xref: /linux/drivers/net/wireless/ath/ath10k/mac.c (revision 5e3992fe72748ed3892be876f09d4d990548b7af) 
1 // SPDX-License-Identifier: ISC
2 /*
3  * Copyright (c) 2005-2011 Atheros Communications Inc.
4  * Copyright (c) 2011-2017 Qualcomm Atheros, Inc.
5  * Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
6  */
7 
8 #include "mac.h"
9 
10 #include <net/cfg80211.h>
11 #include <net/mac80211.h>
12 #include <linux/etherdevice.h>
13 #include <linux/acpi.h>
14 #include <linux/of.h>
15 #include <linux/bitfield.h>
16 
17 #include "hif.h"
18 #include "core.h"
19 #include "debug.h"
20 #include "wmi.h"
21 #include "htt.h"
22 #include "txrx.h"
23 #include "testmode.h"
24 #include "wmi-tlv.h"
25 #include "wmi-ops.h"
26 #include "wow.h"
27 
28 /*********/
29 /* Rates */
30 /*********/
31 
32 static struct ieee80211_rate ath10k_rates[] = {
33 	{ .bitrate = 10,
34 	  .hw_value = ATH10K_HW_RATE_CCK_LP_1M },
35 	{ .bitrate = 20,
36 	  .hw_value = ATH10K_HW_RATE_CCK_LP_2M,
37 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_2M,
38 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
39 	{ .bitrate = 55,
40 	  .hw_value = ATH10K_HW_RATE_CCK_LP_5_5M,
41 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_5_5M,
42 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
43 	{ .bitrate = 110,
44 	  .hw_value = ATH10K_HW_RATE_CCK_LP_11M,
45 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_11M,
46 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
47 
48 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
49 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
50 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
51 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
52 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
53 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
54 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
55 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
56 };
57 
58 static struct ieee80211_rate ath10k_rates_rev2[] = {
59 	{ .bitrate = 10,
60 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_1M },
61 	{ .bitrate = 20,
62 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_2M,
63 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_2M,
64 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
65 	{ .bitrate = 55,
66 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_5_5M,
67 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_5_5M,
68 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
69 	{ .bitrate = 110,
70 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_11M,
71 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_11M,
72 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
73 
74 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
75 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
76 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
77 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
78 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
79 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
80 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
81 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
82 };
83 
84 static const struct cfg80211_sar_freq_ranges ath10k_sar_freq_ranges[] = {
85 	{.start_freq = 2402, .end_freq = 2494 },
86 	{.start_freq = 5170, .end_freq = 5875 },
87 };
88 
89 static const struct cfg80211_sar_capa ath10k_sar_capa = {
90 	.type = NL80211_SAR_TYPE_POWER,
91 	.num_freq_ranges = (ARRAY_SIZE(ath10k_sar_freq_ranges)),
92 	.freq_ranges = &ath10k_sar_freq_ranges[0],
93 };
94 
95 #define ATH10K_MAC_FIRST_OFDM_RATE_IDX 4
96 
97 #define ath10k_a_rates (ath10k_rates + ATH10K_MAC_FIRST_OFDM_RATE_IDX)
98 #define ath10k_a_rates_size (ARRAY_SIZE(ath10k_rates) - \
99 			     ATH10K_MAC_FIRST_OFDM_RATE_IDX)
100 #define ath10k_g_rates (ath10k_rates + 0)
101 #define ath10k_g_rates_size (ARRAY_SIZE(ath10k_rates))
102 
103 #define ath10k_g_rates_rev2 (ath10k_rates_rev2 + 0)
104 #define ath10k_g_rates_rev2_size (ARRAY_SIZE(ath10k_rates_rev2))
105 
106 #define ath10k_wmi_legacy_rates ath10k_rates
107 
108 static bool ath10k_mac_bitrate_is_cck(int bitrate)
109 {
110 	switch (bitrate) {
111 	case 10:
112 	case 20:
113 	case 55:
114 	case 110:
115 		return true;
116 	}
117 
118 	return false;
119 }
120 
121 static u8 ath10k_mac_bitrate_to_rate(int bitrate)
122 {
123 	return DIV_ROUND_UP(bitrate, 5) |
124 	       (ath10k_mac_bitrate_is_cck(bitrate) ? BIT(7) : 0);
125 }
126 
127 u8 ath10k_mac_hw_rate_to_idx(const struct ieee80211_supported_band *sband,
128 			     u8 hw_rate, bool cck)
129 {
130 	const struct ieee80211_rate *rate;
131 	int i;
132 
133 	for (i = 0; i < sband->n_bitrates; i++) {
134 		rate = &sband->bitrates[i];
135 
136 		if (ath10k_mac_bitrate_is_cck(rate->bitrate) != cck)
137 			continue;
138 
139 		if (rate->hw_value == hw_rate)
140 			return i;
141 		else if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE &&
142 			 rate->hw_value_short == hw_rate)
143 			return i;
144 	}
145 
146 	return 0;
147 }
148 
149 u8 ath10k_mac_bitrate_to_idx(const struct ieee80211_supported_band *sband,
150 			     u32 bitrate)
151 {
152 	int i;
153 
154 	for (i = 0; i < sband->n_bitrates; i++)
155 		if (sband->bitrates[i].bitrate == bitrate)
156 			return i;
157 
158 	return 0;
159 }
160 
161 static int ath10k_mac_get_rate_hw_value(int bitrate)
162 {
163 	int i;
164 	u8 hw_value_prefix = 0;
165 
166 	if (ath10k_mac_bitrate_is_cck(bitrate))
167 		hw_value_prefix = WMI_RATE_PREAMBLE_CCK << 6;
168 
169 	for (i = 0; i < ARRAY_SIZE(ath10k_rates); i++) {
170 		if (ath10k_rates[i].bitrate == bitrate)
171 			return hw_value_prefix | ath10k_rates[i].hw_value;
172 	}
173 
174 	return -EINVAL;
175 }
176 
177 static int ath10k_mac_get_max_vht_mcs_map(u16 mcs_map, int nss)
178 {
179 	switch ((mcs_map >> (2 * nss)) & 0x3) {
180 	case IEEE80211_VHT_MCS_SUPPORT_0_7: return BIT(8) - 1;
181 	case IEEE80211_VHT_MCS_SUPPORT_0_8: return BIT(9) - 1;
182 	case IEEE80211_VHT_MCS_SUPPORT_0_9: return BIT(10) - 1;
183 	}
184 	return 0;
185 }
186 
187 static u32
188 ath10k_mac_max_ht_nss(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
189 {
190 	int nss;
191 
192 	for (nss = IEEE80211_HT_MCS_MASK_LEN - 1; nss >= 0; nss--)
193 		if (ht_mcs_mask[nss])
194 			return nss + 1;
195 
196 	return 1;
197 }
198 
199 static u32
200 ath10k_mac_max_vht_nss(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
201 {
202 	int nss;
203 
204 	for (nss = NL80211_VHT_NSS_MAX - 1; nss >= 0; nss--)
205 		if (vht_mcs_mask[nss])
206 			return nss + 1;
207 
208 	return 1;
209 }
210 
211 int ath10k_mac_ext_resource_config(struct ath10k *ar, u32 val)
212 {
213 	enum wmi_host_platform_type platform_type;
214 	int ret;
215 
216 	if (test_bit(WMI_SERVICE_TX_MODE_DYNAMIC, ar->wmi.svc_map))
217 		platform_type = WMI_HOST_PLATFORM_LOW_PERF;
218 	else
219 		platform_type = WMI_HOST_PLATFORM_HIGH_PERF;
220 
221 	ret = ath10k_wmi_ext_resource_config(ar, platform_type, val);
222 
223 	if (ret && ret != -EOPNOTSUPP) {
224 		ath10k_warn(ar, "failed to configure ext resource: %d\n", ret);
225 		return ret;
226 	}
227 
228 	return 0;
229 }
230 
231 /**********/
232 /* Crypto */
233 /**********/
234 
235 static int ath10k_send_key(struct ath10k_vif *arvif,
236 			   struct ieee80211_key_conf *key,
237 			   enum set_key_cmd cmd,
238 			   const u8 *macaddr, u32 flags)
239 {
240 	struct ath10k *ar = arvif->ar;
241 	struct wmi_vdev_install_key_arg arg = {
242 		.vdev_id = arvif->vdev_id,
243 		.key_idx = key->keyidx,
244 		.key_len = key->keylen,
245 		.key_data = key->key,
246 		.key_flags = flags,
247 		.macaddr = macaddr,
248 	};
249 
250 	lockdep_assert_held(&arvif->ar->conf_mutex);
251 
252 	switch (key->cipher) {
253 	case WLAN_CIPHER_SUITE_CCMP:
254 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
255 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
256 		break;
257 	case WLAN_CIPHER_SUITE_TKIP:
258 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_TKIP];
259 		arg.key_txmic_len = 8;
260 		arg.key_rxmic_len = 8;
261 		break;
262 	case WLAN_CIPHER_SUITE_WEP40:
263 	case WLAN_CIPHER_SUITE_WEP104:
264 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_WEP];
265 		break;
266 	case WLAN_CIPHER_SUITE_CCMP_256:
267 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
268 		break;
269 	case WLAN_CIPHER_SUITE_GCMP:
270 	case WLAN_CIPHER_SUITE_GCMP_256:
271 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_GCM];
272 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
273 		break;
274 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
275 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
276 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
277 	case WLAN_CIPHER_SUITE_AES_CMAC:
278 		WARN_ON(1);
279 		return -EINVAL;
280 	default:
281 		ath10k_warn(ar, "cipher %d is not supported\n", key->cipher);
282 		return -EOPNOTSUPP;
283 	}
284 
285 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
286 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
287 
288 	if (cmd == DISABLE_KEY) {
289 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_NONE];
290 		arg.key_data = NULL;
291 	}
292 
293 	return ath10k_wmi_vdev_install_key(arvif->ar, &arg);
294 }
295 
296 static int ath10k_install_key(struct ath10k_vif *arvif,
297 			      struct ieee80211_key_conf *key,
298 			      enum set_key_cmd cmd,
299 			      const u8 *macaddr, u32 flags)
300 {
301 	struct ath10k *ar = arvif->ar;
302 	int ret;
303 	unsigned long time_left;
304 
305 	lockdep_assert_held(&ar->conf_mutex);
306 
307 	reinit_completion(&ar->install_key_done);
308 
309 	if (arvif->nohwcrypt)
310 		return 1;
311 
312 	ret = ath10k_send_key(arvif, key, cmd, macaddr, flags);
313 	if (ret)
314 		return ret;
315 
316 	time_left = wait_for_completion_timeout(&ar->install_key_done, 3 * HZ);
317 	if (time_left == 0)
318 		return -ETIMEDOUT;
319 
320 	return 0;
321 }
322 
323 static int ath10k_install_peer_wep_keys(struct ath10k_vif *arvif,
324 					const u8 *addr)
325 {
326 	struct ath10k *ar = arvif->ar;
327 	struct ath10k_peer *peer;
328 	int ret;
329 	int i;
330 	u32 flags;
331 
332 	lockdep_assert_held(&ar->conf_mutex);
333 
334 	if (WARN_ON(arvif->vif->type != NL80211_IFTYPE_AP &&
335 		    arvif->vif->type != NL80211_IFTYPE_ADHOC &&
336 		    arvif->vif->type != NL80211_IFTYPE_MESH_POINT))
337 		return -EINVAL;
338 
339 	spin_lock_bh(&ar->data_lock);
340 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
341 	spin_unlock_bh(&ar->data_lock);
342 
343 	if (!peer)
344 		return -ENOENT;
345 
346 	for (i = 0; i < ARRAY_SIZE(arvif->wep_keys); i++) {
347 		if (arvif->wep_keys[i] == NULL)
348 			continue;
349 
350 		switch (arvif->vif->type) {
351 		case NL80211_IFTYPE_AP:
352 			flags = WMI_KEY_PAIRWISE;
353 
354 			if (arvif->def_wep_key_idx == i)
355 				flags |= WMI_KEY_TX_USAGE;
356 
357 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
358 						 SET_KEY, addr, flags);
359 			if (ret < 0)
360 				return ret;
361 			break;
362 		case NL80211_IFTYPE_ADHOC:
363 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
364 						 SET_KEY, addr,
365 						 WMI_KEY_PAIRWISE);
366 			if (ret < 0)
367 				return ret;
368 
369 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
370 						 SET_KEY, addr, WMI_KEY_GROUP);
371 			if (ret < 0)
372 				return ret;
373 			break;
374 		default:
375 			WARN_ON(1);
376 			return -EINVAL;
377 		}
378 
379 		spin_lock_bh(&ar->data_lock);
380 		peer->keys[i] = arvif->wep_keys[i];
381 		spin_unlock_bh(&ar->data_lock);
382 	}
383 
384 	/* In some cases (notably with static WEP IBSS with multiple keys)
385 	 * multicast Tx becomes broken. Both pairwise and groupwise keys are
386 	 * installed already. Using WMI_KEY_TX_USAGE in different combinations
387 	 * didn't seem help. Using def_keyid vdev parameter seems to be
388 	 * effective so use that.
389 	 *
390 	 * FIXME: Revisit. Perhaps this can be done in a less hacky way.
391 	 */
392 	if (arvif->vif->type != NL80211_IFTYPE_ADHOC)
393 		return 0;
394 
395 	if (arvif->def_wep_key_idx == -1)
396 		return 0;
397 
398 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
399 					arvif->vdev_id,
400 					arvif->ar->wmi.vdev_param->def_keyid,
401 					arvif->def_wep_key_idx);
402 	if (ret) {
403 		ath10k_warn(ar, "failed to re-set def wpa key idxon vdev %i: %d\n",
404 			    arvif->vdev_id, ret);
405 		return ret;
406 	}
407 
408 	return 0;
409 }
410 
411 static int ath10k_clear_peer_keys(struct ath10k_vif *arvif,
412 				  const u8 *addr)
413 {
414 	struct ath10k *ar = arvif->ar;
415 	struct ath10k_peer *peer;
416 	int first_errno = 0;
417 	int ret;
418 	int i;
419 	u32 flags = 0;
420 
421 	lockdep_assert_held(&ar->conf_mutex);
422 
423 	spin_lock_bh(&ar->data_lock);
424 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
425 	spin_unlock_bh(&ar->data_lock);
426 
427 	if (!peer)
428 		return -ENOENT;
429 
430 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
431 		if (peer->keys[i] == NULL)
432 			continue;
433 
434 		/* key flags are not required to delete the key */
435 		ret = ath10k_install_key(arvif, peer->keys[i],
436 					 DISABLE_KEY, addr, flags);
437 		if (ret < 0 && first_errno == 0)
438 			first_errno = ret;
439 
440 		if (ret < 0)
441 			ath10k_warn(ar, "failed to remove peer wep key %d: %d\n",
442 				    i, ret);
443 
444 		spin_lock_bh(&ar->data_lock);
445 		peer->keys[i] = NULL;
446 		spin_unlock_bh(&ar->data_lock);
447 	}
448 
449 	return first_errno;
450 }
451 
452 bool ath10k_mac_is_peer_wep_key_set(struct ath10k *ar, const u8 *addr,
453 				    u8 keyidx)
454 {
455 	struct ath10k_peer *peer;
456 	int i;
457 
458 	lockdep_assert_held(&ar->data_lock);
459 
460 	/* We don't know which vdev this peer belongs to,
461 	 * since WMI doesn't give us that information.
462 	 *
463 	 * FIXME: multi-bss needs to be handled.
464 	 */
465 	peer = ath10k_peer_find(ar, 0, addr);
466 	if (!peer)
467 		return false;
468 
469 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
470 		if (peer->keys[i] && peer->keys[i]->keyidx == keyidx)
471 			return true;
472 	}
473 
474 	return false;
475 }
476 
477 static int ath10k_clear_vdev_key(struct ath10k_vif *arvif,
478 				 struct ieee80211_key_conf *key)
479 {
480 	struct ath10k *ar = arvif->ar;
481 	struct ath10k_peer *peer;
482 	u8 addr[ETH_ALEN];
483 	int first_errno = 0;
484 	int ret;
485 	int i;
486 	u32 flags = 0;
487 
488 	lockdep_assert_held(&ar->conf_mutex);
489 
490 	for (;;) {
491 		/* since ath10k_install_key we can't hold data_lock all the
492 		 * time, so we try to remove the keys incrementally
493 		 */
494 		spin_lock_bh(&ar->data_lock);
495 		i = 0;
496 		list_for_each_entry(peer, &ar->peers, list) {
497 			for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
498 				if (peer->keys[i] == key) {
499 					ether_addr_copy(addr, peer->addr);
500 					peer->keys[i] = NULL;
501 					break;
502 				}
503 			}
504 
505 			if (i < ARRAY_SIZE(peer->keys))
506 				break;
507 		}
508 		spin_unlock_bh(&ar->data_lock);
509 
510 		if (i == ARRAY_SIZE(peer->keys))
511 			break;
512 		/* key flags are not required to delete the key */
513 		ret = ath10k_install_key(arvif, key, DISABLE_KEY, addr, flags);
514 		if (ret < 0 && first_errno == 0)
515 			first_errno = ret;
516 
517 		if (ret)
518 			ath10k_warn(ar, "failed to remove key for %pM: %d\n",
519 				    addr, ret);
520 	}
521 
522 	return first_errno;
523 }
524 
525 static int ath10k_mac_vif_update_wep_key(struct ath10k_vif *arvif,
526 					 struct ieee80211_key_conf *key)
527 {
528 	struct ath10k *ar = arvif->ar;
529 	struct ath10k_peer *peer;
530 	int ret;
531 
532 	lockdep_assert_held(&ar->conf_mutex);
533 
534 	list_for_each_entry(peer, &ar->peers, list) {
535 		if (ether_addr_equal(peer->addr, arvif->vif->addr))
536 			continue;
537 
538 		if (ether_addr_equal(peer->addr, arvif->bssid))
539 			continue;
540 
541 		if (peer->keys[key->keyidx] == key)
542 			continue;
543 
544 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vif vdev %i update key %i needs update\n",
545 			   arvif->vdev_id, key->keyidx);
546 
547 		ret = ath10k_install_peer_wep_keys(arvif, peer->addr);
548 		if (ret) {
549 			ath10k_warn(ar, "failed to update wep keys on vdev %i for peer %pM: %d\n",
550 				    arvif->vdev_id, peer->addr, ret);
551 			return ret;
552 		}
553 	}
554 
555 	return 0;
556 }
557 
558 /*********************/
559 /* General utilities */
560 /*********************/
561 
562 static inline enum wmi_phy_mode
563 chan_to_phymode(const struct cfg80211_chan_def *chandef)
564 {
565 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
566 
567 	switch (chandef->chan->band) {
568 	case NL80211_BAND_2GHZ:
569 		switch (chandef->width) {
570 		case NL80211_CHAN_WIDTH_20_NOHT:
571 			if (chandef->chan->flags & IEEE80211_CHAN_NO_OFDM)
572 				phymode = MODE_11B;
573 			else
574 				phymode = MODE_11G;
575 			break;
576 		case NL80211_CHAN_WIDTH_20:
577 			phymode = MODE_11NG_HT20;
578 			break;
579 		case NL80211_CHAN_WIDTH_40:
580 			phymode = MODE_11NG_HT40;
581 			break;
582 		default:
583 			phymode = MODE_UNKNOWN;
584 			break;
585 		}
586 		break;
587 	case NL80211_BAND_5GHZ:
588 		switch (chandef->width) {
589 		case NL80211_CHAN_WIDTH_20_NOHT:
590 			phymode = MODE_11A;
591 			break;
592 		case NL80211_CHAN_WIDTH_20:
593 			phymode = MODE_11NA_HT20;
594 			break;
595 		case NL80211_CHAN_WIDTH_40:
596 			phymode = MODE_11NA_HT40;
597 			break;
598 		case NL80211_CHAN_WIDTH_80:
599 			phymode = MODE_11AC_VHT80;
600 			break;
601 		case NL80211_CHAN_WIDTH_160:
602 			phymode = MODE_11AC_VHT160;
603 			break;
604 		case NL80211_CHAN_WIDTH_80P80:
605 			phymode = MODE_11AC_VHT80_80;
606 			break;
607 		default:
608 			phymode = MODE_UNKNOWN;
609 			break;
610 		}
611 		break;
612 	default:
613 		break;
614 	}
615 
616 	WARN_ON(phymode == MODE_UNKNOWN);
617 	return phymode;
618 }
619 
620 static u8 ath10k_parse_mpdudensity(u8 mpdudensity)
621 {
622 /*
623  * 802.11n D2.0 defined values for "Minimum MPDU Start Spacing":
624  *   0 for no restriction
625  *   1 for 1/4 us
626  *   2 for 1/2 us
627  *   3 for 1 us
628  *   4 for 2 us
629  *   5 for 4 us
630  *   6 for 8 us
631  *   7 for 16 us
632  */
633 	switch (mpdudensity) {
634 	case 0:
635 		return 0;
636 	case 1:
637 	case 2:
638 	case 3:
639 	/* Our lower layer calculations limit our precision to
640 	 * 1 microsecond
641 	 */
642 		return 1;
643 	case 4:
644 		return 2;
645 	case 5:
646 		return 4;
647 	case 6:
648 		return 8;
649 	case 7:
650 		return 16;
651 	default:
652 		return 0;
653 	}
654 }
655 
656 int ath10k_mac_vif_chan(struct ieee80211_vif *vif,
657 			struct cfg80211_chan_def *def)
658 {
659 	struct ieee80211_chanctx_conf *conf;
660 
661 	rcu_read_lock();
662 	conf = rcu_dereference(vif->bss_conf.chanctx_conf);
663 	if (!conf) {
664 		rcu_read_unlock();
665 		return -ENOENT;
666 	}
667 
668 	*def = conf->def;
669 	rcu_read_unlock();
670 
671 	return 0;
672 }
673 
674 static void ath10k_mac_num_chanctxs_iter(struct ieee80211_hw *hw,
675 					 struct ieee80211_chanctx_conf *conf,
676 					 void *data)
677 {
678 	int *num = data;
679 
680 	(*num)++;
681 }
682 
683 static int ath10k_mac_num_chanctxs(struct ath10k *ar)
684 {
685 	int num = 0;
686 
687 	ieee80211_iter_chan_contexts_atomic(ar->hw,
688 					    ath10k_mac_num_chanctxs_iter,
689 					    &num);
690 
691 	return num;
692 }
693 
694 static void
695 ath10k_mac_get_any_chandef_iter(struct ieee80211_hw *hw,
696 				struct ieee80211_chanctx_conf *conf,
697 				void *data)
698 {
699 	struct cfg80211_chan_def **def = data;
700 
701 	*def = &conf->def;
702 }
703 
704 static void ath10k_wait_for_peer_delete_done(struct ath10k *ar, u32 vdev_id,
705 					     const u8 *addr)
706 {
707 	unsigned long time_left;
708 	int ret;
709 
710 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
711 		ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
712 		if (ret) {
713 			ath10k_warn(ar, "failed wait for peer deleted");
714 			return;
715 		}
716 
717 		time_left = wait_for_completion_timeout(&ar->peer_delete_done,
718 							5 * HZ);
719 		if (!time_left)
720 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
721 	}
722 }
723 
724 static int ath10k_peer_create(struct ath10k *ar,
725 			      struct ieee80211_vif *vif,
726 			      struct ieee80211_sta *sta,
727 			      u32 vdev_id,
728 			      const u8 *addr,
729 			      enum wmi_peer_type peer_type)
730 {
731 	struct ath10k_vif *arvif;
732 	struct ath10k_peer *peer;
733 	int num_peers = 0;
734 	int ret;
735 
736 	lockdep_assert_held(&ar->conf_mutex);
737 
738 	num_peers = ar->num_peers;
739 
740 	/* Each vdev consumes a peer entry as well */
741 	list_for_each_entry(arvif, &ar->arvifs, list)
742 		num_peers++;
743 
744 	if (num_peers >= ar->max_num_peers)
745 		return -ENOBUFS;
746 
747 	ret = ath10k_wmi_peer_create(ar, vdev_id, addr, peer_type);
748 	if (ret) {
749 		ath10k_warn(ar, "failed to create wmi peer %pM on vdev %i: %i\n",
750 			    addr, vdev_id, ret);
751 		return ret;
752 	}
753 
754 	ret = ath10k_wait_for_peer_created(ar, vdev_id, addr);
755 	if (ret) {
756 		ath10k_warn(ar, "failed to wait for created wmi peer %pM on vdev %i: %i\n",
757 			    addr, vdev_id, ret);
758 		return ret;
759 	}
760 
761 	spin_lock_bh(&ar->data_lock);
762 
763 	peer = ath10k_peer_find(ar, vdev_id, addr);
764 	if (!peer) {
765 		spin_unlock_bh(&ar->data_lock);
766 		ath10k_warn(ar, "failed to find peer %pM on vdev %i after creation\n",
767 			    addr, vdev_id);
768 		ath10k_wait_for_peer_delete_done(ar, vdev_id, addr);
769 		return -ENOENT;
770 	}
771 
772 	peer->vif = vif;
773 	peer->sta = sta;
774 
775 	spin_unlock_bh(&ar->data_lock);
776 
777 	ar->num_peers++;
778 
779 	return 0;
780 }
781 
782 static int ath10k_mac_set_kickout(struct ath10k_vif *arvif)
783 {
784 	struct ath10k *ar = arvif->ar;
785 	u32 param;
786 	int ret;
787 
788 	param = ar->wmi.pdev_param->sta_kickout_th;
789 	ret = ath10k_wmi_pdev_set_param(ar, param,
790 					ATH10K_KICKOUT_THRESHOLD);
791 	if (ret) {
792 		ath10k_warn(ar, "failed to set kickout threshold on vdev %i: %d\n",
793 			    arvif->vdev_id, ret);
794 		return ret;
795 	}
796 
797 	param = ar->wmi.vdev_param->ap_keepalive_min_idle_inactive_time_secs;
798 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
799 					ATH10K_KEEPALIVE_MIN_IDLE);
800 	if (ret) {
801 		ath10k_warn(ar, "failed to set keepalive minimum idle time on vdev %i: %d\n",
802 			    arvif->vdev_id, ret);
803 		return ret;
804 	}
805 
806 	param = ar->wmi.vdev_param->ap_keepalive_max_idle_inactive_time_secs;
807 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
808 					ATH10K_KEEPALIVE_MAX_IDLE);
809 	if (ret) {
810 		ath10k_warn(ar, "failed to set keepalive maximum idle time on vdev %i: %d\n",
811 			    arvif->vdev_id, ret);
812 		return ret;
813 	}
814 
815 	param = ar->wmi.vdev_param->ap_keepalive_max_unresponsive_time_secs;
816 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
817 					ATH10K_KEEPALIVE_MAX_UNRESPONSIVE);
818 	if (ret) {
819 		ath10k_warn(ar, "failed to set keepalive maximum unresponsive time on vdev %i: %d\n",
820 			    arvif->vdev_id, ret);
821 		return ret;
822 	}
823 
824 	return 0;
825 }
826 
827 static int ath10k_mac_set_rts(struct ath10k_vif *arvif, u32 value)
828 {
829 	struct ath10k *ar = arvif->ar;
830 	u32 vdev_param;
831 
832 	vdev_param = ar->wmi.vdev_param->rts_threshold;
833 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, value);
834 }
835 
836 static int ath10k_peer_delete(struct ath10k *ar, u32 vdev_id, const u8 *addr)
837 {
838 	int ret;
839 
840 	lockdep_assert_held(&ar->conf_mutex);
841 
842 	ret = ath10k_wmi_peer_delete(ar, vdev_id, addr);
843 	if (ret)
844 		return ret;
845 
846 	ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
847 	if (ret)
848 		return ret;
849 
850 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
851 		unsigned long time_left;
852 
853 		time_left = wait_for_completion_timeout
854 			    (&ar->peer_delete_done, 5 * HZ);
855 
856 		if (!time_left) {
857 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
858 			return -ETIMEDOUT;
859 		}
860 	}
861 
862 	ar->num_peers--;
863 
864 	return 0;
865 }
866 
867 static void ath10k_peer_map_cleanup(struct ath10k *ar, struct ath10k_peer *peer)
868 {
869 	int peer_id, i;
870 
871 	lockdep_assert_held(&ar->conf_mutex);
872 
873 	for_each_set_bit(peer_id, peer->peer_ids,
874 			 ATH10K_MAX_NUM_PEER_IDS) {
875 		ar->peer_map[peer_id] = NULL;
876 	}
877 
878 	/* Double check that peer is properly un-referenced from
879 	 * the peer_map
880 	 */
881 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
882 		if (ar->peer_map[i] == peer) {
883 			ath10k_warn(ar, "removing stale peer_map entry for %pM (ptr %pK idx %d)\n",
884 				    peer->addr, peer, i);
885 			ar->peer_map[i] = NULL;
886 		}
887 	}
888 
889 	list_del(&peer->list);
890 	kfree(peer);
891 	ar->num_peers--;
892 }
893 
894 static void ath10k_peer_cleanup(struct ath10k *ar, u32 vdev_id)
895 {
896 	struct ath10k_peer *peer, *tmp;
897 
898 	lockdep_assert_held(&ar->conf_mutex);
899 
900 	spin_lock_bh(&ar->data_lock);
901 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
902 		if (peer->vdev_id != vdev_id)
903 			continue;
904 
905 		ath10k_warn(ar, "removing stale peer %pM from vdev_id %d\n",
906 			    peer->addr, vdev_id);
907 
908 		ath10k_peer_map_cleanup(ar, peer);
909 	}
910 	spin_unlock_bh(&ar->data_lock);
911 }
912 
913 static void ath10k_peer_cleanup_all(struct ath10k *ar)
914 {
915 	struct ath10k_peer *peer, *tmp;
916 	int i;
917 
918 	lockdep_assert_held(&ar->conf_mutex);
919 
920 	spin_lock_bh(&ar->data_lock);
921 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
922 		list_del(&peer->list);
923 		kfree(peer);
924 	}
925 
926 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++)
927 		ar->peer_map[i] = NULL;
928 
929 	spin_unlock_bh(&ar->data_lock);
930 
931 	ar->num_peers = 0;
932 	ar->num_stations = 0;
933 }
934 
935 static int ath10k_mac_tdls_peer_update(struct ath10k *ar, u32 vdev_id,
936 				       struct ieee80211_sta *sta,
937 				       enum wmi_tdls_peer_state state)
938 {
939 	int ret;
940 	struct wmi_tdls_peer_update_cmd_arg arg = {};
941 	struct wmi_tdls_peer_capab_arg cap = {};
942 	struct wmi_channel_arg chan_arg = {};
943 
944 	lockdep_assert_held(&ar->conf_mutex);
945 
946 	arg.vdev_id = vdev_id;
947 	arg.peer_state = state;
948 	ether_addr_copy(arg.addr, sta->addr);
949 
950 	cap.peer_max_sp = sta->max_sp;
951 	cap.peer_uapsd_queues = sta->uapsd_queues;
952 
953 	if (state == WMI_TDLS_PEER_STATE_CONNECTED &&
954 	    !sta->tdls_initiator)
955 		cap.is_peer_responder = 1;
956 
957 	ret = ath10k_wmi_tdls_peer_update(ar, &arg, &cap, &chan_arg);
958 	if (ret) {
959 		ath10k_warn(ar, "failed to update tdls peer %pM on vdev %i: %i\n",
960 			    arg.addr, vdev_id, ret);
961 		return ret;
962 	}
963 
964 	return 0;
965 }
966 
967 /************************/
968 /* Interface management */
969 /************************/
970 
971 void ath10k_mac_vif_beacon_free(struct ath10k_vif *arvif)
972 {
973 	struct ath10k *ar = arvif->ar;
974 
975 	lockdep_assert_held(&ar->data_lock);
976 
977 	if (!arvif->beacon)
978 		return;
979 
980 	if (!arvif->beacon_buf)
981 		dma_unmap_single(ar->dev, ATH10K_SKB_CB(arvif->beacon)->paddr,
982 				 arvif->beacon->len, DMA_TO_DEVICE);
983 
984 	if (WARN_ON(arvif->beacon_state != ATH10K_BEACON_SCHEDULED &&
985 		    arvif->beacon_state != ATH10K_BEACON_SENT))
986 		return;
987 
988 	dev_kfree_skb_any(arvif->beacon);
989 
990 	arvif->beacon = NULL;
991 	arvif->beacon_state = ATH10K_BEACON_SCHEDULED;
992 }
993 
994 static void ath10k_mac_vif_beacon_cleanup(struct ath10k_vif *arvif)
995 {
996 	struct ath10k *ar = arvif->ar;
997 
998 	lockdep_assert_held(&ar->data_lock);
999 
1000 	ath10k_mac_vif_beacon_free(arvif);
1001 
1002 	if (arvif->beacon_buf) {
1003 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)
1004 			kfree(arvif->beacon_buf);
1005 		else
1006 			dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
1007 					  arvif->beacon_buf,
1008 					  arvif->beacon_paddr);
1009 		arvif->beacon_buf = NULL;
1010 	}
1011 }
1012 
1013 static inline int ath10k_vdev_setup_sync(struct ath10k *ar)
1014 {
1015 	unsigned long time_left;
1016 
1017 	lockdep_assert_held(&ar->conf_mutex);
1018 
1019 	if (test_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags))
1020 		return -ESHUTDOWN;
1021 
1022 	time_left = wait_for_completion_timeout(&ar->vdev_setup_done,
1023 						ATH10K_VDEV_SETUP_TIMEOUT_HZ);
1024 	if (time_left == 0)
1025 		return -ETIMEDOUT;
1026 
1027 	return ar->last_wmi_vdev_start_status;
1028 }
1029 
1030 static int ath10k_monitor_vdev_start(struct ath10k *ar, int vdev_id)
1031 {
1032 	struct cfg80211_chan_def *chandef = NULL;
1033 	struct ieee80211_channel *channel = NULL;
1034 	struct wmi_vdev_start_request_arg arg = {};
1035 	int ret = 0;
1036 
1037 	lockdep_assert_held(&ar->conf_mutex);
1038 
1039 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1040 					    ath10k_mac_get_any_chandef_iter,
1041 					    &chandef);
1042 	if (WARN_ON_ONCE(!chandef))
1043 		return -ENOENT;
1044 
1045 	channel = chandef->chan;
1046 
1047 	arg.vdev_id = vdev_id;
1048 	arg.channel.freq = channel->center_freq;
1049 	arg.channel.band_center_freq1 = chandef->center_freq1;
1050 	arg.channel.band_center_freq2 = chandef->center_freq2;
1051 
1052 	/* TODO setup this dynamically, what in case we
1053 	 * don't have any vifs?
1054 	 */
1055 	arg.channel.mode = chan_to_phymode(chandef);
1056 	arg.channel.chan_radar =
1057 			!!(channel->flags & IEEE80211_CHAN_RADAR);
1058 
1059 	arg.channel.min_power = 0;
1060 	arg.channel.max_power = channel->max_power * 2;
1061 	arg.channel.max_reg_power = channel->max_reg_power * 2;
1062 	arg.channel.max_antenna_gain = channel->max_antenna_gain;
1063 
1064 	reinit_completion(&ar->vdev_setup_done);
1065 	reinit_completion(&ar->vdev_delete_done);
1066 
1067 	ret = ath10k_wmi_vdev_start(ar, &arg);
1068 	if (ret) {
1069 		ath10k_warn(ar, "failed to request monitor vdev %i start: %d\n",
1070 			    vdev_id, ret);
1071 		return ret;
1072 	}
1073 
1074 	ret = ath10k_vdev_setup_sync(ar);
1075 	if (ret) {
1076 		ath10k_warn(ar, "failed to synchronize setup for monitor vdev %i start: %d\n",
1077 			    vdev_id, ret);
1078 		return ret;
1079 	}
1080 
1081 	ret = ath10k_wmi_vdev_up(ar, vdev_id, 0, ar->mac_addr);
1082 	if (ret) {
1083 		ath10k_warn(ar, "failed to put up monitor vdev %i: %d\n",
1084 			    vdev_id, ret);
1085 		goto vdev_stop;
1086 	}
1087 
1088 	ar->monitor_vdev_id = vdev_id;
1089 
1090 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i started\n",
1091 		   ar->monitor_vdev_id);
1092 	return 0;
1093 
1094 vdev_stop:
1095 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1096 	if (ret)
1097 		ath10k_warn(ar, "failed to stop monitor vdev %i after start failure: %d\n",
1098 			    ar->monitor_vdev_id, ret);
1099 
1100 	return ret;
1101 }
1102 
1103 static int ath10k_monitor_vdev_stop(struct ath10k *ar)
1104 {
1105 	int ret = 0;
1106 
1107 	lockdep_assert_held(&ar->conf_mutex);
1108 
1109 	ret = ath10k_wmi_vdev_down(ar, ar->monitor_vdev_id);
1110 	if (ret)
1111 		ath10k_warn(ar, "failed to put down monitor vdev %i: %d\n",
1112 			    ar->monitor_vdev_id, ret);
1113 
1114 	reinit_completion(&ar->vdev_setup_done);
1115 	reinit_completion(&ar->vdev_delete_done);
1116 
1117 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1118 	if (ret)
1119 		ath10k_warn(ar, "failed to request monitor vdev %i stop: %d\n",
1120 			    ar->monitor_vdev_id, ret);
1121 
1122 	ret = ath10k_vdev_setup_sync(ar);
1123 	if (ret)
1124 		ath10k_warn(ar, "failed to synchronize monitor vdev %i stop: %d\n",
1125 			    ar->monitor_vdev_id, ret);
1126 
1127 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i stopped\n",
1128 		   ar->monitor_vdev_id);
1129 	return ret;
1130 }
1131 
1132 static int ath10k_monitor_vdev_create(struct ath10k *ar)
1133 {
1134 	int bit, ret = 0;
1135 
1136 	lockdep_assert_held(&ar->conf_mutex);
1137 
1138 	if (ar->free_vdev_map == 0) {
1139 		ath10k_warn(ar, "failed to find free vdev id for monitor vdev\n");
1140 		return -ENOMEM;
1141 	}
1142 
1143 	bit = __ffs64(ar->free_vdev_map);
1144 
1145 	ar->monitor_vdev_id = bit;
1146 
1147 	ret = ath10k_wmi_vdev_create(ar, ar->monitor_vdev_id,
1148 				     WMI_VDEV_TYPE_MONITOR,
1149 				     0, ar->mac_addr);
1150 	if (ret) {
1151 		ath10k_warn(ar, "failed to request monitor vdev %i creation: %d\n",
1152 			    ar->monitor_vdev_id, ret);
1153 		return ret;
1154 	}
1155 
1156 	ar->free_vdev_map &= ~(1LL << ar->monitor_vdev_id);
1157 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d created\n",
1158 		   ar->monitor_vdev_id);
1159 
1160 	return 0;
1161 }
1162 
1163 static int ath10k_monitor_vdev_delete(struct ath10k *ar)
1164 {
1165 	int ret = 0;
1166 
1167 	lockdep_assert_held(&ar->conf_mutex);
1168 
1169 	ret = ath10k_wmi_vdev_delete(ar, ar->monitor_vdev_id);
1170 	if (ret) {
1171 		ath10k_warn(ar, "failed to request wmi monitor vdev %i removal: %d\n",
1172 			    ar->monitor_vdev_id, ret);
1173 		return ret;
1174 	}
1175 
1176 	ar->free_vdev_map |= 1LL << ar->monitor_vdev_id;
1177 
1178 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d deleted\n",
1179 		   ar->monitor_vdev_id);
1180 	return ret;
1181 }
1182 
1183 static int ath10k_monitor_start(struct ath10k *ar)
1184 {
1185 	int ret;
1186 
1187 	lockdep_assert_held(&ar->conf_mutex);
1188 
1189 	ret = ath10k_monitor_vdev_create(ar);
1190 	if (ret) {
1191 		ath10k_warn(ar, "failed to create monitor vdev: %d\n", ret);
1192 		return ret;
1193 	}
1194 
1195 	ret = ath10k_monitor_vdev_start(ar, ar->monitor_vdev_id);
1196 	if (ret) {
1197 		ath10k_warn(ar, "failed to start monitor vdev: %d\n", ret);
1198 		ath10k_monitor_vdev_delete(ar);
1199 		return ret;
1200 	}
1201 
1202 	ar->monitor_started = true;
1203 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor started\n");
1204 
1205 	return 0;
1206 }
1207 
1208 static int ath10k_monitor_stop(struct ath10k *ar)
1209 {
1210 	int ret;
1211 
1212 	lockdep_assert_held(&ar->conf_mutex);
1213 
1214 	ret = ath10k_monitor_vdev_stop(ar);
1215 	if (ret) {
1216 		ath10k_warn(ar, "failed to stop monitor vdev: %d\n", ret);
1217 		return ret;
1218 	}
1219 
1220 	ret = ath10k_monitor_vdev_delete(ar);
1221 	if (ret) {
1222 		ath10k_warn(ar, "failed to delete monitor vdev: %d\n", ret);
1223 		return ret;
1224 	}
1225 
1226 	ar->monitor_started = false;
1227 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopped\n");
1228 
1229 	return 0;
1230 }
1231 
1232 static bool ath10k_mac_monitor_vdev_is_needed(struct ath10k *ar)
1233 {
1234 	int num_ctx;
1235 
1236 	/* At least one chanctx is required to derive a channel to start
1237 	 * monitor vdev on.
1238 	 */
1239 	num_ctx = ath10k_mac_num_chanctxs(ar);
1240 	if (num_ctx == 0)
1241 		return false;
1242 
1243 	/* If there's already an existing special monitor interface then don't
1244 	 * bother creating another monitor vdev.
1245 	 */
1246 	if (ar->monitor_arvif)
1247 		return false;
1248 
1249 	return ar->monitor ||
1250 	       (!test_bit(ATH10K_FW_FEATURE_ALLOWS_MESH_BCAST,
1251 			  ar->running_fw->fw_file.fw_features) &&
1252 		(ar->filter_flags & FIF_OTHER_BSS)) ||
1253 	       test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1254 }
1255 
1256 static bool ath10k_mac_monitor_vdev_is_allowed(struct ath10k *ar)
1257 {
1258 	int num_ctx;
1259 
1260 	num_ctx = ath10k_mac_num_chanctxs(ar);
1261 
1262 	/* FIXME: Current interface combinations and cfg80211/mac80211 code
1263 	 * shouldn't allow this but make sure to prevent handling the following
1264 	 * case anyway since multi-channel DFS hasn't been tested at all.
1265 	 */
1266 	if (test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags) && num_ctx > 1)
1267 		return false;
1268 
1269 	return true;
1270 }
1271 
1272 static int ath10k_monitor_recalc(struct ath10k *ar)
1273 {
1274 	bool needed;
1275 	bool allowed;
1276 	int ret;
1277 
1278 	lockdep_assert_held(&ar->conf_mutex);
1279 
1280 	needed = ath10k_mac_monitor_vdev_is_needed(ar);
1281 	allowed = ath10k_mac_monitor_vdev_is_allowed(ar);
1282 
1283 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1284 		   "mac monitor recalc started? %d needed? %d allowed? %d\n",
1285 		   ar->monitor_started, needed, allowed);
1286 
1287 	if (WARN_ON(needed && !allowed)) {
1288 		if (ar->monitor_started) {
1289 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopping disallowed monitor\n");
1290 
1291 			ret = ath10k_monitor_stop(ar);
1292 			if (ret)
1293 				ath10k_warn(ar, "failed to stop disallowed monitor: %d\n",
1294 					    ret);
1295 				/* not serious */
1296 		}
1297 
1298 		return -EPERM;
1299 	}
1300 
1301 	if (needed == ar->monitor_started)
1302 		return 0;
1303 
1304 	if (needed)
1305 		return ath10k_monitor_start(ar);
1306 	else
1307 		return ath10k_monitor_stop(ar);
1308 }
1309 
1310 static bool ath10k_mac_can_set_cts_prot(struct ath10k_vif *arvif)
1311 {
1312 	struct ath10k *ar = arvif->ar;
1313 
1314 	lockdep_assert_held(&ar->conf_mutex);
1315 
1316 	if (!arvif->is_started) {
1317 		ath10k_dbg(ar, ATH10K_DBG_MAC, "defer cts setup, vdev is not ready yet\n");
1318 		return false;
1319 	}
1320 
1321 	return true;
1322 }
1323 
1324 static int ath10k_mac_set_cts_prot(struct ath10k_vif *arvif)
1325 {
1326 	struct ath10k *ar = arvif->ar;
1327 	u32 vdev_param;
1328 
1329 	lockdep_assert_held(&ar->conf_mutex);
1330 
1331 	vdev_param = ar->wmi.vdev_param->protection_mode;
1332 
1333 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d cts_protection %d\n",
1334 		   arvif->vdev_id, arvif->use_cts_prot);
1335 
1336 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1337 					 arvif->use_cts_prot ? 1 : 0);
1338 }
1339 
1340 static int ath10k_recalc_rtscts_prot(struct ath10k_vif *arvif)
1341 {
1342 	struct ath10k *ar = arvif->ar;
1343 	u32 vdev_param, rts_cts = 0;
1344 
1345 	lockdep_assert_held(&ar->conf_mutex);
1346 
1347 	vdev_param = ar->wmi.vdev_param->enable_rtscts;
1348 
1349 	rts_cts |= SM(WMI_RTSCTS_ENABLED, WMI_RTSCTS_SET);
1350 
1351 	if (arvif->num_legacy_stations > 0)
1352 		rts_cts |= SM(WMI_RTSCTS_ACROSS_SW_RETRIES,
1353 			      WMI_RTSCTS_PROFILE);
1354 	else
1355 		rts_cts |= SM(WMI_RTSCTS_FOR_SECOND_RATESERIES,
1356 			      WMI_RTSCTS_PROFILE);
1357 
1358 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d recalc rts/cts prot %d\n",
1359 		   arvif->vdev_id, rts_cts);
1360 
1361 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1362 					 rts_cts);
1363 }
1364 
1365 static int ath10k_start_cac(struct ath10k *ar)
1366 {
1367 	int ret;
1368 
1369 	lockdep_assert_held(&ar->conf_mutex);
1370 
1371 	set_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1372 
1373 	ret = ath10k_monitor_recalc(ar);
1374 	if (ret) {
1375 		ath10k_warn(ar, "failed to start monitor (cac): %d\n", ret);
1376 		clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1377 		return ret;
1378 	}
1379 
1380 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac start monitor vdev %d\n",
1381 		   ar->monitor_vdev_id);
1382 
1383 	return 0;
1384 }
1385 
1386 static int ath10k_stop_cac(struct ath10k *ar)
1387 {
1388 	lockdep_assert_held(&ar->conf_mutex);
1389 
1390 	/* CAC is not running - do nothing */
1391 	if (!test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags))
1392 		return 0;
1393 
1394 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1395 	ath10k_monitor_stop(ar);
1396 
1397 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac finished\n");
1398 
1399 	return 0;
1400 }
1401 
1402 static void ath10k_mac_has_radar_iter(struct ieee80211_hw *hw,
1403 				      struct ieee80211_chanctx_conf *conf,
1404 				      void *data)
1405 {
1406 	bool *ret = data;
1407 
1408 	if (!*ret && conf->radar_enabled)
1409 		*ret = true;
1410 }
1411 
1412 static bool ath10k_mac_has_radar_enabled(struct ath10k *ar)
1413 {
1414 	bool has_radar = false;
1415 
1416 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1417 					    ath10k_mac_has_radar_iter,
1418 					    &has_radar);
1419 
1420 	return has_radar;
1421 }
1422 
1423 static void ath10k_recalc_radar_detection(struct ath10k *ar)
1424 {
1425 	int ret;
1426 
1427 	lockdep_assert_held(&ar->conf_mutex);
1428 
1429 	ath10k_stop_cac(ar);
1430 
1431 	if (!ath10k_mac_has_radar_enabled(ar))
1432 		return;
1433 
1434 	if (ar->num_started_vdevs > 0)
1435 		return;
1436 
1437 	ret = ath10k_start_cac(ar);
1438 	if (ret) {
1439 		/*
1440 		 * Not possible to start CAC on current channel so starting
1441 		 * radiation is not allowed, make this channel DFS_UNAVAILABLE
1442 		 * by indicating that radar was detected.
