xref: /freebsd/sys/contrib/dev/mediatek/mt76/mt7915/mcu.c (revision e6bfd18d21b225af6a0ed67ceeaf1293b7b9eba5)
1 // SPDX-License-Identifier: ISC
2 /* Copyright (C) 2020 MediaTek Inc. */
3 
4 #include <linux/fs.h>
5 #include "mt7915.h"
6 #include "mcu.h"
7 #include "mac.h"
8 #include "eeprom.h"
9 
10 #define fw_name(_dev, name, ...)	({			\
11 	char *_fw;						\
12 	switch (mt76_chip(&(_dev)->mt76)) {			\
13 	case 0x7915:						\
14 		_fw = MT7915_##name;				\
15 		break;						\
16 	case 0x7986:						\
17 		_fw = MT7986_##name##__VA_ARGS__;		\
18 		break;						\
19 	default:						\
20 		_fw = MT7916_##name;				\
21 		break;						\
22 	}							\
23 	_fw;							\
24 })
25 
26 #define fw_name_var(_dev, name)		(mt7915_check_adie(dev, false) ?	\
27 					 fw_name(_dev, name) :			\
28 					 fw_name(_dev, name, _MT7975))
29 
30 #define MCU_PATCH_ADDRESS		0x200000
31 
32 #define HE_PHY(p, c)			u8_get_bits(c, IEEE80211_HE_PHY_##p)
33 #define HE_MAC(m, c)			u8_get_bits(c, IEEE80211_HE_MAC_##m)
34 
35 static u8
36 mt7915_mcu_get_sta_nss(u16 mcs_map)
37 {
38 	u8 nss;
39 
40 	for (nss = 8; nss > 0; nss--) {
41 		u8 nss_mcs = (mcs_map >> (2 * (nss - 1))) & 3;
42 
43 		if (nss_mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED)
44 			break;
45 	}
46 
47 	return nss - 1;
48 }
49 
50 static void
51 mt7915_mcu_set_sta_he_mcs(struct ieee80211_sta *sta, __le16 *he_mcs,
52 			  u16 mcs_map)
53 {
54 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
55 	struct mt7915_dev *dev = msta->vif->phy->dev;
56 	enum nl80211_band band = msta->vif->phy->mt76->chandef.chan->band;
57 	const u16 *mask = msta->vif->bitrate_mask.control[band].he_mcs;
58 	int nss, max_nss = sta->deflink.rx_nss > 3 ? 4 : sta->deflink.rx_nss;
59 
60 	for (nss = 0; nss < max_nss; nss++) {
61 		int mcs;
62 
63 		switch ((mcs_map >> (2 * nss)) & 0x3) {
64 		case IEEE80211_HE_MCS_SUPPORT_0_11:
65 			mcs = GENMASK(11, 0);
66 			break;
67 		case IEEE80211_HE_MCS_SUPPORT_0_9:
68 			mcs = GENMASK(9, 0);
69 			break;
70 		case IEEE80211_HE_MCS_SUPPORT_0_7:
71 			mcs = GENMASK(7, 0);
72 			break;
73 		default:
74 			mcs = 0;
75 		}
76 
77 		mcs = mcs ? fls(mcs & mask[nss]) - 1 : -1;
78 
79 		switch (mcs) {
80 		case 0 ... 7:
81 			mcs = IEEE80211_HE_MCS_SUPPORT_0_7;
82 			break;
83 		case 8 ... 9:
84 			mcs = IEEE80211_HE_MCS_SUPPORT_0_9;
85 			break;
86 		case 10 ... 11:
87 			mcs = IEEE80211_HE_MCS_SUPPORT_0_11;
88 			break;
89 		default:
90 			mcs = IEEE80211_HE_MCS_NOT_SUPPORTED;
91 			break;
92 		}
93 		mcs_map &= ~(0x3 << (nss * 2));
94 		mcs_map |= mcs << (nss * 2);
95 
96 		/* only support 2ss on 160MHz for mt7915 */
97 		if (is_mt7915(&dev->mt76) && nss > 1 &&
98 		    sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
99 			break;
100 	}
101 
102 	*he_mcs = cpu_to_le16(mcs_map);
103 }
104 
105 static void
106 mt7915_mcu_set_sta_vht_mcs(struct ieee80211_sta *sta, __le16 *vht_mcs,
107 			   const u16 *mask)
108 {
109 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
110 	struct mt7915_dev *dev = msta->vif->phy->dev;
111 	u16 mcs_map = le16_to_cpu(sta->deflink.vht_cap.vht_mcs.rx_mcs_map);
112 	int nss, max_nss = sta->deflink.rx_nss > 3 ? 4 : sta->deflink.rx_nss;
113 	u16 mcs;
114 
115 	for (nss = 0; nss < max_nss; nss++, mcs_map >>= 2) {
116 		switch (mcs_map & 0x3) {
117 		case IEEE80211_VHT_MCS_SUPPORT_0_9:
118 			mcs = GENMASK(9, 0);
119 			break;
120 		case IEEE80211_VHT_MCS_SUPPORT_0_8:
121 			mcs = GENMASK(8, 0);
122 			break;
123 		case IEEE80211_VHT_MCS_SUPPORT_0_7:
124 			mcs = GENMASK(7, 0);
125 			break;
126 		default:
127 			mcs = 0;
128 		}
129 
130 		vht_mcs[nss] = cpu_to_le16(mcs & mask[nss]);
131 
132 		/* only support 2ss on 160MHz for mt7915 */
133 		if (is_mt7915(&dev->mt76) && nss > 1 &&
134 		    sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
135 			break;
136 	}
137 }
138 
139 static void
140 mt7915_mcu_set_sta_ht_mcs(struct ieee80211_sta *sta, u8 *ht_mcs,
141 			  const u8 *mask)
142 {
143 	int nss, max_nss = sta->deflink.rx_nss > 3 ? 4 : sta->deflink.rx_nss;
144 
145 	for (nss = 0; nss < max_nss; nss++)
146 		ht_mcs[nss] = sta->deflink.ht_cap.mcs.rx_mask[nss] & mask[nss];
147 }
148 
149 static int
150 mt7915_mcu_parse_response(struct mt76_dev *mdev, int cmd,
151 			  struct sk_buff *skb, int seq)
152 {
153 	struct mt76_connac2_mcu_rxd *rxd;
154 	int ret = 0;
155 
156 	if (!skb) {
157 		dev_err(mdev->dev, "Message %08x (seq %d) timeout\n",
158 			cmd, seq);
159 		return -ETIMEDOUT;
160 	}
161 
162 	rxd = (struct mt76_connac2_mcu_rxd *)skb->data;
163 	if (seq != rxd->seq)
164 		return -EAGAIN;
165 
166 	if (cmd == MCU_CMD(PATCH_SEM_CONTROL)) {
167 		skb_pull(skb, sizeof(*rxd) - 4);
168 		ret = *skb->data;
169 	} else if (cmd == MCU_EXT_CMD(THERMAL_CTRL)) {
170 		skb_pull(skb, sizeof(*rxd) + 4);
171 		ret = le32_to_cpu(*(__le32 *)skb->data);
172 	} else {
173 		skb_pull(skb, sizeof(struct mt76_connac2_mcu_rxd));
174 	}
175 
176 	return ret;
177 }
178 
179 static int
180 mt7915_mcu_send_message(struct mt76_dev *mdev, struct sk_buff *skb,
181 			int cmd, int *wait_seq)
182 {
183 	struct mt7915_dev *dev = container_of(mdev, struct mt7915_dev, mt76);
184 	enum mt76_mcuq_id qid;
185 	int ret;
186 
187 	ret = mt76_connac2_mcu_fill_message(mdev, skb, cmd, wait_seq);
188 	if (ret)
189 		return ret;
190 
191 	if (cmd == MCU_CMD(FW_SCATTER))
192 		qid = MT_MCUQ_FWDL;
193 	else if (test_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state))
194 		qid = MT_MCUQ_WA;
195 	else
196 		qid = MT_MCUQ_WM;
197 
198 	return mt76_tx_queue_skb_raw(dev, mdev->q_mcu[qid], skb, 0);
199 }
200 
201 int mt7915_mcu_wa_cmd(struct mt7915_dev *dev, int cmd, u32 a1, u32 a2, u32 a3)
202 {
203 	struct {
204 		__le32 args[3];
205 	} req = {
206 		.args = {
207 			cpu_to_le32(a1),
208 			cpu_to_le32(a2),
209 			cpu_to_le32(a3),
210 		},
211 	};
212 
213 	return mt76_mcu_send_msg(&dev->mt76, cmd, &req, sizeof(req), false);
214 }
215 
216 static void
217 mt7915_mcu_csa_finish(void *priv, u8 *mac, struct ieee80211_vif *vif)
218 {
219 	if (vif->bss_conf.csa_active)
220 		ieee80211_csa_finish(vif);
221 }
222 
223 static void
224 mt7915_mcu_rx_csa_notify(struct mt7915_dev *dev, struct sk_buff *skb)
225 {
226 	struct mt76_phy *mphy = &dev->mt76.phy;
227 	struct mt7915_mcu_csa_notify *c;
228 
229 	c = (struct mt7915_mcu_csa_notify *)skb->data;
230 
231 	if ((c->band_idx && !dev->phy.band_idx) && dev->mt76.phys[MT_BAND1])
232 		mphy = dev->mt76.phys[MT_BAND1];
233 
234 	ieee80211_iterate_active_interfaces_atomic(mphy->hw,
235 			IEEE80211_IFACE_ITER_RESUME_ALL,
236 			mt7915_mcu_csa_finish, mphy->hw);
237 }
238 
239 static void
240 mt7915_mcu_rx_thermal_notify(struct mt7915_dev *dev, struct sk_buff *skb)
241 {
242 	struct mt76_phy *mphy = &dev->mt76.phy;
243 	struct mt7915_mcu_thermal_notify *t;
244 	struct mt7915_phy *phy;
245 
246 	t = (struct mt7915_mcu_thermal_notify *)skb->data;
247 	if (t->ctrl.ctrl_id != THERMAL_PROTECT_ENABLE)
248 		return;
249 
250 	if ((t->ctrl.band_idx && !dev->phy.band_idx) && dev->mt76.phys[MT_BAND1])
251 		mphy = dev->mt76.phys[MT_BAND1];
252 
253 	phy = (struct mt7915_phy *)mphy->priv;
254 	phy->throttle_state = t->ctrl.duty.duty_cycle;
255 }
256 
257 static void
258 mt7915_mcu_rx_radar_detected(struct mt7915_dev *dev, struct sk_buff *skb)
259 {
260 	struct mt76_phy *mphy = &dev->mt76.phy;
261 	struct mt7915_mcu_rdd_report *r;
262 
263 	r = (struct mt7915_mcu_rdd_report *)skb->data;
264 
265 	if ((r->band_idx && !dev->phy.band_idx) && dev->mt76.phys[MT_BAND1])
266 		mphy = dev->mt76.phys[MT_BAND1];
267 
268 	if (r->band_idx == MT_RX_SEL2)
269 		cfg80211_background_radar_event(mphy->hw->wiphy,
270 						&dev->rdd2_chandef,
271 						GFP_ATOMIC);
272 	else
273 		ieee80211_radar_detected(mphy->hw);
274 	dev->hw_pattern++;
275 }
276 
277 static void
278 mt7915_mcu_rx_log_message(struct mt7915_dev *dev, struct sk_buff *skb)
279 {
280 	struct mt76_connac2_mcu_rxd *rxd;
281 	int len = skb->len - sizeof(*rxd);
282 	const char *data, *type;
283 
284 	rxd = (struct mt76_connac2_mcu_rxd *)skb->data;
285 	data = (char *)&rxd[1];
286 
287 	switch (rxd->s2d_index) {
288 	case 0:
289 #if !defined(__FreeBSD__) || defined(CONFIG_MT7915_DEBUGFS)
290 		if (mt7915_debugfs_rx_log(dev, data, len))
291 			return;
292 #endif
293 
294 		type = "WM";
295 		break;
296 	case 2:
297 		type = "WA";
298 		break;
299 	default:
300 		type = "unknown";
301 		break;
302 	}
303 
304 	wiphy_info(mt76_hw(dev)->wiphy, "%s: %.*s", type, len, data);
305 }
306 
307 static void
308 mt7915_mcu_cca_finish(void *priv, u8 *mac, struct ieee80211_vif *vif)
309 {
310 	if (!vif->bss_conf.color_change_active)
311 		return;
312 
313 	ieee80211_color_change_finish(vif);
314 }
315 
316 static void
317 mt7915_mcu_rx_bcc_notify(struct mt7915_dev *dev, struct sk_buff *skb)
318 {
319 	struct mt76_phy *mphy = &dev->mt76.phy;
320 	struct mt7915_mcu_bcc_notify *b;
321 
322 	b = (struct mt7915_mcu_bcc_notify *)skb->data;
323 
324 	if ((b->band_idx && !dev->phy.band_idx) && dev->mt76.phys[MT_BAND1])
325 		mphy = dev->mt76.phys[MT_BAND1];
326 
327 	ieee80211_iterate_active_interfaces_atomic(mphy->hw,
328 			IEEE80211_IFACE_ITER_RESUME_ALL,
329 			mt7915_mcu_cca_finish, mphy->hw);
330 }
331 
332 static void
333 mt7915_mcu_rx_ext_event(struct mt7915_dev *dev, struct sk_buff *skb)
334 {
335 	struct mt76_connac2_mcu_rxd *rxd;
336 
337 	rxd = (struct mt76_connac2_mcu_rxd *)skb->data;
338 	switch (rxd->ext_eid) {
339 	case MCU_EXT_EVENT_THERMAL_PROTECT:
340 		mt7915_mcu_rx_thermal_notify(dev, skb);
341 		break;
342 	case MCU_EXT_EVENT_RDD_REPORT:
343 		mt7915_mcu_rx_radar_detected(dev, skb);
344 		break;
345 	case MCU_EXT_EVENT_CSA_NOTIFY:
346 		mt7915_mcu_rx_csa_notify(dev, skb);
347 		break;
348 	case MCU_EXT_EVENT_FW_LOG_2_HOST:
349 		mt7915_mcu_rx_log_message(dev, skb);
350 		break;
351 	case MCU_EXT_EVENT_BCC_NOTIFY:
352 		mt7915_mcu_rx_bcc_notify(dev, skb);
353 		break;
354 	default:
355 		break;
356 	}
357 }
358 
359 static void
360 mt7915_mcu_rx_unsolicited_event(struct mt7915_dev *dev, struct sk_buff *skb)
361 {
362 	struct mt76_connac2_mcu_rxd *rxd;
363 
364 	rxd = (struct mt76_connac2_mcu_rxd *)skb->data;
365 	switch (rxd->eid) {
366 	case MCU_EVENT_EXT:
367 		mt7915_mcu_rx_ext_event(dev, skb);
368 		break;
369 	default:
370 		break;
371 	}
372 	dev_kfree_skb(skb);
373 }
374 
375 void mt7915_mcu_rx_event(struct mt7915_dev *dev, struct sk_buff *skb)
376 {
377 	struct mt76_connac2_mcu_rxd *rxd;
378 
379 	rxd = (struct mt76_connac2_mcu_rxd *)skb->data;
380 	if (rxd->ext_eid == MCU_EXT_EVENT_THERMAL_PROTECT ||
381 	    rxd->ext_eid == MCU_EXT_EVENT_FW_LOG_2_HOST ||
382 	    rxd->ext_eid == MCU_EXT_EVENT_ASSERT_DUMP ||
383 	    rxd->ext_eid == MCU_EXT_EVENT_PS_SYNC ||
384 	    rxd->ext_eid == MCU_EXT_EVENT_BCC_NOTIFY ||
385 	    !rxd->seq)
386 		mt7915_mcu_rx_unsolicited_event(dev, skb);
387 	else
388 		mt76_mcu_rx_event(&dev->mt76, skb);
389 }
390 
391 static struct tlv *
392 mt7915_mcu_add_nested_subtlv(struct sk_buff *skb, int sub_tag, int sub_len,
393 			     __le16 *sub_ntlv, __le16 *len)
394 {
395 	struct tlv *ptlv, tlv = {
396 		.tag = cpu_to_le16(sub_tag),
397 		.len = cpu_to_le16(sub_len),
398 	};
399 
400 	ptlv = skb_put(skb, sub_len);
401 	memcpy(ptlv, &tlv, sizeof(tlv));
402 
403 	le16_add_cpu(sub_ntlv, 1);
404 	le16_add_cpu(len, sub_len);
405 
406 	return ptlv;
407 }
408 
409 /** bss info **/
410 struct mt7915_he_obss_narrow_bw_ru_data {
411 	bool tolerated;
412 };
413 
414 static void mt7915_check_he_obss_narrow_bw_ru_iter(struct wiphy *wiphy,
415 						   struct cfg80211_bss *bss,
416 						   void *_data)
417 {
418 	struct mt7915_he_obss_narrow_bw_ru_data *data = _data;
419 	const struct element *elem;
420 
421 	rcu_read_lock();
422 	elem = ieee80211_bss_get_elem(bss, WLAN_EID_EXT_CAPABILITY);
423 
424 	if (!elem || elem->datalen <= 10 ||
425 	    !(elem->data[10] &
426 	      WLAN_EXT_CAPA10_OBSS_NARROW_BW_RU_TOLERANCE_SUPPORT))
427 		data->tolerated = false;
428 
429 	rcu_read_unlock();
430 }
431 
432 static bool mt7915_check_he_obss_narrow_bw_ru(struct ieee80211_hw *hw,
433 					      struct ieee80211_vif *vif)
434 {
435 	struct mt7915_he_obss_narrow_bw_ru_data iter_data = {
436 		.tolerated = true,
437 	};
438 
439 	if (!(vif->bss_conf.chandef.chan->flags & IEEE80211_CHAN_RADAR))
440 		return false;
441 
442 	cfg80211_bss_iter(hw->wiphy, &vif->bss_conf.chandef,
443 			  mt7915_check_he_obss_narrow_bw_ru_iter,
444 			  &iter_data);
445 
446 	/*
447 	 * If there is at least one AP on radar channel that cannot
448 	 * tolerate 26-tone RU UL OFDMA transmissions using HE TB PPDU.
