->cfg_tx_chainmask <= 1)
4913 		vht_cap.cap &= ~IEEE80211_VHT_CAP_TXSTBC;
4914 
4915 	vht_cap.vht_mcs.rx_mcs_map = cpu_to_le16(mcs_map);
4916 	vht_cap.vht_mcs.tx_mcs_map = cpu_to_le16(mcs_map);
4917 
4918 	/* If we are supporting 160Mhz or 80+80, then the NIC may be able to do
4919 	 * a restricted NSS for 160 or 80+80 vs what it can do for 80Mhz.  Give
4920 	 * user-space a clue if that is the case.
4921 	 */
4922 	if ((vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) &&
4923 	    (hw->vht160_mcs_rx_highest != 0 ||
4924 	     hw->vht160_mcs_tx_highest != 0)) {
4925 		vht_cap.vht_mcs.rx_highest = cpu_to_le16(hw->vht160_mcs_rx_highest);
4926 		vht_cap.vht_mcs.tx_highest = cpu_to_le16(hw->vht160_mcs_tx_highest);
4927 	}
4928 
4929 	return vht_cap;
4930 }
4931 
4932 static struct ieee80211_sta_ht_cap ath10k_get_ht_cap(struct ath10k *ar)
4933 {
4934 	int i;
4935 	struct ieee80211_sta_ht_cap ht_cap = {0};
4936 
4937 	if (!(ar->ht_cap_info & WMI_HT_CAP_ENABLED))
4938 		return ht_cap;
4939 
4940 	ht_cap.ht_supported = 1;
4941 	ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
4942 	ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_8;
4943 	ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
4944 	ht_cap.cap |= IEEE80211_HT_CAP_DSSSCCK40;
4945 	ht_cap.cap |=
4946 		WLAN_HT_CAP_SM_PS_DISABLED << IEEE80211_HT_CAP_SM_PS_SHIFT;
4947 
4948 	if (ar->ht_cap_info & WMI_HT_CAP_HT20_SGI)
4949 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
4950 
4951 	if (ar->ht_cap_info & WMI_HT_CAP_HT40_SGI)
4952 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
4953 
4954 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS) {
4955 		u32 smps;
4956 
4957 		smps   = WLAN_HT_CAP_SM_PS_DYNAMIC;
4958 		smps <<= IEEE80211_HT_CAP_SM_PS_SHIFT;
4959 
4960 		ht_cap.cap |= smps;
4961 	}
4962 
4963 	if (ar->ht_cap_info & WMI_HT_CAP_TX_STBC && (ar->cfg_tx_chainmask > 1))
4964 		ht_cap.cap |= IEEE80211_HT_CAP_TX_STBC;
4965 
4966 	if (ar->ht_cap_info & WMI_HT_CAP_RX_STBC) {
4967 		u32 stbc;
4968 
4969 		stbc   = ar->ht_cap_info;
4970 		stbc  &= WMI_HT_CAP_RX_STBC;
4971 		stbc >>= WMI_HT_CAP_RX_STBC_MASK_SHIFT;
4972 		stbc <<= IEEE80211_HT_CAP_RX_STBC_SHIFT;
4973 		stbc  &= IEEE80211_HT_CAP_RX_STBC;
4974 
4975 		ht_cap.cap |= stbc;
4976 	}
4977 
4978 	if (ar->ht_cap_info & WMI_HT_CAP_LDPC || (ar->ht_cap_info &
4979 	    WMI_HT_CAP_RX_LDPC && (ar->ht_cap_info & WMI_HT_CAP_TX_LDPC)))
4980 		ht_cap.cap |= IEEE80211_HT_CAP_LDPC_CODING;
4981 
4982 	if (ar->ht_cap_info & WMI_HT_CAP_L_SIG_TXOP_PROT)
4983 		ht_cap.cap |= IEEE80211_HT_CAP_LSIG_TXOP_PROT;
4984 
4985 	/* max AMSDU is implicitly taken from vht_cap_info */
4986 	if (ar->vht_cap_info & WMI_VHT_CAP_MAX_MPDU_LEN_MASK)
4987 		ht_cap.cap |= IEEE80211_HT_CAP_MAX_AMSDU;
4988 
4989 	for (i = 0; i < ar->num_rf_chains; i++) {
4990 		if (ar->cfg_rx_chainmask & BIT(i))
4991 			ht_cap.mcs.rx_mask[i] = 0xFF;
4992 	}
4993 
4994 	ht_cap.mcs.tx_params |= IEEE80211_HT_MCS_TX_DEFINED;
4995 
4996 	return ht_cap;
4997 }
4998 
4999 static void ath10k_mac_setup_ht_vht_cap(struct ath10k *ar)
5000 {
5001 	struct ieee80211_supported_band *band;
5002 	struct ieee80211_sta_vht_cap vht_cap;
5003 	struct ieee80211_sta_ht_cap ht_cap;
5004 
5005 	ht_cap = ath10k_get_ht_cap(ar);
5006 	vht_cap = ath10k_create_vht_cap(ar);
5007 
5008 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
5009 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
5010 		band->ht_cap = ht_cap;
5011 	}
5012 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
5013 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
5014 		band->ht_cap = ht_cap;
5015 		band->vht_cap = vht_cap;
5016 	}
5017 }
5018 
5019 static int __ath10k_set_antenna(struct ath10k *ar, u32 tx_ant, u32 rx_ant)
5020 {
5021 	int ret;
5022 	bool is_valid_tx_chain_mask, is_valid_rx_chain_mask;
5023 
5024 	lockdep_assert_held(&ar->conf_mutex);
5025 
5026 	is_valid_tx_chain_mask = ath10k_check_chain_mask(ar, tx_ant, "tx");
5027 	is_valid_rx_chain_mask = ath10k_check_chain_mask(ar, rx_ant, "rx");
5028 
5029 	if (!is_valid_tx_chain_mask || !is_valid_rx_chain_mask)
5030 		return -EINVAL;
5031 
5032 	ar->cfg_tx_chainmask = tx_ant;
5033 	ar->cfg_rx_chainmask = rx_ant;
5034 
5035 	if ((ar->state != ATH10K_STATE_ON) &&
5036 	    (ar->state != ATH10K_STATE_RESTARTED))
5037 		return 0;
5038 
5039 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->tx_chain_mask,
5040 					tx_ant);
5041 	if (ret) {
5042 		ath10k_warn(ar, "failed to set tx-chainmask: %d, req 0x%x\n",
5043 			    ret, tx_ant);
5044 		return ret;
5045 	}
5046 
5047 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rx_chain_mask,
5048 					rx_ant);
5049 	if (ret) {
5050 		ath10k_warn(ar, "failed to set rx-chainmask: %d, req 0x%x\n",
5051 			    ret, rx_ant);
5052 		return ret;
5053 	}
5054 
5055 	/* Reload HT/VHT capability */
5056 	ath10k_mac_setup_ht_vht_cap(ar);
5057 
5058 	return 0;
5059 }
5060 
5061 static int ath10k_set_antenna(struct ieee80211_hw *hw, u32 tx_ant, u32 rx_ant)
5062 {
5063 	struct ath10k *ar = hw->priv;
5064 	int ret;
5065 
5066 	mutex_lock(&ar->conf_mutex);
5067 	ret = __ath10k_set_antenna(ar, tx_ant, rx_ant);
5068 	mutex_unlock(&ar->conf_mutex);
5069 	return ret;
5070 }
5071 
5072 static int __ath10k_fetch_bb_timing_dt(struct ath10k *ar,
5073 				       struct wmi_bb_timing_cfg_arg *bb_timing)
5074 {
5075 #if defined(__linux__) || (defined(__FreeBSD__) && defined(CONFIG_OF))
5076 	struct device_node *node;
5077 	const char *fem_name;
5078 	int ret;
5079 
5080 	node = ar->dev->of_node;
5081 	if (!node)
5082 		return -ENOENT;
5083 
5084 	ret = of_property_read_string_index(node, "ext-fem-name", 0, &fem_name);
5085 	if (ret)
5086 		return -ENOENT;
5087 
5088 	/*
5089 	 * If external Front End module used in hardware, then default base band timing
5090 	 * parameter cannot be used since they were fine tuned for reference hardware,
5091 	 * so choosing different value suitable for that external FEM.
5092 	 */
5093 	if (!strcmp("microsemi-lx5586", fem_name)) {
5094 		bb_timing->bb_tx_timing = 0x00;
5095 		bb_timing->bb_xpa_timing = 0x0101;
5096 	} else {
5097 		return -ENOENT;
5098 	}
5099 
5100 	ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot bb_tx_timing 0x%x bb_xpa_timing 0x%x\n",
5101 		   bb_timing->bb_tx_timing, bb_timing->bb_xpa_timing);
5102 	return 0;
5103 #else
5104 	return -EINVAL;
5105 #endif
5106 }
5107 
5108 static int ath10k_mac_rfkill_config(struct ath10k *ar)
5109 {
5110 	u32 param;
5111 	int ret;
5112 
5113 	if (ar->hw_values->rfkill_pin == 0) {
5114 		ath10k_warn(ar, "ath10k does not support hardware rfkill with this device\n");
5115 		return -EOPNOTSUPP;
5116 	}
5117 
5118 	ath10k_dbg(ar, ATH10K_DBG_MAC,
5119 		   "mac rfkill_pin %d rfkill_cfg %d rfkill_on_level %d",
5120 		   ar->hw_values->rfkill_pin, ar->hw_values->rfkill_cfg,
5121 		   ar->hw_values->rfkill_on_level);
5122 
5123 	param = FIELD_PREP(WMI_TLV_RFKILL_CFG_RADIO_LEVEL,
5124 			   ar->hw_values->rfkill_on_level) |
5125 		FIELD_PREP(WMI_TLV_RFKILL_CFG_GPIO_PIN_NUM,
5126 			   ar->hw_values->rfkill_pin) |
5127 		FIELD_PREP(WMI_TLV_RFKILL_CFG_PIN_AS_GPIO,
5128 			   ar->hw_values->rfkill_cfg);
5129 
5130 	ret = ath10k_wmi_pdev_set_param(ar,
5131 					ar->wmi.pdev_param->rfkill_config,
5132 					param);
5133 	if (ret) {
5134 		ath10k_warn(ar,
5135 			    "failed to set rfkill config 0x%x: %d\n",
5136 			    param, ret);
5137 		return ret;
5138 	}
5139 	return 0;
5140 }
5141 
5142 int ath10k_mac_rfkill_enable_radio(struct ath10k *ar, bool enable)
5143 {
5144 	enum wmi_tlv_rfkill_enable_radio param;
5145 	int ret;
5146 
5147 	if (enable)
5148 		param = WMI_TLV_RFKILL_ENABLE_RADIO_ON;
5149 	else
5150 		param = WMI_TLV_RFKILL_ENABLE_RADIO_OFF;
5151 
5152 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac rfkill enable %d", param);
5153 
5154 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rfkill_enable,
5155 					param);
5156 	if (ret) {
5157 		ath10k_warn(ar, "failed to set rfkill enable param %d: %d\n",
5158 			    param, ret);
5159 		return ret;
5160 	}
5161 
5162 	return 0;
5163 }
5164 
5165 static int ath10k_start(struct ieee80211_hw *hw)
5166 {
5167 	struct ath10k *ar = hw->priv;
5168 	u32 param;
5169 	int ret = 0;
5170 	struct wmi_bb_timing_cfg_arg bb_timing = {0};
5171 
5172 	/*
5173 	 * This makes sense only when restarting hw. It is harmless to call
5174 	 * unconditionally. This is necessary to make sure no HTT/WMI tx
5175 	 * commands will be submitted while restarting.
5176 	 */
5177 	ath10k_drain_tx(ar);
5178 
5179 	mutex_lock(&ar->conf_mutex);
5180 
5181 	switch (ar->state) {
5182 	case ATH10K_STATE_OFF:
5183 		ar->state = ATH10K_STATE_ON;
5184 		break;
5185 	case ATH10K_STATE_RESTARTING:
5186 		ar->state = ATH10K_STATE_RESTARTED;
5187 		break;
5188 	case ATH10K_STATE_ON:
5189 	case ATH10K_STATE_RESTARTED:
5190 	case ATH10K_STATE_WEDGED:
5191 		WARN_ON(1);
5192 		ret = -EINVAL;
5193 		goto err;
5194 	case ATH10K_STATE_UTF:
5195 		ret = -EBUSY;
5196 		goto err;
5197 	}
5198 
5199 	spin_lock_bh(&ar->data_lock);
5200 
5201 	if (ar->hw_rfkill_on) {
5202 		ar->hw_rfkill_on = false;
5203 		spin_unlock_bh(&ar->data_lock);
5204 		goto err;
5205 	}
5206 
5207 	spin_unlock_bh(&ar->data_lock);
5208 
5209 	ret = ath10k_hif_power_up(ar, ATH10K_FIRMWARE_MODE_NORMAL);
5210 	if (ret) {
5211 		ath10k_err(ar, "Could not init hif: %d\n", ret);
5212 		goto err_off;
5213 	}
5214 
5215 	ret = ath10k_core_start(ar, ATH10K_FIRMWARE_MODE_NORMAL,
5216 				&ar->normal_mode_fw);
5217 	if (ret) {
5218 		ath10k_err(ar, "Could not init core: %d\n", ret);
5219 		goto err_power_down;
5220 	}
5221 
5222 	if (ar->sys_cap_info & WMI_TLV_SYS_CAP_INFO_RFKILL) {
5223 		ret = ath10k_mac_rfkill_config(ar);
5224 		if (ret && ret != -EOPNOTSUPP) {
5225 			ath10k_warn(ar, "failed to configure rfkill: %d", ret);
5226 			goto err_core_stop;
5227 		}
5228 	}
5229 
5230 	param = ar->wmi.pdev_param->pmf_qos;
5231 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5232 	if (ret) {
5233 		ath10k_warn(ar, "failed to enable PMF QOS: %d\n", ret);
5234 		goto err_core_stop;
5235 	}
5236 
5237 	param = ar->wmi.pdev_param->dynamic_bw;
5238 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5239 	if (ret) {
5240 		ath10k_warn(ar, "failed to enable dynamic BW: %d\n", ret);
5241 		goto err_core_stop;
5242 	}
5243 
5244 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
5245 		ret = ath10k_wmi_scan_prob_req_oui(ar, ar->mac_addr);
5246 		if (ret) {
5247 			ath10k_err(ar, "failed to set prob req oui: %i\n", ret);
5248 			goto err_core_stop;
5249 		}
5250 	}
5251 
5252 	if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
5253 		ret = ath10k_wmi_adaptive_qcs(ar, true);
5254 		if (ret) {
5255 			ath10k_warn(ar, "failed to enable adaptive qcs: %d\n",
5256 				    ret);
5257 			goto err_core_stop;
5258 		}
5259 	}
5260 
5261 	if (test_bit(WMI_SERVICE_BURST, ar->wmi.svc_map)) {
5262 		param = ar->wmi.pdev_param->burst_enable;
5263 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5264 		if (ret) {
5265 			ath10k_warn(ar, "failed to disable burst: %d\n", ret);
5266 			goto err_core_stop;
5267 		}
5268 	}
5269 
5270 	param = ar->wmi.pdev_param->idle_ps_config;
5271 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5272 	if (ret && ret != -EOPNOTSUPP) {
5273 		ath10k_warn(ar, "failed to enable idle_ps_config: %d\n", ret);
5274 		goto err_core_stop;
5275 	}
5276 
5277 	__ath10k_set_antenna(ar, ar->cfg_tx_chainmask, ar->cfg_rx_chainmask);
5278 
5279 	/*
5280 	 * By default FW set ARP frames ac to voice (6). In that case ARP
5281 	 * exchange is not working properly for UAPSD enabled AP. ARP requests
5282 	 * which arrives with access category 0 are processed by network stack
5283 	 * and send back with access category 0, but FW changes access category
5284 	 * to 6. Set ARP frames access category to best effort (0) solves
5285 	 * this problem.
5286 	 */
5287 
5288 	param = ar->wmi.pdev_param->arp_ac_override;
5289 	ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5290 	if (ret) {
5291 		ath10k_warn(ar, "failed to set arp ac override parameter: %d\n",
5292 			    ret);
5293 		goto err_core_stop;
5294 	}
5295 
5296 	if (test_bit(ATH10K_FW_FEATURE_SUPPORTS_ADAPTIVE_CCA,
5297 		     ar->running_fw->fw_file.fw_features)) {
5298 		ret = ath10k_wmi_pdev_enable_adaptive_cca(ar, 1,
5299 							  WMI_CCA_DETECT_LEVEL_AUTO,
5300 							  WMI_CCA_DETECT_MARGIN_AUTO);
5301 		if (ret) {
5302 			ath10k_warn(ar, "failed to enable adaptive cca: %d\n",
5303 				    ret);
5304 			goto err_core_stop;
5305 		}
5306 	}
5307 
5308 	param = ar->wmi.pdev_param->ani_enable;
5309 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5310 	if (ret) {
5311 		ath10k_warn(ar, "failed to enable ani by default: %d\n",
5312 			    ret);
5313 		goto err_core_stop;
5314 	}
5315 
5316 	ar->ani_enabled = true;
5317 
5318 	if (ath10k_peer_stats_enabled(ar)) {
5319 		param = ar->wmi.pdev_param->peer_stats_update_period;
5320 		ret = ath10k_wmi_pdev_set_param(ar, param,
5321 						PEER_DEFAULT_STATS_UPDATE_PERIOD);
5322 		if (ret) {
5323 			ath10k_warn(ar,
5324 				    "failed to set peer stats period : %d\n",
5325 				    ret);
5326 			goto err_core_stop;
5327 		}
5328 	}
5329 
5330 	param = ar->wmi.pdev_param->enable_btcoex;
5331 	if (test_bit(WMI_SERVICE_COEX_GPIO, ar->wmi.svc_map) &&
5332 	    test_bit(ATH10K_FW_FEATURE_BTCOEX_PARAM,
5333 		     ar->running_fw->fw_file.fw_features) &&
5334 	    ar->coex_support) {
5335 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5336 		if (ret) {
5337 			ath10k_warn(ar,
5338 				    "failed to set btcoex param: %d\n", ret);
5339 			goto err_core_stop;
5340 		}
5341 		clear_bit(ATH10K_FLAG_BTCOEX, &ar->dev_flags);
5342 	}
5343 
5344 	if (test_bit(WMI_SERVICE_BB_TIMING_CONFIG_SUPPORT, ar->wmi.svc_map)) {
5345 		ret = __ath10k_fetch_bb_timing_dt(ar, &bb_timing);
5346 		if (!ret) {
5347 			ret = ath10k_wmi_pdev_bb_timing(ar, &bb_timing);
5348 			if (ret) {
5349 				ath10k_warn(ar,
5350 					    "failed to set bb timings: %d\n",
5351 					    ret);
5352 				goto err_core_stop;
5353 			}
5354 		}
5355 	}
5356 
5357 	ar->num_started_vdevs = 0;
5358 	ath10k_regd_update(ar);
5359 
5360 	ath10k_spectral_start(ar);
5361 	ath10k_thermal_set_throttling(ar);
5362 
5363 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_IDLE;
5364 
5365 	mutex_unlock(&ar->conf_mutex);
5366 	return 0;
5367 
5368 err_core_stop:
5369 	ath10k_core_stop(ar);
5370 
5371 err_power_down:
5372 	ath10k_hif_power_down(ar);
5373 
5374 err_off:
5375 	ar->state = ATH10K_STATE_OFF;
5376 
5377 err:
5378 	mutex_unlock(&ar->conf_mutex);
5379 	return ret;
5380 }
5381 
5382 static void ath10k_stop(struct ieee80211_hw *hw)
5383 {
5384 	struct ath10k *ar = hw->priv;
5385 	u32 opt;
5386 
5387 	ath10k_drain_tx(ar);
5388 
5389 	mutex_lock(&ar->conf_mutex);
5390 	if (ar->state != ATH10K_STATE_OFF) {
5391 		if (!ar->hw_rfkill_on) {
5392 			/* If the current driver state is RESTARTING but not yet
5393 			 * fully RESTARTED because of incoming suspend event,
5394 			 * then ath10k_halt() is already called via
5395 			 * ath10k_core_restart() and should not be called here.
5396 			 */
5397 			if (ar->state != ATH10K_STATE_RESTARTING) {
5398 				ath10k_halt(ar);
5399 			} else {
5400 				/* Suspending here, because when in RESTARTING
5401 				 * state, ath10k_core_stop() skips
5402 				 * ath10k_wait_for_suspend().
5403 				 */
5404 				opt = WMI_PDEV_SUSPEND_AND_DISABLE_INTR;
5405 				ath10k_wait_for_suspend(ar, opt);
5406 			}
5407 		}
5408 		ar->state = ATH10K_STATE_OFF;
5409 	}
5410 	mutex_unlock(&ar->conf_mutex);
5411 
5412 	cancel_work_sync(&ar->set_coverage_class_work);
5413 	cancel_delayed_work_sync(&ar->scan.timeout);
5414 	cancel_work_sync(&ar->restart_work);
5415 }
5416 
5417 static int ath10k_config_ps(struct ath10k *ar)
5418 {
5419 	struct ath10k_vif *arvif;
5420 	int ret = 0;
5421 
5422 	lockdep_assert_held(&ar->conf_mutex);
5423 
5424 	list_for_each_entry(arvif, &ar->arvifs, list) {
5425 		ret = ath10k_mac_vif_setup_ps(arvif);
5426 		if (ret) {
5427 			ath10k_warn(ar, "failed to setup powersave: %d\n", ret);
5428 			break;
5429 		}
5430 	}
5431 
5432 	return ret;
5433 }
5434 
5435 static int ath10k_config(struct ieee80211_hw *hw, u32 changed)
5436 {
5437 	struct ath10k *ar = hw->priv;
5438 	struct ieee80211_conf *conf = &hw->conf;
5439 	int ret = 0;
5440 
5441 	mutex_lock(&ar->conf_mutex);
5442 
5443 	if (changed & IEEE80211_CONF_CHANGE_PS)
5444 		ath10k_config_ps(ar);
5445 
5446 	if (changed & IEEE80211_CONF_CHANGE_MONITOR) {
5447 		ar->monitor = conf->flags & IEEE80211_CONF_MONITOR;
5448 		ret = ath10k_monitor_recalc(ar);
5449 		if (ret)
5450 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5451 	}
5452 
5453 	mutex_unlock(&ar->conf_mutex);
5454 	return ret;
5455 }
5456 
5457 static u32 get_nss_from_chainmask(u16 chain_mask)
5458 {
5459 	if ((chain_mask & 0xf) == 0xf)
5460 		return 4;
5461 	else if ((chain_mask & 0x7) == 0x7)
5462 		return 3;
5463 	else if ((chain_mask & 0x3) == 0x3)
5464 		return 2;
5465 	return 1;
5466 }
5467 
5468 static int ath10k_mac_set_txbf_conf(struct ath10k_vif *arvif)
5469 {
5470 	u32 value = 0;
5471 	struct ath10k *ar = arvif->ar;
5472 	int nsts;
5473 	int sound_dim;
5474 
5475 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_BEFORE_ASSOC)
5476 		return 0;
5477 
5478 	nsts = ath10k_mac_get_vht_cap_bf_sts(ar);
5479 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
5480 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE))
5481 		value |= SM(nsts, WMI_TXBF_STS_CAP_OFFSET);
5482 
5483 	sound_dim = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
5484 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
5485 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE))
5486 		value |= SM(sound_dim, WMI_BF_SOUND_DIM_OFFSET);
5487 
5488 	if (!value)
5489 		return 0;
5490 
5491 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
5492 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
5493 
5494 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
5495 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFER |
5496 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFER);
5497 
5498 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
5499 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
5500 
5501 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
5502 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFEE |
5503 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFEE);
5504 
5505 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
5506 					 ar->wmi.vdev_param->txbf, value);
5507 }
5508 
5509 static void ath10k_update_vif_offload(struct ieee80211_hw *hw,
5510 				      struct ieee80211_vif *vif)
5511 {
5512 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5513 	struct ath10k *ar = hw->priv;
5514 	u32 vdev_param;
5515 	int ret;
5516 
5517 	if (ath10k_frame_mode != ATH10K_HW_TXRX_ETHERNET ||
5518 	    ar->wmi.vdev_param->tx_encap_type == WMI_VDEV_PARAM_UNSUPPORTED ||
5519 	     (vif->type != NL80211_IFTYPE_STATION &&
5520 	      vif->type != NL80211_IFTYPE_AP))
5521 		vif->offload_flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
5522 
5523 	vdev_param = ar->wmi.vdev_param->tx_encap_type;
5524 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5525 					ATH10K_HW_TXRX_NATIVE_WIFI);
5526 	/* 10.X firmware does not support this VDEV parameter. Do not warn */
5527 	if (ret && ret != -EOPNOTSUPP) {
5528 		ath10k_warn(ar, "failed to set vdev %i TX encapsulation: %d\n",
5529 			    arvif->vdev_id, ret);
5530 	}
5531 }
5532 
5533 /*
5534  * TODO:
5535  * Figure out how to handle WMI_VDEV_SUBTYPE_P2P_DEVICE,
5536  * because we will send mgmt frames without CCK. This requirement
5537  * for P2P_FIND/GO_NEG should be handled by checking CCK flag
5538  * in the TX packet.