1443 		 */
1444 		ath10k_warn(ar, "failed to start CAC: %d\n", ret);
1445 		ieee80211_radar_detected(ar->hw);
1446 	}
1447 }
1448 
1449 static int ath10k_vdev_stop(struct ath10k_vif *arvif)
1450 {
1451 	struct ath10k *ar = arvif->ar;
1452 	int ret;
1453 
1454 	lockdep_assert_held(&ar->conf_mutex);
1455 
1456 	reinit_completion(&ar->vdev_setup_done);
1457 	reinit_completion(&ar->vdev_delete_done);
1458 
1459 	ret = ath10k_wmi_vdev_stop(ar, arvif->vdev_id);
1460 	if (ret) {
1461 		ath10k_warn(ar, "failed to stop WMI vdev %i: %d\n",
1462 			    arvif->vdev_id, ret);
1463 		return ret;
1464 	}
1465 
1466 	ret = ath10k_vdev_setup_sync(ar);
1467 	if (ret) {
1468 		ath10k_warn(ar, "failed to synchronize setup for vdev %i: %d\n",
1469 			    arvif->vdev_id, ret);
1470 		return ret;
1471 	}
1472 
1473 	WARN_ON(ar->num_started_vdevs == 0);
1474 
1475 	if (ar->num_started_vdevs != 0) {
1476 		ar->num_started_vdevs--;
1477 		ath10k_recalc_radar_detection(ar);
1478 	}
1479 
1480 	return ret;
1481 }
1482 
1483 static int ath10k_vdev_start_restart(struct ath10k_vif *arvif,
1484 				     const struct cfg80211_chan_def *chandef,
1485 				     bool restart)
1486 {
1487 	struct ath10k *ar = arvif->ar;
1488 	struct wmi_vdev_start_request_arg arg = {};
1489 	int ret = 0;
1490 
1491 	lockdep_assert_held(&ar->conf_mutex);
1492 
1493 	reinit_completion(&ar->vdev_setup_done);
1494 	reinit_completion(&ar->vdev_delete_done);
1495 
1496 	arg.vdev_id = arvif->vdev_id;
1497 	arg.dtim_period = arvif->dtim_period;
1498 	arg.bcn_intval = arvif->beacon_interval;
1499 
1500 	arg.channel.freq = chandef->chan->center_freq;
1501 	arg.channel.band_center_freq1 = chandef->center_freq1;
1502 	arg.channel.band_center_freq2 = chandef->center_freq2;
1503 	arg.channel.mode = chan_to_phymode(chandef);
1504 
1505 	arg.channel.min_power = 0;
1506 	arg.channel.max_power = chandef->chan->max_power * 2;
1507 	arg.channel.max_reg_power = chandef->chan->max_reg_power * 2;
1508 	arg.channel.max_antenna_gain = chandef->chan->max_antenna_gain;
1509 
1510 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
1511 		arg.ssid = arvif->u.ap.ssid;
1512 		arg.ssid_len = arvif->u.ap.ssid_len;
1513 		arg.hidden_ssid = arvif->u.ap.hidden_ssid;
1514 
1515 		/* For now allow DFS for AP mode */
1516 		arg.channel.chan_radar =
1517 			!!(chandef->chan->flags & IEEE80211_CHAN_RADAR);
1518 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
1519 		arg.ssid = arvif->vif->cfg.ssid;
1520 		arg.ssid_len = arvif->vif->cfg.ssid_len;
1521 	}
1522 
1523 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1524 		   "mac vdev %d start center_freq %d phymode %s\n",
1525 		   arg.vdev_id, arg.channel.freq,
1526 		   ath10k_wmi_phymode_str(arg.channel.mode));
1527 
1528 	if (restart)
1529 		ret = ath10k_wmi_vdev_restart(ar, &arg);
1530 	else
1531 		ret = ath10k_wmi_vdev_start(ar, &arg);
1532 
1533 	if (ret) {
1534 		ath10k_warn(ar, "failed to start WMI vdev %i: %d\n",
1535 			    arg.vdev_id, ret);
1536 		return ret;
1537 	}
1538 
1539 	ret = ath10k_vdev_setup_sync(ar);
1540 	if (ret) {
1541 		ath10k_warn(ar,
1542 			    "failed to synchronize setup for vdev %i restart %d: %d\n",
1543 			    arg.vdev_id, restart, ret);
1544 		return ret;
1545 	}
1546 
1547 	ar->num_started_vdevs++;
1548 	ath10k_recalc_radar_detection(ar);
1549 
1550 	return ret;
1551 }
1552 
1553 static int ath10k_vdev_start(struct ath10k_vif *arvif,
1554 			     const struct cfg80211_chan_def *def)
1555 {
1556 	return ath10k_vdev_start_restart(arvif, def, false);
1557 }
1558 
1559 static int ath10k_vdev_restart(struct ath10k_vif *arvif,
1560 			       const struct cfg80211_chan_def *def)
1561 {
1562 	return ath10k_vdev_start_restart(arvif, def, true);
1563 }
1564 
1565 static int ath10k_mac_setup_bcn_p2p_ie(struct ath10k_vif *arvif,
1566 				       struct sk_buff *bcn)
1567 {
1568 	struct ath10k *ar = arvif->ar;
1569 	struct ieee80211_mgmt *mgmt;
1570 	const u8 *p2p_ie;
1571 	int ret;
1572 
1573 	if (arvif->vif->type != NL80211_IFTYPE_AP || !arvif->vif->p2p)
1574 		return 0;
1575 
1576 	mgmt = (void *)bcn->data;
1577 	p2p_ie = cfg80211_find_vendor_ie(WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1578 					 mgmt->u.beacon.variable,
1579 					 bcn->len - (mgmt->u.beacon.variable -
1580 						     bcn->data));
1581 	if (!p2p_ie)
1582 		return -ENOENT;
1583 
1584 	ret = ath10k_wmi_p2p_go_bcn_ie(ar, arvif->vdev_id, p2p_ie);
1585 	if (ret) {
1586 		ath10k_warn(ar, "failed to submit p2p go bcn ie for vdev %i: %d\n",
1587 			    arvif->vdev_id, ret);
1588 		return ret;
1589 	}
1590 
1591 	return 0;
1592 }
1593 
1594 static int ath10k_mac_remove_vendor_ie(struct sk_buff *skb, unsigned int oui,
1595 				       u8 oui_type, size_t ie_offset)
1596 {
1597 	size_t len;
1598 	const u8 *next;
1599 	const u8 *end;
1600 	u8 *ie;
1601 
1602 	if (WARN_ON(skb->len < ie_offset))
1603 		return -EINVAL;
1604 
1605 	ie = (u8 *)cfg80211_find_vendor_ie(oui, oui_type,
1606 					   skb->data + ie_offset,
1607 					   skb->len - ie_offset);
1608 	if (!ie)
1609 		return -ENOENT;
1610 
1611 	len = ie[1] + 2;
1612 	end = skb->data + skb->len;
1613 	next = ie + len;
1614 
1615 	if (WARN_ON(next > end))
1616 		return -EINVAL;
1617 
1618 	memmove(ie, next, end - next);
1619 	skb_trim(skb, skb->len - len);
1620 
1621 	return 0;
1622 }
1623 
1624 static int ath10k_mac_setup_bcn_tmpl(struct ath10k_vif *arvif)
1625 {
1626 	struct ath10k *ar = arvif->ar;
1627 	struct ieee80211_hw *hw = ar->hw;
1628 	struct ieee80211_vif *vif = arvif->vif;
1629 	struct ieee80211_mutable_offsets offs = {};
1630 	struct sk_buff *bcn;
1631 	int ret;
1632 
1633 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1634 		return 0;
1635 
1636 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
1637 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
1638 		return 0;
1639 
1640 	bcn = ieee80211_beacon_get_template(hw, vif, &offs, 0);
1641 	if (!bcn) {
1642 		ath10k_warn(ar, "failed to get beacon template from mac80211\n");
1643 		return -EPERM;
1644 	}
1645 
1646 	ret = ath10k_mac_setup_bcn_p2p_ie(arvif, bcn);
1647 	if (ret) {
1648 		ath10k_warn(ar, "failed to setup p2p go bcn ie: %d\n", ret);
1649 		kfree_skb(bcn);
1650 		return ret;
1651 	}
1652 
1653 	/* P2P IE is inserted by firmware automatically (as configured above)
1654 	 * so remove it from the base beacon template to avoid duplicate P2P
1655 	 * IEs in beacon frames.
1656 	 */
1657 	ath10k_mac_remove_vendor_ie(bcn, WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1658 				    offsetof(struct ieee80211_mgmt,
1659 					     u.beacon.variable));
1660 
1661 	ret = ath10k_wmi_bcn_tmpl(ar, arvif->vdev_id, offs.tim_offset, bcn, 0,
1662 				  0, NULL, 0);
1663 	kfree_skb(bcn);
1664 
1665 	if (ret) {
1666 		ath10k_warn(ar, "failed to submit beacon template command: %d\n",
1667 			    ret);
1668 		return ret;
1669 	}
1670 
1671 	return 0;
1672 }
1673 
1674 static int ath10k_mac_setup_prb_tmpl(struct ath10k_vif *arvif)
1675 {
1676 	struct ath10k *ar = arvif->ar;
1677 	struct ieee80211_hw *hw = ar->hw;
1678 	struct ieee80211_vif *vif = arvif->vif;
1679 	struct sk_buff *prb;
1680 	int ret;
1681 
1682 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1683 		return 0;
1684 
1685 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
1686 		return 0;
1687 
1688 	 /* For mesh, probe response and beacon share the same template */
1689 	if (ieee80211_vif_is_mesh(vif))
1690 		return 0;
1691 
1692 	prb = ieee80211_proberesp_get(hw, vif);
1693 	if (!prb) {
1694 		ath10k_warn(ar, "failed to get probe resp template from mac80211\n");
1695 		return -EPERM;
1696 	}
1697 
1698 	ret = ath10k_wmi_prb_tmpl(ar, arvif->vdev_id, prb);
1699 	kfree_skb(prb);
1700 
1701 	if (ret) {
1702 		ath10k_warn(ar, "failed to submit probe resp template command: %d\n",
1703 			    ret);
1704 		return ret;
1705 	}
1706 
1707 	return 0;
1708 }
1709 
1710 static int ath10k_mac_vif_fix_hidden_ssid(struct ath10k_vif *arvif)
1711 {
1712 	struct ath10k *ar = arvif->ar;
1713 	struct cfg80211_chan_def def;
1714 	int ret;
1715 
1716 	/* When originally vdev is started during assign_vif_chanctx() some
1717 	 * information is missing, notably SSID. Firmware revisions with beacon
1718 	 * offloading require the SSID to be provided during vdev (re)start to
1719 	 * handle hidden SSID properly.
1720 	 *
1721 	 * Vdev restart must be done after vdev has been both started and
1722 	 * upped. Otherwise some firmware revisions (at least 10.2) fail to
1723 	 * deliver vdev restart response event causing timeouts during vdev
1724 	 * syncing in ath10k.
1725 	 *
1726 	 * Note: The vdev down/up and template reinstallation could be skipped
1727 	 * since only wmi-tlv firmware are known to have beacon offload and
1728 	 * wmi-tlv doesn't seem to misbehave like 10.2 wrt vdev restart
1729 	 * response delivery. It's probably more robust to keep it as is.
1730 	 */
1731 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1732 		return 0;
1733 
1734 	if (WARN_ON(!arvif->is_started))
1735 		return -EINVAL;
1736 
1737 	if (WARN_ON(!arvif->is_up))
1738 		return -EINVAL;
1739 
1740 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
1741 		return -EINVAL;
1742 
1743 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1744 	if (ret) {
1745 		ath10k_warn(ar, "failed to bring down ap vdev %i: %d\n",
1746 			    arvif->vdev_id, ret);
1747 		return ret;
1748 	}
1749 
1750 	/* Vdev down reset beacon & presp templates. Reinstall them. Otherwise
1751 	 * firmware will crash upon vdev up.
1752 	 */
1753 
1754 	ret = ath10k_mac_setup_bcn_tmpl(arvif);
1755 	if (ret) {
1756 		ath10k_warn(ar, "failed to update beacon template: %d\n", ret);
1757 		return ret;
1758 	}
1759 
1760 	ret = ath10k_mac_setup_prb_tmpl(arvif);
1761 	if (ret) {
1762 		ath10k_warn(ar, "failed to update presp template: %d\n", ret);
1763 		return ret;
1764 	}
1765 
1766 	ret = ath10k_vdev_restart(arvif, &def);
1767 	if (ret) {
1768 		ath10k_warn(ar, "failed to restart ap vdev %i: %d\n",
1769 			    arvif->vdev_id, ret);
1770 		return ret;
1771 	}
1772 
1773 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1774 				 arvif->bssid);
1775 	if (ret) {
1776 		ath10k_warn(ar, "failed to bring up ap vdev %i: %d\n",
1777 			    arvif->vdev_id, ret);
1778 		return ret;
1779 	}
1780 
1781 	return 0;
1782 }
1783 
1784 static void ath10k_control_beaconing(struct ath10k_vif *arvif,
1785 				     struct ieee80211_bss_conf *info)
1786 {
1787 	struct ath10k *ar = arvif->ar;
1788 	int ret = 0;
1789 
1790 	lockdep_assert_held(&arvif->ar->conf_mutex);
1791 
1792 	if (!info->enable_beacon) {
1793 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1794 		if (ret)
1795 			ath10k_warn(ar, "failed to down vdev_id %i: %d\n",
1796 				    arvif->vdev_id, ret);
1797 
1798 		arvif->is_up = false;
1799 
1800 		spin_lock_bh(&arvif->ar->data_lock);
1801 		ath10k_mac_vif_beacon_free(arvif);
1802 		spin_unlock_bh(&arvif->ar->data_lock);
1803 
1804 		return;
1805 	}
1806 
1807 	arvif->tx_seq_no = 0x1000;
1808 
1809 	arvif->aid = 0;
1810 	ether_addr_copy(arvif->bssid, info->bssid);
1811 
1812 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1813 				 arvif->bssid);
1814 	if (ret) {
1815 		ath10k_warn(ar, "failed to bring up vdev %d: %i\n",
1816 			    arvif->vdev_id, ret);
1817 		return;
1818 	}
1819 
1820 	arvif->is_up = true;
1821 
1822 	ret = ath10k_mac_vif_fix_hidden_ssid(arvif);
1823 	if (ret) {
1824 		ath10k_warn(ar, "failed to fix hidden ssid for vdev %i, expect trouble: %d\n",
1825 			    arvif->vdev_id, ret);
1826 		return;
1827 	}
1828 
1829 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d up\n", arvif->vdev_id);
1830 }
1831 
1832 static void ath10k_control_ibss(struct ath10k_vif *arvif,
1833 				struct ieee80211_vif *vif)
1834 {
1835 	struct ath10k *ar = arvif->ar;
1836 	u32 vdev_param;
1837 	int ret = 0;
1838 
1839 	lockdep_assert_held(&arvif->ar->conf_mutex);
1840 
1841 	if (!vif->cfg.ibss_joined) {
1842 		if (is_zero_ether_addr(arvif->bssid))
1843 			return;
1844 
1845 		eth_zero_addr(arvif->bssid);
1846 
1847 		return;
1848 	}
1849 
1850 	vdev_param = arvif->ar->wmi.vdev_param->atim_window;
1851 	ret = ath10k_wmi_vdev_set_param(arvif->ar, arvif->vdev_id, vdev_param,
1852 					ATH10K_DEFAULT_ATIM);
1853 	if (ret)
1854 		ath10k_warn(ar, "failed to set IBSS ATIM for vdev %d: %d\n",
1855 			    arvif->vdev_id, ret);
1856 }
1857 
1858 static int ath10k_mac_vif_recalc_ps_wake_threshold(struct ath10k_vif *arvif)
1859 {
1860 	struct ath10k *ar = arvif->ar;
1861 	u32 param;
1862 	u32 value;
1863 	int ret;
1864 
1865 	lockdep_assert_held(&arvif->ar->conf_mutex);
1866 
1867 	if (arvif->u.sta.uapsd)
1868 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_NEVER;
1869 	else
1870 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_ALWAYS;
1871 
1872 	param = WMI_STA_PS_PARAM_TX_WAKE_THRESHOLD;
1873 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param, value);
1874 	if (ret) {
1875 		ath10k_warn(ar, "failed to submit ps wake threshold %u on vdev %i: %d\n",
1876 			    value, arvif->vdev_id, ret);
1877 		return ret;
1878 	}
1879 
1880 	return 0;
1881 }
1882 
1883 static int ath10k_mac_vif_recalc_ps_poll_count(struct ath10k_vif *arvif)
1884 {
1885 	struct ath10k *ar = arvif->ar;
1886 	u32 param;
1887 	u32 value;
1888 	int ret;
1889 
1890 	lockdep_assert_held(&arvif->ar->conf_mutex);
1891 
1892 	if (arvif->u.sta.uapsd)
1893 		value = WMI_STA_PS_PSPOLL_COUNT_UAPSD;
1894 	else
1895 		value = WMI_STA_PS_PSPOLL_COUNT_NO_MAX;
1896 
1897 	param = WMI_STA_PS_PARAM_PSPOLL_COUNT;
1898 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
1899 					  param, value);
1900 	if (ret) {
1901 		ath10k_warn(ar, "failed to submit ps poll count %u on vdev %i: %d\n",
1902 			    value, arvif->vdev_id, ret);
1903 		return ret;
1904 	}
1905 
1906 	return 0;
1907 }
1908 
1909 static int ath10k_mac_num_vifs_started(struct ath10k *ar)
1910 {
1911 	struct ath10k_vif *arvif;
1912 	int num = 0;
1913 
1914 	lockdep_assert_held(&ar->conf_mutex);
1915 
1916 	list_for_each_entry(arvif, &ar->arvifs, list)
1917 		if (arvif->is_started)
1918 			num++;
1919 
1920 	return num;
1921 }
1922 
1923 static int ath10k_mac_vif_setup_ps(struct ath10k_vif *arvif)
1924 {
1925 	struct ath10k *ar = arvif->ar;
1926 	struct ieee80211_vif *vif = arvif->vif;
1927 	struct ieee80211_conf *conf = &ar->hw->conf;
1928 	enum wmi_sta_powersave_param param;
1929 	enum wmi_sta_ps_mode psmode;
1930 	int ret;
1931 	int ps_timeout;
1932 	bool enable_ps;
1933 
1934 	lockdep_assert_held(&arvif->ar->conf_mutex);
1935 
1936 	if (arvif->vif->type != NL80211_IFTYPE_STATION)
1937 		return 0;
1938 
1939 	enable_ps = arvif->ps;
1940 
1941 	if (enable_ps && ath10k_mac_num_vifs_started(ar) > 1 &&
1942 	    !test_bit(ATH10K_FW_FEATURE_MULTI_VIF_PS_SUPPORT,
1943 		      ar->running_fw->fw_file.fw_features)) {
1944 		ath10k_warn(ar, "refusing to enable ps on vdev %i: not supported by fw\n",
1945 			    arvif->vdev_id);
1946 		enable_ps = false;
1947 	}
1948 
1949 	if (!arvif->is_started) {
1950 		/* mac80211 can update vif powersave state while disconnected.
1951 		 * Firmware doesn't behave nicely and consumes more power than
1952 		 * necessary if PS is disabled on a non-started vdev. Hence
1953 		 * force-enable PS for non-running vdevs.
1954 		 */
1955 		psmode = WMI_STA_PS_MODE_ENABLED;
1956 	} else if (enable_ps) {
1957 		psmode = WMI_STA_PS_MODE_ENABLED;
1958 		param = WMI_STA_PS_PARAM_INACTIVITY_TIME;
1959 
1960 		ps_timeout = conf->dynamic_ps_timeout;
1961 		if (ps_timeout == 0) {
1962 			/* Firmware doesn't like 0 */
1963 			ps_timeout = ieee80211_tu_to_usec(
1964 				vif->bss_conf.beacon_int) / 1000;
1965 		}
1966 
1967 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param,
1968 						  ps_timeout);
1969 		if (ret) {
1970 			ath10k_warn(ar, "failed to set inactivity time for vdev %d: %i\n",
1971 				    arvif->vdev_id, ret);
1972 			return ret;
1973 		}
1974 	} else {
1975 		psmode = WMI_STA_PS_MODE_DISABLED;
1976 	}
1977 
1978 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d psmode %s\n",
1979 		   arvif->vdev_id, psmode ? "enable" : "disable");
1980 
1981 	ret = ath10k_wmi_set_psmode(ar, arvif->vdev_id, psmode);
1982 	if (ret) {
1983 		ath10k_warn(ar, "failed to set PS Mode %d for vdev %d: %d\n",
1984 			    psmode, arvif->vdev_id, ret);
1985 		return ret;
1986 	}
1987 
1988 	return 0;
1989 }
1990 
1991 static int ath10k_mac_vif_disable_keepalive(struct ath10k_vif *arvif)
1992 {
1993 	struct ath10k *ar = arvif->ar;
1994 	struct wmi_sta_keepalive_arg arg = {};
1995 	int ret;
1996 
1997 	lockdep_assert_held(&arvif->ar->conf_mutex);
1998 
1999 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
2000 		return 0;
2001 
2002 	if (!test_bit(WMI_SERVICE_STA_KEEP_ALIVE, ar->wmi.svc_map))
2003 		return 0;
2004 
2005 	/* Some firmware revisions have a bug and ignore the `enabled` field.
2006 	 * Instead use the interval to disable the keepalive.
2007 	 */
2008 	arg.vdev_id = arvif->vdev_id;
2009 	arg.enabled = 1;
2010 	arg.method = WMI_STA_KEEPALIVE_METHOD_NULL_FRAME;
2011 	arg.interval = WMI_STA_KEEPALIVE_INTERVAL_DISABLE;
2012 
2013 	ret = ath10k_wmi_sta_keepalive(ar, &arg);
2014 	if (ret) {
2015 		ath10k_warn(ar, "failed to submit keepalive on vdev %i: %d\n",
2016 			    arvif->vdev_id, ret);
2017 		return ret;
2018 	}
2019 
2020 	return 0;
2021 }
2022 
2023 static void ath10k_mac_vif_ap_csa_count_down(struct ath10k_vif *arvif)
2024 {
2025 	struct ath10k *ar = arvif->ar;
2026 	struct ieee80211_vif *vif = arvif->vif;
2027 	int ret;
2028 
2029 	lockdep_assert_held(&arvif->ar->conf_mutex);
2030 
2031 	if (WARN_ON(!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)))
2032 		return;
2033 
2034 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
2035 		return;
2036 
2037 	if (!vif->bss_conf.csa_active)
2038 		return;
2039 
2040 	if (!arvif->is_up)
2041 		return;
2042 
2043 	if (!ieee80211_beacon_cntdwn_is_complete(vif)) {
2044 		ieee80211_beacon_update_cntdwn(vif);
2045 
2046 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
2047 		if (ret)
2048 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
2049 				    ret);
2050 
2051 		ret = ath10k_mac_setup_prb_tmpl(arvif);
2052 		if (ret)
2053 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
2054 				    ret);
2055 	} else {
2056 		ieee80211_csa_finish(vif);
2057 	}
2058 }
2059 
2060 static void ath10k_mac_vif_ap_csa_work(struct work_struct *work)
2061 {
2062 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2063 						ap_csa_work);
2064 	struct ath10k *ar = arvif->ar;
2065 
2066 	mutex_lock(&ar->conf_mutex);
2067 	ath10k_mac_vif_ap_csa_count_down(arvif);
2068 	mutex_unlock(&ar->conf_mutex);
2069 }
2070 
2071 static void ath10k_mac_handle_beacon_iter(void *data, u8 *mac,
2072 					  struct ieee80211_vif *vif)
2073 {
2074 	struct sk_buff *skb = data;
2075 	struct ieee80211_mgmt *mgmt = (void *)skb->data;
2076 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2077 
2078 	if (vif->type != NL80211_IFTYPE_STATION)
2079 		return;
2080 
2081 	if (!ether_addr_equal(mgmt->bssid, vif->bss_conf.bssid))
2082 		return;
2083 
2084 	cancel_delayed_work(&arvif->connection_loss_work);
2085 }
2086 
2087 void ath10k_mac_handle_beacon(struct ath10k *ar, struct sk_buff *skb)
2088 {
2089 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2090 						   ATH10K_ITER_NORMAL_FLAGS,
2091 						   ath10k_mac_handle_beacon_iter,
2092 						   skb);
2093 }
2094 
2095 static void ath10k_mac_handle_beacon_miss_iter(void *data, u8 *mac,
2096 					       struct ieee80211_vif *vif)
2097 {
2098 	u32 *vdev_id = data;
2099 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2100 	struct ath10k *ar = arvif->ar;
2101 	struct ieee80211_hw *hw = ar->hw;
2102 
2103 	if (arvif->vdev_id != *vdev_id)
2104 		return;
2105 
2106 	if (!arvif->is_up)
2107 		return;
2108 
2109 	ieee80211_beacon_loss(vif);
2110 
2111 	/* Firmware doesn't report beacon loss events repeatedly. If AP probe
2112 	 * (done by mac80211) succeeds but beacons do not resume then it
2113 	 * doesn't make sense to continue operation. Queue connection loss work
2114 	 * which can be cancelled when beacon is received.
2115 	 */
2116 	ieee80211_queue_delayed_work(hw, &arvif->connection_loss_work,
2117 				     ATH10K_CONNECTION_LOSS_HZ);
2118 }
2119 
2120 void ath10k_mac_handle_beacon_miss(struct ath10k *ar, u32 vdev_id)
2121 {
2122 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2123 						   ATH10K_ITER_NORMAL_FLAGS,
2124 						   ath10k_mac_handle_beacon_miss_iter,
2125 						   &vdev_id);
2126 }
2127 
2128 static void ath10k_mac_vif_sta_connection_loss_work(struct work_struct *work)
2129 {
2130 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2131 						connection_loss_work.work);
2132 	struct ieee80211_vif *vif = arvif->vif;
2133 
2134 	if (!arvif->is_up)
2135 		return;
2136 
2137 	ieee80211_connection_loss(vif);
2138 }
2139 
2140 /**********************/
2141 /* Station management */
2142 /**********************/
2143 
2144 static u32 ath10k_peer_assoc_h_listen_intval(struct ath10k *ar,
2145 					     struct ieee80211_vif *vif)
2146 {
2147 	/* Some firmware revisions have unstable STA powersave when listen
2148 	 * interval is set too high (e.g. 5). The symptoms are firmware doesn't
2149 	 * generate NullFunc frames properly even if buffered frames have been
2150 	 * indicated in Beacon TIM. Firmware would seldom wake up to pull
2151 	 * buffered frames. Often pinging the device from AP would simply fail.
2152 	 *
2153 	 * As a workaround set it to 1.
2154 	 */
2155 	if (vif->type == NL80211_IFTYPE_STATION)
2156 		return 1;
2157 
2158 	return ar->hw->conf.listen_interval;
2159 }
2160 
2161 static void ath10k_peer_assoc_h_basic(struct ath10k *ar,
2162 				      struct ieee80211_vif *vif,
2163 				      struct ieee80211_sta *sta,
2164 				      struct wmi_peer_assoc_complete_arg *arg)
2165 {
2166 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2167 	u32 aid;
2168 
2169 	lockdep_assert_held(&ar->conf_mutex);
2170 
2171 	if (vif->type == NL80211_IFTYPE_STATION)
2172 		aid = vif->cfg.aid;
2173 	else
2174 		aid = sta->aid;
2175 
2176 	ether_addr_copy(arg->addr, sta->addr);
2177 	arg->vdev_id = arvif->vdev_id;
2178 	arg->peer_aid = aid;
2179 	arg->peer_flags |= arvif->ar->wmi.peer_flags->auth;
2180 	arg->peer_listen_intval = ath10k_peer_assoc_h_listen_intval(ar, vif);
2181 	arg->peer_num_spatial_streams = 1;
2182 	arg->peer_caps = vif->bss_conf.assoc_capability;
2183 }
2184 
2185 static void ath10k_peer_assoc_h_crypto(struct ath10k *ar,
2186 				       struct ieee80211_vif *vif,
2187 				       struct ieee80211_sta *sta,
2188 				       struct wmi_peer_assoc_complete_arg *arg)
2189 {
2190 	struct ieee80211_bss_conf *info = &vif->bss_conf;
2191 	struct cfg80211_chan_def def;
2192 	struct cfg80211_bss *bss;
2193 	const u8 *rsnie = NULL;
2194 	const u8 *wpaie = NULL;
2195 
2196 	lockdep_assert_held(&ar->conf_mutex);
2197 
2198 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2199 		return;
2200 
2201 	bss = cfg80211_get_bss(ar->hw->wiphy, def.chan, info->bssid,
2202 			       vif->cfg.ssid_len ? vif->cfg.ssid : NULL,
2203 			       vif->cfg.ssid_len,
2204 			       IEEE80211_BSS_TYPE_ANY, IEEE80211_PRIVACY_ANY);
2205 	if (bss) {
2206 		const struct cfg80211_bss_ies *ies;
2207 
2208 		rcu_read_lock();
2209 		rsnie = ieee80211_bss_get_ie(bss, WLAN_EID_RSN);
2210 
2211 		ies = rcu_dereference(bss->ies);
2212 
2213 		wpaie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
2214 						WLAN_OUI_TYPE_MICROSOFT_WPA,
2215 						ies->data,
2216 						ies->len);
2217 		rcu_read_unlock();
2218 		cfg80211_put_bss(ar->hw->wiphy, bss);
2219 	}
2220 
2221 	/* FIXME: base on RSN IE/WPA IE is a correct idea? */
2222 	if (rsnie || wpaie) {
2223 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: rsn ie found\n", __func__);
2224 		arg->peer_flags |= ar->wmi.peer_flags->need_ptk_4_way;
2225 	}
2226 
2227 	if (wpaie) {
2228 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: wpa ie found\n", __func__);
2229 		arg->peer_flags |= ar->wmi.peer_flags->need_gtk_2_way;
2230 	}
2231 
2232 	if (sta->mfp &&
2233 	    test_bit(ATH10K_FW_FEATURE_MFP_SUPPORT,
2234 		     ar->running_fw->fw_file.fw_features)) {
2235 		arg->peer_flags |= ar->wmi.peer_flags->pmf;
2236 	}
2237 }
2238 
2239 static void ath10k_peer_assoc_h_rates(struct ath10k *ar,
2240 				      struct ieee80211_vif *vif,
2241 				      struct ieee80211_sta *sta,
2242 				      struct wmi_peer_assoc_complete_arg *arg)
2243 {
2244 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2245 	struct wmi_rate_set_arg *rateset = &arg->peer_legacy_rates;
2246 	struct cfg80211_chan_def def;
2247 	const struct ieee80211_supported_band *sband;
2248 	const struct ieee80211_rate *rates;
2249 	enum nl80211_band band;
2250 	u32 ratemask;
2251 	u8 rate;
2252 	int i;
2253 
2254 	lockdep_assert_held(&ar->conf_mutex);
2255 
2256 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2257 		return;
2258 
2259 	band = def.chan->band;
2260 	sband = ar->hw->wiphy->bands[band];
2261 	ratemask = sta->deflink.supp_rates[band];
2262 	ratemask &= arvif->bitrate_mask.control[band].legacy;
2263 	rates = sband->bitrates;
2264 
2265 	rateset->num_rates = 0;
2266 
2267 	for (i = 0; i < 32; i++, ratemask >>= 1, rates++) {
2268 		if (!(ratemask & 1))
2269 			continue;
2270 
2271 		rate = ath10k_mac_bitrate_to_rate(rates->bitrate);
2272 		rateset->rates[rateset->num_rates] = rate;
2273 		rateset->num_rates++;
2274 	}
2275 }
2276 
2277 static bool
2278 ath10k_peer_assoc_h_ht_masked(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
2279 {
2280 	int nss;
2281 
2282 	for (nss = 0; nss < IEEE80211_HT_MCS_MASK_LEN; nss++)
2283 		if (ht_mcs_mask[nss])
2284 			return false;
2285 
2286 	return true;
2287 }
2288 
2289 static bool
2290 ath10k_peer_assoc_h_vht_masked(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
2291 {
2292 	int nss;
2293 
2294 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++)
2295 		if (vht_mcs_mask[nss])
2296 			return false;
2297 
2298 	return true;
2299 }
2300 
2301 static void ath10k_peer_assoc_h_ht(struct ath10k *ar,
2302 				   struct ieee80211_vif *vif,
2303 				   struct ieee80211_sta *sta,
2304 				   struct wmi_peer_assoc_complete_arg *arg)
2305 {
2306 	const struct ieee80211_sta_ht_cap *ht_cap = &sta->deflink.ht_cap;
2307 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2308 	struct cfg80211_chan_def def;
2309 	enum nl80211_band band;
2310 	const u8 *ht_mcs_mask;
2311 	const u16 *vht_mcs_mask;
2312 	int i, n;
2313 	u8 max_nss;
2314 	u32 stbc;
2315 
2316 	lockdep_assert_held(&ar->conf_mutex);
2317 
2318 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2319 		return;
2320 
2321 	if (!ht_cap->ht_supported)
2322 		return;
2323 
2324 	band = def.chan->band;
2325 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2326 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2327 
2328 	if (ath10k_peer_assoc_h_ht_masked(ht_mcs_mask) &&
2329 	    ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2330 		return;
2331 
2332 	arg->peer_flags |= ar->wmi.peer_flags->ht;
2333 	arg->peer_max_mpdu = (1 << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2334 				    ht_cap->ampdu_factor)) - 1;
2335 
2336 	arg->peer_mpdu_density =
2337 		ath10k_parse_mpdudensity(ht_cap->ampdu_density);
2338 
2339 	arg->peer_ht_caps = ht_cap->cap;
2340 	arg->peer_rate_caps |= WMI_RC_HT_FLAG;
2341 
2342 	if (ht_cap->cap & IEEE80211_HT_CAP_LDPC_CODING)
2343 		arg->peer_flags |= ar->wmi.peer_flags->ldbc;
2344 
2345 	if (sta->deflink.bandwidth >= IEEE80211_STA_RX_BW_40) {
2346 		arg->peer_flags |= ar->wmi.peer_flags->bw40;
2347 		arg->peer_rate_caps |= WMI_RC_CW40_FLAG;
2348 	}
2349 
2350 	if (arvif->bitrate_mask.control[band].gi != NL80211_TXRATE_FORCE_LGI) {
2351 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_20)
2352 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2353 
2354 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_40)
2355 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2356 	}
2357 
2358 	if (ht_cap->cap & IEEE80211_HT_CAP_TX_STBC) {
2359 		arg->peer_rate_caps |= WMI_RC_TX_STBC_FLAG;
2360 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2361 	}
2362 
2363 	if (ht_cap->cap & IEEE80211_HT_CAP_RX_STBC) {
2364 		stbc = ht_cap->cap & IEEE80211_HT_CAP_RX_STBC;
2365 		stbc = stbc >> IEEE80211_HT_CAP_RX_STBC_SHIFT;
2366 		stbc = stbc << WMI_RC_RX_STBC_FLAG_S;
2367 		arg->peer_rate_caps |= stbc;
2368 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2369 	}
2370 
2371 	if (ht_cap->mcs.rx_mask[1] && ht_cap->mcs.rx_mask[2])
2372 		arg->peer_rate_caps |= WMI_RC_TS_FLAG;
2373 	else if (ht_cap->mcs.rx_mask[1])
2374 		arg->peer_rate_caps |= WMI_RC_DS_FLAG;
2375 
2376 	for (i = 0, n = 0, max_nss = 0; i < IEEE80211_HT_MCS_MASK_LEN * 8; i++)
2377 		if ((ht_cap->mcs.rx_mask[i / 8] & BIT(i % 8)) &&
2378 		    (ht_mcs_mask[i / 8] & BIT(i % 8))) {
2379 			max_nss = (i / 8) + 1;
2380 			arg->peer_ht_rates.rates[n++] = i;
2381 		}
2382 
2383 	/*
2384 	 * This is a workaround for HT-enabled STAs which break the spec
2385 	 * and have no HT capabilities RX mask (no HT RX MCS map).
2386 	 *
2387 	 * As per spec, in section 20.3.5 Modulation and coding scheme (MCS),
2388 	 * MCS 0 through 7 are mandatory in 20MHz with 800 ns GI at all STAs.
2389 	 *
2390 	 * Firmware asserts if such situation occurs.
2391 	 */
2392 	if (n == 0) {
2393 		arg->peer_ht_rates.num_rates = 8;
2394 		for (i = 0; i < arg->peer_ht_rates.num_rates; i++)
2395 			arg->peer_ht_rates.rates[i] = i;
2396 	} else {
2397 		arg->peer_ht_rates.num_rates = n;
2398 		arg->peer_num_spatial_streams = min(sta->deflink.rx_nss,
2399 						    max_nss);
2400 	}
2401 
2402 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ht peer %pM mcs cnt %d nss %d\n",
2403 		   arg->addr,
2404 		   arg->peer_ht_rates.num_rates,
2405 		   arg->peer_num_spatial_streams);
2406 }
2407 
2408 static int ath10k_peer_assoc_qos_ap(struct ath10k *ar,
2409 				    struct ath10k_vif *arvif,
2410 				    struct ieee80211_sta *sta)
2411 {
2412 	u32 uapsd = 0;
2413 	u32 max_sp = 0;
2414 	int ret = 0;
2415 
2416 	lockdep_assert_held(&ar->conf_mutex);
2417 
2418 	if (sta->wme && sta->uapsd_queues) {
2419 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac uapsd_queues 0x%x max_sp %d\n",
2420 			   sta->uapsd_queues, sta->max_sp);
2421 
2422 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
2423 			uapsd |= WMI_AP_PS_UAPSD_AC3_DELIVERY_EN |
2424 				 WMI_AP_PS_UAPSD_AC3_TRIGGER_EN;
2425 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
2426 			uapsd |= WMI_AP_PS_UAPSD_AC2_DELIVERY_EN |
2427 				 WMI_AP_PS_UAPSD_AC2_TRIGGER_EN;
2428 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
2429 			uapsd |= WMI_AP_PS_UAPSD_AC1_DELIVERY_EN |
2430 				 WMI_AP_PS_UAPSD_AC1_TRIGGER_EN;
2431 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
2432 			uapsd |= WMI_AP_PS_UAPSD_AC0_DELIVERY_EN |
2433 				 WMI_AP_PS_UAPSD_AC0_TRIGGER_EN;
2434 
2435 		if (sta->max_sp < MAX_WMI_AP_PS_PEER_PARAM_MAX_SP)
2436 			max_sp = sta->max_sp;
2437 
2438 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2439 						 sta->addr,
2440 						 WMI_AP_PS_PEER_PARAM_UAPSD,
2441 						 uapsd);
2442 		if (ret) {
2443 			ath10k_warn(ar, "failed to set ap ps peer param uapsd for vdev %i: %d\n",
2444 				    arvif->vdev_id, ret);
2445 			return ret;
2446 		}
2447 
2448 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2449 						 sta->addr,
2450 						 WMI_AP_PS_PEER_PARAM_MAX_SP,
2451 						 max_sp);
2452 		if (ret) {
2453 			ath10k_warn(ar, "failed to set ap ps peer param max sp for vdev %i: %d\n",
2454 				    arvif->vdev_id, ret);
2455 			return ret;
2456 		}
2457 
2458 		/* TODO setup this based on STA listen interval and
2459 		 * beacon interval. Currently we don't know
2460 		 * sta->listen_interval - mac80211 patch required.
2461 		 * Currently use 10 seconds
2462 		 */
2463 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id, sta->addr,
2464 						 WMI_AP_PS_PEER_PARAM_AGEOUT_TIME,
2465 						 10);
2466 		if (ret) {
2467 			ath10k_warn(ar, "failed to set ap ps peer param ageout time for vdev %i: %d\n",
2468 				    arvif->vdev_id, ret);
2469 			return ret;
2470 		}
2471 	}
2472 
2473 	return 0;
2474 }
2475 
2476 static u16
2477 ath10k_peer_assoc_h_vht_limit(u16 tx_mcs_set,
2478 			      const u16 vht_mcs_limit[NL80211_VHT_NSS_MAX])
2479 {
2480 	int idx_limit;
2481 	int nss;
2482 	u16 mcs_map;
2483 	u16 mcs;
2484 
2485 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
2486 		mcs_map = ath10k_mac_get_max_vht_mcs_map(tx_mcs_set, nss) &
2487 			  vht_mcs_limit[nss];
2488 
2489 		if (mcs_map)
2490 			idx_limit = fls(mcs_map) - 1;
2491 		else
2492 			idx_limit = -1;
2493 
2494 		switch (idx_limit) {
2495 		case 0:
2496 		case 1:
2497 		case 2:
2498 		case 3:
2499 		case 4:
2500 		case 5:
2501 		case 6:
2502 		default:
2503 			/* see ath10k_mac_can_set_bitrate_mask() */
2504 			WARN_ON(1);
2505 			fallthrough;
2506 		case -1:
2507 			mcs = IEEE80211_VHT_MCS_NOT_SUPPORTED;
2508 			break;
2509 		case 7:
2510 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_7;
2511 			break;
2512 		case 8:
2513 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_8;
2514 			break;
2515 		case 9:
2516 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_9;
2517 			break;
2518 		}
2519 
2520 		tx_mcs_set &= ~(0x3 << (nss * 2));
2521 		tx_mcs_set |= mcs << (nss * 2);
2522 	}
2523 
2524 	return tx_mcs_set;
2525 }
2526 
2527 static u32 get_160mhz_nss_from_maxrate(int rate)
2528 {
2529 	u32 nss;
2530 
2531 	switch (rate) {
2532 	case 780:
2533 		nss = 1;
2534 		break;
2535 	case 1560:
2536 		nss = 2;
2537 		break;
2538 	case 2106:
2539 		nss = 3; /* not support MCS9 from spec*/
2540 		break;
2541 	case 3120:
2542 		nss = 4;
2543 		break;
2544 	default:
2545 		 nss = 1;
2546 	}
2547 
2548 	return nss;
2549 }
2550 
2551 static void ath10k_peer_assoc_h_vht(struct ath10k *ar,
2552 				    struct ieee80211_vif *vif,
2553 				    struct ieee80211_sta *sta,
2554 				    struct wmi_peer_assoc_complete_arg *arg)
2555 {
2556 	const struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
2557 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2558 	struct ath10k_hw_params *hw = &ar->hw_params;
2559 	struct cfg80211_chan_def def;
2560 	enum nl80211_band band;
2561 	const u16 *vht_mcs_mask;
2562 	u8 ampdu_factor;
2563 	u8 max_nss, vht_mcs;
2564 	int i;
2565 
2566 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2567 		return;
2568 
2569 	if (!vht_cap->vht_supported)
2570 		return;
2571 
2572 	band = def.chan->band;
2573 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2574 
2575 	if (ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2576 		return;
2577 
2578 	arg->peer_flags |= ar->wmi.peer_flags->vht;
2579 
2580 	if (def.chan->band == NL80211_BAND_2GHZ)
2581 		arg->peer_flags |= ar->wmi.peer_flags->vht_2g;
2582 
2583 	arg->peer_vht_caps = vht_cap->cap;
2584 
2585 	ampdu_factor = (vht_cap->cap &
2586 			IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK) >>
2587 		       IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT;
2588 
2589 	/* Workaround: Some Netgear/Linksys 11ac APs set Rx A-MPDU factor to
2590 	 * zero in VHT IE. Using it would result in degraded throughput.
2591 	 * arg->peer_max_mpdu at this point contains HT max_mpdu so keep
2592 	 * it if VHT max_mpdu is smaller.
2593 	 */
2594 	arg->peer_max_mpdu = max(arg->peer_max_mpdu,
2595 				 (1U << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2596 					ampdu_factor)) - 1);
2597 
2598 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_80)
2599 		arg->peer_flags |= ar->wmi.peer_flags->bw80;
2600 
2601 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
2602 		arg->peer_flags |= ar->wmi.peer_flags->bw160;
2603 
2604 	/* Calculate peer NSS capability from VHT capabilities if STA
2605 	 * supports VHT.
2606 	 */
2607 	for (i = 0, max_nss = 0, vht_mcs = 0; i < NL80211_VHT_NSS_MAX; i++) {
2608 		vht_mcs = __le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map) >>
2609 			  (2 * i) & 3;
2610 
2611 		if ((vht_mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED) &&
2612 		    vht_mcs_mask[i])
2613 			max_nss = i + 1;
2614 	}
2615 	arg->peer_num_spatial_streams = min(sta->deflink.rx_nss, max_nss);
2616 	arg->peer_vht_rates.rx_max_rate =
2617 		__le16_to_cpu(vht_cap->vht_mcs.rx_highest);
2618 	arg->peer_vht_rates.rx_mcs_set =
2619 		__le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map);
2620 	arg->peer_vht_rates.tx_max_rate =
2621 		__le16_to_cpu(vht_cap->vht_mcs.tx_highest);
2622 	arg->peer_vht_rates.tx_mcs_set = ath10k_peer_assoc_h_vht_limit(
2623 		__le16_to_cpu(vht_cap->vht_mcs.tx_mcs_map), vht_mcs_mask);
2624 
2625 	/* Configure bandwidth-NSS mapping to FW
2626 	 * for the chip's tx chains setting on 160Mhz bw
2627 	 */
2628 	if (arg->peer_phymode == MODE_11AC_VHT160 ||
2629 	    arg->peer_phymode == MODE_11AC_VHT80_80) {
2630 		u32 rx_nss;
2631 		u32 max_rate;
2632 
2633 		max_rate = arg->peer_vht_rates.rx_max_rate;
2634 		rx_nss = get_160mhz_nss_from_maxrate(max_rate);
2635 
2636 		if (rx_nss == 0)
2637 			rx_nss = arg->peer_num_spatial_streams;
2638 		else
2639 			rx_nss = min(arg->peer_num_spatial_streams, rx_nss);
2640 
2641 		max_rate = hw->vht160_mcs_tx_highest;
2642 		rx_nss = min(rx_nss, get_160mhz_nss_from_maxrate(max_rate));
2643 
2644 		arg->peer_bw_rxnss_override =
2645 			FIELD_PREP(WMI_PEER_NSS_MAP_ENABLE, 1) |
2646 			FIELD_PREP(WMI_PEER_NSS_160MHZ_MASK, (rx_nss - 1));
2647 
2648 		if (arg->peer_phymode == MODE_11AC_VHT80_80) {
2649 			arg->peer_bw_rxnss_override |=
2650 			FIELD_PREP(WMI_PEER_NSS_80_80MHZ_MASK, (rx_nss - 1));
2651 		}
2652 	}
2653 	ath10k_dbg(ar, ATH10K_DBG_MAC,
2654 		   "mac vht peer %pM max_mpdu %d flags 0x%x peer_rx_nss_override 0x%x\n",
2655 		   sta->addr, arg->peer_max_mpdu,
2656 		   arg->peer_flags, arg->peer_bw_rxnss_override);
2657 }
2658 
2659 static void ath10k_peer_assoc_h_qos(struct ath10k *ar,
2660 				    struct ieee80211_vif *vif,
2661 				    struct ieee80211_sta *sta,
2662 				    struct wmi_peer_assoc_complete_arg *arg)
2663 {
2664 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2665 
2666 	switch (arvif->vdev_type) {
2667 	case WMI_VDEV_TYPE_AP:
2668 		if (sta->wme)
2669 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2670 
2671 		if (sta->wme && sta->uapsd_queues) {
2672 			arg->peer_flags |= arvif->ar->wmi.peer_flags->apsd;
2673 			arg->peer_rate_caps |= WMI_RC_UAPSD_FLAG;
2674 		}
2675 		break;
2676 	case WMI_VDEV_TYPE_STA:
2677 		if (sta->wme)
2678 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2679 		break;
2680 	case WMI_VDEV_TYPE_IBSS:
2681 		if (sta->wme)
2682 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2683 		break;
2684 	default:
2685 		break;
2686 	}
2687 
2688 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM qos %d\n",
2689 		   sta->addr, !!(arg->peer_flags &
2690 		   arvif->ar->wmi.peer_flags->qos));
2691 }
2692 
2693 static bool ath10k_mac_sta_has_ofdm_only(struct ieee80211_sta *sta)
2694 {
2695 	return sta->deflink.supp_rates[NL80211_BAND_2GHZ] >>
2696 	       ATH10K_MAC_FIRST_OFDM_RATE_IDX;
2697 }
2698 
2699 static enum wmi_phy_mode ath10k_mac_get_phymode_vht(struct ath10k *ar,
2700 						    struct ieee80211_sta *sta)
2701 {
2702 	struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
2703 
2704 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160) {
2705 		switch (vht_cap->cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) {
2706 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ:
2707 			return MODE_11AC_VHT160;
2708 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ:
2709 			return MODE_11AC_VHT80_80;
2710 		default:
2711 			/* not sure if this is a valid case? */
2712 			return MODE_11AC_VHT160;
2713 		}
2714 	}
2715 
2716 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_80)
2717 		return MODE_11AC_VHT80;
2718 
2719 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2720 		return MODE_11AC_VHT40;
2721 
2722 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_20)
2723 		return MODE_11AC_VHT20;
2724 
2725 	return MODE_UNKNOWN;
2726 }
2727 
2728 static void ath10k_peer_assoc_h_phymode(struct ath10k *ar,
2729 					struct ieee80211_vif *vif,
2730 					struct ieee80211_sta *sta,
2731 					struct wmi_peer_assoc_complete_arg *arg)
2732 {
2733 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2734 	struct cfg80211_chan_def def;
2735 	enum nl80211_band band;
2736 	const u8 *ht_mcs_mask;
2737 	const u16 *vht_mcs_mask;
2738 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
2739 
2740 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2741 		return;
2742 
2743 	band = def.chan->band;
2744 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2745 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2746 
2747 	switch (band) {
2748 	case NL80211_BAND_2GHZ:
2749 		if (sta->deflink.vht_cap.vht_supported &&
2750 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2751 			if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2752 				phymode = MODE_11AC_VHT40;
2753 			else
2754 				phymode = MODE_11AC_VHT20;
2755 		} else if (sta->deflink.ht_cap.ht_supported &&
2756 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2757 			if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2758 				phymode = MODE_11NG_HT40;
2759 			else
2760 				phymode = MODE_11NG_HT20;
2761 		} else if (ath10k_mac_sta_has_ofdm_only(sta)) {
2762 			phymode = MODE_11G;
2763 		} else {
2764 			phymode = MODE_11B;
2765 		}
2766 
2767 		break;
2768 	case NL80211_BAND_5GHZ:
2769 		/*
2770 		 * Check VHT first.