449 	 */
450 	return !iter_data.tolerated;
451 }
452 
453 static void
454 mt7915_mcu_bss_rfch_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
455 			struct mt7915_phy *phy)
456 {
457 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
458 	struct bss_info_rf_ch *ch;
459 	struct tlv *tlv;
460 	int freq1 = chandef->center_freq1;
461 
462 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_RF_CH, sizeof(*ch));
463 
464 	ch = (struct bss_info_rf_ch *)tlv;
465 	ch->pri_ch = chandef->chan->hw_value;
466 	ch->center_ch0 = ieee80211_frequency_to_channel(freq1);
467 	ch->bw = mt76_connac_chan_bw(chandef);
468 
469 	if (chandef->width == NL80211_CHAN_WIDTH_80P80) {
470 		int freq2 = chandef->center_freq2;
471 
472 		ch->center_ch1 = ieee80211_frequency_to_channel(freq2);
473 	}
474 
475 	if (vif->bss_conf.he_support && vif->type == NL80211_IFTYPE_STATION) {
476 		struct mt76_phy *mphy = phy->mt76;
477 
478 		ch->he_ru26_block =
479 			mt7915_check_he_obss_narrow_bw_ru(mphy->hw, vif);
480 		ch->he_all_disable = false;
481 	} else {
482 		ch->he_all_disable = true;
483 	}
484 }
485 
486 static void
487 mt7915_mcu_bss_ra_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
488 		      struct mt7915_phy *phy)
489 {
490 	int max_nss = hweight8(phy->mt76->chainmask);
491 	struct bss_info_ra *ra;
492 	struct tlv *tlv;
493 
494 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_RA, sizeof(*ra));
495 
496 	ra = (struct bss_info_ra *)tlv;
497 	ra->op_mode = vif->type == NL80211_IFTYPE_AP;
498 	ra->adhoc_en = vif->type == NL80211_IFTYPE_ADHOC;
499 	ra->short_preamble = true;
500 	ra->tx_streams = max_nss;
501 	ra->rx_streams = max_nss;
502 	ra->algo = 4;
503 	ra->train_up_rule = 2;
504 	ra->train_up_high_thres = 110;
505 	ra->train_up_rule_rssi = -70;
506 	ra->low_traffic_thres = 2;
507 	ra->phy_cap = cpu_to_le32(0xfdf);
508 	ra->interval = cpu_to_le32(500);
509 	ra->fast_interval = cpu_to_le32(100);
510 }
511 
512 static void
513 mt7915_mcu_bss_he_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
514 		      struct mt7915_phy *phy)
515 {
516 #define DEFAULT_HE_PE_DURATION		4
517 #define DEFAULT_HE_DURATION_RTS_THRES	1023
518 	const struct ieee80211_sta_he_cap *cap;
519 	struct bss_info_he *he;
520 	struct tlv *tlv;
521 
522 	cap = mt76_connac_get_he_phy_cap(phy->mt76, vif);
523 
524 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_HE_BASIC, sizeof(*he));
525 
526 	he = (struct bss_info_he *)tlv;
527 	he->he_pe_duration = vif->bss_conf.htc_trig_based_pkt_ext;
528 	if (!he->he_pe_duration)
529 		he->he_pe_duration = DEFAULT_HE_PE_DURATION;
530 
531 	he->he_rts_thres = cpu_to_le16(vif->bss_conf.frame_time_rts_th);
532 	if (!he->he_rts_thres)
533 		he->he_rts_thres = cpu_to_le16(DEFAULT_HE_DURATION_RTS_THRES);
534 
535 	he->max_nss_mcs[CMD_HE_MCS_BW80] = cap->he_mcs_nss_supp.tx_mcs_80;
536 	he->max_nss_mcs[CMD_HE_MCS_BW160] = cap->he_mcs_nss_supp.tx_mcs_160;
537 	he->max_nss_mcs[CMD_HE_MCS_BW8080] = cap->he_mcs_nss_supp.tx_mcs_80p80;
538 }
539 
540 static void
541 mt7915_mcu_bss_hw_amsdu_tlv(struct sk_buff *skb)
542 {
543 #define TXD_CMP_MAP1		GENMASK(15, 0)
544 #define TXD_CMP_MAP2		(GENMASK(31, 0) & ~BIT(23))
545 	struct bss_info_hw_amsdu *amsdu;
546 	struct tlv *tlv;
547 
548 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_HW_AMSDU, sizeof(*amsdu));
549 
550 	amsdu = (struct bss_info_hw_amsdu *)tlv;
551 	amsdu->cmp_bitmap_0 = cpu_to_le32(TXD_CMP_MAP1);
552 	amsdu->cmp_bitmap_1 = cpu_to_le32(TXD_CMP_MAP2);
553 	amsdu->trig_thres = cpu_to_le16(2);
554 	amsdu->enable = true;
555 }
556 
557 static void
558 mt7915_mcu_bss_bmc_tlv(struct sk_buff *skb, struct mt7915_phy *phy)
559 {
560 	struct bss_info_bmc_rate *bmc;
561 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
562 	enum nl80211_band band = chandef->chan->band;
563 	struct tlv *tlv;
564 
565 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_BMC_RATE, sizeof(*bmc));
566 
567 	bmc = (struct bss_info_bmc_rate *)tlv;
568 	if (band == NL80211_BAND_2GHZ) {
569 		bmc->short_preamble = true;
570 	} else {
571 		bmc->bc_trans = cpu_to_le16(0x2000);
572 		bmc->mc_trans = cpu_to_le16(0x2080);
573 	}
574 }
575 
576 static int
577 mt7915_mcu_muar_config(struct mt7915_phy *phy, struct ieee80211_vif *vif,
578 		       bool bssid, bool enable)
579 {
580 	struct mt7915_dev *dev = phy->dev;
581 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
582 	u32 idx = mvif->mt76.omac_idx - REPEATER_BSSID_START;
583 	u32 mask = phy->omac_mask >> 32 & ~BIT(idx);
584 	const u8 *addr = vif->addr;
585 	struct {
586 		u8 mode;
587 		u8 force_clear;
588 		u8 clear_bitmap[8];
589 		u8 entry_count;
590 		u8 write;
591 		u8 band;
592 
593 		u8 index;
594 		u8 bssid;
595 		u8 addr[ETH_ALEN];
596 	} __packed req = {
597 		.mode = !!mask || enable,
598 		.entry_count = 1,
599 		.write = 1,
600 		.band = phy != &dev->phy,
601 		.index = idx * 2 + bssid,
602 	};
603 
604 	if (bssid)
605 		addr = vif->bss_conf.bssid;
606 
607 	if (enable)
608 		ether_addr_copy(req.addr, addr);
609 
610 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MUAR_UPDATE), &req,
611 				 sizeof(req), true);
612 }
613 
614 int mt7915_mcu_add_bss_info(struct mt7915_phy *phy,
615 			    struct ieee80211_vif *vif, int enable)
616 {
617 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
618 	struct mt7915_dev *dev = phy->dev;
619 	struct sk_buff *skb;
620 
621 	if (mvif->mt76.omac_idx >= REPEATER_BSSID_START) {
622 		mt7915_mcu_muar_config(phy, vif, false, enable);
623 		mt7915_mcu_muar_config(phy, vif, true, enable);
624 	}
625 
626 	skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76, NULL,
627 					      MT7915_BSS_UPDATE_MAX_SIZE);
628 	if (IS_ERR(skb))
629 		return PTR_ERR(skb);
630 
631 	/* bss_omac must be first */
632 	if (enable)
633 		mt76_connac_mcu_bss_omac_tlv(skb, vif);
634 
635 	mt76_connac_mcu_bss_basic_tlv(skb, vif, NULL, phy->mt76,
636 				      mvif->sta.wcid.idx, enable);
637 
638 	if (vif->type == NL80211_IFTYPE_MONITOR)
639 		goto out;
640 
641 	if (enable) {
642 		mt7915_mcu_bss_rfch_tlv(skb, vif, phy);
643 		mt7915_mcu_bss_bmc_tlv(skb, phy);
644 		mt7915_mcu_bss_ra_tlv(skb, vif, phy);
645 		mt7915_mcu_bss_hw_amsdu_tlv(skb);
646 
647 		if (vif->bss_conf.he_support)
648 			mt7915_mcu_bss_he_tlv(skb, vif, phy);
649 
650 		if (mvif->mt76.omac_idx >= EXT_BSSID_START &&
651 		    mvif->mt76.omac_idx < REPEATER_BSSID_START)
652 			mt76_connac_mcu_bss_ext_tlv(skb, &mvif->mt76);
653 	}
654 out:
655 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
656 				     MCU_EXT_CMD(BSS_INFO_UPDATE), true);
657 }
658 
659 /** starec & wtbl **/
660 int mt7915_mcu_add_tx_ba(struct mt7915_dev *dev,
661 			 struct ieee80211_ampdu_params *params,
662 			 bool enable)
663 {
664 	struct mt7915_sta *msta = (struct mt7915_sta *)params->sta->drv_priv;
665 	struct mt7915_vif *mvif = msta->vif;
666 
667 	if (enable && !params->amsdu)
668 		msta->wcid.amsdu = false;
669 
670 	return mt76_connac_mcu_sta_ba(&dev->mt76, &mvif->mt76, params,
671 				      MCU_EXT_CMD(STA_REC_UPDATE),
672 				      enable, true);
673 }
674 
675 int mt7915_mcu_add_rx_ba(struct mt7915_dev *dev,
676 			 struct ieee80211_ampdu_params *params,
677 			 bool enable)
678 {
679 	struct mt7915_sta *msta = (struct mt7915_sta *)params->sta->drv_priv;
680 	struct mt7915_vif *mvif = msta->vif;
681 
682 	return mt76_connac_mcu_sta_ba(&dev->mt76, &mvif->mt76, params,
683 				      MCU_EXT_CMD(STA_REC_UPDATE),
684 				      enable, false);
685 }
686 
687 static void
688 mt7915_mcu_sta_he_tlv(struct sk_buff *skb, struct ieee80211_sta *sta,
689 		      struct ieee80211_vif *vif)
690 {
691 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
692 	struct ieee80211_he_cap_elem *elem = &sta->deflink.he_cap.he_cap_elem;
693 	struct ieee80211_he_mcs_nss_supp mcs_map;
694 	struct sta_rec_he *he;
695 	struct tlv *tlv;
696 	u32 cap = 0;
697 
698 	if (!sta->deflink.he_cap.has_he)
699 		return;
700 
701 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HE, sizeof(*he));
702 
703 	he = (struct sta_rec_he *)tlv;
704 
705 	if (elem->mac_cap_info[0] & IEEE80211_HE_MAC_CAP0_HTC_HE)
706 		cap |= STA_REC_HE_CAP_HTC;
707 
708 	if (elem->mac_cap_info[2] & IEEE80211_HE_MAC_CAP2_BSR)
709 		cap |= STA_REC_HE_CAP_BSR;
710 
711 	if (elem->mac_cap_info[3] & IEEE80211_HE_MAC_CAP3_OMI_CONTROL)
712 		cap |= STA_REC_HE_CAP_OM;
713 
714 	if (elem->mac_cap_info[4] & IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU)
715 		cap |= STA_REC_HE_CAP_AMSDU_IN_AMPDU;
716 
717 	if (elem->mac_cap_info[4] & IEEE80211_HE_MAC_CAP4_BQR)
718 		cap |= STA_REC_HE_CAP_BQR;
719 
720 	if (elem->phy_cap_info[0] &
721 	    (IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_RU_MAPPING_IN_2G |
722 	     IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_RU_MAPPING_IN_5G))
723 		cap |= STA_REC_HE_CAP_BW20_RU242_SUPPORT;
724 
725 	if (mvif->cap.he_ldpc &&
726 	    (elem->phy_cap_info[1] &
727 	     IEEE80211_HE_PHY_CAP1_LDPC_CODING_IN_PAYLOAD))
728 		cap |= STA_REC_HE_CAP_LDPC;
729 
730 	if (elem->phy_cap_info[1] &
731 	    IEEE80211_HE_PHY_CAP1_HE_LTF_AND_GI_FOR_HE_PPDUS_0_8US)
732 		cap |= STA_REC_HE_CAP_SU_PPDU_1LTF_8US_GI;
733 
734 	if (elem->phy_cap_info[2] &
735 	    IEEE80211_HE_PHY_CAP2_NDP_4x_LTF_AND_3_2US)
736 		cap |= STA_REC_HE_CAP_NDP_4LTF_3DOT2MS_GI;
737 
738 	if (elem->phy_cap_info[2] &
739 	    IEEE80211_HE_PHY_CAP2_STBC_TX_UNDER_80MHZ)
740 		cap |= STA_REC_HE_CAP_LE_EQ_80M_TX_STBC;
741 
742 	if (elem->phy_cap_info[2] &
743 	    IEEE80211_HE_PHY_CAP2_STBC_RX_UNDER_80MHZ)
744 		cap |= STA_REC_HE_CAP_LE_EQ_80M_RX_STBC;
745 
746 	if (elem->phy_cap_info[6] &
747 	    IEEE80211_HE_PHY_CAP6_TRIG_CQI_FB)
748 		cap |= STA_REC_HE_CAP_TRIG_CQI_FK;
749 
750 	if (elem->phy_cap_info[6] &
751 	    IEEE80211_HE_PHY_CAP6_PARTIAL_BW_EXT_RANGE)
752 		cap |= STA_REC_HE_CAP_PARTIAL_BW_EXT_RANGE;
753 
754 	if (elem->phy_cap_info[7] &
755 	    IEEE80211_HE_PHY_CAP7_HE_SU_MU_PPDU_4XLTF_AND_08_US_GI)
756 		cap |= STA_REC_HE_CAP_SU_MU_PPDU_4LTF_8US_GI;
757 
758 	if (elem->phy_cap_info[7] &
759 	    IEEE80211_HE_PHY_CAP7_STBC_TX_ABOVE_80MHZ)
760 		cap |= STA_REC_HE_CAP_GT_80M_TX_STBC;
761 
762 	if (elem->phy_cap_info[7] &
763 	    IEEE80211_HE_PHY_CAP7_STBC_RX_ABOVE_80MHZ)
764 		cap |= STA_REC_HE_CAP_GT_80M_RX_STBC;
765 
766 	if (elem->phy_cap_info[8] &
767 	    IEEE80211_HE_PHY_CAP8_HE_ER_SU_PPDU_4XLTF_AND_08_US_GI)
768 		cap |= STA_REC_HE_CAP_ER_SU_PPDU_4LTF_8US_GI;
769 
770 	if (elem->phy_cap_info[8] &
771 	    IEEE80211_HE_PHY_CAP8_HE_ER_SU_1XLTF_AND_08_US_GI)
772 		cap |= STA_REC_HE_CAP_ER_SU_PPDU_1LTF_8US_GI;
773 
774 	if (elem->phy_cap_info[9] &
775 	    IEEE80211_HE_PHY_CAP9_TX_1024_QAM_LESS_THAN_242_TONE_RU)
776 		cap |= STA_REC_HE_CAP_TX_1024QAM_UNDER_RU242;
777 
778 	if (elem->phy_cap_info[9] &
779 	    IEEE80211_HE_PHY_CAP9_RX_1024_QAM_LESS_THAN_242_TONE_RU)
780 		cap |= STA_REC_HE_CAP_RX_1024QAM_UNDER_RU242;
781 
782 	he->he_cap = cpu_to_le32(cap);
783 
784 	mcs_map = sta->deflink.he_cap.he_mcs_nss_supp;
785 	switch (sta->deflink.bandwidth) {
786 	case IEEE80211_STA_RX_BW_160:
787 		if (elem->phy_cap_info[0] &
788 		    IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G)
789 			mt7915_mcu_set_sta_he_mcs(sta,
790 						  &he->max_nss_mcs[CMD_HE_MCS_BW8080],
791 						  le16_to_cpu(mcs_map.rx_mcs_80p80));
792 
793 		mt7915_mcu_set_sta_he_mcs(sta,
794 					  &he->max_nss_mcs[CMD_HE_MCS_BW160],
795 					  le16_to_cpu(mcs_map.rx_mcs_160));
796 		fallthrough;
797 	default:
798 		mt7915_mcu_set_sta_he_mcs(sta,
799 					  &he->max_nss_mcs[CMD_HE_MCS_BW80],
800 					  le16_to_cpu(mcs_map.rx_mcs_80));
801 		break;
802 	}
803 
804 	he->t_frame_dur =
805 		HE_MAC(CAP1_TF_MAC_PAD_DUR_MASK, elem->mac_cap_info[1]);
806 	he->max_ampdu_exp =
807 		HE_MAC(CAP3_MAX_AMPDU_LEN_EXP_MASK, elem->mac_cap_info[3]);
808 
809 	he->bw_set =
810 		HE_PHY(CAP0_CHANNEL_WIDTH_SET_MASK, elem->phy_cap_info[0]);
811 	he->device_class =
812 		HE_PHY(CAP1_DEVICE_CLASS_A, elem->phy_cap_info[1]);
813 	he->punc_pream_rx =
814 		HE_PHY(CAP1_PREAMBLE_PUNC_RX_MASK, elem->phy_cap_info[1]);
815 
816 	he->dcm_tx_mode =
817 		HE_PHY(CAP3_DCM_MAX_CONST_TX_MASK, elem->phy_cap_info[3]);
818 	he->dcm_tx_max_nss =
819 		HE_PHY(CAP3_DCM_MAX_TX_NSS_2, elem->phy_cap_info[3]);
820 	he->dcm_rx_mode =
821 		HE_PHY(CAP3_DCM_MAX_CONST_RX_MASK, elem->phy_cap_info[3]);
822 	he->dcm_rx_max_nss =
823 		HE_PHY(CAP3_DCM_MAX_RX_NSS_2, elem->phy_cap_info[3]);
824 	he->dcm_rx_max_nss =
825 		HE_PHY(CAP8_DCM_MAX_RU_MASK, elem->phy_cap_info[8]);
826 
827 	he->pkt_ext = 2;
828 }
829 
830 static void
831 mt7915_mcu_sta_muru_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
832 			struct ieee80211_sta *sta, struct ieee80211_vif *vif)
833 {
834 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
835 	struct ieee80211_he_cap_elem *elem = &sta->deflink.he_cap.he_cap_elem;