5539  */
5540 static int ath10k_add_interface(struct ieee80211_hw *hw,
5541 				struct ieee80211_vif *vif)
5542 {
5543 	struct ath10k *ar = hw->priv;
5544 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5545 	struct ath10k_peer *peer;
5546 	enum wmi_sta_powersave_param param;
5547 	int ret = 0;
5548 	u32 value;
5549 	int bit;
5550 	int i;
5551 	u32 vdev_param;
5552 
5553 	vif->driver_flags |= IEEE80211_VIF_SUPPORTS_UAPSD;
5554 
5555 	mutex_lock(&ar->conf_mutex);
5556 
5557 	memset(arvif, 0, sizeof(*arvif));
5558 	ath10k_mac_txq_init(vif->txq);
5559 
5560 	arvif->ar = ar;
5561 	arvif->vif = vif;
5562 
5563 	INIT_LIST_HEAD(&arvif->list);
5564 	INIT_WORK(&arvif->ap_csa_work, ath10k_mac_vif_ap_csa_work);
5565 	INIT_DELAYED_WORK(&arvif->connection_loss_work,
5566 			  ath10k_mac_vif_sta_connection_loss_work);
5567 
5568 	for (i = 0; i < ARRAY_SIZE(arvif->bitrate_mask.control); i++) {
5569 		arvif->bitrate_mask.control[i].legacy = 0xffffffff;
5570 		memset(arvif->bitrate_mask.control[i].ht_mcs, 0xff,
5571 		       sizeof(arvif->bitrate_mask.control[i].ht_mcs));
5572 		memset(arvif->bitrate_mask.control[i].vht_mcs, 0xff,
5573 		       sizeof(arvif->bitrate_mask.control[i].vht_mcs));
5574 	}
5575 
5576 	if (ar->num_peers >= ar->max_num_peers) {
5577 		ath10k_warn(ar, "refusing vdev creation due to insufficient peer entry resources in firmware\n");
5578 		ret = -ENOBUFS;
5579 		goto err;
5580 	}
5581 
5582 	if (ar->free_vdev_map == 0) {
5583 		ath10k_warn(ar, "Free vdev map is empty, no more interfaces allowed.\n");
5584 		ret = -EBUSY;
5585 		goto err;
5586 	}
5587 	bit = __ffs64(ar->free_vdev_map);
5588 
5589 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac create vdev %i map %llx\n",
5590 		   bit, ar->free_vdev_map);
5591 
5592 	arvif->vdev_id = bit;
5593 	arvif->vdev_subtype =
5594 		ath10k_wmi_get_vdev_subtype(ar, WMI_VDEV_SUBTYPE_NONE);
5595 
5596 	switch (vif->type) {
5597 	case NL80211_IFTYPE_P2P_DEVICE:
5598 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5599 		arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5600 					(ar, WMI_VDEV_SUBTYPE_P2P_DEVICE);
5601 		break;
5602 	case NL80211_IFTYPE_UNSPECIFIED:
5603 	case NL80211_IFTYPE_STATION:
5604 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5605 		if (vif->p2p)
5606 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5607 					(ar, WMI_VDEV_SUBTYPE_P2P_CLIENT);
5608 		break;
5609 	case NL80211_IFTYPE_ADHOC:
5610 		arvif->vdev_type = WMI_VDEV_TYPE_IBSS;
5611 		break;
5612 	case NL80211_IFTYPE_MESH_POINT:
5613 		if (test_bit(WMI_SERVICE_MESH_11S, ar->wmi.svc_map)) {
5614 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5615 						(ar, WMI_VDEV_SUBTYPE_MESH_11S);
5616 		} else if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5617 			ret = -EINVAL;
5618 			ath10k_warn(ar, "must load driver with rawmode=1 to add mesh interfaces\n");
5619 			goto err;
5620 		}
5621 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5622 		break;
5623 	case NL80211_IFTYPE_AP:
5624 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5625 
5626 		if (vif->p2p)
5627 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5628 						(ar, WMI_VDEV_SUBTYPE_P2P_GO);
5629 		break;
5630 	case NL80211_IFTYPE_MONITOR:
5631 		arvif->vdev_type = WMI_VDEV_TYPE_MONITOR;
5632 		break;
5633 	default:
5634 		WARN_ON(1);
5635 		break;
5636 	}
5637 
5638 	/* Using vdev_id as queue number will make it very easy to do per-vif
5639 	 * tx queue locking. This shouldn't wrap due to interface combinations
5640 	 * but do a modulo for correctness sake and prevent using offchannel tx
5641 	 * queues for regular vif tx.
5642 	 */
5643 	vif->cab_queue = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5644 	for (i = 0; i < ARRAY_SIZE(vif->hw_queue); i++)
5645 		vif->hw_queue[i] = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5646 
5647 	/* Some firmware revisions don't wait for beacon tx completion before
5648 	 * sending another SWBA event. This could lead to hardware using old
5649 	 * (freed) beacon data in some cases, e.g. tx credit starvation
5650 	 * combined with missed TBTT. This is very rare.
5651 	 *
5652 	 * On non-IOMMU-enabled hosts this could be a possible security issue
5653 	 * because hw could beacon some random data on the air.  On
5654 	 * IOMMU-enabled hosts DMAR faults would occur in most cases and target
5655 	 * device would crash.
5656 	 *
5657 	 * Since there are no beacon tx completions (implicit nor explicit)
5658 	 * propagated to host the only workaround for this is to allocate a
5659 	 * DMA-coherent buffer for a lifetime of a vif and use it for all
5660 	 * beacon tx commands. Worst case for this approach is some beacons may
5661 	 * become corrupted, e.g. have garbled IEs or out-of-date TIM bitmap.
5662 	 */
5663 	if (vif->type == NL80211_IFTYPE_ADHOC ||
5664 	    vif->type == NL80211_IFTYPE_MESH_POINT ||
5665 	    vif->type == NL80211_IFTYPE_AP) {
5666 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL) {
5667 			arvif->beacon_buf = kmalloc(IEEE80211_MAX_FRAME_LEN,
5668 						    GFP_KERNEL);
5669 
5670 			/* Using a kernel pointer in place of a dma_addr_t
5671 			 * token can lead to undefined behavior if that
5672 			 * makes it into cache management functions. Use a
5673 			 * known-invalid address token instead, which
5674 			 * avoids the warning and makes it easier to catch
5675 			 * bugs if it does end up getting used.
5676 			 */
5677 			arvif->beacon_paddr = DMA_MAPPING_ERROR;
5678 		} else {
5679 			arvif->beacon_buf =
5680 				dma_alloc_coherent(ar->dev,
5681 						   IEEE80211_MAX_FRAME_LEN,
5682 						   &arvif->beacon_paddr,
5683 						   GFP_ATOMIC);
5684 		}
5685 		if (!arvif->beacon_buf) {
5686 			ret = -ENOMEM;
5687 			ath10k_warn(ar, "failed to allocate beacon buffer: %d\n",
5688 				    ret);
5689 			goto err;
5690 		}
5691 	}
5692 	if (test_bit(ATH10K_FLAG_HW_CRYPTO_DISABLED, &ar->dev_flags))
5693 		arvif->nohwcrypt = true;
5694 
5695 	if (arvif->nohwcrypt &&
5696 	    !test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5697 		ret = -EINVAL;
5698 		ath10k_warn(ar, "cryptmode module param needed for sw crypto\n");
5699 		goto err;
5700 	}
5701 
5702 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev create %d (add interface) type %d subtype %d bcnmode %s\n",
5703 		   arvif->vdev_id, arvif->vdev_type, arvif->vdev_subtype,
5704 		   arvif->beacon_buf ? "single-buf" : "per-skb");
5705 
5706 	ret = ath10k_wmi_vdev_create(ar, arvif->vdev_id, arvif->vdev_type,
5707 				     arvif->vdev_subtype, vif->addr);
5708 	if (ret) {
5709 		ath10k_warn(ar, "failed to create WMI vdev %i: %d\n",
5710 			    arvif->vdev_id, ret);
5711 		goto err;
5712 	}
5713 
5714 	if (test_bit(WMI_SERVICE_VDEV_DISABLE_4_ADDR_SRC_LRN_SUPPORT,
5715 		     ar->wmi.svc_map)) {
5716 		vdev_param = ar->wmi.vdev_param->disable_4addr_src_lrn;
5717 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5718 						WMI_VDEV_DISABLE_4_ADDR_SRC_LRN);
5719 		if (ret && ret != -EOPNOTSUPP) {
5720 			ath10k_warn(ar, "failed to disable 4addr src lrn vdev %i: %d\n",
5721 				    arvif->vdev_id, ret);
5722 		}
5723 	}
5724 
5725 	ar->free_vdev_map &= ~(1LL << arvif->vdev_id);
5726 	spin_lock_bh(&ar->data_lock);
5727 	list_add(&arvif->list, &ar->arvifs);
5728 	spin_unlock_bh(&ar->data_lock);
5729 
5730 	/* It makes no sense to have firmware do keepalives. mac80211 already
5731 	 * takes care of this with idle connection polling.
5732 	 */
5733 	ret = ath10k_mac_vif_disable_keepalive(arvif);
5734 	if (ret) {
5735 		ath10k_warn(ar, "failed to disable keepalive on vdev %i: %d\n",
5736 			    arvif->vdev_id, ret);
5737 		goto err_vdev_delete;
5738 	}
5739 
5740 	arvif->def_wep_key_idx = -1;
5741 
5742 	ath10k_update_vif_offload(hw, vif);
5743 
5744 	/* Configuring number of spatial stream for monitor interface is causing
5745 	 * target assert in qca9888 and qca6174.
5746 	 */
5747 	if (ar->cfg_tx_chainmask && (vif->type != NL80211_IFTYPE_MONITOR)) {
5748 		u16 nss = get_nss_from_chainmask(ar->cfg_tx_chainmask);
5749 
5750 		vdev_param = ar->wmi.vdev_param->nss;
5751 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5752 						nss);
5753 		if (ret) {
5754 			ath10k_warn(ar, "failed to set vdev %i chainmask 0x%x, nss %i: %d\n",
5755 				    arvif->vdev_id, ar->cfg_tx_chainmask, nss,
5756 				    ret);
5757 			goto err_vdev_delete;
5758 		}
5759 	}
5760 
5761 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5762 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5763 		ret = ath10k_peer_create(ar, vif, NULL, arvif->vdev_id,
5764 					 vif->addr, WMI_PEER_TYPE_DEFAULT);
5765 		if (ret) {
5766 			ath10k_warn(ar, "failed to create vdev %i peer for AP/IBSS: %d\n",
5767 				    arvif->vdev_id, ret);
5768 			goto err_vdev_delete;
5769 		}
5770 
5771 		spin_lock_bh(&ar->data_lock);
5772 
5773 		peer = ath10k_peer_find(ar, arvif->vdev_id, vif->addr);
5774 		if (!peer) {
5775 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
5776 				    vif->addr, arvif->vdev_id);
5777 			spin_unlock_bh(&ar->data_lock);
5778 			ret = -ENOENT;
5779 			goto err_peer_delete;
5780 		}
5781 
5782 		arvif->peer_id = find_first_bit(peer->peer_ids,
5783 						ATH10K_MAX_NUM_PEER_IDS);
5784 
5785 		spin_unlock_bh(&ar->data_lock);
5786 	} else {
5787 		arvif->peer_id = HTT_INVALID_PEERID;
5788 	}
5789 
5790 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
5791 		ret = ath10k_mac_set_kickout(arvif);
5792 		if (ret) {
5793 			ath10k_warn(ar, "failed to set vdev %i kickout parameters: %d\n",
5794 				    arvif->vdev_id, ret);
5795 			goto err_peer_delete;
5796 		}
5797 	}
5798 
5799 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
5800 		param = WMI_STA_PS_PARAM_RX_WAKE_POLICY;
5801 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
5802 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
5803 						  param, value);
5804 		if (ret) {
5805 			ath10k_warn(ar, "failed to set vdev %i RX wake policy: %d\n",
5806 				    arvif->vdev_id, ret);
5807 			goto err_peer_delete;
5808 		}
5809 
5810 		ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
5811 		if (ret) {
5812 			ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
5813 				    arvif->vdev_id, ret);
5814 			goto err_peer_delete;
5815 		}
5816 
5817 		ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
5818 		if (ret) {
5819 			ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
5820 				    arvif->vdev_id, ret);
5821 			goto err_peer_delete;
5822 		}
5823 	}
5824 
5825 	ret = ath10k_mac_set_txbf_conf(arvif);
5826 	if (ret) {
5827 		ath10k_warn(ar, "failed to set txbf for vdev %d: %d\n",
5828 			    arvif->vdev_id, ret);
5829 		goto err_peer_delete;
5830 	}
5831 
5832 	ret = ath10k_mac_set_rts(arvif, ar->hw->wiphy->rts_threshold);
5833 	if (ret) {
5834 		ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
5835 			    arvif->vdev_id, ret);
5836 		goto err_peer_delete;
5837 	}
5838 
5839 	arvif->txpower = vif->bss_conf.txpower;
5840 	ret = ath10k_mac_txpower_recalc(ar);
5841 	if (ret) {
5842 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5843 		goto err_peer_delete;
5844 	}
5845 
5846 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
5847 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
5848 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5849 						arvif->ftm_responder);
5850 
5851 		/* It is harmless to not set FTM role. Do not warn */
5852 		if (ret && ret != -EOPNOTSUPP)
5853 			ath10k_warn(ar, "failed to set vdev %i FTM Responder: %d\n",
5854 				    arvif->vdev_id, ret);
5855 	}
5856 
5857 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5858 		ar->monitor_arvif = arvif;
5859 		ret = ath10k_monitor_recalc(ar);
5860 		if (ret) {
5861 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5862 			goto err_peer_delete;
5863 		}
5864 	}
5865 
5866 	spin_lock_bh(&ar->htt.tx_lock);
5867 	if (!ar->tx_paused)
5868 		ieee80211_wake_queue(ar->hw, arvif->vdev_id);
5869 	spin_unlock_bh(&ar->htt.tx_lock);
5870 
5871 	mutex_unlock(&ar->conf_mutex);
5872 	return 0;
5873 
5874 err_peer_delete:
5875 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5876 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5877 		ath10k_wmi_peer_delete(ar, arvif->vdev_id, vif->addr);
5878 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5879 						 vif->addr);
5880 	}
5881 
5882 err_vdev_delete:
5883 	ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5884 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5885 	spin_lock_bh(&ar->data_lock);
5886 	list_del(&arvif->list);
5887 	spin_unlock_bh(&ar->data_lock);
5888 
5889 err:
5890 	if (arvif->beacon_buf) {
5891 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)
5892 			kfree(arvif->beacon_buf);
5893 		else
5894 			dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
5895 					  arvif->beacon_buf,
5896 					  arvif->beacon_paddr);
5897 		arvif->beacon_buf = NULL;
5898 	}
5899 
5900 	mutex_unlock(&ar->conf_mutex);
5901 
5902 	return ret;
5903 }
5904 
5905 static void ath10k_mac_vif_tx_unlock_all(struct ath10k_vif *arvif)
5906 {
5907 	int i;
5908 
5909 	for (i = 0; i < BITS_PER_LONG; i++)
5910 		ath10k_mac_vif_tx_unlock(arvif, i);
5911 }
5912 
5913 static void ath10k_remove_interface(struct ieee80211_hw *hw,
5914 				    struct ieee80211_vif *vif)
5915 {
5916 	struct ath10k *ar = hw->priv;
5917 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5918 	struct ath10k_peer *peer;
5919 	unsigned long time_left;
5920 	int ret;
5921 	int i;
5922 
5923 	cancel_work_sync(&arvif->ap_csa_work);
5924 	cancel_delayed_work_sync(&arvif->connection_loss_work);
5925 
5926 	mutex_lock(&ar->conf_mutex);
5927 
5928 	ret = ath10k_spectral_vif_stop(arvif);
5929 	if (ret)
5930 		ath10k_warn(ar, "failed to stop spectral for vdev %i: %d\n",
5931 			    arvif->vdev_id, ret);
5932 
5933 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5934 	spin_lock_bh(&ar->data_lock);
5935 	list_del(&arvif->list);
5936 	spin_unlock_bh(&ar->data_lock);
5937 
5938 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5939 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5940 		ret = ath10k_wmi_peer_delete(arvif->ar, arvif->vdev_id,
5941 					     vif->addr);
5942 		if (ret)
5943 			ath10k_warn(ar, "failed to submit AP/IBSS self-peer removal on vdev %i: %d\n",
5944 				    arvif->vdev_id, ret);
5945 
5946 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5947 						 vif->addr);
5948 		kfree(arvif->u.ap.noa_data);
5949 	}
5950 
5951 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i delete (remove interface)\n",
5952 		   arvif->vdev_id);
5953 
5954 	ret = ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5955 	if (ret)
5956 		ath10k_warn(ar, "failed to delete WMI vdev %i: %d\n",
5957 			    arvif->vdev_id, ret);
5958 
5959 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
5960 		time_left = wait_for_completion_timeout(&ar->vdev_delete_done,
5961 							ATH10K_VDEV_DELETE_TIMEOUT_HZ);
5962 		if (time_left == 0) {
5963 			ath10k_warn(ar, "Timeout in receiving vdev delete response\n");
5964 			goto out;
5965 		}
5966 	}
5967 
5968 	/* Some firmware revisions don't notify host about self-peer removal
5969 	 * until after associated vdev is deleted.
5970 	 */
5971 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5972 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5973 		ret = ath10k_wait_for_peer_deleted(ar, arvif->vdev_id,
5974 						   vif->addr);
5975 		if (ret)
5976 			ath10k_warn(ar, "failed to remove AP self-peer on vdev %i: %d\n",
5977 				    arvif->vdev_id, ret);
5978 
5979 		spin_lock_bh(&ar->data_lock);
5980 		ar->num_peers--;
5981 		spin_unlock_bh(&ar->data_lock);
5982 	}
5983 
5984 	spin_lock_bh(&ar->data_lock);
5985 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
5986 		peer = ar->peer_map[i];
5987 		if (!peer)
5988 			continue;
5989 
5990 		if (peer->vif == vif) {
5991 			ath10k_warn(ar, "found vif peer %pM entry on vdev %i after it was supposedly removed\n",
5992 				    vif->addr, arvif->vdev_id);
5993 			peer->vif = NULL;
5994 		}
5995 	}
5996 
5997 	/* Clean this up late, less opportunity for firmware to access
5998 	 * DMA memory we have deleted.
5999 	 */
6000 	ath10k_mac_vif_beacon_cleanup(arvif);
6001 	spin_unlock_bh(&ar->data_lock);
6002 
6003 	ath10k_peer_cleanup(ar, arvif->vdev_id);
6004 	ath10k_mac_txq_unref(ar, vif->txq);
6005 
6006 	if (vif->type == NL80211_IFTYPE_MONITOR) {
6007 		ar->monitor_arvif = NULL;
6008 		ret = ath10k_monitor_recalc(ar);
6009 		if (ret)
6010 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
6011 	}
6012 
6013 	ret = ath10k_mac_txpower_recalc(ar);
6014 	if (ret)
6015 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
6016 
6017 	spin_lock_bh(&ar->htt.tx_lock);
6018 	ath10k_mac_vif_tx_unlock_all(arvif);
6019 	spin_unlock_bh(&ar->htt.tx_lock);
6020 
6021 	ath10k_mac_txq_unref(ar, vif->txq);
6022 
6023 out:
6024 	mutex_unlock(&ar->conf_mutex);
6025 }
6026 
6027 /*
6028  * FIXME: Has to be verified.
6029  */
6030 #define SUPPORTED_FILTERS			\
6031 	(FIF_ALLMULTI |				\
6032 	FIF_CONTROL |				\
6033 	FIF_PSPOLL |				\
6034 	FIF_OTHER_BSS |				\
6035 	FIF_BCN_PRBRESP_PROMISC |		\
6036 	FIF_PROBE_REQ |				\
6037 	FIF_FCSFAIL)
6038 
6039 static void ath10k_configure_filter(struct ieee80211_hw *hw,
6040 				    unsigned int changed_flags,
6041 				    unsigned int *total_flags,
6042 				    u64 multicast)
6043 {
6044 	struct ath10k *ar = hw->priv;
6045 	int ret;
6046 
6047 	mutex_lock(&ar->conf_mutex);
6048 
6049 	*total_flags &= SUPPORTED_FILTERS;
6050 	ar->filter_flags = *total_flags;
6051 
6052 	ret = ath10k_monitor_recalc(ar);
6053 	if (ret)
6054 		ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
6055 
6056 	mutex_unlock(&ar->conf_mutex);
6057 }
6058 
6059 static void ath10k_recalculate_mgmt_rate(struct ath10k *ar,
6060 					 struct ieee80211_vif *vif,
6061 					 struct cfg80211_chan_def *def)
6062 {
6063 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6064 	const struct ieee80211_supported_band *sband;
6065 	u8 basic_rate_idx;
6066 	int hw_rate_code;
6067 	u32 vdev_param;
6068 	u16 bitrate;
6069 	int ret;
6070 
6071 	lockdep_assert_held(&ar->conf_mutex);
6072 
6073 	sband = ar->hw->wiphy->bands[def->chan->band];
6074 	basic_rate_idx = ffs(vif->bss_conf.basic_rates) - 1;
6075 	bitrate = sband->bitrates[basic_rate_idx].bitrate;
6076 
6077 	hw_rate_code = ath10k_mac_get_rate_hw_value(bitrate);
6078 	if (hw_rate_code < 0) {
6079 		ath10k_warn(ar, "bitrate not supported %d\n", bitrate);
6080 		return;
6081 	}
6082 
6083 	vdev_param = ar->wmi.vdev_param->mgmt_rate;
6084 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6085 					hw_rate_code);
6086 	if (ret)
6087 		ath10k_warn(ar, "failed to set mgmt tx rate %d\n", ret);
6088 }
6089 
6090 static void ath10k_bss_info_changed(struct ieee80211_hw *hw,
6091 				    struct ieee80211_vif *vif,
6092 				    struct ieee80211_bss_conf *info,
6093 				    u64 changed)
6094 {
6095 	struct ath10k *ar = hw->priv;
6096 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6097 	struct cfg80211_chan_def def;
6098 	u32 vdev_param, pdev_param, slottime, preamble;
6099 	u16 bitrate, hw_value;
6100 	u8 rate, rateidx;
6101 	int ret = 0, mcast_rate;
6102 	enum nl80211_band band;
6103 
6104 	mutex_lock(&ar->conf_mutex);
6105 
6106 	if (changed & BSS_CHANGED_IBSS)
6107 		ath10k_control_ibss(arvif, vif);
6108 
6109 	if (changed & BSS_CHANGED_BEACON_INT) {
6110 		arvif->beacon_interval = info->beacon_int;
6111 		vdev_param = ar->wmi.vdev_param->beacon_interval;
6112 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6113 						arvif->beacon_interval);
6114 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6115 			   "mac vdev %d beacon_interval %d\n",
6116 			   arvif->vdev_id, arvif->beacon_interval);
6117 
6118 		if (ret)
6119 			ath10k_warn(ar, "failed to set beacon interval for vdev %d: %i\n",
6120 				    arvif->vdev_id, ret);
6121 	}
6122 
6123 	if (changed & BSS_CHANGED_BEACON) {
6124 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6125 			   "vdev %d set beacon tx mode to staggered\n",
6126 			   arvif->vdev_id);
6127 
6128 		pdev_param = ar->wmi.pdev_param->beacon_tx_mode;
6129 		ret = ath10k_wmi_pdev_set_param(ar, pdev_param,
6130 						WMI_BEACON_STAGGERED_MODE);
6131 		if (ret)
6132 			ath10k_warn(ar, "failed to set beacon mode for vdev %d: %i\n",
6133 				    arvif->vdev_id, ret);
6134 
6135 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
6136 		if (ret)
6137 			ath10k_warn(ar, "failed to update beacon template: %d\n",
6138 				    ret);
6139 
6140 		if (ieee80211_vif_is_mesh(vif)) {
6141 			/* mesh doesn't use SSID but firmware needs it */
6142 			strncpy(arvif->u.ap.ssid, "mesh",
6143 				sizeof(arvif->u.ap.ssid));
6144 			arvif->u.ap.ssid_len = 4;
6145 		}
6146 	}
6147 
6148 	if (changed & BSS_CHANGED_AP_PROBE_RESP) {
6149 		ret = ath10k_mac_setup_prb_tmpl(arvif);
6150 		if (ret)
6151 			ath10k_warn(ar, "failed to setup probe resp template on vdev %i: %d\n",
6152 				    arvif->vdev_id, ret);
6153 	}
6154 
6155 	if (changed & (BSS_CHANGED_BEACON_INFO | BSS_CHANGED_BEACON)) {
6156 		arvif->dtim_period = info->dtim_period;
6157 
6158 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6159 			   "mac vdev %d dtim_period %d\n",
6160 			   arvif->vdev_id, arvif->dtim_period);
6161 
6162 		vdev_param = ar->wmi.vdev_param->dtim_period;
6163 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6164 						arvif->dtim_period);
6165 		if (ret)
6166 			ath10k_warn(ar, "failed to set dtim period for vdev %d: %i\n",
6167 				    arvif->vdev_id, ret);
6168 	}
6169 
6170 	if (changed & BSS_CHANGED_SSID &&
6171 	    vif->type == NL80211_IFTYPE_AP) {
6172 		arvif->u.ap.ssid_len = vif->cfg.ssid_len;
6173 		if (vif->cfg.ssid_len)
6174 			memcpy(arvif->u.ap.ssid, vif->cfg.ssid,
6175 			       vif->cfg.ssid_len);
6176 		arvif->u.ap.hidden_ssid = info->hidden_ssid;
6177 	}
6178 
6179 	if (changed & BSS_CHANGED_BSSID && !is_zero_ether_addr(info->bssid))
6180 		ether_addr_copy(arvif->bssid, info->bssid);
6181 
6182 	if (changed & BSS_CHANGED_FTM_RESPONDER &&
6183 	    arvif->ftm_responder != info->ftm_responder &&
6184 	    test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
6185 		arvif->ftm_responder = info->ftm_responder;
6186 
6187 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
6188 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6189 						arvif->ftm_responder);
6190 
6191 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6192 			   "mac vdev %d ftm_responder %d:ret %d\n",
6193 			   arvif->vdev_id, arvif->ftm_responder, ret);
6194 	}
6195 
6196 	if (changed & BSS_CHANGED_BEACON_ENABLED)
6197 		ath10k_control_beaconing(arvif, info);
6198 
6199 	if (changed & BSS_CHANGED_ERP_CTS_PROT) {
6200 		arvif->use_cts_prot = info->use_cts_prot;
6201 
6202 		ret = ath10k_recalc_rtscts_prot(arvif);
6203 		if (ret)
6204 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
6205 				    arvif->vdev_id, ret);
6206 
6207 		if (ath10k_mac_can_set_cts_prot(arvif)) {
6208 			ret = ath10k_mac_set_cts_prot(arvif);
6209 			if (ret)
6210 				ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
6211 					    arvif->vdev_id, ret);
6212 		}
6213 	}
6214 
6215 	if (changed & BSS_CHANGED_ERP_SLOT) {
6216 		if (info->use_short_slot)
6217 			slottime = WMI_VDEV_SLOT_TIME_SHORT; /* 9us */
6218 
6219 		else
6220 			slottime = WMI_VDEV_SLOT_TIME_LONG; /* 20us */
6221 
6222 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d slot_time %d\n",
6223 			   arvif->vdev_id, slottime);
6224 
6225 		vdev_param = ar->wmi.vdev_param->slot_time;
6226 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6227 						slottime);
6228 		if (ret)
6229 			ath10k_warn(ar, "failed to set erp slot for vdev %d: %i\n",
6230 				    arvif->vdev_id, ret);
6231 	}
6232 
6233 	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
6234 		if (info->use_short_preamble)
6235 			preamble = WMI_VDEV_PREAMBLE_SHORT;
6236 		else
6237 			preamble = WMI_VDEV_PREAMBLE_LONG;
6238 
6239 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6240 			   "mac vdev %d preamble %dn",
6241 			   arvif->vdev_id, preamble);
6242 
6243 		vdev_param = ar->wmi.vdev_param->preamble;
6244 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6245 						preamble);
6246 		if (ret)
6247 			ath10k_warn(ar, "failed to set preamble for vdev %d: %i\n",
6248 				    arvif->vdev_id, ret);
6249 	}
6250 
6251 	if (changed & BSS_CHANGED_ASSOC) {
6252 		if (vif->cfg.assoc) {
6253 			/* Workaround: Make sure monitor vdev is not running
6254 			 * when associating to prevent some firmware revisions
6255 			 * (e.g. 10.1 and 10.2) from crashing.