2771 		 */
2772 		if (sta->deflink.vht_cap.vht_supported &&
2773 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2774 			phymode = ath10k_mac_get_phymode_vht(ar, sta);
2775 		} else if (sta->deflink.ht_cap.ht_supported &&
2776 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2777 			if (sta->deflink.bandwidth >= IEEE80211_STA_RX_BW_40)
2778 				phymode = MODE_11NA_HT40;
2779 			else
2780 				phymode = MODE_11NA_HT20;
2781 		} else {
2782 			phymode = MODE_11A;
2783 		}
2784 
2785 		break;
2786 	default:
2787 		break;
2788 	}
2789 
2790 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM phymode %s\n",
2791 		   sta->addr, ath10k_wmi_phymode_str(phymode));
2792 
2793 	arg->peer_phymode = phymode;
2794 	WARN_ON(phymode == MODE_UNKNOWN);
2795 }
2796 
2797 static int ath10k_peer_assoc_prepare(struct ath10k *ar,
2798 				     struct ieee80211_vif *vif,
2799 				     struct ieee80211_sta *sta,
2800 				     struct wmi_peer_assoc_complete_arg *arg)
2801 {
2802 	lockdep_assert_held(&ar->conf_mutex);
2803 
2804 	memset(arg, 0, sizeof(*arg));
2805 
2806 	ath10k_peer_assoc_h_basic(ar, vif, sta, arg);
2807 	ath10k_peer_assoc_h_crypto(ar, vif, sta, arg);
2808 	ath10k_peer_assoc_h_rates(ar, vif, sta, arg);
2809 	ath10k_peer_assoc_h_ht(ar, vif, sta, arg);
2810 	ath10k_peer_assoc_h_phymode(ar, vif, sta, arg);
2811 	ath10k_peer_assoc_h_vht(ar, vif, sta, arg);
2812 	ath10k_peer_assoc_h_qos(ar, vif, sta, arg);
2813 
2814 	return 0;
2815 }
2816 
2817 static const u32 ath10k_smps_map[] = {
2818 	[WLAN_HT_CAP_SM_PS_STATIC] = WMI_PEER_SMPS_STATIC,
2819 	[WLAN_HT_CAP_SM_PS_DYNAMIC] = WMI_PEER_SMPS_DYNAMIC,
2820 	[WLAN_HT_CAP_SM_PS_INVALID] = WMI_PEER_SMPS_PS_NONE,
2821 	[WLAN_HT_CAP_SM_PS_DISABLED] = WMI_PEER_SMPS_PS_NONE,
2822 };
2823 
2824 static int ath10k_setup_peer_smps(struct ath10k *ar, struct ath10k_vif *arvif,
2825 				  const u8 *addr,
2826 				  const struct ieee80211_sta_ht_cap *ht_cap)
2827 {
2828 	int smps;
2829 
2830 	if (!ht_cap->ht_supported)
2831 		return 0;
2832 
2833 	smps = ht_cap->cap & IEEE80211_HT_CAP_SM_PS;
2834 	smps >>= IEEE80211_HT_CAP_SM_PS_SHIFT;
2835 
2836 	if (smps >= ARRAY_SIZE(ath10k_smps_map))
2837 		return -EINVAL;
2838 
2839 	return ath10k_wmi_peer_set_param(ar, arvif->vdev_id, addr,
2840 					 ar->wmi.peer_param->smps_state,
2841 					 ath10k_smps_map[smps]);
2842 }
2843 
2844 static int ath10k_mac_vif_recalc_txbf(struct ath10k *ar,
2845 				      struct ieee80211_vif *vif,
2846 				      struct ieee80211_sta_vht_cap vht_cap)
2847 {
2848 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2849 	int ret;
2850 	u32 param;
2851 	u32 value;
2852 
2853 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_AFTER_ASSOC)
2854 		return 0;
2855 
2856 	if (!(ar->vht_cap_info &
2857 	      (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2858 	       IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE |
2859 	       IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2860 	       IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
2861 		return 0;
2862 
2863 	param = ar->wmi.vdev_param->txbf;
2864 	value = 0;
2865 
2866 	if (WARN_ON(param == WMI_VDEV_PARAM_UNSUPPORTED))
2867 		return 0;
2868 
2869 	/* The following logic is correct. If a remote STA advertises support
2870 	 * for being a beamformer then we should enable us being a beamformee.
2871 	 */
2872 
2873 	if (ar->vht_cap_info &
2874 	    (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2875 	     IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
2876 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
2877 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2878 
2879 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
2880 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFEE;
2881 	}
2882 
2883 	if (ar->vht_cap_info &
2884 	    (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2885 	     IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
2886 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
2887 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2888 
2889 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
2890 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFER;
2891 	}
2892 
2893 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFEE)
2894 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2895 
2896 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFER)
2897 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2898 
2899 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param, value);
2900 	if (ret) {
2901 		ath10k_warn(ar, "failed to submit vdev param txbf 0x%x: %d\n",
2902 			    value, ret);
2903 		return ret;
2904 	}
2905 
2906 	return 0;
2907 }
2908 
2909 static bool ath10k_mac_is_connected(struct ath10k *ar)
2910 {
2911 	struct ath10k_vif *arvif;
2912 
2913 	list_for_each_entry(arvif, &ar->arvifs, list) {
2914 		if (arvif->is_up && arvif->vdev_type == WMI_VDEV_TYPE_STA)
2915 			return true;
2916 	}
2917 
2918 	return false;
2919 }
2920 
2921 static int ath10k_mac_txpower_setup(struct ath10k *ar, int txpower)
2922 {
2923 	int ret;
2924 	u32 param;
2925 	int tx_power_2g, tx_power_5g;
2926 	bool connected;
2927 
2928 	lockdep_assert_held(&ar->conf_mutex);
2929 
2930 	/* ath10k internally uses unit of 0.5 dBm so multiply by 2 */
2931 	tx_power_2g = txpower * 2;
2932 	tx_power_5g = txpower * 2;
2933 
2934 	connected = ath10k_mac_is_connected(ar);
2935 
2936 	if (connected && ar->tx_power_2g_limit)
2937 		if (tx_power_2g > ar->tx_power_2g_limit)
2938 			tx_power_2g = ar->tx_power_2g_limit;
2939 
2940 	if (connected && ar->tx_power_5g_limit)
2941 		if (tx_power_5g > ar->tx_power_5g_limit)
2942 			tx_power_5g = ar->tx_power_5g_limit;
2943 
2944 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac txpower 2g: %d, 5g: %d\n",
2945 		   tx_power_2g, tx_power_5g);
2946 
2947 	param = ar->wmi.pdev_param->txpower_limit2g;
2948 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_2g);
2949 	if (ret) {
2950 		ath10k_warn(ar, "failed to set 2g txpower %d: %d\n",
2951 			    tx_power_2g, ret);
2952 		return ret;
2953 	}
2954 
2955 	param = ar->wmi.pdev_param->txpower_limit5g;
2956 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_5g);
2957 	if (ret) {
2958 		ath10k_warn(ar, "failed to set 5g txpower %d: %d\n",
2959 			    tx_power_5g, ret);
2960 		return ret;
2961 	}
2962 
2963 	return 0;
2964 }
2965 
2966 static int ath10k_mac_txpower_recalc(struct ath10k *ar)
2967 {
2968 	struct ath10k_vif *arvif;
2969 	int ret, txpower = -1;
2970 
2971 	lockdep_assert_held(&ar->conf_mutex);
2972 
2973 	list_for_each_entry(arvif, &ar->arvifs, list) {
2974 		/* txpower not initialized yet? */
2975 		if (arvif->txpower == INT_MIN)
2976 			continue;
2977 
2978 		if (txpower == -1)
2979 			txpower = arvif->txpower;
2980 		else
2981 			txpower = min(txpower, arvif->txpower);
2982 	}
2983 
2984 	if (txpower == -1)
2985 		return 0;
2986 
2987 	ret = ath10k_mac_txpower_setup(ar, txpower);
2988 	if (ret) {
2989 		ath10k_warn(ar, "failed to setup tx power %d: %d\n",
2990 			    txpower, ret);
2991 		return ret;
2992 	}
2993 
2994 	return 0;
2995 }
2996 
2997 static int ath10k_mac_set_sar_power(struct ath10k *ar)
2998 {
2999 	if (!ar->hw_params.dynamic_sar_support)
3000 		return -EOPNOTSUPP;
3001 
3002 	if (!ath10k_mac_is_connected(ar))
3003 		return 0;
3004 
3005 	/* if connected, then arvif->txpower must be valid */
3006 	return ath10k_mac_txpower_recalc(ar);
3007 }
3008 
3009 static int ath10k_mac_set_sar_specs(struct ieee80211_hw *hw,
3010 				    const struct cfg80211_sar_specs *sar)
3011 {
3012 	const struct cfg80211_sar_sub_specs *sub_specs;
3013 	struct ath10k *ar = hw->priv;
3014 	u32 i;
3015 	int ret;
3016 
3017 	mutex_lock(&ar->conf_mutex);
3018 
3019 	if (!ar->hw_params.dynamic_sar_support) {
3020 		ret = -EOPNOTSUPP;
3021 		goto err;
3022 	}
3023 
3024 	if (!sar || sar->type != NL80211_SAR_TYPE_POWER ||
3025 	    sar->num_sub_specs == 0) {
3026 		ret = -EINVAL;
3027 		goto err;
3028 	}
3029 
3030 	sub_specs = sar->sub_specs;
3031 
3032 	/* 0dbm is not a practical value for ath10k, so use 0
3033 	 * as no SAR limitation on it.
3034 	 */
3035 	ar->tx_power_2g_limit = 0;
3036 	ar->tx_power_5g_limit = 0;
3037 
3038 	/* note the power is in 0.25dbm unit, while ath10k uses
3039 	 * 0.5dbm unit.
3040 	 */
3041 	for (i = 0; i < sar->num_sub_specs; i++) {
3042 		if (sub_specs->freq_range_index == 0)
3043 			ar->tx_power_2g_limit = sub_specs->power / 2;
3044 		else if (sub_specs->freq_range_index == 1)
3045 			ar->tx_power_5g_limit = sub_specs->power / 2;
3046 
3047 		sub_specs++;
3048 	}
3049 
3050 	ret = ath10k_mac_set_sar_power(ar);
3051 	if (ret) {
3052 		ath10k_warn(ar, "failed to set sar power: %d", ret);
3053 		goto err;
3054 	}
3055 
3056 err:
3057 	mutex_unlock(&ar->conf_mutex);
3058 	return ret;
3059 }
3060 
3061 /* can be called only in mac80211 callbacks due to `key_count` usage */
3062 static void ath10k_bss_assoc(struct ieee80211_hw *hw,
3063 			     struct ieee80211_vif *vif,
3064 			     struct ieee80211_bss_conf *bss_conf)
3065 {
3066 	struct ath10k *ar = hw->priv;
3067 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3068 	struct ieee80211_sta_ht_cap ht_cap;
3069 	struct ieee80211_sta_vht_cap vht_cap;
3070 	struct wmi_peer_assoc_complete_arg peer_arg;
3071 	struct ieee80211_sta *ap_sta;
3072 	int ret;
3073 
3074 	lockdep_assert_held(&ar->conf_mutex);
3075 
3076 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i assoc bssid %pM aid %d\n",
3077 		   arvif->vdev_id, arvif->bssid, arvif->aid);
3078 
3079 	rcu_read_lock();
3080 
3081 	ap_sta = ieee80211_find_sta(vif, bss_conf->bssid);
3082 	if (!ap_sta) {
3083 		ath10k_warn(ar, "failed to find station entry for bss %pM vdev %i\n",
3084 			    bss_conf->bssid, arvif->vdev_id);
3085 		rcu_read_unlock();
3086 		return;
3087 	}
3088 
3089 	/* ap_sta must be accessed only within rcu section which must be left
3090 	 * before calling ath10k_setup_peer_smps() which might sleep.
3091 	 */
3092 	ht_cap = ap_sta->deflink.ht_cap;
3093 	vht_cap = ap_sta->deflink.vht_cap;
3094 
3095 	ret = ath10k_peer_assoc_prepare(ar, vif, ap_sta, &peer_arg);
3096 	if (ret) {
3097 		ath10k_warn(ar, "failed to prepare peer assoc for %pM vdev %i: %d\n",
3098 			    bss_conf->bssid, arvif->vdev_id, ret);
3099 		rcu_read_unlock();
3100 		return;
3101 	}
3102 
3103 	rcu_read_unlock();
3104 
3105 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3106 	if (ret) {
3107 		ath10k_warn(ar, "failed to run peer assoc for %pM vdev %i: %d\n",
3108 			    bss_conf->bssid, arvif->vdev_id, ret);
3109 		return;
3110 	}
3111 
3112 	ret = ath10k_setup_peer_smps(ar, arvif, bss_conf->bssid, &ht_cap);
3113 	if (ret) {
3114 		ath10k_warn(ar, "failed to setup peer SMPS for vdev %i: %d\n",
3115 			    arvif->vdev_id, ret);
3116 		return;
3117 	}
3118 
3119 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3120 	if (ret) {
3121 		ath10k_warn(ar, "failed to recalc txbf for vdev %i on bss %pM: %d\n",
3122 			    arvif->vdev_id, bss_conf->bssid, ret);
3123 		return;
3124 	}
3125 
3126 	ath10k_dbg(ar, ATH10K_DBG_MAC,
3127 		   "mac vdev %d up (associated) bssid %pM aid %d\n",
3128 		   arvif->vdev_id, bss_conf->bssid, vif->cfg.aid);
3129 
3130 	WARN_ON(arvif->is_up);
3131 
3132 	arvif->aid = vif->cfg.aid;
3133 	ether_addr_copy(arvif->bssid, bss_conf->bssid);
3134 
3135 	ret = ath10k_wmi_pdev_set_param(ar,
3136 					ar->wmi.pdev_param->peer_stats_info_enable, 1);
3137 	if (ret)
3138 		ath10k_warn(ar, "failed to enable peer stats info: %d\n", ret);
3139 
3140 	ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, arvif->aid, arvif->bssid);
3141 	if (ret) {
3142 		ath10k_warn(ar, "failed to set vdev %d up: %d\n",
3143 			    arvif->vdev_id, ret);
3144 		return;
3145 	}
3146 
3147 	arvif->is_up = true;
3148 
3149 	ath10k_mac_set_sar_power(ar);
3150 
3151 	/* Workaround: Some firmware revisions (tested with qca6174
3152 	 * WLAN.RM.2.0-00073) have buggy powersave state machine and must be
3153 	 * poked with peer param command.
3154 	 */
3155 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, arvif->bssid,
3156 					ar->wmi.peer_param->dummy_var, 1);
3157 	if (ret) {
3158 		ath10k_warn(ar, "failed to poke peer %pM param for ps workaround on vdev %i: %d\n",
3159 			    arvif->bssid, arvif->vdev_id, ret);
3160 		return;
3161 	}
3162 }
3163 
3164 static void ath10k_bss_disassoc(struct ieee80211_hw *hw,
3165 				struct ieee80211_vif *vif)
3166 {
3167 	struct ath10k *ar = hw->priv;
3168 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3169 	struct ieee80211_sta_vht_cap vht_cap = {};
3170 	int ret;
3171 
3172 	lockdep_assert_held(&ar->conf_mutex);
3173 
3174 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i disassoc bssid %pM\n",
3175 		   arvif->vdev_id, arvif->bssid);
3176 
3177 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
3178 	if (ret)
3179 		ath10k_warn(ar, "failed to down vdev %i: %d\n",
3180 			    arvif->vdev_id, ret);
3181 
3182 	arvif->def_wep_key_idx = -1;
3183 
3184 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3185 	if (ret) {
3186 		ath10k_warn(ar, "failed to recalc txbf for vdev %i: %d\n",
3187 			    arvif->vdev_id, ret);
3188 		return;
3189 	}
3190 
3191 	arvif->is_up = false;
3192 
3193 	ath10k_mac_txpower_recalc(ar);
3194 
3195 	cancel_delayed_work_sync(&arvif->connection_loss_work);
3196 }
3197 
3198 static int ath10k_new_peer_tid_config(struct ath10k *ar,
3199 				      struct ieee80211_sta *sta,
3200 				      struct ath10k_vif *arvif)
3201 {
3202 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
3203 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
3204 	bool config_apply;
3205 	int ret, i;
3206 
3207 	for (i = 0; i < ATH10K_TID_MAX; i++) {
3208 		config_apply = false;
3209 		if (arvif->retry_long[i] || arvif->ampdu[i] ||
3210 		    arvif->rate_ctrl[i] || arvif->rtscts[i]) {
3211 			config_apply = true;
3212 			arg.tid = i;
3213 			arg.vdev_id = arvif->vdev_id;
3214 			arg.retry_count = arvif->retry_long[i];
3215 			arg.aggr_control = arvif->ampdu[i];
3216 			arg.rate_ctrl = arvif->rate_ctrl[i];
3217 			arg.rcode_flags = arvif->rate_code[i];
3218 
3219 			if (arvif->rtscts[i])
3220 				arg.ext_tid_cfg_bitmap =
3221 					WMI_EXT_TID_RTS_CTS_CONFIG;
3222 			else
3223 				arg.ext_tid_cfg_bitmap = 0;
3224 
3225 			arg.rtscts_ctrl = arvif->rtscts[i];
3226 		}
3227 
3228 		if (arvif->noack[i]) {
3229 			arg.ack_policy = arvif->noack[i];
3230 			arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
3231 			arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
3232 			config_apply = true;
3233 		}
3234 
3235 		/* Assign default value(-1) to newly connected station.
3236 		 * This is to identify station specific tid configuration not
3237 		 * configured for the station.
3238 		 */
3239 		arsta->retry_long[i] = -1;
3240 		arsta->noack[i] = -1;
3241 		arsta->ampdu[i] = -1;
3242 
3243 		if (!config_apply)
3244 			continue;
3245 
3246 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
3247 
3248 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
3249 		if (ret) {
3250 			ath10k_warn(ar, "failed to set per tid retry/aggr config for sta %pM: %d\n",
3251 				    sta->addr, ret);
3252 			return ret;
3253 		}
3254 
3255 		memset(&arg, 0, sizeof(arg));
3256 	}
3257 
3258 	return 0;
3259 }
3260 
3261 static int ath10k_station_assoc(struct ath10k *ar,
3262 				struct ieee80211_vif *vif,
3263 				struct ieee80211_sta *sta,
3264 				bool reassoc)
3265 {
3266 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3267 	struct wmi_peer_assoc_complete_arg peer_arg;
3268 	int ret = 0;
3269 
3270 	lockdep_assert_held(&ar->conf_mutex);
3271 
3272 	ret = ath10k_peer_assoc_prepare(ar, vif, sta, &peer_arg);
3273 	if (ret) {
3274 		ath10k_warn(ar, "failed to prepare WMI peer assoc for %pM vdev %i: %i\n",
3275 			    sta->addr, arvif->vdev_id, ret);
3276 		return ret;
3277 	}
3278 
3279 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3280 	if (ret) {
3281 		ath10k_warn(ar, "failed to run peer assoc for STA %pM vdev %i: %d\n",
3282 			    sta->addr, arvif->vdev_id, ret);
3283 		return ret;
3284 	}
3285 
3286 	/* Re-assoc is run only to update supported rates for given station. It
3287 	 * doesn't make much sense to reconfigure the peer completely.
3288 	 */
3289 	if (!reassoc) {
3290 		ret = ath10k_setup_peer_smps(ar, arvif, sta->addr,
3291 					     &sta->deflink.ht_cap);
3292 		if (ret) {
3293 			ath10k_warn(ar, "failed to setup peer SMPS for vdev %d: %d\n",
3294 				    arvif->vdev_id, ret);
3295 			return ret;
3296 		}
3297 
3298 		ret = ath10k_peer_assoc_qos_ap(ar, arvif, sta);
3299 		if (ret) {
3300 			ath10k_warn(ar, "failed to set qos params for STA %pM for vdev %i: %d\n",
3301 				    sta->addr, arvif->vdev_id, ret);
3302 			return ret;
3303 		}
3304 
3305 		if (!sta->wme) {
3306 			arvif->num_legacy_stations++;
3307 			ret  = ath10k_recalc_rtscts_prot(arvif);
3308 			if (ret) {
3309 				ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3310 					    arvif->vdev_id, ret);
3311 				return ret;
3312 			}
3313 		}
3314 
3315 		/* Plumb cached keys only for static WEP */
3316 		if ((arvif->def_wep_key_idx != -1) && (!sta->tdls)) {
3317 			ret = ath10k_install_peer_wep_keys(arvif, sta->addr);
3318 			if (ret) {
3319 				ath10k_warn(ar, "failed to install peer wep keys for vdev %i: %d\n",
3320 					    arvif->vdev_id, ret);
3321 				return ret;
3322 			}
3323 		}
3324 	}
3325 
3326 	if (!test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map))
3327 		return ret;
3328 
3329 	return ath10k_new_peer_tid_config(ar, sta, arvif);
3330 }
3331 
3332 static int ath10k_station_disassoc(struct ath10k *ar,
3333 				   struct ieee80211_vif *vif,
3334 				   struct ieee80211_sta *sta)
3335 {
3336 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3337 	int ret = 0;
3338 
3339 	lockdep_assert_held(&ar->conf_mutex);
3340 
3341 	if (!sta->wme) {
3342 		arvif->num_legacy_stations--;
3343 		ret = ath10k_recalc_rtscts_prot(arvif);
3344 		if (ret) {
3345 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3346 				    arvif->vdev_id, ret);
3347 			return ret;
3348 		}
3349 	}
3350 
3351 	ret = ath10k_clear_peer_keys(arvif, sta->addr);
3352 	if (ret) {
3353 		ath10k_warn(ar, "failed to clear all peer wep keys for vdev %i: %d\n",
3354 			    arvif->vdev_id, ret);
3355 		return ret;
3356 	}
3357 
3358 	return ret;
3359 }
3360 
3361 /**************/
3362 /* Regulatory */
3363 /**************/
3364 
3365 static int ath10k_update_channel_list(struct ath10k *ar)
3366 {
3367 	struct ieee80211_hw *hw = ar->hw;
3368 	struct ieee80211_supported_band **bands;
3369 	enum nl80211_band band;
3370 	struct ieee80211_channel *channel;
3371 	struct wmi_scan_chan_list_arg arg = {0};
3372 	struct wmi_channel_arg *ch;
3373 	bool passive;
3374 	int len;
3375 	int ret;
3376 	int i;
3377 
3378 	lockdep_assert_held(&ar->conf_mutex);
3379 
3380 	bands = hw->wiphy->bands;
3381 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3382 		if (!bands[band])
3383 			continue;
3384 
3385 		for (i = 0; i < bands[band]->n_channels; i++) {
3386 			if (bands[band]->channels[i].flags &
3387 			    IEEE80211_CHAN_DISABLED)
3388 				continue;
3389 
3390 			arg.n_channels++;
3391 		}
3392 	}
3393 
3394 	len = sizeof(struct wmi_channel_arg) * arg.n_channels;
3395 	arg.channels = kzalloc(len, GFP_KERNEL);
3396 	if (!arg.channels)
3397 		return -ENOMEM;
3398 
3399 	ch = arg.channels;
3400 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3401 		if (!bands[band])
3402 			continue;
3403 
3404 		for (i = 0; i < bands[band]->n_channels; i++) {
3405 			channel = &bands[band]->channels[i];
3406 
3407 			if (channel->flags & IEEE80211_CHAN_DISABLED)
3408 				continue;
3409 
3410 			ch->allow_ht = true;
3411 
3412 			/* FIXME: when should we really allow VHT? */
3413 			ch->allow_vht = true;
3414 
3415 			ch->allow_ibss =
3416 				!(channel->flags & IEEE80211_CHAN_NO_IR);
3417 
3418 			ch->ht40plus =
3419 				!(channel->flags & IEEE80211_CHAN_NO_HT40PLUS);
3420 
3421 			ch->chan_radar =
3422 				!!(channel->flags & IEEE80211_CHAN_RADAR);
3423 
3424 			passive = channel->flags & IEEE80211_CHAN_NO_IR;
3425 			ch->passive = passive;
3426 
3427 			/* the firmware is ignoring the "radar" flag of the
3428 			 * channel and is scanning actively using Probe Requests
3429 			 * on "Radar detection"/DFS channels which are not
3430 			 * marked as "available"
3431 			 */
3432 			ch->passive |= ch->chan_radar;
3433 
3434 			ch->freq = channel->center_freq;
3435 			ch->band_center_freq1 = channel->center_freq;
3436 			ch->min_power = 0;
3437 			ch->max_power = channel->max_power * 2;
3438 			ch->max_reg_power = channel->max_reg_power * 2;
3439 			ch->max_antenna_gain = channel->max_antenna_gain;
3440 			ch->reg_class_id = 0; /* FIXME */
3441 
3442 			/* FIXME: why use only legacy modes, why not any
3443 			 * HT/VHT modes? Would that even make any
3444 			 * difference?
3445 			 */
3446 			if (channel->band == NL80211_BAND_2GHZ)
3447 				ch->mode = MODE_11G;
3448 			else
3449 				ch->mode = MODE_11A;
3450 
3451 			if (WARN_ON_ONCE(ch->mode == MODE_UNKNOWN))
3452 				continue;
3453 
3454 			ath10k_dbg(ar, ATH10K_DBG_WMI,
3455 				   "mac channel [%zd/%d] freq %d maxpower %d regpower %d antenna %d mode %d\n",
3456 				    ch - arg.channels, arg.n_channels,
3457 				   ch->freq, ch->max_power, ch->max_reg_power,
3458 				   ch->max_antenna_gain, ch->mode);
3459 
3460 			ch++;
3461 		}
3462 	}
3463 
3464 	ret = ath10k_wmi_scan_chan_list(ar, &arg);
3465 	kfree(arg.channels);
3466 
3467 	return ret;
3468 }
3469 
3470 static enum wmi_dfs_region
3471 ath10k_mac_get_dfs_region(enum nl80211_dfs_regions dfs_region)
3472 {
3473 	switch (dfs_region) {
3474 	case NL80211_DFS_UNSET:
3475 		return WMI_UNINIT_DFS_DOMAIN;
3476 	case NL80211_DFS_FCC:
3477 		return WMI_FCC_DFS_DOMAIN;
3478 	case NL80211_DFS_ETSI:
3479 		return WMI_ETSI_DFS_DOMAIN;
3480 	case NL80211_DFS_JP:
3481 		return WMI_MKK4_DFS_DOMAIN;
3482 	}
3483 	return WMI_UNINIT_DFS_DOMAIN;
3484 }
3485 
3486 static void ath10k_regd_update(struct ath10k *ar)
3487 {
3488 	struct reg_dmn_pair_mapping *regpair;
3489 	int ret;
3490 	enum wmi_dfs_region wmi_dfs_reg;
3491 	enum nl80211_dfs_regions nl_dfs_reg;
3492 
3493 	lockdep_assert_held(&ar->conf_mutex);
3494 
3495 	ret = ath10k_update_channel_list(ar);
3496 	if (ret)
3497 		ath10k_warn(ar, "failed to update channel list: %d\n", ret);
3498 
3499 	regpair = ar->ath_common.regulatory.regpair;
3500 
3501 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3502 		nl_dfs_reg = ar->dfs_detector->region;
3503 		wmi_dfs_reg = ath10k_mac_get_dfs_region(nl_dfs_reg);
3504 	} else {
3505 		wmi_dfs_reg = WMI_UNINIT_DFS_DOMAIN;
3506 	}
3507 
3508 	/* Target allows setting up per-band regdomain but ath_common provides
3509 	 * a combined one only
3510 	 */
3511 	ret = ath10k_wmi_pdev_set_regdomain(ar,
3512 					    regpair->reg_domain,
3513 					    regpair->reg_domain, /* 2ghz */
3514 					    regpair->reg_domain, /* 5ghz */
3515 					    regpair->reg_2ghz_ctl,
3516 					    regpair->reg_5ghz_ctl,
3517 					    wmi_dfs_reg);
3518 	if (ret)
3519 		ath10k_warn(ar, "failed to set pdev regdomain: %d\n", ret);
3520 }
3521 
3522 static void ath10k_mac_update_channel_list(struct ath10k *ar,
3523 					   struct ieee80211_supported_band *band)
3524 {
3525 	int i;
3526 
3527 	if (ar->low_5ghz_chan && ar->high_5ghz_chan) {
3528 		for (i = 0; i < band->n_channels; i++) {
3529 			if (band->channels[i].center_freq < ar->low_5ghz_chan ||
3530 			    band->channels[i].center_freq > ar->high_5ghz_chan)
3531 				band->channels[i].flags |=
3532 					IEEE80211_CHAN_DISABLED;
3533 		}
3534 	}
3535 }
3536 
3537 static void ath10k_reg_notifier(struct wiphy *wiphy,
3538 				struct regulatory_request *request)
3539 {
3540 	struct ieee80211_hw *hw = wiphy_to_ieee80211_hw(wiphy);
3541 	struct ath10k *ar = hw->priv;
3542 	bool result;
3543 
3544 	ath_reg_notifier_apply(wiphy, request, &ar->ath_common.regulatory);
3545 
3546 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3547 		ath10k_dbg(ar, ATH10K_DBG_REGULATORY, "dfs region 0x%x\n",
3548 			   request->dfs_region);
3549 		result = ar->dfs_detector->set_dfs_domain(ar->dfs_detector,
3550 							  request->dfs_region);
3551 		if (!result)
3552 			ath10k_warn(ar, "DFS region 0x%X not supported, will trigger radar for every pulse\n",
3553 				    request->dfs_region);
3554 	}
3555 
3556 	mutex_lock(&ar->conf_mutex);
3557 	if (ar->state == ATH10K_STATE_ON)
3558 		ath10k_regd_update(ar);
3559 	mutex_unlock(&ar->conf_mutex);
3560 
3561 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
3562 		ath10k_mac_update_channel_list(ar,
3563 					       ar->hw->wiphy->bands[NL80211_BAND_5GHZ]);
3564 }
3565 
3566 static void ath10k_stop_radar_confirmation(struct ath10k *ar)
3567 {
3568 	spin_lock_bh(&ar->data_lock);
3569 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_STOPPED;
3570 	spin_unlock_bh(&ar->data_lock);
3571 
3572 	cancel_work_sync(&ar->radar_confirmation_work);
3573 }
3574 
3575 /***************/
3576 /* TX handlers */
3577 /***************/
3578 
3579 enum ath10k_mac_tx_path {
3580 	ATH10K_MAC_TX_HTT,
3581 	ATH10K_MAC_TX_HTT_MGMT,
3582 	ATH10K_MAC_TX_WMI_MGMT,
3583 	ATH10K_MAC_TX_UNKNOWN,
3584 };
3585 
3586 void ath10k_mac_tx_lock(struct ath10k *ar, int reason)
3587 {
3588 	lockdep_assert_held(&ar->htt.tx_lock);
3589 
3590 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3591 	ar->tx_paused |= BIT(reason);
3592 	ieee80211_stop_queues(ar->hw);
3593 }
3594 
3595 static void ath10k_mac_tx_unlock_iter(void *data, u8 *mac,
3596 				      struct ieee80211_vif *vif)
3597 {
3598 	struct ath10k *ar = data;
3599 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3600 
3601 	if (arvif->tx_paused)
3602 		return;
3603 
3604 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3605 }
3606 
3607 void ath10k_mac_tx_unlock(struct ath10k *ar, int reason)
3608 {
3609 	lockdep_assert_held(&ar->htt.tx_lock);
3610 
3611 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3612 	ar->tx_paused &= ~BIT(reason);
3613 
3614 	if (ar->tx_paused)
3615 		return;
3616 
3617 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3618 						   ATH10K_ITER_RESUME_FLAGS,
3619 						   ath10k_mac_tx_unlock_iter,
3620 						   ar);
3621 
3622 	ieee80211_wake_queue(ar->hw, ar->hw->offchannel_tx_hw_queue);
3623 }
3624 
3625 void ath10k_mac_vif_tx_lock(struct ath10k_vif *arvif, int reason)
3626 {
3627 	struct ath10k *ar = arvif->ar;
3628 
3629 	lockdep_assert_held(&ar->htt.tx_lock);
3630 
3631 	WARN_ON(reason >= BITS_PER_LONG);
3632 	arvif->tx_paused |= BIT(reason);
3633 	ieee80211_stop_queue(ar->hw, arvif->vdev_id);
3634 }
3635 
3636 void ath10k_mac_vif_tx_unlock(struct ath10k_vif *arvif, int reason)
3637 {
3638 	struct ath10k *ar = arvif->ar;
3639 
3640 	lockdep_assert_held(&ar->htt.tx_lock);
3641 
3642 	WARN_ON(reason >= BITS_PER_LONG);
3643 	arvif->tx_paused &= ~BIT(reason);
3644 
3645 	if (ar->tx_paused)
3646 		return;
3647 
3648 	if (arvif->tx_paused)
3649 		return;
3650 
3651 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3652 }
3653 
3654 static void ath10k_mac_vif_handle_tx_pause(struct ath10k_vif *arvif,
3655 					   enum wmi_tlv_tx_pause_id pause_id,
3656 					   enum wmi_tlv_tx_pause_action action)
3657 {
3658 	struct ath10k *ar = arvif->ar;
3659 
3660 	lockdep_assert_held(&ar->htt.tx_lock);
3661 
3662 	switch (action) {
3663 	case WMI_TLV_TX_PAUSE_ACTION_STOP:
3664 		ath10k_mac_vif_tx_lock(arvif, pause_id);
3665 		break;
3666 	case WMI_TLV_TX_PAUSE_ACTION_WAKE:
3667 		ath10k_mac_vif_tx_unlock(arvif, pause_id);
3668 		break;
3669 	default:
3670 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
3671 			   "received unknown tx pause action %d on vdev %i, ignoring\n",
3672 			    action, arvif->vdev_id);
3673 		break;
3674 	}
3675 }
3676 
3677 struct ath10k_mac_tx_pause {
3678 	u32 vdev_id;
3679 	enum wmi_tlv_tx_pause_id pause_id;
3680 	enum wmi_tlv_tx_pause_action action;
3681 };
3682 
3683 static void ath10k_mac_handle_tx_pause_iter(void *data, u8 *mac,
3684 					    struct ieee80211_vif *vif)
3685 {
3686 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3687 	struct ath10k_mac_tx_pause *arg = data;
3688 
3689 	if (arvif->vdev_id != arg->vdev_id)
3690 		return;
3691 
3692 	ath10k_mac_vif_handle_tx_pause(arvif, arg->pause_id, arg->action);
3693 }
3694 
3695 void ath10k_mac_handle_tx_pause_vdev(struct ath10k *ar, u32 vdev_id,
3696 				     enum wmi_tlv_tx_pause_id pause_id,
3697 				     enum wmi_tlv_tx_pause_action action)
3698 {
3699 	struct ath10k_mac_tx_pause arg = {
3700 		.vdev_id = vdev_id,
3701 		.pause_id = pause_id,
3702 		.action = action,
3703 	};
3704 
3705 	spin_lock_bh(&ar->htt.tx_lock);
3706 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3707 						   ATH10K_ITER_RESUME_FLAGS,
3708 						   ath10k_mac_handle_tx_pause_iter,
3709 						   &arg);
3710 	spin_unlock_bh(&ar->htt.tx_lock);
3711 }
3712 
3713 static enum ath10k_hw_txrx_mode
3714 ath10k_mac_tx_h_get_txmode(struct ath10k *ar,
3715 			   struct ieee80211_vif *vif,
3716 			   struct ieee80211_sta *sta,
3717 			   struct sk_buff *skb)
3718 {
3719 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3720 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
3721 	__le16 fc = hdr->frame_control;
3722 
3723 	if (IEEE80211_SKB_CB(skb)->flags & IEEE80211_TX_CTL_HW_80211_ENCAP)
3724 		return ATH10K_HW_TXRX_ETHERNET;
3725 
3726 	if (!vif || vif->type == NL80211_IFTYPE_MONITOR)
3727 		return ATH10K_HW_TXRX_RAW;
3728 
3729 	if (ieee80211_is_mgmt(fc))
3730 		return ATH10K_HW_TXRX_MGMT;
3731 
3732 	/* Workaround:
3733 	 *
3734 	 * NullFunc frames are mostly used to ping if a client or AP are still
3735 	 * reachable and responsive. This implies tx status reports must be
3736 	 * accurate - otherwise either mac80211 or userspace (e.g. hostapd) can
3737 	 * come to a conclusion that the other end disappeared and tear down
3738 	 * BSS connection or it can never disconnect from BSS/client (which is
3739 	 * the case).
3740 	 *
3741 	 * Firmware with HTT older than 3.0 delivers incorrect tx status for
3742 	 * NullFunc frames to driver. However there's a HTT Mgmt Tx command
3743 	 * which seems to deliver correct tx reports for NullFunc frames. The
3744 	 * downside of using it is it ignores client powersave state so it can
3745 	 * end up disconnecting sleeping clients in AP mode. It should fix STA
3746 	 * mode though because AP don't sleep.
3747 	 */
3748 	if (ar->htt.target_version_major < 3 &&
3749 	    (ieee80211_is_nullfunc(fc) || ieee80211_is_qos_nullfunc(fc)) &&
3750 	    !test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3751 		      ar->running_fw->fw_file.fw_features))
3752 		return ATH10K_HW_TXRX_MGMT;
3753 
3754 	/* Workaround:
3755 	 *
3756 	 * Some wmi-tlv firmwares for qca6174 have broken Tx key selection for
3757 	 * NativeWifi txmode - it selects AP key instead of peer key. It seems
3758 	 * to work with Ethernet txmode so use it.
3759 	 *
3760 	 * FIXME: Check if raw mode works with TDLS.
3761 	 */
3762 	if (ieee80211_is_data_present(fc) && sta && sta->tdls)
3763 		return ATH10K_HW_TXRX_ETHERNET;
3764 
3765 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) ||
3766 	    skb_cb->flags & ATH10K_SKB_F_RAW_TX)
3767 		return ATH10K_HW_TXRX_RAW;
3768 
3769 	return ATH10K_HW_TXRX_NATIVE_WIFI;
3770 }
3771 
3772 static bool ath10k_tx_h_use_hwcrypto(struct ieee80211_vif *vif,
3773 				     struct sk_buff *skb)
3774 {
3775 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3776 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3777 	const u32 mask = IEEE80211_TX_INTFL_DONT_ENCRYPT |
3778 			 IEEE80211_TX_CTL_INJECTED;
3779 
3780 	if (!ieee80211_has_protected(hdr->frame_control))
3781 		return false;
3782 
3783 	if ((info->flags & mask) == mask)
3784 		return false;
3785 
3786 	if (vif)
3787 		return !((struct ath10k_vif *)vif->drv_priv)->nohwcrypt;
3788 
3789 	return true;
3790 }
3791 
3792 /* HTT Tx uses Native Wifi tx mode which expects 802.11 frames without QoS
3793  * Control in the header.
3794  */
3795 static void ath10k_tx_h_nwifi(struct ieee80211_hw *hw, struct sk_buff *skb)
3796 {
3797 	struct ieee80211_hdr *hdr = (void *)skb->data;
3798 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3799 	u8 *qos_ctl;
3800 
3801 	if (!ieee80211_is_data_qos(hdr->frame_control))
3802 		return;
3803 
3804 	qos_ctl = ieee80211_get_qos_ctl(hdr);
3805 	memmove(skb->data + IEEE80211_QOS_CTL_LEN,
3806 		skb->data, (void *)qos_ctl - (void *)skb->data);
3807 	skb_pull(skb, IEEE80211_QOS_CTL_LEN);
3808 
3809 	/* Some firmware revisions don't handle sending QoS NullFunc well.
3810 	 * These frames are mainly used for CQM purposes so it doesn't really
3811 	 * matter whether QoS NullFunc or NullFunc are sent.
3812 	 */
3813 	hdr = (void *)skb->data;
3814 	if (ieee80211_is_qos_nullfunc(hdr->frame_control))
3815 		cb->flags &= ~ATH10K_SKB_F_QOS;
3816 
3817 	hdr->frame_control &= ~__cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
3818 }
3819 
3820 static void ath10k_tx_h_8023(struct sk_buff *skb)
3821 {
3822 	struct ieee80211_hdr *hdr;
3823 	struct rfc1042_hdr *rfc1042;
3824 	struct ethhdr *eth;
3825 	size_t hdrlen;
3826 	u8 da[ETH_ALEN];
3827 	u8 sa[ETH_ALEN];
3828 	__be16 type;
3829 
3830 	hdr = (void *)skb->data;
3831 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
3832 	rfc1042 = (void *)skb->data + hdrlen;
3833 
3834 	ether_addr_copy(da, ieee80211_get_DA(hdr));
3835 	ether_addr_copy(sa, ieee80211_get_SA(hdr));
3836 	type = rfc1042->snap_type;
3837 
3838 	skb_pull(skb, hdrlen + sizeof(*rfc1042));
3839 	skb_push(skb, sizeof(*eth));
3840 
3841 	eth = (void *)skb->data;
3842 	ether_addr_copy(eth->h_dest, da);
3843 	ether_addr_copy(eth->h_source, sa);
3844 	eth->h_proto = type;
3845 }
3846 
3847 static void ath10k_tx_h_add_p2p_noa_ie(struct ath10k *ar,
3848 				       struct ieee80211_vif *vif,
3849 				       struct sk_buff *skb)
3850 {
3851 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
3852 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3853 
3854 	/* This is case only for P2P_GO */
3855 	if (vif->type != NL80211_IFTYPE_AP || !vif->p2p)
3856 		return;
3857 
3858 	if (unlikely(ieee80211_is_probe_resp(hdr->frame_control))) {
3859 		spin_lock_bh(&ar->data_lock);
3860 		if (arvif->u.ap.noa_data)
3861 			if (!pskb_expand_head(skb, 0, arvif->u.ap.noa_len,
3862 					      GFP_ATOMIC))
3863 				skb_put_data(skb, arvif->u.ap.noa_data,
3864 					     arvif->u.ap.noa_len);
3865 		spin_unlock_bh(&ar->data_lock);
3866 	}
3867 }
3868 
3869 static void ath10k_mac_tx_h_fill_cb(struct ath10k *ar,
3870 				    struct ieee80211_vif *vif,
3871 				    struct ieee80211_txq *txq,
3872 				    struct ieee80211_sta *sta,
3873 				    struct sk_buff *skb, u16 airtime)
3874 {
3875 	struct ieee80211_hdr *hdr = (void *)skb->data;
3876 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3877 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3878 	bool is_data = ieee80211_is_data(hdr->frame_control) ||
3879 			ieee80211_is_data_qos(hdr->frame_control);
3880 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3881 	struct ath10k_sta *arsta;
3882 	u8 tid, *qos_ctl;
3883 	bool noack = false;
3884 
3885 	cb->flags = 0;
3886 
3887 	if (info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) {
3888 		cb->flags |= ATH10K_SKB_F_QOS;	/* Assume data frames are QoS */
3889 		goto finish_cb_fill;
3890 	}
3891 
3892 	if (!ath10k_tx_h_use_hwcrypto(vif, skb))
3893 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3894 
3895 	if (ieee80211_is_mgmt(hdr->frame_control))
3896 		cb->flags |= ATH10K_SKB_F_MGMT;
3897 
3898 	if (ieee80211_is_data_qos(hdr->frame_control)) {
3899 		cb->flags |= ATH10K_SKB_F_QOS;
3900 		qos_ctl = ieee80211_get_qos_ctl(hdr);
3901 		tid = (*qos_ctl) & IEEE80211_QOS_CTL_TID_MASK;
3902 
3903 		if (arvif->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3904 			noack = true;
3905 
3906 		if (sta) {
3907 			arsta = (struct ath10k_sta *)sta->drv_priv;
3908 
3909 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3910 				noack = true;
3911 
3912 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_ACK)
3913 				noack = false;
3914 		}
3915 
3916 		if (noack)
3917 			cb->flags |= ATH10K_SKB_F_NOACK_TID;
3918 	}
3919 
3920 	/* Data frames encrypted in software will be posted to firmware
3921 	 * with tx encap mode set to RAW. Ex: Multicast traffic generated
3922 	 * for a specific VLAN group will always be encrypted in software.
3923 	 */
3924 	if (is_data && ieee80211_has_protected(hdr->frame_control) &&
3925 	    !info->control.hw_key) {
3926 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3927 		cb->flags |= ATH10K_SKB_F_RAW_TX;
3928 	}
3929 
3930 finish_cb_fill:
3931 	cb->vif = vif;
3932 	cb->txq = txq;
3933 	cb->airtime_est = airtime;
3934 	if (sta) {
3935 		arsta = (struct ath10k_sta *)sta->drv_priv;
3936 		spin_lock_bh(&ar->data_lock);
3937 		cb->ucast_cipher = arsta->ucast_cipher;
3938 		spin_unlock_bh(&ar->data_lock);
3939 	}
3940 }
3941 
3942 bool ath10k_mac_tx_frm_has_freq(struct ath10k *ar)
3943 {
3944 	/* FIXME: Not really sure since when the behaviour changed. At some
3945 	 * point new firmware stopped requiring creation of peer entries for
3946 	 * offchannel tx (and actually creating them causes issues with wmi-htc
3947 	 * tx credit replenishment and reliability). Assuming it's at least 3.4
3948 	 * because that's when the `freq` was introduced to TX_FRM HTT command.
3949 	 */
3950 	return (ar->htt.target_version_major >= 3 &&
3951 		ar->htt.target_version_minor >= 4 &&
3952 		ar->running_fw->fw_file.htt_op_version == ATH10K_FW_HTT_OP_VERSION_TLV);
3953 }
3954 
3955 static int ath10k_mac_tx_wmi_mgmt(struct ath10k *ar, struct sk_buff *skb)
3956 {
3957 	struct sk_buff_head *q = &ar->wmi_mgmt_tx_queue;
3958 
3959 	if (skb_queue_len_lockless(q) >= ATH10K_MAX_NUM_MGMT_PENDING) {
3960 		ath10k_warn(ar, "wmi mgmt tx queue is full\n");
3961 		return -ENOSPC;
3962 	}
3963 
3964 	skb_queue_tail(q, skb);
3965 	ieee80211_queue_work(ar->hw, &ar->wmi_mgmt_tx_work);
3966 
3967 	return 0;
3968 }
3969 
3970 static enum ath10k_mac_tx_path
3971 ath10k_mac_tx_h_get_txpath(struct ath10k *ar,
3972 			   struct sk_buff *skb,
3973 			   enum ath10k_hw_txrx_mode txmode)
3974 {
3975 	switch (txmode) {
3976 	case ATH10K_HW_TXRX_RAW:
3977 	case ATH10K_HW_TXRX_NATIVE_WIFI:
3978 	case ATH10K_HW_TXRX_ETHERNET:
3979 		return ATH10K_MAC_TX_HTT;
3980 	case ATH10K_HW_TXRX_MGMT:
3981 		if (test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3982 			     ar->running_fw->fw_file.fw_features) ||
3983 			     test_bit(WMI_SERVICE_MGMT_TX_WMI,
3984 				      ar->wmi.svc_map))
3985 			return ATH10K_MAC_TX_WMI_MGMT;
3986 		else if (ar->htt.target_version_major >= 3)
3987 			return ATH10K_MAC_TX_HTT;
3988 		else
3989 			return ATH10K_MAC_TX_HTT_MGMT;
3990 	}
3991 
3992 	return ATH10K_MAC_TX_UNKNOWN;
3993 }
3994 
3995 static int ath10k_mac_tx_submit(struct ath10k *ar,
3996 				enum ath10k_hw_txrx_mode txmode,
3997 				enum ath10k_mac_tx_path txpath,
3998 				struct sk_buff *skb)
3999 {
4000 	struct ath10k_htt *htt = &ar->htt;
4001 	int ret = -EINVAL;
4002 
4003 	switch (txpath) {
4004 	case ATH10K_MAC_TX_HTT:
4005 		ret = ath10k_htt_tx(htt, txmode, skb);
4006 		break;
4007 	case ATH10K_MAC_TX_HTT_MGMT:
4008 		ret = ath10k_htt_mgmt_tx(htt, skb);
4009 		break;
4010 	case ATH10K_MAC_TX_WMI_MGMT:
4011 		ret = ath10k_mac_tx_wmi_mgmt(ar, skb);
4012 		break;
4013 	case ATH10K_MAC_TX_UNKNOWN:
4014 		WARN_ON_ONCE(1);
4015 		ret = -EINVAL;
4016 		break;
4017 	}
4018 
4019 	if (ret) {
4020 		ath10k_warn(ar, "failed to transmit packet, dropping: %d\n",
4021 			    ret);
4022 		ieee80211_free_txskb(ar->hw, skb);
4023 	}
4024 
4025 	return ret;
4026 }
4027 
4028 /* This function consumes the sk_buff regardless of return value as far as
4029  * caller is concerned so no freeing is necessary afterwards.