836 	struct sta_rec_muru *muru;
837 	struct tlv *tlv;
838 
839 	if (vif->type != NL80211_IFTYPE_STATION &&
840 	    vif->type != NL80211_IFTYPE_AP)
841 		return;
842 
843 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_MURU, sizeof(*muru));
844 
845 	muru = (struct sta_rec_muru *)tlv;
846 
847 	muru->cfg.mimo_dl_en = mvif->cap.he_mu_ebfer ||
848 			       mvif->cap.vht_mu_ebfer ||
849 			       mvif->cap.vht_mu_ebfee;
850 	if (!is_mt7915(&dev->mt76))
851 		muru->cfg.mimo_ul_en = true;
852 	muru->cfg.ofdma_dl_en = true;
853 
854 	if (sta->deflink.vht_cap.vht_supported)
855 		muru->mimo_dl.vht_mu_bfee =
856 			!!(sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
857 
858 	if (!sta->deflink.he_cap.has_he)
859 		return;
860 
861 	muru->mimo_dl.partial_bw_dl_mimo =
862 		HE_PHY(CAP6_PARTIAL_BANDWIDTH_DL_MUMIMO, elem->phy_cap_info[6]);
863 
864 	muru->mimo_ul.full_ul_mimo =
865 		HE_PHY(CAP2_UL_MU_FULL_MU_MIMO, elem->phy_cap_info[2]);
866 	muru->mimo_ul.partial_ul_mimo =
867 		HE_PHY(CAP2_UL_MU_PARTIAL_MU_MIMO, elem->phy_cap_info[2]);
868 
869 	muru->ofdma_dl.punc_pream_rx =
870 		HE_PHY(CAP1_PREAMBLE_PUNC_RX_MASK, elem->phy_cap_info[1]);
871 	muru->ofdma_dl.he_20m_in_40m_2g =
872 		HE_PHY(CAP8_20MHZ_IN_40MHZ_HE_PPDU_IN_2G, elem->phy_cap_info[8]);
873 	muru->ofdma_dl.he_20m_in_160m =
874 		HE_PHY(CAP8_20MHZ_IN_160MHZ_HE_PPDU, elem->phy_cap_info[8]);
875 	muru->ofdma_dl.he_80m_in_160m =
876 		HE_PHY(CAP8_80MHZ_IN_160MHZ_HE_PPDU, elem->phy_cap_info[8]);
877 
878 	muru->ofdma_ul.t_frame_dur =
879 		HE_MAC(CAP1_TF_MAC_PAD_DUR_MASK, elem->mac_cap_info[1]);
880 	muru->ofdma_ul.mu_cascading =
881 		HE_MAC(CAP2_MU_CASCADING, elem->mac_cap_info[2]);
882 	muru->ofdma_ul.uo_ra =
883 		HE_MAC(CAP3_OFDMA_RA, elem->mac_cap_info[3]);
884 }
885 
886 static void
887 mt7915_mcu_sta_ht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
888 {
889 	struct sta_rec_ht *ht;
890 	struct tlv *tlv;
891 
892 	if (!sta->deflink.ht_cap.ht_supported)
893 		return;
894 
895 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HT, sizeof(*ht));
896 
897 	ht = (struct sta_rec_ht *)tlv;
898 	ht->ht_cap = cpu_to_le16(sta->deflink.ht_cap.cap);
899 }
900 
901 static void
902 mt7915_mcu_sta_vht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
903 {
904 	struct sta_rec_vht *vht;
905 	struct tlv *tlv;
906 
907 	if (!sta->deflink.vht_cap.vht_supported)
908 		return;
909 
910 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_VHT, sizeof(*vht));
911 
912 	vht = (struct sta_rec_vht *)tlv;
913 	vht->vht_cap = cpu_to_le32(sta->deflink.vht_cap.cap);
914 	vht->vht_rx_mcs_map = sta->deflink.vht_cap.vht_mcs.rx_mcs_map;
915 	vht->vht_tx_mcs_map = sta->deflink.vht_cap.vht_mcs.tx_mcs_map;
916 }
917 
918 static void
919 mt7915_mcu_sta_amsdu_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
920 			 struct ieee80211_vif *vif, struct ieee80211_sta *sta)
921 {
922 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
923 	struct sta_rec_amsdu *amsdu;
924 	struct tlv *tlv;
925 
926 	if (vif->type != NL80211_IFTYPE_STATION &&
927 	    vif->type != NL80211_IFTYPE_AP)
928 		return;
929 
930 	if (!sta->deflink.agg.max_amsdu_len)
931 	    return;
932 
933 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HW_AMSDU, sizeof(*amsdu));
934 	amsdu = (struct sta_rec_amsdu *)tlv;
935 	amsdu->max_amsdu_num = 8;
936 	amsdu->amsdu_en = true;
937 	msta->wcid.amsdu = true;
938 
939 	switch (sta->deflink.agg.max_amsdu_len) {
940 	case IEEE80211_MAX_MPDU_LEN_VHT_11454:
941 		if (!is_mt7915(&dev->mt76)) {
942 			amsdu->max_mpdu_size =
943 				IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454;
944 			return;
945 		}
946 		fallthrough;
947 	case IEEE80211_MAX_MPDU_LEN_HT_7935:
948 	case IEEE80211_MAX_MPDU_LEN_VHT_7991:
949 		amsdu->max_mpdu_size = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_7991;
950 		return;
951 	default:
952 		amsdu->max_mpdu_size = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_3895;
953 		return;
954 	}
955 }
956 
957 static int
958 mt7915_mcu_sta_wtbl_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
959 			struct ieee80211_vif *vif, struct ieee80211_sta *sta)
960 {
961 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
962 	struct mt7915_sta *msta;
963 	struct wtbl_req_hdr *wtbl_hdr;
964 	struct mt76_wcid *wcid;
965 	struct tlv *tlv;
966 
967 	msta = sta ? (struct mt7915_sta *)sta->drv_priv : &mvif->sta;
968 	wcid = sta ? &msta->wcid : NULL;
969 
970 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_WTBL, sizeof(struct tlv));
971 	wtbl_hdr = mt76_connac_mcu_alloc_wtbl_req(&dev->mt76, &msta->wcid,
972 						  WTBL_RESET_AND_SET, tlv,
973 						  &skb);
974 	if (IS_ERR(wtbl_hdr))
975 		return PTR_ERR(wtbl_hdr);
976 
977 	mt76_connac_mcu_wtbl_generic_tlv(&dev->mt76, skb, vif, sta, tlv,
978 					 wtbl_hdr);
979 	mt76_connac_mcu_wtbl_hdr_trans_tlv(skb, vif, wcid, tlv, wtbl_hdr);
980 	if (sta)
981 		mt76_connac_mcu_wtbl_ht_tlv(&dev->mt76, skb, sta, tlv,
982 					    wtbl_hdr, mvif->cap.ht_ldpc,
983 					    mvif->cap.vht_ldpc);
984 
985 	return 0;
986 }
987 
988 static inline bool
989 mt7915_is_ebf_supported(struct mt7915_phy *phy, struct ieee80211_vif *vif,
990 			struct ieee80211_sta *sta, bool bfee)
991 {
992 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
993 	int tx_ant = hweight8(phy->mt76->chainmask) - 1;
994 
995 	if (vif->type != NL80211_IFTYPE_STATION &&
996 	    vif->type != NL80211_IFTYPE_AP)
997 		return false;
998 
999 	if (!bfee && tx_ant < 2)
1000 		return false;
1001 
1002 	if (sta->deflink.he_cap.has_he) {
1003 		struct ieee80211_he_cap_elem *pe = &sta->deflink.he_cap.he_cap_elem;
1004 
1005 		if (bfee)
1006 			return mvif->cap.he_su_ebfee &&
1007 			       HE_PHY(CAP3_SU_BEAMFORMER, pe->phy_cap_info[3]);
1008 		else
1009 			return mvif->cap.he_su_ebfer &&
1010 			       HE_PHY(CAP4_SU_BEAMFORMEE, pe->phy_cap_info[4]);
1011 	}
1012 
1013 	if (sta->deflink.vht_cap.vht_supported) {
1014 		u32 cap = sta->deflink.vht_cap.cap;
1015 
1016 		if (bfee)
1017 			return mvif->cap.vht_su_ebfee &&
1018 			       (cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE);
1019 		else
1020 			return mvif->cap.vht_su_ebfer &&
1021 			       (cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE);
1022 	}
1023 
1024 	return false;
1025 }
1026 
1027 static void
1028 mt7915_mcu_sta_sounding_rate(struct sta_rec_bf *bf)
1029 {
1030 	bf->sounding_phy = MT_PHY_TYPE_OFDM;
1031 	bf->ndp_rate = 0;				/* mcs0 */
1032 	bf->ndpa_rate = MT7915_CFEND_RATE_DEFAULT;	/* ofdm 24m */
1033 	bf->rept_poll_rate = MT7915_CFEND_RATE_DEFAULT;	/* ofdm 24m */
1034 }
1035 
1036 static void
1037 mt7915_mcu_sta_bfer_ht(struct ieee80211_sta *sta, struct mt7915_phy *phy,
1038 		       struct sta_rec_bf *bf)
1039 {
1040 	struct ieee80211_mcs_info *mcs = &sta->deflink.ht_cap.mcs;
1041 	u8 n = 0;
1042 
1043 	bf->tx_mode = MT_PHY_TYPE_HT;
1044 
1045 	if ((mcs->tx_params & IEEE80211_HT_MCS_TX_RX_DIFF) &&
1046 	    (mcs->tx_params & IEEE80211_HT_MCS_TX_DEFINED))
1047 		n = FIELD_GET(IEEE80211_HT_MCS_TX_MAX_STREAMS_MASK,
1048 			      mcs->tx_params);
1049 	else if (mcs->rx_mask[3])
1050 		n = 3;
1051 	else if (mcs->rx_mask[2])
1052 		n = 2;
1053 	else if (mcs->rx_mask[1])
1054 		n = 1;
1055 
1056 	bf->nrow = hweight8(phy->mt76->chainmask) - 1;
1057 	bf->ncol = min_t(u8, bf->nrow, n);
1058 	bf->ibf_ncol = n;
1059 }
1060 
1061 static void
1062 mt7915_mcu_sta_bfer_vht(struct ieee80211_sta *sta, struct mt7915_phy *phy,
1063 			struct sta_rec_bf *bf, bool explicit)
1064 {
1065 	struct ieee80211_sta_vht_cap *pc = &sta->deflink.vht_cap;
1066 	struct ieee80211_sta_vht_cap *vc = &phy->mt76->sband_5g.sband.vht_cap;
1067 	u16 mcs_map = le16_to_cpu(pc->vht_mcs.rx_mcs_map);
1068 	u8 nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
1069 	u8 tx_ant = hweight8(phy->mt76->chainmask) - 1;
1070 
1071 	bf->tx_mode = MT_PHY_TYPE_VHT;
1072 
1073 	if (explicit) {
1074 		u8 sts, snd_dim;
1075 
1076 		mt7915_mcu_sta_sounding_rate(bf);
1077 
1078 		sts = FIELD_GET(IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK,
1079 				pc->cap);
1080 		snd_dim = FIELD_GET(IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK,
1081 				    vc->cap);
1082 		bf->nrow = min_t(u8, min_t(u8, snd_dim, sts), tx_ant);
1083 		bf->ncol = min_t(u8, nss_mcs, bf->nrow);
1084 		bf->ibf_ncol = bf->ncol;
1085 
1086 		if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
1087 			bf->nrow = 1;
1088 	} else {
1089 		bf->nrow = tx_ant;
1090 		bf->ncol = min_t(u8, nss_mcs, bf->nrow);
1091 		bf->ibf_ncol = nss_mcs;
1092 
1093 		if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
1094 			bf->ibf_nrow = 1;
1095 	}
1096 }
1097 
1098 static void
1099 mt7915_mcu_sta_bfer_he(struct ieee80211_sta *sta, struct ieee80211_vif *vif,
1100 		       struct mt7915_phy *phy, struct sta_rec_bf *bf)
1101 {
1102 	struct ieee80211_sta_he_cap *pc = &sta->deflink.he_cap;
1103 	struct ieee80211_he_cap_elem *pe = &pc->he_cap_elem;
1104 	const struct ieee80211_sta_he_cap *vc =
1105 		mt76_connac_get_he_phy_cap(phy->mt76, vif);
1106 	const struct ieee80211_he_cap_elem *ve = &vc->he_cap_elem;
1107 	u16 mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_80);
1108 	u8 nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
1109 	u8 snd_dim, sts;
1110 
1111 	bf->tx_mode = MT_PHY_TYPE_HE_SU;
1112 
1113 	mt7915_mcu_sta_sounding_rate(bf);
1114 
1115 	bf->trigger_su = HE_PHY(CAP6_TRIG_SU_BEAMFORMING_FB,
1116 				pe->phy_cap_info[6]);
1117 	bf->trigger_mu = HE_PHY(CAP6_TRIG_MU_BEAMFORMING_PARTIAL_BW_FB,
1118 				pe->phy_cap_info[6]);
1119 	snd_dim = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_UNDER_80MHZ_MASK,
1120 			 ve->phy_cap_info[5]);
1121 	sts = HE_PHY(CAP4_BEAMFORMEE_MAX_STS_UNDER_80MHZ_MASK,
1122 		     pe->phy_cap_info[4]);
1123 	bf->nrow = min_t(u8, snd_dim, sts);
1124 	bf->ncol = min_t(u8, nss_mcs, bf->nrow);
1125 	bf->ibf_ncol = bf->ncol;
1126 
1127 	if (sta->deflink.bandwidth != IEEE80211_STA_RX_BW_160)
1128 		return;
1129 
1130 	/* go over for 160MHz and 80p80 */
1131 	if (pe->phy_cap_info[0] &
1132 	    IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G) {
1133 		mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_160);
1134 		nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
1135 
1136 		bf->ncol_bw160 = nss_mcs;
1137 	}
1138 
1139 	if (pe->phy_cap_info[0] &
1140 	    IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G) {
1141 		mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_80p80);
1142 		nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
1143 
1144 		if (bf->ncol_bw160)
1145 			bf->ncol_bw160 = min_t(u8, bf->ncol_bw160, nss_mcs);
1146 		else
1147 			bf->ncol_bw160 = nss_mcs;
1148 	}
1149 
1150 	snd_dim = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_ABOVE_80MHZ_MASK,
1151 			 ve->phy_cap_info[5]);
1152 	sts = HE_PHY(CAP4_BEAMFORMEE_MAX_STS_ABOVE_80MHZ_MASK,
1153 		     pe->phy_cap_info[4]);
1154 
1155 	bf->nrow_bw160 = min_t(int, snd_dim, sts);
1156 }
1157 
1158 static void
1159 mt7915_mcu_sta_bfer_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
1160 			struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1161 {
1162 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1163 	struct mt7915_phy *phy = mvif->phy;
1164 	int tx_ant = hweight8(phy->mt76->chainmask) - 1;
1165 	struct sta_rec_bf *bf;
1166 	struct tlv *tlv;
1167 	const u8 matrix[4][4] = {
1168 		{0, 0, 0, 0},
1169 		{1, 1, 0, 0},	/* 2x1, 2x2, 2x3, 2x4 */
1170 		{2, 4, 4, 0},	/* 3x1, 3x2, 3x3, 3x4 */
1171 		{3, 5, 6, 0}	/* 4x1, 4x2, 4x3, 4x4 */
1172 	};
1173 	bool ebf;
1174 
1175 	if (!(sta->deflink.ht_cap.ht_supported || sta->deflink.he_cap.has_he))
1176 		return;
1177 
1178 	ebf = mt7915_is_ebf_supported(phy, vif, sta, false);
1179 	if (!ebf && !dev->ibf)
1180 		return;
1181 
1182 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_BF, sizeof(*bf));
1183 	bf = (struct sta_rec_bf *)tlv;
1184 
1185 	/* he: eBF only, in accordance with spec
1186 	 * vht: support eBF and iBF
1187 	 * ht: iBF only, since mac80211 lacks of eBF support
1188 	 */
1189 	if (sta->deflink.he_cap.has_he && ebf)
1190 		mt7915_mcu_sta_bfer_he(sta, vif, phy, bf);
1191 	else if (sta->deflink.vht_cap.vht_supported)
1192 		mt7915_mcu_sta_bfer_vht(sta, phy, bf, ebf);
1193 	else if (sta->deflink.ht_cap.ht_supported)
1194 		mt7915_mcu_sta_bfer_ht(sta, phy, bf);
1195 	else
1196 		return;
1197 
1198 	bf->bf_cap = ebf ? ebf : dev->ibf << 1;
1199 	bf->bw = sta->deflink.bandwidth;
1200 	bf->ibf_dbw = sta->deflink.bandwidth;
1201 	bf->ibf_nrow = tx_ant;
1202 
1203 	if (!ebf && sta->deflink.bandwidth <= IEEE80211_STA_RX_BW_40 && !bf->ncol)
1204 		bf->ibf_timeout = 0x48;
1205 	else
1206 		bf->ibf_timeout = 0x18;
1207 
1208 	if (ebf && bf->nrow != tx_ant)
1209 		bf->mem_20m = matrix[tx_ant][bf->ncol];
1210 	else
1211 		bf->mem_20m = matrix[bf->nrow][bf->ncol];