6256 			 */
6257 			if (ar->monitor_started)
6258 				ath10k_monitor_stop(ar);
6259 			ath10k_bss_assoc(hw, vif, info);
6260 			ath10k_monitor_recalc(ar);
6261 		} else {
6262 			ath10k_bss_disassoc(hw, vif);
6263 		}
6264 	}
6265 
6266 	if (changed & BSS_CHANGED_TXPOWER) {
6267 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev_id %i txpower %d\n",
6268 			   arvif->vdev_id, info->txpower);
6269 
6270 		arvif->txpower = info->txpower;
6271 		ret = ath10k_mac_txpower_recalc(ar);
6272 		if (ret)
6273 			ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
6274 	}
6275 
6276 	if (changed & BSS_CHANGED_PS) {
6277 		arvif->ps = vif->cfg.ps;
6278 
6279 		ret = ath10k_config_ps(ar);
6280 		if (ret)
6281 			ath10k_warn(ar, "failed to setup ps on vdev %i: %d\n",
6282 				    arvif->vdev_id, ret);
6283 	}
6284 
6285 	if (changed & BSS_CHANGED_MCAST_RATE &&
6286 	    !ath10k_mac_vif_chan(arvif->vif, &def)) {
6287 		band = def.chan->band;
6288 		mcast_rate = vif->bss_conf.mcast_rate[band];
6289 		if (mcast_rate > 0)
6290 			rateidx = mcast_rate - 1;
6291 		else
6292 			rateidx = ffs(vif->bss_conf.basic_rates) - 1;
6293 
6294 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6295 			rateidx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6296 
6297 		bitrate = ath10k_wmi_legacy_rates[rateidx].bitrate;
6298 		hw_value = ath10k_wmi_legacy_rates[rateidx].hw_value;
6299 		if (ath10k_mac_bitrate_is_cck(bitrate))
6300 			preamble = WMI_RATE_PREAMBLE_CCK;
6301 		else
6302 			preamble = WMI_RATE_PREAMBLE_OFDM;
6303 
6304 		rate = ATH10K_HW_RATECODE(hw_value, 0, preamble);
6305 
6306 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6307 			   "mac vdev %d mcast_rate %x\n",
6308 			   arvif->vdev_id, rate);
6309 
6310 		vdev_param = ar->wmi.vdev_param->mcast_data_rate;
6311 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6312 						vdev_param, rate);
6313 		if (ret)
6314 			ath10k_warn(ar,
6315 				    "failed to set mcast rate on vdev %i: %d\n",
6316 				    arvif->vdev_id,  ret);
6317 
6318 		vdev_param = ar->wmi.vdev_param->bcast_data_rate;
6319 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6320 						vdev_param, rate);
6321 		if (ret)
6322 			ath10k_warn(ar,
6323 				    "failed to set bcast rate on vdev %i: %d\n",
6324 				    arvif->vdev_id,  ret);
6325 	}
6326 
6327 	if (changed & BSS_CHANGED_BASIC_RATES &&
6328 	    !ath10k_mac_vif_chan(arvif->vif, &def))
6329 		ath10k_recalculate_mgmt_rate(ar, vif, &def);
6330 
6331 	mutex_unlock(&ar->conf_mutex);
6332 }
6333 
6334 static void ath10k_mac_op_set_coverage_class(struct ieee80211_hw *hw, s16 value)
6335 {
6336 	struct ath10k *ar = hw->priv;
6337 
6338 	/* This function should never be called if setting the coverage class
6339 	 * is not supported on this hardware.
6340 	 */
6341 	if (!ar->hw_params.hw_ops->set_coverage_class) {
6342 		WARN_ON_ONCE(1);
6343 		return;
6344 	}
6345 	ar->hw_params.hw_ops->set_coverage_class(ar, value);
6346 }
6347 
6348 struct ath10k_mac_tdls_iter_data {
6349 	u32 num_tdls_stations;
6350 	struct ieee80211_vif *curr_vif;
6351 };
6352 
6353 static void ath10k_mac_tdls_vif_stations_count_iter(void *data,
6354 						    struct ieee80211_sta *sta)
6355 {
6356 	struct ath10k_mac_tdls_iter_data *iter_data = data;
6357 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
6358 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
6359 
6360 	if (sta->tdls && sta_vif == iter_data->curr_vif)
6361 		iter_data->num_tdls_stations++;
6362 }
6363 
6364 static int ath10k_mac_tdls_vif_stations_count(struct ieee80211_hw *hw,
6365 					      struct ieee80211_vif *vif)
6366 {
6367 	struct ath10k_mac_tdls_iter_data data = {};
6368 
6369 	data.curr_vif = vif;
6370 
6371 	ieee80211_iterate_stations_atomic(hw,
6372 					  ath10k_mac_tdls_vif_stations_count_iter,
6373 					  &data);
6374 	return data.num_tdls_stations;
6375 }
6376 
6377 static int ath10k_hw_scan(struct ieee80211_hw *hw,
6378 			  struct ieee80211_vif *vif,
6379 			  struct ieee80211_scan_request *hw_req)
6380 {
6381 	struct ath10k *ar = hw->priv;
6382 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6383 	struct cfg80211_scan_request *req = &hw_req->req;
6384 	struct wmi_start_scan_arg arg;
6385 	int ret = 0;
6386 	int i;
6387 	u32 scan_timeout;
6388 
6389 	mutex_lock(&ar->conf_mutex);
6390 
6391 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
6392 		ret = -EBUSY;
6393 		goto exit;
6394 	}
6395 
6396 	spin_lock_bh(&ar->data_lock);
6397 	switch (ar->scan.state) {
6398 	case ATH10K_SCAN_IDLE:
6399 		reinit_completion(&ar->scan.started);
6400 		reinit_completion(&ar->scan.completed);
6401 		ar->scan.state = ATH10K_SCAN_STARTING;
6402 		ar->scan.is_roc = false;
6403 		ar->scan.vdev_id = arvif->vdev_id;
6404 		ret = 0;
6405 		break;
6406 	case ATH10K_SCAN_STARTING:
6407 	case ATH10K_SCAN_RUNNING:
6408 	case ATH10K_SCAN_ABORTING:
6409 		ret = -EBUSY;
6410 		break;
6411 	}
6412 	spin_unlock_bh(&ar->data_lock);
6413 
6414 	if (ret)
6415 		goto exit;
6416 
6417 	memset(&arg, 0, sizeof(arg));
6418 	ath10k_wmi_start_scan_init(ar, &arg);
6419 	arg.vdev_id = arvif->vdev_id;
6420 	arg.scan_id = ATH10K_SCAN_ID;
6421 
6422 	if (req->ie_len) {
6423 		arg.ie_len = req->ie_len;
6424 		memcpy(arg.ie, req->ie, arg.ie_len);
6425 	}
6426 
6427 	if (req->n_ssids) {
6428 		arg.n_ssids = req->n_ssids;
6429 		for (i = 0; i < arg.n_ssids; i++) {
6430 			arg.ssids[i].len  = req->ssids[i].ssid_len;
6431 			arg.ssids[i].ssid = req->ssids[i].ssid;
6432 		}
6433 	} else {
6434 		arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
6435 	}
6436 
6437 	if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6438 		arg.scan_ctrl_flags |=  WMI_SCAN_ADD_SPOOFED_MAC_IN_PROBE_REQ;
6439 		ether_addr_copy(arg.mac_addr.addr, req->mac_addr);
6440 		ether_addr_copy(arg.mac_mask.addr, req->mac_addr_mask);
6441 	}
6442 
6443 	if (req->n_channels) {
6444 		arg.n_channels = req->n_channels;
6445 		for (i = 0; i < arg.n_channels; i++)
6446 			arg.channels[i] = req->channels[i]->center_freq;
6447 	}
6448 
6449 	/* if duration is set, default dwell times will be overwritten */
6450 	if (req->duration) {
6451 		arg.dwell_time_active = req->duration;
6452 		arg.dwell_time_passive = req->duration;
6453 		arg.burst_duration_ms = req->duration;
6454 
6455 		scan_timeout = min_t(u32, arg.max_rest_time *
6456 				(arg.n_channels - 1) + (req->duration +
6457 				ATH10K_SCAN_CHANNEL_SWITCH_WMI_EVT_OVERHEAD) *
6458 				arg.n_channels, arg.max_scan_time);
6459 	} else {
6460 		scan_timeout = arg.max_scan_time;
6461 	}
6462 
6463 	/* Add a 200ms margin to account for event/command processing */
6464 	scan_timeout += 200;
6465 
6466 	ret = ath10k_start_scan(ar, &arg);
6467 	if (ret) {
6468 		ath10k_warn(ar, "failed to start hw scan: %d\n", ret);
6469 		spin_lock_bh(&ar->data_lock);
6470 		ar->scan.state = ATH10K_SCAN_IDLE;
6471 		spin_unlock_bh(&ar->data_lock);
6472 	}
6473 
6474 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
6475 				     msecs_to_jiffies(scan_timeout));
6476 
6477 exit:
6478 	mutex_unlock(&ar->conf_mutex);
6479 	return ret;
6480 }
6481 
6482 static void ath10k_cancel_hw_scan(struct ieee80211_hw *hw,
6483 				  struct ieee80211_vif *vif)
6484 {
6485 	struct ath10k *ar = hw->priv;
6486 
6487 	mutex_lock(&ar->conf_mutex);
6488 	ath10k_scan_abort(ar);
6489 	mutex_unlock(&ar->conf_mutex);
6490 
6491 	cancel_delayed_work_sync(&ar->scan.timeout);
6492 }
6493 
6494 static void ath10k_set_key_h_def_keyidx(struct ath10k *ar,
6495 					struct ath10k_vif *arvif,
6496 					enum set_key_cmd cmd,
6497 					struct ieee80211_key_conf *key)
6498 {
6499 	u32 vdev_param = arvif->ar->wmi.vdev_param->def_keyid;
6500 	int ret;
6501 
6502 	/* 10.1 firmware branch requires default key index to be set to group
6503 	 * key index after installing it. Otherwise FW/HW Txes corrupted
6504 	 * frames with multi-vif APs. This is not required for main firmware
6505 	 * branch (e.g. 636).
6506 	 *
6507 	 * This is also needed for 636 fw for IBSS-RSN to work more reliably.
6508 	 *
6509 	 * FIXME: It remains unknown if this is required for multi-vif STA
6510 	 * interfaces on 10.1.
6511 	 */
6512 
6513 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
6514 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
6515 		return;
6516 
6517 	if (key->cipher == WLAN_CIPHER_SUITE_WEP40)
6518 		return;
6519 
6520 	if (key->cipher == WLAN_CIPHER_SUITE_WEP104)
6521 		return;
6522 
6523 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6524 		return;
6525 
6526 	if (cmd != SET_KEY)
6527 		return;
6528 
6529 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6530 					key->keyidx);
6531 	if (ret)
6532 		ath10k_warn(ar, "failed to set vdev %i group key as default key: %d\n",
6533 			    arvif->vdev_id, ret);
6534 }
6535 
6536 static int ath10k_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
6537 			  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
6538 			  struct ieee80211_key_conf *key)
6539 {
6540 	struct ath10k *ar = hw->priv;
6541 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6542 	struct ath10k_sta *arsta;
6543 	struct ath10k_peer *peer;
6544 	const u8 *peer_addr;
6545 	bool is_wep = key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
6546 		      key->cipher == WLAN_CIPHER_SUITE_WEP104;
6547 	int ret = 0;
6548 	int ret2;
6549 	u32 flags = 0;
6550 	u32 flags2;
6551 
6552 	/* this one needs to be done in software */
6553 	if (key->cipher == WLAN_CIPHER_SUITE_AES_CMAC ||
6554 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 ||
6555 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256 ||
6556 	    key->cipher == WLAN_CIPHER_SUITE_BIP_CMAC_256)
6557 		return 1;
6558 
6559 	if (arvif->nohwcrypt)
6560 		return 1;
6561 
6562 	if (key->keyidx > WMI_MAX_KEY_INDEX)
6563 		return -ENOSPC;
6564 
6565 	mutex_lock(&ar->conf_mutex);
6566 
6567 	if (sta) {
6568 		arsta = (struct ath10k_sta *)sta->drv_priv;
6569 		peer_addr = sta->addr;
6570 		spin_lock_bh(&ar->data_lock);
6571 		arsta->ucast_cipher = key->cipher;
6572 		spin_unlock_bh(&ar->data_lock);
6573 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
6574 		peer_addr = vif->bss_conf.bssid;
6575 	} else {
6576 		peer_addr = vif->addr;
6577 	}
6578 
6579 	key->hw_key_idx = key->keyidx;
6580 
6581 	if (is_wep) {
6582 		if (cmd == SET_KEY)
6583 			arvif->wep_keys[key->keyidx] = key;
6584 		else
6585 			arvif->wep_keys[key->keyidx] = NULL;
6586 	}
6587 
6588 	/* the peer should not disappear in mid-way (unless FW goes awry) since
6589 	 * we already hold conf_mutex. we just make sure its there now.
6590 	 */
6591 	spin_lock_bh(&ar->data_lock);
6592 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6593 	spin_unlock_bh(&ar->data_lock);
6594 
6595 	if (!peer) {
6596 		if (cmd == SET_KEY) {
6597 			ath10k_warn(ar, "failed to install key for non-existent peer %pM\n",
6598 				    peer_addr);
6599 			ret = -EOPNOTSUPP;
6600 			goto exit;
6601 		} else {
6602 			/* if the peer doesn't exist there is no key to disable anymore */
6603 			goto exit;
6604 		}
6605 	}
6606 
6607 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6608 		flags |= WMI_KEY_PAIRWISE;
6609 	else
6610 		flags |= WMI_KEY_GROUP;
6611 
6612 	if (is_wep) {
6613 		if (cmd == DISABLE_KEY)
6614 			ath10k_clear_vdev_key(arvif, key);
6615 
6616 		/* When WEP keys are uploaded it's possible that there are
6617 		 * stations associated already (e.g. when merging) without any
6618 		 * keys. Static WEP needs an explicit per-peer key upload.
6619 		 */
6620 		if (vif->type == NL80211_IFTYPE_ADHOC &&
6621 		    cmd == SET_KEY)
6622 			ath10k_mac_vif_update_wep_key(arvif, key);
6623 
6624 		/* 802.1x never sets the def_wep_key_idx so each set_key()
6625 		 * call changes default tx key.
6626 		 *
6627 		 * Static WEP sets def_wep_key_idx via .set_default_unicast_key
6628 		 * after first set_key().
6629 		 */
6630 		if (cmd == SET_KEY && arvif->def_wep_key_idx == -1)
6631 			flags |= WMI_KEY_TX_USAGE;
6632 	}
6633 
6634 	ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags);
6635 	if (ret) {
6636 		WARN_ON(ret > 0);
6637 		ath10k_warn(ar, "failed to install key for vdev %i peer %pM: %d\n",
6638 			    arvif->vdev_id, peer_addr, ret);
6639 		goto exit;
6640 	}
6641 
6642 	/* mac80211 sets static WEP keys as groupwise while firmware requires
6643 	 * them to be installed twice as both pairwise and groupwise.
6644 	 */
6645 	if (is_wep && !sta && vif->type == NL80211_IFTYPE_STATION) {
6646 		flags2 = flags;
6647 		flags2 &= ~WMI_KEY_GROUP;
6648 		flags2 |= WMI_KEY_PAIRWISE;
6649 
6650 		ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags2);
6651 		if (ret) {
6652 			WARN_ON(ret > 0);
6653 			ath10k_warn(ar, "failed to install (ucast) key for vdev %i peer %pM: %d\n",
6654 				    arvif->vdev_id, peer_addr, ret);
6655 			ret2 = ath10k_install_key(arvif, key, DISABLE_KEY,
6656 						  peer_addr, flags);
6657 			if (ret2) {
6658 				WARN_ON(ret2 > 0);
6659 				ath10k_warn(ar, "failed to disable (mcast) key for vdev %i peer %pM: %d\n",
6660 					    arvif->vdev_id, peer_addr, ret2);
6661 			}
6662 			goto exit;
6663 		}
6664 	}
6665 
6666 	ath10k_set_key_h_def_keyidx(ar, arvif, cmd, key);
6667 
6668 	spin_lock_bh(&ar->data_lock);
6669 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6670 	if (peer && cmd == SET_KEY)
6671 		peer->keys[key->keyidx] = key;
6672 	else if (peer && cmd == DISABLE_KEY)
6673 		peer->keys[key->keyidx] = NULL;
6674 	else if (peer == NULL)
6675 		/* impossible unless FW goes crazy */
6676 		ath10k_warn(ar, "Peer %pM disappeared!\n", peer_addr);
6677 	spin_unlock_bh(&ar->data_lock);
6678 
6679 	if (sta && sta->tdls)
6680 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6681 					  ar->wmi.peer_param->authorize, 1);
6682 	else if (sta && cmd == SET_KEY && (key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
6683 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, peer_addr,
6684 					  ar->wmi.peer_param->authorize, 1);
6685 
6686 exit:
6687 	mutex_unlock(&ar->conf_mutex);
6688 	return ret;
6689 }
6690 
6691 static void ath10k_set_default_unicast_key(struct ieee80211_hw *hw,
6692 					   struct ieee80211_vif *vif,
6693 					   int keyidx)
6694 {
6695 	struct ath10k *ar = hw->priv;
6696 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6697 	int ret;
6698 
6699 	mutex_lock(&arvif->ar->conf_mutex);
6700 
6701 	if (arvif->ar->state != ATH10K_STATE_ON)
6702 		goto unlock;
6703 
6704 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d set keyidx %d\n",
6705 		   arvif->vdev_id, keyidx);
6706 
6707 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
6708 					arvif->vdev_id,
6709 					arvif->ar->wmi.vdev_param->def_keyid,
6710 					keyidx);
6711 
6712 	if (ret) {
6713 		ath10k_warn(ar, "failed to update wep key index for vdev %d: %d\n",
6714 			    arvif->vdev_id,
6715 			    ret);
6716 		goto unlock;
6717 	}
6718 
6719 	arvif->def_wep_key_idx = keyidx;
6720 
6721 unlock:
6722 	mutex_unlock(&arvif->ar->conf_mutex);
6723 }
6724 
6725 static void ath10k_sta_rc_update_wk(struct work_struct *wk)
6726 {
6727 	struct ath10k *ar;
6728 	struct ath10k_vif *arvif;
6729 	struct ath10k_sta *arsta;
6730 	struct ieee80211_sta *sta;
6731 	struct cfg80211_chan_def def;
6732 	enum nl80211_band band;
6733 	const u8 *ht_mcs_mask;
6734 	const u16 *vht_mcs_mask;
6735 	u32 changed, bw, nss, smps;
6736 	int err;
6737 
6738 	arsta = container_of(wk, struct ath10k_sta, update_wk);
6739 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
6740 	arvif = arsta->arvif;
6741 	ar = arvif->ar;
6742 
6743 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
6744 		return;
6745 
6746 	band = def.chan->band;
6747 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
6748 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
6749 
6750 	spin_lock_bh(&ar->data_lock);
6751 
6752 	changed = arsta->changed;
6753 	arsta->changed = 0;
6754 
6755 	bw = arsta->bw;
6756 	nss = arsta->nss;
6757 	smps = arsta->smps;
6758 
6759 	spin_unlock_bh(&ar->data_lock);
6760 
6761 	mutex_lock(&ar->conf_mutex);
6762 
6763 	nss = max_t(u32, 1, nss);
6764 	nss = min(nss, max(ath10k_mac_max_ht_nss(ht_mcs_mask),
6765 			   ath10k_mac_max_vht_nss(vht_mcs_mask)));
6766 
6767 	if (changed & IEEE80211_RC_BW_CHANGED) {
6768 		enum wmi_phy_mode mode;
6769 
6770 		mode = chan_to_phymode(&def);
6771 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM peer bw %d phymode %d\n",
6772 			   sta->addr, bw, mode);
6773 
6774 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6775 						ar->wmi.peer_param->phymode, mode);
6776 		if (err) {
6777 			ath10k_warn(ar, "failed to update STA %pM peer phymode %d: %d\n",
6778 				    sta->addr, mode, err);
6779 			goto exit;
6780 		}
6781 
6782 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6783 						ar->wmi.peer_param->chan_width, bw);
6784 		if (err)
6785 			ath10k_warn(ar, "failed to update STA %pM peer bw %d: %d\n",
6786 				    sta->addr, bw, err);
6787 	}
6788 
6789 	if (changed & IEEE80211_RC_NSS_CHANGED) {
6790 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM nss %d\n",
6791 			   sta->addr, nss);
6792 
6793 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6794 						ar->wmi.peer_param->nss, nss);
6795 		if (err)
6796 			ath10k_warn(ar, "failed to update STA %pM nss %d: %d\n",
6797 				    sta->addr, nss, err);
6798 	}
6799 
6800 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
6801 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM smps %d\n",
6802 			   sta->addr, smps);
6803 
6804 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6805 						ar->wmi.peer_param->smps_state, smps);
6806 		if (err)
6807 			ath10k_warn(ar, "failed to update STA %pM smps %d: %d\n",
6808 				    sta->addr, smps, err);
6809 	}
6810 
6811 	if (changed & IEEE80211_RC_SUPP_RATES_CHANGED) {
6812 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM supp rates\n",
6813 			   sta->addr);
6814 
6815 		err = ath10k_station_assoc(ar, arvif->vif, sta, true);
6816 		if (err)
6817 			ath10k_warn(ar, "failed to reassociate station: %pM\n",
6818 				    sta->addr);
6819 	}
6820 
6821 exit:
6822 	mutex_unlock(&ar->conf_mutex);
6823 }
6824 
6825 static int ath10k_mac_inc_num_stations(struct ath10k_vif *arvif,
6826 				       struct ieee80211_sta *sta)
6827 {
6828 	struct ath10k *ar = arvif->ar;
6829 
6830 	lockdep_assert_held(&ar->conf_mutex);
6831 
6832 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6833 		return 0;
6834 
6835 	if (ar->num_stations >= ar->max_num_stations)
6836 		return -ENOBUFS;
6837 
6838 	ar->num_stations++;
6839 
6840 	return 0;
6841 }
6842 
6843 static void ath10k_mac_dec_num_stations(struct ath10k_vif *arvif,
6844 					struct ieee80211_sta *sta)
6845 {
6846 	struct ath10k *ar = arvif->ar;
6847 
6848 	lockdep_assert_held(&ar->conf_mutex);
6849 
6850 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6851 		return;
6852 
6853 	ar->num_stations--;
6854 }
6855 
6856 static int ath10k_sta_set_txpwr(struct ieee80211_hw *hw,
6857 				struct ieee80211_vif *vif,
6858 				struct ieee80211_sta *sta)
6859 {
6860 	struct ath10k *ar = hw->priv;
6861 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6862 	int ret = 0;
6863 	s16 txpwr;
6864 
6865 	if (sta->deflink.txpwr.type == NL80211_TX_POWER_AUTOMATIC) {
6866 		txpwr = 0;
6867 	} else {
6868 		txpwr = sta->deflink.txpwr.power;
6869 		if (!txpwr)
6870 			return -EINVAL;
6871 	}
6872 
6873 	if (txpwr > ATH10K_TX_POWER_MAX_VAL || txpwr < ATH10K_TX_POWER_MIN_VAL)
6874 		return -EINVAL;
6875 
6876 	mutex_lock(&ar->conf_mutex);
6877 
6878 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6879 					ar->wmi.peer_param->use_fixed_power, txpwr);
6880 	if (ret) {
6881 		ath10k_warn(ar, "failed to set tx power for station ret: %d\n",
6882 			    ret);
6883 		goto out;
6884 	}
6885 
6886 out:
6887 	mutex_unlock(&ar->conf_mutex);
6888 	return ret;
6889 }
6890 
6891 struct ath10k_mac_iter_tid_conf_data {
6892 	struct ieee80211_vif *curr_vif;
6893 	struct ath10k *ar;
6894 	bool reset_config;
6895 };
6896 
6897 static bool
6898 ath10k_mac_bitrate_mask_has_single_rate(struct ath10k *ar,
6899 					enum nl80211_band band,
6900 					const struct cfg80211_bitrate_mask *mask,
6901 					int *vht_num_rates)
6902 {
6903 	int num_rates = 0;
6904 	int i, tmp;
6905 
6906 	num_rates += hweight32(mask->control[band].legacy);
6907 
6908 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++)
6909 		num_rates += hweight8(mask->control[band].ht_mcs[i]);
6910 
6911 	*vht_num_rates = 0;
6912 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6913 		tmp = hweight16(mask->control[band].vht_mcs[i]);
6914 		num_rates += tmp;
6915 		*vht_num_rates += tmp;
6916 	}
6917 
6918 	return num_rates == 1;
6919 }
6920 
6921 static int
6922 ath10k_mac_bitrate_mask_get_single_rate(struct ath10k *ar,
6923 					enum nl80211_band band,
6924 					const struct cfg80211_bitrate_mask *mask,
6925 					u8 *rate, u8 *nss, bool vht_only)
6926 {
6927 	int rate_idx;
6928 	int i;
6929 	u16 bitrate;
6930 	u8 preamble;
6931 	u8 hw_rate;
6932 
6933 	if (vht_only)
6934 		goto next;
6935 
6936 	if (hweight32(mask->control[band].legacy) == 1) {
6937 		rate_idx = ffs(mask->control[band].legacy) - 1;
6938 
6939 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6940 			rate_idx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6941 
6942 		hw_rate = ath10k_wmi_legacy_rates[rate_idx].hw_value;
6943 		bitrate = ath10k_wmi_legacy_rates[rate_idx].bitrate;
6944 
6945 		if (ath10k_mac_bitrate_is_cck(bitrate))
6946 			preamble = WMI_RATE_PREAMBLE_CCK;
6947 		else
6948 			preamble = WMI_RATE_PREAMBLE_OFDM;
6949 
6950 		*nss = 1;
6951 		*rate = preamble << 6 |
6952 			(*nss - 1) << 4 |
6953 			hw_rate << 0;
6954 
6955 		return 0;
6956 	}
6957 
6958 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
6959 		if (hweight8(mask->control[band].ht_mcs[i]) == 1) {
6960 			*nss = i + 1;
6961 			*rate = WMI_RATE_PREAMBLE_HT << 6 |
6962 				(*nss - 1) << 4 |
6963 				(ffs(mask->control[band].ht_mcs[i]) - 1);
6964 
6965 			return 0;
6966 		}
6967 	}
6968 
6969 next:
6970 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6971 		if (hweight16(mask->control[band].vht_mcs[i]) == 1) {
6972 			*nss = i + 1;
6973 			*rate = WMI_RATE_PREAMBLE_VHT << 6 |
6974 				(*nss - 1) << 4 |
6975 				(ffs(mask->control[band].vht_mcs[i]) - 1);
6976 
6977 			return 0;
6978 		}
6979 	}
6980 
6981 	return -EINVAL;
6982 }
6983 
6984 static int ath10k_mac_validate_rate_mask(struct ath10k *ar,
6985 					 struct ieee80211_sta *sta,
6986 					 u32 rate_ctrl_flag, u8 nss)
6987 {
6988 	struct ieee80211_sta_ht_cap *ht_cap = &sta->deflink.ht_cap;
6989 	struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
6990 
6991 	if (nss > sta->deflink.rx_nss) {
6992 		ath10k_warn(ar, "Invalid nss field, configured %u limit %u\n",
6993 			    nss, sta->deflink.rx_nss);
6994 		return -EINVAL;
6995 	}
6996 
6997 	if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_VHT) {
6998 		if (!vht_cap->vht_supported) {
6999 			ath10k_warn(ar, "Invalid VHT rate for sta %pM\n",
7000 				    sta->addr);
7001 			return -EINVAL;
7002 		}
7003 	} else if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_HT) {
7004 		if (!ht_cap->ht_supported || vht_cap->vht_supported) {
7005 			ath10k_warn(ar, "Invalid HT rate for sta %pM\n",
7006 				    sta->addr);
7007 			return -EINVAL;
7008 		}
7009 	} else {
7010 		if (ht_cap->ht_supported || vht_cap->vht_supported)
7011 			return -EINVAL;
7012 	}
7013 
7014 	return 0;
7015 }
7016 
7017 static int
7018 ath10k_mac_tid_bitrate_config(struct ath10k *ar,
7019 			      struct ieee80211_vif *vif,
7020 			      struct ieee80211_sta *sta,
7021 			      u32 *rate_ctrl_flag, u8 *rate_ctrl,
7022 			      enum nl80211_tx_rate_setting txrate_type,
7023 			      const struct cfg80211_bitrate_mask *mask)
7024 {
7025 	struct cfg80211_chan_def def;
7026 	enum nl80211_band band;
7027 	u8 nss, rate;
7028 	int vht_num_rates, ret;
7029 
7030 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
7031 		return -EINVAL;
7032 
7033 	if (txrate_type == NL80211_TX_RATE_AUTOMATIC) {
7034 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7035 		*rate_ctrl_flag = 0;
7036 		return 0;
7037 	}
7038 
7039 	band = def.chan->band;
7040 
7041 	if (!ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
7042 						     &vht_num_rates)) {
7043 		return -EINVAL;
7044 	}
7045 
7046 	ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
7047 						      &rate, &nss, false);
7048 	if (ret) {
7049 		ath10k_warn(ar, "failed to get single rate: %d\n",
7050 			    ret);
7051 		return ret;
7052 	}
7053 
7054 	*rate_ctrl_flag = rate;
7055 
7056 	if (sta && ath10k_mac_validate_rate_mask(ar, sta, *rate_ctrl_flag, nss))
7057 		return -EINVAL;