4030  */
4031 static int ath10k_mac_tx(struct ath10k *ar,
4032 			 struct ieee80211_vif *vif,
4033 			 enum ath10k_hw_txrx_mode txmode,
4034 			 enum ath10k_mac_tx_path txpath,
4035 			 struct sk_buff *skb, bool noque_offchan)
4036 {
4037 	struct ieee80211_hw *hw = ar->hw;
4038 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4039 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
4040 	int ret;
4041 
4042 	/* We should disable CCK RATE due to P2P */
4043 	if (info->flags & IEEE80211_TX_CTL_NO_CCK_RATE)
4044 		ath10k_dbg(ar, ATH10K_DBG_MAC, "IEEE80211_TX_CTL_NO_CCK_RATE\n");
4045 
4046 	switch (txmode) {
4047 	case ATH10K_HW_TXRX_MGMT:
4048 	case ATH10K_HW_TXRX_NATIVE_WIFI:
4049 		ath10k_tx_h_nwifi(hw, skb);
4050 		ath10k_tx_h_add_p2p_noa_ie(ar, vif, skb);
4051 		ath10k_tx_h_seq_no(vif, skb);
4052 		break;
4053 	case ATH10K_HW_TXRX_ETHERNET:
4054 		/* Convert 802.11->802.3 header only if the frame was earlier
4055 		 * encapsulated to 802.11 by mac80211. Otherwise pass it as is.
4056 		 */
4057 		if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP))
4058 			ath10k_tx_h_8023(skb);
4059 		break;
4060 	case ATH10K_HW_TXRX_RAW:
4061 		if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) &&
4062 		    !(skb_cb->flags & ATH10K_SKB_F_RAW_TX)) {
4063 			WARN_ON_ONCE(1);
4064 			ieee80211_free_txskb(hw, skb);
4065 			return -ENOTSUPP;
4066 		}
4067 	}
4068 
4069 	if (!noque_offchan && info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) {
4070 		if (!ath10k_mac_tx_frm_has_freq(ar)) {
4071 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac queued offchannel skb %pK len %d\n",
4072 				   skb, skb->len);
4073 
4074 			skb_queue_tail(&ar->offchan_tx_queue, skb);
4075 			ieee80211_queue_work(hw, &ar->offchan_tx_work);
4076 			return 0;
4077 		}
4078 	}
4079 
4080 	ret = ath10k_mac_tx_submit(ar, txmode, txpath, skb);
4081 	if (ret) {
4082 		ath10k_warn(ar, "failed to submit frame: %d\n", ret);
4083 		return ret;
4084 	}
4085 
4086 	return 0;
4087 }
4088 
4089 void ath10k_offchan_tx_purge(struct ath10k *ar)
4090 {
4091 	struct sk_buff *skb;
4092 
4093 	for (;;) {
4094 		skb = skb_dequeue(&ar->offchan_tx_queue);
4095 		if (!skb)
4096 			break;
4097 
4098 		ieee80211_free_txskb(ar->hw, skb);
4099 	}
4100 }
4101 
4102 void ath10k_offchan_tx_work(struct work_struct *work)
4103 {
4104 	struct ath10k *ar = container_of(work, struct ath10k, offchan_tx_work);
4105 	struct ath10k_peer *peer;
4106 	struct ath10k_vif *arvif;
4107 	enum ath10k_hw_txrx_mode txmode;
4108 	enum ath10k_mac_tx_path txpath;
4109 	struct ieee80211_hdr *hdr;
4110 	struct ieee80211_vif *vif;
4111 	struct ieee80211_sta *sta;
4112 	struct sk_buff *skb;
4113 	const u8 *peer_addr;
4114 	int vdev_id;
4115 	int ret;
4116 	unsigned long time_left;
4117 	bool tmp_peer_created = false;
4118 
4119 	/* FW requirement: We must create a peer before FW will send out
4120 	 * an offchannel frame. Otherwise the frame will be stuck and
4121 	 * never transmitted. We delete the peer upon tx completion.
4122 	 * It is unlikely that a peer for offchannel tx will already be
4123 	 * present. However it may be in some rare cases so account for that.
4124 	 * Otherwise we might remove a legitimate peer and break stuff.
4125 	 */
4126 
4127 	for (;;) {
4128 		skb = skb_dequeue(&ar->offchan_tx_queue);
4129 		if (!skb)
4130 			break;
4131 
4132 		mutex_lock(&ar->conf_mutex);
4133 
4134 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac offchannel skb %pK len %d\n",
4135 			   skb, skb->len);
4136 
4137 		hdr = (struct ieee80211_hdr *)skb->data;
4138 		peer_addr = ieee80211_get_DA(hdr);
4139 
4140 		spin_lock_bh(&ar->data_lock);
4141 		vdev_id = ar->scan.vdev_id;
4142 		peer = ath10k_peer_find(ar, vdev_id, peer_addr);
4143 		spin_unlock_bh(&ar->data_lock);
4144 
4145 		if (peer) {
4146 			ath10k_warn(ar, "peer %pM on vdev %d already present\n",
4147 				    peer_addr, vdev_id);
4148 		} else {
4149 			ret = ath10k_peer_create(ar, NULL, NULL, vdev_id,
4150 						 peer_addr,
4151 						 WMI_PEER_TYPE_DEFAULT);
4152 			if (ret)
4153 				ath10k_warn(ar, "failed to create peer %pM on vdev %d: %d\n",
4154 					    peer_addr, vdev_id, ret);
4155 			tmp_peer_created = (ret == 0);
4156 		}
4157 
4158 		spin_lock_bh(&ar->data_lock);
4159 		reinit_completion(&ar->offchan_tx_completed);
4160 		ar->offchan_tx_skb = skb;
4161 		spin_unlock_bh(&ar->data_lock);
4162 
4163 		/* It's safe to access vif and sta - conf_mutex guarantees that
4164 		 * sta_state() and remove_interface() are locked exclusively
4165 		 * out wrt to this offchannel worker.
4166 		 */
4167 		arvif = ath10k_get_arvif(ar, vdev_id);
4168 		if (arvif) {
4169 			vif = arvif->vif;
4170 			sta = ieee80211_find_sta(vif, peer_addr);
4171 		} else {
4172 			vif = NULL;
4173 			sta = NULL;
4174 		}
4175 
4176 		txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4177 		txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4178 
4179 		ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, true);
4180 		if (ret) {
4181 			ath10k_warn(ar, "failed to transmit offchannel frame: %d\n",
4182 				    ret);
4183 			/* not serious */
4184 		}
4185 
4186 		time_left =
4187 		wait_for_completion_timeout(&ar->offchan_tx_completed, 3 * HZ);
4188 		if (time_left == 0)
4189 			ath10k_warn(ar, "timed out waiting for offchannel skb %pK, len: %d\n",
4190 				    skb, skb->len);
4191 
4192 		if (!peer && tmp_peer_created) {
4193 			ret = ath10k_peer_delete(ar, vdev_id, peer_addr);
4194 			if (ret)
4195 				ath10k_warn(ar, "failed to delete peer %pM on vdev %d: %d\n",
4196 					    peer_addr, vdev_id, ret);
4197 		}
4198 
4199 		mutex_unlock(&ar->conf_mutex);
4200 	}
4201 }
4202 
4203 void ath10k_mgmt_over_wmi_tx_purge(struct ath10k *ar)
4204 {
4205 	struct sk_buff *skb;
4206 
4207 	for (;;) {
4208 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4209 		if (!skb)
4210 			break;
4211 
4212 		ieee80211_free_txskb(ar->hw, skb);
4213 	}
4214 }
4215 
4216 void ath10k_mgmt_over_wmi_tx_work(struct work_struct *work)
4217 {
4218 	struct ath10k *ar = container_of(work, struct ath10k, wmi_mgmt_tx_work);
4219 	struct sk_buff *skb;
4220 	dma_addr_t paddr;
4221 	int ret;
4222 
4223 	for (;;) {
4224 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4225 		if (!skb)
4226 			break;
4227 
4228 		if (test_bit(ATH10K_FW_FEATURE_MGMT_TX_BY_REF,
4229 			     ar->running_fw->fw_file.fw_features)) {
4230 			paddr = dma_map_single(ar->dev, skb->data,
4231 					       skb->len, DMA_TO_DEVICE);
4232 			if (dma_mapping_error(ar->dev, paddr)) {
4233 				ieee80211_free_txskb(ar->hw, skb);
4234 				continue;
4235 			}
4236 			ret = ath10k_wmi_mgmt_tx_send(ar, skb, paddr);
4237 			if (ret) {
4238 				ath10k_warn(ar, "failed to transmit management frame by ref via WMI: %d\n",
4239 					    ret);
4240 				/* remove this msdu from idr tracking */
4241 				ath10k_wmi_cleanup_mgmt_tx_send(ar, skb);
4242 
4243 				dma_unmap_single(ar->dev, paddr, skb->len,
4244 						 DMA_TO_DEVICE);
4245 				ieee80211_free_txskb(ar->hw, skb);
4246 			}
4247 		} else {
4248 			ret = ath10k_wmi_mgmt_tx(ar, skb);
4249 			if (ret) {
4250 				ath10k_warn(ar, "failed to transmit management frame via WMI: %d\n",
4251 					    ret);
4252 				ieee80211_free_txskb(ar->hw, skb);
4253 			}
4254 		}
4255 	}
4256 }
4257 
4258 static void ath10k_mac_txq_init(struct ieee80211_txq *txq)
4259 {
4260 	struct ath10k_txq *artxq;
4261 
4262 	if (!txq)
4263 		return;
4264 
4265 	artxq = (void *)txq->drv_priv;
4266 	INIT_LIST_HEAD(&artxq->list);
4267 }
4268 
4269 static void ath10k_mac_txq_unref(struct ath10k *ar, struct ieee80211_txq *txq)
4270 {
4271 	struct ath10k_skb_cb *cb;
4272 	struct sk_buff *msdu;
4273 	int msdu_id;
4274 
4275 	if (!txq)
4276 		return;
4277 
4278 	spin_lock_bh(&ar->htt.tx_lock);
4279 	idr_for_each_entry(&ar->htt.pending_tx, msdu, msdu_id) {
4280 		cb = ATH10K_SKB_CB(msdu);
4281 		if (cb->txq == txq)
4282 			cb->txq = NULL;
4283 	}
4284 	spin_unlock_bh(&ar->htt.tx_lock);
4285 }
4286 
4287 struct ieee80211_txq *ath10k_mac_txq_lookup(struct ath10k *ar,
4288 					    u16 peer_id,
4289 					    u8 tid)
4290 {
4291 	struct ath10k_peer *peer;
4292 
4293 	lockdep_assert_held(&ar->data_lock);
4294 
4295 	peer = ar->peer_map[peer_id];
4296 	if (!peer)
4297 		return NULL;
4298 
4299 	if (peer->removed)
4300 		return NULL;
4301 
4302 	if (peer->sta)
4303 		return peer->sta->txq[tid];
4304 	else if (peer->vif)
4305 		return peer->vif->txq;
4306 	else
4307 		return NULL;
4308 }
4309 
4310 static bool ath10k_mac_tx_can_push(struct ieee80211_hw *hw,
4311 				   struct ieee80211_txq *txq)
4312 {
4313 	struct ath10k *ar = hw->priv;
4314 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4315 
4316 	/* No need to get locks */
4317 	if (ar->htt.tx_q_state.mode == HTT_TX_MODE_SWITCH_PUSH)
4318 		return true;
4319 
4320 	if (ar->htt.num_pending_tx < ar->htt.tx_q_state.num_push_allowed)
4321 		return true;
4322 
4323 	if (artxq->num_fw_queued < artxq->num_push_allowed)
4324 		return true;
4325 
4326 	return false;
4327 }
4328 
4329 /* Return estimated airtime in microsecond, which is calculated using last
4330  * reported TX rate. This is just a rough estimation because host driver has no
4331  * knowledge of the actual transmit rate, retries or aggregation. If actual
4332  * airtime can be reported by firmware, then delta between estimated and actual
4333  * airtime can be adjusted from deficit.
4334  */
4335 #define IEEE80211_ATF_OVERHEAD		100	/* IFS + some slot time */
4336 #define IEEE80211_ATF_OVERHEAD_IFS	16	/* IFS only */
4337 static u16 ath10k_mac_update_airtime(struct ath10k *ar,
4338 				     struct ieee80211_txq *txq,
4339 				     struct sk_buff *skb)
4340 {
4341 	struct ath10k_sta *arsta;
4342 	u32 pktlen;
4343 	u16 airtime = 0;
4344 
4345 	if (!txq || !txq->sta)
4346 		return airtime;
4347 
4348 	if (test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
4349 		return airtime;
4350 
4351 	spin_lock_bh(&ar->data_lock);
4352 	arsta = (struct ath10k_sta *)txq->sta->drv_priv;
4353 
4354 	pktlen = skb->len + 38; /* Assume MAC header 30, SNAP 8 for most case */
4355 	if (arsta->last_tx_bitrate) {
4356 		/* airtime in us, last_tx_bitrate in 100kbps */
4357 		airtime = (pktlen * 8 * (1000 / 100))
4358 				/ arsta->last_tx_bitrate;
4359 		/* overhead for media access time and IFS */
4360 		airtime += IEEE80211_ATF_OVERHEAD_IFS;
4361 	} else {
4362 		/* This is mostly for throttle excessive BC/MC frames, and the
4363 		 * airtime/rate doesn't need be exact. Airtime of BC/MC frames
4364 		 * in 2G get some discount, which helps prevent very low rate
4365 		 * frames from being blocked for too long.
4366 		 */
4367 		airtime = (pktlen * 8 * (1000 / 100)) / 60; /* 6M */
4368 		airtime += IEEE80211_ATF_OVERHEAD;
4369 	}
4370 	spin_unlock_bh(&ar->data_lock);
4371 
4372 	return airtime;
4373 }
4374 
4375 int ath10k_mac_tx_push_txq(struct ieee80211_hw *hw,
4376 			   struct ieee80211_txq *txq)
4377 {
4378 	struct ath10k *ar = hw->priv;
4379 	struct ath10k_htt *htt = &ar->htt;
4380 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4381 	struct ieee80211_vif *vif = txq->vif;
4382 	struct ieee80211_sta *sta = txq->sta;
4383 	enum ath10k_hw_txrx_mode txmode;
4384 	enum ath10k_mac_tx_path txpath;
4385 	struct sk_buff *skb;
4386 	struct ieee80211_hdr *hdr;
4387 	size_t skb_len;
4388 	bool is_mgmt, is_presp;
4389 	int ret;
4390 	u16 airtime;
4391 
4392 	spin_lock_bh(&ar->htt.tx_lock);
4393 	ret = ath10k_htt_tx_inc_pending(htt);
4394 	spin_unlock_bh(&ar->htt.tx_lock);
4395 
4396 	if (ret)
4397 		return ret;
4398 
4399 	skb = ieee80211_tx_dequeue_ni(hw, txq);
4400 	if (!skb) {
4401 		spin_lock_bh(&ar->htt.tx_lock);
4402 		ath10k_htt_tx_dec_pending(htt);
4403 		spin_unlock_bh(&ar->htt.tx_lock);
4404 
4405 		return -ENOENT;
4406 	}
4407 
4408 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4409 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4410 
4411 	skb_len = skb->len;
4412 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4413 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4414 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4415 
4416 	if (is_mgmt) {
4417 		hdr = (struct ieee80211_hdr *)skb->data;
4418 		is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4419 
4420 		spin_lock_bh(&ar->htt.tx_lock);
4421 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4422 
4423 		if (ret) {
4424 			ath10k_htt_tx_dec_pending(htt);
4425 			spin_unlock_bh(&ar->htt.tx_lock);
4426 			return ret;
4427 		}
4428 		spin_unlock_bh(&ar->htt.tx_lock);
4429 	}
4430 
4431 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4432 	if (unlikely(ret)) {
4433 		ath10k_warn(ar, "failed to push frame: %d\n", ret);
4434 
4435 		spin_lock_bh(&ar->htt.tx_lock);
4436 		ath10k_htt_tx_dec_pending(htt);
4437 		if (is_mgmt)
4438 			ath10k_htt_tx_mgmt_dec_pending(htt);
4439 		spin_unlock_bh(&ar->htt.tx_lock);
4440 
4441 		return ret;
4442 	}
4443 
4444 	spin_lock_bh(&ar->htt.tx_lock);
4445 	artxq->num_fw_queued++;
4446 	spin_unlock_bh(&ar->htt.tx_lock);
4447 
4448 	return skb_len;
4449 }
4450 
4451 static int ath10k_mac_schedule_txq(struct ieee80211_hw *hw, u32 ac)
4452 {
4453 	struct ieee80211_txq *txq;
4454 	int ret = 0;
4455 
4456 	ieee80211_txq_schedule_start(hw, ac);
4457 	while ((txq = ieee80211_next_txq(hw, ac))) {
4458 		while (ath10k_mac_tx_can_push(hw, txq)) {
4459 			ret = ath10k_mac_tx_push_txq(hw, txq);
4460 			if (ret < 0)
4461 				break;
4462 		}
4463 		ieee80211_return_txq(hw, txq, false);
4464 		ath10k_htt_tx_txq_update(hw, txq);
4465 		if (ret == -EBUSY)
4466 			break;
4467 	}
4468 	ieee80211_txq_schedule_end(hw, ac);
4469 
4470 	return ret;
4471 }
4472 
4473 void ath10k_mac_tx_push_pending(struct ath10k *ar)
4474 {
4475 	struct ieee80211_hw *hw = ar->hw;
4476 	u32 ac;
4477 
4478 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4479 		return;
4480 
4481 	if (ar->htt.num_pending_tx >= (ar->htt.max_num_pending_tx / 2))
4482 		return;
4483 
4484 	rcu_read_lock();
4485 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
4486 		if (ath10k_mac_schedule_txq(hw, ac) == -EBUSY)
4487 			break;
4488 	}
4489 	rcu_read_unlock();
4490 }
4491 EXPORT_SYMBOL(ath10k_mac_tx_push_pending);
4492 
4493 /************/
4494 /* Scanning */
4495 /************/
4496 
4497 void __ath10k_scan_finish(struct ath10k *ar)
4498 {
4499 	lockdep_assert_held(&ar->data_lock);
4500 
4501 	switch (ar->scan.state) {
4502 	case ATH10K_SCAN_IDLE:
4503 		break;
4504 	case ATH10K_SCAN_RUNNING:
4505 	case ATH10K_SCAN_ABORTING:
4506 		if (!ar->scan.is_roc) {
4507 			struct cfg80211_scan_info info = {
4508 				.aborted = (ar->scan.state ==
4509 					    ATH10K_SCAN_ABORTING),
4510 			};
4511 
4512 			ieee80211_scan_completed(ar->hw, &info);
4513 		} else if (ar->scan.roc_notify) {
4514 			ieee80211_remain_on_channel_expired(ar->hw);
4515 		}
4516 		fallthrough;
4517 	case ATH10K_SCAN_STARTING:
4518 		ar->scan.state = ATH10K_SCAN_IDLE;
4519 		ar->scan_channel = NULL;
4520 		ar->scan.roc_freq = 0;
4521 		ath10k_offchan_tx_purge(ar);
4522 		cancel_delayed_work(&ar->scan.timeout);
4523 		complete(&ar->scan.completed);
4524 		break;
4525 	}
4526 }
4527 
4528 void ath10k_scan_finish(struct ath10k *ar)
4529 {
4530 	spin_lock_bh(&ar->data_lock);
4531 	__ath10k_scan_finish(ar);
4532 	spin_unlock_bh(&ar->data_lock);
4533 }
4534 
4535 static int ath10k_scan_stop(struct ath10k *ar)
4536 {
4537 	struct wmi_stop_scan_arg arg = {
4538 		.req_id = 1, /* FIXME */
4539 		.req_type = WMI_SCAN_STOP_ONE,
4540 		.u.scan_id = ATH10K_SCAN_ID,
4541 	};
4542 	int ret;
4543 
4544 	lockdep_assert_held(&ar->conf_mutex);
4545 
4546 	ret = ath10k_wmi_stop_scan(ar, &arg);
4547 	if (ret) {
4548 		ath10k_warn(ar, "failed to stop wmi scan: %d\n", ret);
4549 		goto out;
4550 	}
4551 
4552 	ret = wait_for_completion_timeout(&ar->scan.completed, 3 * HZ);
4553 	if (ret == 0) {
4554 		ath10k_warn(ar, "failed to receive scan abortion completion: timed out\n");
4555 		ret = -ETIMEDOUT;
4556 	} else if (ret > 0) {
4557 		ret = 0;
4558 	}
4559 
4560 out:
4561 	/* Scan state should be updated upon scan completion but in case
4562 	 * firmware fails to deliver the event (for whatever reason) it is
4563 	 * desired to clean up scan state anyway. Firmware may have just
4564 	 * dropped the scan completion event delivery due to transport pipe
4565 	 * being overflown with data and/or it can recover on its own before
4566 	 * next scan request is submitted.
4567 	 */
4568 	spin_lock_bh(&ar->data_lock);
4569 	if (ar->scan.state != ATH10K_SCAN_IDLE)
4570 		__ath10k_scan_finish(ar);
4571 	spin_unlock_bh(&ar->data_lock);
4572 
4573 	return ret;
4574 }
4575 
4576 static void ath10k_scan_abort(struct ath10k *ar)
4577 {
4578 	int ret;
4579 
4580 	lockdep_assert_held(&ar->conf_mutex);
4581 
4582 	spin_lock_bh(&ar->data_lock);
4583 
4584 	switch (ar->scan.state) {
4585 	case ATH10K_SCAN_IDLE:
4586 		/* This can happen if timeout worker kicked in and called
4587 		 * abortion while scan completion was being processed.
4588 		 */
4589 		break;
4590 	case ATH10K_SCAN_STARTING:
4591 	case ATH10K_SCAN_ABORTING:
4592 		ath10k_warn(ar, "refusing scan abortion due to invalid scan state: %s (%d)\n",
4593 			    ath10k_scan_state_str(ar->scan.state),
4594 			    ar->scan.state);
4595 		break;
4596 	case ATH10K_SCAN_RUNNING:
4597 		ar->scan.state = ATH10K_SCAN_ABORTING;
4598 		spin_unlock_bh(&ar->data_lock);
4599 
4600 		ret = ath10k_scan_stop(ar);
4601 		if (ret)
4602 			ath10k_warn(ar, "failed to abort scan: %d\n", ret);
4603 
4604 		spin_lock_bh(&ar->data_lock);
4605 		break;
4606 	}
4607 
4608 	spin_unlock_bh(&ar->data_lock);
4609 }
4610 
4611 void ath10k_scan_timeout_work(struct work_struct *work)
4612 {
4613 	struct ath10k *ar = container_of(work, struct ath10k,
4614 					 scan.timeout.work);
4615 
4616 	mutex_lock(&ar->conf_mutex);
4617 	ath10k_scan_abort(ar);
4618 	mutex_unlock(&ar->conf_mutex);
4619 }
4620 
4621 static int ath10k_start_scan(struct ath10k *ar,
4622 			     const struct wmi_start_scan_arg *arg)
4623 {
4624 	int ret;
4625 
4626 	lockdep_assert_held(&ar->conf_mutex);
4627 
4628 	ret = ath10k_wmi_start_scan(ar, arg);
4629 	if (ret)
4630 		return ret;
4631 
4632 	ret = wait_for_completion_timeout(&ar->scan.started, 1 * HZ);
4633 	if (ret == 0) {
4634 		ret = ath10k_scan_stop(ar);
4635 		if (ret)
4636 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
4637 
4638 		return -ETIMEDOUT;
4639 	}
4640 
4641 	/* If we failed to start the scan, return error code at
4642 	 * this point.  This is probably due to some issue in the
4643 	 * firmware, but no need to wedge the driver due to that...
4644 	 */
4645 	spin_lock_bh(&ar->data_lock);
4646 	if (ar->scan.state == ATH10K_SCAN_IDLE) {
4647 		spin_unlock_bh(&ar->data_lock);
4648 		return -EINVAL;
4649 	}
4650 	spin_unlock_bh(&ar->data_lock);
4651 
4652 	return 0;
4653 }
4654 
4655 /**********************/
4656 /* mac80211 callbacks */
4657 /**********************/
4658 
4659 static void ath10k_mac_op_tx(struct ieee80211_hw *hw,
4660 			     struct ieee80211_tx_control *control,
4661 			     struct sk_buff *skb)
4662 {
4663 	struct ath10k *ar = hw->priv;
4664 	struct ath10k_htt *htt = &ar->htt;
4665 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4666 	struct ieee80211_vif *vif = info->control.vif;
4667 	struct ieee80211_sta *sta = control->sta;
4668 	struct ieee80211_txq *txq = NULL;
4669 	enum ath10k_hw_txrx_mode txmode;
4670 	enum ath10k_mac_tx_path txpath;
4671 	bool is_htt;
4672 	bool is_mgmt;
4673 	int ret;
4674 	u16 airtime;
4675 
4676 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4677 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4678 
4679 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4680 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4681 	is_htt = (txpath == ATH10K_MAC_TX_HTT ||
4682 		  txpath == ATH10K_MAC_TX_HTT_MGMT);
4683 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4684 
4685 	if (is_htt) {
4686 		bool is_presp = false;
4687 
4688 		spin_lock_bh(&ar->htt.tx_lock);
4689 		if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP)) {
4690 			struct ieee80211_hdr *hdr = (void *)skb->data;
4691 
4692 			is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4693 		}
4694 
4695 		ret = ath10k_htt_tx_inc_pending(htt);
4696 		if (ret) {
4697 			ath10k_warn(ar, "failed to increase tx pending count: %d, dropping\n",
4698 				    ret);
4699 			spin_unlock_bh(&ar->htt.tx_lock);
4700 			ieee80211_free_txskb(ar->hw, skb);
4701 			return;
4702 		}
4703 
4704 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4705 		if (ret) {
4706 			ath10k_dbg(ar, ATH10K_DBG_MAC, "failed to increase tx mgmt pending count: %d, dropping\n",
4707 				   ret);
4708 			ath10k_htt_tx_dec_pending(htt);
4709 			spin_unlock_bh(&ar->htt.tx_lock);
4710 			ieee80211_free_txskb(ar->hw, skb);
4711 			return;
4712 		}
4713 		spin_unlock_bh(&ar->htt.tx_lock);
4714 	}
4715 
4716 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4717 	if (ret) {
4718 		ath10k_warn(ar, "failed to transmit frame: %d\n", ret);
4719 		if (is_htt) {
4720 			spin_lock_bh(&ar->htt.tx_lock);
4721 			ath10k_htt_tx_dec_pending(htt);
4722 			if (is_mgmt)
4723 				ath10k_htt_tx_mgmt_dec_pending(htt);
4724 			spin_unlock_bh(&ar->htt.tx_lock);
4725 		}
4726 		return;
4727 	}
4728 }
4729 
4730 static void ath10k_mac_op_wake_tx_queue(struct ieee80211_hw *hw,
4731 					struct ieee80211_txq *txq)
4732 {
4733 	struct ath10k *ar = hw->priv;
4734 	int ret;
4735 	u8 ac;
4736 
4737 	ath10k_htt_tx_txq_update(hw, txq);
4738 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4739 		return;
4740 
4741 	ac = txq->ac;
4742 	ieee80211_txq_schedule_start(hw, ac);
4743 	txq = ieee80211_next_txq(hw, ac);
4744 	if (!txq)
4745 		goto out;
4746 
4747 	while (ath10k_mac_tx_can_push(hw, txq)) {
4748 		ret = ath10k_mac_tx_push_txq(hw, txq);
4749 		if (ret < 0)
4750 			break;
4751 	}
4752 	ieee80211_return_txq(hw, txq, false);
4753 	ath10k_htt_tx_txq_update(hw, txq);
4754 out:
4755 	ieee80211_txq_schedule_end(hw, ac);
4756 }
4757 
4758 /* Must not be called with conf_mutex held as workers can use that also. */
4759 void ath10k_drain_tx(struct ath10k *ar)
4760 {
4761 	lockdep_assert_not_held(&ar->conf_mutex);
4762 
4763 	/* make sure rcu-protected mac80211 tx path itself is drained */
4764 	synchronize_net();
4765 
4766 	ath10k_offchan_tx_purge(ar);
4767 	ath10k_mgmt_over_wmi_tx_purge(ar);
4768 
4769 	cancel_work_sync(&ar->offchan_tx_work);
4770 	cancel_work_sync(&ar->wmi_mgmt_tx_work);
4771 }
4772 
4773 void ath10k_halt(struct ath10k *ar)
4774 {
4775 	struct ath10k_vif *arvif;
4776 
4777 	lockdep_assert_held(&ar->conf_mutex);
4778 
4779 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
4780 	ar->filter_flags = 0;
4781 	ar->monitor = false;
4782 	ar->monitor_arvif = NULL;
4783 
4784 	if (ar->monitor_started)
4785 		ath10k_monitor_stop(ar);
4786 
4787 	ar->monitor_started = false;
4788 	ar->tx_paused = 0;
4789 
4790 	ath10k_scan_finish(ar);
4791 	ath10k_peer_cleanup_all(ar);
4792 	ath10k_stop_radar_confirmation(ar);
4793 	ath10k_core_stop(ar);
4794 	ath10k_hif_power_down(ar);
4795 
4796 	spin_lock_bh(&ar->data_lock);
4797 	list_for_each_entry(arvif, &ar->arvifs, list)
4798 		ath10k_mac_vif_beacon_cleanup(arvif);
4799 	spin_unlock_bh(&ar->data_lock);
4800 }
4801 
4802 static int ath10k_get_antenna(struct ieee80211_hw *hw, u32 *tx_ant, u32 *rx_ant)
4803 {
4804 	struct ath10k *ar = hw->priv;
4805 
4806 	mutex_lock(&ar->conf_mutex);
4807 
4808 	*tx_ant = ar->cfg_tx_chainmask;
4809 	*rx_ant = ar->cfg_rx_chainmask;
4810 
4811 	mutex_unlock(&ar->conf_mutex);
4812 
4813 	return 0;
4814 }
4815 
4816 static bool ath10k_check_chain_mask(struct ath10k *ar, u32 cm, const char *dbg)
4817 {
4818 	/* It is not clear that allowing gaps in chainmask
4819 	 * is helpful.  Probably it will not do what user
4820 	 * is hoping for, so warn in that case.
4821 	 */
4822 	if (cm == 15 || cm == 7 || cm == 3 || cm == 1 || cm == 0)
4823 		return true;
4824 
4825 	ath10k_warn(ar, "mac %s antenna chainmask is invalid: 0x%x.  Suggested values: 15, 7, 3, 1 or 0.\n",
4826 		    dbg, cm);
4827 	return false;
4828 }
4829 
4830 static int ath10k_mac_get_vht_cap_bf_sts(struct ath10k *ar)
4831 {
4832 	int nsts = ar->vht_cap_info;
4833 
4834 	nsts &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4835 	nsts >>= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4836 
4837 	/* If firmware does not deliver to host number of space-time
4838 	 * streams supported, assume it support up to 4 BF STS and return
4839 	 * the value for VHT CAP: nsts-1)
4840 	 */
4841 	if (nsts == 0)
4842 		return 3;
4843 
4844 	return nsts;
4845 }
4846 
4847 static int ath10k_mac_get_vht_cap_bf_sound_dim(struct ath10k *ar)
4848 {
4849 	int sound_dim = ar->vht_cap_info;
4850 
4851 	sound_dim &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4852 	sound_dim >>= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4853 
4854 	/* If the sounding dimension is not advertised by the firmware,
4855 	 * let's use a default value of 1
4856 	 */
4857 	if (sound_dim == 0)
4858 		return 1;
4859 
4860 	return sound_dim;
4861 }
4862 
4863 static struct ieee80211_sta_vht_cap ath10k_create_vht_cap(struct ath10k *ar)
4864 {
4865 	struct ieee80211_sta_vht_cap vht_cap = {0};
4866 	struct ath10k_hw_params *hw = &ar->hw_params;
4867 	u16 mcs_map;
4868 	u32 val;
4869 	int i;
4870 
4871 	vht_cap.vht_supported = 1;
4872 	vht_cap.cap = ar->vht_cap_info;
4873 
4874 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
4875 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
4876 		val = ath10k_mac_get_vht_cap_bf_sts(ar);
4877 		val <<= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4878 		val &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4879 
4880 		vht_cap.cap |= val;
4881 	}
4882 
4883 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
4884 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
4885 		val = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
4886 		val <<= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4887 		val &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4888 
4889 		vht_cap.cap |= val;
4890 	}
4891 
4892 	mcs_map = 0;
4893 	for (i = 0; i < 8; i++) {
4894 		if ((i < ar->num_rf_chains) && (ar->cfg_tx_chainmask & BIT(i)))
4895 			mcs_map |= IEEE80211_VHT_MCS_SUPPORT_0_9 << (i * 2);
4896 		else
4897 			mcs_map |= IEEE80211_VHT_MCS_NOT_SUPPORTED << (i * 2);
4898 	}
4899 
4900 	if (ar->cfg_tx_chainmask <= 1)
4901 		vht_cap.cap &= ~IEEE80211_VHT_CAP_TXSTBC;
4902 
4903 	vht_cap.vht_mcs.rx_mcs_map = cpu_to_le16(mcs_map);
4904 	vht_cap.vht_mcs.tx_mcs_map = cpu_to_le16(mcs_map);
4905 
4906 	/* If we are supporting 160Mhz or 80+80, then the NIC may be able to do
4907 	 * a restricted NSS for 160 or 80+80 vs what it can do for 80Mhz.  Give
4908 	 * user-space a clue if that is the case.
4909 	 */
4910 	if ((vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) &&
4911 	    (hw->vht160_mcs_rx_highest != 0 ||
4912 	     hw->vht160_mcs_tx_highest != 0)) {
4913 		vht_cap.vht_mcs.rx_highest = cpu_to_le16(hw->vht160_mcs_rx_highest);
4914 		vht_cap.vht_mcs.tx_highest = cpu_to_le16(hw->vht160_mcs_tx_highest);
4915 	}
4916 
4917 	return vht_cap;
4918 }
4919 
4920 static struct ieee80211_sta_ht_cap ath10k_get_ht_cap(struct ath10k *ar)
4921 {
4922 	int i;
4923 	struct ieee80211_sta_ht_cap ht_cap = {0};
4924 
4925 	if (!(ar->ht_cap_info & WMI_HT_CAP_ENABLED))
4926 		return ht_cap;
4927 
4928 	ht_cap.ht_supported = 1;
4929 	ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
4930 	ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_8;
4931 	ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
4932 	ht_cap.cap |= IEEE80211_HT_CAP_DSSSCCK40;
4933 	ht_cap.cap |=
4934 		WLAN_HT_CAP_SM_PS_DISABLED << IEEE80211_HT_CAP_SM_PS_SHIFT;
4935 
4936 	if (ar->ht_cap_info & WMI_HT_CAP_HT20_SGI)
4937 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
4938 
4939 	if (ar->ht_cap_info & WMI_HT_CAP_HT40_SGI)
4940 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
4941 
4942 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS) {
4943 		u32 smps;
4944 
4945 		smps   = WLAN_HT_CAP_SM_PS_DYNAMIC;
4946 		smps <<= IEEE80211_HT_CAP_SM_PS_SHIFT;
4947 
4948 		ht_cap.cap |= smps;
4949 	}
4950 
4951 	if (ar->ht_cap_info & WMI_HT_CAP_TX_STBC && (ar->cfg_tx_chainmask > 1))
4952 		ht_cap.cap |= IEEE80211_HT_CAP_TX_STBC;
4953 
4954 	if (ar->ht_cap_info & WMI_HT_CAP_RX_STBC) {
4955 		u32 stbc;
4956 
4957 		stbc   = ar->ht_cap_info;
4958 		stbc  &= WMI_HT_CAP_RX_STBC;
4959 		stbc >>= WMI_HT_CAP_RX_STBC_MASK_SHIFT;
4960 		stbc <<= IEEE80211_HT_CAP_RX_STBC_SHIFT;
4961 		stbc  &= IEEE80211_HT_CAP_RX_STBC;
4962 
4963 		ht_cap.cap |= stbc;
4964 	}
4965 
4966 	if (ar->ht_cap_info & WMI_HT_CAP_LDPC || (ar->ht_cap_info &
4967 	    WMI_HT_CAP_RX_LDPC && (ar->ht_cap_info & WMI_HT_CAP_TX_LDPC)))
4968 		ht_cap.cap |= IEEE80211_HT_CAP_LDPC_CODING;
4969 
4970 	if (ar->ht_cap_info & WMI_HT_CAP_L_SIG_TXOP_PROT)
4971 		ht_cap.cap |= IEEE80211_HT_CAP_LSIG_TXOP_PROT;
4972 
4973 	/* max AMSDU is implicitly taken from vht_cap_info */
4974 	if (ar->vht_cap_info & WMI_VHT_CAP_MAX_MPDU_LEN_MASK)
4975 		ht_cap.cap |= IEEE80211_HT_CAP_MAX_AMSDU;
4976 
4977 	for (i = 0; i < ar->num_rf_chains; i++) {
4978 		if (ar->cfg_rx_chainmask & BIT(i))
4979 			ht_cap.mcs.rx_mask[i] = 0xFF;
4980 	}
4981 
4982 	ht_cap.mcs.tx_params |= IEEE80211_HT_MCS_TX_DEFINED;
4983 
4984 	return ht_cap;
4985 }
4986 
4987 static void ath10k_mac_setup_ht_vht_cap(struct ath10k *ar)
4988 {
4989 	struct ieee80211_supported_band *band;
4990 	struct ieee80211_sta_vht_cap vht_cap;
4991 	struct ieee80211_sta_ht_cap ht_cap;
4992 
4993 	ht_cap = ath10k_get_ht_cap(ar);
4994 	vht_cap = ath10k_create_vht_cap(ar);
4995 
4996 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
4997 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
4998 		band->ht_cap = ht_cap;
4999 	}
5000 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
5001 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
5002 		band->ht_cap = ht_cap;
5003 		band->vht_cap = vht_cap;
5004 	}
5005 }
5006 
5007 static int __ath10k_set_antenna(struct ath10k *ar, u32 tx_ant, u32 rx_ant)
5008 {
5009 	int ret;
5010 	bool is_valid_tx_chain_mask, is_valid_rx_chain_mask;
5011 
5012 	lockdep_assert_held(&ar->conf_mutex);
5013 
5014 	is_valid_tx_chain_mask = ath10k_check_chain_mask(ar, tx_ant, "tx");
5015 	is_valid_rx_chain_mask = ath10k_check_chain_mask(ar, rx_ant, "rx");
5016 
5017 	if (!is_valid_tx_chain_mask || !is_valid_rx_chain_mask)
5018 		return -EINVAL;
5019 
5020 	ar->cfg_tx_chainmask = tx_ant;
5021 	ar->cfg_rx_chainmask = rx_ant;
5022 
5023 	if ((ar->state != ATH10K_STATE_ON) &&
5024 	    (ar->state != ATH10K_STATE_RESTARTED))
5025 		return 0;
5026 
5027 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->tx_chain_mask,
5028 					tx_ant);
5029 	if (ret) {
5030 		ath10k_warn(ar, "failed to set tx-chainmask: %d, req 0x%x\n",
5031 			    ret, tx_ant);
5032 		return ret;
5033 	}
5034 
5035 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rx_chain_mask,
5036 					rx_ant);
5037 	if (ret) {
5038 		ath10k_warn(ar, "failed to set rx-chainmask: %d, req 0x%x\n",
5039 			    ret, rx_ant);
5040 		return ret;
5041 	}
5042 
5043 	/* Reload HT/VHT capability */
5044 	ath10k_mac_setup_ht_vht_cap(ar);
5045 
5046 	return 0;
5047 }
5048 
5049 static int ath10k_set_antenna(struct ieee80211_hw *hw, u32 tx_ant, u32 rx_ant)
5050 {
5051 	struct ath10k *ar = hw->priv;
5052 	int ret;
5053 
5054 	mutex_lock(&ar->conf_mutex);
5055 	ret = __ath10k_set_antenna(ar, tx_ant, rx_ant);
5056 	mutex_unlock(&ar->conf_mutex);
5057 	return ret;
5058 }
5059 
5060 static int __ath10k_fetch_bb_timing_dt(struct ath10k *ar,
5061 				       struct wmi_bb_timing_cfg_arg *bb_timing)
5062 {
5063 	struct device_node *node;
5064 	const char *fem_name;
5065 	int ret;
5066 
5067 	node = ar->dev->of_node;
5068 	if (!node)
5069 		return -ENOENT;
5070 
5071 	ret = of_property_read_string_index(node, "ext-fem-name", 0, &fem_name);
5072 	if (ret)
5073 		return -ENOENT;
5074 
5075 	/*
5076 	 * If external Front End module used in hardware, then default base band timing
5077 	 * parameter cannot be used since they were fine tuned for reference hardware,
5078 	 * so choosing different value suitable for that external FEM.
5079 	 */
5080 	if (!strcmp("microsemi-lx5586", fem_name)) {
5081 		bb_timing->bb_tx_timing = 0x00;
5082 		bb_timing->bb_xpa_timing = 0x0101;
5083 	} else {
5084 		return -ENOENT;
5085 	}
5086 
5087 	ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot bb_tx_timing 0x%x bb_xpa_timing 0x%x\n",
5088 		   bb_timing->bb_tx_timing, bb_timing->bb_xpa_timing);
5089 	return 0;
5090 }
5091 
5092 static int ath10k_mac_rfkill_config(struct ath10k *ar)
5093 {
5094 	u32 param;
5095 	int ret;
5096 
5097 	if (ar->hw_values->rfkill_pin == 0) {
5098 		ath10k_warn(ar, "ath10k does not support hardware rfkill with this device\n");
5099 		return -EOPNOTSUPP;
5100 	}
5101 
5102 	ath10k_dbg(ar, ATH10K_DBG_MAC,
5103 		   "mac rfkill_pin %d rfkill_cfg %d rfkill_on_level %d",
5104 		   ar->hw_values->rfkill_pin, ar->hw_values->rfkill_cfg,
5105 		   ar->hw_values->rfkill_on_level);
5106 
5107 	param = FIELD_PREP(WMI_TLV_RFKILL_CFG_RADIO_LEVEL,
5108 			   ar->hw_values->rfkill_on_level) |
5109 		FIELD_PREP(WMI_TLV_RFKILL_CFG_GPIO_PIN_NUM,
5110 			   ar->hw_values->rfkill_pin) |
5111 		FIELD_PREP(WMI_TLV_RFKILL_CFG_PIN_AS_GPIO,
5112 			   ar->hw_values->rfkill_cfg);
5113 
5114 	ret = ath10k_wmi_pdev_set_param(ar,
5115 					ar->wmi.pdev_param->rfkill_config,
5116 					param);
5117 	if (ret) {
5118 		ath10k_warn(ar,
5119 			    "failed to set rfkill config 0x%x: %d\n",
5120 			    param, ret);
5121 		return ret;
5122 	}
5123 	return 0;
5124 }
5125 
5126 int ath10k_mac_rfkill_enable_radio(struct ath10k *ar, bool enable)
5127 {
5128 	enum wmi_tlv_rfkill_enable_radio param;
5129 	int ret;
5130 
5131 	if (enable)
5132 		param = WMI_TLV_RFKILL_ENABLE_RADIO_ON;
5133 	else
5134 		param = WMI_TLV_RFKILL_ENABLE_RADIO_OFF;
5135 
5136 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac rfkill enable %d", param);
5137 
5138 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rfkill_enable,
5139 					param);
5140 	if (ret) {
5141 		ath10k_warn(ar, "failed to set rfkill enable param %d: %d\n",
5142 			    param, ret);
5143 		return ret;
5144 	}
5145 
5146 	return 0;
5147 }
5148 
5149 static int ath10k_start(struct ieee80211_hw *hw)
5150 {
5151 	struct ath10k *ar = hw->priv;
5152 	u32 param;
5153 	int ret = 0;
5154 	struct wmi_bb_timing_cfg_arg bb_timing = {0};
5155 
5156 	/*
5157 	 * This makes sense only when restarting hw. It is harmless to call
5158 	 * unconditionally. This is necessary to make sure no HTT/WMI tx
5159 	 * commands will be submitted while restarting.
5160 	 */
5161 	ath10k_drain_tx(ar);
5162 
5163 	mutex_lock(&ar->conf_mutex);
5164 
5165 	switch (ar->state) {
5166 	case ATH10K_STATE_OFF:
5167 		ar->state = ATH10K_STATE_ON;
5168 		break;
5169 	case ATH10K_STATE_RESTARTING:
5170 		ar->state = ATH10K_STATE_RESTARTED;
5171 		break;
5172 	case ATH10K_STATE_ON:
5173 	case ATH10K_STATE_RESTARTED:
5174 	case ATH10K_STATE_WEDGED:
5175 		WARN_ON(1);
5176 		ret = -EINVAL;
5177 		goto err;
5178 	case ATH10K_STATE_UTF:
5179 		ret = -EBUSY;
5180 		goto err;
5181 	}
5182 
5183 	spin_lock_bh(&ar->data_lock);
5184 
5185 	if (ar->hw_rfkill_on) {
5186 		ar->hw_rfkill_on = false;
5187 		spin_unlock_bh(&ar->data_lock);
5188 		goto err;
5189 	}
5190 
5191 	spin_unlock_bh(&ar->data_lock);
5192 
5193 	ret = ath10k_hif_power_up(ar, ATH10K_FIRMWARE_MODE_NORMAL);
5194 	if (ret) {
5195 		ath10k_err(ar, "Could not init hif: %d\n", ret);
5196 		goto err_off;
5197 	}
5198 
5199 	ret = ath10k_core_start(ar, ATH10K_FIRMWARE_MODE_NORMAL,
5200 				&ar->normal_mode_fw);
5201 	if (ret) {
5202 		ath10k_err(ar, "Could not init core: %d\n", ret);
5203 		goto err_power_down;
5204 	}
5205 
5206 	if (ar->sys_cap_info & WMI_TLV_SYS_CAP_INFO_RFKILL) {
5207 		ret = ath10k_mac_rfkill_config(ar);
5208 		if (ret && ret != -EOPNOTSUPP) {
5209 			ath10k_warn(ar, "failed to configure rfkill: %d", ret);
5210 			goto err_core_stop;
5211 		}
5212 	}
5213 
5214 	param = ar->wmi.pdev_param->pmf_qos;
5215 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5216 	if (ret) {
5217 		ath10k_warn(ar, "failed to enable PMF QOS: %d\n", ret);
5218 		goto err_core_stop;
5219 	}
5220 
5221 	param = ar->wmi.pdev_param->dynamic_bw;
5222 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5223 	if (ret) {
5224 		ath10k_warn(ar, "failed to enable dynamic BW: %d\n", ret);
5225 		goto err_core_stop;
5226 	}
5227 
5228 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
5229 		ret = ath10k_wmi_scan_prob_req_oui(ar, ar->mac_addr);
5230 		if (ret) {
5231 			ath10k_err(ar, "failed to set prob req oui: %i\n", ret);
5232 			goto err_core_stop;
5233 		}
5234 	}
5235 
5236 	if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
5237 		ret = ath10k_wmi_adaptive_qcs(ar, true);
5238 		if (ret) {
5239 			ath10k_warn(ar, "failed to enable adaptive qcs: %d\n",
5240 				    ret);
5241 			goto err_core_stop;
5242 		}
5243 	}
5244 
5245 	if (test_bit(WMI_SERVICE_BURST, ar->wmi.svc_map)) {
5246 		param = ar->wmi.pdev_param->burst_enable;
5247 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5248 		if (ret) {
5249 			ath10k_warn(ar, "failed to disable burst: %d\n", ret);
5250 			goto err_core_stop;
5251 		}
5252 	}
5253 
5254 	param = ar->wmi.pdev_param->idle_ps_config;
5255 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5256 	if (ret && ret != -EOPNOTSUPP) {
5257 		ath10k_warn(ar, "failed to enable idle_ps_config: %d\n", ret);
5258 		goto err_core_stop;
5259 	}
5260 
5261 	__ath10k_set_antenna(ar, ar->cfg_tx_chainmask, ar->cfg_rx_chainmask);
5262 
5263 	/*
5264 	 * By default FW set ARP frames ac to voice (6). In that case ARP
5265 	 * exchange is not working properly for UAPSD enabled AP. ARP requests
5266 	 * which arrives with access category 0 are processed by network stack
5267 	 * and send back with access category 0, but FW changes access category
5268 	 * to 6. Set ARP frames access category to best effort (0) solves
5269 	 * this problem.