1212 
1213 	switch (sta->deflink.bandwidth) {
1214 	case IEEE80211_STA_RX_BW_160:
1215 	case IEEE80211_STA_RX_BW_80:
1216 		bf->mem_total = bf->mem_20m * 2;
1217 		break;
1218 	case IEEE80211_STA_RX_BW_40:
1219 		bf->mem_total = bf->mem_20m;
1220 		break;
1221 	case IEEE80211_STA_RX_BW_20:
1222 	default:
1223 		break;
1224 	}
1225 }
1226 
1227 static void
1228 mt7915_mcu_sta_bfee_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
1229 			struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1230 {
1231 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1232 	struct mt7915_phy *phy = mvif->phy;
1233 	int tx_ant = hweight8(phy->mt76->chainmask) - 1;
1234 	struct sta_rec_bfee *bfee;
1235 	struct tlv *tlv;
1236 	u8 nrow = 0;
1237 
1238 	if (!(sta->deflink.vht_cap.vht_supported || sta->deflink.he_cap.has_he))
1239 		return;
1240 
1241 	if (!mt7915_is_ebf_supported(phy, vif, sta, true))
1242 		return;
1243 
1244 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_BFEE, sizeof(*bfee));
1245 	bfee = (struct sta_rec_bfee *)tlv;
1246 
1247 	if (sta->deflink.he_cap.has_he) {
1248 		struct ieee80211_he_cap_elem *pe = &sta->deflink.he_cap.he_cap_elem;
1249 
1250 		nrow = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_UNDER_80MHZ_MASK,
1251 			      pe->phy_cap_info[5]);
1252 	} else if (sta->deflink.vht_cap.vht_supported) {
1253 		struct ieee80211_sta_vht_cap *pc = &sta->deflink.vht_cap;
1254 
1255 		nrow = FIELD_GET(IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK,
1256 				 pc->cap);
1257 	}
1258 
1259 	/* reply with identity matrix to avoid 2x2 BF negative gain */
1260 	bfee->fb_identity_matrix = (nrow == 1 && tx_ant == 2);
1261 }
1262 
1263 static enum mcu_mmps_mode
1264 mt7915_mcu_get_mmps_mode(enum ieee80211_smps_mode smps)
1265 {
1266 	switch (smps) {
1267 	case IEEE80211_SMPS_OFF:
1268 		return MCU_MMPS_DISABLE;
1269 	case IEEE80211_SMPS_STATIC:
1270 		return MCU_MMPS_STATIC;
1271 	case IEEE80211_SMPS_DYNAMIC:
1272 		return MCU_MMPS_DYNAMIC;
1273 	default:
1274 		return MCU_MMPS_DISABLE;
1275 	}
1276 }
1277 
1278 int mt7915_mcu_set_fixed_rate_ctrl(struct mt7915_dev *dev,
1279 				   struct ieee80211_vif *vif,
1280 				   struct ieee80211_sta *sta,
1281 				   void *data, u32 field)
1282 {
1283 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1284 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
1285 	struct sta_phy *phy = data;
1286 	struct sta_rec_ra_fixed *ra;
1287 	struct sk_buff *skb;
1288 	struct tlv *tlv;
1289 
1290 	skb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
1291 					    &msta->wcid);
1292 	if (IS_ERR(skb))
1293 		return PTR_ERR(skb);
1294 
1295 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_RA_UPDATE, sizeof(*ra));
1296 	ra = (struct sta_rec_ra_fixed *)tlv;
1297 
1298 	switch (field) {
1299 	case RATE_PARAM_AUTO:
1300 		break;
1301 	case RATE_PARAM_FIXED:
1302 	case RATE_PARAM_FIXED_MCS:
1303 	case RATE_PARAM_FIXED_GI:
1304 	case RATE_PARAM_FIXED_HE_LTF:
1305 		if (phy)
1306 			ra->phy = *phy;
1307 		break;
1308 	case RATE_PARAM_MMPS_UPDATE:
1309 		ra->mmps_mode = mt7915_mcu_get_mmps_mode(sta->deflink.smps_mode);
1310 		break;
1311 	default:
1312 		break;
1313 	}
1314 	ra->field = cpu_to_le32(field);
1315 
1316 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1317 				     MCU_EXT_CMD(STA_REC_UPDATE), true);
1318 }
1319 
1320 int mt7915_mcu_add_smps(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1321 			struct ieee80211_sta *sta)
1322 {
1323 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1324 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
1325 	struct wtbl_req_hdr *wtbl_hdr;
1326 	struct tlv *sta_wtbl;
1327 	struct sk_buff *skb;
1328 	int ret;
1329 
1330 	skb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
1331 					    &msta->wcid);
1332 	if (IS_ERR(skb))
1333 		return PTR_ERR(skb);
1334 
1335 	sta_wtbl = mt76_connac_mcu_add_tlv(skb, STA_REC_WTBL,
1336 					   sizeof(struct tlv));
1337 	wtbl_hdr = mt76_connac_mcu_alloc_wtbl_req(&dev->mt76, &msta->wcid,
1338 						  WTBL_SET, sta_wtbl, &skb);
1339 	if (IS_ERR(wtbl_hdr))
1340 		return PTR_ERR(wtbl_hdr);
1341 
1342 	mt76_connac_mcu_wtbl_smps_tlv(skb, sta, sta_wtbl, wtbl_hdr);
1343 
1344 	ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
1345 				    MCU_EXT_CMD(STA_REC_UPDATE), true);
1346 	if (ret)
1347 		return ret;
1348 
1349 	return mt7915_mcu_set_fixed_rate_ctrl(dev, vif, sta, NULL,
1350 					      RATE_PARAM_MMPS_UPDATE);
1351 }
1352 
1353 static int
1354 mt7915_mcu_add_rate_ctrl_fixed(struct mt7915_dev *dev,
1355 			       struct ieee80211_vif *vif,
1356 			       struct ieee80211_sta *sta)
1357 {
1358 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1359 	struct cfg80211_chan_def *chandef = &mvif->phy->mt76->chandef;
1360 	struct cfg80211_bitrate_mask *mask = &mvif->bitrate_mask;
1361 	enum nl80211_band band = chandef->chan->band;
1362 	struct sta_phy phy = {};
1363 	int ret, nrates = 0;
1364 
1365 #define __sta_phy_bitrate_mask_check(_mcs, _gi, _ht, _he)			\
1366 	do {									\
1367 		u8 i, gi = mask->control[band]._gi;				\
1368 		gi = (_he) ? gi : gi == NL80211_TXRATE_FORCE_SGI;		\
1369 		for (i = 0; i <= sta->deflink.bandwidth; i++) {			\
1370 			phy.sgi |= gi << (i << (_he));				\
1371 			phy.he_ltf |= mask->control[band].he_ltf << (i << (_he));\
1372 		}								\
1373 		for (i = 0; i < ARRAY_SIZE(mask->control[band]._mcs); i++) {	\
1374 			if (!mask->control[band]._mcs[i])			\
1375 				continue;					\
1376 			nrates += hweight16(mask->control[band]._mcs[i]);	\
1377 			phy.mcs = ffs(mask->control[band]._mcs[i]) - 1;		\
1378 			if (_ht)						\
1379 				phy.mcs += 8 * i;				\
1380 		}								\
1381 	} while (0)
1382 
1383 	if (sta->deflink.he_cap.has_he) {
1384 		__sta_phy_bitrate_mask_check(he_mcs, he_gi, 0, 1);
1385 	} else if (sta->deflink.vht_cap.vht_supported) {
1386 		__sta_phy_bitrate_mask_check(vht_mcs, gi, 0, 0);
1387 	} else if (sta->deflink.ht_cap.ht_supported) {
1388 		__sta_phy_bitrate_mask_check(ht_mcs, gi, 1, 0);
1389 	} else {
1390 		nrates = hweight32(mask->control[band].legacy);
1391 		phy.mcs = ffs(mask->control[band].legacy) - 1;
1392 	}
1393 #undef __sta_phy_bitrate_mask_check
1394 
1395 	/* fall back to auto rate control */
1396 	if (mask->control[band].gi == NL80211_TXRATE_DEFAULT_GI &&
1397 	    mask->control[band].he_gi == GENMASK(7, 0) &&
1398 	    mask->control[band].he_ltf == GENMASK(7, 0) &&
1399 	    nrates != 1)
1400 		return 0;
1401 
1402 	/* fixed single rate */
1403 	if (nrates == 1) {
1404 		ret = mt7915_mcu_set_fixed_rate_ctrl(dev, vif, sta, &phy,
1405 						     RATE_PARAM_FIXED_MCS);
1406 		if (ret)
1407 			return ret;
1408 	}
1409 
1410 	/* fixed GI */
1411 	if (mask->control[band].gi != NL80211_TXRATE_DEFAULT_GI ||
1412 	    mask->control[band].he_gi != GENMASK(7, 0)) {
1413 		struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
1414 		u32 addr;
1415 
1416 		/* firmware updates only TXCMD but doesn't take WTBL into
1417 		 * account, so driver should update here to reflect the
1418 		 * actual txrate hardware sends out.
1419 		 */
1420 		addr = mt7915_mac_wtbl_lmac_addr(dev, msta->wcid.idx, 7);
1421 		if (sta->deflink.he_cap.has_he)
1422 			mt76_rmw_field(dev, addr, GENMASK(31, 24), phy.sgi);
1423 		else
1424 			mt76_rmw_field(dev, addr, GENMASK(15, 12), phy.sgi);
1425 
1426 		ret = mt7915_mcu_set_fixed_rate_ctrl(dev, vif, sta, &phy,
1427 						     RATE_PARAM_FIXED_GI);
1428 		if (ret)
1429 			return ret;
1430 	}
1431 
1432 	/* fixed HE_LTF */
1433 	if (mask->control[band].he_ltf != GENMASK(7, 0)) {
1434 		ret = mt7915_mcu_set_fixed_rate_ctrl(dev, vif, sta, &phy,
1435 						     RATE_PARAM_FIXED_HE_LTF);
1436 		if (ret)
1437 			return ret;
1438 	}
1439 
1440 	return 0;
1441 }
1442 
1443 static void
1444 mt7915_mcu_sta_rate_ctrl_tlv(struct sk_buff *skb, struct mt7915_dev *dev,
1445 			     struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1446 {
1447 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1448 	struct mt76_phy *mphy = mvif->phy->mt76;
1449 	struct cfg80211_chan_def *chandef = &mphy->chandef;
1450 	struct cfg80211_bitrate_mask *mask = &mvif->bitrate_mask;
1451 	enum nl80211_band band = chandef->chan->band;
1452 	struct sta_rec_ra *ra;
1453 	struct tlv *tlv;
1454 	u32 supp_rate = sta->deflink.supp_rates[band];
1455 	u32 cap = sta->wme ? STA_CAP_WMM : 0;
1456 
1457 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_RA, sizeof(*ra));
1458 	ra = (struct sta_rec_ra *)tlv;
1459 
1460 	ra->valid = true;
1461 	ra->auto_rate = true;
1462 	ra->phy_mode = mt76_connac_get_phy_mode(mphy, vif, band, sta);
1463 	ra->channel = chandef->chan->hw_value;
1464 	ra->bw = sta->deflink.bandwidth;
1465 	ra->phy.bw = sta->deflink.bandwidth;
1466 	ra->mmps_mode = mt7915_mcu_get_mmps_mode(sta->deflink.smps_mode);
1467 
1468 	if (supp_rate) {
1469 		supp_rate &= mask->control[band].legacy;
1470 		ra->rate_len = hweight32(supp_rate);
1471 
1472 		if (band == NL80211_BAND_2GHZ) {
1473 			ra->supp_mode = MODE_CCK;
1474 			ra->supp_cck_rate = supp_rate & GENMASK(3, 0);
1475 
1476 			if (ra->rate_len > 4) {
1477 				ra->supp_mode |= MODE_OFDM;
1478 				ra->supp_ofdm_rate = supp_rate >> 4;
1479 			}
1480 		} else {
1481 			ra->supp_mode = MODE_OFDM;
1482 			ra->supp_ofdm_rate = supp_rate;
1483 		}
1484 	}
1485 
1486 	if (sta->deflink.ht_cap.ht_supported) {
1487 		ra->supp_mode |= MODE_HT;
1488 		ra->af = sta->deflink.ht_cap.ampdu_factor;
1489 		ra->ht_gf = !!(sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_GRN_FLD);
1490 
1491 		cap |= STA_CAP_HT;
1492 		if (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_SGI_20)
1493 			cap |= STA_CAP_SGI_20;
1494 		if (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_SGI_40)
1495 			cap |= STA_CAP_SGI_40;
1496 		if (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_TX_STBC)
1497 			cap |= STA_CAP_TX_STBC;
1498 		if (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_RX_STBC)
1499 			cap |= STA_CAP_RX_STBC;
1500 		if (mvif->cap.ht_ldpc &&
1501 		    (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_LDPC_CODING))
1502 			cap |= STA_CAP_LDPC;
1503 
1504 		mt7915_mcu_set_sta_ht_mcs(sta, ra->ht_mcs,
1505 					  mask->control[band].ht_mcs);
1506 		ra->supp_ht_mcs = *(__le32 *)ra->ht_mcs;
1507 	}
1508 
1509 	if (sta->deflink.vht_cap.vht_supported) {
1510 		u8 af;
1511 
1512 		ra->supp_mode |= MODE_VHT;
1513 		af = FIELD_GET(IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK,
1514 			       sta->deflink.vht_cap.cap);
1515 		ra->af = max_t(u8, ra->af, af);
1516 
1517 		cap |= STA_CAP_VHT;
1518 		if (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_80)
1519 			cap |= STA_CAP_VHT_SGI_80;
1520 		if (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_160)
1521 			cap |= STA_CAP_VHT_SGI_160;
1522 		if (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_TXSTBC)
1523 			cap |= STA_CAP_VHT_TX_STBC;
1524 		if (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_RXSTBC_1)
1525 			cap |= STA_CAP_VHT_RX_STBC;
1526 		if (mvif->cap.vht_ldpc &&
1527 		    (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_RXLDPC))
1528 			cap |= STA_CAP_VHT_LDPC;
1529 
1530 		mt7915_mcu_set_sta_vht_mcs(sta, ra->supp_vht_mcs,
1531 					   mask->control[band].vht_mcs);
1532 	}
1533 
1534 	if (sta->deflink.he_cap.has_he) {
1535 		ra->supp_mode |= MODE_HE;
1536 		cap |= STA_CAP_HE;
1537 
1538 		if (sta->deflink.he_6ghz_capa.capa)
1539 			ra->af = le16_get_bits(sta->deflink.he_6ghz_capa.capa,
1540 					       IEEE80211_HE_6GHZ_CAP_MAX_AMPDU_LEN_EXP);
1541 	}
1542 
1543 	ra->sta_cap = cpu_to_le32(cap);
1544 }
1545 
1546 int mt7915_mcu_add_rate_ctrl(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1547 			     struct ieee80211_sta *sta, bool changed)
1548 {
1549 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1550 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
1551 	struct sk_buff *skb;
1552 	int ret;
1553 
1554 	skb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
1555 					    &msta->wcid);
1556 	if (IS_ERR(skb))
1557 		return PTR_ERR(skb);
1558 
1559 	/* firmware rc algorithm refers to sta_rec_he for HE control.
1560 	 * once dev->rc_work changes the settings driver should also
1561 	 * update sta_rec_he here.
1562 	 */
1563 	if (changed)
1564 		mt7915_mcu_sta_he_tlv(skb, sta, vif);
1565 
1566 	/* sta_rec_ra accommodates BW, NSS and only MCS range format
1567 	 * i.e 0-{7,8,9} for VHT.
1568 	 */
1569 	mt7915_mcu_sta_rate_ctrl_tlv(skb, dev, vif, sta);
1570 
1571 	ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
1572 				    MCU_EXT_CMD(STA_REC_UPDATE), true);
1573 	if (ret)
1574 		return ret;
1575 
1576 	/* sta_rec_ra_fixed accommodates single rate, (HE)GI and HE_LTE,
1577 	 * and updates as peer fixed rate parameters, which overrides
1578 	 * sta_rec_ra and firmware rate control algorithm.