7058 
7059 	if (txrate_type == NL80211_TX_RATE_FIXED)
7060 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_FIXED_RATE;
7061 	else if (txrate_type == NL80211_TX_RATE_LIMITED &&
7062 		 (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
7063 			   ar->wmi.svc_map)))
7064 		*rate_ctrl = WMI_PEER_TID_CONFIG_RATE_UPPER_CAP;
7065 	else
7066 		return -EOPNOTSUPP;
7067 
7068 	return 0;
7069 }
7070 
7071 static int ath10k_mac_set_tid_config(struct ath10k *ar, struct ieee80211_sta *sta,
7072 				     struct ieee80211_vif *vif, u32 changed,
7073 				     struct wmi_per_peer_per_tid_cfg_arg *arg)
7074 {
7075 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7076 	struct ath10k_sta *arsta;
7077 	int ret;
7078 
7079 	if (sta) {
7080 		if (!sta->wme)
7081 			return -ENOTSUPP;
7082 
7083 		arsta = (struct ath10k_sta *)sta->drv_priv;
7084 
7085 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7086 			if ((arsta->retry_long[arg->tid] > 0 ||
7087 			     arsta->rate_code[arg->tid] > 0 ||
7088 			     arsta->ampdu[arg->tid] ==
7089 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7090 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7091 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7092 				arg->ack_policy = 0;
7093 				arg->aggr_control = 0;
7094 				arg->rate_ctrl = 0;
7095 				arg->rcode_flags = 0;
7096 			}
7097 		}
7098 
7099 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7100 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7101 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7102 				arg->aggr_control = 0;
7103 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7104 			}
7105 		}
7106 
7107 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7108 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7109 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7110 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7111 				arg->rate_ctrl = 0;
7112 				arg->rcode_flags = 0;
7113 			}
7114 		}
7115 
7116 		ether_addr_copy(arg->peer_macaddr.addr, sta->addr);
7117 
7118 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, arg);
7119 		if (ret)
7120 			return ret;
7121 
7122 		/* Store the configured parameters in success case */
7123 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7124 			arsta->noack[arg->tid] = arg->ack_policy;
7125 			arg->ack_policy = 0;
7126 			arg->aggr_control = 0;
7127 			arg->rate_ctrl = 0;
7128 			arg->rcode_flags = 0;
7129 		}
7130 
7131 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7132 			arsta->retry_long[arg->tid] = arg->retry_count;
7133 			arg->retry_count = 0;
7134 		}
7135 
7136 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7137 			arsta->ampdu[arg->tid] = arg->aggr_control;
7138 			arg->aggr_control = 0;
7139 		}
7140 
7141 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7142 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7143 			arsta->rate_ctrl[arg->tid] = arg->rate_ctrl;
7144 			arg->rate_ctrl = 0;
7145 			arg->rcode_flags = 0;
7146 		}
7147 
7148 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7149 			arsta->rtscts[arg->tid] = arg->rtscts_ctrl;
7150 			arg->ext_tid_cfg_bitmap = 0;
7151 		}
7152 	} else {
7153 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7154 			if ((arvif->retry_long[arg->tid] ||
7155 			     arvif->rate_code[arg->tid] ||
7156 			     arvif->ampdu[arg->tid] ==
7157 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7158 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7159 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7160 			} else {
7161 				arvif->noack[arg->tid] = arg->ack_policy;
7162 				arvif->ampdu[arg->tid] = arg->aggr_control;
7163 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7164 			}
7165 		}
7166 
7167 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7168 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7169 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7170 			else
7171 				arvif->retry_long[arg->tid] = arg->retry_count;
7172 		}
7173 
7174 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7175 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7176 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
7177 			else
7178 				arvif->ampdu[arg->tid] = arg->aggr_control;
7179 		}
7180 
7181 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7182 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7183 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7184 				changed &= ~(BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7185 					     BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE));
7186 			} else {
7187 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7188 				arvif->rate_code[arg->tid] = arg->rcode_flags;
7189 			}
7190 		}
7191 
7192 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7193 			arvif->rtscts[arg->tid] = arg->rtscts_ctrl;
7194 			arg->ext_tid_cfg_bitmap = 0;
7195 		}
7196 
7197 		if (changed)
7198 			arvif->tid_conf_changed[arg->tid] |= changed;
7199 	}
7200 
7201 	return 0;
7202 }
7203 
7204 static int
7205 ath10k_mac_parse_tid_config(struct ath10k *ar,
7206 			    struct ieee80211_sta *sta,
7207 			    struct ieee80211_vif *vif,
7208 			    struct cfg80211_tid_cfg *tid_conf,
7209 			    struct wmi_per_peer_per_tid_cfg_arg *arg)
7210 {
7211 	u32 changed = tid_conf->mask;
7212 	int ret = 0, i = 0;
7213 
7214 	if (!changed)
7215 		return -EINVAL;
7216 
7217 	while (i < ATH10K_TID_MAX) {
7218 		if (!(tid_conf->tids & BIT(i))) {
7219 			i++;
7220 			continue;
7221 		}
7222 
7223 		arg->tid = i;
7224 
7225 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7226 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE) {
7227 				arg->ack_policy = WMI_PEER_TID_CONFIG_NOACK;
7228 				arg->rate_ctrl =
7229 				WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
7230 				arg->aggr_control =
7231 					WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7232 			} else {
7233 				arg->ack_policy =
7234 					WMI_PEER_TID_CONFIG_ACK;
7235 				arg->rate_ctrl =
7236 					WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7237 				arg->aggr_control =
7238 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7239 			}
7240 		}
7241 
7242 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG))
7243 			arg->retry_count = tid_conf->retry_long;
7244 
7245 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7246 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE)
7247 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7248 			else
7249 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7250 		}
7251 
7252 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7253 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7254 			ret = ath10k_mac_tid_bitrate_config(ar, vif, sta,
7255 							    &arg->rcode_flags,
7256 							    &arg->rate_ctrl,
7257 							    tid_conf->txrate_type,
7258 							&tid_conf->txrate_mask);
7259 			if (ret) {
7260 				ath10k_warn(ar, "failed to configure bitrate mask %d\n",
7261 					    ret);
7262 				arg->rcode_flags = 0;
7263 				arg->rate_ctrl = 0;
7264 			}
7265 		}
7266 
7267 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7268 			if (tid_conf->rtscts)
7269 				arg->rtscts_ctrl = tid_conf->rtscts;
7270 
7271 			arg->ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7272 		}
7273 
7274 		ret = ath10k_mac_set_tid_config(ar, sta, vif, changed, arg);
7275 		if (ret)
7276 			return ret;
7277 		i++;
7278 	}
7279 
7280 	return ret;
7281 }
7282 
7283 static int ath10k_mac_reset_tid_config(struct ath10k *ar,
7284 				       struct ieee80211_sta *sta,
7285 				       struct ath10k_vif *arvif,
7286 				       u8 tids)
7287 {
7288 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7289 	struct wmi_per_peer_per_tid_cfg_arg arg;
7290 	int ret = 0, i = 0;
7291 
7292 	arg.vdev_id = arvif->vdev_id;
7293 	while (i < ATH10K_TID_MAX) {
7294 		if (!(tids & BIT(i))) {
7295 			i++;
7296 			continue;
7297 		}
7298 
7299 		arg.tid = i;
7300 		arg.ack_policy = WMI_PEER_TID_CONFIG_ACK;
7301 		arg.retry_count = ATH10K_MAX_RETRY_COUNT;
7302 		arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7303 		arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7304 		arg.rtscts_ctrl = WMI_TID_CONFIG_RTSCTS_CONTROL_ENABLE;
7305 		arg.ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7306 
7307 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7308 
7309 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7310 		if (ret)
7311 			return ret;
7312 
7313 		if (!arvif->tids_rst) {
7314 			arsta->retry_long[i] = -1;
7315 			arsta->noack[i] = -1;
7316 			arsta->ampdu[i] = -1;
7317 			arsta->rate_code[i] = -1;
7318 			arsta->rate_ctrl[i] = 0;
7319 			arsta->rtscts[i] = -1;
7320 		} else {
7321 			arvif->retry_long[i] = 0;
7322 			arvif->noack[i] = 0;
7323 			arvif->ampdu[i] = 0;
7324 			arvif->rate_code[i] = 0;
7325 			arvif->rate_ctrl[i] = 0;
7326 			arvif->rtscts[i] = 0;
7327 		}
7328 
7329 		i++;
7330 	}
7331 
7332 	return ret;
7333 }
7334 
7335 static void ath10k_sta_tid_cfg_wk(struct work_struct *wk)
7336 {
7337 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
7338 	struct ieee80211_sta *sta;
7339 	struct ath10k_sta *arsta;
7340 	struct ath10k_vif *arvif;
7341 	struct ath10k *ar;
7342 	bool config_apply;
7343 	int ret, i;
7344 	u32 changed;
7345 	u8 nss;
7346 
7347 	arsta = container_of(wk, struct ath10k_sta, tid_config_wk);
7348 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
7349 	arvif = arsta->arvif;
7350 	ar = arvif->ar;
7351 
7352 	mutex_lock(&ar->conf_mutex);
7353 
7354 	if (arvif->tids_rst) {
7355 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif,
7356 						  arvif->tids_rst);
7357 		goto exit;
7358 	}
7359 
7360 	ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7361 
7362 	for (i = 0; i < ATH10K_TID_MAX; i++) {
7363 		config_apply = false;
7364 		changed = arvif->tid_conf_changed[i];
7365 
7366 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7367 			if (arsta->noack[i] != -1) {
7368 				arg.ack_policy  = 0;
7369 			} else {
7370 				config_apply = true;
7371 				arg.ack_policy = arvif->noack[i];
7372 				arg.aggr_control = arvif->ampdu[i];
7373 				arg.rate_ctrl = arvif->rate_ctrl[i];
7374 			}
7375 		}
7376 
7377 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7378 			if (arsta->retry_long[i] != -1 ||
7379 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7380 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7381 				arg.retry_count = 0;
7382 			} else {
7383 				arg.retry_count = arvif->retry_long[i];
7384 				config_apply = true;
7385 			}
7386 		}
7387 
7388 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7389 			if (arsta->ampdu[i] != -1 ||
7390 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7391 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7392 				arg.aggr_control = 0;
7393 			} else {
7394 				arg.aggr_control = arvif->ampdu[i];
7395 				config_apply = true;
7396 			}
7397 		}
7398 
7399 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7400 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7401 			nss = ATH10K_HW_NSS(arvif->rate_code[i]);
7402 			ret = ath10k_mac_validate_rate_mask(ar, sta,
7403 							    arvif->rate_code[i],
7404 							    nss);
7405 			if (ret &&
7406 			    arvif->rate_ctrl[i] > WMI_TID_CONFIG_RATE_CONTROL_AUTO) {
7407 				arg.rate_ctrl = 0;
7408 				arg.rcode_flags = 0;
7409 			}
7410 
7411 			if (arsta->rate_ctrl[i] >
7412 			    WMI_TID_CONFIG_RATE_CONTROL_AUTO ||
7413 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7414 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7415 				arg.rate_ctrl = 0;
7416 				arg.rcode_flags = 0;
7417 			} else {
7418 				arg.rate_ctrl = arvif->rate_ctrl[i];
7419 				arg.rcode_flags = arvif->rate_code[i];
7420 				config_apply = true;
7421 			}
7422 		}
7423 
7424 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7425 			if (arsta->rtscts[i]) {
7426 				arg.rtscts_ctrl = 0;
7427 				arg.ext_tid_cfg_bitmap = 0;
7428 			} else {
7429 				arg.rtscts_ctrl = arvif->rtscts[i] - 1;
7430 				arg.ext_tid_cfg_bitmap =
7431 					WMI_EXT_TID_RTS_CTS_CONFIG;
7432 				config_apply = true;
7433 			}
7434 		}
7435 
7436 		arg.tid = i;
7437 
7438 		if (config_apply) {
7439 			ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7440 			if (ret)
7441 				ath10k_warn(ar, "failed to set per tid config for sta %pM: %d\n",
7442 					    sta->addr, ret);
7443 		}
7444 
7445 		arg.ack_policy  = 0;
7446 		arg.retry_count  = 0;
7447 		arg.aggr_control  = 0;
7448 		arg.rate_ctrl = 0;
7449 		arg.rcode_flags = 0;
7450 	}
7451 
7452 exit:
7453 	mutex_unlock(&ar->conf_mutex);
7454 }
7455 
7456 static void ath10k_mac_vif_stations_tid_conf(void *data,
7457 					     struct ieee80211_sta *sta)
7458 {
7459 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7460 	struct ath10k_mac_iter_tid_conf_data *iter_data = data;
7461 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
7462 
7463 	if (sta_vif != iter_data->curr_vif || !sta->wme)
7464 		return;
7465 
7466 	ieee80211_queue_work(iter_data->ar->hw, &arsta->tid_config_wk);
7467 }
7468 
7469 static int ath10k_sta_state(struct ieee80211_hw *hw,
7470 			    struct ieee80211_vif *vif,
7471 			    struct ieee80211_sta *sta,
7472 			    enum ieee80211_sta_state old_state,
7473 			    enum ieee80211_sta_state new_state)
7474 {
7475 	struct ath10k *ar = hw->priv;
7476 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7477 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7478 	struct ath10k_peer *peer;
7479 	int ret = 0;
7480 	int i;
7481 
7482 	if (old_state == IEEE80211_STA_NOTEXIST &&
7483 	    new_state == IEEE80211_STA_NONE) {
7484 		memset(arsta, 0, sizeof(*arsta));
7485 		arsta->arvif = arvif;
7486 		arsta->peer_ps_state = WMI_PEER_PS_STATE_DISABLED;
7487 		INIT_WORK(&arsta->update_wk, ath10k_sta_rc_update_wk);
7488 		INIT_WORK(&arsta->tid_config_wk, ath10k_sta_tid_cfg_wk);
7489 
7490 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7491 			ath10k_mac_txq_init(sta->txq[i]);
7492 	}
7493 
7494 	/* cancel must be done outside the mutex to avoid deadlock */
7495 	if ((old_state == IEEE80211_STA_NONE &&
7496 	     new_state == IEEE80211_STA_NOTEXIST)) {
7497 		cancel_work_sync(&arsta->update_wk);
7498 		cancel_work_sync(&arsta->tid_config_wk);
7499 	}
7500 
7501 	mutex_lock(&ar->conf_mutex);
7502 
7503 	if (old_state == IEEE80211_STA_NOTEXIST &&
7504 	    new_state == IEEE80211_STA_NONE) {
7505 		/*
7506 		 * New station addition.
7507 		 */
7508 		enum wmi_peer_type peer_type = WMI_PEER_TYPE_DEFAULT;
7509 		u32 num_tdls_stations;
7510 
7511 		ath10k_dbg(ar, ATH10K_DBG_STA,
7512 			   "mac vdev %d peer create %pM (new sta) sta %d / %d peer %d / %d\n",
7513 			   arvif->vdev_id, sta->addr,
7514 			   ar->num_stations + 1, ar->max_num_stations,
7515 			   ar->num_peers + 1, ar->max_num_peers);
7516 
7517 		num_tdls_stations = ath10k_mac_tdls_vif_stations_count(hw, vif);
7518 
7519 		if (sta->tdls) {
7520 			if (num_tdls_stations >= ar->max_num_tdls_vdevs) {
7521 				ath10k_warn(ar, "vdev %i exceeded maximum number of tdls vdevs %i\n",
7522 					    arvif->vdev_id,
7523 					    ar->max_num_tdls_vdevs);
7524 				ret = -ELNRNG;
7525 				goto exit;
7526 			}
7527 			peer_type = WMI_PEER_TYPE_TDLS;
7528 		}
7529 
7530 		ret = ath10k_mac_inc_num_stations(arvif, sta);
7531 		if (ret) {
7532 			ath10k_warn(ar, "refusing to associate station: too many connected already (%d)\n",
7533 				    ar->max_num_stations);
7534 			goto exit;
7535 		}
7536 
7537 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7538 			arsta->tx_stats = kzalloc(sizeof(*arsta->tx_stats),
7539 						  GFP_KERNEL);
7540 			if (!arsta->tx_stats) {
7541 				ath10k_mac_dec_num_stations(arvif, sta);
7542 				ret = -ENOMEM;
7543 				goto exit;
7544 			}
7545 		}
7546 
7547 		ret = ath10k_peer_create(ar, vif, sta, arvif->vdev_id,
7548 					 sta->addr, peer_type);
7549 		if (ret) {
7550 			ath10k_warn(ar, "failed to add peer %pM for vdev %d when adding a new sta: %i\n",
7551 				    sta->addr, arvif->vdev_id, ret);
7552 			ath10k_mac_dec_num_stations(arvif, sta);
7553 			kfree(arsta->tx_stats);
7554 			goto exit;
7555 		}
7556 
7557 		spin_lock_bh(&ar->data_lock);
7558 
7559 		peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
7560 		if (!peer) {
7561 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
7562 				    vif->addr, arvif->vdev_id);
7563 			spin_unlock_bh(&ar->data_lock);
7564 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7565 			ath10k_mac_dec_num_stations(arvif, sta);
7566 			kfree(arsta->tx_stats);
7567 			ret = -ENOENT;
7568 			goto exit;
7569 		}
7570 
7571 		arsta->peer_id = find_first_bit(peer->peer_ids,
7572 						ATH10K_MAX_NUM_PEER_IDS);
7573 
7574 		spin_unlock_bh(&ar->data_lock);
7575 
7576 		if (!sta->tdls)
7577 			goto exit;
7578 
7579 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7580 						      WMI_TDLS_ENABLE_ACTIVE);
7581 		if (ret) {
7582 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7583 				    arvif->vdev_id, ret);
7584 			ath10k_peer_delete(ar, arvif->vdev_id,
7585 					   sta->addr);
7586 			ath10k_mac_dec_num_stations(arvif, sta);
7587 			kfree(arsta->tx_stats);
7588 			goto exit;
7589 		}
7590 
7591 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7592 						  WMI_TDLS_PEER_STATE_PEERING);
7593 		if (ret) {
7594 			ath10k_warn(ar,
7595 				    "failed to update tdls peer %pM for vdev %d when adding a new sta: %i\n",
7596 				    sta->addr, arvif->vdev_id, ret);
7597 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7598 			ath10k_mac_dec_num_stations(arvif, sta);
7599 			kfree(arsta->tx_stats);
7600 
7601 			if (num_tdls_stations != 0)
7602 				goto exit;
7603 			ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7604 							WMI_TDLS_DISABLE);
7605 		}
7606 	} else if ((old_state == IEEE80211_STA_NONE &&
7607 		    new_state == IEEE80211_STA_NOTEXIST)) {
7608 		/*
7609 		 * Existing station deletion.
7610 		 */
7611 		ath10k_dbg(ar, ATH10K_DBG_STA,
7612 			   "mac vdev %d peer delete %pM sta %pK (sta gone)\n",
7613 			   arvif->vdev_id, sta->addr, sta);
7614 
7615 		if (sta->tdls) {
7616 			ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id,
7617 							  sta,
7618 							  WMI_TDLS_PEER_STATE_TEARDOWN);
7619 			if (ret)
7620 				ath10k_warn(ar, "failed to update tdls peer state for %pM state %d: %i\n",
7621 					    sta->addr,
7622 					    WMI_TDLS_PEER_STATE_TEARDOWN, ret);
7623 		}
7624 
7625 		ret = ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7626 		if (ret)
7627 			ath10k_warn(ar, "failed to delete peer %pM for vdev %d: %i\n",
7628 				    sta->addr, arvif->vdev_id, ret);
7629 
7630 		ath10k_mac_dec_num_stations(arvif, sta);
7631 
7632 		spin_lock_bh(&ar->data_lock);
7633 		for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
7634 			peer = ar->peer_map[i];
7635 			if (!peer)
7636 				continue;
7637 
7638 			if (peer->sta == sta) {
7639 				ath10k_warn(ar, "found sta peer %pM (ptr %pK id %d) entry on vdev %i after it was supposedly removed\n",
7640 					    sta->addr, peer, i, arvif->vdev_id);
7641 				peer->sta = NULL;
7642 
7643 				/* Clean up the peer object as well since we
7644 				 * must have failed to do this above.
7645 				 */
7646 				ath10k_peer_map_cleanup(ar, peer);
7647 			}
7648 		}
7649 		spin_unlock_bh(&ar->data_lock);
7650 
7651 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7652 			kfree(arsta->tx_stats);
7653 			arsta->tx_stats = NULL;
7654 		}
7655 
7656 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7657 			ath10k_mac_txq_unref(ar, sta->txq[i]);
7658 
7659 		if (!sta->tdls)
7660 			goto exit;
7661 
7662 		if (ath10k_mac_tdls_vif_stations_count(hw, vif))
7663 			goto exit;
7664 
7665 		/* This was the last tdls peer in current vif */
7666 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7667 						      WMI_TDLS_DISABLE);
7668 		if (ret) {
7669 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7670 				    arvif->vdev_id, ret);
7671 		}
7672 	} else if (old_state == IEEE80211_STA_AUTH &&
7673 		   new_state == IEEE80211_STA_ASSOC &&
7674 		   (vif->type == NL80211_IFTYPE_AP ||
7675 		    vif->type == NL80211_IFTYPE_MESH_POINT ||
7676 		    vif->type == NL80211_IFTYPE_ADHOC)) {
7677 		/*
7678 		 * New association.
7679 		 */
7680 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM associated\n",
7681 			   sta->addr);
7682 
7683 		ret = ath10k_station_assoc(ar, vif, sta, false);
7684 		if (ret)
7685 			ath10k_warn(ar, "failed to associate station %pM for vdev %i: %i\n",
7686 				    sta->addr, arvif->vdev_id, ret);
7687 	} else if (old_state == IEEE80211_STA_ASSOC &&
7688 		   new_state == IEEE80211_STA_AUTHORIZED &&
7689 		   sta->tdls) {
7690 		/*
7691 		 * Tdls station authorized.
7692 		 */
7693 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac tdls sta %pM authorized\n",
7694 			   sta->addr);
7695 
7696 		ret = ath10k_station_assoc(ar, vif, sta, false);
7697 		if (ret) {
7698 			ath10k_warn(ar, "failed to associate tdls station %pM for vdev %i: %i\n",
7699 				    sta->addr, arvif->vdev_id, ret);
7700 			goto exit;
7701 		}
7702 
7703 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7704 						  WMI_TDLS_PEER_STATE_CONNECTED);
7705 		if (ret)
7706 			ath10k_warn(ar, "failed to update tdls peer %pM for vdev %i: %i\n",
7707 				    sta->addr, arvif->vdev_id, ret);
7708 	} else if (old_state == IEEE80211_STA_ASSOC &&
7709 		    new_state == IEEE80211_STA_AUTH &&
7710 		    (vif->type == NL80211_IFTYPE_AP ||
7711 		     vif->type == NL80211_IFTYPE_MESH_POINT ||
7712 		     vif->type == NL80211_IFTYPE_ADHOC)) {
7713 		/*
7714 		 * Disassociation.
7715 		 */
7716 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM disassociated\n",
7717 			   sta->addr);
7718 
7719 		ret = ath10k_station_disassoc(ar, vif, sta);
7720 		if (ret)
7721 			ath10k_warn(ar, "failed to disassociate station: %pM vdev %i: %i\n",
7722 				    sta->addr, arvif->vdev_id, ret);
7723 	}
7724 exit:
7725 	mutex_unlock(&ar->conf_mutex);
7726 	return ret;
7727 }
7728 
7729 static int ath10k_conf_tx_uapsd(struct ath10k *ar, struct ieee80211_vif *vif,
7730 				u16 ac, bool enable)
7731 {
7732 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7733 	struct wmi_sta_uapsd_auto_trig_arg arg = {};
7734 	u32 prio = 0, acc = 0;
7735 	u32 value = 0;
7736 	int ret = 0;
7737 
7738 	lockdep_assert_held(&ar->conf_mutex);
7739 
7740 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
7741 		return 0;
7742 
7743 	switch (ac) {
7744 	case IEEE80211_AC_VO:
7745 		value = WMI_STA_PS_UAPSD_AC3_DELIVERY_EN |
7746 			WMI_STA_PS_UAPSD_AC3_TRIGGER_EN;
7747 		prio = 7;
7748 		acc = 3;
7749 		break;
7750 	case IEEE80211_AC_VI:
7751 		value = WMI_STA_PS_UAPSD_AC2_DELIVERY_EN |
7752 			WMI_STA_PS_UAPSD_AC2_TRIGGER_EN;
7753 		prio = 5;
7754 		acc = 2;
7755 		break;
7756 	case IEEE80211_AC_BE:
7757 		value = WMI_STA_PS_UAPSD_AC1_DELIVERY_EN |
7758 			WMI_STA_PS_UAPSD_AC1_TRIGGER_EN;
7759 		prio = 2;
7760 		acc = 1;
7761 		break;
7762 	case IEEE80211_AC_BK:
7763 		value = WMI_STA_PS_UAPSD_AC0_DELIVERY_EN |
7764 			WMI_STA_PS_UAPSD_AC0_TRIGGER_EN;
7765 		prio = 0;
7766 		acc = 0;
7767 		break;
7768 	}
7769 
7770 	if (enable)
7771 		arvif->u.sta.uapsd |= value;
7772 	else
7773 		arvif->u.sta.uapsd &= ~value;
7774 
7775 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7776 					  WMI_STA_PS_PARAM_UAPSD,
7777 					  arvif->u.sta.uapsd);
7778 	if (ret) {
7779 		ath10k_warn(ar, "failed to set uapsd params: %d\n", ret);
7780 		goto exit;
7781 	}
7782 
7783 	if (arvif->u.sta.uapsd)
7784 		value = WMI_STA_PS_RX_WAKE_POLICY_POLL_UAPSD;
7785 	else
7786 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
7787 
7788 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7789 					  WMI_STA_PS_PARAM_RX_WAKE_POLICY,
7790 					  value);
7791 	if (ret)
7792 		ath10k_warn(ar, "failed to set rx wake param: %d\n", ret);
7793 
7794 	ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
7795 	if (ret) {
7796 		ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
7797 			    arvif->vdev_id, ret);
7798 		return ret;
7799 	}
7800 
7801 	ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
7802 	if (ret) {
7803 		ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
7804 			    arvif->vdev_id, ret);
7805 		return ret;
7806 	}
7807 
7808 	if (test_bit(WMI_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG, ar->wmi.svc_map) ||
7809 	    test_bit(WMI_SERVICE_STA_UAPSD_VAR_AUTO_TRIG, ar->wmi.svc_map)) {
7810 		/* Only userspace can make an educated decision when to send
7811 		 * trigger frame. The following effectively disables u-UAPSD
7812 		 * autotrigger in firmware (which is enabled by default
7813 		 * provided the autotrigger service is available).