5270 	 */
5271 
5272 	param = ar->wmi.pdev_param->arp_ac_override;
5273 	ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5274 	if (ret) {
5275 		ath10k_warn(ar, "failed to set arp ac override parameter: %d\n",
5276 			    ret);
5277 		goto err_core_stop;
5278 	}
5279 
5280 	if (test_bit(ATH10K_FW_FEATURE_SUPPORTS_ADAPTIVE_CCA,
5281 		     ar->running_fw->fw_file.fw_features)) {
5282 		ret = ath10k_wmi_pdev_enable_adaptive_cca(ar, 1,
5283 							  WMI_CCA_DETECT_LEVEL_AUTO,
5284 							  WMI_CCA_DETECT_MARGIN_AUTO);
5285 		if (ret) {
5286 			ath10k_warn(ar, "failed to enable adaptive cca: %d\n",
5287 				    ret);
5288 			goto err_core_stop;
5289 		}
5290 	}
5291 
5292 	param = ar->wmi.pdev_param->ani_enable;
5293 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5294 	if (ret) {
5295 		ath10k_warn(ar, "failed to enable ani by default: %d\n",
5296 			    ret);
5297 		goto err_core_stop;
5298 	}
5299 
5300 	ar->ani_enabled = true;
5301 
5302 	if (ath10k_peer_stats_enabled(ar)) {
5303 		param = ar->wmi.pdev_param->peer_stats_update_period;
5304 		ret = ath10k_wmi_pdev_set_param(ar, param,
5305 						PEER_DEFAULT_STATS_UPDATE_PERIOD);
5306 		if (ret) {
5307 			ath10k_warn(ar,
5308 				    "failed to set peer stats period : %d\n",
5309 				    ret);
5310 			goto err_core_stop;
5311 		}
5312 	}
5313 
5314 	param = ar->wmi.pdev_param->enable_btcoex;
5315 	if (test_bit(WMI_SERVICE_COEX_GPIO, ar->wmi.svc_map) &&
5316 	    test_bit(ATH10K_FW_FEATURE_BTCOEX_PARAM,
5317 		     ar->running_fw->fw_file.fw_features) &&
5318 	    ar->coex_support) {
5319 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5320 		if (ret) {
5321 			ath10k_warn(ar,
5322 				    "failed to set btcoex param: %d\n", ret);
5323 			goto err_core_stop;
5324 		}
5325 		clear_bit(ATH10K_FLAG_BTCOEX, &ar->dev_flags);
5326 	}
5327 
5328 	if (test_bit(WMI_SERVICE_BB_TIMING_CONFIG_SUPPORT, ar->wmi.svc_map)) {
5329 		ret = __ath10k_fetch_bb_timing_dt(ar, &bb_timing);
5330 		if (!ret) {
5331 			ret = ath10k_wmi_pdev_bb_timing(ar, &bb_timing);
5332 			if (ret) {
5333 				ath10k_warn(ar,
5334 					    "failed to set bb timings: %d\n",
5335 					    ret);
5336 				goto err_core_stop;
5337 			}
5338 		}
5339 	}
5340 
5341 	ar->num_started_vdevs = 0;
5342 	ath10k_regd_update(ar);
5343 
5344 	ath10k_spectral_start(ar);
5345 	ath10k_thermal_set_throttling(ar);
5346 
5347 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_IDLE;
5348 
5349 	mutex_unlock(&ar->conf_mutex);
5350 	return 0;
5351 
5352 err_core_stop:
5353 	ath10k_core_stop(ar);
5354 
5355 err_power_down:
5356 	ath10k_hif_power_down(ar);
5357 
5358 err_off:
5359 	ar->state = ATH10K_STATE_OFF;
5360 
5361 err:
5362 	mutex_unlock(&ar->conf_mutex);
5363 	return ret;
5364 }
5365 
5366 static void ath10k_stop(struct ieee80211_hw *hw)
5367 {
5368 	struct ath10k *ar = hw->priv;
5369 	u32 opt;
5370 
5371 	ath10k_drain_tx(ar);
5372 
5373 	mutex_lock(&ar->conf_mutex);
5374 	if (ar->state != ATH10K_STATE_OFF) {
5375 		if (!ar->hw_rfkill_on) {
5376 			/* If the current driver state is RESTARTING but not yet
5377 			 * fully RESTARTED because of incoming suspend event,
5378 			 * then ath10k_halt() is already called via
5379 			 * ath10k_core_restart() and should not be called here.
5380 			 */
5381 			if (ar->state != ATH10K_STATE_RESTARTING) {
5382 				ath10k_halt(ar);
5383 			} else {
5384 				/* Suspending here, because when in RESTARTING
5385 				 * state, ath10k_core_stop() skips
5386 				 * ath10k_wait_for_suspend().
5387 				 */
5388 				opt = WMI_PDEV_SUSPEND_AND_DISABLE_INTR;
5389 				ath10k_wait_for_suspend(ar, opt);
5390 			}
5391 		}
5392 		ar->state = ATH10K_STATE_OFF;
5393 	}
5394 	mutex_unlock(&ar->conf_mutex);
5395 
5396 	cancel_work_sync(&ar->set_coverage_class_work);
5397 	cancel_delayed_work_sync(&ar->scan.timeout);
5398 	cancel_work_sync(&ar->restart_work);
5399 }
5400 
5401 static int ath10k_config_ps(struct ath10k *ar)
5402 {
5403 	struct ath10k_vif *arvif;
5404 	int ret = 0;
5405 
5406 	lockdep_assert_held(&ar->conf_mutex);
5407 
5408 	list_for_each_entry(arvif, &ar->arvifs, list) {
5409 		ret = ath10k_mac_vif_setup_ps(arvif);
5410 		if (ret) {
5411 			ath10k_warn(ar, "failed to setup powersave: %d\n", ret);
5412 			break;
5413 		}
5414 	}
5415 
5416 	return ret;
5417 }
5418 
5419 static int ath10k_config(struct ieee80211_hw *hw, u32 changed)
5420 {
5421 	struct ath10k *ar = hw->priv;
5422 	struct ieee80211_conf *conf = &hw->conf;
5423 	int ret = 0;
5424 
5425 	mutex_lock(&ar->conf_mutex);
5426 
5427 	if (changed & IEEE80211_CONF_CHANGE_PS)
5428 		ath10k_config_ps(ar);
5429 
5430 	if (changed & IEEE80211_CONF_CHANGE_MONITOR) {
5431 		ar->monitor = conf->flags & IEEE80211_CONF_MONITOR;
5432 		ret = ath10k_monitor_recalc(ar);
5433 		if (ret)
5434 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5435 	}
5436 
5437 	mutex_unlock(&ar->conf_mutex);
5438 	return ret;
5439 }
5440 
5441 static u32 get_nss_from_chainmask(u16 chain_mask)
5442 {
5443 	if ((chain_mask & 0xf) == 0xf)
5444 		return 4;
5445 	else if ((chain_mask & 0x7) == 0x7)
5446 		return 3;
5447 	else if ((chain_mask & 0x3) == 0x3)
5448 		return 2;
5449 	return 1;
5450 }
5451 
5452 static int ath10k_mac_set_txbf_conf(struct ath10k_vif *arvif)
5453 {
5454 	u32 value = 0;
5455 	struct ath10k *ar = arvif->ar;
5456 	int nsts;
5457 	int sound_dim;
5458 
5459 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_BEFORE_ASSOC)
5460 		return 0;
5461 
5462 	nsts = ath10k_mac_get_vht_cap_bf_sts(ar);
5463 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
5464 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE))
5465 		value |= SM(nsts, WMI_TXBF_STS_CAP_OFFSET);
5466 
5467 	sound_dim = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
5468 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
5469 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE))
5470 		value |= SM(sound_dim, WMI_BF_SOUND_DIM_OFFSET);
5471 
5472 	if (!value)
5473 		return 0;
5474 
5475 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
5476 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
5477 
5478 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
5479 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFER |
5480 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFER);
5481 
5482 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
5483 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
5484 
5485 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
5486 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFEE |
5487 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFEE);
5488 
5489 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
5490 					 ar->wmi.vdev_param->txbf, value);
5491 }
5492 
5493 static void ath10k_update_vif_offload(struct ieee80211_hw *hw,
5494 				      struct ieee80211_vif *vif)
5495 {
5496 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5497 	struct ath10k *ar = hw->priv;
5498 	u32 vdev_param;
5499 	int ret;
5500 
5501 	if (ath10k_frame_mode != ATH10K_HW_TXRX_ETHERNET ||
5502 	    ar->wmi.vdev_param->tx_encap_type == WMI_VDEV_PARAM_UNSUPPORTED ||
5503 	     (vif->type != NL80211_IFTYPE_STATION &&
5504 	      vif->type != NL80211_IFTYPE_AP))
5505 		vif->offload_flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
5506 
5507 	vdev_param = ar->wmi.vdev_param->tx_encap_type;
5508 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5509 					ATH10K_HW_TXRX_NATIVE_WIFI);
5510 	/* 10.X firmware does not support this VDEV parameter. Do not warn */
5511 	if (ret && ret != -EOPNOTSUPP) {
5512 		ath10k_warn(ar, "failed to set vdev %i TX encapsulation: %d\n",
5513 			    arvif->vdev_id, ret);
5514 	}
5515 }
5516 
5517 /*
5518  * TODO:
5519  * Figure out how to handle WMI_VDEV_SUBTYPE_P2P_DEVICE,
5520  * because we will send mgmt frames without CCK. This requirement
5521  * for P2P_FIND/GO_NEG should be handled by checking CCK flag
5522  * in the TX packet.
5523  */
5524 static int ath10k_add_interface(struct ieee80211_hw *hw,
5525 				struct ieee80211_vif *vif)
5526 {
5527 	struct ath10k *ar = hw->priv;
5528 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5529 	struct ath10k_peer *peer;
5530 	enum wmi_sta_powersave_param param;
5531 	int ret = 0;
5532 	u32 value;
5533 	int bit;
5534 	int i;
5535 	u32 vdev_param;
5536 
5537 	vif->driver_flags |= IEEE80211_VIF_SUPPORTS_UAPSD;
5538 
5539 	mutex_lock(&ar->conf_mutex);
5540 
5541 	memset(arvif, 0, sizeof(*arvif));
5542 	ath10k_mac_txq_init(vif->txq);
5543 
5544 	arvif->ar = ar;
5545 	arvif->vif = vif;
5546 
5547 	INIT_LIST_HEAD(&arvif->list);
5548 	INIT_WORK(&arvif->ap_csa_work, ath10k_mac_vif_ap_csa_work);
5549 	INIT_DELAYED_WORK(&arvif->connection_loss_work,
5550 			  ath10k_mac_vif_sta_connection_loss_work);
5551 
5552 	for (i = 0; i < ARRAY_SIZE(arvif->bitrate_mask.control); i++) {
5553 		arvif->bitrate_mask.control[i].legacy = 0xffffffff;
5554 		memset(arvif->bitrate_mask.control[i].ht_mcs, 0xff,
5555 		       sizeof(arvif->bitrate_mask.control[i].ht_mcs));
5556 		memset(arvif->bitrate_mask.control[i].vht_mcs, 0xff,
5557 		       sizeof(arvif->bitrate_mask.control[i].vht_mcs));
5558 	}
5559 
5560 	if (ar->num_peers >= ar->max_num_peers) {
5561 		ath10k_warn(ar, "refusing vdev creation due to insufficient peer entry resources in firmware\n");
5562 		ret = -ENOBUFS;
5563 		goto err;
5564 	}
5565 
5566 	if (ar->free_vdev_map == 0) {
5567 		ath10k_warn(ar, "Free vdev map is empty, no more interfaces allowed.\n");
5568 		ret = -EBUSY;
5569 		goto err;
5570 	}
5571 	bit = __ffs64(ar->free_vdev_map);
5572 
5573 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac create vdev %i map %llx\n",
5574 		   bit, ar->free_vdev_map);
5575 
5576 	arvif->vdev_id = bit;
5577 	arvif->vdev_subtype =
5578 		ath10k_wmi_get_vdev_subtype(ar, WMI_VDEV_SUBTYPE_NONE);
5579 
5580 	switch (vif->type) {
5581 	case NL80211_IFTYPE_P2P_DEVICE:
5582 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5583 		arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5584 					(ar, WMI_VDEV_SUBTYPE_P2P_DEVICE);
5585 		break;
5586 	case NL80211_IFTYPE_UNSPECIFIED:
5587 	case NL80211_IFTYPE_STATION:
5588 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5589 		if (vif->p2p)
5590 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5591 					(ar, WMI_VDEV_SUBTYPE_P2P_CLIENT);
5592 		break;
5593 	case NL80211_IFTYPE_ADHOC:
5594 		arvif->vdev_type = WMI_VDEV_TYPE_IBSS;
5595 		break;
5596 	case NL80211_IFTYPE_MESH_POINT:
5597 		if (test_bit(WMI_SERVICE_MESH_11S, ar->wmi.svc_map)) {
5598 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5599 						(ar, WMI_VDEV_SUBTYPE_MESH_11S);
5600 		} else if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5601 			ret = -EINVAL;
5602 			ath10k_warn(ar, "must load driver with rawmode=1 to add mesh interfaces\n");
5603 			goto err;
5604 		}
5605 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5606 		break;
5607 	case NL80211_IFTYPE_AP:
5608 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5609 
5610 		if (vif->p2p)
5611 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5612 						(ar, WMI_VDEV_SUBTYPE_P2P_GO);
5613 		break;
5614 	case NL80211_IFTYPE_MONITOR:
5615 		arvif->vdev_type = WMI_VDEV_TYPE_MONITOR;
5616 		break;
5617 	default:
5618 		WARN_ON(1);
5619 		break;
5620 	}
5621 
5622 	/* Using vdev_id as queue number will make it very easy to do per-vif
5623 	 * tx queue locking. This shouldn't wrap due to interface combinations
5624 	 * but do a modulo for correctness sake and prevent using offchannel tx
5625 	 * queues for regular vif tx.
5626 	 */
5627 	vif->cab_queue = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5628 	for (i = 0; i < ARRAY_SIZE(vif->hw_queue); i++)
5629 		vif->hw_queue[i] = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5630 
5631 	/* Some firmware revisions don't wait for beacon tx completion before
5632 	 * sending another SWBA event. This could lead to hardware using old
5633 	 * (freed) beacon data in some cases, e.g. tx credit starvation
5634 	 * combined with missed TBTT. This is very rare.
5635 	 *
5636 	 * On non-IOMMU-enabled hosts this could be a possible security issue
5637 	 * because hw could beacon some random data on the air.  On
5638 	 * IOMMU-enabled hosts DMAR faults would occur in most cases and target
5639 	 * device would crash.
5640 	 *
5641 	 * Since there are no beacon tx completions (implicit nor explicit)
5642 	 * propagated to host the only workaround for this is to allocate a
5643 	 * DMA-coherent buffer for a lifetime of a vif and use it for all
5644 	 * beacon tx commands. Worst case for this approach is some beacons may
5645 	 * become corrupted, e.g. have garbled IEs or out-of-date TIM bitmap.
5646 	 */
5647 	if (vif->type == NL80211_IFTYPE_ADHOC ||
5648 	    vif->type == NL80211_IFTYPE_MESH_POINT ||
5649 	    vif->type == NL80211_IFTYPE_AP) {
5650 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL) {
5651 			arvif->beacon_buf = kmalloc(IEEE80211_MAX_FRAME_LEN,
5652 						    GFP_KERNEL);
5653 
5654 			/* Using a kernel pointer in place of a dma_addr_t
5655 			 * token can lead to undefined behavior if that
5656 			 * makes it into cache management functions. Use a
5657 			 * known-invalid address token instead, which
5658 			 * avoids the warning and makes it easier to catch
5659 			 * bugs if it does end up getting used.
5660 			 */
5661 			arvif->beacon_paddr = DMA_MAPPING_ERROR;
5662 		} else {
5663 			arvif->beacon_buf =
5664 				dma_alloc_coherent(ar->dev,
5665 						   IEEE80211_MAX_FRAME_LEN,
5666 						   &arvif->beacon_paddr,
5667 						   GFP_ATOMIC);
5668 		}
5669 		if (!arvif->beacon_buf) {
5670 			ret = -ENOMEM;
5671 			ath10k_warn(ar, "failed to allocate beacon buffer: %d\n",
5672 				    ret);
5673 			goto err;
5674 		}
5675 	}
5676 	if (test_bit(ATH10K_FLAG_HW_CRYPTO_DISABLED, &ar->dev_flags))
5677 		arvif->nohwcrypt = true;
5678 
5679 	if (arvif->nohwcrypt &&
5680 	    !test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5681 		ret = -EINVAL;
5682 		ath10k_warn(ar, "cryptmode module param needed for sw crypto\n");
5683 		goto err;
5684 	}
5685 
5686 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev create %d (add interface) type %d subtype %d bcnmode %s\n",
5687 		   arvif->vdev_id, arvif->vdev_type, arvif->vdev_subtype,
5688 		   arvif->beacon_buf ? "single-buf" : "per-skb");
5689 
5690 	ret = ath10k_wmi_vdev_create(ar, arvif->vdev_id, arvif->vdev_type,
5691 				     arvif->vdev_subtype, vif->addr);
5692 	if (ret) {
5693 		ath10k_warn(ar, "failed to create WMI vdev %i: %d\n",
5694 			    arvif->vdev_id, ret);
5695 		goto err;
5696 	}
5697 
5698 	if (test_bit(WMI_SERVICE_VDEV_DISABLE_4_ADDR_SRC_LRN_SUPPORT,
5699 		     ar->wmi.svc_map)) {
5700 		vdev_param = ar->wmi.vdev_param->disable_4addr_src_lrn;
5701 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5702 						WMI_VDEV_DISABLE_4_ADDR_SRC_LRN);
5703 		if (ret && ret != -EOPNOTSUPP) {
5704 			ath10k_warn(ar, "failed to disable 4addr src lrn vdev %i: %d\n",
5705 				    arvif->vdev_id, ret);
5706 		}
5707 	}
5708 
5709 	ar->free_vdev_map &= ~(1LL << arvif->vdev_id);
5710 	spin_lock_bh(&ar->data_lock);
5711 	list_add(&arvif->list, &ar->arvifs);
5712 	spin_unlock_bh(&ar->data_lock);
5713 
5714 	/* It makes no sense to have firmware do keepalives. mac80211 already
5715 	 * takes care of this with idle connection polling.
5716 	 */
5717 	ret = ath10k_mac_vif_disable_keepalive(arvif);
5718 	if (ret) {
5719 		ath10k_warn(ar, "failed to disable keepalive on vdev %i: %d\n",
5720 			    arvif->vdev_id, ret);
5721 		goto err_vdev_delete;
5722 	}
5723 
5724 	arvif->def_wep_key_idx = -1;
5725 
5726 	ath10k_update_vif_offload(hw, vif);
5727 
5728 	/* Configuring number of spatial stream for monitor interface is causing
5729 	 * target assert in qca9888 and qca6174.
5730 	 */
5731 	if (ar->cfg_tx_chainmask && (vif->type != NL80211_IFTYPE_MONITOR)) {
5732 		u16 nss = get_nss_from_chainmask(ar->cfg_tx_chainmask);
5733 
5734 		vdev_param = ar->wmi.vdev_param->nss;
5735 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5736 						nss);
5737 		if (ret) {
5738 			ath10k_warn(ar, "failed to set vdev %i chainmask 0x%x, nss %i: %d\n",
5739 				    arvif->vdev_id, ar->cfg_tx_chainmask, nss,
5740 				    ret);
5741 			goto err_vdev_delete;
5742 		}
5743 	}
5744 
5745 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5746 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5747 		ret = ath10k_peer_create(ar, vif, NULL, arvif->vdev_id,
5748 					 vif->addr, WMI_PEER_TYPE_DEFAULT);
5749 		if (ret) {
5750 			ath10k_warn(ar, "failed to create vdev %i peer for AP/IBSS: %d\n",
5751 				    arvif->vdev_id, ret);
5752 			goto err_vdev_delete;
5753 		}
5754 
5755 		spin_lock_bh(&ar->data_lock);
5756 
5757 		peer = ath10k_peer_find(ar, arvif->vdev_id, vif->addr);
5758 		if (!peer) {
5759 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
5760 				    vif->addr, arvif->vdev_id);
5761 			spin_unlock_bh(&ar->data_lock);
5762 			ret = -ENOENT;
5763 			goto err_peer_delete;
5764 		}
5765 
5766 		arvif->peer_id = find_first_bit(peer->peer_ids,
5767 						ATH10K_MAX_NUM_PEER_IDS);
5768 
5769 		spin_unlock_bh(&ar->data_lock);
5770 	} else {
5771 		arvif->peer_id = HTT_INVALID_PEERID;
5772 	}
5773 
5774 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
5775 		ret = ath10k_mac_set_kickout(arvif);
5776 		if (ret) {
5777 			ath10k_warn(ar, "failed to set vdev %i kickout parameters: %d\n",
5778 				    arvif->vdev_id, ret);
5779 			goto err_peer_delete;
5780 		}
5781 	}
5782 
5783 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
5784 		param = WMI_STA_PS_PARAM_RX_WAKE_POLICY;
5785 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
5786 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
5787 						  param, value);
5788 		if (ret) {
5789 			ath10k_warn(ar, "failed to set vdev %i RX wake policy: %d\n",
5790 				    arvif->vdev_id, ret);
5791 			goto err_peer_delete;
5792 		}
5793 
5794 		ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
5795 		if (ret) {
5796 			ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
5797 				    arvif->vdev_id, ret);
5798 			goto err_peer_delete;
5799 		}
5800 
5801 		ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
5802 		if (ret) {
5803 			ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
5804 				    arvif->vdev_id, ret);
5805 			goto err_peer_delete;
5806 		}
5807 	}
5808 
5809 	ret = ath10k_mac_set_txbf_conf(arvif);
5810 	if (ret) {
5811 		ath10k_warn(ar, "failed to set txbf for vdev %d: %d\n",
5812 			    arvif->vdev_id, ret);
5813 		goto err_peer_delete;
5814 	}
5815 
5816 	ret = ath10k_mac_set_rts(arvif, ar->hw->wiphy->rts_threshold);
5817 	if (ret) {
5818 		ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
5819 			    arvif->vdev_id, ret);
5820 		goto err_peer_delete;
5821 	}
5822 
5823 	arvif->txpower = vif->bss_conf.txpower;
5824 	ret = ath10k_mac_txpower_recalc(ar);
5825 	if (ret) {
5826 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5827 		goto err_peer_delete;
5828 	}
5829 
5830 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
5831 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
5832 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5833 						arvif->ftm_responder);
5834 
5835 		/* It is harmless to not set FTM role. Do not warn */
5836 		if (ret && ret != -EOPNOTSUPP)
5837 			ath10k_warn(ar, "failed to set vdev %i FTM Responder: %d\n",
5838 				    arvif->vdev_id, ret);
5839 	}
5840 
5841 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5842 		ar->monitor_arvif = arvif;
5843 		ret = ath10k_monitor_recalc(ar);
5844 		if (ret) {
5845 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5846 			goto err_peer_delete;
5847 		}
5848 	}
5849 
5850 	spin_lock_bh(&ar->htt.tx_lock);
5851 	if (!ar->tx_paused)
5852 		ieee80211_wake_queue(ar->hw, arvif->vdev_id);
5853 	spin_unlock_bh(&ar->htt.tx_lock);
5854 
5855 	mutex_unlock(&ar->conf_mutex);
5856 	return 0;
5857 
5858 err_peer_delete:
5859 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5860 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5861 		ath10k_wmi_peer_delete(ar, arvif->vdev_id, vif->addr);
5862 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5863 						 vif->addr);
5864 	}
5865 
5866 err_vdev_delete:
5867 	ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5868 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5869 	spin_lock_bh(&ar->data_lock);
5870 	list_del(&arvif->list);
5871 	spin_unlock_bh(&ar->data_lock);
5872 
5873 err:
5874 	if (arvif->beacon_buf) {
5875 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)
5876 			kfree(arvif->beacon_buf);
5877 		else
5878 			dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
5879 					  arvif->beacon_buf,
5880 					  arvif->beacon_paddr);
5881 		arvif->beacon_buf = NULL;
5882 	}
5883 
5884 	mutex_unlock(&ar->conf_mutex);
5885 
5886 	return ret;
5887 }
5888 
5889 static void ath10k_mac_vif_tx_unlock_all(struct ath10k_vif *arvif)
5890 {
5891 	int i;
5892 
5893 	for (i = 0; i < BITS_PER_LONG; i++)
5894 		ath10k_mac_vif_tx_unlock(arvif, i);
5895 }
5896 
5897 static void ath10k_remove_interface(struct ieee80211_hw *hw,
5898 				    struct ieee80211_vif *vif)
5899 {
5900 	struct ath10k *ar = hw->priv;
5901 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5902 	struct ath10k_peer *peer;
5903 	unsigned long time_left;
5904 	int ret;
5905 	int i;
5906 
5907 	cancel_work_sync(&arvif->ap_csa_work);
5908 	cancel_delayed_work_sync(&arvif->connection_loss_work);
5909 
5910 	mutex_lock(&ar->conf_mutex);
5911 
5912 	ret = ath10k_spectral_vif_stop(arvif);
5913 	if (ret)
5914 		ath10k_warn(ar, "failed to stop spectral for vdev %i: %d\n",
5915 			    arvif->vdev_id, ret);
5916 
5917 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5918 	spin_lock_bh(&ar->data_lock);
5919 	list_del(&arvif->list);
5920 	spin_unlock_bh(&ar->data_lock);
5921 
5922 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5923 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5924 		ret = ath10k_wmi_peer_delete(arvif->ar, arvif->vdev_id,
5925 					     vif->addr);
5926 		if (ret)
5927 			ath10k_warn(ar, "failed to submit AP/IBSS self-peer removal on vdev %i: %d\n",
5928 				    arvif->vdev_id, ret);
5929 
5930 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5931 						 vif->addr);
5932 		kfree(arvif->u.ap.noa_data);
5933 	}
5934 
5935 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i delete (remove interface)\n",
5936 		   arvif->vdev_id);
5937 
5938 	ret = ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5939 	if (ret)
5940 		ath10k_warn(ar, "failed to delete WMI vdev %i: %d\n",
5941 			    arvif->vdev_id, ret);
5942 
5943 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
5944 		time_left = wait_for_completion_timeout(&ar->vdev_delete_done,
5945 							ATH10K_VDEV_DELETE_TIMEOUT_HZ);
5946 		if (time_left == 0) {
5947 			ath10k_warn(ar, "Timeout in receiving vdev delete response\n");
5948 			goto out;
5949 		}
5950 	}
5951 
5952 	/* Some firmware revisions don't notify host about self-peer removal
5953 	 * until after associated vdev is deleted.
5954 	 */
5955 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5956 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5957 		ret = ath10k_wait_for_peer_deleted(ar, arvif->vdev_id,
5958 						   vif->addr);
5959 		if (ret)
5960 			ath10k_warn(ar, "failed to remove AP self-peer on vdev %i: %d\n",
5961 				    arvif->vdev_id, ret);
5962 
5963 		spin_lock_bh(&ar->data_lock);
5964 		ar->num_peers--;
5965 		spin_unlock_bh(&ar->data_lock);
5966 	}
5967 
5968 	spin_lock_bh(&ar->data_lock);
5969 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
5970 		peer = ar->peer_map[i];
5971 		if (!peer)
5972 			continue;
5973 
5974 		if (peer->vif == vif) {
5975 			ath10k_warn(ar, "found vif peer %pM entry on vdev %i after it was supposedly removed\n",
5976 				    vif->addr, arvif->vdev_id);
5977 			peer->vif = NULL;
5978 		}
5979 	}
5980 
5981 	/* Clean this up late, less opportunity for firmware to access
5982 	 * DMA memory we have deleted.
5983 	 */
5984 	ath10k_mac_vif_beacon_cleanup(arvif);
5985 	spin_unlock_bh(&ar->data_lock);
5986 
5987 	ath10k_peer_cleanup(ar, arvif->vdev_id);
5988 	ath10k_mac_txq_unref(ar, vif->txq);
5989 
5990 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5991 		ar->monitor_arvif = NULL;
5992 		ret = ath10k_monitor_recalc(ar);
5993 		if (ret)
5994 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5995 	}
5996 
5997 	ret = ath10k_mac_txpower_recalc(ar);
5998 	if (ret)
5999 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
6000 
6001 	spin_lock_bh(&ar->htt.tx_lock);
6002 	ath10k_mac_vif_tx_unlock_all(arvif);
6003 	spin_unlock_bh(&ar->htt.tx_lock);
6004 
6005 	ath10k_mac_txq_unref(ar, vif->txq);
6006 
6007 out:
6008 	mutex_unlock(&ar->conf_mutex);
6009 }
6010 
6011 /*
6012  * FIXME: Has to be verified.
6013  */
6014 #define SUPPORTED_FILTERS			\
6015 	(FIF_ALLMULTI |				\
6016 	FIF_CONTROL |				\
6017 	FIF_PSPOLL |				\
6018 	FIF_OTHER_BSS |				\
6019 	FIF_BCN_PRBRESP_PROMISC |		\
6020 	FIF_PROBE_REQ |				\
6021 	FIF_FCSFAIL)
6022 
6023 static void ath10k_configure_filter(struct ieee80211_hw *hw,
6024 				    unsigned int changed_flags,
6025 				    unsigned int *total_flags,
6026 				    u64 multicast)
6027 {
6028 	struct ath10k *ar = hw->priv;
6029 	int ret;
6030 
6031 	mutex_lock(&ar->conf_mutex);
6032 
6033 	*total_flags &= SUPPORTED_FILTERS;
6034 	ar->filter_flags = *total_flags;
6035 
6036 	ret = ath10k_monitor_recalc(ar);
6037 	if (ret)
6038 		ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
6039 
6040 	mutex_unlock(&ar->conf_mutex);
6041 }
6042 
6043 static void ath10k_recalculate_mgmt_rate(struct ath10k *ar,
6044 					 struct ieee80211_vif *vif,
6045 					 struct cfg80211_chan_def *def)
6046 {
6047 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6048 	const struct ieee80211_supported_band *sband;
6049 	u8 basic_rate_idx;
6050 	int hw_rate_code;
6051 	u32 vdev_param;
6052 	u16 bitrate;
6053 	int ret;
6054 
6055 	lockdep_assert_held(&ar->conf_mutex);
6056 
6057 	sband = ar->hw->wiphy->bands[def->chan->band];
6058 	basic_rate_idx = ffs(vif->bss_conf.basic_rates) - 1;
6059 	bitrate = sband->bitrates[basic_rate_idx].bitrate;
6060 
6061 	hw_rate_code = ath10k_mac_get_rate_hw_value(bitrate);
6062 	if (hw_rate_code < 0) {
6063 		ath10k_warn(ar, "bitrate not supported %d\n", bitrate);
6064 		return;
6065 	}
6066 
6067 	vdev_param = ar->wmi.vdev_param->mgmt_rate;
6068 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6069 					hw_rate_code);
6070 	if (ret)
6071 		ath10k_warn(ar, "failed to set mgmt tx rate %d\n", ret);
6072 }
6073 
6074 static void ath10k_bss_info_changed(struct ieee80211_hw *hw,
6075 				    struct ieee80211_vif *vif,
6076 				    struct ieee80211_bss_conf *info,
6077 				    u64 changed)
6078 {
6079 	struct ath10k *ar = hw->priv;
6080 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6081 	struct cfg80211_chan_def def;
6082 	u32 vdev_param, pdev_param, slottime, preamble;
6083 	u16 bitrate, hw_value;
6084 	u8 rate, rateidx;
6085 	int ret = 0, mcast_rate;
6086 	enum nl80211_band band;
6087 
6088 	mutex_lock(&ar->conf_mutex);
6089 
6090 	if (changed & BSS_CHANGED_IBSS)
6091 		ath10k_control_ibss(arvif, vif);
6092 
6093 	if (changed & BSS_CHANGED_BEACON_INT) {
6094 		arvif->beacon_interval = info->beacon_int;
6095 		vdev_param = ar->wmi.vdev_param->beacon_interval;
6096 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6097 						arvif->beacon_interval);
6098 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6099 			   "mac vdev %d beacon_interval %d\n",
6100 			   arvif->vdev_id, arvif->beacon_interval);
6101 
6102 		if (ret)
6103 			ath10k_warn(ar, "failed to set beacon interval for vdev %d: %i\n",
6104 				    arvif->vdev_id, ret);
6105 	}
6106 
6107 	if (changed & BSS_CHANGED_BEACON) {
6108 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6109 			   "vdev %d set beacon tx mode to staggered\n",
6110 			   arvif->vdev_id);
6111 
6112 		pdev_param = ar->wmi.pdev_param->beacon_tx_mode;
6113 		ret = ath10k_wmi_pdev_set_param(ar, pdev_param,
6114 						WMI_BEACON_STAGGERED_MODE);
6115 		if (ret)
6116 			ath10k_warn(ar, "failed to set beacon mode for vdev %d: %i\n",
6117 				    arvif->vdev_id, ret);
6118 
6119 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
6120 		if (ret)
6121 			ath10k_warn(ar, "failed to update beacon template: %d\n",
6122 				    ret);
6123 
6124 		if (ieee80211_vif_is_mesh(vif)) {
6125 			/* mesh doesn't use SSID but firmware needs it */
6126 			strncpy(arvif->u.ap.ssid, "mesh",
6127 				sizeof(arvif->u.ap.ssid));
6128 			arvif->u.ap.ssid_len = 4;
6129 		}
6130 	}
6131 
6132 	if (changed & BSS_CHANGED_AP_PROBE_RESP) {
6133 		ret = ath10k_mac_setup_prb_tmpl(arvif);
6134 		if (ret)
6135 			ath10k_warn(ar, "failed to setup probe resp template on vdev %i: %d\n",
6136 				    arvif->vdev_id, ret);
6137 	}
6138 
6139 	if (changed & (BSS_CHANGED_BEACON_INFO | BSS_CHANGED_BEACON)) {
6140 		arvif->dtim_period = info->dtim_period;
6141 
6142 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6143 			   "mac vdev %d dtim_period %d\n",
6144 			   arvif->vdev_id, arvif->dtim_period);
6145 
6146 		vdev_param = ar->wmi.vdev_param->dtim_period;
6147 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6148 						arvif->dtim_period);
6149 		if (ret)
6150 			ath10k_warn(ar, "failed to set dtim period for vdev %d: %i\n",
6151 				    arvif->vdev_id, ret);
6152 	}
6153 
6154 	if (changed & BSS_CHANGED_SSID &&
6155 	    vif->type == NL80211_IFTYPE_AP) {
6156 		arvif->u.ap.ssid_len = vif->cfg.ssid_len;
6157 		if (vif->cfg.ssid_len)
6158 			memcpy(arvif->u.ap.ssid, vif->cfg.ssid,
6159 			       vif->cfg.ssid_len);
6160 		arvif->u.ap.hidden_ssid = info->hidden_ssid;
6161 	}
6162 
6163 	if (changed & BSS_CHANGED_BSSID && !is_zero_ether_addr(info->bssid))
6164 		ether_addr_copy(arvif->bssid, info->bssid);
6165 
6166 	if (changed & BSS_CHANGED_FTM_RESPONDER &&
6167 	    arvif->ftm_responder != info->ftm_responder &&
6168 	    test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
6169 		arvif->ftm_responder = info->ftm_responder;
6170 
6171 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
6172 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6173 						arvif->ftm_responder);
6174 
6175 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6176 			   "mac vdev %d ftm_responder %d:ret %d\n",
6177 			   arvif->vdev_id, arvif->ftm_responder, ret);
6178 	}
6179 
6180 	if (changed & BSS_CHANGED_BEACON_ENABLED)
6181 		ath10k_control_beaconing(arvif, info);
6182 
6183 	if (changed & BSS_CHANGED_ERP_CTS_PROT) {
6184 		arvif->use_cts_prot = info->use_cts_prot;
6185 
6186 		ret = ath10k_recalc_rtscts_prot(arvif);
6187 		if (ret)
6188 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
6189 				    arvif->vdev_id, ret);
6190 
6191 		if (ath10k_mac_can_set_cts_prot(arvif)) {
6192 			ret = ath10k_mac_set_cts_prot(arvif);
6193 			if (ret)
6194 				ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
6195 					    arvif->vdev_id, ret);
6196 		}
6197 	}
6198 
6199 	if (changed & BSS_CHANGED_ERP_SLOT) {
6200 		if (info->use_short_slot)
6201 			slottime = WMI_VDEV_SLOT_TIME_SHORT; /* 9us */
6202 
6203 		else
6204 			slottime = WMI_VDEV_SLOT_TIME_LONG; /* 20us */
6205 
6206 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d slot_time %d\n",
6207 			   arvif->vdev_id, slottime);
6208 
6209 		vdev_param = ar->wmi.vdev_param->slot_time;
6210 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6211 						slottime);
6212 		if (ret)
6213 			ath10k_warn(ar, "failed to set erp slot for vdev %d: %i\n",
6214 				    arvif->vdev_id, ret);
6215 	}
6216 
6217 	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
6218 		if (info->use_short_preamble)
6219 			preamble = WMI_VDEV_PREAMBLE_SHORT;
6220 		else
6221 			preamble = WMI_VDEV_PREAMBLE_LONG;
6222 
6223 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6224 			   "mac vdev %d preamble %dn",
6225 			   arvif->vdev_id, preamble);
6226 
6227 		vdev_param = ar->wmi.vdev_param->preamble;
6228 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6229 						preamble);
6230 		if (ret)
6231 			ath10k_warn(ar, "failed to set preamble for vdev %d: %i\n",
6232 				    arvif->vdev_id, ret);
6233 	}
6234 
6235 	if (changed & BSS_CHANGED_ASSOC) {
6236 		if (vif->cfg.assoc) {
6237 			/* Workaround: Make sure monitor vdev is not running
6238 			 * when associating to prevent some firmware revisions
6239 			 * (e.g. 10.1 and 10.2) from crashing.
6240 			 */
6241 			if (ar->monitor_started)
6242 				ath10k_monitor_stop(ar);
6243 			ath10k_bss_assoc(hw, vif, info);
6244 			ath10k_monitor_recalc(ar);
6245 		} else {
6246 			ath10k_bss_disassoc(hw, vif);
6247 		}
6248 	}
6249 
6250 	if (changed & BSS_CHANGED_TXPOWER) {
6251 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev_id %i txpower %d\n",
6252 			   arvif->vdev_id, info->txpower);
6253 
6254 		arvif->txpower = info->txpower;
6255 		ret = ath10k_mac_txpower_recalc(ar);
6256 		if (ret)
6257 			ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
6258 	}
6259 
6260 	if (changed & BSS_CHANGED_PS) {
6261 		arvif->ps = vif->cfg.ps;
6262 
6263 		ret = ath10k_config_ps(ar);
6264 		if (ret)
6265 			ath10k_warn(ar, "failed to setup ps on vdev %i: %d\n",
6266 				    arvif->vdev_id, ret);
6267 	}
6268 
6269 	if (changed & BSS_CHANGED_MCAST_RATE &&
6270 	    !ath10k_mac_vif_chan(arvif->vif, &def)) {
6271 		band = def.chan->band;
6272 		mcast_rate = vif->bss_conf.mcast_rate[band];
6273 		if (mcast_rate > 0)
6274 			rateidx = mcast_rate - 1;
6275 		else
6276 			rateidx = ffs(vif->bss_conf.basic_rates) - 1;
6277 
6278 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6279 			rateidx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6280 
6281 		bitrate = ath10k_wmi_legacy_rates[rateidx].bitrate;
6282 		hw_value = ath10k_wmi_legacy_rates[rateidx].hw_value;
6283 		if (ath10k_mac_bitrate_is_cck(bitrate))
6284 			preamble = WMI_RATE_PREAMBLE_CCK;
6285 		else
6286 			preamble = WMI_RATE_PREAMBLE_OFDM;
6287 
6288 		rate = ATH10K_HW_RATECODE(hw_value, 0, preamble);
6289 
6290 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6291 			   "mac vdev %d mcast_rate %x\n",
6292 			   arvif->vdev_id, rate);
6293 
6294 		vdev_param = ar->wmi.vdev_param->mcast_data_rate;
6295 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6296 						vdev_param, rate);
6297 		if (ret)
6298 			ath10k_warn(ar,
6299 				    "failed to set mcast rate on vdev %i: %d\n",
6300 				    arvif->vdev_id,  ret);
6301 
6302 		vdev_param = ar->wmi.vdev_param->bcast_data_rate;
6303 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6304 						vdev_param, rate);
6305 		if (ret)
6306 			ath10k_warn(ar,
6307 				    "failed to set bcast rate on vdev %i: %d\n",
6308 				    arvif->vdev_id,  ret);
6309 	}
6310 
6311 	if (changed & BSS_CHANGED_BASIC_RATES &&
6312 	    !ath10k_mac_vif_chan(arvif->vif, &def))
6313 		ath10k_recalculate_mgmt_rate(ar, vif, &def);
6314 
6315 	mutex_unlock(&ar->conf_mutex);
6316 }
6317 
6318 static void ath10k_mac_op_set_coverage_class(struct ieee80211_hw *hw, s16 value)
6319 {
6320 	struct ath10k *ar = hw->priv;
6321 
6322 	/* This function should never be called if setting the coverage class
6323 	 * is not supported on this hardware.
6324 	 */
6325 	if (!ar->hw_params.hw_ops->set_coverage_class) {
6326 		WARN_ON_ONCE(1);
6327 		return;
6328 	}
6329 	ar->hw_params.hw_ops->set_coverage_class(ar, value);
6330 }
6331 
6332 struct ath10k_mac_tdls_iter_data {
6333 	u32 num_tdls_stations;
6334 	struct ieee80211_vif *curr_vif;
6335 };
6336 
6337 static void ath10k_mac_tdls_vif_stations_count_iter(void *data,
6338 						    struct ieee80211_sta *sta)
6339 {
6340 	struct ath10k_mac_tdls_iter_data *iter_data = data;
6341 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
6342 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
6343 
6344 	if (sta->tdls && sta_vif == iter_data->curr_vif)
6345 		iter_data->num_tdls_stations++;
6346 }
6347 
6348 static int ath10k_mac_tdls_vif_stations_count(struct ieee80211_hw *hw,
6349 					      struct ieee80211_vif *vif)
6350 {
6351 	struct ath10k_mac_tdls_iter_data data = {};
6352 
6353 	data.curr_vif = vif;
6354 
6355 	ieee80211_iterate_stations_atomic(hw,
6356 					  ath10k_mac_tdls_vif_stations_count_iter,
6357 					  &data);
6358 	return data.num_tdls_stations;
6359 }
6360 
6361 static int ath10k_hw_scan(struct ieee80211_hw *hw,
6362 			  struct ieee80211_vif *vif,
6363 			  struct ieee80211_scan_request *hw_req)
6364 {
6365 	struct ath10k *ar = hw->priv;
6366 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6367 	struct cfg80211_scan_request *req = &hw_req->req;
6368 	struct wmi_start_scan_arg arg;
6369 	int ret = 0;
6370 	int i;
6371 	u32 scan_timeout;
6372 
6373 	mutex_lock(&ar->conf_mutex);
6374 
6375 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
6376 		ret = -EBUSY;
6377 		goto exit;
6378 	}
6379 
6380 	spin_lock_bh(&ar->data_lock);
6381 	switch (ar->scan.state) {
6382 	case ATH10K_SCAN_IDLE:
6383 		reinit_completion(&ar->scan.started);
6384 		reinit_completion(&ar->scan.completed);
6385 		ar->scan.state = ATH10K_SCAN_STARTING;
6386 		ar->scan.is_roc = false;
6387 		ar->scan.vdev_id = arvif->vdev_id;
6388 		ret = 0;
6389 		break;
6390 	case ATH10K_SCAN_STARTING:
6391 	case ATH10K_SCAN_RUNNING:
6392 	case ATH10K_SCAN_ABORTING:
6393 		ret = -EBUSY;
6394 		break;
6395 	}
6396 	spin_unlock_bh(&ar->data_lock);
6397 
6398 	if (ret)
6399 		goto exit;
6400 
6401 	memset(&arg, 0, sizeof(arg));
6402 	ath10k_wmi_start_scan_init(ar, &arg);
6403 	arg.vdev_id = arvif->vdev_id;
6404 	arg.scan_id = ATH10K_SCAN_ID;
6405 
6406 	if (req->ie_len) {
6407 		arg.ie_len = req->ie_len;
6408 		memcpy(arg.ie, req->ie, arg.ie_len);
6409 	}
6410 
6411 	if (req->n_ssids) {
6412 		arg.n_ssids = req->n_ssids;
6413 		for (i = 0; i < arg.n_ssids; i++) {
6414 			arg.ssids[i].len  = req->ssids[i].ssid_len;
6415 			arg.ssids[i].ssid = req->ssids[i].ssid;
6416 		}
6417 	} else {
6418 		arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
6419 	}
6420 
6421 	if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6422 		arg.scan_ctrl_flags |=  WMI_SCAN_ADD_SPOOFED_MAC_IN_PROBE_REQ;
6423 		ether_addr_copy(arg.mac_addr.addr, req->mac_addr);
6424 		ether_addr_copy(arg.mac_mask.addr, req->mac_addr_mask);
6425 	}
6426 
6427 	if (req->n_channels) {
6428 		arg.n_channels = req->n_channels;
6429 		for (i = 0; i < arg.n_channels; i++)
6430 			arg.channels[i] = req->channels[i]->center_freq;
6431 	}
6432 
6433 	/* if duration is set, default dwell times will be overwritten */
6434 	if (req->duration) {
6435 		arg.dwell_time_active = req->duration;
6436 		arg.dwell_time_passive = req->duration;
6437 		arg.burst_duration_ms = req->duration;
6438 
6439 		scan_timeout = min_t(u32, arg.max_rest_time *
6440 				(arg.n_channels - 1) + (req->duration +
6441 				ATH10K_SCAN_CHANNEL_SWITCH_WMI_EVT_OVERHEAD) *
6442 				arg.n_channels, arg.max_scan_time);
6443 	} else {
6444 		scan_timeout = arg.max_scan_time;
6445 	}
6446 
6447 	/* Add a 200ms margin to account for event/command processing */
6448 	scan_timeout += 200;
6449 
6450 	ret = ath10k_start_scan(ar, &arg);
6451 	if (ret) {
6452 		ath10k_warn(ar, "failed to start hw scan: %d\n", ret);
6453 		spin_lock_bh(&ar->data_lock);
6454 		ar->scan.state = ATH10K_SCAN_IDLE;
6455 		spin_unlock_bh(&ar->data_lock);
6456 	}
6457 
6458 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
6459 				     msecs_to_jiffies(scan_timeout));
6460 
6461 exit:
6462 	mutex_unlock(&ar->conf_mutex);
6463 	return ret;
6464 }
6465 
6466 static void ath10k_cancel_hw_scan(struct ieee80211_hw *hw,
6467 				  struct ieee80211_vif *vif)
6468 {
6469 	struct ath10k *ar = hw->priv;
6470 
6471 	mutex_lock(&ar->conf_mutex);
6472 	ath10k_scan_abort(ar);
6473 	mutex_unlock(&ar->conf_mutex);
6474 
6475 	cancel_delayed_work_sync(&ar->scan.timeout);
6476 }
6477 
6478 static void ath10k_set_key_h_def_keyidx(struct ath10k *ar,
6479 					struct ath10k_vif *arvif,
6480 					enum set_key_cmd cmd,
6481 					struct ieee80211_key_conf *key)
6482 {
6483 	u32 vdev_param = arvif->ar->wmi.vdev_param->def_keyid;
6484 	int ret;
6485 
6486 	/* 10.1 firmware branch requires default key index to be set to group
6487 	 * key index after installing it. Otherwise FW/HW Txes corrupted
6488 	 * frames with multi-vif APs. This is not required for main firmware
6489 	 * branch (e.g. 636).
6490 	 *
6491 	 * This is also needed for 636 fw for IBSS-RSN to work more reliably.
6492 	 *
6493 	 * FIXME: It remains unknown if this is required for multi-vif STA
6494 	 * interfaces on 10.1.
6495 	 */
6496 
6497 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
6498 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
6499 		return;
6500 
6501 	if (key->cipher == WLAN_CIPHER_SUITE_WEP40)
6502 		return;
6503 
6504 	if (key->cipher == WLAN_CIPHER_SUITE_WEP104)
6505 		return;
6506 
6507 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6508 		return;
6509 
6510 	if (cmd != SET_KEY)
6511 		return;
6512 
6513 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6514 					key->keyidx);
6515 	if (ret)
6516 		ath10k_warn(ar, "failed to set vdev %i group key as default key: %d\n",
6517 			    arvif->vdev_id, ret);
6518 }
6519 
6520 static int ath10k_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
6521 			  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
6522 			  struct ieee80211_key_conf *key)
6523 {
6524 	struct ath10k *ar = hw->priv;
6525 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6526 	struct ath10k_sta *arsta;
6527 	struct ath10k_peer *peer;
6528 	const u8 *peer_addr;
6529 	bool is_wep = key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
6530 		      key->cipher == WLAN_CIPHER_SUITE_WEP104;
6531 	int ret = 0;
6532 	int ret2;
6533 	u32 flags = 0;
6534 	u32 flags2;
6535 
6536 	/* this one needs to be done in software */
6537 	if (key->cipher == WLAN_CIPHER_SUITE_AES_CMAC ||
6538 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 ||
6539 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256 ||
6540 	    key->cipher == WLAN_CIPHER_SUITE_BIP_CMAC_256)
6541 		return 1;
6542 
6543 	if (arvif->nohwcrypt)
6544 		return 1;
6545 
6546 	if (key->keyidx > WMI_MAX_KEY_INDEX)
6547 		return -ENOSPC;
6548 
6549 	mutex_lock(&ar->conf_mutex);
6550 
6551 	if (sta) {
6552 		arsta = (struct ath10k_sta *)sta->drv_priv;
6553 		peer_addr = sta->addr;
6554 		spin_lock_bh(&ar->data_lock);
6555 		arsta->ucast_cipher = key->cipher;
6556 		spin_unlock_bh(&ar->data_lock);
6557 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
6558 		peer_addr = vif->bss_conf.bssid;
6559 	} else {
6560 		peer_addr = vif->addr;
6561 	}
6562 
6563 	key->hw_key_idx = key->keyidx;
6564 
6565 	if (is_wep) {
6566 		if (cmd == SET_KEY)
6567 			arvif->wep_keys[key->keyidx] = key;
6568 		else
6569 			arvif->wep_keys[key->keyidx] = NULL;
6570 	}
6571 
6572 	/* the peer should not disappear in mid-way (unless FW goes awry) since
6573 	 * we already hold conf_mutex. we just make sure its there now.