1579 	 */
1580 	return mt7915_mcu_add_rate_ctrl_fixed(dev, vif, sta);
1581 }
1582 
1583 static int
1584 mt7915_mcu_add_group(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1585 		     struct ieee80211_sta *sta)
1586 {
1587 #define MT_STA_BSS_GROUP		1
1588 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1589 	struct mt7915_sta *msta;
1590 	struct {
1591 		__le32 action;
1592 		u8 wlan_idx_lo;
1593 		u8 status;
1594 		u8 wlan_idx_hi;
1595 		u8 rsv0[5];
1596 		__le32 val;
1597 		u8 rsv1[8];
1598 	} __packed req = {
1599 		.action = cpu_to_le32(MT_STA_BSS_GROUP),
1600 		.val = cpu_to_le32(mvif->mt76.idx % 16),
1601 	};
1602 
1603 	msta = sta ? (struct mt7915_sta *)sta->drv_priv : &mvif->sta;
1604 	req.wlan_idx_lo = to_wcid_lo(msta->wcid.idx);
1605 	req.wlan_idx_hi = to_wcid_hi(msta->wcid.idx);
1606 
1607 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_DRR_CTRL), &req,
1608 				 sizeof(req), true);
1609 }
1610 
1611 int mt7915_mcu_add_sta(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1612 		       struct ieee80211_sta *sta, bool enable)
1613 {
1614 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1615 	struct mt7915_sta *msta;
1616 	struct sk_buff *skb;
1617 	int ret;
1618 
1619 	msta = sta ? (struct mt7915_sta *)sta->drv_priv : &mvif->sta;
1620 
1621 	skb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
1622 					    &msta->wcid);
1623 	if (IS_ERR(skb))
1624 		return PTR_ERR(skb);
1625 
1626 	/* starec basic */
1627 	mt76_connac_mcu_sta_basic_tlv(skb, vif, sta, enable,
1628 			!rcu_access_pointer(dev->mt76.wcid[msta->wcid.idx]));
1629 	if (!enable)
1630 		goto out;
1631 
1632 	/* tag order is in accordance with firmware dependency. */
1633 	if (sta) {
1634 		/* starec bfer */
1635 		mt7915_mcu_sta_bfer_tlv(dev, skb, vif, sta);
1636 		/* starec ht */
1637 		mt7915_mcu_sta_ht_tlv(skb, sta);
1638 		/* starec vht */
1639 		mt7915_mcu_sta_vht_tlv(skb, sta);
1640 		/* starec uapsd */
1641 		mt76_connac_mcu_sta_uapsd(skb, vif, sta);
1642 	}
1643 
1644 	ret = mt7915_mcu_sta_wtbl_tlv(dev, skb, vif, sta);
1645 	if (ret) {
1646 		dev_kfree_skb(skb);
1647 		return ret;
1648 	}
1649 
1650 	if (sta) {
1651 		/* starec amsdu */
1652 		mt7915_mcu_sta_amsdu_tlv(dev, skb, vif, sta);
1653 		/* starec he */
1654 		mt7915_mcu_sta_he_tlv(skb, sta, vif);
1655 		/* starec muru */
1656 		mt7915_mcu_sta_muru_tlv(dev, skb, sta, vif);
1657 		/* starec bfee */
1658 		mt7915_mcu_sta_bfee_tlv(dev, skb, vif, sta);
1659 	}
1660 
1661 	ret = mt7915_mcu_add_group(dev, vif, sta);
1662 	if (ret) {
1663 		dev_kfree_skb(skb);
1664 		return ret;
1665 	}
1666 out:
1667 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1668 				     MCU_EXT_CMD(STA_REC_UPDATE), true);
1669 }
1670 
1671 int mt7915_mcu_add_dev_info(struct mt7915_phy *phy,
1672 			    struct ieee80211_vif *vif, bool enable)
1673 {
1674 	struct mt7915_dev *dev = phy->dev;
1675 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1676 	struct {
1677 		struct req_hdr {
1678 			u8 omac_idx;
1679 			u8 dbdc_idx;
1680 			__le16 tlv_num;
1681 			u8 is_tlv_append;
1682 			u8 rsv[3];
1683 		} __packed hdr;
1684 		struct req_tlv {
1685 			__le16 tag;
1686 			__le16 len;
1687 			u8 active;
1688 			u8 dbdc_idx;
1689 			u8 omac_addr[ETH_ALEN];
1690 		} __packed tlv;
1691 	} data = {
1692 		.hdr = {
1693 			.omac_idx = mvif->mt76.omac_idx,
1694 			.dbdc_idx = mvif->mt76.band_idx,
1695 			.tlv_num = cpu_to_le16(1),
1696 			.is_tlv_append = 1,
1697 		},
1698 		.tlv = {
1699 			.tag = cpu_to_le16(DEV_INFO_ACTIVE),
1700 			.len = cpu_to_le16(sizeof(struct req_tlv)),
1701 			.active = enable,
1702 			.dbdc_idx = mvif->mt76.band_idx,
1703 		},
1704 	};
1705 
1706 	if (mvif->mt76.omac_idx >= REPEATER_BSSID_START)
1707 		return mt7915_mcu_muar_config(phy, vif, false, enable);
1708 
1709 	memcpy(data.tlv.omac_addr, vif->addr, ETH_ALEN);
1710 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(DEV_INFO_UPDATE),
1711 				 &data, sizeof(data), true);
1712 }
1713 
1714 static void
1715 mt7915_mcu_beacon_cntdwn(struct ieee80211_vif *vif, struct sk_buff *rskb,
1716 			 struct sk_buff *skb, struct bss_info_bcn *bcn,
1717 			 struct ieee80211_mutable_offsets *offs)
1718 {
1719 	struct bss_info_bcn_cntdwn *info;
1720 	struct tlv *tlv;
1721 	int sub_tag;
1722 
1723 	if (!offs->cntdwn_counter_offs[0])
1724 		return;
1725 
1726 	sub_tag = vif->bss_conf.csa_active ? BSS_INFO_BCN_CSA : BSS_INFO_BCN_BCC;
1727 	tlv = mt7915_mcu_add_nested_subtlv(rskb, sub_tag, sizeof(*info),
1728 					   &bcn->sub_ntlv, &bcn->len);
1729 	info = (struct bss_info_bcn_cntdwn *)tlv;
1730 	info->cnt = skb->data[offs->cntdwn_counter_offs[0]];
1731 }
1732 
1733 static void
1734 mt7915_mcu_beacon_mbss(struct sk_buff *rskb, struct sk_buff *skb,
1735 		       struct ieee80211_vif *vif, struct bss_info_bcn *bcn,
1736 		       struct ieee80211_mutable_offsets *offs)
1737 {
1738 	struct bss_info_bcn_mbss *mbss;
1739 	const struct element *elem;
1740 	struct tlv *tlv;
1741 
1742 	if (!vif->bss_conf.bssid_indicator)
1743 		return;
1744 
1745 	tlv = mt7915_mcu_add_nested_subtlv(rskb, BSS_INFO_BCN_MBSSID,
1746 					   sizeof(*mbss), &bcn->sub_ntlv,
1747 					   &bcn->len);
1748 
1749 	mbss = (struct bss_info_bcn_mbss *)tlv;
1750 	mbss->offset[0] = cpu_to_le16(offs->tim_offset);
1751 	mbss->bitmap = cpu_to_le32(1);
1752 
1753 	for_each_element_id(elem, WLAN_EID_MULTIPLE_BSSID,
1754 			    &skb->data[offs->mbssid_off],
1755 			    skb->len - offs->mbssid_off) {
1756 		const struct element *sub_elem;
1757 
1758 		if (elem->datalen < 2)
1759 			continue;
1760 
1761 		for_each_element(sub_elem, elem->data + 1, elem->datalen - 1) {
1762 			const struct ieee80211_bssid_index *idx;
1763 			const u8 *idx_ie;
1764 
1765 			if (sub_elem->id || sub_elem->datalen < 4)
1766 				continue; /* not a valid BSS profile */
1767 
1768 			/* Find WLAN_EID_MULTI_BSSID_IDX
1769 			 * in the merged nontransmitted profile
1770 			 */
1771 			idx_ie = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX,
1772 						  sub_elem->data,
1773 						  sub_elem->datalen);
1774 			if (!idx_ie || idx_ie[1] < sizeof(*idx))
1775 				continue;
1776 
1777 #if defined(__linux__)
1778 			idx = (void *)(idx_ie + 2);
1779 #elif defined(__FreeBSD__)
1780 			idx = (const void *)(idx_ie + 2);
1781 #endif
1782 			if (!idx->bssid_index || idx->bssid_index > 31)
1783 				continue;
1784 
1785 			mbss->offset[idx->bssid_index] =
1786 				cpu_to_le16(idx_ie - skb->data);
1787 			mbss->bitmap |= cpu_to_le32(BIT(idx->bssid_index));
1788 		}
1789 	}
1790 }
1791 
1792 static void
1793 mt7915_mcu_beacon_cont(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1794 		       struct sk_buff *rskb, struct sk_buff *skb,
1795 		       struct bss_info_bcn *bcn,
1796 		       struct ieee80211_mutable_offsets *offs)
1797 {
1798 	struct mt76_wcid *wcid = &dev->mt76.global_wcid;
1799 	struct bss_info_bcn_cont *cont;
1800 	struct tlv *tlv;
1801 	u8 *buf;
1802 	int len = sizeof(*cont) + MT_TXD_SIZE + skb->len;
1803 
1804 	len = (len & 0x3) ? ((len | 0x3) + 1) : len;
1805 	tlv = mt7915_mcu_add_nested_subtlv(rskb, BSS_INFO_BCN_CONTENT,
1806 					   len, &bcn->sub_ntlv, &bcn->len);
1807 
1808 	cont = (struct bss_info_bcn_cont *)tlv;
1809 	cont->pkt_len = cpu_to_le16(MT_TXD_SIZE + skb->len);
1810 	cont->tim_ofs = cpu_to_le16(offs->tim_offset);
1811 
1812 	if (offs->cntdwn_counter_offs[0]) {
1813 		u16 offset = offs->cntdwn_counter_offs[0];
1814 
1815 		if (vif->bss_conf.csa_active)
1816 			cont->csa_ofs = cpu_to_le16(offset - 4);
1817 		if (vif->bss_conf.color_change_active)
1818 			cont->bcc_ofs = cpu_to_le16(offset - 3);
1819 	}
1820 
1821 	buf = (u8 *)tlv + sizeof(*cont);
1822 	mt7915_mac_write_txwi(&dev->mt76, (__le32 *)buf, skb, wcid, 0, NULL,
1823 			      0, BSS_CHANGED_BEACON);
1824 	memcpy(buf + MT_TXD_SIZE, skb->data, skb->len);
1825 }
1826 
1827 static void
1828 mt7915_mcu_beacon_check_caps(struct mt7915_phy *phy, struct ieee80211_vif *vif,
1829 			     struct sk_buff *skb)
1830 {
1831 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1832 	struct mt7915_vif_cap *vc = &mvif->cap;
1833 	const struct ieee80211_he_cap_elem *he;
1834 	const struct ieee80211_vht_cap *vht;
1835 	const struct ieee80211_ht_cap *ht;
1836 	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
1837 	const u8 *ie;
1838 	u32 len, bc;
1839 
1840 	/* Check missing configuration options to allow AP mode in mac80211
1841 	 * to remain in sync with hostapd settings, and get a subset of
1842 	 * beacon and hardware capabilities.
1843 	 */
1844 	if (WARN_ON_ONCE(skb->len <= (mgmt->u.beacon.variable - skb->data)))
1845 		return;
1846 
1847 	memset(vc, 0, sizeof(*vc));
1848 
1849 	len = skb->len - (mgmt->u.beacon.variable - skb->data);
1850 
1851 	ie = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, mgmt->u.beacon.variable,
1852 			      len);
1853 	if (ie && ie[1] >= sizeof(*ht)) {
1854 #if defined(__linux__)
1855 		ht = (void *)(ie + 2);
1856 #elif defined(__FreeBSD__)
1857 		ht = (const void *)(ie + 2);
1858 #endif
1859 		vc->ht_ldpc = !!(le16_to_cpu(ht->cap_info) &
1860 				 IEEE80211_HT_CAP_LDPC_CODING);
1861 	}
1862 
1863 	ie = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, mgmt->u.beacon.variable,
1864 			      len);
1865 	if (ie && ie[1] >= sizeof(*vht)) {
1866 		u32 pc = phy->mt76->sband_5g.sband.vht_cap.cap;
1867 
1868 #if defined(__linux__)
1869 		vht = (void *)(ie + 2);
1870 #elif defined(__FreeBSD__)
1871 		vht = (const void *)(ie + 2);
1872 #endif
1873 		bc = le32_to_cpu(vht->vht_cap_info);
1874 
1875 		vc->vht_ldpc = !!(bc & IEEE80211_VHT_CAP_RXLDPC);
1876 		vc->vht_su_ebfer =
1877 			(bc & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE) &&
1878 			(pc & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE);
1879 		vc->vht_su_ebfee =
1880 			(bc & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE) &&
1881 			(pc & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE);
1882 		vc->vht_mu_ebfer =
1883 			(bc & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE) &&
1884 			(pc & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE);
1885 		vc->vht_mu_ebfee =
1886 			(bc & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) &&
1887 			(pc & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
1888 	}
1889 
1890 	ie = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY,
1891 				  mgmt->u.beacon.variable, len);
1892 	if (ie && ie[1] >= sizeof(*he) + 1) {
1893 		const struct ieee80211_sta_he_cap *pc =
1894 			mt76_connac_get_he_phy_cap(phy->mt76, vif);
1895 		const struct ieee80211_he_cap_elem *pe = &pc->he_cap_elem;
1896 
1897 #if defined(__linux__)
1898 		he = (void *)(ie + 3);
1899 #elif defined(__FreeBSD__)
1900 		he = (const void *)(ie + 3);
1901 #endif
1902 
1903 		vc->he_ldpc =
1904 			HE_PHY(CAP1_LDPC_CODING_IN_PAYLOAD, pe->phy_cap_info[1]);
1905 		vc->he_su_ebfer =
1906 			HE_PHY(CAP3_SU_BEAMFORMER, he->phy_cap_info[3]) &&
1907 			HE_PHY(CAP3_SU_BEAMFORMER, pe->phy_cap_info[3]);
1908 		vc->he_su_ebfee =
1909 			HE_PHY(CAP4_SU_BEAMFORMEE, he->phy_cap_info[4]) &&
1910 			HE_PHY(CAP4_SU_BEAMFORMEE, pe->phy_cap_info[4]);
1911 		vc->he_mu_ebfer =
1912 			HE_PHY(CAP4_MU_BEAMFORMER, he->phy_cap_info[4]) &&
1913 			HE_PHY(CAP4_MU_BEAMFORMER, pe->phy_cap_info[4]);
1914 	}
1915 }
1916 
1917 static void
1918 mt7915_mcu_beacon_inband_discov(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1919 				struct sk_buff *rskb, struct bss_info_bcn *bcn,
1920 				u32 changed)
1921 {
1922 #define OFFLOAD_TX_MODE_SU	BIT(0)
1923 #define OFFLOAD_TX_MODE_MU	BIT(1)
1924 	struct ieee80211_hw *hw = mt76_hw(dev);
1925 	struct mt7915_phy *phy = mt7915_hw_phy(hw);
1926 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1927 	struct cfg80211_chan_def *chandef = &mvif->phy->mt76->chandef;
1928 	enum nl80211_band band = chandef->chan->band;
1929 	struct mt76_wcid *wcid = &dev->mt76.global_wcid;
1930 	struct bss_info_inband_discovery *discov;
1931 	struct ieee80211_tx_info *info;
1932 	struct sk_buff *skb = NULL;
1933 	struct tlv *tlv;
1934 	bool ext_phy = phy != &dev->phy;
1935 	u8 *buf, interval;
1936 	int len;
1937 
1938 	if (changed & BSS_CHANGED_FILS_DISCOVERY &&
1939 	    vif->bss_conf.fils_discovery.max_interval) {
1940 		interval = vif->bss_conf.fils_discovery.max_interval;
1941 		skb = ieee80211_get_fils_discovery_tmpl(hw, vif);
1942 	} else if (changed & BSS_CHANGED_UNSOL_BCAST_PROBE_RESP &&
1943 		   vif->bss_conf.unsol_bcast_probe_resp_interval) {
1944 		interval = vif->bss_conf.unsol_bcast_probe_resp_interval;
1945 		skb = ieee80211_get_unsol_bcast_probe_resp_tmpl(hw, vif);
1946 	}
1947 
1948 	if (!skb)
1949 		return;
1950 
1951 	info = IEEE80211_SKB_CB(skb);
1952 	info->control.vif = vif;
1953 	info->band = band;
1954 
1955 	info->hw_queue |= FIELD_PREP(MT_TX_HW_QUEUE_PHY, ext_phy);
1956 
1957 	len = sizeof(*discov) + MT_TXD_SIZE + skb->len;
1958 	len = (len & 0x3) ? ((len | 0x3) + 1) : len;
1959 
1960 	if (len > (MT7915_MAX_BSS_OFFLOAD_SIZE - rskb->len)) {
1961 		dev_err(dev->mt76.dev, "inband discovery size limit exceed\n");
1962 		dev_kfree_skb(skb);
1963 		return;
1964 	}
1965 
1966 	tlv = mt7915_mcu_add_nested_subtlv(rskb, BSS_INFO_BCN_DISCOV,
1967 					   len, &bcn->sub_ntlv, &bcn->len);
1968 	discov = (struct bss_info_inband_discovery *)tlv;
1969 	discov->tx_mode = OFFLOAD_TX_MODE_SU;
1970 	/* 0: UNSOL PROBE RESP, 1: FILS DISCOV */
1971 	discov->tx_type = !!(changed & BSS_CHANGED_FILS_DISCOVERY);
1972 	discov->tx_interval = interval;
1973 	discov->prob_rsp_len = cpu_to_le16(MT_TXD_SIZE + skb->len);
1974 	discov->enable = true;
1975 
1976 	buf = (u8 *)tlv + sizeof(*discov);
1977 
1978 	mt7915_mac_write_txwi(&dev->mt76, (__le32 *)buf, skb, wcid, 0, NULL,
1979 			      0, changed);
1980 	memcpy(buf + MT_TXD_SIZE, skb->data, skb->len);
1981 
1982 	dev_kfree_skb(skb);
1983 }
1984 
1985 int mt7915_mcu_add_beacon(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1986 			  int en, u32 changed)
1987 {
1988 	struct mt7915_dev *dev = mt7915_hw_dev(hw);
1989 	struct mt7915_phy *phy = mt7915_hw_phy(hw);
1990 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1991 	struct ieee80211_mutable_offsets offs;