7814 		 */
7815 
7816 		arg.wmm_ac = acc;
7817 		arg.user_priority = prio;
7818 		arg.service_interval = 0;
7819 		arg.suspend_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7820 		arg.delay_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7821 
7822 		ret = ath10k_wmi_vdev_sta_uapsd(ar, arvif->vdev_id,
7823 						arvif->bssid, &arg, 1);
7824 		if (ret) {
7825 			ath10k_warn(ar, "failed to set uapsd auto trigger %d\n",
7826 				    ret);
7827 			return ret;
7828 		}
7829 	}
7830 
7831 exit:
7832 	return ret;
7833 }
7834 
7835 static int ath10k_conf_tx(struct ieee80211_hw *hw,
7836 			  struct ieee80211_vif *vif,
7837 			  unsigned int link_id, u16 ac,
7838 			  const struct ieee80211_tx_queue_params *params)
7839 {
7840 	struct ath10k *ar = hw->priv;
7841 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7842 	struct wmi_wmm_params_arg *p = NULL;
7843 	int ret;
7844 
7845 	mutex_lock(&ar->conf_mutex);
7846 
7847 	switch (ac) {
7848 	case IEEE80211_AC_VO:
7849 		p = &arvif->wmm_params.ac_vo;
7850 		break;
7851 	case IEEE80211_AC_VI:
7852 		p = &arvif->wmm_params.ac_vi;
7853 		break;
7854 	case IEEE80211_AC_BE:
7855 		p = &arvif->wmm_params.ac_be;
7856 		break;
7857 	case IEEE80211_AC_BK:
7858 		p = &arvif->wmm_params.ac_bk;
7859 		break;
7860 	}
7861 
7862 	if (WARN_ON(!p)) {
7863 		ret = -EINVAL;
7864 		goto exit;
7865 	}
7866 
7867 	p->cwmin = params->cw_min;
7868 	p->cwmax = params->cw_max;
7869 	p->aifs = params->aifs;
7870 
7871 	/*
7872 	 * The channel time duration programmed in the HW is in absolute
7873 	 * microseconds, while mac80211 gives the txop in units of
7874 	 * 32 microseconds.
7875 	 */
7876 	p->txop = params->txop * 32;
7877 
7878 	if (ar->wmi.ops->gen_vdev_wmm_conf) {
7879 		ret = ath10k_wmi_vdev_wmm_conf(ar, arvif->vdev_id,
7880 					       &arvif->wmm_params);
7881 		if (ret) {
7882 			ath10k_warn(ar, "failed to set vdev wmm params on vdev %i: %d\n",
7883 				    arvif->vdev_id, ret);
7884 			goto exit;
7885 		}
7886 	} else {
7887 		/* This won't work well with multi-interface cases but it's
7888 		 * better than nothing.
7889 		 */
7890 		ret = ath10k_wmi_pdev_set_wmm_params(ar, &arvif->wmm_params);
7891 		if (ret) {
7892 			ath10k_warn(ar, "failed to set wmm params: %d\n", ret);
7893 			goto exit;
7894 		}
7895 	}
7896 
7897 	ret = ath10k_conf_tx_uapsd(ar, vif, ac, params->uapsd);
7898 	if (ret)
7899 		ath10k_warn(ar, "failed to set sta uapsd: %d\n", ret);
7900 
7901 exit:
7902 	mutex_unlock(&ar->conf_mutex);
7903 	return ret;
7904 }
7905 
7906 static int ath10k_remain_on_channel(struct ieee80211_hw *hw,
7907 				    struct ieee80211_vif *vif,
7908 				    struct ieee80211_channel *chan,
7909 				    int duration,
7910 				    enum ieee80211_roc_type type)
7911 {
7912 	struct ath10k *ar = hw->priv;
7913 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7914 	struct wmi_start_scan_arg arg;
7915 	int ret = 0;
7916 	u32 scan_time_msec;
7917 
7918 	mutex_lock(&ar->conf_mutex);
7919 
7920 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
7921 		ret = -EBUSY;
7922 		goto exit;
7923 	}
7924 
7925 	spin_lock_bh(&ar->data_lock);
7926 	switch (ar->scan.state) {
7927 	case ATH10K_SCAN_IDLE:
7928 		reinit_completion(&ar->scan.started);
7929 		reinit_completion(&ar->scan.completed);
7930 		reinit_completion(&ar->scan.on_channel);
7931 		ar->scan.state = ATH10K_SCAN_STARTING;
7932 		ar->scan.is_roc = true;
7933 		ar->scan.vdev_id = arvif->vdev_id;
7934 		ar->scan.roc_freq = chan->center_freq;
7935 		ar->scan.roc_notify = true;
7936 		ret = 0;
7937 		break;
7938 	case ATH10K_SCAN_STARTING:
7939 	case ATH10K_SCAN_RUNNING:
7940 	case ATH10K_SCAN_ABORTING:
7941 		ret = -EBUSY;
7942 		break;
7943 	}
7944 	spin_unlock_bh(&ar->data_lock);
7945 
7946 	if (ret)
7947 		goto exit;
7948 
7949 	scan_time_msec = ar->hw->wiphy->max_remain_on_channel_duration * 2;
7950 
7951 	memset(&arg, 0, sizeof(arg));
7952 	ath10k_wmi_start_scan_init(ar, &arg);
7953 	arg.vdev_id = arvif->vdev_id;
7954 	arg.scan_id = ATH10K_SCAN_ID;
7955 	arg.n_channels = 1;
7956 	arg.channels[0] = chan->center_freq;
7957 	arg.dwell_time_active = scan_time_msec;
7958 	arg.dwell_time_passive = scan_time_msec;
7959 	arg.max_scan_time = scan_time_msec;
7960 	arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
7961 	arg.scan_ctrl_flags |= WMI_SCAN_FILTER_PROBE_REQ;
7962 	arg.burst_duration_ms = duration;
7963 
7964 	ret = ath10k_start_scan(ar, &arg);
7965 	if (ret) {
7966 		ath10k_warn(ar, "failed to start roc scan: %d\n", ret);
7967 		spin_lock_bh(&ar->data_lock);
7968 		ar->scan.state = ATH10K_SCAN_IDLE;
7969 		spin_unlock_bh(&ar->data_lock);
7970 		goto exit;
7971 	}
7972 
7973 	ret = wait_for_completion_timeout(&ar->scan.on_channel, 3 * HZ);
7974 	if (ret == 0) {
7975 		ath10k_warn(ar, "failed to switch to channel for roc scan\n");
7976 
7977 		ret = ath10k_scan_stop(ar);
7978 		if (ret)
7979 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
7980 
7981 		ret = -ETIMEDOUT;
7982 		goto exit;
7983 	}
7984 
7985 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
7986 				     msecs_to_jiffies(duration));
7987 
7988 	ret = 0;
7989 exit:
7990 	mutex_unlock(&ar->conf_mutex);
7991 	return ret;
7992 }
7993 
7994 static int ath10k_cancel_remain_on_channel(struct ieee80211_hw *hw,
7995 					   struct ieee80211_vif *vif)
7996 {
7997 	struct ath10k *ar = hw->priv;
7998 
7999 	mutex_lock(&ar->conf_mutex);
8000 
8001 	spin_lock_bh(&ar->data_lock);
8002 	ar->scan.roc_notify = false;
8003 	spin_unlock_bh(&ar->data_lock);
8004 
8005 	ath10k_scan_abort(ar);
8006 
8007 	mutex_unlock(&ar->conf_mutex);
8008 
8009 	cancel_delayed_work_sync(&ar->scan.timeout);
8010 
8011 	return 0;
8012 }
8013 
8014 /*
8015  * Both RTS and Fragmentation threshold are interface-specific
8016  * in ath10k, but device-specific in mac80211.
8017  */
8018 
8019 static int ath10k_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
8020 {
8021 	struct ath10k *ar = hw->priv;
8022 	struct ath10k_vif *arvif;
8023 	int ret = 0;
8024 
8025 	mutex_lock(&ar->conf_mutex);
8026 	list_for_each_entry(arvif, &ar->arvifs, list) {
8027 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d rts threshold %d\n",
8028 			   arvif->vdev_id, value);
8029 
8030 		ret = ath10k_mac_set_rts(arvif, value);
8031 		if (ret) {
8032 			ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
8033 				    arvif->vdev_id, ret);
8034 			break;
8035 		}
8036 	}
8037 	mutex_unlock(&ar->conf_mutex);
8038 
8039 	return ret;
8040 }
8041 
8042 static int ath10k_mac_op_set_frag_threshold(struct ieee80211_hw *hw, u32 value)
8043 {
8044 	/* Even though there's a WMI enum for fragmentation threshold no known
8045 	 * firmware actually implements it. Moreover it is not possible to rely
8046 	 * frame fragmentation to mac80211 because firmware clears the "more
8047 	 * fragments" bit in frame control making it impossible for remote
8048 	 * devices to reassemble frames.
8049 	 *
8050 	 * Hence implement a dummy callback just to say fragmentation isn't
8051 	 * supported. This effectively prevents mac80211 from doing frame
8052 	 * fragmentation in software.
8053 	 */
8054 	return -EOPNOTSUPP;
8055 }
8056 
8057 void ath10k_mac_wait_tx_complete(struct ath10k *ar)
8058 {
8059 	bool skip;
8060 	long time_left;
8061 
8062 	/* mac80211 doesn't care if we really xmit queued frames or not
8063 	 * we'll collect those frames either way if we stop/delete vdevs
8064 	 */
8065 
8066 	if (ar->state == ATH10K_STATE_WEDGED)
8067 		return;
8068 
8069 	time_left = wait_event_timeout(ar->htt.empty_tx_wq, ({
8070 			bool empty;
8071 
8072 			spin_lock_bh(&ar->htt.tx_lock);
8073 			empty = (ar->htt.num_pending_tx == 0);
8074 			spin_unlock_bh(&ar->htt.tx_lock);
8075 
8076 			skip = (ar->state == ATH10K_STATE_WEDGED) ||
8077 			       test_bit(ATH10K_FLAG_CRASH_FLUSH,
8078 					&ar->dev_flags);
8079 
8080 			(empty || skip);
8081 		}), ATH10K_FLUSH_TIMEOUT_HZ);
8082 
8083 	if (time_left == 0 || skip)
8084 		ath10k_warn(ar, "failed to flush transmit queue (skip %i ar-state %i): %ld\n",
8085 			    skip, ar->state, time_left);
8086 }
8087 
8088 static void ath10k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
8089 			 u32 queues, bool drop)
8090 {
8091 	struct ath10k *ar = hw->priv;
8092 	struct ath10k_vif *arvif;
8093 	u32 bitmap;
8094 
8095 	if (drop) {
8096 		if (vif && vif->type == NL80211_IFTYPE_STATION) {
8097 			bitmap = ~(1 << WMI_MGMT_TID);
8098 			list_for_each_entry(arvif, &ar->arvifs, list) {
8099 				if (arvif->vdev_type == WMI_VDEV_TYPE_STA)
8100 					ath10k_wmi_peer_flush(ar, arvif->vdev_id,
8101 							      arvif->bssid, bitmap);
8102 			}
8103 			ath10k_htt_flush_tx(&ar->htt);
8104 		}
8105 		return;
8106 	}
8107 
8108 	mutex_lock(&ar->conf_mutex);
8109 	ath10k_mac_wait_tx_complete(ar);
8110 	mutex_unlock(&ar->conf_mutex);
8111 }
8112 
8113 /* TODO: Implement this function properly
8114  * For now it is needed to reply to Probe Requests in IBSS mode.
8115  * Probably we need this information from FW.
8116  */
8117 static int ath10k_tx_last_beacon(struct ieee80211_hw *hw)
8118 {
8119 	return 1;
8120 }
8121 
8122 static void ath10k_reconfig_complete(struct ieee80211_hw *hw,
8123 				     enum ieee80211_reconfig_type reconfig_type)
8124 {
8125 	struct ath10k *ar = hw->priv;
8126 	struct ath10k_vif *arvif;
8127 
8128 	if (reconfig_type != IEEE80211_RECONFIG_TYPE_RESTART)
8129 		return;
8130 
8131 	mutex_lock(&ar->conf_mutex);
8132 
8133 	/* If device failed to restart it will be in a different state, e.g.
8134 	 * ATH10K_STATE_WEDGED
8135 	 */
8136 	if (ar->state == ATH10K_STATE_RESTARTED) {
8137 		ath10k_info(ar, "device successfully recovered\n");
8138 		ar->state = ATH10K_STATE_ON;
8139 		ieee80211_wake_queues(ar->hw);
8140 		clear_bit(ATH10K_FLAG_RESTARTING, &ar->dev_flags);
8141 		if (ar->hw_params.hw_restart_disconnect) {
8142 			list_for_each_entry(arvif, &ar->arvifs, list) {
8143 				if (arvif->is_up && arvif->vdev_type == WMI_VDEV_TYPE_STA)
8144 					ieee80211_hw_restart_disconnect(arvif->vif);
8145 				}
8146 		}
8147 	}
8148 
8149 	mutex_unlock(&ar->conf_mutex);
8150 }
8151 
8152 static void
8153 ath10k_mac_update_bss_chan_survey(struct ath10k *ar,
8154 				  struct ieee80211_channel *channel)
8155 {
8156 	int ret;
8157 	enum wmi_bss_survey_req_type type = WMI_BSS_SURVEY_REQ_TYPE_READ;
8158 
8159 	lockdep_assert_held(&ar->conf_mutex);
8160 
8161 	if (!test_bit(WMI_SERVICE_BSS_CHANNEL_INFO_64, ar->wmi.svc_map) ||
8162 	    (ar->rx_channel != channel))
8163 		return;
8164 
8165 	if (ar->scan.state != ATH10K_SCAN_IDLE) {
8166 		ath10k_dbg(ar, ATH10K_DBG_MAC, "ignoring bss chan info request while scanning..\n");
8167 		return;
8168 	}
8169 
8170 	reinit_completion(&ar->bss_survey_done);
8171 
8172 	ret = ath10k_wmi_pdev_bss_chan_info_request(ar, type);
8173 	if (ret) {
8174 		ath10k_warn(ar, "failed to send pdev bss chan info request\n");
8175 		return;
8176 	}
8177 
8178 	ret = wait_for_completion_timeout(&ar->bss_survey_done, 3 * HZ);
8179 	if (!ret) {
8180 		ath10k_warn(ar, "bss channel survey timed out\n");
8181 		return;
8182 	}
8183 }
8184 
8185 static int ath10k_get_survey(struct ieee80211_hw *hw, int idx,
8186 			     struct survey_info *survey)
8187 {
8188 	struct ath10k *ar = hw->priv;
8189 	struct ieee80211_supported_band *sband;
8190 	struct survey_info *ar_survey = &ar->survey[idx];
8191 	int ret = 0;
8192 
8193 	mutex_lock(&ar->conf_mutex);
8194 
8195 	sband = hw->wiphy->bands[NL80211_BAND_2GHZ];
8196 	if (sband && idx >= sband->n_channels) {
8197 		idx -= sband->n_channels;
8198 		sband = NULL;
8199 	}
8200 
8201 	if (!sband)
8202 		sband = hw->wiphy->bands[NL80211_BAND_5GHZ];
8203 
8204 	if (!sband || idx >= sband->n_channels) {
8205 		ret = -ENOENT;
8206 		goto exit;
8207 	}
8208 
8209 	ath10k_mac_update_bss_chan_survey(ar, &sband->channels[idx]);
8210 
8211 	spin_lock_bh(&ar->data_lock);
8212 	memcpy(survey, ar_survey, sizeof(*survey));
8213 	spin_unlock_bh(&ar->data_lock);
8214 
8215 	survey->channel = &sband->channels[idx];
8216 
8217 	if (ar->rx_channel == survey->channel)
8218 		survey->filled |= SURVEY_INFO_IN_USE;
8219 
8220 exit:
8221 	mutex_unlock(&ar->conf_mutex);
8222 	return ret;
8223 }
8224 
8225 static bool
8226 ath10k_mac_bitrate_mask_get_single_nss(struct ath10k *ar,
8227 				       enum nl80211_band band,
8228 				       const struct cfg80211_bitrate_mask *mask,
8229 				       int *nss)
8230 {
8231 	struct ieee80211_supported_band *sband = &ar->mac.sbands[band];
8232 	u16 vht_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8233 	u8 ht_nss_mask = 0;
8234 	u8 vht_nss_mask = 0;
8235 	int i;
8236 
8237 	if (mask->control[band].legacy)
8238 		return false;
8239 
8240 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
8241 		if (mask->control[band].ht_mcs[i] == 0)
8242 			continue;
8243 		else if (mask->control[band].ht_mcs[i] ==
8244 			 sband->ht_cap.mcs.rx_mask[i])
8245 			ht_nss_mask |= BIT(i);
8246 		else
8247 			return false;
8248 	}
8249 
8250 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
8251 		if (mask->control[band].vht_mcs[i] == 0)
8252 			continue;
8253 		else if (mask->control[band].vht_mcs[i] ==
8254 			 ath10k_mac_get_max_vht_mcs_map(vht_mcs_map, i))
8255 			vht_nss_mask |= BIT(i);
8256 		else
8257 			return false;
8258 	}
8259 
8260 	if (ht_nss_mask != vht_nss_mask)
8261 		return false;
8262 
8263 	if (ht_nss_mask == 0)
8264 		return false;
8265 
8266 	if (BIT(fls(ht_nss_mask)) - 1 != ht_nss_mask)
8267 		return false;
8268 
8269 	*nss = fls(ht_nss_mask);
8270 
8271 	return true;
8272 }
8273 
8274 static int ath10k_mac_set_fixed_rate_params(struct ath10k_vif *arvif,
8275 					    u8 rate, u8 nss, u8 sgi, u8 ldpc)
8276 {
8277 	struct ath10k *ar = arvif->ar;
8278 	u32 vdev_param;
8279 	int ret;
8280 
8281 	lockdep_assert_held(&ar->conf_mutex);
8282 
8283 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac set fixed rate params vdev %i rate 0x%02x nss %u sgi %u\n",
8284 		   arvif->vdev_id, rate, nss, sgi);
8285 
8286 	vdev_param = ar->wmi.vdev_param->fixed_rate;
8287 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, rate);
8288 	if (ret) {
8289 		ath10k_warn(ar, "failed to set fixed rate param 0x%02x: %d\n",
8290 			    rate, ret);
8291 		return ret;
8292 	}
8293 
8294 	vdev_param = ar->wmi.vdev_param->nss;
8295 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, nss);
8296 	if (ret) {
8297 		ath10k_warn(ar, "failed to set nss param %d: %d\n", nss, ret);
8298 		return ret;
8299 	}
8300 
8301 	vdev_param = ar->wmi.vdev_param->sgi;
8302 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, sgi);
8303 	if (ret) {
8304 		ath10k_warn(ar, "failed to set sgi param %d: %d\n", sgi, ret);
8305 		return ret;
8306 	}
8307 
8308 	vdev_param = ar->wmi.vdev_param->ldpc;
8309 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, ldpc);
8310 	if (ret) {
8311 		ath10k_warn(ar, "failed to set ldpc param %d: %d\n", ldpc, ret);
8312 		return ret;
8313 	}
8314 
8315 	return 0;
8316 }
8317 
8318 static bool
8319 ath10k_mac_can_set_bitrate_mask(struct ath10k *ar,
8320 				enum nl80211_band band,
8321 				const struct cfg80211_bitrate_mask *mask,
8322 				bool allow_pfr)
8323 {
8324 	int i;
8325 	u16 vht_mcs;
8326 
8327 	/* Due to firmware limitation in WMI_PEER_ASSOC_CMDID it is impossible
8328 	 * to express all VHT MCS rate masks. Effectively only the following
8329 	 * ranges can be used: none, 0-7, 0-8 and 0-9.
8330 	 */
8331 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
8332 		vht_mcs = mask->control[band].vht_mcs[i];
8333 
8334 		switch (vht_mcs) {
8335 		case 0:
8336 		case BIT(8) - 1:
8337 		case BIT(9) - 1:
8338 		case BIT(10) - 1:
8339 			break;
8340 		default:
8341 			if (!allow_pfr)
8342 				ath10k_warn(ar, "refusing bitrate mask with missing 0-7 VHT MCS rates\n");
8343 			return false;
8344 		}
8345 	}
8346 
8347 	return true;
8348 }
8349 
8350 static bool ath10k_mac_set_vht_bitrate_mask_fixup(struct ath10k *ar,
8351 						  struct ath10k_vif *arvif,
8352 						  struct ieee80211_sta *sta)
8353 {
8354 	int err;
8355 	u8 rate = arvif->vht_pfr;
8356 
8357 	/* skip non vht and multiple rate peers */
8358 	if (!sta->deflink.vht_cap.vht_supported || arvif->vht_num_rates != 1)
8359 		return false;
8360 
8361 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8362 					WMI_PEER_PARAM_FIXED_RATE, rate);
8363 	if (err)
8364 		ath10k_warn(ar, "failed to enable STA %pM peer fixed rate: %d\n",
8365 			    sta->addr, err);
8366 
8367 	return true;
8368 }
8369 
8370 static void ath10k_mac_set_bitrate_mask_iter(void *data,
8371 					     struct ieee80211_sta *sta)
8372 {
8373 	struct ath10k_vif *arvif = data;
8374 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8375 	struct ath10k *ar = arvif->ar;
8376 
8377 	if (arsta->arvif != arvif)
8378 		return;
8379 
8380 	if (ath10k_mac_set_vht_bitrate_mask_fixup(ar, arvif, sta))
8381 		return;
8382 
8383 	spin_lock_bh(&ar->data_lock);
8384 	arsta->changed |= IEEE80211_RC_SUPP_RATES_CHANGED;
8385 	spin_unlock_bh(&ar->data_lock);
8386 
8387 	ieee80211_queue_work(ar->hw, &arsta->update_wk);
8388 }
8389 
8390 static void ath10k_mac_clr_bitrate_mask_iter(void *data,
8391 					     struct ieee80211_sta *sta)
8392 {
8393 	struct ath10k_vif *arvif = data;
8394 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8395 	struct ath10k *ar = arvif->ar;
8396 	int err;
8397 
8398 	/* clear vht peers only */
8399 	if (arsta->arvif != arvif || !sta->deflink.vht_cap.vht_supported)
8400 		return;
8401 
8402 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8403 					WMI_PEER_PARAM_FIXED_RATE,
8404 					WMI_FIXED_RATE_NONE);
8405 	if (err)
8406 		ath10k_warn(ar, "failed to clear STA %pM peer fixed rate: %d\n",
8407 			    sta->addr, err);
8408 }
8409 
8410 static int ath10k_mac_op_set_bitrate_mask(struct ieee80211_hw *hw,
8411 					  struct ieee80211_vif *vif,
8412 					  const struct cfg80211_bitrate_mask *mask)
8413 {
8414 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8415 	struct cfg80211_chan_def def;
8416 	struct ath10k *ar = arvif->ar;
8417 	enum nl80211_band band;
8418 	const u8 *ht_mcs_mask;
8419 	const u16 *vht_mcs_mask;
8420 	u8 rate;
8421 	u8 nss;
8422 	u8 sgi;
8423 	u8 ldpc;
8424 	int single_nss;
8425 	int ret;
8426 	int vht_num_rates, allow_pfr;
8427 	u8 vht_pfr;
8428 	bool update_bitrate_mask = true;
8429 
8430 	if (ath10k_mac_vif_chan(vif, &def))
8431 		return -EPERM;
8432 
8433 	band = def.chan->band;
8434 	ht_mcs_mask = mask->control[band].ht_mcs;
8435 	vht_mcs_mask = mask->control[band].vht_mcs;
8436 	ldpc = !!(ar->ht_cap_info & WMI_HT_CAP_LDPC);
8437 
8438 	sgi = mask->control[band].gi;
8439 	if (sgi == NL80211_TXRATE_FORCE_LGI)
8440 		return -EINVAL;
8441 
8442 	allow_pfr = test_bit(ATH10K_FW_FEATURE_PEER_FIXED_RATE,
8443 			     ar->normal_mode_fw.fw_file.fw_features);
8444 	if (allow_pfr) {
8445 		mutex_lock(&ar->conf_mutex);
8446 		ieee80211_iterate_stations_atomic(ar->hw,
8447 						  ath10k_mac_clr_bitrate_mask_iter,
8448 						  arvif);
8449 		mutex_unlock(&ar->conf_mutex);
8450 	}
8451 
8452 	if (ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
8453 						    &vht_num_rates)) {
8454 		ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8455 							      &rate, &nss,
8456 							      false);
8457 		if (ret) {
8458 			ath10k_warn(ar, "failed to get single rate for vdev %i: %d\n",
8459 				    arvif->vdev_id, ret);
8460 			return ret;
8461 		}
8462 	} else if (ath10k_mac_bitrate_mask_get_single_nss(ar, band, mask,
8463 							  &single_nss)) {
8464 		rate = WMI_FIXED_RATE_NONE;
8465 		nss = single_nss;
8466 	} else {
8467 		rate = WMI_FIXED_RATE_NONE;
8468 		nss = min(ar->num_rf_chains,
8469 			  max(ath10k_mac_max_ht_nss(ht_mcs_mask),
8470 			      ath10k_mac_max_vht_nss(vht_mcs_mask)));
8471 
8472 #if defined(__FreeBSD__)
8473 		vht_pfr = 0;
8474 #endif
8475 		if (!ath10k_mac_can_set_bitrate_mask(ar, band, mask,
8476 						     allow_pfr)) {
8477 			u8 vht_nss;
8478 
8479 			if (!allow_pfr || vht_num_rates != 1)
8480 				return -EINVAL;
8481 
8482 			/* Reach here, firmware supports peer fixed rate and has
8483 			 * single vht rate, and don't update vif birate_mask, as
8484 			 * the rate only for specific peer.