6574 	 */
6575 	spin_lock_bh(&ar->data_lock);
6576 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6577 	spin_unlock_bh(&ar->data_lock);
6578 
6579 	if (!peer) {
6580 		if (cmd == SET_KEY) {
6581 			ath10k_warn(ar, "failed to install key for non-existent peer %pM\n",
6582 				    peer_addr);
6583 			ret = -EOPNOTSUPP;
6584 			goto exit;
6585 		} else {
6586 			/* if the peer doesn't exist there is no key to disable anymore */
6587 			goto exit;
6588 		}
6589 	}
6590 
6591 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6592 		flags |= WMI_KEY_PAIRWISE;
6593 	else
6594 		flags |= WMI_KEY_GROUP;
6595 
6596 	if (is_wep) {
6597 		if (cmd == DISABLE_KEY)
6598 			ath10k_clear_vdev_key(arvif, key);
6599 
6600 		/* When WEP keys are uploaded it's possible that there are
6601 		 * stations associated already (e.g. when merging) without any
6602 		 * keys. Static WEP needs an explicit per-peer key upload.
6603 		 */
6604 		if (vif->type == NL80211_IFTYPE_ADHOC &&
6605 		    cmd == SET_KEY)
6606 			ath10k_mac_vif_update_wep_key(arvif, key);
6607 
6608 		/* 802.1x never sets the def_wep_key_idx so each set_key()
6609 		 * call changes default tx key.
6610 		 *
6611 		 * Static WEP sets def_wep_key_idx via .set_default_unicast_key
6612 		 * after first set_key().
6613 		 */
6614 		if (cmd == SET_KEY && arvif->def_wep_key_idx == -1)
6615 			flags |= WMI_KEY_TX_USAGE;
6616 	}
6617 
6618 	ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags);
6619 	if (ret) {
6620 		WARN_ON(ret > 0);
6621 		ath10k_warn(ar, "failed to install key for vdev %i peer %pM: %d\n",
6622 			    arvif->vdev_id, peer_addr, ret);
6623 		goto exit;
6624 	}
6625 
6626 	/* mac80211 sets static WEP keys as groupwise while firmware requires
6627 	 * them to be installed twice as both pairwise and groupwise.
6628 	 */
6629 	if (is_wep && !sta && vif->type == NL80211_IFTYPE_STATION) {
6630 		flags2 = flags;
6631 		flags2 &= ~WMI_KEY_GROUP;
6632 		flags2 |= WMI_KEY_PAIRWISE;
6633 
6634 		ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags2);
6635 		if (ret) {
6636 			WARN_ON(ret > 0);
6637 			ath10k_warn(ar, "failed to install (ucast) key for vdev %i peer %pM: %d\n",
6638 				    arvif->vdev_id, peer_addr, ret);
6639 			ret2 = ath10k_install_key(arvif, key, DISABLE_KEY,
6640 						  peer_addr, flags);
6641 			if (ret2) {
6642 				WARN_ON(ret2 > 0);
6643 				ath10k_warn(ar, "failed to disable (mcast) key for vdev %i peer %pM: %d\n",
6644 					    arvif->vdev_id, peer_addr, ret2);
6645 			}
6646 			goto exit;
6647 		}
6648 	}
6649 
6650 	ath10k_set_key_h_def_keyidx(ar, arvif, cmd, key);
6651 
6652 	spin_lock_bh(&ar->data_lock);
6653 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6654 	if (peer && cmd == SET_KEY)
6655 		peer->keys[key->keyidx] = key;
6656 	else if (peer && cmd == DISABLE_KEY)
6657 		peer->keys[key->keyidx] = NULL;
6658 	else if (peer == NULL)
6659 		/* impossible unless FW goes crazy */
6660 		ath10k_warn(ar, "Peer %pM disappeared!\n", peer_addr);
6661 	spin_unlock_bh(&ar->data_lock);
6662 
6663 	if (sta && sta->tdls)
6664 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6665 					  ar->wmi.peer_param->authorize, 1);
6666 	else if (sta && cmd == SET_KEY && (key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
6667 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, peer_addr,
6668 					  ar->wmi.peer_param->authorize, 1);
6669 
6670 exit:
6671 	mutex_unlock(&ar->conf_mutex);
6672 	return ret;
6673 }
6674 
6675 static void ath10k_set_default_unicast_key(struct ieee80211_hw *hw,
6676 					   struct ieee80211_vif *vif,
6677 					   int keyidx)
6678 {
6679 	struct ath10k *ar = hw->priv;
6680 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6681 	int ret;
6682 
6683 	mutex_lock(&arvif->ar->conf_mutex);
6684 
6685 	if (arvif->ar->state != ATH10K_STATE_ON)
6686 		goto unlock;
6687 
6688 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d set keyidx %d\n",
6689 		   arvif->vdev_id, keyidx);
6690 
6691 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
6692 					arvif->vdev_id,
6693 					arvif->ar->wmi.vdev_param->def_keyid,
6694 					keyidx);
6695 
6696 	if (ret) {
6697 		ath10k_warn(ar, "failed to update wep key index for vdev %d: %d\n",
6698 			    arvif->vdev_id,
6699 			    ret);
6700 		goto unlock;
6701 	}
6702 
6703 	arvif->def_wep_key_idx = keyidx;
6704 
6705 unlock:
6706 	mutex_unlock(&arvif->ar->conf_mutex);
6707 }
6708 
6709 static void ath10k_sta_rc_update_wk(struct work_struct *wk)
6710 {
6711 	struct ath10k *ar;
6712 	struct ath10k_vif *arvif;
6713 	struct ath10k_sta *arsta;
6714 	struct ieee80211_sta *sta;
6715 	struct cfg80211_chan_def def;
6716 	enum nl80211_band band;
6717 	const u8 *ht_mcs_mask;
6718 	const u16 *vht_mcs_mask;
6719 	u32 changed, bw, nss, smps;
6720 	int err;
6721 
6722 	arsta = container_of(wk, struct ath10k_sta, update_wk);
6723 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
6724 	arvif = arsta->arvif;
6725 	ar = arvif->ar;
6726 
6727 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
6728 		return;
6729 
6730 	band = def.chan->band;
6731 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
6732 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
6733 
6734 	spin_lock_bh(&ar->data_lock);
6735 
6736 	changed = arsta->changed;
6737 	arsta->changed = 0;
6738 
6739 	bw = arsta->bw;
6740 	nss = arsta->nss;
6741 	smps = arsta->smps;
6742 
6743 	spin_unlock_bh(&ar->data_lock);
6744 
6745 	mutex_lock(&ar->conf_mutex);
6746 
6747 	nss = max_t(u32, 1, nss);
6748 	nss = min(nss, max(ath10k_mac_max_ht_nss(ht_mcs_mask),
6749 			   ath10k_mac_max_vht_nss(vht_mcs_mask)));
6750 
6751 	if (changed & IEEE80211_RC_BW_CHANGED) {
6752 		enum wmi_phy_mode mode;
6753 
6754 		mode = chan_to_phymode(&def);
6755 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM peer bw %d phymode %d\n",
6756 			   sta->addr, bw, mode);
6757 
6758 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6759 						ar->wmi.peer_param->phymode, mode);
6760 		if (err) {
6761 			ath10k_warn(ar, "failed to update STA %pM peer phymode %d: %d\n",
6762 				    sta->addr, mode, err);
6763 			goto exit;
6764 		}
6765 
6766 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6767 						ar->wmi.peer_param->chan_width, bw);
6768 		if (err)
6769 			ath10k_warn(ar, "failed to update STA %pM peer bw %d: %d\n",
6770 				    sta->addr, bw, err);
6771 	}
6772 
6773 	if (changed & IEEE80211_RC_NSS_CHANGED) {
6774 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM nss %d\n",
6775 			   sta->addr, nss);
6776 
6777 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6778 						ar->wmi.peer_param->nss, nss);
6779 		if (err)
6780 			ath10k_warn(ar, "failed to update STA %pM nss %d: %d\n",
6781 				    sta->addr, nss, err);
6782 	}
6783 
6784 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
6785 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM smps %d\n",
6786 			   sta->addr, smps);
6787 
6788 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6789 						ar->wmi.peer_param->smps_state, smps);
6790 		if (err)
6791 			ath10k_warn(ar, "failed to update STA %pM smps %d: %d\n",
6792 				    sta->addr, smps, err);
6793 	}
6794 
6795 	if (changed & IEEE80211_RC_SUPP_RATES_CHANGED) {
6796 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM supp rates\n",
6797 			   sta->addr);
6798 
6799 		err = ath10k_station_assoc(ar, arvif->vif, sta, true);
6800 		if (err)
6801 			ath10k_warn(ar, "failed to reassociate station: %pM\n",
6802 				    sta->addr);
6803 	}
6804 
6805 exit:
6806 	mutex_unlock(&ar->conf_mutex);
6807 }
6808 
6809 static int ath10k_mac_inc_num_stations(struct ath10k_vif *arvif,
6810 				       struct ieee80211_sta *sta)
6811 {
6812 	struct ath10k *ar = arvif->ar;
6813 
6814 	lockdep_assert_held(&ar->conf_mutex);
6815 
6816 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6817 		return 0;
6818 
6819 	if (ar->num_stations >= ar->max_num_stations)
6820 		return -ENOBUFS;
6821 
6822 	ar->num_stations++;
6823 
6824 	return 0;
6825 }
6826 
6827 static void ath10k_mac_dec_num_stations(struct ath10k_vif *arvif,
6828 					struct ieee80211_sta *sta)
6829 {
6830 	struct ath10k *ar = arvif->ar;
6831 
6832 	lockdep_assert_held(&ar->conf_mutex);
6833 
6834 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6835 		return;
6836 
6837 	ar->num_stations--;
6838 }
6839 
6840 static int ath10k_sta_set_txpwr(struct ieee80211_hw *hw,
6841 				struct ieee80211_vif *vif,
6842 				struct ieee80211_sta *sta)
6843 {
6844 	struct ath10k *ar = hw->priv;
6845 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6846 	int ret = 0;
6847 	s16 txpwr;
6848 
6849 	if (sta->deflink.txpwr.type == NL80211_TX_POWER_AUTOMATIC) {
6850 		txpwr = 0;
6851 	} else {
6852 		txpwr = sta->deflink.txpwr.power;
6853 		if (!txpwr)
6854 			return -EINVAL;
6855 	}
6856 
6857 	if (txpwr > ATH10K_TX_POWER_MAX_VAL || txpwr < ATH10K_TX_POWER_MIN_VAL)
6858 		return -EINVAL;
6859 
6860 	mutex_lock(&ar->conf_mutex);
6861 
6862 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6863 					ar->wmi.peer_param->use_fixed_power, txpwr);
6864 	if (ret) {
6865 		ath10k_warn(ar, "failed to set tx power for station ret: %d\n",
6866 			    ret);
6867 		goto out;
6868 	}
6869 
6870 out:
6871 	mutex_unlock(&ar->conf_mutex);
6872 	return ret;
6873 }
6874 
6875 struct ath10k_mac_iter_tid_conf_data {
6876 	struct ieee80211_vif *curr_vif;
6877 	struct ath10k *ar;
6878 	bool reset_config;
6879 };
6880 
6881 static bool
6882 ath10k_mac_bitrate_mask_has_single_rate(struct ath10k *ar,
6883 					enum nl80211_band band,
6884 					const struct cfg80211_bitrate_mask *mask,
6885 					int *vht_num_rates)
6886 {
6887 	int num_rates = 0;
6888 	int i, tmp;
6889 
6890 	num_rates += hweight32(mask->control[band].legacy);
6891 
6892 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++)
6893 		num_rates += hweight8(mask->control[band].ht_mcs[i]);
6894 
6895 	*vht_num_rates = 0;
6896 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6897 		tmp = hweight16(mask->control[band].vht_mcs[i]);
6898 		num_rates += tmp;
6899 		*vht_num_rates += tmp;
6900 	}
6901 
6902 	return num_rates == 1;
6903 }
6904 
6905 static int
6906 ath10k_mac_bitrate_mask_get_single_rate(struct ath10k *ar,
6907 					enum nl80211_band band,
6908 					const struct cfg80211_bitrate_mask *mask,
6909 					u8 *rate, u8 *nss, bool vht_only)
6910 {
6911 	int rate_idx;
6912 	int i;
6913 	u16 bitrate;
6914 	u8 preamble;
6915 	u8 hw_rate;
6916 
6917 	if (vht_only)
6918 		goto next;
6919 
6920 	if (hweight32(mask->control[band].legacy) == 1) {
6921 		rate_idx = ffs(mask->control[band].legacy) - 1;
6922 
6923 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6924 			rate_idx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6925 
6926 		hw_rate = ath10k_wmi_legacy_rates[rate_idx].hw_value;
6927 		bitrate = ath10k_wmi_legacy_rates[rate_idx].bitrate;
6928 
6929 		if (ath10k_mac_bitrate_is_cck(bitrate))
6930 			preamble = WMI_RATE_PREAMBLE_CCK;
6931 		else
6932 			preamble = WMI_RATE_PREAMBLE_OFDM;
6933 
6934 		*nss = 1;
6935 		*rate = preamble << 6 |
6936 			(*nss - 1) << 4 |
6937 			hw_rate << 0;
6938 
6939 		return 0;
6940 	}
6941 
6942 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
6943 		if (hweight8(mask->control[band].ht_mcs[i]) == 1) {
6944 			*nss = i + 1;
6945 			*rate = WMI_RATE_PREAMBLE_HT << 6 |
6946 				(*nss - 1) << 4 |
6947 				(ffs(mask->control[band].ht_mcs[i]) - 1);
6948 
6949 			return 0;
6950 		}
6951 	}
6952 
6953 next:
6954 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6955 		if (hweight16(mask->control[band].vht_mcs[i]) == 1) {
6956 			*nss = i + 1;
6957 			*rate = WMI_RATE_PREAMBLE_VHT << 6 |
6958 				(*nss - 1) << 4 |
6959 				(ffs(mask->control[band].vht_mcs[i]) - 1);
6960 
6961 			return 0;
6962 		}
6963 	}
6964 
6965 	return -EINVAL;
6966 }
6967 
6968 static int ath10k_mac_validate_rate_mask(struct ath10k *ar,
6969 					 struct ieee80211_sta *sta,
6970 					 u32 rate_ctrl_flag, u8 nss)
6971 {
6972 	struct ieee80211_sta_ht_cap *ht_cap = &sta->deflink.ht_cap;
6973 	struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
6974 
6975 	if (nss > sta->deflink.rx_nss) {
6976 		ath10k_warn(ar, "Invalid nss field, configured %u limit %u\n",
6977 			    nss, sta->deflink.rx_nss);
6978 		return -EINVAL;
6979 	}
6980 
6981 	if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_VHT) {
6982 		if (!vht_cap->vht_supported) {
6983 			ath10k_warn(ar, "Invalid VHT rate for sta %pM\n",
6984 				    sta->addr);
6985 			return -EINVAL;
6986 		}
6987 	} else if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_HT) {
6988 		if (!ht_cap->ht_supported || vht_cap->vht_supported) {
6989 			ath10k_warn(ar, "Invalid HT rate for sta %pM\n",
6990 				    sta->addr);
6991 			return -EINVAL;
6992 		}
6993 	} else {
6994 		if (ht_cap->ht_supported || vht_cap->vht_supported)
6995 			return -EINVAL;
6996 	}
6997 
6998 	return 0;
6999 }
7000 
7001 static int
7002 ath10k_mac_tid_bitrate_config(struct ath10k *ar,
7003 			      struct ieee80211_vif *vif,
7004 			      struct ieee80211_sta *sta,
7005 			      u32 *rate_ctrl_flag, u8 *rate_ctrl,
7006 			      enum nl80211_tx_rate_setting txrate_type,
7007 			      const struct cfg80211_bitrate_mask *mask)
7008 {
7009 	struct cfg80211_chan_def def;
7010 	enum nl80211_band band;
7011 	u8 nss, rate;
7012 	int vht_num_rates, ret;
7013 
7014 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
7015 		return -EINVAL;
7016 
7017 	if (txrate_type == NL80211_TX_RATE_AUTOMATIC) {
7018 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7019 		*rate_ctrl_flag = 0;
7020 		return 0;
7021 	}
7022 
7023 	band = def.chan->band;
7024 
7025 	if (!ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
7026 						     &vht_num_rates)) {
7027 		return -EINVAL;
7028 	}
7029 
7030 	ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
7031 						      &rate, &nss, false);
7032 	if (ret) {
7033 		ath10k_warn(ar, "failed to get single rate: %d\n",
7034 			    ret);
7035 		return ret;
7036 	}
7037 
7038 	*rate_ctrl_flag = rate;
7039 
7040 	if (sta && ath10k_mac_validate_rate_mask(ar, sta, *rate_ctrl_flag, nss))
7041 		return -EINVAL;
7042 
7043 	if (txrate_type == NL80211_TX_RATE_FIXED)
7044 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_FIXED_RATE;
7045 	else if (txrate_type == NL80211_TX_RATE_LIMITED &&
7046 		 (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
7047 			   ar->wmi.svc_map)))
7048 		*rate_ctrl = WMI_PEER_TID_CONFIG_RATE_UPPER_CAP;
7049 	else
7050 		return -EOPNOTSUPP;
7051 
7052 	return 0;
7053 }
7054 
7055 static int ath10k_mac_set_tid_config(struct ath10k *ar, struct ieee80211_sta *sta,
7056 				     struct ieee80211_vif *vif, u32 changed,
7057 				     struct wmi_per_peer_per_tid_cfg_arg *arg)
7058 {
7059 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7060 	struct ath10k_sta *arsta;
7061 	int ret;
7062 
7063 	if (sta) {
7064 		if (!sta->wme)
7065 			return -ENOTSUPP;
7066 
7067 		arsta = (struct ath10k_sta *)sta->drv_priv;
7068 
7069 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7070 			if ((arsta->retry_long[arg->tid] > 0 ||
7071 			     arsta->rate_code[arg->tid] > 0 ||
7072 			     arsta->ampdu[arg->tid] ==
7073 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7074 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7075 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7076 				arg->ack_policy = 0;
7077 				arg->aggr_control = 0;
7078 				arg->rate_ctrl = 0;
7079 				arg->rcode_flags = 0;
7080 			}
7081 		}
7082 
7083 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7084 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7085 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7086 				arg->aggr_control = 0;
7087 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7088 			}
7089 		}
7090 
7091 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7092 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7093 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7094 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7095 				arg->rate_ctrl = 0;
7096 				arg->rcode_flags = 0;
7097 			}
7098 		}
7099 
7100 		ether_addr_copy(arg->peer_macaddr.addr, sta->addr);
7101 
7102 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, arg);
7103 		if (ret)
7104 			return ret;
7105 
7106 		/* Store the configured parameters in success case */
7107 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7108 			arsta->noack[arg->tid] = arg->ack_policy;
7109 			arg->ack_policy = 0;
7110 			arg->aggr_control = 0;
7111 			arg->rate_ctrl = 0;
7112 			arg->rcode_flags = 0;
7113 		}
7114 
7115 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7116 			arsta->retry_long[arg->tid] = arg->retry_count;
7117 			arg->retry_count = 0;
7118 		}
7119 
7120 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7121 			arsta->ampdu[arg->tid] = arg->aggr_control;
7122 			arg->aggr_control = 0;
7123 		}
7124 
7125 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7126 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7127 			arsta->rate_ctrl[arg->tid] = arg->rate_ctrl;
7128 			arg->rate_ctrl = 0;
7129 			arg->rcode_flags = 0;
7130 		}
7131 
7132 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7133 			arsta->rtscts[arg->tid] = arg->rtscts_ctrl;
7134 			arg->ext_tid_cfg_bitmap = 0;
7135 		}
7136 	} else {
7137 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7138 			if ((arvif->retry_long[arg->tid] ||
7139 			     arvif->rate_code[arg->tid] ||
7140 			     arvif->ampdu[arg->tid] ==
7141 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7142 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7143 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7144 			} else {
7145 				arvif->noack[arg->tid] = arg->ack_policy;
7146 				arvif->ampdu[arg->tid] = arg->aggr_control;
7147 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7148 			}
7149 		}
7150 
7151 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7152 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7153 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7154 			else
7155 				arvif->retry_long[arg->tid] = arg->retry_count;
7156 		}
7157 
7158 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7159 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7160 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
7161 			else
7162 				arvif->ampdu[arg->tid] = arg->aggr_control;
7163 		}
7164 
7165 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7166 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7167 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7168 				changed &= ~(BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7169 					     BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE));
7170 			} else {
7171 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7172 				arvif->rate_code[arg->tid] = arg->rcode_flags;
7173 			}
7174 		}
7175 
7176 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7177 			arvif->rtscts[arg->tid] = arg->rtscts_ctrl;
7178 			arg->ext_tid_cfg_bitmap = 0;
7179 		}
7180 
7181 		if (changed)
7182 			arvif->tid_conf_changed[arg->tid] |= changed;
7183 	}
7184 
7185 	return 0;
7186 }
7187 
7188 static int
7189 ath10k_mac_parse_tid_config(struct ath10k *ar,
7190 			    struct ieee80211_sta *sta,
7191 			    struct ieee80211_vif *vif,
7192 			    struct cfg80211_tid_cfg *tid_conf,
7193 			    struct wmi_per_peer_per_tid_cfg_arg *arg)
7194 {
7195 	u32 changed = tid_conf->mask;
7196 	int ret = 0, i = 0;
7197 
7198 	if (!changed)
7199 		return -EINVAL;
7200 
7201 	while (i < ATH10K_TID_MAX) {
7202 		if (!(tid_conf->tids & BIT(i))) {
7203 			i++;
7204 			continue;
7205 		}
7206 
7207 		arg->tid = i;
7208 
7209 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7210 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE) {
7211 				arg->ack_policy = WMI_PEER_TID_CONFIG_NOACK;
7212 				arg->rate_ctrl =
7213 				WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
7214 				arg->aggr_control =
7215 					WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7216 			} else {
7217 				arg->ack_policy =
7218 					WMI_PEER_TID_CONFIG_ACK;
7219 				arg->rate_ctrl =
7220 					WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7221 				arg->aggr_control =
7222 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7223 			}
7224 		}
7225 
7226 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG))
7227 			arg->retry_count = tid_conf->retry_long;
7228 
7229 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7230 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE)
7231 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7232 			else
7233 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7234 		}
7235 
7236 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7237 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7238 			ret = ath10k_mac_tid_bitrate_config(ar, vif, sta,
7239 							    &arg->rcode_flags,
7240 							    &arg->rate_ctrl,
7241 							    tid_conf->txrate_type,
7242 							&tid_conf->txrate_mask);
7243 			if (ret) {
7244 				ath10k_warn(ar, "failed to configure bitrate mask %d\n",
7245 					    ret);
7246 				arg->rcode_flags = 0;
7247 				arg->rate_ctrl = 0;
7248 			}
7249 		}
7250 
7251 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7252 			if (tid_conf->rtscts)
7253 				arg->rtscts_ctrl = tid_conf->rtscts;
7254 
7255 			arg->ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7256 		}
7257 
7258 		ret = ath10k_mac_set_tid_config(ar, sta, vif, changed, arg);
7259 		if (ret)
7260 			return ret;
7261 		i++;
7262 	}
7263 
7264 	return ret;
7265 }
7266 
7267 static int ath10k_mac_reset_tid_config(struct ath10k *ar,
7268 				       struct ieee80211_sta *sta,
7269 				       struct ath10k_vif *arvif,
7270 				       u8 tids)
7271 {
7272 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7273 	struct wmi_per_peer_per_tid_cfg_arg arg;
7274 	int ret = 0, i = 0;
7275 
7276 	arg.vdev_id = arvif->vdev_id;
7277 	while (i < ATH10K_TID_MAX) {
7278 		if (!(tids & BIT(i))) {
7279 			i++;
7280 			continue;
7281 		}
7282 
7283 		arg.tid = i;
7284 		arg.ack_policy = WMI_PEER_TID_CONFIG_ACK;
7285 		arg.retry_count = ATH10K_MAX_RETRY_COUNT;
7286 		arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7287 		arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7288 		arg.rtscts_ctrl = WMI_TID_CONFIG_RTSCTS_CONTROL_ENABLE;
7289 		arg.ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7290 
7291 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7292 
7293 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7294 		if (ret)
7295 			return ret;
7296 
7297 		if (!arvif->tids_rst) {
7298 			arsta->retry_long[i] = -1;
7299 			arsta->noack[i] = -1;
7300 			arsta->ampdu[i] = -1;
7301 			arsta->rate_code[i] = -1;
7302 			arsta->rate_ctrl[i] = 0;
7303 			arsta->rtscts[i] = -1;
7304 		} else {
7305 			arvif->retry_long[i] = 0;
7306 			arvif->noack[i] = 0;
7307 			arvif->ampdu[i] = 0;
7308 			arvif->rate_code[i] = 0;
7309 			arvif->rate_ctrl[i] = 0;
7310 			arvif->rtscts[i] = 0;
7311 		}
7312 
7313 		i++;
7314 	}
7315 
7316 	return ret;
7317 }
7318 
7319 static void ath10k_sta_tid_cfg_wk(struct work_struct *wk)
7320 {
7321 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
7322 	struct ieee80211_sta *sta;
7323 	struct ath10k_sta *arsta;
7324 	struct ath10k_vif *arvif;
7325 	struct ath10k *ar;
7326 	bool config_apply;
7327 	int ret, i;
7328 	u32 changed;
7329 	u8 nss;
7330 
7331 	arsta = container_of(wk, struct ath10k_sta, tid_config_wk);
7332 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
7333 	arvif = arsta->arvif;
7334 	ar = arvif->ar;
7335 
7336 	mutex_lock(&ar->conf_mutex);
7337 
7338 	if (arvif->tids_rst) {
7339 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif,
7340 						  arvif->tids_rst);
7341 		goto exit;
7342 	}
7343 
7344 	ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7345 
7346 	for (i = 0; i < ATH10K_TID_MAX; i++) {
7347 		config_apply = false;
7348 		changed = arvif->tid_conf_changed[i];
7349 
7350 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7351 			if (arsta->noack[i] != -1) {
7352 				arg.ack_policy  = 0;
7353 			} else {
7354 				config_apply = true;
7355 				arg.ack_policy = arvif->noack[i];
7356 				arg.aggr_control = arvif->ampdu[i];
7357 				arg.rate_ctrl = arvif->rate_ctrl[i];
7358 			}
7359 		}
7360 
7361 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7362 			if (arsta->retry_long[i] != -1 ||
7363 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7364 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7365 				arg.retry_count = 0;
7366 			} else {
7367 				arg.retry_count = arvif->retry_long[i];
7368 				config_apply = true;
7369 			}
7370 		}
7371 
7372 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7373 			if (arsta->ampdu[i] != -1 ||
7374 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7375 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7376 				arg.aggr_control = 0;
7377 			} else {
7378 				arg.aggr_control = arvif->ampdu[i];
7379 				config_apply = true;
7380 			}
7381 		}
7382 
7383 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7384 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7385 			nss = ATH10K_HW_NSS(arvif->rate_code[i]);
7386 			ret = ath10k_mac_validate_rate_mask(ar, sta,
7387 							    arvif->rate_code[i],
7388 							    nss);
7389 			if (ret &&
7390 			    arvif->rate_ctrl[i] > WMI_TID_CONFIG_RATE_CONTROL_AUTO) {
7391 				arg.rate_ctrl = 0;
7392 				arg.rcode_flags = 0;
7393 			}
7394 
7395 			if (arsta->rate_ctrl[i] >
7396 			    WMI_TID_CONFIG_RATE_CONTROL_AUTO ||
7397 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7398 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7399 				arg.rate_ctrl = 0;
7400 				arg.rcode_flags = 0;
7401 			} else {
7402 				arg.rate_ctrl = arvif->rate_ctrl[i];
7403 				arg.rcode_flags = arvif->rate_code[i];
7404 				config_apply = true;
7405 			}
7406 		}
7407 
7408 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7409 			if (arsta->rtscts[i]) {
7410 				arg.rtscts_ctrl = 0;
7411 				arg.ext_tid_cfg_bitmap = 0;
7412 			} else {
7413 				arg.rtscts_ctrl = arvif->rtscts[i] - 1;
7414 				arg.ext_tid_cfg_bitmap =
7415 					WMI_EXT_TID_RTS_CTS_CONFIG;
7416 				config_apply = true;
7417 			}
7418 		}
7419 
7420 		arg.tid = i;
7421 
7422 		if (config_apply) {
7423 			ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7424 			if (ret)
7425 				ath10k_warn(ar, "failed to set per tid config for sta %pM: %d\n",
7426 					    sta->addr, ret);
7427 		}
7428 
7429 		arg.ack_policy  = 0;
7430 		arg.retry_count  = 0;
7431 		arg.aggr_control  = 0;
7432 		arg.rate_ctrl = 0;
7433 		arg.rcode_flags = 0;
7434 	}
7435 
7436 exit:
7437 	mutex_unlock(&ar->conf_mutex);
7438 }
7439 
7440 static void ath10k_mac_vif_stations_tid_conf(void *data,
7441 					     struct ieee80211_sta *sta)
7442 {
7443 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7444 	struct ath10k_mac_iter_tid_conf_data *iter_data = data;
7445 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
7446 
7447 	if (sta_vif != iter_data->curr_vif || !sta->wme)
7448 		return;
7449 
7450 	ieee80211_queue_work(iter_data->ar->hw, &arsta->tid_config_wk);
7451 }
7452 
7453 static int ath10k_sta_state(struct ieee80211_hw *hw,
7454 			    struct ieee80211_vif *vif,
7455 			    struct ieee80211_sta *sta,
7456 			    enum ieee80211_sta_state old_state,
7457 			    enum ieee80211_sta_state new_state)
7458 {
7459 	struct ath10k *ar = hw->priv;
7460 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7461 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7462 	struct ath10k_peer *peer;
7463 	int ret = 0;
7464 	int i;
7465 
7466 	if (old_state == IEEE80211_STA_NOTEXIST &&
7467 	    new_state == IEEE80211_STA_NONE) {
7468 		memset(arsta, 0, sizeof(*arsta));
7469 		arsta->arvif = arvif;
7470 		arsta->peer_ps_state = WMI_PEER_PS_STATE_DISABLED;
7471 		INIT_WORK(&arsta->update_wk, ath10k_sta_rc_update_wk);
7472 		INIT_WORK(&arsta->tid_config_wk, ath10k_sta_tid_cfg_wk);
7473 
7474 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7475 			ath10k_mac_txq_init(sta->txq[i]);
7476 	}
7477 
7478 	/* cancel must be done outside the mutex to avoid deadlock */
7479 	if ((old_state == IEEE80211_STA_NONE &&
7480 	     new_state == IEEE80211_STA_NOTEXIST)) {
7481 		cancel_work_sync(&arsta->update_wk);
7482 		cancel_work_sync(&arsta->tid_config_wk);
7483 	}
7484 
7485 	mutex_lock(&ar->conf_mutex);
7486 
7487 	if (old_state == IEEE80211_STA_NOTEXIST &&
7488 	    new_state == IEEE80211_STA_NONE) {
7489 		/*
7490 		 * New station addition.
7491 		 */
7492 		enum wmi_peer_type peer_type = WMI_PEER_TYPE_DEFAULT;
7493 		u32 num_tdls_stations;
7494 
7495 		ath10k_dbg(ar, ATH10K_DBG_STA,
7496 			   "mac vdev %d peer create %pM (new sta) sta %d / %d peer %d / %d\n",
7497 			   arvif->vdev_id, sta->addr,
7498 			   ar->num_stations + 1, ar->max_num_stations,
7499 			   ar->num_peers + 1, ar->max_num_peers);
7500 
7501 		num_tdls_stations = ath10k_mac_tdls_vif_stations_count(hw, vif);
7502 
7503 		if (sta->tdls) {
7504 			if (num_tdls_stations >= ar->max_num_tdls_vdevs) {
7505 				ath10k_warn(ar, "vdev %i exceeded maximum number of tdls vdevs %i\n",
7506 					    arvif->vdev_id,
7507 					    ar->max_num_tdls_vdevs);
7508 				ret = -ELNRNG;
7509 				goto exit;
7510 			}
7511 			peer_type = WMI_PEER_TYPE_TDLS;
7512 		}
7513 
7514 		ret = ath10k_mac_inc_num_stations(arvif, sta);
7515 		if (ret) {
7516 			ath10k_warn(ar, "refusing to associate station: too many connected already (%d)\n",
7517 				    ar->max_num_stations);
7518 			goto exit;
7519 		}
7520 
7521 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7522 			arsta->tx_stats = kzalloc(sizeof(*arsta->tx_stats),
7523 						  GFP_KERNEL);
7524 			if (!arsta->tx_stats) {
7525 				ath10k_mac_dec_num_stations(arvif, sta);
7526 				ret = -ENOMEM;
7527 				goto exit;
7528 			}
7529 		}
7530 
7531 		ret = ath10k_peer_create(ar, vif, sta, arvif->vdev_id,
7532 					 sta->addr, peer_type);
7533 		if (ret) {
7534 			ath10k_warn(ar, "failed to add peer %pM for vdev %d when adding a new sta: %i\n",
7535 				    sta->addr, arvif->vdev_id, ret);
7536 			ath10k_mac_dec_num_stations(arvif, sta);
7537 			kfree(arsta->tx_stats);
7538 			goto exit;
7539 		}
7540 
7541 		spin_lock_bh(&ar->data_lock);
7542 
7543 		peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
7544 		if (!peer) {
7545 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
7546 				    vif->addr, arvif->vdev_id);
7547 			spin_unlock_bh(&ar->data_lock);
7548 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7549 			ath10k_mac_dec_num_stations(arvif, sta);
7550 			kfree(arsta->tx_stats);
7551 			ret = -ENOENT;
7552 			goto exit;
7553 		}
7554 
7555 		arsta->peer_id = find_first_bit(peer->peer_ids,
7556 						ATH10K_MAX_NUM_PEER_IDS);
7557 
7558 		spin_unlock_bh(&ar->data_lock);
7559 
7560 		if (!sta->tdls)
7561 			goto exit;
7562 
7563 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7564 						      WMI_TDLS_ENABLE_ACTIVE);
7565 		if (ret) {
7566 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7567 				    arvif->vdev_id, ret);
7568 			ath10k_peer_delete(ar, arvif->vdev_id,
7569 					   sta->addr);
7570 			ath10k_mac_dec_num_stations(arvif, sta);
7571 			kfree(arsta->tx_stats);
7572 			goto exit;
7573 		}
7574 
7575 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7576 						  WMI_TDLS_PEER_STATE_PEERING);
7577 		if (ret) {
7578 			ath10k_warn(ar,
7579 				    "failed to update tdls peer %pM for vdev %d when adding a new sta: %i\n",
7580 				    sta->addr, arvif->vdev_id, ret);
7581 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7582 			ath10k_mac_dec_num_stations(arvif, sta);
7583 			kfree(arsta->tx_stats);
7584 
7585 			if (num_tdls_stations != 0)
7586 				goto exit;
7587 			ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7588 							WMI_TDLS_DISABLE);
7589 		}
7590 	} else if ((old_state == IEEE80211_STA_NONE &&
7591 		    new_state == IEEE80211_STA_NOTEXIST)) {
7592 		/*
7593 		 * Existing station deletion.
7594 		 */
7595 		ath10k_dbg(ar, ATH10K_DBG_STA,
7596 			   "mac vdev %d peer delete %pM sta %pK (sta gone)\n",
7597 			   arvif->vdev_id, sta->addr, sta);
7598 
7599 		if (sta->tdls) {
7600 			ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id,
7601 							  sta,
7602 							  WMI_TDLS_PEER_STATE_TEARDOWN);
7603 			if (ret)
7604 				ath10k_warn(ar, "failed to update tdls peer state for %pM state %d: %i\n",
7605 					    sta->addr,
7606 					    WMI_TDLS_PEER_STATE_TEARDOWN, ret);
7607 		}
7608 
7609 		ret = ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7610 		if (ret)
7611 			ath10k_warn(ar, "failed to delete peer %pM for vdev %d: %i\n",
7612 				    sta->addr, arvif->vdev_id, ret);
7613 
7614 		ath10k_mac_dec_num_stations(arvif, sta);
7615 
7616 		spin_lock_bh(&ar->data_lock);
7617 		for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
7618 			peer = ar->peer_map[i];
7619 			if (!peer)
7620 				continue;
7621 
7622 			if (peer->sta == sta) {
7623 				ath10k_warn(ar, "found sta peer %pM (ptr %pK id %d) entry on vdev %i after it was supposedly removed\n",
7624 					    sta->addr, peer, i, arvif->vdev_id);
7625 				peer->sta = NULL;
7626 
7627 				/* Clean up the peer object as well since we
7628 				 * must have failed to do this above.
7629 				 */
7630 				ath10k_peer_map_cleanup(ar, peer);
7631 			}
7632 		}
7633 		spin_unlock_bh(&ar->data_lock);
7634 
7635 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7636 			kfree(arsta->tx_stats);
7637 			arsta->tx_stats = NULL;
7638 		}
7639 
7640 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7641 			ath10k_mac_txq_unref(ar, sta->txq[i]);
7642 
7643 		if (!sta->tdls)
7644 			goto exit;
7645 
7646 		if (ath10k_mac_tdls_vif_stations_count(hw, vif))
7647 			goto exit;
7648 
7649 		/* This was the last tdls peer in current vif */
7650 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7651 						      WMI_TDLS_DISABLE);
7652 		if (ret) {
7653 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7654 				    arvif->vdev_id, ret);
7655 		}
7656 	} else if (old_state == IEEE80211_STA_AUTH &&
7657 		   new_state == IEEE80211_STA_ASSOC &&
7658 		   (vif->type == NL80211_IFTYPE_AP ||
7659 		    vif->type == NL80211_IFTYPE_MESH_POINT ||
7660 		    vif->type == NL80211_IFTYPE_ADHOC)) {
7661 		/*
7662 		 * New association.
7663 		 */
7664 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM associated\n",
7665 			   sta->addr);
7666 
7667 		ret = ath10k_station_assoc(ar, vif, sta, false);
7668 		if (ret)
7669 			ath10k_warn(ar, "failed to associate station %pM for vdev %i: %i\n",
7670 				    sta->addr, arvif->vdev_id, ret);
7671 	} else if (old_state == IEEE80211_STA_ASSOC &&
7672 		   new_state == IEEE80211_STA_AUTHORIZED &&
7673 		   sta->tdls) {
7674 		/*
7675 		 * Tdls station authorized.
7676 		 */
7677 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac tdls sta %pM authorized\n",
7678 			   sta->addr);
7679 
7680 		ret = ath10k_station_assoc(ar, vif, sta, false);
7681 		if (ret) {
7682 			ath10k_warn(ar, "failed to associate tdls station %pM for vdev %i: %i\n",
7683 				    sta->addr, arvif->vdev_id, ret);
7684 			goto exit;
7685 		}
7686 
7687 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7688 						  WMI_TDLS_PEER_STATE_CONNECTED);
7689 		if (ret)
7690 			ath10k_warn(ar, "failed to update tdls peer %pM for vdev %i: %i\n",
7691 				    sta->addr, arvif->vdev_id, ret);
7692 	} else if (old_state == IEEE80211_STA_ASSOC &&
7693 		    new_state == IEEE80211_STA_AUTH &&
7694 		    (vif->type == NL80211_IFTYPE_AP ||
7695 		     vif->type == NL80211_IFTYPE_MESH_POINT ||
7696 		     vif->type == NL80211_IFTYPE_ADHOC)) {
7697 		/*
7698 		 * Disassociation.
7699 		 */
7700 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM disassociated\n",
7701 			   sta->addr);
7702 
7703 		ret = ath10k_station_disassoc(ar, vif, sta);
7704 		if (ret)
7705 			ath10k_warn(ar, "failed to disassociate station: %pM vdev %i: %i\n",
7706 				    sta->addr, arvif->vdev_id, ret);
7707 	}
7708 exit:
7709 	mutex_unlock(&ar->conf_mutex);
7710 	return ret;
7711 }
7712 
7713 static int ath10k_conf_tx_uapsd(struct ath10k *ar, struct ieee80211_vif *vif,
7714 				u16 ac, bool enable)
7715 {
7716 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7717 	struct wmi_sta_uapsd_auto_trig_arg arg = {};
7718 	u32 prio = 0, acc = 0;
7719 	u32 value = 0;
7720 	int ret = 0;
7721 
7722 	lockdep_assert_held(&ar->conf_mutex);
7723 
7724 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
7725 		return 0;
7726 
7727 	switch (ac) {
7728 	case IEEE80211_AC_VO:
7729 		value = WMI_STA_PS_UAPSD_AC3_DELIVERY_EN |
7730 			WMI_STA_PS_UAPSD_AC3_TRIGGER_EN;
7731 		prio = 7;
7732 		acc = 3;
7733 		break;
7734 	case IEEE80211_AC_VI:
7735 		value = WMI_STA_PS_UAPSD_AC2_DELIVERY_EN |
7736 			WMI_STA_PS_UAPSD_AC2_TRIGGER_EN;
7737 		prio = 5;
7738 		acc = 2;
7739 		break;
7740 	case IEEE80211_AC_BE:
7741 		value = WMI_STA_PS_UAPSD_AC1_DELIVERY_EN |
7742 			WMI_STA_PS_UAPSD_AC1_TRIGGER_EN;
7743 		prio = 2;
7744 		acc = 1;
7745 		break;
7746 	case IEEE80211_AC_BK:
7747 		value = WMI_STA_PS_UAPSD_AC0_DELIVERY_EN |
7748 			WMI_STA_PS_UAPSD_AC0_TRIGGER_EN;
7749 		prio = 0;
7750 		acc = 0;
7751 		break;
7752 	}
7753 
7754 	if (enable)
7755 		arvif->u.sta.uapsd |= value;
7756 	else
7757 		arvif->u.sta.uapsd &= ~value;
7758 
7759 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7760 					  WMI_STA_PS_PARAM_UAPSD,
7761 					  arvif->u.sta.uapsd);
7762 	if (ret) {
7763 		ath10k_warn(ar, "failed to set uapsd params: %d\n", ret);
7764 		goto exit;
7765 	}
7766 
7767 	if (arvif->u.sta.uapsd)
7768 		value = WMI_STA_PS_RX_WAKE_POLICY_POLL_UAPSD;
7769 	else
7770 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
7771 
7772 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7773 					  WMI_STA_PS_PARAM_RX_WAKE_POLICY,
7774 					  value);
7775 	if (ret)
7776 		ath10k_warn(ar, "failed to set rx wake param: %d\n", ret);
7777 
7778 	ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
7779 	if (ret) {
7780 		ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
7781 			    arvif->vdev_id, ret);
7782 		return ret;
7783 	}
7784 
7785 	ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
7786 	if (ret) {
7787 		ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
7788 			    arvif->vdev_id, ret);
7789 		return ret;
7790 	}
7791 
7792 	if (test_bit(WMI_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG, ar->wmi.svc_map) ||
7793 	    test_bit(WMI_SERVICE_STA_UAPSD_VAR_AUTO_TRIG, ar->wmi.svc_map)) {
7794 		/* Only userspace can make an educated decision when to send
7795 		 * trigger frame. The following effectively disables u-UAPSD
7796 		 * autotrigger in firmware (which is enabled by default
7797 		 * provided the autotrigger service is available).
7798 		 */
7799 
7800 		arg.wmm_ac = acc;
7801 		arg.user_priority = prio;
7802 		arg.service_interval = 0;
7803 		arg.suspend_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7804 		arg.delay_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7805 
7806 		ret = ath10k_wmi_vdev_sta_uapsd(ar, arvif->vdev_id,
7807 						arvif->bssid, &arg, 1);
7808 		if (ret) {
7809 			ath10k_warn(ar, "failed to set uapsd auto trigger %d\n",
7810 				    ret);
7811 			return ret;
7812 		}
7813 	}
7814 
7815 exit:
7816 	return ret;
7817 }
7818 
7819 static int ath10k_conf_tx(struct ieee80211_hw *hw,
7820 			  struct ieee80211_vif *vif,
7821 			  unsigned int link_id, u16 ac,
7822 			  const struct ieee80211_tx_queue_params *params)
7823 {
7824 	struct ath10k *ar = hw->priv;
7825 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7826 	struct wmi_wmm_params_arg *p = NULL;
7827 	int ret;
7828 
7829 	mutex_lock(&ar->conf_mutex);
7830 
7831 	switch (ac) {
7832 	case IEEE80211_AC_VO:
7833 		p = &arvif->wmm_params.ac_vo;
7834 		break;
7835 	case IEEE80211_AC_VI:
7836 		p = &arvif->wmm_params.ac_vi;
7837 		break;
7838 	case IEEE80211_AC_BE:
7839 		p = &arvif->wmm_params.ac_be;
7840 		break;
7841 	case IEEE80211_AC_BK:
7842 		p = &arvif->wmm_params.ac_bk;
7843 		break;
7844 	}
7845 
7846 	if (WARN_ON(!p)) {
7847 		ret = -EINVAL;
7848 		goto exit;
7849 	}
7850 
7851 	p->cwmin = params->cw_min;
7852 	p->cwmax = params->cw_max;
7853 	p->aifs = params->aifs;
7854 
7855 	/*
7856 	 * The channel time duration programmed in the HW is in absolute
7857 	 * microseconds, while mac80211 gives the txop in units of
7858 	 * 32 microseconds.
7859 	 */
7860 	p->txop = params->txop * 32;
7861 
7862 	if (ar->wmi.ops->gen_vdev_wmm_conf) {
7863 		ret = ath10k_wmi_vdev_wmm_conf(ar, arvif->vdev_id,
7864 					       &arvif->wmm_params);
7865 		if (ret) {
7866 			ath10k_warn(ar, "failed to set vdev wmm params on vdev %i: %d\n",
7867 				    arvif->vdev_id, ret);
7868 			goto exit;
7869 		}
7870 	} else {
7871 		/* This won't work well with multi-interface cases but it's
7872 		 * better than nothing.
7873 		 */
7874 		ret = ath10k_wmi_pdev_set_wmm_params(ar, &arvif->wmm_params);
7875 		if (ret) {
7876 			ath10k_warn(ar, "failed to set wmm params: %d\n", ret);
7877 			goto exit;
7878 		}
7879 	}
7880 
7881 	ret = ath10k_conf_tx_uapsd(ar, vif, ac, params->uapsd);
7882 	if (ret)
7883 		ath10k_warn(ar, "failed to set sta uapsd: %d\n", ret);
7884 
7885 exit:
7886 	mutex_unlock(&ar->conf_mutex);
7887 	return ret;
7888 }
7889 
7890 static int ath10k_remain_on_channel(struct ieee80211_hw *hw,
7891 				    struct ieee80211_vif *vif,
7892 				    struct ieee80211_channel *chan,
7893 				    int duration,
7894 				    enum ieee80211_roc_type type)
7895 {
7896 	struct ath10k *ar = hw->priv;
7897 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7898 	struct wmi_start_scan_arg arg;
7899 	int ret = 0;
7900 	u32 scan_time_msec;
7901 
7902 	mutex_lock(&ar->conf_mutex);
7903 
7904 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
7905 		ret = -EBUSY;
7906 		goto exit;
7907 	}
7908 
7909 	spin_lock_bh(&ar->data_lock);
7910 	switch (ar->scan.state) {
7911 	case ATH10K_SCAN_IDLE:
7912 		reinit_completion(&ar->scan.started);
7913 		reinit_completion(&ar->scan.completed);
7914 		reinit_completion(&ar->scan.on_channel);
7915 		ar->scan.state = ATH10K_SCAN_STARTING;
7916 		ar->scan.is_roc = true;
7917 		ar->scan.vdev_id = arvif->vdev_id;
7918 		ar->scan.roc_freq = chan->center_freq;
7919 		ar->scan.roc_notify = true;
7920 		ret = 0;
7921 		break;
7922 	case ATH10K_SCAN_STARTING:
7923 	case ATH10K_SCAN_RUNNING:
7924 	case ATH10K_SCAN_ABORTING:
7925 		ret = -EBUSY;
7926 		break;
7927 	}
7928 	spin_unlock_bh(&ar->data_lock);
7929 
7930 	if (ret)
7931 		goto exit;
7932 
7933 	scan_time_msec = ar->hw->wiphy->max_remain_on_channel_duration * 2;
7934 
7935 	memset(&arg, 0, sizeof(arg));
7936 	ath10k_wmi_start_scan_init(ar, &arg);
7937 	arg.vdev_id = arvif->vdev_id;
7938 	arg.scan_id = ATH10K_SCAN_ID;
7939 	arg.n_channels = 1;
7940 	arg.channels[0] = chan->center_freq;
7941 	arg.dwell_time_active = scan_time_msec;
7942 	arg.dwell_time_passive = scan_time_msec;
7943 	arg.max_scan_time = scan_time_msec;
7944 	arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
7945 	arg.scan_ctrl_flags |= WMI_SCAN_FILTER_PROBE_REQ;
7946 	arg.burst_duration_ms = duration;
7947 
7948 	ret = ath10k_start_scan(ar, &arg);
7949 	if (ret) {
7950 		ath10k_warn(ar, "failed to start roc scan: %d\n", ret);
7951 		spin_lock_bh(&ar->data_lock);
7952 		ar->scan.state = ATH10K_SCAN_IDLE;
7953 		spin_unlock_bh(&ar->data_lock);
7954 		goto exit;
7955 	}
7956 
7957 	ret = wait_for_completion_timeout(&ar->scan.on_channel, 3 * HZ);
7958 	if (ret == 0) {
7959 		ath10k_warn(ar, "failed to switch to channel for roc scan\n");
7960 
7961 		ret = ath10k_scan_stop(ar);
7962 		if (ret)
7963 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
7964 
7965 		ret = -ETIMEDOUT;
7966 		goto exit;
7967 	}
7968 
7969 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
7970 				     msecs_to_jiffies(duration));
7971 
7972 	ret = 0;
7973 exit:
7974 	mutex_unlock(&ar->conf_mutex);
7975 	return ret;
7976 }
7977 
7978 static int ath10k_cancel_remain_on_channel(struct ieee80211_hw *hw,
7979 					   struct ieee80211_vif *vif)
7980 {
7981 	struct ath10k *ar = hw->priv;
7982 
7983 	mutex_lock(&ar->conf_mutex);
7984 
7985 	spin_lock_bh(&ar->data_lock);
7986 	ar->scan.roc_notify = false;
7987 	spin_unlock_bh(&ar->data_lock);
7988 
7989 	ath10k_scan_abort(ar);
7990 
7991 	mutex_unlock(&ar->conf_mutex);
7992 
7993 	cancel_delayed_work_sync(&ar->scan.timeout);
7994 
7995 	return 0;
7996 }
7997 
7998 /*
7999  * Both RTS and Fragmentation threshold are interface-specific
8000  * in ath10k, but device-specific in mac80211.