1992 	struct ieee80211_tx_info *info;
1993 	struct sk_buff *skb, *rskb;
1994 	struct tlv *tlv;
1995 	struct bss_info_bcn *bcn;
1996 	int len = MT7915_MAX_BSS_OFFLOAD_SIZE;
1997 	bool ext_phy = phy != &dev->phy;
1998 
1999 	if (vif->bss_conf.nontransmitted)
2000 		return 0;
2001 
2002 	rskb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
2003 					       NULL, len);
2004 	if (IS_ERR(rskb))
2005 		return PTR_ERR(rskb);
2006 
2007 	tlv = mt76_connac_mcu_add_tlv(rskb, BSS_INFO_OFFLOAD, sizeof(*bcn));
2008 	bcn = (struct bss_info_bcn *)tlv;
2009 	bcn->enable = en;
2010 
2011 	if (!en)
2012 		goto out;
2013 
2014 	skb = ieee80211_beacon_get_template(hw, vif, &offs, 0);
2015 	if (!skb)
2016 		return -EINVAL;
2017 
2018 	if (skb->len > MT7915_MAX_BEACON_SIZE - MT_TXD_SIZE) {
2019 		dev_err(dev->mt76.dev, "Bcn size limit exceed\n");
2020 		dev_kfree_skb(skb);
2021 		return -EINVAL;
2022 	}
2023 
2024 	info = IEEE80211_SKB_CB(skb);
2025 	info->hw_queue = FIELD_PREP(MT_TX_HW_QUEUE_PHY, ext_phy);
2026 
2027 	mt7915_mcu_beacon_check_caps(phy, vif, skb);
2028 
2029 	mt7915_mcu_beacon_cntdwn(vif, rskb, skb, bcn, &offs);
2030 	mt7915_mcu_beacon_mbss(rskb, skb, vif, bcn, &offs);
2031 	mt7915_mcu_beacon_cont(dev, vif, rskb, skb, bcn, &offs);
2032 	dev_kfree_skb(skb);
2033 
2034 	if (changed & BSS_CHANGED_UNSOL_BCAST_PROBE_RESP ||
2035 	    changed & BSS_CHANGED_FILS_DISCOVERY)
2036 		mt7915_mcu_beacon_inband_discov(dev, vif, rskb,
2037 						bcn, changed);
2038 
2039 out:
2040 	return mt76_mcu_skb_send_msg(&phy->dev->mt76, rskb,
2041 				     MCU_EXT_CMD(BSS_INFO_UPDATE), true);
2042 }
2043 
2044 static int mt7915_driver_own(struct mt7915_dev *dev, u8 band)
2045 {
2046 	mt76_wr(dev, MT_TOP_LPCR_HOST_BAND(band), MT_TOP_LPCR_HOST_DRV_OWN);
2047 	if (!mt76_poll_msec(dev, MT_TOP_LPCR_HOST_BAND(band),
2048 			    MT_TOP_LPCR_HOST_FW_OWN_STAT, 0, 500)) {
2049 		dev_err(dev->mt76.dev, "Timeout for driver own\n");
2050 		return -EIO;
2051 	}
2052 
2053 	/* clear irq when the driver own success */
2054 	mt76_wr(dev, MT_TOP_LPCR_HOST_BAND_IRQ_STAT(band),
2055 		MT_TOP_LPCR_HOST_BAND_STAT);
2056 
2057 	return 0;
2058 }
2059 
2060 static int
2061 mt7915_firmware_state(struct mt7915_dev *dev, bool wa)
2062 {
2063 	u32 state = FIELD_PREP(MT_TOP_MISC_FW_STATE,
2064 			       wa ? FW_STATE_RDY : FW_STATE_FW_DOWNLOAD);
2065 
2066 	if (!mt76_poll_msec(dev, MT_TOP_MISC, MT_TOP_MISC_FW_STATE,
2067 			    state, 1000)) {
2068 		dev_err(dev->mt76.dev, "Timeout for initializing firmware\n");
2069 		return -EIO;
2070 	}
2071 	return 0;
2072 }
2073 
2074 static int mt7915_load_firmware(struct mt7915_dev *dev)
2075 {
2076 	int ret;
2077 
2078 	/* make sure fw is download state */
2079 	if (mt7915_firmware_state(dev, false)) {
2080 		/* restart firmware once */
2081 		__mt76_mcu_restart(&dev->mt76);
2082 		ret = mt7915_firmware_state(dev, false);
2083 		if (ret) {
2084 			dev_err(dev->mt76.dev,
2085 				"Firmware is not ready for download\n");
2086 			return ret;
2087 		}
2088 	}
2089 
2090 	ret = mt76_connac2_load_patch(&dev->mt76, fw_name_var(dev, ROM_PATCH));
2091 	if (ret)
2092 		return ret;
2093 
2094 	ret = mt76_connac2_load_ram(&dev->mt76, fw_name_var(dev, FIRMWARE_WM),
2095 				    fw_name(dev, FIRMWARE_WA));
2096 	if (ret)
2097 		return ret;
2098 
2099 	ret = mt7915_firmware_state(dev, true);
2100 	if (ret)
2101 		return ret;
2102 
2103 	mt76_queue_tx_cleanup(dev, dev->mt76.q_mcu[MT_MCUQ_FWDL], false);
2104 
2105 	dev_dbg(dev->mt76.dev, "Firmware init done\n");
2106 
2107 	return 0;
2108 }
2109 
2110 int mt7915_mcu_fw_log_2_host(struct mt7915_dev *dev, u8 type, u8 ctrl)
2111 {
2112 	struct {
2113 		u8 ctrl_val;
2114 		u8 pad[3];
2115 	} data = {
2116 		.ctrl_val = ctrl
2117 	};
2118 
2119 	if (type == MCU_FW_LOG_WA)
2120 		return mt76_mcu_send_msg(&dev->mt76, MCU_WA_EXT_CMD(FW_LOG_2_HOST),
2121 					 &data, sizeof(data), true);
2122 
2123 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(FW_LOG_2_HOST), &data,
2124 				 sizeof(data), true);
2125 }
2126 
2127 int mt7915_mcu_fw_dbg_ctrl(struct mt7915_dev *dev, u32 module, u8 level)
2128 {
2129 	struct {
2130 		u8 ver;
2131 		u8 pad;
2132 		__le16 len;
2133 		u8 level;
2134 		u8 rsv[3];
2135 		__le32 module_idx;
2136 	} data = {
2137 		.module_idx = cpu_to_le32(module),
2138 		.level = level,
2139 	};
2140 
2141 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(FW_DBG_CTRL), &data,
2142 				 sizeof(data), false);
2143 }
2144 
2145 int mt7915_mcu_muru_debug_set(struct mt7915_dev *dev, bool enabled)
2146 {
2147 	struct {
2148 		__le32 cmd;
2149 		u8 enable;
2150 	} data = {
2151 		.cmd = cpu_to_le32(MURU_SET_TXC_TX_STATS_EN),
2152 		.enable = enabled,
2153 	};
2154 
2155 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MURU_CTRL), &data,
2156 				sizeof(data), false);
2157 }
2158 
2159 int mt7915_mcu_muru_debug_get(struct mt7915_phy *phy, void *ms)
2160 {
2161 	struct mt7915_dev *dev = phy->dev;
2162 	struct sk_buff *skb;
2163 	struct mt7915_mcu_muru_stats *mu_stats =
2164 				(struct mt7915_mcu_muru_stats *)ms;
2165 	int ret;
2166 
2167 	struct {
2168 		__le32 cmd;
2169 		u8 band_idx;
2170 	} req = {
2171 		.cmd = cpu_to_le32(MURU_GET_TXC_TX_STATS),
2172 		.band_idx = phy->band_idx,
2173 	};
2174 
2175 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_CMD(MURU_CTRL),
2176 					&req, sizeof(req), true, &skb);
2177 	if (ret)
2178 		return ret;
2179 
2180 	memcpy(mu_stats, skb->data, sizeof(struct mt7915_mcu_muru_stats));
2181 	dev_kfree_skb(skb);
2182 
2183 	return 0;
2184 }
2185 
2186 static int mt7915_mcu_set_mwds(struct mt7915_dev *dev, bool enabled)
2187 {
2188 	struct {
2189 		u8 enable;
2190 		u8 _rsv[3];
2191 	} __packed req = {
2192 		.enable = enabled
2193 	};
2194 
2195 	return mt76_mcu_send_msg(&dev->mt76, MCU_WA_EXT_CMD(MWDS_SUPPORT), &req,
2196 				 sizeof(req), false);
2197 }
2198 
2199 int mt7915_mcu_set_muru_ctrl(struct mt7915_dev *dev, u32 cmd, u32 val)
2200 {
2201 	struct {
2202 		__le32 cmd;
2203 		u8 val[4];
2204 	} __packed req = {
2205 		.cmd = cpu_to_le32(cmd),
2206 	};
2207 
2208 	put_unaligned_le32(val, req.val);
2209 
2210 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MURU_CTRL), &req,
2211 				 sizeof(req), false);
2212 }
2213 
2214 static int
2215 mt7915_mcu_init_rx_airtime(struct mt7915_dev *dev)
2216 {
2217 #define RX_AIRTIME_FEATURE_CTRL		1
2218 #define RX_AIRTIME_BITWISE_CTRL		2
2219 #define RX_AIRTIME_CLEAR_EN	1
2220 	struct {
2221 		__le16 field;
2222 		__le16 sub_field;
2223 		__le32 set_status;
2224 		__le32 get_status;
2225 		u8 _rsv[12];
2226 
2227 		bool airtime_en;
2228 		bool mibtime_en;
2229 		bool earlyend_en;
2230 		u8 _rsv1[9];
2231 
2232 		bool airtime_clear;
2233 		bool mibtime_clear;
2234 		u8 _rsv2[98];
2235 	} __packed req = {
2236 		.field = cpu_to_le16(RX_AIRTIME_BITWISE_CTRL),
2237 		.sub_field = cpu_to_le16(RX_AIRTIME_CLEAR_EN),
2238 		.airtime_clear = true,
2239 	};
2240 	int ret;
2241 
2242 	ret = mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RX_AIRTIME_CTRL), &req,
2243 				sizeof(req), true);
2244 	if (ret)
2245 		return ret;
2246 
2247 	req.field = cpu_to_le16(RX_AIRTIME_FEATURE_CTRL);
2248 	req.sub_field = cpu_to_le16(RX_AIRTIME_CLEAR_EN);
2249 	req.airtime_en = true;
2250 
2251 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RX_AIRTIME_CTRL), &req,
2252 				 sizeof(req), true);
2253 }
2254 
2255 int mt7915_mcu_init(struct mt7915_dev *dev)
2256 {
2257 	static const struct mt76_mcu_ops mt7915_mcu_ops = {
2258 		.headroom = sizeof(struct mt76_connac2_mcu_txd),
2259 		.mcu_skb_send_msg = mt7915_mcu_send_message,
2260 		.mcu_parse_response = mt7915_mcu_parse_response,
2261 		.mcu_restart = mt76_connac_mcu_restart,
2262 	};
2263 	int ret;
2264 
2265 	dev->mt76.mcu_ops = &mt7915_mcu_ops;
2266 
2267 	/* force firmware operation mode into normal state,
2268 	 * which should be set before firmware download stage.
2269 	 */
2270 	mt76_wr(dev, MT_SWDEF_MODE, MT_SWDEF_NORMAL_MODE);
2271 
2272 	ret = mt7915_driver_own(dev, 0);
2273 	if (ret)
2274 		return ret;
2275 	/* set driver own for band1 when two hif exist */
2276 	if (dev->hif2) {
2277 		ret = mt7915_driver_own(dev, 1);
2278 		if (ret)
2279 			return ret;
2280 	}
2281 
2282 	ret = mt7915_load_firmware(dev);
2283 	if (ret)
2284 		return ret;
2285 
2286 	set_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state);
2287 	ret = mt7915_mcu_fw_log_2_host(dev, MCU_FW_LOG_WM, 0);
2288 	if (ret)
2289 		return ret;
2290 
2291 	ret = mt7915_mcu_fw_log_2_host(dev, MCU_FW_LOG_WA, 0);
2292 	if (ret)
2293 		return ret;
2294 
2295 	if (mtk_wed_device_active(&dev->mt76.mmio.wed))
2296 		mt7915_mcu_wa_cmd(dev, MCU_WA_PARAM_CMD(CAPABILITY), 0, 0, 0);
2297 
2298 	ret = mt7915_mcu_set_mwds(dev, 1);
2299 	if (ret)
2300 		return ret;
2301 
2302 	ret = mt7915_mcu_set_muru_ctrl(dev, MURU_SET_PLATFORM_TYPE,
2303 				       MURU_PLATFORM_TYPE_PERF_LEVEL_2);
2304 	if (ret)
2305 		return ret;
2306 
2307 	ret = mt7915_mcu_init_rx_airtime(dev);
2308 	if (ret)
2309 		return ret;
2310 
2311 	return mt7915_mcu_wa_cmd(dev, MCU_WA_PARAM_CMD(SET),
2312 				 MCU_WA_PARAM_RED, 0, 0);
2313 }
2314 
2315 void mt7915_mcu_exit(struct mt7915_dev *dev)
2316 {
2317 	__mt76_mcu_restart(&dev->mt76);
2318 	if (mt7915_firmware_state(dev, false)) {
2319 		dev_err(dev->mt76.dev, "Failed to exit mcu\n");
2320 		return;
2321 	}
2322 
2323 	mt76_wr(dev, MT_TOP_LPCR_HOST_BAND(0), MT_TOP_LPCR_HOST_FW_OWN);
2324 	if (dev->hif2)
2325 		mt76_wr(dev, MT_TOP_LPCR_HOST_BAND(1),
2326 			MT_TOP_LPCR_HOST_FW_OWN);
2327 	skb_queue_purge(&dev->mt76.mcu.res_q);
2328 }
2329 
2330 static int
2331 mt7915_mcu_set_rx_hdr_trans_blacklist(struct mt7915_dev *dev, int band)
2332 {
2333 	struct {
2334 		u8 operation;
2335 		u8 count;
2336 		u8 _rsv[2];
2337 		u8 index;
2338 		u8 enable;
2339 		__le16 etype;
2340 	} req = {
2341 		.operation = 1,
2342 		.count = 1,
2343 		.enable = 1,
2344 		.etype = cpu_to_le16(ETH_P_PAE),
2345 	};
2346 
2347 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RX_HDR_TRANS),
2348 				 &req, sizeof(req), false);
2349 }
2350 
2351 int mt7915_mcu_set_mac(struct mt7915_dev *dev, int band,
2352 		       bool enable, bool hdr_trans)
2353 {
2354 	struct {
2355 		u8 operation;
2356 		u8 enable;
2357 		u8 check_bssid;
2358 		u8 insert_vlan;
2359 		u8 remove_vlan;
2360 		u8 tid;
2361 		u8 mode;
2362 		u8 rsv;
2363 	} __packed req_trans = {
2364 		.enable = hdr_trans,
2365 	};
2366 	struct {
2367 		u8 enable;
2368 		u8 band;
2369 		u8 rsv[2];
2370 	} __packed req_mac = {
2371 		.enable = enable,
2372 		.band = band,
2373 	};
2374 	int ret;
2375 
2376 	ret = mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RX_HDR_TRANS),
2377 				&req_trans, sizeof(req_trans), false);
2378 	if (ret)
2379 		return ret;
2380 
2381 	if (hdr_trans)
2382 		mt7915_mcu_set_rx_hdr_trans_blacklist(dev, band);
2383 
2384 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MAC_INIT_CTRL),
2385 				 &req_mac, sizeof(req_mac), true);
2386 }
2387 
2388 int mt7915_mcu_update_edca(struct mt7915_dev *dev, void *param)
2389 {
2390 	struct mt7915_mcu_tx *req = (struct mt7915_mcu_tx *)param;
2391 	u8 num = req->total;
2392 	size_t len = sizeof(*req) -
2393 		     (IEEE80211_NUM_ACS - num) * sizeof(struct edca);
2394 
2395 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(EDCA_UPDATE), req,
2396 				 len, true);
2397 }
2398 
2399 int mt7915_mcu_set_tx(struct mt7915_dev *dev, struct ieee80211_vif *vif)
2400 {
2401 #define TX_CMD_MODE		1
2402 	struct mt7915_mcu_tx req = {
2403 		.valid = true,
2404 		.mode = TX_CMD_MODE,
2405 		.total = IEEE80211_NUM_ACS,
2406 	};
2407 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2408 	int ac;
2409 
2410 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
2411 		struct ieee80211_tx_queue_params *q = &mvif->queue_params[ac];
2412 		struct edca *e = &req.edca[ac];
2413 
2414 		e->set = WMM_PARAM_SET;
2415 		e->queue = ac + mvif->mt76.wmm_idx * MT76_CONNAC_MAX_WMM_SETS;
2416 		e->aifs = q->aifs;
2417 		e->txop = cpu_to_le16(q->txop);
2418 
2419 		if (q->cw_min)
2420 			e->cw_min = fls(q->cw_min);
2421 		else
2422 			e->cw_min = 5;
2423 
2424 		if (q->cw_max)
2425 			e->cw_max = cpu_to_le16(fls(q->cw_max));
2426 		else
2427 			e->cw_max = cpu_to_le16(10);
2428 	}
2429 
2430 	return mt7915_mcu_update_edca(dev, &req);
2431 }
2432 
2433 int mt7915_mcu_set_fcc5_lpn(struct mt7915_dev *dev, int val)
2434 {
2435 	struct {
2436 		__le32 tag;
2437 		__le16 min_lpn;
2438 		u8 rsv[2];
2439 	} __packed req = {
2440 		.tag = cpu_to_le32(0x1),
2441 		.min_lpn = cpu_to_le16(val),
2442 	};
2443 
2444 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_RDD_TH), &req,
2445 				 sizeof(req), true);
2446 }
2447 
2448 int mt7915_mcu_set_pulse_th(struct mt7915_dev *dev,
2449 			    const struct mt7915_dfs_pulse *pulse)
2450 {
2451 	struct {
2452 		__le32 tag;
2453 
2454 		__le32 max_width;		/* us */
2455 		__le32 max_pwr;			/* dbm */
2456 		__le32 min_pwr;			/* dbm */
2457 		__le32 min_stgr_pri;		/* us */
2458 		__le32 max_stgr_pri;		/* us */
2459 		__le32 min_cr_pri;		/* us */
2460 		__le32 max_cr_pri;		/* us */
2461 	} __packed req = {
2462 		.tag = cpu_to_le32(0x3),
2463 
2464 #define __req_field(field) .field = cpu_to_le32(pulse->field)
2465 		__req_field(max_width),
2466 		__req_field(max_pwr),
2467 		__req_field(min_pwr),
2468 		__req_field(min_stgr_pri),
2469 		__req_field(max_stgr_pri),
2470 		__req_field(min_cr_pri),
2471 		__req_field(max_cr_pri),
2472 #undef __req_field
2473 	};
2474 
2475 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_RDD_TH), &req,
2476 				 sizeof(req), true);
2477 }
2478 
2479 int mt7915_mcu_set_radar_th(struct mt7915_dev *dev, int index,
2480 			    const struct mt7915_dfs_pattern *pattern)
2481 {
2482 	struct {
2483 		__le32 tag;
2484 		__le16 radar_type;
2485 
2486 		u8 enb;
2487 		u8 stgr;
2488 		u8 min_crpn;
2489 		u8 max_crpn;
2490 		u8 min_crpr;
2491 		u8 min_pw;
2492 		__le32 min_pri;
2493 		__le32 max_pri;
2494 		u8 max_pw;
2495 		u8 min_crbn;
2496 		u8 max_crbn;
2497 		u8 min_stgpn;
2498 		u8 max_stgpn;
2499 		u8 min_stgpr;
2500 		u8 rsv[2];
2501 		__le32 min_stgpr_diff;
2502 	} __packed req = {