8485 			 */
8486 			ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8487 								&vht_pfr,
8488 								&vht_nss,
8489 								true);
8490 			update_bitrate_mask = false;
8491 #if defined(__linux__)
8492 		} else {
8493 			vht_pfr = 0;
8494 #endif
8495 		}
8496 
8497 		mutex_lock(&ar->conf_mutex);
8498 
8499 		if (update_bitrate_mask)
8500 			arvif->bitrate_mask = *mask;
8501 		arvif->vht_num_rates = vht_num_rates;
8502 		arvif->vht_pfr = vht_pfr;
8503 		ieee80211_iterate_stations_atomic(ar->hw,
8504 						  ath10k_mac_set_bitrate_mask_iter,
8505 						  arvif);
8506 
8507 		mutex_unlock(&ar->conf_mutex);
8508 	}
8509 
8510 	mutex_lock(&ar->conf_mutex);
8511 
8512 	ret = ath10k_mac_set_fixed_rate_params(arvif, rate, nss, sgi, ldpc);
8513 	if (ret) {
8514 		ath10k_warn(ar, "failed to set fixed rate params on vdev %i: %d\n",
8515 			    arvif->vdev_id, ret);
8516 		goto exit;
8517 	}
8518 
8519 exit:
8520 	mutex_unlock(&ar->conf_mutex);
8521 
8522 	return ret;
8523 }
8524 
8525 static void ath10k_sta_rc_update(struct ieee80211_hw *hw,
8526 				 struct ieee80211_vif *vif,
8527 				 struct ieee80211_sta *sta,
8528 				 u32 changed)
8529 {
8530 	struct ath10k *ar = hw->priv;
8531 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8532 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8533 	struct ath10k_peer *peer;
8534 	u32 bw, smps;
8535 
8536 	spin_lock_bh(&ar->data_lock);
8537 
8538 	peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
8539 	if (!peer) {
8540 		spin_unlock_bh(&ar->data_lock);
8541 		ath10k_warn(ar, "mac sta rc update failed to find peer %pM on vdev %i\n",
8542 			    sta->addr, arvif->vdev_id);
8543 		return;
8544 	}
8545 
8546 	ath10k_dbg(ar, ATH10K_DBG_STA,
8547 		   "mac sta rc update for %pM changed %08x bw %d nss %d smps %d\n",
8548 		   sta->addr, changed, sta->deflink.bandwidth,
8549 		   sta->deflink.rx_nss,
8550 		   sta->deflink.smps_mode);
8551 
8552 	if (changed & IEEE80211_RC_BW_CHANGED) {
8553 		bw = WMI_PEER_CHWIDTH_20MHZ;
8554 
8555 		switch (sta->deflink.bandwidth) {
8556 		case IEEE80211_STA_RX_BW_20:
8557 			bw = WMI_PEER_CHWIDTH_20MHZ;
8558 			break;
8559 		case IEEE80211_STA_RX_BW_40:
8560 			bw = WMI_PEER_CHWIDTH_40MHZ;
8561 			break;
8562 		case IEEE80211_STA_RX_BW_80:
8563 			bw = WMI_PEER_CHWIDTH_80MHZ;
8564 			break;
8565 		case IEEE80211_STA_RX_BW_160:
8566 			bw = WMI_PEER_CHWIDTH_160MHZ;
8567 			break;
8568 		default:
8569 			ath10k_warn(ar, "Invalid bandwidth %d in rc update for %pM\n",
8570 				    sta->deflink.bandwidth, sta->addr);
8571 			bw = WMI_PEER_CHWIDTH_20MHZ;
8572 			break;
8573 		}
8574 
8575 		arsta->bw = bw;
8576 	}
8577 
8578 	if (changed & IEEE80211_RC_NSS_CHANGED)
8579 		arsta->nss = sta->deflink.rx_nss;
8580 
8581 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
8582 		smps = WMI_PEER_SMPS_PS_NONE;
8583 
8584 		switch (sta->deflink.smps_mode) {
8585 		case IEEE80211_SMPS_AUTOMATIC:
8586 		case IEEE80211_SMPS_OFF:
8587 			smps = WMI_PEER_SMPS_PS_NONE;
8588 			break;
8589 		case IEEE80211_SMPS_STATIC:
8590 			smps = WMI_PEER_SMPS_STATIC;
8591 			break;
8592 		case IEEE80211_SMPS_DYNAMIC:
8593 			smps = WMI_PEER_SMPS_DYNAMIC;
8594 			break;
8595 		case IEEE80211_SMPS_NUM_MODES:
8596 			ath10k_warn(ar, "Invalid smps %d in sta rc update for %pM\n",
8597 				    sta->deflink.smps_mode, sta->addr);
8598 			smps = WMI_PEER_SMPS_PS_NONE;
8599 			break;
8600 		}
8601 
8602 		arsta->smps = smps;
8603 	}
8604 
8605 	arsta->changed |= changed;
8606 
8607 	spin_unlock_bh(&ar->data_lock);
8608 
8609 	ieee80211_queue_work(hw, &arsta->update_wk);
8610 }
8611 
8612 static void ath10k_offset_tsf(struct ieee80211_hw *hw,
8613 			      struct ieee80211_vif *vif, s64 tsf_offset)
8614 {
8615 	struct ath10k *ar = hw->priv;
8616 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8617 	u32 offset, vdev_param;
8618 	int ret;
8619 
8620 	if (tsf_offset < 0) {
8621 		vdev_param = ar->wmi.vdev_param->dec_tsf;
8622 		offset = -tsf_offset;
8623 	} else {
8624 		vdev_param = ar->wmi.vdev_param->inc_tsf;
8625 		offset = tsf_offset;
8626 	}
8627 
8628 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
8629 					vdev_param, offset);
8630 
8631 	if (ret && ret != -EOPNOTSUPP)
8632 		ath10k_warn(ar, "failed to set tsf offset %d cmd %d: %d\n",
8633 			    offset, vdev_param, ret);
8634 }
8635 
8636 static int ath10k_ampdu_action(struct ieee80211_hw *hw,
8637 			       struct ieee80211_vif *vif,
8638 			       struct ieee80211_ampdu_params *params)
8639 {
8640 	struct ath10k *ar = hw->priv;
8641 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8642 	struct ieee80211_sta *sta = params->sta;
8643 	enum ieee80211_ampdu_mlme_action action = params->action;
8644 	u16 tid = params->tid;
8645 
8646 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ampdu vdev_id %i sta %pM tid %u action %d\n",
8647 		   arvif->vdev_id, sta->addr, tid, action);
8648 
8649 	switch (action) {
8650 	case IEEE80211_AMPDU_RX_START:
8651 	case IEEE80211_AMPDU_RX_STOP:
8652 		/* HTT AddBa/DelBa events trigger mac80211 Rx BA session
8653 		 * creation/removal. Do we need to verify this?
8654 		 */
8655 		return 0;
8656 	case IEEE80211_AMPDU_TX_START:
8657 	case IEEE80211_AMPDU_TX_STOP_CONT:
8658 	case IEEE80211_AMPDU_TX_STOP_FLUSH:
8659 	case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
8660 	case IEEE80211_AMPDU_TX_OPERATIONAL:
8661 		/* Firmware offloads Tx aggregation entirely so deny mac80211
8662 		 * Tx aggregation requests.
8663 		 */
8664 #if defined(__FreeBSD__)
8665 	default:
8666 #endif
8667 		return -EOPNOTSUPP;
8668 	}
8669 
8670 	return -EINVAL;
8671 }
8672 
8673 static void
8674 ath10k_mac_update_rx_channel(struct ath10k *ar,
8675 			     struct ieee80211_chanctx_conf *ctx,
8676 			     struct ieee80211_vif_chanctx_switch *vifs,
8677 			     int n_vifs)
8678 {
8679 	struct cfg80211_chan_def *def = NULL;
8680 
8681 	/* Both locks are required because ar->rx_channel is modified. This
8682 	 * allows readers to hold either lock.
8683 	 */
8684 	lockdep_assert_held(&ar->conf_mutex);
8685 	lockdep_assert_held(&ar->data_lock);
8686 
8687 	WARN_ON(ctx && vifs);
8688 	WARN_ON(vifs && !n_vifs);
8689 
8690 	/* FIXME: Sort of an optimization and a workaround. Peers and vifs are
8691 	 * on a linked list now. Doing a lookup peer -> vif -> chanctx for each
8692 	 * ppdu on Rx may reduce performance on low-end systems. It should be
8693 	 * possible to make tables/hashmaps to speed the lookup up (be vary of
8694 	 * cpu data cache lines though regarding sizes) but to keep the initial
8695 	 * implementation simple and less intrusive fallback to the slow lookup
8696 	 * only for multi-channel cases. Single-channel cases will remain to
8697 	 * use the old channel derival and thus performance should not be
8698 	 * affected much.
8699 	 */
8700 	rcu_read_lock();
8701 	if (!ctx && ath10k_mac_num_chanctxs(ar) == 1) {
8702 		ieee80211_iter_chan_contexts_atomic(ar->hw,
8703 						    ath10k_mac_get_any_chandef_iter,
8704 						    &def);
8705 
8706 		if (vifs)
8707 			def = &vifs[0].new_ctx->def;
8708 
8709 		ar->rx_channel = def->chan;
8710 	} else if ((ctx && ath10k_mac_num_chanctxs(ar) == 0) ||
8711 		   (ctx && (ar->state == ATH10K_STATE_RESTARTED))) {
8712 		/* During driver restart due to firmware assert, since mac80211
8713 		 * already has valid channel context for given radio, channel
8714 		 * context iteration return num_chanctx > 0. So fix rx_channel
8715 		 * when restart is in progress.
8716 		 */
8717 		ar->rx_channel = ctx->def.chan;
8718 	} else {
8719 		ar->rx_channel = NULL;
8720 	}
8721 	rcu_read_unlock();
8722 }
8723 
8724 static void
8725 ath10k_mac_update_vif_chan(struct ath10k *ar,
8726 			   struct ieee80211_vif_chanctx_switch *vifs,
8727 			   int n_vifs)
8728 {
8729 	struct ath10k_vif *arvif;
8730 	int ret;
8731 	int i;
8732 
8733 	lockdep_assert_held(&ar->conf_mutex);
8734 
8735 	/* First stop monitor interface. Some FW versions crash if there's a
8736 	 * lone monitor interface.
8737 	 */
8738 	if (ar->monitor_started)
8739 		ath10k_monitor_stop(ar);
8740 
8741 	for (i = 0; i < n_vifs; i++) {
8742 		arvif = (void *)vifs[i].vif->drv_priv;
8743 
8744 		ath10k_dbg(ar, ATH10K_DBG_MAC,
8745 			   "mac chanctx switch vdev_id %i freq %u->%u width %d->%d\n",
8746 			   arvif->vdev_id,
8747 			   vifs[i].old_ctx->def.chan->center_freq,
8748 			   vifs[i].new_ctx->def.chan->center_freq,
8749 			   vifs[i].old_ctx->def.width,
8750 			   vifs[i].new_ctx->def.width);
8751 
8752 		if (WARN_ON(!arvif->is_started))
8753 			continue;
8754 
8755 		if (WARN_ON(!arvif->is_up))
8756 			continue;
8757 
8758 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
8759 		if (ret) {
8760 			ath10k_warn(ar, "failed to down vdev %d: %d\n",
8761 				    arvif->vdev_id, ret);
8762 			continue;
8763 		}
8764 	}
8765 
8766 	/* All relevant vdevs are downed and associated channel resources
8767 	 * should be available for the channel switch now.
8768 	 */
8769 
8770 	spin_lock_bh(&ar->data_lock);
8771 	ath10k_mac_update_rx_channel(ar, NULL, vifs, n_vifs);
8772 	spin_unlock_bh(&ar->data_lock);
8773 
8774 	for (i = 0; i < n_vifs; i++) {
8775 		arvif = (void *)vifs[i].vif->drv_priv;
8776 
8777 		if (WARN_ON(!arvif->is_started))
8778 			continue;
8779 
8780 		if (WARN_ON(!arvif->is_up))
8781 			continue;
8782 
8783 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
8784 		if (ret)
8785 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
8786 				    ret);
8787 
8788 		ret = ath10k_mac_setup_prb_tmpl(arvif);
8789 		if (ret)
8790 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
8791 				    ret);
8792 
8793 		ret = ath10k_vdev_restart(arvif, &vifs[i].new_ctx->def);
8794 		if (ret) {
8795 			ath10k_warn(ar, "failed to restart vdev %d: %d\n",
8796 				    arvif->vdev_id, ret);
8797 			continue;
8798 		}
8799 
8800 		ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
8801 					 arvif->bssid);
8802 		if (ret) {
8803 			ath10k_warn(ar, "failed to bring vdev up %d: %d\n",
8804 				    arvif->vdev_id, ret);
8805 			continue;
8806 		}
8807 	}
8808 
8809 	ath10k_monitor_recalc(ar);
8810 }
8811 
8812 static int
8813 ath10k_mac_op_add_chanctx(struct ieee80211_hw *hw,
8814 			  struct ieee80211_chanctx_conf *ctx)
8815 {
8816 	struct ath10k *ar = hw->priv;
8817 
8818 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8819 		   "mac chanctx add freq %u width %d ptr %pK\n",
8820 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8821 
8822 	mutex_lock(&ar->conf_mutex);
8823 
8824 	spin_lock_bh(&ar->data_lock);
8825 	ath10k_mac_update_rx_channel(ar, ctx, NULL, 0);
8826 	spin_unlock_bh(&ar->data_lock);
8827 
8828 	ath10k_recalc_radar_detection(ar);
8829 	ath10k_monitor_recalc(ar);
8830 
8831 	mutex_unlock(&ar->conf_mutex);
8832 
8833 	return 0;
8834 }
8835 
8836 static void
8837 ath10k_mac_op_remove_chanctx(struct ieee80211_hw *hw,
8838 			     struct ieee80211_chanctx_conf *ctx)
8839 {
8840 	struct ath10k *ar = hw->priv;
8841 
8842 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8843 		   "mac chanctx remove freq %u width %d ptr %pK\n",
8844 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8845 
8846 	mutex_lock(&ar->conf_mutex);
8847 
8848 	spin_lock_bh(&ar->data_lock);
8849 	ath10k_mac_update_rx_channel(ar, NULL, NULL, 0);
8850 	spin_unlock_bh(&ar->data_lock);
8851 
8852 	ath10k_recalc_radar_detection(ar);
8853 	ath10k_monitor_recalc(ar);
8854 
8855 	mutex_unlock(&ar->conf_mutex);
8856 }
8857 
8858 struct ath10k_mac_change_chanctx_arg {
8859 	struct ieee80211_chanctx_conf *ctx;
8860 	struct ieee80211_vif_chanctx_switch *vifs;
8861 	int n_vifs;
8862 	int next_vif;
8863 };
8864 
8865 static void
8866 ath10k_mac_change_chanctx_cnt_iter(void *data, u8 *mac,
8867 				   struct ieee80211_vif *vif)
8868 {
8869 	struct ath10k_mac_change_chanctx_arg *arg = data;
8870 
8871 	if (rcu_access_pointer(vif->bss_conf.chanctx_conf) != arg->ctx)
8872 		return;
8873 
8874 	arg->n_vifs++;
8875 }
8876 
8877 static void
8878 ath10k_mac_change_chanctx_fill_iter(void *data, u8 *mac,
8879 				    struct ieee80211_vif *vif)
8880 {
8881 	struct ath10k_mac_change_chanctx_arg *arg = data;
8882 	struct ieee80211_chanctx_conf *ctx;
8883 
8884 	ctx = rcu_access_pointer(vif->bss_conf.chanctx_conf);
8885 	if (ctx != arg->ctx)
8886 		return;
8887 
8888 	if (WARN_ON(arg->next_vif == arg->n_vifs))
8889 		return;
8890 
8891 	arg->vifs[arg->next_vif].vif = vif;
8892 	arg->vifs[arg->next_vif].old_ctx = ctx;
8893 	arg->vifs[arg->next_vif].new_ctx = ctx;
8894 	arg->next_vif++;
8895 }
8896 
8897 static void
8898 ath10k_mac_op_change_chanctx(struct ieee80211_hw *hw,
8899 			     struct ieee80211_chanctx_conf *ctx,
8900 			     u32 changed)
8901 {
8902 	struct ath10k *ar = hw->priv;
8903 	struct ath10k_mac_change_chanctx_arg arg = { .ctx = ctx };
8904 
8905 	mutex_lock(&ar->conf_mutex);
8906 
8907 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8908 		   "mac chanctx change freq %u width %d ptr %pK changed %x\n",
8909 		   ctx->def.chan->center_freq, ctx->def.width, ctx, changed);
8910 
8911 	/* This shouldn't really happen because channel switching should use
8912 	 * switch_vif_chanctx().
8913 	 */
8914 	if (WARN_ON(changed & IEEE80211_CHANCTX_CHANGE_CHANNEL))
8915 		goto unlock;
8916 
8917 	if (changed & IEEE80211_CHANCTX_CHANGE_WIDTH) {
8918 		ieee80211_iterate_active_interfaces_atomic(
8919 					hw,
8920 					ATH10K_ITER_NORMAL_FLAGS,
8921 					ath10k_mac_change_chanctx_cnt_iter,
8922 					&arg);
8923 		if (arg.n_vifs == 0)
8924 			goto radar;
8925 
8926 		arg.vifs = kcalloc(arg.n_vifs, sizeof(arg.vifs[0]),
8927 				   GFP_KERNEL);
8928 		if (!arg.vifs)
8929 			goto radar;
8930 
8931 		ieee80211_iterate_active_interfaces_atomic(
8932 					hw,
8933 					ATH10K_ITER_NORMAL_FLAGS,
8934 					ath10k_mac_change_chanctx_fill_iter,
8935 					&arg);
8936 		ath10k_mac_update_vif_chan(ar, arg.vifs, arg.n_vifs);
8937 		kfree(arg.vifs);
8938 	}
8939 
8940 radar:
8941 	ath10k_recalc_radar_detection(ar);
8942 
8943 	/* FIXME: How to configure Rx chains properly? */
8944 
8945 	/* No other actions are actually necessary. Firmware maintains channel
8946 	 * definitions per vdev internally and there's no host-side channel
8947 	 * context abstraction to configure, e.g. channel width.
8948 	 */
8949 
8950 unlock:
8951 	mutex_unlock(&ar->conf_mutex);
8952 }
8953 
8954 static int
8955 ath10k_mac_op_assign_vif_chanctx(struct ieee80211_hw *hw,
8956 				 struct ieee80211_vif *vif,
8957 				 struct ieee80211_bss_conf *link_conf,
8958 				 struct ieee80211_chanctx_conf *ctx)
8959 {
8960 	struct ath10k *ar = hw->priv;
8961 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8962 	int ret;
8963 
8964 	mutex_lock(&ar->conf_mutex);
8965 
8966 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8967 		   "mac chanctx assign ptr %pK vdev_id %i\n",
8968 		   ctx, arvif->vdev_id);
8969 
8970 	if (WARN_ON(arvif->is_started)) {
8971 		mutex_unlock(&ar->conf_mutex);
8972 		return -EBUSY;
8973 	}
8974 
8975 	ret = ath10k_vdev_start(arvif, &ctx->def);
8976 	if (ret) {
8977 		ath10k_warn(ar, "failed to start vdev %i addr %pM on freq %d: %d\n",
8978 			    arvif->vdev_id, vif->addr,
8979 			    ctx->def.chan->center_freq, ret);
8980 		goto err;
8981 	}
8982 
8983 	arvif->is_started = true;
8984 
8985 	ret = ath10k_mac_vif_setup_ps(arvif);
8986 	if (ret) {
8987 		ath10k_warn(ar, "failed to update vdev %i ps: %d\n",
8988 			    arvif->vdev_id, ret);
8989 		goto err_stop;
8990 	}
8991 
8992 	if (vif->type == NL80211_IFTYPE_MONITOR) {
8993 		ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, 0, vif->addr);
8994 		if (ret) {
8995 			ath10k_warn(ar, "failed to up monitor vdev %i: %d\n",
8996 				    arvif->vdev_id, ret);
8997 			goto err_stop;
8998 		}
8999 
9000 		arvif->is_up = true;
9001 	}
9002 
9003 	if (ath10k_mac_can_set_cts_prot(arvif)) {
9004 		ret = ath10k_mac_set_cts_prot(arvif);
9005 		if (ret)
9006 			ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
9007 				    arvif->vdev_id, ret);
9008 	}
9009 
9010 	if (ath10k_peer_stats_enabled(ar) &&
9011 	    ar->hw_params.tx_stats_over_pktlog) {
9012 		ar->pktlog_filter |= ATH10K_PKTLOG_PEER_STATS;
9013 		ret = ath10k_wmi_pdev_pktlog_enable(ar,
9014 						    ar->pktlog_filter);
9015 		if (ret) {
9016 			ath10k_warn(ar, "failed to enable pktlog %d\n", ret);
9017 			goto err_stop;
9018 		}
9019 	}
9020 
9021 	mutex_unlock(&ar->conf_mutex);
9022 	return 0;
9023 
9024 err_stop:
9025 	ath10k_vdev_stop(arvif);
9026 	arvif->is_started = false;
9027 	ath10k_mac_vif_setup_ps(arvif);
9028 
9029 err:
9030 	mutex_unlock(&ar->conf_mutex);
9031 	return ret;
9032 }
9033 
9034 static void
9035 ath10k_mac_op_unassign_vif_chanctx(struct ieee80211_hw *hw,
9036 				   struct ieee80211_vif *vif,
9037 				   struct ieee80211_bss_conf *link_conf,
9038 				   struct ieee80211_chanctx_conf *ctx)
9039 {
9040 	struct ath10k *ar = hw->priv;
9041 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9042 	int ret;
9043 
9044 	mutex_lock(&ar->conf_mutex);
9045 
9046 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9047 		   "mac chanctx unassign ptr %pK vdev_id %i\n",
9048 		   ctx, arvif->vdev_id);
9049 
9050 	WARN_ON(!arvif->is_started);
9051 
9052 	if (vif->type == NL80211_IFTYPE_MONITOR) {
9053 		WARN_ON(!arvif->is_up);
9054 
9055 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
9056 		if (ret)
9057 			ath10k_warn(ar, "failed to down monitor vdev %i: %d\n",
9058 				    arvif->vdev_id, ret);
9059 
9060 		arvif->is_up = false;
9061 	}
9062 
9063 	ret = ath10k_vdev_stop(arvif);
9064 	if (ret)
9065 		ath10k_warn(ar, "failed to stop vdev %i: %d\n",
9066 			    arvif->vdev_id, ret);
9067 
9068 	arvif->is_started = false;
9069 
9070 	mutex_unlock(&ar->conf_mutex);
9071 }
9072 
9073 static int
9074 ath10k_mac_op_switch_vif_chanctx(struct ieee80211_hw *hw,
9075 				 struct ieee80211_vif_chanctx_switch *vifs,
9076 				 int n_vifs,
9077 				 enum ieee80211_chanctx_switch_mode mode)
9078 {
9079 	struct ath10k *ar = hw->priv;
9080 
9081 	mutex_lock(&ar->conf_mutex);
9082 
9083 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9084 		   "mac chanctx switch n_vifs %d mode %d\n",
9085 		   n_vifs, mode);
9086 	ath10k_mac_update_vif_chan(ar, vifs, n_vifs);
9087 
9088 	mutex_unlock(&ar->conf_mutex);
9089 	return 0;
9090 }
9091 
9092 static void ath10k_mac_op_sta_pre_rcu_remove(struct ieee80211_hw *hw,
9093 					     struct ieee80211_vif *vif,
9094 					     struct ieee80211_sta *sta)
9095 {
9096 	struct ath10k *ar;
9097 	struct ath10k_peer *peer;
9098 
9099 	ar = hw->priv;
9100 
9101 	list_for_each_entry(peer, &ar->peers, list)
9102 		if (peer->sta == sta)
9103 			peer->removed = true;
9104 }
9105 
9106 /* HT MCS parameters with Nss = 1 */
9107 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss1[] = {
9108 	/* MCS  L20   L40   S20  S40 */
9109 	{0,  { 65,  135,  72,  150} },
9110 	{1,  { 130, 270,  144, 300} },
9111 	{2,  { 195, 405,  217, 450} },
9112 	{3,  { 260, 540,  289, 600} },
9113 	{4,  { 390, 810,  433, 900} },
9114 	{5,  { 520, 1080, 578, 1200} },
9115 	{6,  { 585, 1215, 650, 1350} },
9116 	{7,  { 650, 1350, 722, 1500} }
9117 };
9118 
9119 /* HT MCS parameters with Nss = 2 */
9120 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss2[] = {
9121 	/* MCS  L20    L40   S20   S40 */
9122 	{0,  {130,  270,  144,  300} },
9123 	{1,  {260,  540,  289,  600} },
9124 	{2,  {390,  810,  433,  900} },
9125 	{3,  {520,  1080, 578,  1200} },
9126 	{4,  {780,  1620, 867,  1800} },
9127 	{5,  {1040, 2160, 1156, 2400} },
9128 	{6,  {1170, 2430, 1300, 2700} },
9129 	{7,  {1300, 2700, 1444, 3000} }
9130 };
9131 
9132 /* MCS parameters with Nss = 1 */
9133 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss1[] = {