8001  */
8002 
8003 static int ath10k_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
8004 {
8005 	struct ath10k *ar = hw->priv;
8006 	struct ath10k_vif *arvif;
8007 	int ret = 0;
8008 
8009 	mutex_lock(&ar->conf_mutex);
8010 	list_for_each_entry(arvif, &ar->arvifs, list) {
8011 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d rts threshold %d\n",
8012 			   arvif->vdev_id, value);
8013 
8014 		ret = ath10k_mac_set_rts(arvif, value);
8015 		if (ret) {
8016 			ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
8017 				    arvif->vdev_id, ret);
8018 			break;
8019 		}
8020 	}
8021 	mutex_unlock(&ar->conf_mutex);
8022 
8023 	return ret;
8024 }
8025 
8026 static int ath10k_mac_op_set_frag_threshold(struct ieee80211_hw *hw, u32 value)
8027 {
8028 	/* Even though there's a WMI enum for fragmentation threshold no known
8029 	 * firmware actually implements it. Moreover it is not possible to rely
8030 	 * frame fragmentation to mac80211 because firmware clears the "more
8031 	 * fragments" bit in frame control making it impossible for remote
8032 	 * devices to reassemble frames.
8033 	 *
8034 	 * Hence implement a dummy callback just to say fragmentation isn't
8035 	 * supported. This effectively prevents mac80211 from doing frame
8036 	 * fragmentation in software.
8037 	 */
8038 	return -EOPNOTSUPP;
8039 }
8040 
8041 void ath10k_mac_wait_tx_complete(struct ath10k *ar)
8042 {
8043 	bool skip;
8044 	long time_left;
8045 
8046 	/* mac80211 doesn't care if we really xmit queued frames or not
8047 	 * we'll collect those frames either way if we stop/delete vdevs
8048 	 */
8049 
8050 	if (ar->state == ATH10K_STATE_WEDGED)
8051 		return;
8052 
8053 	time_left = wait_event_timeout(ar->htt.empty_tx_wq, ({
8054 			bool empty;
8055 
8056 			spin_lock_bh(&ar->htt.tx_lock);
8057 			empty = (ar->htt.num_pending_tx == 0);
8058 			spin_unlock_bh(&ar->htt.tx_lock);
8059 
8060 			skip = (ar->state == ATH10K_STATE_WEDGED) ||
8061 			       test_bit(ATH10K_FLAG_CRASH_FLUSH,
8062 					&ar->dev_flags);
8063 
8064 			(empty || skip);
8065 		}), ATH10K_FLUSH_TIMEOUT_HZ);
8066 
8067 	if (time_left == 0 || skip)
8068 		ath10k_warn(ar, "failed to flush transmit queue (skip %i ar-state %i): %ld\n",
8069 			    skip, ar->state, time_left);
8070 }
8071 
8072 static void ath10k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
8073 			 u32 queues, bool drop)
8074 {
8075 	struct ath10k *ar = hw->priv;
8076 	struct ath10k_vif *arvif;
8077 	u32 bitmap;
8078 
8079 	if (drop) {
8080 		if (vif && vif->type == NL80211_IFTYPE_STATION) {
8081 			bitmap = ~(1 << WMI_MGMT_TID);
8082 			list_for_each_entry(arvif, &ar->arvifs, list) {
8083 				if (arvif->vdev_type == WMI_VDEV_TYPE_STA)
8084 					ath10k_wmi_peer_flush(ar, arvif->vdev_id,
8085 							      arvif->bssid, bitmap);
8086 			}
8087 			ath10k_htt_flush_tx(&ar->htt);
8088 		}
8089 		return;
8090 	}
8091 
8092 	mutex_lock(&ar->conf_mutex);
8093 	ath10k_mac_wait_tx_complete(ar);
8094 	mutex_unlock(&ar->conf_mutex);
8095 }
8096 
8097 /* TODO: Implement this function properly
8098  * For now it is needed to reply to Probe Requests in IBSS mode.
8099  * Probably we need this information from FW.
8100  */
8101 static int ath10k_tx_last_beacon(struct ieee80211_hw *hw)
8102 {
8103 	return 1;
8104 }
8105 
8106 static void ath10k_reconfig_complete(struct ieee80211_hw *hw,
8107 				     enum ieee80211_reconfig_type reconfig_type)
8108 {
8109 	struct ath10k *ar = hw->priv;
8110 
8111 	if (reconfig_type != IEEE80211_RECONFIG_TYPE_RESTART)
8112 		return;
8113 
8114 	mutex_lock(&ar->conf_mutex);
8115 
8116 	/* If device failed to restart it will be in a different state, e.g.
8117 	 * ATH10K_STATE_WEDGED
8118 	 */
8119 	if (ar->state == ATH10K_STATE_RESTARTED) {
8120 		ath10k_info(ar, "device successfully recovered\n");
8121 		ar->state = ATH10K_STATE_ON;
8122 		ieee80211_wake_queues(ar->hw);
8123 		clear_bit(ATH10K_FLAG_RESTARTING, &ar->dev_flags);
8124 	}
8125 
8126 	mutex_unlock(&ar->conf_mutex);
8127 }
8128 
8129 static void
8130 ath10k_mac_update_bss_chan_survey(struct ath10k *ar,
8131 				  struct ieee80211_channel *channel)
8132 {
8133 	int ret;
8134 	enum wmi_bss_survey_req_type type = WMI_BSS_SURVEY_REQ_TYPE_READ;
8135 
8136 	lockdep_assert_held(&ar->conf_mutex);
8137 
8138 	if (!test_bit(WMI_SERVICE_BSS_CHANNEL_INFO_64, ar->wmi.svc_map) ||
8139 	    (ar->rx_channel != channel))
8140 		return;
8141 
8142 	if (ar->scan.state != ATH10K_SCAN_IDLE) {
8143 		ath10k_dbg(ar, ATH10K_DBG_MAC, "ignoring bss chan info request while scanning..\n");
8144 		return;
8145 	}
8146 
8147 	reinit_completion(&ar->bss_survey_done);
8148 
8149 	ret = ath10k_wmi_pdev_bss_chan_info_request(ar, type);
8150 	if (ret) {
8151 		ath10k_warn(ar, "failed to send pdev bss chan info request\n");
8152 		return;
8153 	}
8154 
8155 	ret = wait_for_completion_timeout(&ar->bss_survey_done, 3 * HZ);
8156 	if (!ret) {
8157 		ath10k_warn(ar, "bss channel survey timed out\n");
8158 		return;
8159 	}
8160 }
8161 
8162 static int ath10k_get_survey(struct ieee80211_hw *hw, int idx,
8163 			     struct survey_info *survey)
8164 {
8165 	struct ath10k *ar = hw->priv;
8166 	struct ieee80211_supported_band *sband;
8167 	struct survey_info *ar_survey = &ar->survey[idx];
8168 	int ret = 0;
8169 
8170 	mutex_lock(&ar->conf_mutex);
8171 
8172 	sband = hw->wiphy->bands[NL80211_BAND_2GHZ];
8173 	if (sband && idx >= sband->n_channels) {
8174 		idx -= sband->n_channels;
8175 		sband = NULL;
8176 	}
8177 
8178 	if (!sband)
8179 		sband = hw->wiphy->bands[NL80211_BAND_5GHZ];
8180 
8181 	if (!sband || idx >= sband->n_channels) {
8182 		ret = -ENOENT;
8183 		goto exit;
8184 	}
8185 
8186 	ath10k_mac_update_bss_chan_survey(ar, &sband->channels[idx]);
8187 
8188 	spin_lock_bh(&ar->data_lock);
8189 	memcpy(survey, ar_survey, sizeof(*survey));
8190 	spin_unlock_bh(&ar->data_lock);
8191 
8192 	survey->channel = &sband->channels[idx];
8193 
8194 	if (ar->rx_channel == survey->channel)
8195 		survey->filled |= SURVEY_INFO_IN_USE;
8196 
8197 exit:
8198 	mutex_unlock(&ar->conf_mutex);
8199 	return ret;
8200 }
8201 
8202 static bool
8203 ath10k_mac_bitrate_mask_get_single_nss(struct ath10k *ar,
8204 				       enum nl80211_band band,
8205 				       const struct cfg80211_bitrate_mask *mask,
8206 				       int *nss)
8207 {
8208 	struct ieee80211_supported_band *sband = &ar->mac.sbands[band];
8209 	u16 vht_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8210 	u8 ht_nss_mask = 0;
8211 	u8 vht_nss_mask = 0;
8212 	int i;
8213 
8214 	if (mask->control[band].legacy)
8215 		return false;
8216 
8217 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
8218 		if (mask->control[band].ht_mcs[i] == 0)
8219 			continue;
8220 		else if (mask->control[band].ht_mcs[i] ==
8221 			 sband->ht_cap.mcs.rx_mask[i])
8222 			ht_nss_mask |= BIT(i);
8223 		else
8224 			return false;
8225 	}
8226 
8227 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
8228 		if (mask->control[band].vht_mcs[i] == 0)
8229 			continue;
8230 		else if (mask->control[band].vht_mcs[i] ==
8231 			 ath10k_mac_get_max_vht_mcs_map(vht_mcs_map, i))
8232 			vht_nss_mask |= BIT(i);
8233 		else
8234 			return false;
8235 	}
8236 
8237 	if (ht_nss_mask != vht_nss_mask)
8238 		return false;
8239 
8240 	if (ht_nss_mask == 0)
8241 		return false;
8242 
8243 	if (BIT(fls(ht_nss_mask)) - 1 != ht_nss_mask)
8244 		return false;
8245 
8246 	*nss = fls(ht_nss_mask);
8247 
8248 	return true;
8249 }
8250 
8251 static int ath10k_mac_set_fixed_rate_params(struct ath10k_vif *arvif,
8252 					    u8 rate, u8 nss, u8 sgi, u8 ldpc)
8253 {
8254 	struct ath10k *ar = arvif->ar;
8255 	u32 vdev_param;
8256 	int ret;
8257 
8258 	lockdep_assert_held(&ar->conf_mutex);
8259 
8260 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac set fixed rate params vdev %i rate 0x%02x nss %u sgi %u\n",
8261 		   arvif->vdev_id, rate, nss, sgi);
8262 
8263 	vdev_param = ar->wmi.vdev_param->fixed_rate;
8264 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, rate);
8265 	if (ret) {
8266 		ath10k_warn(ar, "failed to set fixed rate param 0x%02x: %d\n",
8267 			    rate, ret);
8268 		return ret;
8269 	}
8270 
8271 	vdev_param = ar->wmi.vdev_param->nss;
8272 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, nss);
8273 	if (ret) {
8274 		ath10k_warn(ar, "failed to set nss param %d: %d\n", nss, ret);
8275 		return ret;
8276 	}
8277 
8278 	vdev_param = ar->wmi.vdev_param->sgi;
8279 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, sgi);
8280 	if (ret) {
8281 		ath10k_warn(ar, "failed to set sgi param %d: %d\n", sgi, ret);
8282 		return ret;
8283 	}
8284 
8285 	vdev_param = ar->wmi.vdev_param->ldpc;
8286 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, ldpc);
8287 	if (ret) {
8288 		ath10k_warn(ar, "failed to set ldpc param %d: %d\n", ldpc, ret);
8289 		return ret;
8290 	}
8291 
8292 	return 0;
8293 }
8294 
8295 static bool
8296 ath10k_mac_can_set_bitrate_mask(struct ath10k *ar,
8297 				enum nl80211_band band,
8298 				const struct cfg80211_bitrate_mask *mask,
8299 				bool allow_pfr)
8300 {
8301 	int i;
8302 	u16 vht_mcs;
8303 
8304 	/* Due to firmware limitation in WMI_PEER_ASSOC_CMDID it is impossible
8305 	 * to express all VHT MCS rate masks. Effectively only the following
8306 	 * ranges can be used: none, 0-7, 0-8 and 0-9.
8307 	 */
8308 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
8309 		vht_mcs = mask->control[band].vht_mcs[i];
8310 
8311 		switch (vht_mcs) {
8312 		case 0:
8313 		case BIT(8) - 1:
8314 		case BIT(9) - 1:
8315 		case BIT(10) - 1:
8316 			break;
8317 		default:
8318 			if (!allow_pfr)
8319 				ath10k_warn(ar, "refusing bitrate mask with missing 0-7 VHT MCS rates\n");
8320 			return false;
8321 		}
8322 	}
8323 
8324 	return true;
8325 }
8326 
8327 static bool ath10k_mac_set_vht_bitrate_mask_fixup(struct ath10k *ar,
8328 						  struct ath10k_vif *arvif,
8329 						  struct ieee80211_sta *sta)
8330 {
8331 	int err;
8332 	u8 rate = arvif->vht_pfr;
8333 
8334 	/* skip non vht and multiple rate peers */
8335 	if (!sta->deflink.vht_cap.vht_supported || arvif->vht_num_rates != 1)
8336 		return false;
8337 
8338 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8339 					WMI_PEER_PARAM_FIXED_RATE, rate);
8340 	if (err)
8341 		ath10k_warn(ar, "failed to enable STA %pM peer fixed rate: %d\n",
8342 			    sta->addr, err);
8343 
8344 	return true;
8345 }
8346 
8347 static void ath10k_mac_set_bitrate_mask_iter(void *data,
8348 					     struct ieee80211_sta *sta)
8349 {
8350 	struct ath10k_vif *arvif = data;
8351 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8352 	struct ath10k *ar = arvif->ar;
8353 
8354 	if (arsta->arvif != arvif)
8355 		return;
8356 
8357 	if (ath10k_mac_set_vht_bitrate_mask_fixup(ar, arvif, sta))
8358 		return;
8359 
8360 	spin_lock_bh(&ar->data_lock);
8361 	arsta->changed |= IEEE80211_RC_SUPP_RATES_CHANGED;
8362 	spin_unlock_bh(&ar->data_lock);
8363 
8364 	ieee80211_queue_work(ar->hw, &arsta->update_wk);
8365 }
8366 
8367 static void ath10k_mac_clr_bitrate_mask_iter(void *data,
8368 					     struct ieee80211_sta *sta)
8369 {
8370 	struct ath10k_vif *arvif = data;
8371 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8372 	struct ath10k *ar = arvif->ar;
8373 	int err;
8374 
8375 	/* clear vht peers only */
8376 	if (arsta->arvif != arvif || !sta->deflink.vht_cap.vht_supported)
8377 		return;
8378 
8379 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8380 					WMI_PEER_PARAM_FIXED_RATE,
8381 					WMI_FIXED_RATE_NONE);
8382 	if (err)
8383 		ath10k_warn(ar, "failed to clear STA %pM peer fixed rate: %d\n",
8384 			    sta->addr, err);
8385 }
8386 
8387 static int ath10k_mac_op_set_bitrate_mask(struct ieee80211_hw *hw,
8388 					  struct ieee80211_vif *vif,
8389 					  const struct cfg80211_bitrate_mask *mask)
8390 {
8391 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8392 	struct cfg80211_chan_def def;
8393 	struct ath10k *ar = arvif->ar;
8394 	enum nl80211_band band;
8395 	const u8 *ht_mcs_mask;
8396 	const u16 *vht_mcs_mask;
8397 	u8 rate;
8398 	u8 nss;
8399 	u8 sgi;
8400 	u8 ldpc;
8401 	int single_nss;
8402 	int ret;
8403 	int vht_num_rates, allow_pfr;
8404 	u8 vht_pfr;
8405 	bool update_bitrate_mask = true;
8406 
8407 	if (ath10k_mac_vif_chan(vif, &def))
8408 		return -EPERM;
8409 
8410 	band = def.chan->band;
8411 	ht_mcs_mask = mask->control[band].ht_mcs;
8412 	vht_mcs_mask = mask->control[band].vht_mcs;
8413 	ldpc = !!(ar->ht_cap_info & WMI_HT_CAP_LDPC);
8414 
8415 	sgi = mask->control[band].gi;
8416 	if (sgi == NL80211_TXRATE_FORCE_LGI)
8417 		return -EINVAL;
8418 
8419 	allow_pfr = test_bit(ATH10K_FW_FEATURE_PEER_FIXED_RATE,
8420 			     ar->normal_mode_fw.fw_file.fw_features);
8421 	if (allow_pfr) {
8422 		mutex_lock(&ar->conf_mutex);
8423 		ieee80211_iterate_stations_atomic(ar->hw,
8424 						  ath10k_mac_clr_bitrate_mask_iter,
8425 						  arvif);
8426 		mutex_unlock(&ar->conf_mutex);
8427 	}
8428 
8429 	if (ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
8430 						    &vht_num_rates)) {
8431 		ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8432 							      &rate, &nss,
8433 							      false);
8434 		if (ret) {
8435 			ath10k_warn(ar, "failed to get single rate for vdev %i: %d\n",
8436 				    arvif->vdev_id, ret);
8437 			return ret;
8438 		}
8439 	} else if (ath10k_mac_bitrate_mask_get_single_nss(ar, band, mask,
8440 							  &single_nss)) {
8441 		rate = WMI_FIXED_RATE_NONE;
8442 		nss = single_nss;
8443 	} else {
8444 		rate = WMI_FIXED_RATE_NONE;
8445 		nss = min(ar->num_rf_chains,
8446 			  max(ath10k_mac_max_ht_nss(ht_mcs_mask),
8447 			      ath10k_mac_max_vht_nss(vht_mcs_mask)));
8448 
8449 		if (!ath10k_mac_can_set_bitrate_mask(ar, band, mask,
8450 						     allow_pfr)) {
8451 			u8 vht_nss;
8452 
8453 			if (!allow_pfr || vht_num_rates != 1)
8454 				return -EINVAL;
8455 
8456 			/* Reach here, firmware supports peer fixed rate and has
8457 			 * single vht rate, and don't update vif birate_mask, as
8458 			 * the rate only for specific peer.
8459 			 */
8460 			ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8461 								&vht_pfr,
8462 								&vht_nss,
8463 								true);
8464 			update_bitrate_mask = false;
8465 		} else {
8466 			vht_pfr = 0;
8467 		}
8468 
8469 		mutex_lock(&ar->conf_mutex);
8470 
8471 		if (update_bitrate_mask)
8472 			arvif->bitrate_mask = *mask;
8473 		arvif->vht_num_rates = vht_num_rates;
8474 		arvif->vht_pfr = vht_pfr;
8475 		ieee80211_iterate_stations_atomic(ar->hw,
8476 						  ath10k_mac_set_bitrate_mask_iter,
8477 						  arvif);
8478 
8479 		mutex_unlock(&ar->conf_mutex);
8480 	}
8481 
8482 	mutex_lock(&ar->conf_mutex);
8483 
8484 	ret = ath10k_mac_set_fixed_rate_params(arvif, rate, nss, sgi, ldpc);
8485 	if (ret) {
8486 		ath10k_warn(ar, "failed to set fixed rate params on vdev %i: %d\n",
8487 			    arvif->vdev_id, ret);
8488 		goto exit;
8489 	}
8490 
8491 exit:
8492 	mutex_unlock(&ar->conf_mutex);
8493 
8494 	return ret;
8495 }
8496 
8497 static void ath10k_sta_rc_update(struct ieee80211_hw *hw,
8498 				 struct ieee80211_vif *vif,
8499 				 struct ieee80211_sta *sta,
8500 				 u32 changed)
8501 {
8502 	struct ath10k *ar = hw->priv;
8503 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8504 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8505 	struct ath10k_peer *peer;
8506 	u32 bw, smps;
8507 
8508 	spin_lock_bh(&ar->data_lock);
8509 
8510 	peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
8511 	if (!peer) {
8512 		spin_unlock_bh(&ar->data_lock);
8513 		ath10k_warn(ar, "mac sta rc update failed to find peer %pM on vdev %i\n",
8514 			    sta->addr, arvif->vdev_id);
8515 		return;
8516 	}
8517 
8518 	ath10k_dbg(ar, ATH10K_DBG_STA,
8519 		   "mac sta rc update for %pM changed %08x bw %d nss %d smps %d\n",
8520 		   sta->addr, changed, sta->deflink.bandwidth,
8521 		   sta->deflink.rx_nss,
8522 		   sta->deflink.smps_mode);
8523 
8524 	if (changed & IEEE80211_RC_BW_CHANGED) {
8525 		bw = WMI_PEER_CHWIDTH_20MHZ;
8526 
8527 		switch (sta->deflink.bandwidth) {
8528 		case IEEE80211_STA_RX_BW_20:
8529 			bw = WMI_PEER_CHWIDTH_20MHZ;
8530 			break;
8531 		case IEEE80211_STA_RX_BW_40:
8532 			bw = WMI_PEER_CHWIDTH_40MHZ;
8533 			break;
8534 		case IEEE80211_STA_RX_BW_80:
8535 			bw = WMI_PEER_CHWIDTH_80MHZ;
8536 			break;
8537 		case IEEE80211_STA_RX_BW_160:
8538 			bw = WMI_PEER_CHWIDTH_160MHZ;
8539 			break;
8540 		default:
8541 			ath10k_warn(ar, "Invalid bandwidth %d in rc update for %pM\n",
8542 				    sta->deflink.bandwidth, sta->addr);
8543 			bw = WMI_PEER_CHWIDTH_20MHZ;
8544 			break;
8545 		}
8546 
8547 		arsta->bw = bw;
8548 	}
8549 
8550 	if (changed & IEEE80211_RC_NSS_CHANGED)
8551 		arsta->nss = sta->deflink.rx_nss;
8552 
8553 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
8554 		smps = WMI_PEER_SMPS_PS_NONE;
8555 
8556 		switch (sta->deflink.smps_mode) {
8557 		case IEEE80211_SMPS_AUTOMATIC:
8558 		case IEEE80211_SMPS_OFF:
8559 			smps = WMI_PEER_SMPS_PS_NONE;
8560 			break;
8561 		case IEEE80211_SMPS_STATIC:
8562 			smps = WMI_PEER_SMPS_STATIC;
8563 			break;
8564 		case IEEE80211_SMPS_DYNAMIC:
8565 			smps = WMI_PEER_SMPS_DYNAMIC;
8566 			break;
8567 		case IEEE80211_SMPS_NUM_MODES:
8568 			ath10k_warn(ar, "Invalid smps %d in sta rc update for %pM\n",
8569 				    sta->deflink.smps_mode, sta->addr);
8570 			smps = WMI_PEER_SMPS_PS_NONE;
8571 			break;
8572 		}
8573 
8574 		arsta->smps = smps;
8575 	}
8576 
8577 	arsta->changed |= changed;
8578 
8579 	spin_unlock_bh(&ar->data_lock);
8580 
8581 	ieee80211_queue_work(hw, &arsta->update_wk);
8582 }
8583 
8584 static void ath10k_offset_tsf(struct ieee80211_hw *hw,
8585 			      struct ieee80211_vif *vif, s64 tsf_offset)
8586 {
8587 	struct ath10k *ar = hw->priv;
8588 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8589 	u32 offset, vdev_param;
8590 	int ret;
8591 
8592 	if (tsf_offset < 0) {
8593 		vdev_param = ar->wmi.vdev_param->dec_tsf;
8594 		offset = -tsf_offset;
8595 	} else {
8596 		vdev_param = ar->wmi.vdev_param->inc_tsf;
8597 		offset = tsf_offset;
8598 	}
8599 
8600 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
8601 					vdev_param, offset);
8602 
8603 	if (ret && ret != -EOPNOTSUPP)
8604 		ath10k_warn(ar, "failed to set tsf offset %d cmd %d: %d\n",
8605 			    offset, vdev_param, ret);
8606 }
8607 
8608 static int ath10k_ampdu_action(struct ieee80211_hw *hw,
8609 			       struct ieee80211_vif *vif,
8610 			       struct ieee80211_ampdu_params *params)
8611 {
8612 	struct ath10k *ar = hw->priv;
8613 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8614 	struct ieee80211_sta *sta = params->sta;
8615 	enum ieee80211_ampdu_mlme_action action = params->action;
8616 	u16 tid = params->tid;
8617 
8618 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ampdu vdev_id %i sta %pM tid %u action %d\n",
8619 		   arvif->vdev_id, sta->addr, tid, action);
8620 
8621 	switch (action) {
8622 	case IEEE80211_AMPDU_RX_START:
8623 	case IEEE80211_AMPDU_RX_STOP:
8624 		/* HTT AddBa/DelBa events trigger mac80211 Rx BA session
8625 		 * creation/removal. Do we need to verify this?
8626 		 */
8627 		return 0;
8628 	case IEEE80211_AMPDU_TX_START:
8629 	case IEEE80211_AMPDU_TX_STOP_CONT:
8630 	case IEEE80211_AMPDU_TX_STOP_FLUSH:
8631 	case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
8632 	case IEEE80211_AMPDU_TX_OPERATIONAL:
8633 		/* Firmware offloads Tx aggregation entirely so deny mac80211
8634 		 * Tx aggregation requests.
8635 		 */
8636 		return -EOPNOTSUPP;
8637 	}
8638 
8639 	return -EINVAL;
8640 }
8641 
8642 static void
8643 ath10k_mac_update_rx_channel(struct ath10k *ar,
8644 			     struct ieee80211_chanctx_conf *ctx,
8645 			     struct ieee80211_vif_chanctx_switch *vifs,
8646 			     int n_vifs)
8647 {
8648 	struct cfg80211_chan_def *def = NULL;
8649 
8650 	/* Both locks are required because ar->rx_channel is modified. This
8651 	 * allows readers to hold either lock.
8652 	 */
8653 	lockdep_assert_held(&ar->conf_mutex);
8654 	lockdep_assert_held(&ar->data_lock);
8655 
8656 	WARN_ON(ctx && vifs);
8657 	WARN_ON(vifs && !n_vifs);
8658 
8659 	/* FIXME: Sort of an optimization and a workaround. Peers and vifs are
8660 	 * on a linked list now. Doing a lookup peer -> vif -> chanctx for each
8661 	 * ppdu on Rx may reduce performance on low-end systems. It should be
8662 	 * possible to make tables/hashmaps to speed the lookup up (be vary of
8663 	 * cpu data cache lines though regarding sizes) but to keep the initial
8664 	 * implementation simple and less intrusive fallback to the slow lookup
8665 	 * only for multi-channel cases. Single-channel cases will remain to
8666 	 * use the old channel derival and thus performance should not be
8667 	 * affected much.
8668 	 */
8669 	rcu_read_lock();
8670 	if (!ctx && ath10k_mac_num_chanctxs(ar) == 1) {
8671 		ieee80211_iter_chan_contexts_atomic(ar->hw,
8672 						    ath10k_mac_get_any_chandef_iter,
8673 						    &def);
8674 
8675 		if (vifs)
8676 			def = &vifs[0].new_ctx->def;
8677 
8678 		ar->rx_channel = def->chan;
8679 	} else if ((ctx && ath10k_mac_num_chanctxs(ar) == 0) ||
8680 		   (ctx && (ar->state == ATH10K_STATE_RESTARTED))) {
8681 		/* During driver restart due to firmware assert, since mac80211
8682 		 * already has valid channel context for given radio, channel
8683 		 * context iteration return num_chanctx > 0. So fix rx_channel
8684 		 * when restart is in progress.
8685 		 */
8686 		ar->rx_channel = ctx->def.chan;
8687 	} else {
8688 		ar->rx_channel = NULL;
8689 	}
8690 	rcu_read_unlock();
8691 }
8692 
8693 static void
8694 ath10k_mac_update_vif_chan(struct ath10k *ar,
8695 			   struct ieee80211_vif_chanctx_switch *vifs,
8696 			   int n_vifs)
8697 {
8698 	struct ath10k_vif *arvif;
8699 	int ret;
8700 	int i;
8701 
8702 	lockdep_assert_held(&ar->conf_mutex);
8703 
8704 	/* First stop monitor interface. Some FW versions crash if there's a
8705 	 * lone monitor interface.
8706 	 */
8707 	if (ar->monitor_started)
8708 		ath10k_monitor_stop(ar);
8709 
8710 	for (i = 0; i < n_vifs; i++) {
8711 		arvif = (void *)vifs[i].vif->drv_priv;
8712 
8713 		ath10k_dbg(ar, ATH10K_DBG_MAC,
8714 			   "mac chanctx switch vdev_id %i freq %u->%u width %d->%d\n",
8715 			   arvif->vdev_id,
8716 			   vifs[i].old_ctx->def.chan->center_freq,
8717 			   vifs[i].new_ctx->def.chan->center_freq,
8718 			   vifs[i].old_ctx->def.width,
8719 			   vifs[i].new_ctx->def.width);
8720 
8721 		if (WARN_ON(!arvif->is_started))
8722 			continue;
8723 
8724 		if (WARN_ON(!arvif->is_up))
8725 			continue;
8726 
8727 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
8728 		if (ret) {
8729 			ath10k_warn(ar, "failed to down vdev %d: %d\n",
8730 				    arvif->vdev_id, ret);
8731 			continue;
8732 		}
8733 	}
8734 
8735 	/* All relevant vdevs are downed and associated channel resources
8736 	 * should be available for the channel switch now.
8737 	 */
8738 
8739 	spin_lock_bh(&ar->data_lock);
8740 	ath10k_mac_update_rx_channel(ar, NULL, vifs, n_vifs);
8741 	spin_unlock_bh(&ar->data_lock);
8742 
8743 	for (i = 0; i < n_vifs; i++) {
8744 		arvif = (void *)vifs[i].vif->drv_priv;
8745 
8746 		if (WARN_ON(!arvif->is_started))
8747 			continue;
8748 
8749 		if (WARN_ON(!arvif->is_up))
8750 			continue;
8751 
8752 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
8753 		if (ret)
8754 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
8755 				    ret);
8756 
8757 		ret = ath10k_mac_setup_prb_tmpl(arvif);
8758 		if (ret)
8759 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
8760 				    ret);
8761 
8762 		ret = ath10k_vdev_restart(arvif, &vifs[i].new_ctx->def);
8763 		if (ret) {
8764 			ath10k_warn(ar, "failed to restart vdev %d: %d\n",
8765 				    arvif->vdev_id, ret);
8766 			continue;
8767 		}
8768 
8769 		ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
8770 					 arvif->bssid);
8771 		if (ret) {
8772 			ath10k_warn(ar, "failed to bring vdev up %d: %d\n",
8773 				    arvif->vdev_id, ret);
8774 			continue;
8775 		}
8776 	}
8777 
8778 	ath10k_monitor_recalc(ar);
8779 }
8780 
8781 static int
8782 ath10k_mac_op_add_chanctx(struct ieee80211_hw *hw,
8783 			  struct ieee80211_chanctx_conf *ctx)
8784 {
8785 	struct ath10k *ar = hw->priv;
8786 
8787 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8788 		   "mac chanctx add freq %u width %d ptr %pK\n",
8789 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8790 
8791 	mutex_lock(&ar->conf_mutex);
8792 
8793 	spin_lock_bh(&ar->data_lock);
8794 	ath10k_mac_update_rx_channel(ar, ctx, NULL, 0);
8795 	spin_unlock_bh(&ar->data_lock);
8796 
8797 	ath10k_recalc_radar_detection(ar);
8798 	ath10k_monitor_recalc(ar);
8799 
8800 	mutex_unlock(&ar->conf_mutex);
8801 
8802 	return 0;
8803 }
8804 
8805 static void
8806 ath10k_mac_op_remove_chanctx(struct ieee80211_hw *hw,
8807 			     struct ieee80211_chanctx_conf *ctx)
8808 {
8809 	struct ath10k *ar = hw->priv;
8810 
8811 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8812 		   "mac chanctx remove freq %u width %d ptr %pK\n",
8813 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8814 
8815 	mutex_lock(&ar->conf_mutex);
8816 
8817 	spin_lock_bh(&ar->data_lock);
8818 	ath10k_mac_update_rx_channel(ar, NULL, NULL, 0);
8819 	spin_unlock_bh(&ar->data_lock);
8820 
8821 	ath10k_recalc_radar_detection(ar);
8822 	ath10k_monitor_recalc(ar);
8823 
8824 	mutex_unlock(&ar->conf_mutex);
8825 }
8826 
8827 struct ath10k_mac_change_chanctx_arg {
8828 	struct ieee80211_chanctx_conf *ctx;
8829 	struct ieee80211_vif_chanctx_switch *vifs;
8830 	int n_vifs;
8831 	int next_vif;
8832 };
8833 
8834 static void
8835 ath10k_mac_change_chanctx_cnt_iter(void *data, u8 *mac,
8836 				   struct ieee80211_vif *vif)
8837 {
8838 	struct ath10k_mac_change_chanctx_arg *arg = data;
8839 
8840 	if (rcu_access_pointer(vif->bss_conf.chanctx_conf) != arg->ctx)
8841 		return;
8842 
8843 	arg->n_vifs++;
8844 }
8845 
8846 static void
8847 ath10k_mac_change_chanctx_fill_iter(void *data, u8 *mac,
8848 				    struct ieee80211_vif *vif)
8849 {
8850 	struct ath10k_mac_change_chanctx_arg *arg = data;
8851 	struct ieee80211_chanctx_conf *ctx;
8852 
8853 	ctx = rcu_access_pointer(vif->bss_conf.chanctx_conf);
8854 	if (ctx != arg->ctx)
8855 		return;
8856 
8857 	if (WARN_ON(arg->next_vif == arg->n_vifs))
8858 		return;
8859 
8860 	arg->vifs[arg->next_vif].vif = vif;
8861 	arg->vifs[arg->next_vif].old_ctx = ctx;
8862 	arg->vifs[arg->next_vif].new_ctx = ctx;
8863 	arg->next_vif++;
8864 }
8865 
8866 static void
8867 ath10k_mac_op_change_chanctx(struct ieee80211_hw *hw,
8868 			     struct ieee80211_chanctx_conf *ctx,
8869 			     u32 changed)
8870 {
8871 	struct ath10k *ar = hw->priv;
8872 	struct ath10k_mac_change_chanctx_arg arg = { .ctx = ctx };
8873 
8874 	mutex_lock(&ar->conf_mutex);
8875 
8876 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8877 		   "mac chanctx change freq %u width %d ptr %pK changed %x\n",
8878 		   ctx->def.chan->center_freq, ctx->def.width, ctx, changed);
8879 
8880 	/* This shouldn't really happen because channel switching should use
8881 	 * switch_vif_chanctx().
8882 	 */
8883 	if (WARN_ON(changed & IEEE80211_CHANCTX_CHANGE_CHANNEL))
8884 		goto unlock;
8885 
8886 	if (changed & IEEE80211_CHANCTX_CHANGE_WIDTH) {
8887 		ieee80211_iterate_active_interfaces_atomic(
8888 					hw,
8889 					ATH10K_ITER_NORMAL_FLAGS,
8890 					ath10k_mac_change_chanctx_cnt_iter,
8891 					&arg);
8892 		if (arg.n_vifs == 0)
8893 			goto radar;
8894 
8895 		arg.vifs = kcalloc(arg.n_vifs, sizeof(arg.vifs[0]),
8896 				   GFP_KERNEL);
8897 		if (!arg.vifs)
8898 			goto radar;
8899 
8900 		ieee80211_iterate_active_interfaces_atomic(
8901 					hw,
8902 					ATH10K_ITER_NORMAL_FLAGS,
8903 					ath10k_mac_change_chanctx_fill_iter,
8904 					&arg);
8905 		ath10k_mac_update_vif_chan(ar, arg.vifs, arg.n_vifs);
8906 		kfree(arg.vifs);
8907 	}
8908 
8909 radar:
8910 	ath10k_recalc_radar_detection(ar);
8911 
8912 	/* FIXME: How to configure Rx chains properly? */
8913 
8914 	/* No other actions are actually necessary. Firmware maintains channel
8915 	 * definitions per vdev internally and there's no host-side channel
8916 	 * context abstraction to configure, e.g. channel width.