2503 		.tag = cpu_to_le32(0x2),
2504 		.radar_type = cpu_to_le16(index),
2505 
2506 #define __req_field_u8(field) .field = pattern->field
2507 #define __req_field_u32(field) .field = cpu_to_le32(pattern->field)
2508 		__req_field_u8(enb),
2509 		__req_field_u8(stgr),
2510 		__req_field_u8(min_crpn),
2511 		__req_field_u8(max_crpn),
2512 		__req_field_u8(min_crpr),
2513 		__req_field_u8(min_pw),
2514 		__req_field_u32(min_pri),
2515 		__req_field_u32(max_pri),
2516 		__req_field_u8(max_pw),
2517 		__req_field_u8(min_crbn),
2518 		__req_field_u8(max_crbn),
2519 		__req_field_u8(min_stgpn),
2520 		__req_field_u8(max_stgpn),
2521 		__req_field_u8(min_stgpr),
2522 		__req_field_u32(min_stgpr_diff),
2523 #undef __req_field_u8
2524 #undef __req_field_u32
2525 	};
2526 
2527 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_RDD_TH), &req,
2528 				 sizeof(req), true);
2529 }
2530 
2531 static int
2532 mt7915_mcu_background_chain_ctrl(struct mt7915_phy *phy,
2533 				 struct cfg80211_chan_def *chandef,
2534 				 int cmd)
2535 {
2536 	struct mt7915_dev *dev = phy->dev;
2537 	struct mt76_phy *mphy = phy->mt76;
2538 	struct ieee80211_channel *chan = mphy->chandef.chan;
2539 	int freq = mphy->chandef.center_freq1;
2540 	struct mt7915_mcu_background_chain_ctrl req = {
2541 		.monitor_scan_type = 2, /* simple rx */
2542 	};
2543 
2544 	if (!chandef && cmd != CH_SWITCH_BACKGROUND_SCAN_STOP)
2545 		return -EINVAL;
2546 
2547 	if (!cfg80211_chandef_valid(&mphy->chandef))
2548 		return -EINVAL;
2549 
2550 	switch (cmd) {
2551 	case CH_SWITCH_BACKGROUND_SCAN_START: {
2552 		req.chan = chan->hw_value;
2553 		req.central_chan = ieee80211_frequency_to_channel(freq);
2554 		req.bw = mt76_connac_chan_bw(&mphy->chandef);
2555 		req.monitor_chan = chandef->chan->hw_value;
2556 		req.monitor_central_chan =
2557 			ieee80211_frequency_to_channel(chandef->center_freq1);
2558 		req.monitor_bw = mt76_connac_chan_bw(chandef);
2559 		req.band_idx = phy != &dev->phy;
2560 		req.scan_mode = 1;
2561 		break;
2562 	}
2563 	case CH_SWITCH_BACKGROUND_SCAN_RUNNING:
2564 		req.monitor_chan = chandef->chan->hw_value;
2565 		req.monitor_central_chan =
2566 			ieee80211_frequency_to_channel(chandef->center_freq1);
2567 		req.band_idx = phy != &dev->phy;
2568 		req.scan_mode = 2;
2569 		break;
2570 	case CH_SWITCH_BACKGROUND_SCAN_STOP:
2571 		req.chan = chan->hw_value;
2572 		req.central_chan = ieee80211_frequency_to_channel(freq);
2573 		req.bw = mt76_connac_chan_bw(&mphy->chandef);
2574 		req.tx_stream = hweight8(mphy->antenna_mask);
2575 		req.rx_stream = mphy->antenna_mask;
2576 		break;
2577 	default:
2578 		return -EINVAL;
2579 	}
2580 	req.band = chandef ? chandef->chan->band == NL80211_BAND_5GHZ : 1;
2581 
2582 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(OFFCH_SCAN_CTRL),
2583 				 &req, sizeof(req), false);
2584 }
2585 
2586 int mt7915_mcu_rdd_background_enable(struct mt7915_phy *phy,
2587 				     struct cfg80211_chan_def *chandef)
2588 {
2589 	struct mt7915_dev *dev = phy->dev;
2590 	int err, region;
2591 
2592 	if (!chandef) { /* disable offchain */
2593 		err = mt76_connac_mcu_rdd_cmd(&dev->mt76, RDD_STOP, MT_RX_SEL2,
2594 					      0, 0);
2595 		if (err)
2596 			return err;
2597 
2598 		return mt7915_mcu_background_chain_ctrl(phy, NULL,
2599 				CH_SWITCH_BACKGROUND_SCAN_STOP);
2600 	}
2601 
2602 	err = mt7915_mcu_background_chain_ctrl(phy, chandef,
2603 					       CH_SWITCH_BACKGROUND_SCAN_START);
2604 	if (err)
2605 		return err;
2606 
2607 	switch (dev->mt76.region) {
2608 	case NL80211_DFS_ETSI:
2609 		region = 0;
2610 		break;
2611 	case NL80211_DFS_JP:
2612 		region = 2;
2613 		break;
2614 	case NL80211_DFS_FCC:
2615 	default:
2616 		region = 1;
2617 		break;
2618 	}
2619 
2620 	return mt76_connac_mcu_rdd_cmd(&dev->mt76, RDD_START, MT_RX_SEL2,
2621 				       0, region);
2622 }
2623 
2624 int mt7915_mcu_set_chan_info(struct mt7915_phy *phy, int cmd)
2625 {
2626 	static const u8 ch_band[] = {
2627 		[NL80211_BAND_2GHZ] = 0,
2628 		[NL80211_BAND_5GHZ] = 1,
2629 		[NL80211_BAND_6GHZ] = 2,
2630 	};
2631 	struct mt7915_dev *dev = phy->dev;
2632 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
2633 	int freq1 = chandef->center_freq1;
2634 	struct {
2635 		u8 control_ch;
2636 		u8 center_ch;
2637 		u8 bw;
2638 		u8 tx_streams_num;
2639 		u8 rx_streams;	/* mask or num */
2640 		u8 switch_reason;
2641 		u8 band_idx;
2642 		u8 center_ch2;	/* for 80+80 only */
2643 		__le16 cac_case;
2644 		u8 channel_band;
2645 		u8 rsv0;
2646 		__le32 outband_freq;
2647 		u8 txpower_drop;
2648 		u8 ap_bw;
2649 		u8 ap_center_ch;
2650 		u8 rsv1[57];
2651 	} __packed req = {
2652 		.control_ch = chandef->chan->hw_value,
2653 		.center_ch = ieee80211_frequency_to_channel(freq1),
2654 		.bw = mt76_connac_chan_bw(chandef),
2655 		.tx_streams_num = hweight8(phy->mt76->antenna_mask),
2656 		.rx_streams = phy->mt76->antenna_mask,
2657 		.band_idx = phy->band_idx,
2658 		.channel_band = ch_band[chandef->chan->band],
2659 	};
2660 
2661 #ifdef CONFIG_NL80211_TESTMODE
2662 	if (phy->mt76->test.tx_antenna_mask &&
2663 	    (phy->mt76->test.state == MT76_TM_STATE_TX_FRAMES ||
2664 	     phy->mt76->test.state == MT76_TM_STATE_RX_FRAMES ||
2665 	     phy->mt76->test.state == MT76_TM_STATE_TX_CONT)) {
2666 		req.tx_streams_num = fls(phy->mt76->test.tx_antenna_mask);
2667 		req.rx_streams = phy->mt76->test.tx_antenna_mask;
2668 
2669 		if (phy != &dev->phy)
2670 			req.rx_streams >>= dev->chainshift;
2671 	}
2672 #endif
2673 
2674 	if (cmd == MCU_EXT_CMD(SET_RX_PATH) ||
2675 	    dev->mt76.hw->conf.flags & IEEE80211_CONF_MONITOR)
2676 		req.switch_reason = CH_SWITCH_NORMAL;
2677 	else if (phy->mt76->hw->conf.flags & IEEE80211_CONF_OFFCHANNEL)
2678 		req.switch_reason = CH_SWITCH_SCAN_BYPASS_DPD;
2679 	else if (!cfg80211_reg_can_beacon(phy->mt76->hw->wiphy, chandef,
2680 					  NL80211_IFTYPE_AP))
2681 		req.switch_reason = CH_SWITCH_DFS;
2682 	else
2683 		req.switch_reason = CH_SWITCH_NORMAL;
2684 
2685 	if (cmd == MCU_EXT_CMD(CHANNEL_SWITCH))
2686 		req.rx_streams = hweight8(req.rx_streams);
2687 
2688 	if (chandef->width == NL80211_CHAN_WIDTH_80P80) {
2689 		int freq2 = chandef->center_freq2;
2690 
2691 		req.center_ch2 = ieee80211_frequency_to_channel(freq2);
2692 	}
2693 
2694 	return mt76_mcu_send_msg(&dev->mt76, cmd, &req, sizeof(req), true);
2695 }
2696 
2697 static int mt7915_mcu_set_eeprom_flash(struct mt7915_dev *dev)
2698 {
2699 #define MAX_PAGE_IDX_MASK	GENMASK(7, 5)
2700 #define PAGE_IDX_MASK		GENMASK(4, 2)
2701 #define PER_PAGE_SIZE		0x400
2702 	struct mt7915_mcu_eeprom req = { .buffer_mode = EE_MODE_BUFFER };
2703 	u16 eeprom_size = mt7915_eeprom_size(dev);
2704 	u8 total = DIV_ROUND_UP(eeprom_size, PER_PAGE_SIZE);
2705 	u8 *eep = (u8 *)dev->mt76.eeprom.data;
2706 	int eep_len;
2707 	int i;
2708 
2709 	for (i = 0; i < total; i++, eep += eep_len) {
2710 		struct sk_buff *skb;
2711 		int ret;
2712 
2713 		if (i == total - 1 && !!(eeprom_size % PER_PAGE_SIZE))
2714 			eep_len = eeprom_size % PER_PAGE_SIZE;
2715 		else
2716 			eep_len = PER_PAGE_SIZE;
2717 
2718 		skb = mt76_mcu_msg_alloc(&dev->mt76, NULL,
2719 					 sizeof(req) + eep_len);
2720 		if (!skb)
2721 			return -ENOMEM;
2722 
2723 		req.format = FIELD_PREP(MAX_PAGE_IDX_MASK, total - 1) |
2724 			     FIELD_PREP(PAGE_IDX_MASK, i) | EE_FORMAT_WHOLE;
2725 		req.len = cpu_to_le16(eep_len);
2726 
2727 		skb_put_data(skb, &req, sizeof(req));
2728 		skb_put_data(skb, eep, eep_len);
2729 
2730 		ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
2731 					    MCU_EXT_CMD(EFUSE_BUFFER_MODE), true);
2732 		if (ret)
2733 			return ret;
2734 	}
2735 
2736 	return 0;
2737 }
2738 
2739 int mt7915_mcu_set_eeprom(struct mt7915_dev *dev)
2740 {
2741 	struct mt7915_mcu_eeprom req = {
2742 		.buffer_mode = EE_MODE_EFUSE,
2743 		.format = EE_FORMAT_WHOLE,
2744 	};
2745 
2746 	if (dev->flash_mode)
2747 		return mt7915_mcu_set_eeprom_flash(dev);
2748 
2749 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(EFUSE_BUFFER_MODE),
2750 				 &req, sizeof(req), true);
2751 }
2752 
2753 int mt7915_mcu_get_eeprom(struct mt7915_dev *dev, u32 offset)
2754 {
2755 	struct mt7915_mcu_eeprom_info req = {
2756 		.addr = cpu_to_le32(round_down(offset,
2757 				    MT7915_EEPROM_BLOCK_SIZE)),
2758 	};
2759 	struct mt7915_mcu_eeprom_info *res;
2760 	struct sk_buff *skb;
2761 	int ret;
2762 	u8 *buf;
2763 
2764 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_QUERY(EFUSE_ACCESS), &req,
2765 				sizeof(req), true, &skb);
2766 	if (ret)
2767 		return ret;
2768 
2769 	res = (struct mt7915_mcu_eeprom_info *)skb->data;
2770 #if defined(__linux__)
2771 	buf = dev->mt76.eeprom.data + le32_to_cpu(res->addr);
2772 #elif defined(__FreeBSD__)
2773 	buf = (u8 *)dev->mt76.eeprom.data + le32_to_cpu(res->addr);
2774 #endif
2775 	memcpy(buf, res->data, MT7915_EEPROM_BLOCK_SIZE);
2776 	dev_kfree_skb(skb);
2777 
2778 	return 0;
2779 }
2780 
2781 int mt7915_mcu_get_eeprom_free_block(struct mt7915_dev *dev, u8 *block_num)
2782 {
2783 	struct {
2784 		u8 _rsv;
2785 		u8 version;
2786 		u8 die_idx;
2787 		u8 _rsv2;
2788 	} __packed req = {
2789 		.version = 1,
2790 	};
2791 	struct sk_buff *skb;
2792 	int ret;
2793 
2794 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_QUERY(EFUSE_FREE_BLOCK), &req,
2795 					sizeof(req), true, &skb);
2796 	if (ret)
2797 		return ret;
2798 
2799 	*block_num = *(u8 *)skb->data;
2800 	dev_kfree_skb(skb);
2801 
2802 	return 0;
2803 }
2804 
2805 static int mt7915_mcu_set_pre_cal(struct mt7915_dev *dev, u8 idx,
2806 				  u8 *data, u32 len, int cmd)
2807 {
2808 	struct {
2809 		u8 dir;
2810 		u8 valid;
2811 		__le16 bitmap;
2812 		s8 precal;
2813 		u8 action;
2814 		u8 band;
2815 		u8 idx;
2816 		u8 rsv[4];
2817 		__le32 len;
2818 	} req = {};
2819 	struct sk_buff *skb;
2820 
2821 	skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, sizeof(req) + len);
2822 	if (!skb)
2823 		return -ENOMEM;
2824 
2825 	req.idx = idx;
2826 	req.len = cpu_to_le32(len);
2827 	skb_put_data(skb, &req, sizeof(req));
2828 	skb_put_data(skb, data, len);
2829 
2830 	return mt76_mcu_skb_send_msg(&dev->mt76, skb, cmd, false);
2831 }
2832 
2833 int mt7915_mcu_apply_group_cal(struct mt7915_dev *dev)
2834 {
2835 	u8 idx = 0, *cal = dev->cal, *eep = dev->mt76.eeprom.data;
2836 	u32 total = MT_EE_CAL_GROUP_SIZE;
2837 
2838 	if (!(eep[MT_EE_DO_PRE_CAL] & MT_EE_WIFI_CAL_GROUP))
2839 		return 0;
2840 
2841 	/*
2842 	 * Items: Rx DCOC, RSSI DCOC, Tx TSSI DCOC, Tx LPFG
2843 	 * Tx FDIQ, Tx DCIQ, Rx FDIQ, Rx FIIQ, ADCDCOC
2844 	 */
2845 	while (total > 0) {
2846 		int ret, len;
2847 
2848 		len = min_t(u32, total, MT_EE_CAL_UNIT);
2849 
2850 		ret = mt7915_mcu_set_pre_cal(dev, idx, cal, len,
2851 					     MCU_EXT_CMD(GROUP_PRE_CAL_INFO));
2852 		if (ret)
2853 			return ret;
2854 
2855 		total -= len;
2856 		cal += len;
2857 		idx++;
2858 	}
2859 
2860 	return 0;
2861 }
2862 
2863 static int mt7915_find_freq_idx(const u16 *freqs, int n_freqs, u16 cur)
2864 {
2865 	int i;
2866 
2867 	for (i = 0; i < n_freqs; i++)
2868 		if (cur == freqs[i])
2869 			return i;
2870 
2871 	return -1;
2872 }
2873 
2874 static int mt7915_dpd_freq_idx(u16 freq, u8 bw)
2875 {
2876 	static const u16 freq_list[] = {
2877 		5180, 5200, 5220, 5240,
2878 		5260, 5280, 5300, 5320,
2879 		5500, 5520, 5540, 5560,
2880 		5580, 5600, 5620, 5640,
2881 		5660, 5680, 5700, 5745,
2882 		5765, 5785, 5805, 5825
2883 	};
2884 	int offset_2g = ARRAY_SIZE(freq_list);
2885 	int idx;
2886 
2887 	if (freq < 4000) {
2888 		if (freq < 2432)
2889 			return offset_2g;
2890 		if (freq < 2457)
2891 			return offset_2g + 1;
2892 
2893 		return offset_2g + 2;
2894 	}
2895 
2896 	if (bw == NL80211_CHAN_WIDTH_80P80 || bw == NL80211_CHAN_WIDTH_160)
2897 		return -1;
2898 
2899 	if (bw != NL80211_CHAN_WIDTH_20) {
2900 		idx = mt7915_find_freq_idx(freq_list, ARRAY_SIZE(freq_list),
2901 					   freq + 10);
2902 		if (idx >= 0)
2903 			return idx;
2904 
2905 		idx = mt7915_find_freq_idx(freq_list, ARRAY_SIZE(freq_list),
2906 					   freq - 10);
2907 		if (idx >= 0)
2908 			return idx;
2909 	}
2910 
2911 	return mt7915_find_freq_idx(freq_list, ARRAY_SIZE(freq_list), freq);
2912 }
2913 
2914 int mt7915_mcu_apply_tx_dpd(struct mt7915_phy *phy)
2915 {
2916 	struct mt7915_dev *dev = phy->dev;
2917 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
2918 	u16 total = 2, center_freq = chandef->center_freq1;
2919 	u8 *cal = dev->cal, *eep = dev->mt76.eeprom.data;
2920 	int idx;
2921 
2922 	if (!(eep[MT_EE_DO_PRE_CAL] & MT_EE_WIFI_CAL_DPD))
2923 		return 0;
2924 
2925 	idx = mt7915_dpd_freq_idx(center_freq, chandef->width);
2926 	if (idx < 0)
2927 		return -EINVAL;
2928 
2929 	/* Items: Tx DPD, Tx Flatness */
2930 	idx = idx * 2;
2931 	cal += MT_EE_CAL_GROUP_SIZE;
2932 
2933 	while (total--) {
2934 		int ret;
2935 
2936 		cal += (idx * MT_EE_CAL_UNIT);
2937 		ret = mt7915_mcu_set_pre_cal(dev, idx, cal, MT_EE_CAL_UNIT,
2938 					     MCU_EXT_CMD(DPD_PRE_CAL_INFO));
2939 		if (ret)
2940 			return ret;
2941 
2942 		idx++;
2943 	}
2944 
2945 	return 0;
2946 }
2947 
2948 int mt7915_mcu_get_chan_mib_info(struct mt7915_phy *phy, bool chan_switch)
2949 {
2950 	/* strict order */
2951 	static const u32 offs[] = {
2952 		MIB_BUSY_TIME, MIB_TX_TIME, MIB_RX_TIME, MIB_OBSS_AIRTIME,
2953 		MIB_BUSY_TIME_V2, MIB_TX_TIME_V2, MIB_RX_TIME_V2,
2954 		MIB_OBSS_AIRTIME_V2
2955 	};
2956 	struct mt76_channel_state *state = phy->mt76->chan_state;
2957 	struct mt76_channel_state *state_ts = &phy->state_ts;
2958 	struct mt7915_dev *dev = phy->dev;
2959 	struct mt7915_mcu_mib *res, req[4];
2960 	struct sk_buff *skb;
2961 	int i, ret, start = 0, ofs = 20;
2962 
2963 	if (!is_mt7915(&dev->mt76)) {
2964 		start = 4;
2965 		ofs = 0;
2966 	}
2967 
2968 	for (i = 0; i < 4; i++) {
2969 		req[i].band = cpu_to_le32(phy != &dev->phy);
2970 		req[i].offs = cpu_to_le32(offs[i + start]);
2971 	}
2972 
2973 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_CMD(GET_MIB_INFO),
2974 					req, sizeof(req), true, &skb);
2975 	if (ret)
2976 		return ret;
2977 
2978 	res = (struct mt7915_mcu_mib *)(skb->data + ofs);
2979 
2980 	if (chan_switch)
2981 		goto out;
2982 