9134 	/* MCS  L80    S80     L40   S40    L20   S20 */
9135 	{0,  {293,  325},  {135,  150},  {65,   72} },
9136 	{1,  {585,  650},  {270,  300},  {130,  144} },
9137 	{2,  {878,  975},  {405,  450},  {195,  217} },
9138 	{3,  {1170, 1300}, {540,  600},  {260,  289} },
9139 	{4,  {1755, 1950}, {810,  900},  {390,  433} },
9140 	{5,  {2340, 2600}, {1080, 1200}, {520,  578} },
9141 	{6,  {2633, 2925}, {1215, 1350}, {585,  650} },
9142 	{7,  {2925, 3250}, {1350, 1500}, {650,  722} },
9143 	{8,  {3510, 3900}, {1620, 1800}, {780,  867} },
9144 	{9,  {3900, 4333}, {1800, 2000}, {780,  867} }
9145 };
9146 
9147 /*MCS parameters with Nss = 2 */
9148 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss2[] = {
9149 	/* MCS  L80    S80     L40   S40    L20   S20 */
9150 	{0,  {585,  650},  {270,  300},  {130,  144} },
9151 	{1,  {1170, 1300}, {540,  600},  {260,  289} },
9152 	{2,  {1755, 1950}, {810,  900},  {390,  433} },
9153 	{3,  {2340, 2600}, {1080, 1200}, {520,  578} },
9154 	{4,  {3510, 3900}, {1620, 1800}, {780,  867} },
9155 	{5,  {4680, 5200}, {2160, 2400}, {1040, 1156} },
9156 	{6,  {5265, 5850}, {2430, 2700}, {1170, 1300} },
9157 	{7,  {5850, 6500}, {2700, 3000}, {1300, 1444} },
9158 	{8,  {7020, 7800}, {3240, 3600}, {1560, 1733} },
9159 	{9,  {7800, 8667}, {3600, 4000}, {1560, 1733} }
9160 };
9161 
9162 static void ath10k_mac_get_rate_flags_ht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9163 					 u8 *flags, u8 *bw)
9164 {
9165 #if defined(__linux__)
9166 	struct ath10k_index_ht_data_rate_type *mcs_rate;
9167 #elif defined(__FreeBSD__)
9168 	const struct ath10k_index_ht_data_rate_type *mcs_rate;
9169 #endif
9170 	u8 index;
9171 	size_t len_nss1 = ARRAY_SIZE(supported_ht_mcs_rate_nss1);
9172 	size_t len_nss2 = ARRAY_SIZE(supported_ht_mcs_rate_nss2);
9173 
9174 	if (mcs >= (len_nss1 + len_nss2)) {
9175 		ath10k_warn(ar, "not supported mcs %d in current rate table", mcs);
9176 		return;
9177 	}
9178 
9179 #if defined(__linux__)
9180 	mcs_rate = (struct ath10k_index_ht_data_rate_type *)
9181 #elif defined(__FreeBSD__)
9182 	mcs_rate = (const struct ath10k_index_ht_data_rate_type *)
9183 #endif
9184 		   ((nss == 1) ? &supported_ht_mcs_rate_nss1 :
9185 		   &supported_ht_mcs_rate_nss2);
9186 
9187 	if (mcs >= len_nss1)
9188 		index = mcs - len_nss1;
9189 	else
9190 		index = mcs;
9191 
9192 	if (rate == mcs_rate[index].supported_rate[0]) {
9193 		*bw = RATE_INFO_BW_20;
9194 	} else if (rate == mcs_rate[index].supported_rate[1]) {
9195 		*bw |= RATE_INFO_BW_40;
9196 	} else if (rate == mcs_rate[index].supported_rate[2]) {
9197 		*bw |= RATE_INFO_BW_20;
9198 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9199 	} else if (rate == mcs_rate[index].supported_rate[3]) {
9200 		*bw |= RATE_INFO_BW_40;
9201 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9202 	} else {
9203 		ath10k_warn(ar, "invalid ht params rate %d 100kbps nss %d mcs %d",
9204 			    rate, nss, mcs);
9205 	}
9206 }
9207 
9208 static void ath10k_mac_get_rate_flags_vht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9209 					  u8 *flags, u8 *bw)
9210 {
9211 #if defined(__linux__)
9212 	struct ath10k_index_vht_data_rate_type *mcs_rate;
9213 
9214 	mcs_rate = (struct ath10k_index_vht_data_rate_type *)
9215 #elif defined(__FreeBSD__)
9216 	const struct ath10k_index_vht_data_rate_type *mcs_rate;
9217 
9218 	mcs_rate = (const struct ath10k_index_vht_data_rate_type *)
9219 #endif
9220 		   ((nss == 1) ? &supported_vht_mcs_rate_nss1 :
9221 		   &supported_vht_mcs_rate_nss2);
9222 
9223 	if (rate == mcs_rate[mcs].supported_VHT80_rate[0]) {
9224 		*bw = RATE_INFO_BW_80;
9225 	} else if (rate == mcs_rate[mcs].supported_VHT80_rate[1]) {
9226 		*bw = RATE_INFO_BW_80;
9227 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9228 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[0]) {
9229 		*bw = RATE_INFO_BW_40;
9230 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[1]) {
9231 		*bw = RATE_INFO_BW_40;
9232 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9233 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[0]) {
9234 		*bw = RATE_INFO_BW_20;
9235 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[1]) {
9236 		*bw = RATE_INFO_BW_20;
9237 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9238 	} else {
9239 		ath10k_warn(ar, "invalid vht params rate %d 100kbps nss %d mcs %d",
9240 			    rate, nss, mcs);
9241 	}
9242 }
9243 
9244 static void ath10k_mac_get_rate_flags(struct ath10k *ar, u32 rate,
9245 				      enum ath10k_phy_mode mode, u8 nss, u8 mcs,
9246 				      u8 *flags, u8 *bw)
9247 {
9248 	if (mode == ATH10K_PHY_MODE_HT) {
9249 		*flags = RATE_INFO_FLAGS_MCS;
9250 		ath10k_mac_get_rate_flags_ht(ar, rate, nss, mcs, flags, bw);
9251 	} else if (mode == ATH10K_PHY_MODE_VHT) {
9252 		*flags = RATE_INFO_FLAGS_VHT_MCS;
9253 		ath10k_mac_get_rate_flags_vht(ar, rate, nss, mcs, flags, bw);
9254 	}
9255 }
9256 
9257 static void ath10k_mac_parse_bitrate(struct ath10k *ar, u32 rate_code,
9258 				     u32 bitrate_kbps, struct rate_info *rate)
9259 {
9260 	enum ath10k_phy_mode mode = ATH10K_PHY_MODE_LEGACY;
9261 	enum wmi_rate_preamble preamble = WMI_TLV_GET_HW_RC_PREAM_V1(rate_code);
9262 	u8 nss = WMI_TLV_GET_HW_RC_NSS_V1(rate_code) + 1;
9263 	u8 mcs = WMI_TLV_GET_HW_RC_RATE_V1(rate_code);
9264 	u8 flags = 0, bw = 0;
9265 
9266 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac parse rate code 0x%x bitrate %d kbps\n",
9267 		   rate_code, bitrate_kbps);
9268 
9269 	if (preamble == WMI_RATE_PREAMBLE_HT)
9270 		mode = ATH10K_PHY_MODE_HT;
9271 	else if (preamble == WMI_RATE_PREAMBLE_VHT)
9272 		mode = ATH10K_PHY_MODE_VHT;
9273 
9274 	ath10k_mac_get_rate_flags(ar, bitrate_kbps / 100, mode, nss, mcs, &flags, &bw);
9275 
9276 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9277 		   "mac parse bitrate preamble %d mode %d nss %d mcs %d flags %x bw %d\n",
9278 		   preamble, mode, nss, mcs, flags, bw);
9279 
9280 	rate->flags = flags;
9281 	rate->bw = bw;
9282 	rate->legacy = bitrate_kbps / 100;
9283 	rate->nss = nss;
9284 	rate->mcs = mcs;
9285 }
9286 
9287 static void ath10k_mac_sta_get_peer_stats_info(struct ath10k *ar,
9288 					       struct ieee80211_sta *sta,
9289 					       struct station_info *sinfo)
9290 {
9291 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9292 	struct ath10k_peer *peer;
9293 	unsigned long time_left;
9294 	int ret;
9295 
9296 	if (!(ar->hw_params.supports_peer_stats_info &&
9297 	      arsta->arvif->vdev_type == WMI_VDEV_TYPE_STA))
9298 		return;
9299 
9300 	spin_lock_bh(&ar->data_lock);
9301 	peer = ath10k_peer_find(ar, arsta->arvif->vdev_id, sta->addr);
9302 	spin_unlock_bh(&ar->data_lock);
9303 	if (!peer)
9304 		return;
9305 
9306 	reinit_completion(&ar->peer_stats_info_complete);
9307 
9308 	ret = ath10k_wmi_request_peer_stats_info(ar,
9309 						 arsta->arvif->vdev_id,
9310 						 WMI_REQUEST_ONE_PEER_STATS_INFO,
9311 						 arsta->arvif->bssid,
9312 						 0);
9313 	if (ret && ret != -EOPNOTSUPP) {
9314 		ath10k_warn(ar, "could not request peer stats info: %d\n", ret);
9315 		return;
9316 	}
9317 
9318 	time_left = wait_for_completion_timeout(&ar->peer_stats_info_complete, 3 * HZ);
9319 	if (time_left == 0) {
9320 		ath10k_warn(ar, "timed out waiting peer stats info\n");
9321 		return;
9322 	}
9323 
9324 	if (arsta->rx_rate_code != 0 && arsta->rx_bitrate_kbps != 0) {
9325 		ath10k_mac_parse_bitrate(ar, arsta->rx_rate_code,
9326 					 arsta->rx_bitrate_kbps,
9327 					 &sinfo->rxrate);
9328 
9329 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
9330 		arsta->rx_rate_code = 0;
9331 		arsta->rx_bitrate_kbps = 0;
9332 	}
9333 
9334 	if (arsta->tx_rate_code != 0 && arsta->tx_bitrate_kbps != 0) {
9335 		ath10k_mac_parse_bitrate(ar, arsta->tx_rate_code,
9336 					 arsta->tx_bitrate_kbps,
9337 					 &sinfo->txrate);
9338 
9339 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9340 		arsta->tx_rate_code = 0;
9341 		arsta->tx_bitrate_kbps = 0;
9342 	}
9343 }
9344 
9345 static void ath10k_sta_statistics(struct ieee80211_hw *hw,
9346 				  struct ieee80211_vif *vif,
9347 				  struct ieee80211_sta *sta,
9348 				  struct station_info *sinfo)
9349 {
9350 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9351 	struct ath10k *ar = arsta->arvif->ar;
9352 
9353 	if (!ath10k_peer_stats_enabled(ar))
9354 		return;
9355 
9356 	mutex_lock(&ar->conf_mutex);
9357 	ath10k_debug_fw_stats_request(ar);
9358 	mutex_unlock(&ar->conf_mutex);
9359 
9360 	sinfo->rx_duration = arsta->rx_duration;
9361 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_DURATION);
9362 
9363 	if (arsta->txrate.legacy || arsta->txrate.nss) {
9364 		if (arsta->txrate.legacy) {
9365 			sinfo->txrate.legacy = arsta->txrate.legacy;
9366 		} else {
9367 			sinfo->txrate.mcs = arsta->txrate.mcs;
9368 			sinfo->txrate.nss = arsta->txrate.nss;
9369 			sinfo->txrate.bw = arsta->txrate.bw;
9370 		}
9371 		sinfo->txrate.flags = arsta->txrate.flags;
9372 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9373 	}
9374 
9375 	if (ar->htt.disable_tx_comp) {
9376 		sinfo->tx_failed = arsta->tx_failed;
9377 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
9378 	}
9379 
9380 	sinfo->tx_retries = arsta->tx_retries;
9381 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_RETRIES);
9382 
9383 	ath10k_mac_sta_get_peer_stats_info(ar, sta, sinfo);
9384 }
9385 
9386 static int ath10k_mac_op_set_tid_config(struct ieee80211_hw *hw,
9387 					struct ieee80211_vif *vif,
9388 					struct ieee80211_sta *sta,
9389 					struct cfg80211_tid_config *tid_config)
9390 {
9391 	struct ath10k *ar = hw->priv;
9392 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9393 	struct ath10k_mac_iter_tid_conf_data data = {};
9394 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
9395 	int ret, i;
9396 
9397 	mutex_lock(&ar->conf_mutex);
9398 	arg.vdev_id = arvif->vdev_id;
9399 
9400 	arvif->tids_rst = 0;
9401 	memset(arvif->tid_conf_changed, 0, sizeof(arvif->tid_conf_changed));
9402 
9403 	for (i = 0; i < tid_config->n_tid_conf; i++) {
9404 		ret = ath10k_mac_parse_tid_config(ar, sta, vif,
9405 						  &tid_config->tid_conf[i],
9406 						  &arg);
9407 		if (ret)
9408 			goto exit;
9409 	}
9410 
9411 	ret = 0;
9412 
9413 	if (sta)
9414 		goto exit;
9415 
9416 	arvif->tids_rst = 0;
9417 	data.curr_vif = vif;
9418 	data.ar = ar;
9419 
9420 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9421 					  &data);
9422 
9423 exit:
9424 	mutex_unlock(&ar->conf_mutex);
9425 	return ret;
9426 }
9427 
9428 static int ath10k_mac_op_reset_tid_config(struct ieee80211_hw *hw,
9429 					  struct ieee80211_vif *vif,
9430 					  struct ieee80211_sta *sta,
9431 					  u8 tids)
9432 {
9433 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9434 	struct ath10k_mac_iter_tid_conf_data data = {};
9435 	struct ath10k *ar = hw->priv;
9436 	int ret = 0;
9437 
9438 	mutex_lock(&ar->conf_mutex);
9439 
9440 	if (sta) {
9441 		arvif->tids_rst = 0;
9442 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif, tids);
9443 		goto exit;
9444 	}
9445 
9446 	arvif->tids_rst = tids;
9447 	data.curr_vif = vif;
9448 	data.ar = ar;
9449 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9450 					  &data);
9451 
9452 exit:
9453 	mutex_unlock(&ar->conf_mutex);
9454 	return ret;
9455 }
9456 
9457 static const struct ieee80211_ops ath10k_ops = {
9458 	.tx				= ath10k_mac_op_tx,
9459 	.wake_tx_queue			= ath10k_mac_op_wake_tx_queue,
9460 	.start				= ath10k_start,
9461 	.stop				= ath10k_stop,
9462 	.config				= ath10k_config,
9463 	.add_interface			= ath10k_add_interface,
9464 	.update_vif_offload		= ath10k_update_vif_offload,
9465 	.remove_interface		= ath10k_remove_interface,
9466 	.configure_filter		= ath10k_configure_filter,
9467 	.bss_info_changed		= ath10k_bss_info_changed,
9468 	.set_coverage_class		= ath10k_mac_op_set_coverage_class,
9469 	.hw_scan			= ath10k_hw_scan,
9470 	.cancel_hw_scan			= ath10k_cancel_hw_scan,
9471 	.set_key			= ath10k_set_key,
9472 	.set_default_unicast_key        = ath10k_set_default_unicast_key,
9473 	.sta_state			= ath10k_sta_state,
9474 	.sta_set_txpwr			= ath10k_sta_set_txpwr,
9475 	.conf_tx			= ath10k_conf_tx,
9476 	.remain_on_channel		= ath10k_remain_on_channel,
9477 	.cancel_remain_on_channel	= ath10k_cancel_remain_on_channel,
9478 	.set_rts_threshold		= ath10k_set_rts_threshold,
9479 	.set_frag_threshold		= ath10k_mac_op_set_frag_threshold,
9480 	.flush				= ath10k_flush,
9481 	.tx_last_beacon			= ath10k_tx_last_beacon,
9482 	.set_antenna			= ath10k_set_antenna,
9483 	.get_antenna			= ath10k_get_antenna,
9484 	.reconfig_complete		= ath10k_reconfig_complete,
9485 	.get_survey			= ath10k_get_survey,
9486 	.set_bitrate_mask		= ath10k_mac_op_set_bitrate_mask,
9487 	.sta_rc_update			= ath10k_sta_rc_update,
9488 	.offset_tsf			= ath10k_offset_tsf,
9489 	.ampdu_action			= ath10k_ampdu_action,
9490 	.get_et_sset_count		= ath10k_debug_get_et_sset_count,
9491 	.get_et_stats			= ath10k_debug_get_et_stats,
9492 	.get_et_strings			= ath10k_debug_get_et_strings,
9493 	.add_chanctx			= ath10k_mac_op_add_chanctx,
9494 	.remove_chanctx			= ath10k_mac_op_remove_chanctx,
9495 	.change_chanctx			= ath10k_mac_op_change_chanctx,
9496 	.assign_vif_chanctx		= ath10k_mac_op_assign_vif_chanctx,
9497 	.unassign_vif_chanctx		= ath10k_mac_op_unassign_vif_chanctx,
9498 	.switch_vif_chanctx		= ath10k_mac_op_switch_vif_chanctx,
9499 	.sta_pre_rcu_remove		= ath10k_mac_op_sta_pre_rcu_remove,
9500 	.sta_statistics			= ath10k_sta_statistics,
9501 	.set_tid_config			= ath10k_mac_op_set_tid_config,
9502 	.reset_tid_config		= ath10k_mac_op_reset_tid_config,
9503 
9504 	CFG80211_TESTMODE_CMD(ath10k_tm_cmd)
9505 
9506 #ifdef CONFIG_PM
9507 	.suspend			= ath10k_wow_op_suspend,
9508 	.resume				= ath10k_wow_op_resume,
9509 	.set_wakeup			= ath10k_wow_op_set_wakeup,
9510 #endif
9511 #ifdef CONFIG_MAC80211_DEBUGFS
9512 	.sta_add_debugfs		= ath10k_sta_add_debugfs,
9513 #endif
9514 	.set_sar_specs			= ath10k_mac_set_sar_specs,
9515 };
9516 
9517 #define CHAN2G(_channel, _freq, _flags) { \
9518 	.band			= NL80211_BAND_2GHZ, \
9519 	.hw_value		= (_channel), \
9520 	.center_freq		= (_freq), \
9521 	.flags			= (_flags), \
9522 	.max_antenna_gain	= 0, \
9523 	.max_power		= 30, \
9524 }
9525 
9526 #define CHAN5G(_channel, _freq, _flags) { \
9527 	.band			= NL80211_BAND_5GHZ, \
9528 	.hw_value		= (_channel), \
9529 	.center_freq		= (_freq), \
9530 	.flags			= (_flags), \
9531 	.max_antenna_gain	= 0, \
9532 	.max_power		= 30, \
9533 }
9534 
9535 static const struct ieee80211_channel ath10k_2ghz_channels[] = {
9536 	CHAN2G(1, 2412, 0),
9537 	CHAN2G(2, 2417, 0),
9538 	CHAN2G(3, 2422, 0),
9539 	CHAN2G(4, 2427, 0),
9540 	CHAN2G(5, 2432, 0),
9541 	CHAN2G(6, 2437, 0),
9542 	CHAN2G(7, 2442, 0),
9543 	CHAN2G(8, 2447, 0),
9544 	CHAN2G(9, 2452, 0),
9545 	CHAN2G(10, 2457, 0),
9546 	CHAN2G(11, 2462, 0),
9547 	CHAN2G(12, 2467, 0),
9548 	CHAN2G(13, 2472, 0),
9549 	CHAN2G(14, 2484, 0),
9550 };
9551 
9552 static const struct ieee80211_channel ath10k_5ghz_channels[] = {
9553 	CHAN5G(36, 5180, 0),
9554 	CHAN5G(40, 5200, 0),
9555 	CHAN5G(44, 5220, 0),
9556 	CHAN5G(48, 5240, 0),
9557 	CHAN5G(52, 5260, 0),
9558 	CHAN5G(56, 5280, 0),
9559 	CHAN5G(60, 5300, 0),
9560 	CHAN5G(64, 5320, 0),
9561 	CHAN5G(100, 5500, 0),
9562 	CHAN5G(104, 5520, 0),
9563 	CHAN5G(108, 5540, 0),
9564 	CHAN5G(112, 5560, 0),
9565 	CHAN5G(116, 5580, 0),
9566 	CHAN5G(120, 5600, 0),
9567 	CHAN5G(124, 5620, 0),
9568 	CHAN5G(128, 5640, 0),
9569 	CHAN5G(132, 5660, 0),
9570 	CHAN5G(136, 5680, 0),
9571 	CHAN5G(140, 5700, 0),
9572 	CHAN5G(144, 5720, 0),
9573 	CHAN5G(149, 5745, 0),
9574 	CHAN5G(153, 5765, 0),
9575 	CHAN5G(157, 5785, 0),
9576 	CHAN5G(161, 5805, 0),
9577 	CHAN5G(165, 5825, 0),
9578 	CHAN5G(169, 5845, 0),
9579 	CHAN5G(173, 5865, 0),
9580 	/* If you add more, you may need to change ATH10K_MAX_5G_CHAN */
9581 	/* And you will definitely need to change ATH10K_NUM_CHANS in core.h */
9582 };
9583 
9584 struct ath10k *ath10k_mac_create(size_t priv_size)
9585 {
9586 	struct ieee80211_hw *hw;
9587 	struct ieee80211_ops *ops;
9588 	struct ath10k *ar;
9589 
9590 	ops = kmemdup(&ath10k_ops, sizeof(ath10k_ops), GFP_KERNEL);
9591 	if (!ops)
9592 		return NULL;
9593 
9594 	hw = ieee80211_alloc_hw(sizeof(struct ath10k) + priv_size, ops);
9595 	if (!hw) {
9596 		kfree(ops);
9597 		return NULL;
9598 	}
9599 
9600 	ar = hw->priv;
9601 	ar->hw = hw;
9602 	ar->ops = ops;
9603 
9604 	return ar;
9605 }
9606 
9607 void ath10k_mac_destroy(struct ath10k *ar)
9608 {
9609 	struct ieee80211_ops *ops = ar->ops;
9610 
9611 	ieee80211_free_hw(ar->hw);
9612 	kfree(ops);
9613 }
9614 
9615 static const struct ieee80211_iface_limit ath10k_if_limits[] = {
9616 	{
9617 		.max	= 8,
9618 		.types	= BIT(NL80211_IFTYPE_STATION)
9619 			| BIT(NL80211_IFTYPE_P2P_CLIENT)
9620 	},
9621 	{
9622 		.max	= 3,
9623 		.types	= BIT(NL80211_IFTYPE_P2P_GO)
9624 	},
9625 	{
9626 		.max	= 1,
9627 		.types	= BIT(NL80211_IFTYPE_P2P_DEVICE)
9628 	},
9629 	{
9630 		.max	= 7,
9631 		.types	= BIT(NL80211_IFTYPE_AP)
9632 #ifdef CONFIG_MAC80211_MESH
9633 			| BIT(NL80211_IFTYPE_MESH_POINT)
9634 #endif
9635 	},
9636 };
9637 
9638 static const struct ieee80211_iface_limit ath10k_10x_if_limits[] = {
9639 	{
9640 		.max	= 8,
9641 		.types	= BIT(NL80211_IFTYPE_AP)
9642 #ifdef CONFIG_MAC80211_MESH
9643 			| BIT(NL80211_IFTYPE_MESH_POINT)
9644 #endif
9645 	},
9646 	{
9647 		.max	= 1,
9648 		.types	= BIT(NL80211_IFTYPE_STATION)
9649 	},
9650 };
9651 
9652 static const struct ieee80211_iface_combination ath10k_if_comb[] = {
9653 	{
9654 		.limits = ath10k_if_limits,
9655 		.n_limits = ARRAY_SIZE(ath10k_if_limits),
9656 		.max_interfaces = 8,
9657 		.num_different_channels = 1,
9658 		.beacon_int_infra_match = true,
9659 	},
9660 };
9661 
9662 static const struct ieee80211_iface_combination ath10k_10x_if_comb[] = {
9663 	{
9664 		.limits = ath10k_10x_if_limits,
9665 		.n_limits = ARRAY_SIZE(ath10k_10x_if_limits),
9666 		.max_interfaces = 8,
9667 		.num_different_channels = 1,
9668 		.beacon_int_infra_match = true,
9669 		.beacon_int_min_gcd = 1,
9670 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9671 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9672 					BIT(NL80211_CHAN_WIDTH_20) |
9673 					BIT(NL80211_CHAN_WIDTH_40) |
9674 					BIT(NL80211_CHAN_WIDTH_80),
9675 #endif
9676 	},
9677 };
9678 
9679 static const struct ieee80211_iface_limit ath10k_tlv_if_limit[] = {
9680 	{
9681 		.max = 2,
9682 		.types = BIT(NL80211_IFTYPE_STATION),
9683 	},
9684 	{
9685 		.max = 2,
9686 		.types = BIT(NL80211_IFTYPE_AP) |
9687 #ifdef CONFIG_MAC80211_MESH
9688 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9689 #endif
9690 			 BIT(NL80211_IFTYPE_P2P_CLIENT) |
9691 			 BIT(NL80211_IFTYPE_P2P_GO),
9692 	},
9693 	{
9694 		.max = 1,
9695 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9696 	},
9697 };
9698 
9699 static const struct ieee80211_iface_limit ath10k_tlv_qcs_if_limit[] = {
9700 	{
9701 		.max = 2,
9702 		.types = BIT(NL80211_IFTYPE_STATION),
9703 	},
9704 	{
9705 		.max = 2,
9706 		.types = BIT(NL80211_IFTYPE_P2P_CLIENT),
9707 	},
9708 	{
9709 		.max = 1,
9710 		.types = BIT(NL80211_IFTYPE_AP) |
9711 #ifdef CONFIG_MAC80211_MESH
9712 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9713 #endif
9714 			 BIT(NL80211_IFTYPE_P2P_GO),
9715 	},
9716 	{
9717 		.max = 1,
9718 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9719 	},
9720 };
9721 
9722 static const struct ieee80211_iface_limit ath10k_tlv_if_limit_ibss[] = {
9723 	{
9724 		.max = 1,
9725 		.types = BIT(NL80211_IFTYPE_STATION),
9726 	},
9727 	{
9728 		.max = 1,
9729 		.types = BIT(NL80211_IFTYPE_ADHOC),
9730 	},
9731 };
9732 
9733 /* FIXME: This is not thoroughly tested. These combinations may over- or
9734  * underestimate hw/fw capabilities.