8917 	 */
8918 
8919 unlock:
8920 	mutex_unlock(&ar->conf_mutex);
8921 }
8922 
8923 static int
8924 ath10k_mac_op_assign_vif_chanctx(struct ieee80211_hw *hw,
8925 				 struct ieee80211_vif *vif,
8926 				 struct ieee80211_bss_conf *link_conf,
8927 				 struct ieee80211_chanctx_conf *ctx)
8928 {
8929 	struct ath10k *ar = hw->priv;
8930 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8931 	int ret;
8932 
8933 	mutex_lock(&ar->conf_mutex);
8934 
8935 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8936 		   "mac chanctx assign ptr %pK vdev_id %i\n",
8937 		   ctx, arvif->vdev_id);
8938 
8939 	if (WARN_ON(arvif->is_started)) {
8940 		mutex_unlock(&ar->conf_mutex);
8941 		return -EBUSY;
8942 	}
8943 
8944 	ret = ath10k_vdev_start(arvif, &ctx->def);
8945 	if (ret) {
8946 		ath10k_warn(ar, "failed to start vdev %i addr %pM on freq %d: %d\n",
8947 			    arvif->vdev_id, vif->addr,
8948 			    ctx->def.chan->center_freq, ret);
8949 		goto err;
8950 	}
8951 
8952 	arvif->is_started = true;
8953 
8954 	ret = ath10k_mac_vif_setup_ps(arvif);
8955 	if (ret) {
8956 		ath10k_warn(ar, "failed to update vdev %i ps: %d\n",
8957 			    arvif->vdev_id, ret);
8958 		goto err_stop;
8959 	}
8960 
8961 	if (vif->type == NL80211_IFTYPE_MONITOR) {
8962 		ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, 0, vif->addr);
8963 		if (ret) {
8964 			ath10k_warn(ar, "failed to up monitor vdev %i: %d\n",
8965 				    arvif->vdev_id, ret);
8966 			goto err_stop;
8967 		}
8968 
8969 		arvif->is_up = true;
8970 	}
8971 
8972 	if (ath10k_mac_can_set_cts_prot(arvif)) {
8973 		ret = ath10k_mac_set_cts_prot(arvif);
8974 		if (ret)
8975 			ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
8976 				    arvif->vdev_id, ret);
8977 	}
8978 
8979 	if (ath10k_peer_stats_enabled(ar) &&
8980 	    ar->hw_params.tx_stats_over_pktlog) {
8981 		ar->pktlog_filter |= ATH10K_PKTLOG_PEER_STATS;
8982 		ret = ath10k_wmi_pdev_pktlog_enable(ar,
8983 						    ar->pktlog_filter);
8984 		if (ret) {
8985 			ath10k_warn(ar, "failed to enable pktlog %d\n", ret);
8986 			goto err_stop;
8987 		}
8988 	}
8989 
8990 	mutex_unlock(&ar->conf_mutex);
8991 	return 0;
8992 
8993 err_stop:
8994 	ath10k_vdev_stop(arvif);
8995 	arvif->is_started = false;
8996 	ath10k_mac_vif_setup_ps(arvif);
8997 
8998 err:
8999 	mutex_unlock(&ar->conf_mutex);
9000 	return ret;
9001 }
9002 
9003 static void
9004 ath10k_mac_op_unassign_vif_chanctx(struct ieee80211_hw *hw,
9005 				   struct ieee80211_vif *vif,
9006 				   struct ieee80211_bss_conf *link_conf,
9007 				   struct ieee80211_chanctx_conf *ctx)
9008 {
9009 	struct ath10k *ar = hw->priv;
9010 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9011 	int ret;
9012 
9013 	mutex_lock(&ar->conf_mutex);
9014 
9015 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9016 		   "mac chanctx unassign ptr %pK vdev_id %i\n",
9017 		   ctx, arvif->vdev_id);
9018 
9019 	WARN_ON(!arvif->is_started);
9020 
9021 	if (vif->type == NL80211_IFTYPE_MONITOR) {
9022 		WARN_ON(!arvif->is_up);
9023 
9024 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
9025 		if (ret)
9026 			ath10k_warn(ar, "failed to down monitor vdev %i: %d\n",
9027 				    arvif->vdev_id, ret);
9028 
9029 		arvif->is_up = false;
9030 	}
9031 
9032 	ret = ath10k_vdev_stop(arvif);
9033 	if (ret)
9034 		ath10k_warn(ar, "failed to stop vdev %i: %d\n",
9035 			    arvif->vdev_id, ret);
9036 
9037 	arvif->is_started = false;
9038 
9039 	mutex_unlock(&ar->conf_mutex);
9040 }
9041 
9042 static int
9043 ath10k_mac_op_switch_vif_chanctx(struct ieee80211_hw *hw,
9044 				 struct ieee80211_vif_chanctx_switch *vifs,
9045 				 int n_vifs,
9046 				 enum ieee80211_chanctx_switch_mode mode)
9047 {
9048 	struct ath10k *ar = hw->priv;
9049 
9050 	mutex_lock(&ar->conf_mutex);
9051 
9052 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9053 		   "mac chanctx switch n_vifs %d mode %d\n",
9054 		   n_vifs, mode);
9055 	ath10k_mac_update_vif_chan(ar, vifs, n_vifs);
9056 
9057 	mutex_unlock(&ar->conf_mutex);
9058 	return 0;
9059 }
9060 
9061 static void ath10k_mac_op_sta_pre_rcu_remove(struct ieee80211_hw *hw,
9062 					     struct ieee80211_vif *vif,
9063 					     struct ieee80211_sta *sta)
9064 {
9065 	struct ath10k *ar;
9066 	struct ath10k_peer *peer;
9067 
9068 	ar = hw->priv;
9069 
9070 	list_for_each_entry(peer, &ar->peers, list)
9071 		if (peer->sta == sta)
9072 			peer->removed = true;
9073 }
9074 
9075 /* HT MCS parameters with Nss = 1 */
9076 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss1[] = {
9077 	/* MCS  L20   L40   S20  S40 */
9078 	{0,  { 65,  135,  72,  150} },
9079 	{1,  { 130, 270,  144, 300} },
9080 	{2,  { 195, 405,  217, 450} },
9081 	{3,  { 260, 540,  289, 600} },
9082 	{4,  { 390, 810,  433, 900} },
9083 	{5,  { 520, 1080, 578, 1200} },
9084 	{6,  { 585, 1215, 650, 1350} },
9085 	{7,  { 650, 1350, 722, 1500} }
9086 };
9087 
9088 /* HT MCS parameters with Nss = 2 */
9089 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss2[] = {
9090 	/* MCS  L20    L40   S20   S40 */
9091 	{0,  {130,  270,  144,  300} },
9092 	{1,  {260,  540,  289,  600} },
9093 	{2,  {390,  810,  433,  900} },
9094 	{3,  {520,  1080, 578,  1200} },
9095 	{4,  {780,  1620, 867,  1800} },
9096 	{5,  {1040, 2160, 1156, 2400} },
9097 	{6,  {1170, 2430, 1300, 2700} },
9098 	{7,  {1300, 2700, 1444, 3000} }
9099 };
9100 
9101 /* MCS parameters with Nss = 1 */
9102 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss1[] = {
9103 	/* MCS  L80    S80     L40   S40    L20   S20 */
9104 	{0,  {293,  325},  {135,  150},  {65,   72} },
9105 	{1,  {585,  650},  {270,  300},  {130,  144} },
9106 	{2,  {878,  975},  {405,  450},  {195,  217} },
9107 	{3,  {1170, 1300}, {540,  600},  {260,  289} },
9108 	{4,  {1755, 1950}, {810,  900},  {390,  433} },
9109 	{5,  {2340, 2600}, {1080, 1200}, {520,  578} },
9110 	{6,  {2633, 2925}, {1215, 1350}, {585,  650} },
9111 	{7,  {2925, 3250}, {1350, 1500}, {650,  722} },
9112 	{8,  {3510, 3900}, {1620, 1800}, {780,  867} },
9113 	{9,  {3900, 4333}, {1800, 2000}, {780,  867} }
9114 };
9115 
9116 /*MCS parameters with Nss = 2 */
9117 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss2[] = {
9118 	/* MCS  L80    S80     L40   S40    L20   S20 */
9119 	{0,  {585,  650},  {270,  300},  {130,  144} },
9120 	{1,  {1170, 1300}, {540,  600},  {260,  289} },
9121 	{2,  {1755, 1950}, {810,  900},  {390,  433} },
9122 	{3,  {2340, 2600}, {1080, 1200}, {520,  578} },
9123 	{4,  {3510, 3900}, {1620, 1800}, {780,  867} },
9124 	{5,  {4680, 5200}, {2160, 2400}, {1040, 1156} },
9125 	{6,  {5265, 5850}, {2430, 2700}, {1170, 1300} },
9126 	{7,  {5850, 6500}, {2700, 3000}, {1300, 1444} },
9127 	{8,  {7020, 7800}, {3240, 3600}, {1560, 1733} },
9128 	{9,  {7800, 8667}, {3600, 4000}, {1560, 1733} }
9129 };
9130 
9131 static void ath10k_mac_get_rate_flags_ht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9132 					 u8 *flags, u8 *bw)
9133 {
9134 	struct ath10k_index_ht_data_rate_type *mcs_rate;
9135 	u8 index;
9136 	size_t len_nss1 = ARRAY_SIZE(supported_ht_mcs_rate_nss1);
9137 	size_t len_nss2 = ARRAY_SIZE(supported_ht_mcs_rate_nss2);
9138 
9139 	if (mcs >= (len_nss1 + len_nss2)) {
9140 		ath10k_warn(ar, "not supported mcs %d in current rate table", mcs);
9141 		return;
9142 	}
9143 
9144 	mcs_rate = (struct ath10k_index_ht_data_rate_type *)
9145 		   ((nss == 1) ? &supported_ht_mcs_rate_nss1 :
9146 		   &supported_ht_mcs_rate_nss2);
9147 
9148 	if (mcs >= len_nss1)
9149 		index = mcs - len_nss1;
9150 	else
9151 		index = mcs;
9152 
9153 	if (rate == mcs_rate[index].supported_rate[0]) {
9154 		*bw = RATE_INFO_BW_20;
9155 	} else if (rate == mcs_rate[index].supported_rate[1]) {
9156 		*bw |= RATE_INFO_BW_40;
9157 	} else if (rate == mcs_rate[index].supported_rate[2]) {
9158 		*bw |= RATE_INFO_BW_20;
9159 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9160 	} else if (rate == mcs_rate[index].supported_rate[3]) {
9161 		*bw |= RATE_INFO_BW_40;
9162 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9163 	} else {
9164 		ath10k_warn(ar, "invalid ht params rate %d 100kbps nss %d mcs %d",
9165 			    rate, nss, mcs);
9166 	}
9167 }
9168 
9169 static void ath10k_mac_get_rate_flags_vht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9170 					  u8 *flags, u8 *bw)
9171 {
9172 	struct ath10k_index_vht_data_rate_type *mcs_rate;
9173 
9174 	mcs_rate = (struct ath10k_index_vht_data_rate_type *)
9175 		   ((nss == 1) ? &supported_vht_mcs_rate_nss1 :
9176 		   &supported_vht_mcs_rate_nss2);
9177 
9178 	if (rate == mcs_rate[mcs].supported_VHT80_rate[0]) {
9179 		*bw = RATE_INFO_BW_80;
9180 	} else if (rate == mcs_rate[mcs].supported_VHT80_rate[1]) {
9181 		*bw = RATE_INFO_BW_80;
9182 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9183 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[0]) {
9184 		*bw = RATE_INFO_BW_40;
9185 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[1]) {
9186 		*bw = RATE_INFO_BW_40;
9187 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9188 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[0]) {
9189 		*bw = RATE_INFO_BW_20;
9190 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[1]) {
9191 		*bw = RATE_INFO_BW_20;
9192 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9193 	} else {
9194 		ath10k_warn(ar, "invalid vht params rate %d 100kbps nss %d mcs %d",
9195 			    rate, nss, mcs);
9196 	}
9197 }
9198 
9199 static void ath10k_mac_get_rate_flags(struct ath10k *ar, u32 rate,
9200 				      enum ath10k_phy_mode mode, u8 nss, u8 mcs,
9201 				      u8 *flags, u8 *bw)
9202 {
9203 	if (mode == ATH10K_PHY_MODE_HT) {
9204 		*flags = RATE_INFO_FLAGS_MCS;
9205 		ath10k_mac_get_rate_flags_ht(ar, rate, nss, mcs, flags, bw);
9206 	} else if (mode == ATH10K_PHY_MODE_VHT) {
9207 		*flags = RATE_INFO_FLAGS_VHT_MCS;
9208 		ath10k_mac_get_rate_flags_vht(ar, rate, nss, mcs, flags, bw);
9209 	}
9210 }
9211 
9212 static void ath10k_mac_parse_bitrate(struct ath10k *ar, u32 rate_code,
9213 				     u32 bitrate_kbps, struct rate_info *rate)
9214 {
9215 	enum ath10k_phy_mode mode = ATH10K_PHY_MODE_LEGACY;
9216 	enum wmi_rate_preamble preamble = WMI_TLV_GET_HW_RC_PREAM_V1(rate_code);
9217 	u8 nss = WMI_TLV_GET_HW_RC_NSS_V1(rate_code) + 1;
9218 	u8 mcs = WMI_TLV_GET_HW_RC_RATE_V1(rate_code);
9219 	u8 flags = 0, bw = 0;
9220 
9221 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac parse rate code 0x%x bitrate %d kbps\n",
9222 		   rate_code, bitrate_kbps);
9223 
9224 	if (preamble == WMI_RATE_PREAMBLE_HT)
9225 		mode = ATH10K_PHY_MODE_HT;
9226 	else if (preamble == WMI_RATE_PREAMBLE_VHT)
9227 		mode = ATH10K_PHY_MODE_VHT;
9228 
9229 	ath10k_mac_get_rate_flags(ar, bitrate_kbps / 100, mode, nss, mcs, &flags, &bw);
9230 
9231 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9232 		   "mac parse bitrate preamble %d mode %d nss %d mcs %d flags %x bw %d\n",
9233 		   preamble, mode, nss, mcs, flags, bw);
9234 
9235 	rate->flags = flags;
9236 	rate->bw = bw;
9237 	rate->legacy = bitrate_kbps / 100;
9238 	rate->nss = nss;
9239 	rate->mcs = mcs;
9240 }
9241 
9242 static void ath10k_mac_sta_get_peer_stats_info(struct ath10k *ar,
9243 					       struct ieee80211_sta *sta,
9244 					       struct station_info *sinfo)
9245 {
9246 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9247 	struct ath10k_peer *peer;
9248 	unsigned long time_left;
9249 	int ret;
9250 
9251 	if (!(ar->hw_params.supports_peer_stats_info &&
9252 	      arsta->arvif->vdev_type == WMI_VDEV_TYPE_STA))
9253 		return;
9254 
9255 	spin_lock_bh(&ar->data_lock);
9256 	peer = ath10k_peer_find(ar, arsta->arvif->vdev_id, sta->addr);
9257 	spin_unlock_bh(&ar->data_lock);
9258 	if (!peer)
9259 		return;
9260 
9261 	reinit_completion(&ar->peer_stats_info_complete);
9262 
9263 	ret = ath10k_wmi_request_peer_stats_info(ar,
9264 						 arsta->arvif->vdev_id,
9265 						 WMI_REQUEST_ONE_PEER_STATS_INFO,
9266 						 arsta->arvif->bssid,
9267 						 0);
9268 	if (ret && ret != -EOPNOTSUPP) {
9269 		ath10k_warn(ar, "could not request peer stats info: %d\n", ret);
9270 		return;
9271 	}
9272 
9273 	time_left = wait_for_completion_timeout(&ar->peer_stats_info_complete, 3 * HZ);
9274 	if (time_left == 0) {
9275 		ath10k_warn(ar, "timed out waiting peer stats info\n");
9276 		return;
9277 	}
9278 
9279 	if (arsta->rx_rate_code != 0 && arsta->rx_bitrate_kbps != 0) {
9280 		ath10k_mac_parse_bitrate(ar, arsta->rx_rate_code,
9281 					 arsta->rx_bitrate_kbps,
9282 					 &sinfo->rxrate);
9283 
9284 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
9285 		arsta->rx_rate_code = 0;
9286 		arsta->rx_bitrate_kbps = 0;
9287 	}
9288 
9289 	if (arsta->tx_rate_code != 0 && arsta->tx_bitrate_kbps != 0) {
9290 		ath10k_mac_parse_bitrate(ar, arsta->tx_rate_code,
9291 					 arsta->tx_bitrate_kbps,
9292 					 &sinfo->txrate);
9293 
9294 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9295 		arsta->tx_rate_code = 0;
9296 		arsta->tx_bitrate_kbps = 0;
9297 	}
9298 }
9299 
9300 static void ath10k_sta_statistics(struct ieee80211_hw *hw,
9301 				  struct ieee80211_vif *vif,
9302 				  struct ieee80211_sta *sta,
9303 				  struct station_info *sinfo)
9304 {
9305 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9306 	struct ath10k *ar = arsta->arvif->ar;
9307 
9308 	if (!ath10k_peer_stats_enabled(ar))
9309 		return;
9310 
9311 	mutex_lock(&ar->conf_mutex);
9312 	ath10k_debug_fw_stats_request(ar);
9313 	mutex_unlock(&ar->conf_mutex);
9314 
9315 	sinfo->rx_duration = arsta->rx_duration;
9316 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_DURATION);
9317 
9318 	if (arsta->txrate.legacy || arsta->txrate.nss) {
9319 		if (arsta->txrate.legacy) {
9320 			sinfo->txrate.legacy = arsta->txrate.legacy;
9321 		} else {
9322 			sinfo->txrate.mcs = arsta->txrate.mcs;
9323 			sinfo->txrate.nss = arsta->txrate.nss;
9324 			sinfo->txrate.bw = arsta->txrate.bw;
9325 		}
9326 		sinfo->txrate.flags = arsta->txrate.flags;
9327 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9328 	}
9329 
9330 	if (ar->htt.disable_tx_comp) {
9331 		sinfo->tx_failed = arsta->tx_failed;
9332 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
9333 	}
9334 
9335 	sinfo->tx_retries = arsta->tx_retries;
9336 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_RETRIES);
9337 
9338 	ath10k_mac_sta_get_peer_stats_info(ar, sta, sinfo);
9339 }
9340 
9341 static int ath10k_mac_op_set_tid_config(struct ieee80211_hw *hw,
9342 					struct ieee80211_vif *vif,
9343 					struct ieee80211_sta *sta,
9344 					struct cfg80211_tid_config *tid_config)
9345 {
9346 	struct ath10k *ar = hw->priv;
9347 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9348 	struct ath10k_mac_iter_tid_conf_data data = {};
9349 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
9350 	int ret, i;
9351 
9352 	mutex_lock(&ar->conf_mutex);
9353 	arg.vdev_id = arvif->vdev_id;
9354 
9355 	arvif->tids_rst = 0;
9356 	memset(arvif->tid_conf_changed, 0, sizeof(arvif->tid_conf_changed));
9357 
9358 	for (i = 0; i < tid_config->n_tid_conf; i++) {
9359 		ret = ath10k_mac_parse_tid_config(ar, sta, vif,
9360 						  &tid_config->tid_conf[i],
9361 						  &arg);
9362 		if (ret)
9363 			goto exit;
9364 	}
9365 
9366 	ret = 0;
9367 
9368 	if (sta)
9369 		goto exit;
9370 
9371 	arvif->tids_rst = 0;
9372 	data.curr_vif = vif;
9373 	data.ar = ar;
9374 
9375 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9376 					  &data);
9377 
9378 exit:
9379 	mutex_unlock(&ar->conf_mutex);
9380 	return ret;
9381 }
9382 
9383 static int ath10k_mac_op_reset_tid_config(struct ieee80211_hw *hw,
9384 					  struct ieee80211_vif *vif,
9385 					  struct ieee80211_sta *sta,
9386 					  u8 tids)
9387 {
9388 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9389 	struct ath10k_mac_iter_tid_conf_data data = {};
9390 	struct ath10k *ar = hw->priv;
9391 	int ret = 0;
9392 
9393 	mutex_lock(&ar->conf_mutex);
9394 
9395 	if (sta) {
9396 		arvif->tids_rst = 0;
9397 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif, tids);
9398 		goto exit;
9399 	}
9400 
9401 	arvif->tids_rst = tids;
9402 	data.curr_vif = vif;
9403 	data.ar = ar;
9404 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9405 					  &data);
9406 
9407 exit:
9408 	mutex_unlock(&ar->conf_mutex);
9409 	return ret;
9410 }
9411 
9412 static const struct ieee80211_ops ath10k_ops = {
9413 	.tx				= ath10k_mac_op_tx,
9414 	.wake_tx_queue			= ath10k_mac_op_wake_tx_queue,
9415 	.start				= ath10k_start,
9416 	.stop				= ath10k_stop,
9417 	.config				= ath10k_config,
9418 	.add_interface			= ath10k_add_interface,
9419 	.update_vif_offload		= ath10k_update_vif_offload,
9420 	.remove_interface		= ath10k_remove_interface,
9421 	.configure_filter		= ath10k_configure_filter,
9422 	.bss_info_changed		= ath10k_bss_info_changed,
9423 	.set_coverage_class		= ath10k_mac_op_set_coverage_class,
9424 	.hw_scan			= ath10k_hw_scan,
9425 	.cancel_hw_scan			= ath10k_cancel_hw_scan,
9426 	.set_key			= ath10k_set_key,
9427 	.set_default_unicast_key        = ath10k_set_default_unicast_key,
9428 	.sta_state			= ath10k_sta_state,
9429 	.sta_set_txpwr			= ath10k_sta_set_txpwr,
9430 	.conf_tx			= ath10k_conf_tx,
9431 	.remain_on_channel		= ath10k_remain_on_channel,
9432 	.cancel_remain_on_channel	= ath10k_cancel_remain_on_channel,
9433 	.set_rts_threshold		= ath10k_set_rts_threshold,
9434 	.set_frag_threshold		= ath10k_mac_op_set_frag_threshold,
9435 	.flush				= ath10k_flush,
9436 	.tx_last_beacon			= ath10k_tx_last_beacon,
9437 	.set_antenna			= ath10k_set_antenna,
9438 	.get_antenna			= ath10k_get_antenna,
9439 	.reconfig_complete		= ath10k_reconfig_complete,
9440 	.get_survey			= ath10k_get_survey,
9441 	.set_bitrate_mask		= ath10k_mac_op_set_bitrate_mask,
9442 	.sta_rc_update			= ath10k_sta_rc_update,
9443 	.offset_tsf			= ath10k_offset_tsf,
9444 	.ampdu_action			= ath10k_ampdu_action,
9445 	.get_et_sset_count		= ath10k_debug_get_et_sset_count,
9446 	.get_et_stats			= ath10k_debug_get_et_stats,
9447 	.get_et_strings			= ath10k_debug_get_et_strings,
9448 	.add_chanctx			= ath10k_mac_op_add_chanctx,
9449 	.remove_chanctx			= ath10k_mac_op_remove_chanctx,
9450 	.change_chanctx			= ath10k_mac_op_change_chanctx,
9451 	.assign_vif_chanctx		= ath10k_mac_op_assign_vif_chanctx,
9452 	.unassign_vif_chanctx		= ath10k_mac_op_unassign_vif_chanctx,
9453 	.switch_vif_chanctx		= ath10k_mac_op_switch_vif_chanctx,
9454 	.sta_pre_rcu_remove		= ath10k_mac_op_sta_pre_rcu_remove,
9455 	.sta_statistics			= ath10k_sta_statistics,
9456 	.set_tid_config			= ath10k_mac_op_set_tid_config,
9457 	.reset_tid_config		= ath10k_mac_op_reset_tid_config,
9458 
9459 	CFG80211_TESTMODE_CMD(ath10k_tm_cmd)
9460 
9461 #ifdef CONFIG_PM
9462 	.suspend			= ath10k_wow_op_suspend,
9463 	.resume				= ath10k_wow_op_resume,
9464 	.set_wakeup			= ath10k_wow_op_set_wakeup,
9465 #endif
9466 #ifdef CONFIG_MAC80211_DEBUGFS
9467 	.sta_add_debugfs		= ath10k_sta_add_debugfs,
9468 #endif
9469 	.set_sar_specs			= ath10k_mac_set_sar_specs,
9470 };
9471 
9472 #define CHAN2G(_channel, _freq, _flags) { \
9473 	.band			= NL80211_BAND_2GHZ, \
9474 	.hw_value		= (_channel), \
9475 	.center_freq		= (_freq), \
9476 	.flags			= (_flags), \
9477 	.max_antenna_gain	= 0, \
9478 	.max_power		= 30, \
9479 }
9480 
9481 #define CHAN5G(_channel, _freq, _flags) { \
9482 	.band			= NL80211_BAND_5GHZ, \
9483 	.hw_value		= (_channel), \
9484 	.center_freq		= (_freq), \
9485 	.flags			= (_flags), \
9486 	.max_antenna_gain	= 0, \
9487 	.max_power		= 30, \
9488 }
9489 
9490 static const struct ieee80211_channel ath10k_2ghz_channels[] = {
9491 	CHAN2G(1, 2412, 0),
9492 	CHAN2G(2, 2417, 0),
9493 	CHAN2G(3, 2422, 0),
9494 	CHAN2G(4, 2427, 0),
9495 	CHAN2G(5, 2432, 0),
9496 	CHAN2G(6, 2437, 0),
9497 	CHAN2G(7, 2442, 0),
9498 	CHAN2G(8, 2447, 0),
9499 	CHAN2G(9, 2452, 0),
9500 	CHAN2G(10, 2457, 0),
9501 	CHAN2G(11, 2462, 0),
9502 	CHAN2G(12, 2467, 0),
9503 	CHAN2G(13, 2472, 0),
9504 	CHAN2G(14, 2484, 0),
9505 };
9506 
9507 static const struct ieee80211_channel ath10k_5ghz_channels[] = {
9508 	CHAN5G(36, 5180, 0),
9509 	CHAN5G(40, 5200, 0),
9510 	CHAN5G(44, 5220, 0),
9511 	CHAN5G(48, 5240, 0),
9512 	CHAN5G(52, 5260, 0),
9513 	CHAN5G(56, 5280, 0),
9514 	CHAN5G(60, 5300, 0),
9515 	CHAN5G(64, 5320, 0),
9516 	CHAN5G(100, 5500, 0),
9517 	CHAN5G(104, 5520, 0),
9518 	CHAN5G(108, 5540, 0),
9519 	CHAN5G(112, 5560, 0),
9520 	CHAN5G(116, 5580, 0),
9521 	CHAN5G(120, 5600, 0),
9522 	CHAN5G(124, 5620, 0),
9523 	CHAN5G(128, 5640, 0),
9524 	CHAN5G(132, 5660, 0),
9525 	CHAN5G(136, 5680, 0),
9526 	CHAN5G(140, 5700, 0),
9527 	CHAN5G(144, 5720, 0),
9528 	CHAN5G(149, 5745, 0),
9529 	CHAN5G(153, 5765, 0),
9530 	CHAN5G(157, 5785, 0),
9531 	CHAN5G(161, 5805, 0),
9532 	CHAN5G(165, 5825, 0),
9533 	CHAN5G(169, 5845, 0),
9534 	CHAN5G(173, 5865, 0),
9535 	/* If you add more, you may need to change ATH10K_MAX_5G_CHAN */
9536 	/* And you will definitely need to change ATH10K_NUM_CHANS in core.h */
9537 };
9538 
9539 struct ath10k *ath10k_mac_create(size_t priv_size)
9540 {
9541 	struct ieee80211_hw *hw;
9542 	struct ieee80211_ops *ops;
9543 	struct ath10k *ar;
9544 
9545 	ops = kmemdup(&ath10k_ops, sizeof(ath10k_ops), GFP_KERNEL);
9546 	if (!ops)
9547 		return NULL;
9548 
9549 	hw = ieee80211_alloc_hw(sizeof(struct ath10k) + priv_size, ops);
9550 	if (!hw) {
9551 		kfree(ops);
9552 		return NULL;
9553 	}
9554 
9555 	ar = hw->priv;
9556 	ar->hw = hw;
9557 	ar->ops = ops;
9558 
9559 	return ar;
9560 }
9561 
9562 void ath10k_mac_destroy(struct ath10k *ar)
9563 {
9564 	struct ieee80211_ops *ops = ar->ops;
9565 
9566 	ieee80211_free_hw(ar->hw);
9567 	kfree(ops);
9568 }
9569 
9570 static const struct ieee80211_iface_limit ath10k_if_limits[] = {
9571 	{
9572 		.max	= 8,
9573 		.types	= BIT(NL80211_IFTYPE_STATION)
9574 			| BIT(NL80211_IFTYPE_P2P_CLIENT)
9575 	},
9576 	{
9577 		.max	= 3,
9578 		.types	= BIT(NL80211_IFTYPE_P2P_GO)
9579 	},
9580 	{
9581 		.max	= 1,
9582 		.types	= BIT(NL80211_IFTYPE_P2P_DEVICE)
9583 	},
9584 	{
9585 		.max	= 7,
9586 		.types	= BIT(NL80211_IFTYPE_AP)
9587 #ifdef CONFIG_MAC80211_MESH
9588 			| BIT(NL80211_IFTYPE_MESH_POINT)
9589 #endif
9590 	},
9591 };
9592 
9593 static const struct ieee80211_iface_limit ath10k_10x_if_limits[] = {
9594 	{
9595 		.max	= 8,
9596 		.types	= BIT(NL80211_IFTYPE_AP)
9597 #ifdef CONFIG_MAC80211_MESH
9598 			| BIT(NL80211_IFTYPE_MESH_POINT)
9599 #endif
9600 	},
9601 	{
9602 		.max	= 1,
9603 		.types	= BIT(NL80211_IFTYPE_STATION)
9604 	},
9605 };
9606 
9607 static const struct ieee80211_iface_combination ath10k_if_comb[] = {
9608 	{
9609 		.limits = ath10k_if_limits,
9610 		.n_limits = ARRAY_SIZE(ath10k_if_limits),
9611 		.max_interfaces = 8,
9612 		.num_different_channels = 1,
9613 		.beacon_int_infra_match = true,
9614 	},
9615 };
9616 
9617 static const struct ieee80211_iface_combination ath10k_10x_if_comb[] = {
9618 	{
9619 		.limits = ath10k_10x_if_limits,
9620 		.n_limits = ARRAY_SIZE(ath10k_10x_if_limits),
9621 		.max_interfaces = 8,
9622 		.num_different_channels = 1,
9623 		.beacon_int_infra_match = true,
9624 		.beacon_int_min_gcd = 1,
9625 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9626 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9627 					BIT(NL80211_CHAN_WIDTH_20) |
9628 					BIT(NL80211_CHAN_WIDTH_40) |
9629 					BIT(NL80211_CHAN_WIDTH_80),
9630 #endif
9631 	},
9632 };
9633 
9634 static const struct ieee80211_iface_limit ath10k_tlv_if_limit[] = {
9635 	{
9636 		.max = 2,
9637 		.types = BIT(NL80211_IFTYPE_STATION),
9638 	},
9639 	{
9640 		.max = 2,
9641 		.types = BIT(NL80211_IFTYPE_AP) |
9642 #ifdef CONFIG_MAC80211_MESH
9643 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9644 #endif
9645 			 BIT(NL80211_IFTYPE_P2P_CLIENT) |
9646 			 BIT(NL80211_IFTYPE_P2P_GO),
9647 	},
9648 	{
9649 		.max = 1,
9650 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9651 	},
9652 };
9653 
9654 static const struct ieee80211_iface_limit ath10k_tlv_qcs_if_limit[] = {
9655 	{
9656 		.max = 2,
9657 		.types = BIT(NL80211_IFTYPE_STATION),
9658 	},
9659 	{
9660 		.max = 2,
9661 		.types = BIT(NL80211_IFTYPE_P2P_CLIENT),
9662 	},
9663 	{
9664 		.max = 1,
9665 		.types = BIT(NL80211_IFTYPE_AP) |
9666 #ifdef CONFIG_MAC80211_MESH
9667 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9668 #endif
9669 			 BIT(NL80211_IFTYPE_P2P_GO),
9670 	},
9671 	{
9672 		.max = 1,
9673 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9674 	},
9675 };
9676 
9677 static const struct ieee80211_iface_limit ath10k_tlv_if_limit_ibss[] = {
9678 	{
9679 		.max = 1,
9680 		.types = BIT(NL80211_IFTYPE_STATION),
9681 	},
9682 	{
9683 		.max = 1,
9684 		.types = BIT(NL80211_IFTYPE_ADHOC),
9685 	},
9686 };
9687 
9688 /* FIXME: This is not thoroughly tested. These combinations may over- or
9689  * underestimate hw/fw capabilities.
9690  */
9691 static struct ieee80211_iface_combination ath10k_tlv_if_comb[] = {
9692 	{
9693 		.limits = ath10k_tlv_if_limit,
9694 		.num_different_channels = 1,
9695 		.max_interfaces = 4,
9696 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9697 	},
9698 	{
9699 		.limits = ath10k_tlv_if_limit_ibss,
9700 		.num_different_channels = 1,
9701 		.max_interfaces = 2,
9702 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9703 	},
9704 };
9705 
9706 static struct ieee80211_iface_combination ath10k_tlv_qcs_if_comb[] = {
9707 	{
9708 		.limits = ath10k_tlv_if_limit,
9709 		.num_different_channels = 1,
9710 		.max_interfaces = 4,
9711 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9712 	},
9713 	{
9714 		.limits = ath10k_tlv_qcs_if_limit,
9715 		.num_different_channels = 2,
9716 		.max_interfaces = 4,
9717 		.n_limits = ARRAY_SIZE(ath10k_tlv_qcs_if_limit),
9718 	},
9719 	{
9720 		.limits = ath10k_tlv_if_limit_ibss,
9721 		.num_different_channels = 1,
9722 		.max_interfaces = 2,
9723 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9724 	},
9725 };
9726 
9727 static const struct ieee80211_iface_limit ath10k_10_4_if_limits[] = {
9728 	{
9729 		.max = 1,
9730 		.types = BIT(NL80211_IFTYPE_STATION),
9731 	},
9732 	{
9733 		.max	= 16,
9734 		.types	= BIT(NL80211_IFTYPE_AP)
9735 #ifdef CONFIG_MAC80211_MESH
9736 			| BIT(NL80211_IFTYPE_MESH_POINT)
9737 #endif
9738 	},
9739 };
9740 
9741 static const struct ieee80211_iface_combination ath10k_10_4_if_comb[] = {
9742 	{
9743 		.limits = ath10k_10_4_if_limits,
9744 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9745 		.max_interfaces = 16,
9746 		.num_different_channels = 1,
9747 		.beacon_int_infra_match = true,
9748 		.beacon_int_min_gcd = 1,
9749 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9750 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9751 					BIT(NL80211_CHAN_WIDTH_20) |
9752 					BIT(NL80211_CHAN_WIDTH_40) |
9753 					BIT(NL80211_CHAN_WIDTH_80) |
9754 					BIT(NL80211_CHAN_WIDTH_80P80) |
9755 					BIT(NL80211_CHAN_WIDTH_160),
9756 #endif
9757 	},
9758 };
9759 
9760 static const struct
9761 ieee80211_iface_combination ath10k_10_4_bcn_int_if_comb[] = {
9762 	{
9763 		.limits = ath10k_10_4_if_limits,
9764 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9765 		.max_interfaces = 16,
9766 		.num_different_channels = 1,
9767 		.beacon_int_infra_match = true,
9768 		.beacon_int_min_gcd = 100,
9769 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9770 		.radar_detect_widths =  BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9771 					BIT(NL80211_CHAN_WIDTH_20) |
9772 					BIT(NL80211_CHAN_WIDTH_40) |
9773 					BIT(NL80211_CHAN_WIDTH_80) |
9774 					BIT(NL80211_CHAN_WIDTH_80P80) |
9775 					BIT(NL80211_CHAN_WIDTH_160),
9776 #endif
9777 	},
9778 };
9779 
9780 static void ath10k_get_arvif_iter(void *data, u8 *mac,
9781 				  struct ieee80211_vif *vif)
9782 {
9783 	struct ath10k_vif_iter *arvif_iter = data;
9784 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9785 
9786 	if (arvif->vdev_id == arvif_iter->vdev_id)
9787 		arvif_iter->arvif = arvif;
9788 }
9789 
9790 struct ath10k_vif *ath10k_get_arvif(struct ath10k *ar, u32 vdev_id)
9791 {
9792 	struct ath10k_vif_iter arvif_iter;
9793 
9794 	memset(&arvif_iter, 0, sizeof(struct ath10k_vif_iter));
9795 	arvif_iter.vdev_id = vdev_id;
9796 
9797 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
9798 						   ATH10K_ITER_RESUME_FLAGS,
9799 						   ath10k_get_arvif_iter,
9800 						   &arvif_iter);
9801 	if (!arvif_iter.arvif) {
9802 		ath10k_warn(ar, "No VIF found for vdev %d\n", vdev_id);
9803 		return NULL;
9804 	}
9805 
9806 	return arvif_iter.arvif;
9807 }
9808 
9809 #define WRD_METHOD "WRDD"
9810 #define WRDD_WIFI  (0x07)
9811 
9812 static u32 ath10k_mac_wrdd_get_mcc(struct ath10k *ar, union acpi_object *wrdd)
9813 {
9814 	union acpi_object *mcc_pkg;
9815 	union acpi_object *domain_type;
9816 	union acpi_object *mcc_value;
9817 	u32 i;
9818 
9819 	if (wrdd->type != ACPI_TYPE_PACKAGE ||
9820 	    wrdd->package.count < 2 ||
9821 	    wrdd->package.elements[0].type != ACPI_TYPE_INTEGER ||
9822 	    wrdd->package.elements[0].integer.value != 0) {
9823 		ath10k_warn(ar, "ignoring malformed/unsupported wrdd structure\n");
9824 		return 0;
9825 	}
9826 
9827 	for (i = 1; i < wrdd->package.count; ++i) {
9828 		mcc_pkg = &wrdd->package.elements[i];
9829 
9830 		if (mcc_pkg->type != ACPI_TYPE_PACKAGE)
9831 			continue;
9832 		if (mcc_pkg->package.count < 2)
9833 			continue;
9834 		if (mcc_pkg->package.elements[0].type != ACPI_TYPE_INTEGER ||
9835 		    mcc_pkg->package.elements[1].type != ACPI_TYPE_INTEGER)
9836 			continue;
9837 
9838 		domain_type = &mcc_pkg->package.elements[0];
9839 		if (domain_type->integer.value != WRDD_WIFI)
9840 			continue;
9841 
9842 		mcc_value = &mcc_pkg->package.elements[1];
9843 		return mcc_value->integer.value;
9844 	}
9845 	return 0;
9846 }
9847 
9848 static int ath10k_mac_get_wrdd_regulatory(struct ath10k *ar, u16 *rd)
9849 {
9850 	acpi_handle root_handle;
9851 	acpi_handle handle;
9852 	struct acpi_buffer wrdd = {ACPI_ALLOCATE_BUFFER, NULL};
9853 	acpi_status status;
9854 	u32 alpha2_code;
9855 	char alpha2[3];
9856 
9857 	root_handle = ACPI_HANDLE(ar->dev);
9858 	if (!root_handle)
9859 		return -EOPNOTSUPP;
9860 
9861 	status = acpi_get_handle(root_handle, (acpi_string)WRD_METHOD, &handle);
9862 	if (ACPI_FAILURE(status)) {
9863 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9864 			   "failed to get wrd method %d\n", status);
9865 		return -EIO;
9866 	}
9867 
9868 	status = acpi_evaluate_object(handle, NULL, NULL, &wrdd);
9869 	if (ACPI_FAILURE(status)) {
9870 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9871 			   "failed to call wrdc %d\n", status);
9872 		return -EIO;
9873 	}
9874 
9875 	alpha2_code = ath10k_mac_wrdd_get_mcc(ar, wrdd.pointer);
9876 	kfree(wrdd.pointer);
9877 	if (!alpha2_code)
9878 		return -EIO;
9879 
9880 	alpha2[0] = (alpha2_code >> 8) & 0xff;
9881 	alpha2[1] = (alpha2_code >> 0) & 0xff;
9882 	alpha2[2] = '\0';
9883 
9884 	ath10k_dbg(ar, ATH10K_DBG_BOOT,
9885 		   "regulatory hint from WRDD (alpha2-code): %s\n", alpha2);
9886 
9887 	*rd = ath_regd_find_country_by_name(alpha2);
9888 	if (*rd == 0xffff)
9889 		return -EIO;
9890 
9891 	*rd |= COUNTRY_ERD_FLAG;
9892 	return 0;
9893 }
9894 
9895 static int ath10k_mac_init_rd(struct ath10k *ar)
9896 {
9897 	int ret;
9898 	u16 rd;
9899 
9900 	ret = ath10k_mac_get_wrdd_regulatory(ar, &rd);
9901 	if (ret) {
9902 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9903 			   "fallback to eeprom programmed regulatory settings\n");
9904 		rd = ar->hw_eeprom_rd;
9905 	}
9906 
9907 	ar->ath_common.regulatory.current_rd = rd;
9908 	return 0;
9909 }
9910 
9911 int ath10k_mac_register(struct ath10k *ar)
9912 {
9913 	static const u32 cipher_suites[] = {
9914 		WLAN_CIPHER_SUITE_WEP40,
9915 		WLAN_CIPHER_SUITE_WEP104,
9916 		WLAN_CIPHER_SUITE_TKIP,
9917 		WLAN_CIPHER_SUITE_CCMP,
9918 
9919 		/* Do not add hardware supported ciphers before this line.
9920 		 * Allow software encryption for all chips. Don't forget to
9921 		 * update n_cipher_suites below.
9922 		 */
9923 		WLAN_CIPHER_SUITE_AES_CMAC,
9924 		WLAN_CIPHER_SUITE_BIP_CMAC_256,
9925 		WLAN_CIPHER_SUITE_BIP_GMAC_128,
9926 		WLAN_CIPHER_SUITE_BIP_GMAC_256,
9927 
9928 		/* Only QCA99x0 and QCA4019 variants support GCMP-128, GCMP-256
9929 		 * and CCMP-256 in hardware.
9930 		 */
9931 		WLAN_CIPHER_SUITE_GCMP,
9932 		WLAN_CIPHER_SUITE_GCMP_256,
9933 		WLAN_CIPHER_SUITE_CCMP_256,
9934 	};
9935 	struct ieee80211_supported_band *band;
9936 	void *channels;
9937 	int ret;
9938 
9939 	if (!is_valid_ether_addr(ar->mac_addr)) {
9940 		ath10k_warn(ar, "invalid MAC address; choosing random\n");
9941 		eth_random_addr(ar->mac_addr);
9942 	}
9943 	SET_IEEE80211_PERM_ADDR(ar->hw, ar->mac_addr);
9944 
9945 	SET_IEEE80211_DEV(ar->hw, ar->dev);
9946 
9947 	BUILD_BUG_ON((ARRAY_SIZE(ath10k_2ghz_channels) +
9948 		      ARRAY_SIZE(ath10k_5ghz_channels)) !=
9949 		     ATH10K_NUM_CHANS);
9950 
9951 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
9952 		channels = kmemdup(ath10k_2ghz_channels,
9953 				   sizeof(ath10k_2ghz_channels),
9954 				   GFP_KERNEL);
9955 		if (!channels) {
9956 			ret = -ENOMEM;
9957 			goto err_free;
9958 		}
9959 
9960 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
9961 		band->n_channels = ARRAY_SIZE(ath10k_2ghz_channels);
9962 		band->channels = channels;
9963 
9964 		if (ar->hw_params.cck_rate_map_rev2) {
9965 			band->n_bitrates = ath10k_g_rates_rev2_size;
9966 			band->bitrates = ath10k_g_rates_rev2;
9967 		} else {
9968 			band->n_bitrates = ath10k_g_rates_size;
9969 			band->bitrates = ath10k_g_rates;
9970 		}
9971 
9972 		ar->hw->wiphy->bands[NL80211_BAND_2GHZ] = band;
9973 	}
9974 
9975 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
9976 		channels = kmemdup(ath10k_5ghz_channels,
9977 				   sizeof(ath10k_5ghz_channels),
9978 				   GFP_KERNEL);
9979 		if (!channels) {
9980 			ret = -ENOMEM;
9981 			goto err_free;
9982 		}
9983 
9984 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
9985 		band->n_channels = ARRAY_SIZE(ath10k_5ghz_channels);
9986 		band->channels = channels;
9987 		band->n_bitrates = ath10k_a_rates_size;
9988 		band->bitrates = ath10k_a_rates;
9989 		ar->hw->wiphy->bands[NL80211_BAND_5GHZ] = band;
9990 	}
9991 
9992 	wiphy_read_of_freq_limits(ar->hw->wiphy);
9993 	ath10k_mac_setup_ht_vht_cap(ar);
9994 
9995 	ar->hw->wiphy->interface_modes =
9996 		BIT(NL80211_IFTYPE_STATION) |
9997 		BIT(NL80211_IFTYPE_AP) |
9998 		BIT(NL80211_IFTYPE_MESH_POINT);
9999 
10000 	ar->hw->wiphy->available_antennas_rx = ar->cfg_rx_chainmask;
10001 	ar->hw->wiphy->available_antennas_tx = ar->cfg_tx_chainmask;
10002 
10003 	if (!test_bit(ATH10K_FW_FEATURE_NO_P2P, ar->normal_mode_fw.fw_file.fw_features))
10004 		ar->hw->wiphy->interface_modes |=
10005 			BIT(NL80211_IFTYPE_P2P_DEVICE) |
10006 			BIT(NL80211_IFTYPE_P2P_CLIENT) |
10007 			BIT(NL80211_IFTYPE_P2P_GO);
10008 
10009 	ieee80211_hw_set(ar->hw, SIGNAL_DBM);
10010 
10011 	if (!test_bit(ATH10K_FW_FEATURE_NO_PS,
10012 		      ar->running_fw->fw_file.fw_features)) {
10013 		ieee80211_hw_set(ar->hw, SUPPORTS_PS);
10014 		ieee80211_hw_set(ar->hw, SUPPORTS_DYNAMIC_PS);
10015 	}
10016 
10017 	ieee80211_hw_set(ar->hw, MFP_CAPABLE);
10018 	ieee80211_hw_set(ar->hw, REPORTS_TX_ACK_STATUS);
10019 	ieee80211_hw_set(ar->hw, HAS_RATE_CONTROL);
10020 	ieee80211_hw_set(ar->hw, AP_LINK_PS);
10021 	ieee80211_hw_set(ar->hw, SPECTRUM_MGMT);
10022 	ieee80211_hw_set(ar->hw, SUPPORT_FAST_XMIT);
10023 	ieee80211_hw_set(ar->hw, CONNECTION_MONITOR);
10024 	ieee80211_hw_set(ar->hw, SUPPORTS_PER_STA_GTK);
10025 	ieee80211_hw_set(ar->hw, WANT_MONITOR_VIF);
10026 	ieee80211_hw_set(ar->hw, CHANCTX_STA_CSA);
10027 	ieee80211_hw_set(ar->hw, QUEUE_CONTROL);
10028 	ieee80211_hw_set(ar->hw, SUPPORTS_TX_FRAG);
10029 	ieee80211_hw_set(ar->hw, REPORTS_LOW_ACK);
10030 
10031 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
10032 		ieee80211_hw_set(ar->hw, SW_CRYPTO_CONTROL);
10033 
10034 	ar->hw->wiphy->features |= NL80211_FEATURE_STATIC_SMPS;
10035 	ar->hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
10036 
10037 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS)
10038 		ar->hw->wiphy->features |= NL80211_FEATURE_DYNAMIC_SMPS;
10039 
10040 	if (ar->ht_cap_info & WMI_HT_CAP_ENABLED) {
10041 		ieee80211_hw_set(ar->hw, AMPDU_AGGREGATION);
10042 		ieee80211_hw_set(ar->hw, TX_AMPDU_SETUP_IN_HW);
10043 	}
10044 
10045 	ar->hw->wiphy->max_scan_ssids = WLAN_SCAN_PARAMS_MAX_SSID;
10046 	ar->hw->wiphy->max_scan_ie_len = WLAN_SCAN_PARAMS_MAX_IE_LEN;
10047 
10048 	if (test_bit(WMI_SERVICE_NLO, ar->wmi.svc_map)) {
10049 		ar->hw->wiphy->max_sched_scan_ssids = WMI_PNO_MAX_SUPP_NETWORKS;
10050 		ar->hw->wiphy->max_match_sets = WMI_PNO_MAX_SUPP_NETWORKS;
10051 		ar->hw->wiphy->max_sched_scan_ie_len = WMI_PNO_MAX_IE_LENGTH;
10052 		ar->hw->wiphy->max_sched_scan_plans = WMI_PNO_MAX_SCHED_SCAN_PLANS;
10053 		ar->hw->wiphy->max_sched_scan_plan_interval =
10054 			WMI_PNO_MAX_SCHED_SCAN_PLAN_INT;
10055 		ar->hw->wiphy->max_sched_scan_plan_iterations =
10056 			WMI_PNO_MAX_SCHED_SCAN_PLAN_ITRNS;
10057 		ar->hw->wiphy->features |= NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
10058 	}
10059 
10060 	ar->hw->vif_data_size = sizeof(struct ath10k_vif);
10061 	ar->hw->sta_data_size = sizeof(struct ath10k_sta);
10062 	ar->hw->txq_data_size = sizeof(struct ath10k_txq);
10063 
10064 	ar->hw->max_listen_interval = ATH10K_MAX_HW_LISTEN_INTERVAL;
10065 
10066 	if (test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)) {
10067 		ar->hw->wiphy->flags |= WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD;
10068 
10069 		/* Firmware delivers WPS/P2P Probe Requests frames to driver so
10070 		 * that userspace (e.g. wpa_supplicant/hostapd) can generate
10071 		 * correct Probe Responses. This is more of a hack advert..
10072 		 */
10073 		ar->hw->wiphy->probe_resp_offload |=
10074 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS |
10075 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2 |
10076 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P;
10077 	}
10078 
10079 	if (test_bit(WMI_SERVICE_TDLS, ar->wmi.svc_map) ||
10080 	    test_bit(WMI_SERVICE_TDLS_EXPLICIT_MODE_ONLY, ar->wmi.svc_map)) {
10081 		ar->hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS;
10082 		if (test_bit(WMI_SERVICE_TDLS_WIDER_BANDWIDTH, ar->wmi.svc_map))
10083 			ieee80211_hw_set(ar->hw, TDLS_WIDER_BW);
10084 	}
10085 
10086 	if (test_bit(WMI_SERVICE_TDLS_UAPSD_BUFFER_STA, ar->wmi.svc_map))
10087 		ieee80211_hw_set(ar->hw, SUPPORTS_TDLS_BUFFER_STA);
10088 
10089 	if (ath10k_frame_mode == ATH10K_HW_TXRX_ETHERNET) {
10090 		if (ar->wmi.vdev_param->tx_encap_type !=
10091 		    WMI_VDEV_PARAM_UNSUPPORTED)
10092 			ieee80211_hw_set(ar->hw, SUPPORTS_TX_ENCAP_OFFLOAD);
10093 	}
10094 
10095 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
10096 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH;
10097 	ar->hw->wiphy->max_remain_on_channel_duration = 5000;
10098 
10099 	ar->hw->wiphy->flags |= WIPHY_FLAG_AP_UAPSD;
10100 	ar->hw->wiphy->features |= NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE |
10101 				   NL80211_FEATURE_AP_SCAN;
10102 
10103 	ar->hw->wiphy->max_ap_assoc_sta = ar->max_num_stations;
10104 
10105 	ret = ath10k_wow_init(ar);
10106 	if (ret) {
10107 		ath10k_warn(ar, "failed to init wow: %d\n", ret);
10108 		goto err_free;
10109 	}
10110 
10111 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_VHT_IBSS);
10112 	wiphy_ext_feature_set(ar->hw->wiphy,
10113 			      NL80211_EXT_FEATURE_SET_SCAN_DWELL);
10114 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_AQL);
10115 
10116 	if (test_bit(WMI_SERVICE_TX_DATA_ACK_RSSI, ar->wmi.svc_map) ||
10117 	    test_bit(WMI_SERVICE_HTT_MGMT_TX_COMP_VALID_FLAGS, ar->wmi.svc_map))
10118 		wiphy_ext_feature_set(ar->hw->wiphy,
10119 				      NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT);
10120 
10121 	if (ath10k_peer_stats_enabled(ar) ||
10122 	    test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
10123 		wiphy_ext_feature_set(ar->hw->wiphy,
10124 				      NL80211_EXT_FEATURE_AIRTIME_FAIRNESS);
10125 
10126 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map))
10127 		wiphy_ext_feature_set(ar->hw->wiphy,
10128 				      NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER);
10129 
10130 	if (test_bit(WMI_SERVICE_TX_PWR_PER_PEER, ar->wmi.svc_map))
10131 		wiphy_ext_feature_set(ar->hw->wiphy,
10132 				      NL80211_EXT_FEATURE_STA_TX_PWR);
10133 
10134 	if (test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map)) {
10135 		ar->hw->wiphy->tid_config_support.vif |=
10136 				BIT(NL80211_TID_CONFIG_ATTR_NOACK) |
10137 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT) |
10138 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG) |
10139 				BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL) |
10140 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
10141 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
10142 
10143 		if (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
10144 			     ar->wmi.svc_map)) {
10145 			ar->hw->wiphy->tid_config_support.vif |=
10146 				BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
10147 		}
10148 
10149 		ar->hw->wiphy->tid_config_support.peer =
10150 				ar->hw->wiphy->tid_config_support.vif;
10151 		ar->hw->wiphy->max_data_retry_count = ATH10K_MAX_RETRY_COUNT;
10152 	} else {
10153 		ar->ops->set_tid_config = NULL;
10154 	}
10155 	/*
10156 	 * on LL hardware queues are managed entirely by the FW
10157 	 * so we only advertise to mac we can do the queues thing
10158 	 */
10159 	ar->hw->queues = IEEE80211_MAX_QUEUES;
10160 
10161 	/* vdev_ids are used as hw queue numbers. Make sure offchan tx queue is
10162 	 * something that vdev_ids can't reach so that we don't stop the queue
10163 	 * accidentally.
10164 	 */
10165 	ar->hw->offchannel_tx_hw_queue = IEEE80211_MAX_QUEUES - 1;
10166 
10167 	switch (ar->running_fw->fw_file.wmi_op_version) {
10168 	case ATH10K_FW_WMI_OP_VERSION_MAIN:
10169 		ar->hw->wiphy->iface_combinations = ath10k_if_comb;
10170 		ar->hw->wiphy->n_iface_combinations =
10171 			ARRAY_SIZE(ath10k_if_comb);
10172 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10173 		break;
10174 	case ATH10K_FW_WMI_OP_VERSION_TLV:
10175 		if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
10176 			ar->hw->wiphy->iface_combinations =
10177 				ath10k_tlv_qcs_if_comb;
10178 			ar->hw->wiphy->n_iface_combinations =
10179 				ARRAY_SIZE(ath10k_tlv_qcs_if_comb);
10180 		} else {
10181 			ar->hw->wiphy->iface_combinations = ath10k_tlv_if_comb;
10182 			ar->hw->wiphy->n_iface_combinations =
10183 				ARRAY_SIZE(ath10k_tlv_if_comb);
10184 		}
10185 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10186 		break;
10187 	case ATH10K_FW_WMI_OP_VERSION_10_1:
10188 	case ATH10K_FW_WMI_OP_VERSION_10_2:
10189 	case ATH10K_FW_WMI_OP_VERSION_10_2_4:
10190 		ar->hw->wiphy->iface_combinations = ath10k_10x_if_comb;
10191 		ar->hw->wiphy->n_iface_combinations =
10192 			ARRAY_SIZE(ath10k_10x_if_comb);
10193 		break;
10194 	case ATH10K_FW_WMI_OP_VERSION_10_4:
10195 		ar->hw->wiphy->iface_combinations = ath10k_10_4_if_comb;
10196 		ar->hw->wiphy->n_iface_combinations =
10197 			ARRAY_SIZE(ath10k_10_4_if_comb);
10198 		if (test_bit(WMI_SERVICE_VDEV_DIFFERENT_BEACON_INTERVAL_SUPPORT,
10199 			     ar->wmi.svc_map)) {
10200 			ar->hw->wiphy->iface_combinations =
10201 				ath10k_10_4_bcn_int_if_comb;
10202 			ar->hw->wiphy->n_iface_combinations =
10203 				ARRAY_SIZE(ath10k_10_4_bcn_int_if_comb);
10204 		}
10205 		break;
10206 	case ATH10K_FW_WMI_OP_VERSION_UNSET:
10207 	case ATH10K_FW_WMI_OP_VERSION_MAX:
10208 		WARN_ON(1);
10209 		ret = -EINVAL;
10210 		goto err_free;
10211 	}
10212 
10213 	if (ar->hw_params.dynamic_sar_support)
10214 		ar->hw->wiphy->sar_capa = &ath10k_sar_capa;
10215 
10216 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
10217 		ar->hw->netdev_features = NETIF_F_HW_CSUM;
10218 
10219 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED)) {
10220 		/* Init ath dfs pattern detector */
10221 		ar->ath_common.debug_mask = ATH_DBG_DFS;
10222 		ar->dfs_detector = dfs_pattern_detector_init(&ar->ath_common,
10223 							     NL80211_DFS_UNSET);
10224 
10225 		if (!ar->dfs_detector)
10226 			ath10k_warn(ar, "failed to initialise DFS pattern detector\n");
10227 	}
10228 
10229 	ret = ath10k_mac_init_rd(ar);
10230 	if (ret) {
10231 		ath10k_err(ar, "failed to derive regdom: %d\n", ret);
10232 		goto err_dfs_detector_exit;
10233 	}
10234 
10235 	/* Disable set_coverage_class for chipsets that do not support it. */
10236 	if (!ar->hw_params.hw_ops->set_coverage_class)
10237 		ar->ops->set_coverage_class = NULL;
10238 
10239 	ret = ath_regd_init(&ar->ath_common.regulatory, ar->hw->wiphy,
10240 			    ath10k_reg_notifier);
10241 	if (ret) {
10242 		ath10k_err(ar, "failed to initialise regulatory: %i\n", ret);
10243 		goto err_dfs_detector_exit;
10244 	}
10245 
10246 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
10247 		ar->hw->wiphy->features |=
10248 			NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
10249 	}
10250 
10251 	ar->hw->wiphy->cipher_suites = cipher_suites;
10252 
10253 	/* QCA988x and QCA6174 family chips do not support CCMP-256, GCMP-128
10254 	 * and GCMP-256 ciphers in hardware. Fetch number of ciphers supported
10255 	 * from chip specific hw_param table.
10256 	 */
10257 	if (!ar->hw_params.n_cipher_suites ||
10258 	    ar->hw_params.n_cipher_suites > ARRAY_SIZE(cipher_suites)) {
10259 		ath10k_err(ar, "invalid hw_params.n_cipher_suites %d\n",
10260 			   ar->hw_params.n_cipher_suites);
10261 		ar->hw_params.n_cipher_suites = 8;
10262 	}
10263 	ar->hw->wiphy->n_cipher_suites = ar->hw_params.n_cipher_suites;
10264 
10265 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
10266 
10267 	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
10268 
10269 	ret = ieee80211_register_hw(ar->hw);
10270 	if (ret) {
10271 		ath10k_err(ar, "failed to register ieee80211: %d\n", ret);
10272 		goto err_dfs_detector_exit;
10273 	}
10274 
10275 	if (test_bit(WMI_SERVICE_PER_PACKET_SW_ENCRYPT, ar->wmi.svc_map)) {
10276 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP_VLAN);
10277 		ar->hw->wiphy->software_iftypes |= BIT(NL80211_IFTYPE_AP_VLAN);
10278 	}
10279 
10280 	if (!ath_is_world_regd(&ar->ath_common.reg_world_copy) &&
10281 	    !ath_is_world_regd(&ar->ath_common.regulatory)) {
10282 		ret = regulatory_hint(ar->hw->wiphy,
10283 				      ar->ath_common.regulatory.alpha2);
10284 		if (ret)
10285 			goto err_unregister;
10286 	}
10287 
10288 	return 0;
10289 
10290 err_unregister:
10291 	ieee80211_unregister_hw(ar->hw);
10292 
10293 err_dfs_detector_exit:
10294 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10295 		ar->dfs_detector->exit(ar->dfs_detector);
10296 
10297 err_free:
10298 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10299 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10300 
10301 	SET_IEEE80211_DEV(ar->hw, NULL);
10302 	return ret;
10303 }
10304 
10305 void ath10k_mac_unregister(struct ath10k *ar)
10306 {
10307 	ieee80211_unregister_hw(ar->hw);
10308 
10309 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10310 		ar->dfs_detector->exit(ar->dfs_detector);
10311 
10312 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10313 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10314 
10315 	SET_IEEE80211_DEV(ar->hw, NULL);
10316 }
10317