2983 #define __res_u64(s) le64_to_cpu(res[s].data)
2984 	state->cc_busy += __res_u64(0) - state_ts->cc_busy;
2985 	state->cc_tx += __res_u64(1) - state_ts->cc_tx;
2986 	state->cc_bss_rx += __res_u64(2) - state_ts->cc_bss_rx;
2987 	state->cc_rx += __res_u64(2) + __res_u64(3) - state_ts->cc_rx;
2988 
2989 out:
2990 	state_ts->cc_busy = __res_u64(0);
2991 	state_ts->cc_tx = __res_u64(1);
2992 	state_ts->cc_bss_rx = __res_u64(2);
2993 	state_ts->cc_rx = __res_u64(2) + __res_u64(3);
2994 #undef __res_u64
2995 
2996 	dev_kfree_skb(skb);
2997 
2998 	return 0;
2999 }
3000 
3001 int mt7915_mcu_get_temperature(struct mt7915_phy *phy)
3002 {
3003 	struct mt7915_dev *dev = phy->dev;
3004 	struct {
3005 		u8 ctrl_id;
3006 		u8 action;
3007 		u8 dbdc_idx;
3008 		u8 rsv[5];
3009 	} req = {
3010 		.ctrl_id = THERMAL_SENSOR_TEMP_QUERY,
3011 		.dbdc_idx = phy != &dev->phy,
3012 	};
3013 
3014 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(THERMAL_CTRL), &req,
3015 				 sizeof(req), true);
3016 }
3017 
3018 int mt7915_mcu_set_thermal_throttling(struct mt7915_phy *phy, u8 state)
3019 {
3020 	struct mt7915_dev *dev = phy->dev;
3021 	struct {
3022 		struct mt7915_mcu_thermal_ctrl ctrl;
3023 
3024 		__le32 trigger_temp;
3025 		__le32 restore_temp;
3026 		__le16 sustain_time;
3027 		u8 rsv[2];
3028 	} __packed req = {
3029 		.ctrl = {
3030 			.band_idx = phy->band_idx,
3031 		},
3032 	};
3033 	int level;
3034 
3035 	if (!state) {
3036 		req.ctrl.ctrl_id = THERMAL_PROTECT_DISABLE;
3037 		goto out;
3038 	}
3039 
3040 	/* set duty cycle and level */
3041 	for (level = 0; level < 4; level++) {
3042 		int ret;
3043 
3044 		req.ctrl.ctrl_id = THERMAL_PROTECT_DUTY_CONFIG;
3045 		req.ctrl.duty.duty_level = level;
3046 		req.ctrl.duty.duty_cycle = state;
3047 		state /= 2;
3048 
3049 		ret = mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(THERMAL_PROT),
3050 					&req, sizeof(req.ctrl), false);
3051 		if (ret)
3052 			return ret;
3053 	}
3054 
3055 	/* set high-temperature trigger threshold */
3056 	req.ctrl.ctrl_id = THERMAL_PROTECT_ENABLE;
3057 	/* add a safety margin ~10 */
3058 	req.restore_temp = cpu_to_le32(phy->throttle_temp[0] - 10);
3059 	req.trigger_temp = cpu_to_le32(phy->throttle_temp[1]);
3060 	req.sustain_time = cpu_to_le16(10);
3061 
3062 out:
3063 	req.ctrl.type.protect_type = 1;
3064 	req.ctrl.type.trigger_type = 1;
3065 
3066 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(THERMAL_PROT),
3067 				 &req, sizeof(req), false);
3068 }
3069 
3070 int mt7915_mcu_set_txpower_sku(struct mt7915_phy *phy)
3071 {
3072 	struct mt7915_dev *dev = phy->dev;
3073 	struct mt76_phy *mphy = phy->mt76;
3074 	struct ieee80211_hw *hw = mphy->hw;
3075 	struct mt7915_sku_val {
3076 		u8 format_id;
3077 		u8 limit_type;
3078 		u8 dbdc_idx;
3079 		s8 val[MT7915_SKU_RATE_NUM];
3080 	} __packed req = {
3081 		.format_id = 4,
3082 		.dbdc_idx = phy != &dev->phy,
3083 	};
3084 	struct mt76_power_limits limits_array;
3085 	s8 *la = (s8 *)&limits_array;
3086 	int i, idx, n_chains = hweight8(mphy->antenna_mask);
3087 	int tx_power = hw->conf.power_level * 2;
3088 
3089 	tx_power = mt76_get_sar_power(mphy, mphy->chandef.chan,
3090 				      tx_power);
3091 	tx_power -= mt76_tx_power_nss_delta(n_chains);
3092 	tx_power = mt76_get_rate_power_limits(mphy, mphy->chandef.chan,
3093 					      &limits_array, tx_power);
3094 	mphy->txpower_cur = tx_power;
3095 
3096 	for (i = 0, idx = 0; i < ARRAY_SIZE(mt7915_sku_group_len); i++) {
3097 		u8 mcs_num, len = mt7915_sku_group_len[i];
3098 		int j;
3099 
3100 		if (i >= SKU_HT_BW20 && i <= SKU_VHT_BW160) {
3101 			mcs_num = 10;
3102 
3103 			if (i == SKU_HT_BW20 || i == SKU_VHT_BW20)
3104 				la = (s8 *)&limits_array + 12;
3105 		} else {
3106 			mcs_num = len;
3107 		}
3108 
3109 		for (j = 0; j < min_t(u8, mcs_num, len); j++)
3110 			req.val[idx + j] = la[j];
3111 
3112 		la += mcs_num;
3113 		idx += len;
3114 	}
3115 
3116 	return mt76_mcu_send_msg(&dev->mt76,
3117 				 MCU_EXT_CMD(TX_POWER_FEATURE_CTRL), &req,
3118 				 sizeof(req), true);
3119 }
3120 
3121 int mt7915_mcu_get_txpower_sku(struct mt7915_phy *phy, s8 *txpower, int len)
3122 {
3123 #define RATE_POWER_INFO	2
3124 	struct mt7915_dev *dev = phy->dev;
3125 	struct {
3126 		u8 format_id;
3127 		u8 category;
3128 		u8 band;
3129 		u8 _rsv;
3130 	} __packed req = {
3131 		.format_id = 7,
3132 		.category = RATE_POWER_INFO,
3133 		.band = phy != &dev->phy,
3134 	};
3135 	s8 res[MT7915_SKU_RATE_NUM][2];
3136 	struct sk_buff *skb;
3137 	int ret, i;
3138 
3139 	ret = mt76_mcu_send_and_get_msg(&dev->mt76,
3140 					MCU_EXT_CMD(TX_POWER_FEATURE_CTRL),
3141 					&req, sizeof(req), true, &skb);
3142 	if (ret)
3143 		return ret;
3144 
3145 	memcpy(res, skb->data + 4, sizeof(res));
3146 	for (i = 0; i < len; i++)
3147 		txpower[i] = res[i][req.band];
3148 
3149 	dev_kfree_skb(skb);
3150 
3151 	return 0;
3152 }
3153 
3154 int mt7915_mcu_set_test_param(struct mt7915_dev *dev, u8 param, bool test_mode,
3155 			      u8 en)
3156 {
3157 	struct {
3158 		u8 test_mode_en;
3159 		u8 param_idx;
3160 		u8 _rsv[2];
3161 
3162 		u8 enable;
3163 		u8 _rsv2[3];
3164 
3165 		u8 pad[8];
3166 	} __packed req = {
3167 		.test_mode_en = test_mode,
3168 		.param_idx = param,
3169 		.enable = en,
3170 	};
3171 
3172 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(ATE_CTRL), &req,
3173 				 sizeof(req), false);
3174 }
3175 
3176 int mt7915_mcu_set_sku_en(struct mt7915_phy *phy, bool enable)
3177 {
3178 	struct mt7915_dev *dev = phy->dev;
3179 	struct mt7915_sku {
3180 		u8 format_id;
3181 		u8 sku_enable;
3182 		u8 dbdc_idx;
3183 		u8 rsv;
3184 	} __packed req = {
3185 		.format_id = 0,
3186 		.dbdc_idx = phy != &dev->phy,
3187 		.sku_enable = enable,
3188 	};
3189 
3190 	return mt76_mcu_send_msg(&dev->mt76,
3191 				 MCU_EXT_CMD(TX_POWER_FEATURE_CTRL), &req,
3192 				 sizeof(req), true);
3193 }
3194 
3195 int mt7915_mcu_set_ser(struct mt7915_dev *dev, u8 action, u8 set, u8 band)
3196 {
3197 	struct {
3198 		u8 action;
3199 		u8 set;
3200 		u8 band;
3201 		u8 rsv;
3202 	} req = {
3203 		.action = action,
3204 		.set = set,
3205 		.band = band,
3206 	};
3207 
3208 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_SER_TRIGGER),
3209 				 &req, sizeof(req), false);
3210 }
3211 
3212 int mt7915_mcu_set_txbf(struct mt7915_dev *dev, u8 action)
3213 {
3214 	struct {
3215 		u8 action;
3216 		union {
3217 			struct {
3218 				u8 snd_mode;
3219 				u8 sta_num;
3220 				u8 rsv;
3221 				u8 wlan_idx[4];
3222 				__le32 snd_period;	/* ms */
3223 			} __packed snd;
3224 			struct {
3225 				bool ebf;
3226 				bool ibf;
3227 				u8 rsv;
3228 			} __packed type;
3229 			struct {
3230 				u8 bf_num;
3231 				u8 bf_bitmap;
3232 				u8 bf_sel[8];
3233 				u8 rsv[5];
3234 			} __packed mod;
3235 		};
3236 	} __packed req = {
3237 		.action = action,
3238 	};
3239 
3240 #define MT_BF_PROCESSING	4
3241 	switch (action) {
3242 	case MT_BF_SOUNDING_ON:
3243 		req.snd.snd_mode = MT_BF_PROCESSING;
3244 		break;
3245 	case MT_BF_TYPE_UPDATE:
3246 		req.type.ebf = true;
3247 		req.type.ibf = dev->ibf;
3248 		break;
3249 	case MT_BF_MODULE_UPDATE:
3250 		req.mod.bf_num = 2;
3251 		req.mod.bf_bitmap = GENMASK(1, 0);
3252 		break;
3253 	default:
3254 		return -EINVAL;
3255 	}
3256 
3257 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(TXBF_ACTION), &req,
3258 				 sizeof(req), true);
3259 }
3260 
3261 int mt7915_mcu_add_obss_spr(struct mt7915_dev *dev, struct ieee80211_vif *vif,
3262 			    bool enable)
3263 {
3264 #define MT_SPR_ENABLE		1
3265 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
3266 	struct {
3267 		u8 action;
3268 		u8 arg_num;
3269 		u8 band_idx;
3270 		u8 status;
3271 		u8 drop_tx_idx;
3272 		u8 sta_idx;	/* 256 sta */
3273 		u8 rsv[2];
3274 		__le32 val;
3275 	} __packed req = {
3276 		.action = MT_SPR_ENABLE,
3277 		.arg_num = 1,
3278 		.band_idx = mvif->mt76.band_idx,
3279 		.val = cpu_to_le32(enable),
3280 	};
3281 
3282 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_SPR), &req,
3283 				 sizeof(req), true);
3284 }
3285 
3286 int mt7915_mcu_get_rx_rate(struct mt7915_phy *phy, struct ieee80211_vif *vif,
3287 			   struct ieee80211_sta *sta, struct rate_info *rate)
3288 {
3289 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
3290 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
3291 	struct mt7915_dev *dev = phy->dev;
3292 	struct mt76_phy *mphy = phy->mt76;
3293 	struct {
3294 		u8 category;
3295 		u8 band;
3296 		__le16 wcid;
3297 	} __packed req = {
3298 		.category = MCU_PHY_STATE_CONTENTION_RX_RATE,
3299 		.band = mvif->mt76.band_idx,
3300 		.wcid = cpu_to_le16(msta->wcid.idx),
3301 	};
3302 	struct ieee80211_supported_band *sband;
3303 	struct mt7915_mcu_phy_rx_info *res;
3304 	struct sk_buff *skb;
3305 	int ret;
3306 	bool cck = false;
3307 
3308 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_CMD(PHY_STAT_INFO),
3309 					&req, sizeof(req), true, &skb);
3310 	if (ret)
3311 		return ret;
3312 
3313 	res = (struct mt7915_mcu_phy_rx_info *)skb->data;
3314 
3315 	rate->mcs = res->rate;
3316 	rate->nss = res->nsts + 1;
3317 
3318 	switch (res->mode) {
3319 	case MT_PHY_TYPE_CCK:
3320 		cck = true;
3321 		fallthrough;
3322 	case MT_PHY_TYPE_OFDM:
3323 		if (mphy->chandef.chan->band == NL80211_BAND_5GHZ)
3324 			sband = &mphy->sband_5g.sband;
3325 		else if (mphy->chandef.chan->band == NL80211_BAND_6GHZ)
3326 			sband = &mphy->sband_6g.sband;
3327 		else
3328 			sband = &mphy->sband_2g.sband;
3329 
3330 		rate->mcs = mt76_get_rate(&dev->mt76, sband, rate->mcs, cck);
3331 		rate->legacy = sband->bitrates[rate->mcs].bitrate;
3332 		break;
3333 	case MT_PHY_TYPE_HT:
3334 	case MT_PHY_TYPE_HT_GF:
3335 		if (rate->mcs > 31) {
3336 			ret = -EINVAL;
3337 			goto out;
3338 		}
3339 
3340 		rate->flags = RATE_INFO_FLAGS_MCS;
3341 		if (res->gi)
3342 			rate->flags |= RATE_INFO_FLAGS_SHORT_GI;
3343 		break;
3344 	case MT_PHY_TYPE_VHT:
3345 		if (rate->mcs > 9) {
3346 			ret = -EINVAL;
3347 			goto out;
3348 		}
3349 
3350 		rate->flags = RATE_INFO_FLAGS_VHT_MCS;
3351 		if (res->gi)
3352 			rate->flags |= RATE_INFO_FLAGS_SHORT_GI;
3353 		break;
3354 	case MT_PHY_TYPE_HE_SU:
3355 	case MT_PHY_TYPE_HE_EXT_SU:
3356 	case MT_PHY_TYPE_HE_TB:
3357 	case MT_PHY_TYPE_HE_MU:
3358 		if (res->gi > NL80211_RATE_INFO_HE_GI_3_2 || rate->mcs > 11) {
3359 			ret = -EINVAL;
3360 			goto out;
3361 		}
3362 		rate->he_gi = res->gi;
3363 		rate->flags = RATE_INFO_FLAGS_HE_MCS;
3364 		break;
3365 	default:
3366 		ret = -EINVAL;
3367 		goto out;
3368 	}
3369 
3370 	switch (res->bw) {
3371 	case IEEE80211_STA_RX_BW_160:
3372 		rate->bw = RATE_INFO_BW_160;
3373 		break;
3374 	case IEEE80211_STA_RX_BW_80:
3375 		rate->bw = RATE_INFO_BW_80;
3376 		break;
3377 	case IEEE80211_STA_RX_BW_40:
3378 		rate->bw = RATE_INFO_BW_40;
3379 		break;
3380 	default:
3381 		rate->bw = RATE_INFO_BW_20;
3382 		break;
3383 	}
3384 
3385 out:
3386 	dev_kfree_skb(skb);
3387 
3388 	return ret;
3389 }
3390 
3391 int mt7915_mcu_update_bss_color(struct mt7915_dev *dev, struct ieee80211_vif *vif,
3392 				struct cfg80211_he_bss_color *he_bss_color)
3393 {
3394 	int len = sizeof(struct sta_req_hdr) + sizeof(struct bss_info_color);
3395 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
3396 	struct bss_info_color *bss_color;
3397 	struct sk_buff *skb;
3398 	struct tlv *tlv;
3399 
3400 	skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
3401 					      NULL, len);
3402 	if (IS_ERR(skb))
3403 		return PTR_ERR(skb);
3404 
3405 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_BSS_COLOR,
3406 				      sizeof(*bss_color));
3407 	bss_color = (struct bss_info_color *)tlv;
3408 	bss_color->disable = !he_bss_color->enabled;
3409 	bss_color->color = he_bss_color->color;
3410 
3411 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
3412 				     MCU_EXT_CMD(BSS_INFO_UPDATE), true);
3413 }
3414 
3415 #define TWT_AGRT_TRIGGER	BIT(0)
3416 #define TWT_AGRT_ANNOUNCE	BIT(1)
3417 #define TWT_AGRT_PROTECT	BIT(2)
3418 
3419 int mt7915_mcu_twt_agrt_update(struct mt7915_dev *dev,
3420 			       struct mt7915_vif *mvif,
3421 			       struct mt7915_twt_flow *flow,
3422 			       int cmd)
3423 {
3424 	struct {
3425 		u8 tbl_idx;
3426 		u8 cmd;
3427 		u8 own_mac_idx;
3428 		u8 flowid; /* 0xff for group id */
3429 		__le16 peer_id; /* specify the peer_id (msb=0)
3430 				 * or group_id (msb=1)
3431 				 */
3432 		u8 duration; /* 256 us */
3433 		u8 bss_idx;
3434 		__le64 start_tsf;
3435 		__le16 mantissa;
3436 		u8 exponent;
3437 		u8 is_ap;
3438 		u8 agrt_params;
3439 		u8 rsv[23];
3440 	} __packed req = {
3441 		.tbl_idx = flow->table_id,
3442 		.cmd = cmd,
3443 		.own_mac_idx = mvif->mt76.omac_idx,
3444 		.flowid = flow->id,
3445 		.peer_id = cpu_to_le16(flow->wcid),
3446 		.duration = flow->duration,
3447 		.bss_idx = mvif->mt76.idx,
3448 		.start_tsf = cpu_to_le64(flow->tsf),
3449 		.mantissa = flow->mantissa,
3450 		.exponent = flow->exp,
3451 		.is_ap = true,
3452 	};
3453 
3454 	if (flow->protection)
3455 		req.agrt_params |= TWT_AGRT_PROTECT;
3456 	if (!flow->flowtype)
3457 		req.agrt_params |= TWT_AGRT_ANNOUNCE;
3458 	if (flow->trigger)
3459 		req.agrt_params |= TWT_AGRT_TRIGGER;
3460 
3461 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(TWT_AGRT_UPDATE),
3462 				 &req, sizeof(req), true);
3463 }
3464 
3465 int mt7915_mcu_rf_regval(struct mt7915_dev *dev, u32 regidx, u32 *val, bool set)
3466 {
3467 	struct {
3468 		__le32 idx;
3469 		__le32 ofs;
3470 		__le32 data;
3471 	} __packed req = {
3472 		.idx = cpu_to_le32(u32_get_bits(regidx, GENMASK(31, 28))),
3473 		.ofs = cpu_to_le32(u32_get_bits(regidx, GENMASK(27, 0))),
3474 		.data = set ? cpu_to_le32(*val) : 0,
3475 	};
3476 	struct sk_buff *skb;
3477 	int ret;
3478 
3479 	if (set)
3480 		return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RF_REG_ACCESS),
3481 					 &req, sizeof(req), false);
3482 
3483 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_QUERY(RF_REG_ACCESS),
3484 					&req, sizeof(req), true, &skb);
3485 	if (ret)
3486 		return ret;
3487 
3488 	*val = le32_to_cpu(*(__le32 *)(skb->data + 8));
3489 	dev_kfree_skb(skb);
3490 
3491 	return 0;
3492 }
3493