9735  */
9736 static struct ieee80211_iface_combination ath10k_tlv_if_comb[] = {
9737 	{
9738 		.limits = ath10k_tlv_if_limit,
9739 		.num_different_channels = 1,
9740 		.max_interfaces = 4,
9741 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9742 	},
9743 	{
9744 		.limits = ath10k_tlv_if_limit_ibss,
9745 		.num_different_channels = 1,
9746 		.max_interfaces = 2,
9747 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9748 	},
9749 };
9750 
9751 static struct ieee80211_iface_combination ath10k_tlv_qcs_if_comb[] = {
9752 	{
9753 		.limits = ath10k_tlv_if_limit,
9754 		.num_different_channels = 1,
9755 		.max_interfaces = 4,
9756 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9757 	},
9758 	{
9759 		.limits = ath10k_tlv_qcs_if_limit,
9760 		.num_different_channels = 2,
9761 		.max_interfaces = 4,
9762 		.n_limits = ARRAY_SIZE(ath10k_tlv_qcs_if_limit),
9763 	},
9764 	{
9765 		.limits = ath10k_tlv_if_limit_ibss,
9766 		.num_different_channels = 1,
9767 		.max_interfaces = 2,
9768 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9769 	},
9770 };
9771 
9772 static const struct ieee80211_iface_limit ath10k_10_4_if_limits[] = {
9773 	{
9774 		.max = 1,
9775 		.types = BIT(NL80211_IFTYPE_STATION),
9776 	},
9777 	{
9778 		.max	= 16,
9779 		.types	= BIT(NL80211_IFTYPE_AP)
9780 #ifdef CONFIG_MAC80211_MESH
9781 			| BIT(NL80211_IFTYPE_MESH_POINT)
9782 #endif
9783 	},
9784 };
9785 
9786 static const struct ieee80211_iface_combination ath10k_10_4_if_comb[] = {
9787 	{
9788 		.limits = ath10k_10_4_if_limits,
9789 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9790 		.max_interfaces = 16,
9791 		.num_different_channels = 1,
9792 		.beacon_int_infra_match = true,
9793 		.beacon_int_min_gcd = 1,
9794 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9795 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9796 					BIT(NL80211_CHAN_WIDTH_20) |
9797 					BIT(NL80211_CHAN_WIDTH_40) |
9798 					BIT(NL80211_CHAN_WIDTH_80) |
9799 					BIT(NL80211_CHAN_WIDTH_80P80) |
9800 					BIT(NL80211_CHAN_WIDTH_160),
9801 #endif
9802 	},
9803 };
9804 
9805 static const struct
9806 ieee80211_iface_combination ath10k_10_4_bcn_int_if_comb[] = {
9807 	{
9808 		.limits = ath10k_10_4_if_limits,
9809 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9810 		.max_interfaces = 16,
9811 		.num_different_channels = 1,
9812 		.beacon_int_infra_match = true,
9813 		.beacon_int_min_gcd = 100,
9814 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9815 		.radar_detect_widths =  BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9816 					BIT(NL80211_CHAN_WIDTH_20) |
9817 					BIT(NL80211_CHAN_WIDTH_40) |
9818 					BIT(NL80211_CHAN_WIDTH_80) |
9819 					BIT(NL80211_CHAN_WIDTH_80P80) |
9820 					BIT(NL80211_CHAN_WIDTH_160),
9821 #endif
9822 	},
9823 };
9824 
9825 static void ath10k_get_arvif_iter(void *data, u8 *mac,
9826 				  struct ieee80211_vif *vif)
9827 {
9828 	struct ath10k_vif_iter *arvif_iter = data;
9829 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9830 
9831 	if (arvif->vdev_id == arvif_iter->vdev_id)
9832 		arvif_iter->arvif = arvif;
9833 }
9834 
9835 struct ath10k_vif *ath10k_get_arvif(struct ath10k *ar, u32 vdev_id)
9836 {
9837 	struct ath10k_vif_iter arvif_iter;
9838 
9839 	memset(&arvif_iter, 0, sizeof(struct ath10k_vif_iter));
9840 	arvif_iter.vdev_id = vdev_id;
9841 
9842 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
9843 						   ATH10K_ITER_RESUME_FLAGS,
9844 						   ath10k_get_arvif_iter,
9845 						   &arvif_iter);
9846 	if (!arvif_iter.arvif) {
9847 		ath10k_warn(ar, "No VIF found for vdev %d\n", vdev_id);
9848 		return NULL;
9849 	}
9850 
9851 	return arvif_iter.arvif;
9852 }
9853 
9854 #define WRD_METHOD "WRDD"
9855 #define WRDD_WIFI  (0x07)
9856 
9857 static u32 ath10k_mac_wrdd_get_mcc(struct ath10k *ar, union acpi_object *wrdd)
9858 {
9859 	union acpi_object *mcc_pkg;
9860 	union acpi_object *domain_type;
9861 	union acpi_object *mcc_value;
9862 	u32 i;
9863 
9864 #if defined(__linux__)
9865 	if (wrdd->type != ACPI_TYPE_PACKAGE ||
9866 	    wrdd->package.count < 2 ||
9867 	    wrdd->package.elements[0].type != ACPI_TYPE_INTEGER ||
9868 	    wrdd->package.elements[0].integer.value != 0) {
9869 #elif defined(__FreeBSD__)
9870 	if (wrdd->Type != ACPI_TYPE_PACKAGE ||
9871 	    wrdd->Package.Count < 2 ||
9872 	    wrdd->Package.Elements[0].Type != ACPI_TYPE_INTEGER ||
9873 	    wrdd->Package.Elements[0].Integer.Value != 0) {
9874 #endif
9875 		ath10k_warn(ar, "ignoring malformed/unsupported wrdd structure\n");
9876 		return 0;
9877 	}
9878 
9879 #if defined(__linux__)
9880 	for (i = 1; i < wrdd->package.count; ++i) {
9881 		mcc_pkg = &wrdd->package.elements[i];
9882 
9883 		if (mcc_pkg->type != ACPI_TYPE_PACKAGE)
9884 			continue;
9885 		if (mcc_pkg->package.count < 2)
9886 			continue;
9887 		if (mcc_pkg->package.elements[0].type != ACPI_TYPE_INTEGER ||
9888 		    mcc_pkg->package.elements[1].type != ACPI_TYPE_INTEGER)
9889 			continue;
9890 
9891 		domain_type = &mcc_pkg->package.elements[0];
9892 		if (domain_type->integer.value != WRDD_WIFI)
9893 			continue;
9894 
9895 		mcc_value = &mcc_pkg->package.elements[1];
9896 		return mcc_value->integer.value;
9897 #elif defined(__FreeBSD__)
9898 	for (i = 1; i < wrdd->Package.Count; ++i) {
9899 		mcc_pkg = &wrdd->Package.Elements[i];
9900 
9901 		if (mcc_pkg->Type != ACPI_TYPE_PACKAGE)
9902 			continue;
9903 		if (mcc_pkg->Package.Count < 2)
9904 			continue;
9905 		if (mcc_pkg->Package.Elements[0].Type != ACPI_TYPE_INTEGER ||
9906 		    mcc_pkg->Package.Elements[1].Type != ACPI_TYPE_INTEGER)
9907 			continue;
9908 
9909 		domain_type = &mcc_pkg->Package.Elements[0];
9910 		if (domain_type->Integer.Value != WRDD_WIFI)
9911 			continue;
9912 
9913 		mcc_value = &mcc_pkg->Package.Elements[1];
9914 		return mcc_value->Integer.Value;
9915 #endif
9916 	}
9917 	return 0;
9918 }
9919 
9920 static int ath10k_mac_get_wrdd_regulatory(struct ath10k *ar, u16 *rd)
9921 {
9922 	acpi_handle root_handle;
9923 	acpi_handle handle;
9924 	struct acpi_buffer wrdd = {ACPI_ALLOCATE_BUFFER, NULL};
9925 	acpi_status status;
9926 	u32 alpha2_code;
9927 	char alpha2[3];
9928 
9929 	root_handle = ACPI_HANDLE(ar->dev);
9930 	if (!root_handle)
9931 		return -EOPNOTSUPP;
9932 
9933 	status = acpi_get_handle(root_handle, (acpi_string)WRD_METHOD, &handle);
9934 	if (ACPI_FAILURE(status)) {
9935 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9936 			   "failed to get wrd method %d\n", status);
9937 		return -EIO;
9938 	}
9939 
9940 	status = acpi_evaluate_object(handle, NULL, NULL, &wrdd);
9941 	if (ACPI_FAILURE(status)) {
9942 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9943 			   "failed to call wrdc %d\n", status);
9944 		return -EIO;
9945 	}
9946 
9947 #if defined(__linux__)
9948 	alpha2_code = ath10k_mac_wrdd_get_mcc(ar, wrdd.pointer);
9949 	kfree(wrdd.pointer);
9950 #elif defined(__FreeBSD__)
9951 	alpha2_code = ath10k_mac_wrdd_get_mcc(ar, wrdd.Pointer);
9952 	kfree(wrdd.Pointer);
9953 #endif
9954 	if (!alpha2_code)
9955 		return -EIO;
9956 
9957 	alpha2[0] = (alpha2_code >> 8) & 0xff;
9958 	alpha2[1] = (alpha2_code >> 0) & 0xff;
9959 	alpha2[2] = '\0';
9960 
9961 	ath10k_dbg(ar, ATH10K_DBG_BOOT,
9962 		   "regulatory hint from WRDD (alpha2-code): %s\n", alpha2);
9963 
9964 	*rd = ath_regd_find_country_by_name(alpha2);
9965 	if (*rd == 0xffff)
9966 		return -EIO;
9967 
9968 	*rd |= COUNTRY_ERD_FLAG;
9969 	return 0;
9970 }
9971 
9972 static int ath10k_mac_init_rd(struct ath10k *ar)
9973 {
9974 	int ret;
9975 	u16 rd;
9976 
9977 	ret = ath10k_mac_get_wrdd_regulatory(ar, &rd);
9978 	if (ret) {
9979 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9980 			   "fallback to eeprom programmed regulatory settings\n");
9981 		rd = ar->hw_eeprom_rd;
9982 	}
9983 
9984 	ar->ath_common.regulatory.current_rd = rd;
9985 	return 0;
9986 }
9987 
9988 int ath10k_mac_register(struct ath10k *ar)
9989 {
9990 	static const u32 cipher_suites[] = {
9991 		WLAN_CIPHER_SUITE_WEP40,
9992 		WLAN_CIPHER_SUITE_WEP104,
9993 		WLAN_CIPHER_SUITE_TKIP,
9994 		WLAN_CIPHER_SUITE_CCMP,
9995 
9996 		/* Do not add hardware supported ciphers before this line.
9997 		 * Allow software encryption for all chips. Don't forget to
9998 		 * update n_cipher_suites below.
9999 		 */
10000 		WLAN_CIPHER_SUITE_AES_CMAC,
10001 		WLAN_CIPHER_SUITE_BIP_CMAC_256,
10002 		WLAN_CIPHER_SUITE_BIP_GMAC_128,
10003 		WLAN_CIPHER_SUITE_BIP_GMAC_256,
10004 
10005 		/* Only QCA99x0 and QCA4019 variants support GCMP-128, GCMP-256
10006 		 * and CCMP-256 in hardware.
10007 		 */
10008 		WLAN_CIPHER_SUITE_GCMP,
10009 		WLAN_CIPHER_SUITE_GCMP_256,
10010 		WLAN_CIPHER_SUITE_CCMP_256,
10011 	};
10012 	struct ieee80211_supported_band *band;
10013 	void *channels;
10014 	int ret;
10015 
10016 	if (!is_valid_ether_addr(ar->mac_addr)) {
10017 		ath10k_warn(ar, "invalid MAC address; choosing random\n");
10018 		eth_random_addr(ar->mac_addr);
10019 	}
10020 	SET_IEEE80211_PERM_ADDR(ar->hw, ar->mac_addr);
10021 
10022 	SET_IEEE80211_DEV(ar->hw, ar->dev);
10023 
10024 	BUILD_BUG_ON((ARRAY_SIZE(ath10k_2ghz_channels) +
10025 		      ARRAY_SIZE(ath10k_5ghz_channels)) !=
10026 		     ATH10K_NUM_CHANS);
10027 
10028 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
10029 		channels = kmemdup(ath10k_2ghz_channels,
10030 				   sizeof(ath10k_2ghz_channels),
10031 				   GFP_KERNEL);
10032 		if (!channels) {
10033 			ret = -ENOMEM;
10034 			goto err_free;
10035 		}
10036 
10037 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
10038 		band->n_channels = ARRAY_SIZE(ath10k_2ghz_channels);
10039 		band->channels = channels;
10040 
10041 		if (ar->hw_params.cck_rate_map_rev2) {
10042 			band->n_bitrates = ath10k_g_rates_rev2_size;
10043 			band->bitrates = ath10k_g_rates_rev2;
10044 		} else {
10045 			band->n_bitrates = ath10k_g_rates_size;
10046 			band->bitrates = ath10k_g_rates;
10047 		}
10048 
10049 		ar->hw->wiphy->bands[NL80211_BAND_2GHZ] = band;
10050 	}
10051 
10052 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
10053 		channels = kmemdup(ath10k_5ghz_channels,
10054 				   sizeof(ath10k_5ghz_channels),
10055 				   GFP_KERNEL);
10056 		if (!channels) {
10057 			ret = -ENOMEM;
10058 			goto err_free;
10059 		}
10060 
10061 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
10062 		band->n_channels = ARRAY_SIZE(ath10k_5ghz_channels);
10063 		band->channels = channels;
10064 		band->n_bitrates = ath10k_a_rates_size;
10065 		band->bitrates = ath10k_a_rates;
10066 		ar->hw->wiphy->bands[NL80211_BAND_5GHZ] = band;
10067 	}
10068 
10069 	wiphy_read_of_freq_limits(ar->hw->wiphy);
10070 	ath10k_mac_setup_ht_vht_cap(ar);
10071 
10072 	ar->hw->wiphy->interface_modes =
10073 		BIT(NL80211_IFTYPE_STATION) |
10074 		BIT(NL80211_IFTYPE_AP) |
10075 		BIT(NL80211_IFTYPE_MESH_POINT);
10076 
10077 	ar->hw->wiphy->available_antennas_rx = ar->cfg_rx_chainmask;
10078 	ar->hw->wiphy->available_antennas_tx = ar->cfg_tx_chainmask;
10079 
10080 	if (!test_bit(ATH10K_FW_FEATURE_NO_P2P, ar->normal_mode_fw.fw_file.fw_features))
10081 		ar->hw->wiphy->interface_modes |=
10082 			BIT(NL80211_IFTYPE_P2P_DEVICE) |
10083 			BIT(NL80211_IFTYPE_P2P_CLIENT) |
10084 			BIT(NL80211_IFTYPE_P2P_GO);
10085 
10086 	ieee80211_hw_set(ar->hw, SIGNAL_DBM);
10087 
10088 	if (!test_bit(ATH10K_FW_FEATURE_NO_PS,
10089 		      ar->running_fw->fw_file.fw_features)) {
10090 		ieee80211_hw_set(ar->hw, SUPPORTS_PS);
10091 		ieee80211_hw_set(ar->hw, SUPPORTS_DYNAMIC_PS);
10092 	}
10093 
10094 	ieee80211_hw_set(ar->hw, MFP_CAPABLE);
10095 	ieee80211_hw_set(ar->hw, REPORTS_TX_ACK_STATUS);
10096 	ieee80211_hw_set(ar->hw, HAS_RATE_CONTROL);
10097 	ieee80211_hw_set(ar->hw, AP_LINK_PS);
10098 	ieee80211_hw_set(ar->hw, SPECTRUM_MGMT);
10099 	ieee80211_hw_set(ar->hw, SUPPORT_FAST_XMIT);
10100 	ieee80211_hw_set(ar->hw, CONNECTION_MONITOR);
10101 	ieee80211_hw_set(ar->hw, SUPPORTS_PER_STA_GTK);
10102 	ieee80211_hw_set(ar->hw, WANT_MONITOR_VIF);
10103 	ieee80211_hw_set(ar->hw, CHANCTX_STA_CSA);
10104 	ieee80211_hw_set(ar->hw, QUEUE_CONTROL);
10105 	ieee80211_hw_set(ar->hw, SUPPORTS_TX_FRAG);
10106 	ieee80211_hw_set(ar->hw, REPORTS_LOW_ACK);
10107 
10108 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
10109 		ieee80211_hw_set(ar->hw, SW_CRYPTO_CONTROL);
10110 
10111 	ar->hw->wiphy->features |= NL80211_FEATURE_STATIC_SMPS;
10112 	ar->hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
10113 
10114 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS)
10115 		ar->hw->wiphy->features |= NL80211_FEATURE_DYNAMIC_SMPS;
10116 
10117 	if (ar->ht_cap_info & WMI_HT_CAP_ENABLED) {
10118 		ieee80211_hw_set(ar->hw, AMPDU_AGGREGATION);
10119 		ieee80211_hw_set(ar->hw, TX_AMPDU_SETUP_IN_HW);
10120 	}
10121 
10122 	ar->hw->wiphy->max_scan_ssids = WLAN_SCAN_PARAMS_MAX_SSID;
10123 	ar->hw->wiphy->max_scan_ie_len = WLAN_SCAN_PARAMS_MAX_IE_LEN;
10124 
10125 	if (test_bit(WMI_SERVICE_NLO, ar->wmi.svc_map)) {
10126 		ar->hw->wiphy->max_sched_scan_ssids = WMI_PNO_MAX_SUPP_NETWORKS;
10127 		ar->hw->wiphy->max_match_sets = WMI_PNO_MAX_SUPP_NETWORKS;
10128 		ar->hw->wiphy->max_sched_scan_ie_len = WMI_PNO_MAX_IE_LENGTH;
10129 		ar->hw->wiphy->max_sched_scan_plans = WMI_PNO_MAX_SCHED_SCAN_PLANS;
10130 		ar->hw->wiphy->max_sched_scan_plan_interval =
10131 			WMI_PNO_MAX_SCHED_SCAN_PLAN_INT;
10132 		ar->hw->wiphy->max_sched_scan_plan_iterations =
10133 			WMI_PNO_MAX_SCHED_SCAN_PLAN_ITRNS;
10134 		ar->hw->wiphy->features |= NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
10135 	}
10136 
10137 	ar->hw->vif_data_size = sizeof(struct ath10k_vif);
10138 	ar->hw->sta_data_size = sizeof(struct ath10k_sta);
10139 	ar->hw->txq_data_size = sizeof(struct ath10k_txq);
10140 
10141 	ar->hw->max_listen_interval = ATH10K_MAX_HW_LISTEN_INTERVAL;
10142 
10143 	if (test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)) {
10144 		ar->hw->wiphy->flags |= WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD;
10145 
10146 		/* Firmware delivers WPS/P2P Probe Requests frames to driver so
10147 		 * that userspace (e.g. wpa_supplicant/hostapd) can generate
10148 		 * correct Probe Responses. This is more of a hack advert..
10149 		 */
10150 		ar->hw->wiphy->probe_resp_offload |=
10151 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS |
10152 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2 |
10153 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P;
10154 	}
10155 
10156 	if (test_bit(WMI_SERVICE_TDLS, ar->wmi.svc_map) ||
10157 	    test_bit(WMI_SERVICE_TDLS_EXPLICIT_MODE_ONLY, ar->wmi.svc_map)) {
10158 		ar->hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS;
10159 		if (test_bit(WMI_SERVICE_TDLS_WIDER_BANDWIDTH, ar->wmi.svc_map))
10160 			ieee80211_hw_set(ar->hw, TDLS_WIDER_BW);
10161 	}
10162 
10163 	if (test_bit(WMI_SERVICE_TDLS_UAPSD_BUFFER_STA, ar->wmi.svc_map))
10164 		ieee80211_hw_set(ar->hw, SUPPORTS_TDLS_BUFFER_STA);
10165 
10166 	if (ath10k_frame_mode == ATH10K_HW_TXRX_ETHERNET) {
10167 		if (ar->wmi.vdev_param->tx_encap_type !=
10168 		    WMI_VDEV_PARAM_UNSUPPORTED)
10169 			ieee80211_hw_set(ar->hw, SUPPORTS_TX_ENCAP_OFFLOAD);
10170 	}
10171 
10172 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
10173 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH;
10174 	ar->hw->wiphy->max_remain_on_channel_duration = 5000;
10175 
10176 	ar->hw->wiphy->flags |= WIPHY_FLAG_AP_UAPSD;
10177 	ar->hw->wiphy->features |= NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE |
10178 				   NL80211_FEATURE_AP_SCAN;
10179 
10180 	ar->hw->wiphy->max_ap_assoc_sta = ar->max_num_stations;
10181 
10182 	ret = ath10k_wow_init(ar);
10183 	if (ret) {
10184 		ath10k_warn(ar, "failed to init wow: %d\n", ret);
10185 		goto err_free;
10186 	}
10187 
10188 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_VHT_IBSS);
10189 	wiphy_ext_feature_set(ar->hw->wiphy,
10190 			      NL80211_EXT_FEATURE_SET_SCAN_DWELL);
10191 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_AQL);
10192 
10193 	if (test_bit(WMI_SERVICE_TX_DATA_ACK_RSSI, ar->wmi.svc_map) ||
10194 	    test_bit(WMI_SERVICE_HTT_MGMT_TX_COMP_VALID_FLAGS, ar->wmi.svc_map))
10195 		wiphy_ext_feature_set(ar->hw->wiphy,
10196 				      NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT);
10197 
10198 	if (ath10k_peer_stats_enabled(ar) ||
10199 	    test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
10200 		wiphy_ext_feature_set(ar->hw->wiphy,
10201 				      NL80211_EXT_FEATURE_AIRTIME_FAIRNESS);
10202 
10203 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map))
10204 		wiphy_ext_feature_set(ar->hw->wiphy,
10205 				      NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER);
10206 
10207 	if (test_bit(WMI_SERVICE_TX_PWR_PER_PEER, ar->wmi.svc_map))
10208 		wiphy_ext_feature_set(ar->hw->wiphy,
10209 				      NL80211_EXT_FEATURE_STA_TX_PWR);
10210 
10211 	if (test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map)) {
10212 		ar->hw->wiphy->tid_config_support.vif |=
10213 				BIT(NL80211_TID_CONFIG_ATTR_NOACK) |
10214 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT) |
10215 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG) |
10216 				BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL) |
10217 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
10218 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
10219 
10220 		if (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
10221 			     ar->wmi.svc_map)) {
10222 			ar->hw->wiphy->tid_config_support.vif |=
10223 				BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
10224 		}
10225 
10226 		ar->hw->wiphy->tid_config_support.peer =
10227 				ar->hw->wiphy->tid_config_support.vif;
10228 		ar->hw->wiphy->max_data_retry_count = ATH10K_MAX_RETRY_COUNT;
10229 	} else {
10230 		ar->ops->set_tid_config = NULL;
10231 	}
10232 	/*
10233 	 * on LL hardware queues are managed entirely by the FW
10234 	 * so we only advertise to mac we can do the queues thing
10235 	 */
10236 	ar->hw->queues = IEEE80211_MAX_QUEUES;
10237 
10238 	/* vdev_ids are used as hw queue numbers. Make sure offchan tx queue is
10239 	 * something that vdev_ids can't reach so that we don't stop the queue
10240 	 * accidentally.
10241 	 */
10242 	ar->hw->offchannel_tx_hw_queue = IEEE80211_MAX_QUEUES - 1;
10243 
10244 	switch (ar->running_fw->fw_file.wmi_op_version) {
10245 	case ATH10K_FW_WMI_OP_VERSION_MAIN:
10246 		ar->hw->wiphy->iface_combinations = ath10k_if_comb;
10247 		ar->hw->wiphy->n_iface_combinations =
10248 			ARRAY_SIZE(ath10k_if_comb);
10249 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10250 		break;
10251 	case ATH10K_FW_WMI_OP_VERSION_TLV:
10252 		if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
10253 			ar->hw->wiphy->iface_combinations =
10254 				ath10k_tlv_qcs_if_comb;
10255 			ar->hw->wiphy->n_iface_combinations =
10256 				ARRAY_SIZE(ath10k_tlv_qcs_if_comb);
10257 		} else {
10258 			ar->hw->wiphy->iface_combinations = ath10k_tlv_if_comb;
10259 			ar->hw->wiphy->n_iface_combinations =
10260 				ARRAY_SIZE(ath10k_tlv_if_comb);
10261 		}
10262 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10263 		break;
10264 	case ATH10K_FW_WMI_OP_VERSION_10_1:
10265 	case ATH10K_FW_WMI_OP_VERSION_10_2:
10266 	case ATH10K_FW_WMI_OP_VERSION_10_2_4:
10267 		ar->hw->wiphy->iface_combinations = ath10k_10x_if_comb;
10268 		ar->hw->wiphy->n_iface_combinations =
10269 			ARRAY_SIZE(ath10k_10x_if_comb);
10270 		break;
10271 	case ATH10K_FW_WMI_OP_VERSION_10_4:
10272 		ar->hw->wiphy->iface_combinations = ath10k_10_4_if_comb;
10273 		ar->hw->wiphy->n_iface_combinations =
10274 			ARRAY_SIZE(ath10k_10_4_if_comb);
10275 		if (test_bit(WMI_SERVICE_VDEV_DIFFERENT_BEACON_INTERVAL_SUPPORT,
10276 			     ar->wmi.svc_map)) {
10277 			ar->hw->wiphy->iface_combinations =
10278 				ath10k_10_4_bcn_int_if_comb;
10279 			ar->hw->wiphy->n_iface_combinations =
10280 				ARRAY_SIZE(ath10k_10_4_bcn_int_if_comb);
10281 		}
10282 		break;
10283 	case ATH10K_FW_WMI_OP_VERSION_UNSET:
10284 	case ATH10K_FW_WMI_OP_VERSION_MAX:
10285 		WARN_ON(1);
10286 		ret = -EINVAL;
10287 		goto err_free;
10288 	}
10289 
10290 	if (ar->hw_params.dynamic_sar_support)
10291 		ar->hw->wiphy->sar_capa = &ath10k_sar_capa;
10292 
10293 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
10294 		ar->hw->netdev_features = NETIF_F_HW_CSUM;
10295 
10296 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED)) {
10297 		/* Init ath dfs pattern detector */
10298 		ar->ath_common.debug_mask = ATH_DBG_DFS;
10299 		ar->dfs_detector = dfs_pattern_detector_init(&ar->ath_common,
10300 							     NL80211_DFS_UNSET);
10301 
10302 		if (!ar->dfs_detector)
10303 			ath10k_warn(ar, "failed to initialise DFS pattern detector\n");
10304 	}
10305 
10306 	ret = ath10k_mac_init_rd(ar);
10307 	if (ret) {
10308 		ath10k_err(ar, "failed to derive regdom: %d\n", ret);
10309 		goto err_dfs_detector_exit;
10310 	}
10311 
10312 	/* Disable set_coverage_class for chipsets that do not support it. */
10313 	if (!ar->hw_params.hw_ops->set_coverage_class)
10314 		ar->ops->set_coverage_class = NULL;
10315 
10316 	ret = ath_regd_init(&ar->ath_common.regulatory, ar->hw->wiphy,
10317 			    ath10k_reg_notifier);
10318 	if (ret) {
10319 		ath10k_err(ar, "failed to initialise regulatory: %i\n", ret);
10320 		goto err_dfs_detector_exit;
10321 	}
10322 
10323 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
10324 		ar->hw->wiphy->features |=
10325 			NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
10326 	}
10327 
10328 	ar->hw->wiphy->cipher_suites = cipher_suites;
10329 
10330 	/* QCA988x and QCA6174 family chips do not support CCMP-256, GCMP-128
10331 	 * and GCMP-256 ciphers in hardware. Fetch number of ciphers supported
10332 	 * from chip specific hw_param table.
10333 	 */
10334 	if (!ar->hw_params.n_cipher_suites ||
10335 	    ar->hw_params.n_cipher_suites > ARRAY_SIZE(cipher_suites)) {
10336 		ath10k_err(ar, "invalid hw_params.n_cipher_suites %d\n",
10337 			   ar->hw_params.n_cipher_suites);
10338 		ar->hw_params.n_cipher_suites = 8;
10339 	}
10340 	ar->hw->wiphy->n_cipher_suites = ar->hw_params.n_cipher_suites;
10341 
10342 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
10343 
10344 	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
10345 
10346 	ret = ieee80211_register_hw(ar->hw);
10347 	if (ret) {
10348 		ath10k_err(ar, "failed to register ieee80211: %d\n", ret);
10349 		goto err_dfs_detector_exit;
10350 	}
10351 
10352 	if (test_bit(WMI_SERVICE_PER_PACKET_SW_ENCRYPT, ar->wmi.svc_map)) {
10353 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP_VLAN);
10354 		ar->hw->wiphy->software_iftypes |= BIT(NL80211_IFTYPE_AP_VLAN);
10355 	}
10356 
10357 	if (!ath_is_world_regd(&ar->ath_common.reg_world_copy) &&
10358 	    !ath_is_world_regd(&ar->ath_common.regulatory)) {
10359 		ret = regulatory_hint(ar->hw->wiphy,
10360 				      ar->ath_common.regulatory.alpha2);
10361 		if (ret)
10362 			goto err_unregister;
10363 	}
10364 
10365 	return 0;
10366 
10367 err_unregister:
10368 	ieee80211_unregister_hw(ar->hw);
10369 
10370 err_dfs_detector_exit:
10371 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10372 		ar->dfs_detector->exit(ar->dfs_detector);
10373 
10374 err_free:
10375 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10376 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10377 
10378 	SET_IEEE80211_DEV(ar->hw, NULL);
10379 	return ret;
10380 }
10381 
10382 void ath10k_mac_unregister(struct ath10k *ar)
10383 {
10384 	ieee80211_unregister_hw(ar->hw);
10385 
10386 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10387 		ar->dfs_detector->exit(ar->dfs_detector);
10388 
10389 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10390 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10391 
10392 	SET_IEEE80211_DEV(ar->hw, NULL);
10393 }
10394